1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)

This article is one of four (4) in a series:

1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).

2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.

3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.

4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.

For background on this series, go here:

Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series

Prerequisites1 of 6. Validate AWS CLI version is 2 or above

Prequisites 1.1 Open AWS Cloud 9

Prerequisites 1.2 Run the AWS version command to verify your AWS CLI version. Make sure you have the AWS CLI Version 2.

aws --version

If the AWS CLI is already 2 or above, please skip to PreRequisites step 2 (Install eksctl CLI tool) now. Otherwise, please follow the steps below to upgrade the AWS CLI to version 2 now. DO NOT SKIP IT, otherwise you will have issues while creating the EKS cluster using the eksctl tool.

Prerequisites 1.3 AWS CLI 2 Upgrade Steps

# Remove the existing AWS CLI sudo yum remove awscli ​ # Install the AWS CLI 2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update # Check AWS CLI version aws --version

Prerequisites 2 of 6. Install eksctl CLI tool

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo cp /tmp/eksctl /usr/bin eksctl version ​

Prerequisites 3 of 6. Install kubectl CLI tool

curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubectl chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc kubectl version --short --client ​

Prerequisites 4 of 6. Install helm CLI tool

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh helm version ​

Prerequistes 5 of 6. Create an IAM User eks-user with AdministratorAccess policy.

AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users -/- [Create user] Specify user details -/- User details -/- User name: eks-user [Next] Set permissions -/- permissions options -/- Attach policies directly -/- AdministratorAccess [Next] Review and create [create user]

Prerequisites 6 of 6. Create an Access Key for the eks-user

Warning: Do not click 'Done' until you have retrieved your access keys.

AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users [eks-user] [Security credentials] [Create access key] Access key best practices & alternatives -/- Other [Next] Set description tag -optional [Create access key] Retrieve access keys [Done]

1 of 6. [Cloud9] Disable Managed Credentials on Cloud9

(Very Important - DO NOT SKIP)

Preferences -/- AWS Settings -/- Credentials -/- DISABLE 'AWS managed temporary credentails'

2 of 6. [Cloud9] Authenticate with eks-user access key

Note: These are fake values, for demonstration purposes only. Please use the actual key values.

export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYYYYY

3 of 6. [Cloud9] Create S3 and DynamoDB table using Terraform

Record your DynamoDB table and S3 Bucket Name. It will be used later.

cd /home/ec2-user/environment/human-gov-infrastructure/terraform terraform show terraform plan terraform apply ​

4 of 6. [Cloud9] Create an EKS Cluster

Note: This step can take 15 minutes or so.

eksctl create cluster --name humangov-cluster --region us-east-1 --nodegroup-name standard-workers --node-type t3.medium --nodes 1

5 of 6. [Cloud9] Update Local Kubernetes Config

If you check the .kube/config file from the ouput, you'll see your Kubernetes settings in that file.

aws eks update-kubeconfig --name humangov-cluster --region us-east-1

6 of 6. [Cloud9] Verify Cluster Connectivity

kubectl get svc kubectl get nodes

References

Install or update to the latest version of the AWS CLI - AWS Command Line Interface

What is the AWS Command Line Interface? - AWS Command Line Interface

Identity and Access Management for AWS Cloud9 - AWS Cloud9

Creating or updating a kubeconfig file for an Amazon EKS cluster - Amazon EKS

Creating and managing clusters - eksctl

kubectl Quick Reference | Kubernetes

Helm | Helm Version

Command: apply | Terraform | HashiCorp Developer

Command: plan | Terraform | HashiCorp Developer

Command: show | Terraform | HashiCorp Developer

Linux fundamentals: How to copy, move, and rename files and directories | Enable Sysadmin

Tips and tricks for curl and wget | Enable Sysadmin

What is yum and how do I use it? - Red Hat Customer Portal


Lewis Lampkin, III - Blog

Lewis Lampkin, III - LinkedIn

Lewis Lampkin, III - Medium

Comments

Popular posts from this blog

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Orphaned No More: Adopting AWS Lambda