1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
This article is one of four (4) in a series:
1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).
2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.
3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.
4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.
For background on this series, go here:
Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series
Prerequisites1 of 6. Validate AWS CLI version is 2 or above
Prequisites 1.1 Open AWS Cloud 9
Prerequisites 1.2 Run the AWS version command to verify your AWS CLI version. Make sure you have the AWS CLI Version 2.
aws --versionIf the AWS CLI is already 2 or above, please skip to PreRequisites step 2 (Install eksctl CLI tool) now. Otherwise, please follow the steps below to upgrade the AWS CLI to version 2 now. DO NOT SKIP IT, otherwise you will have issues while creating the EKS cluster using the eksctl tool.
Prerequisites 1.3 AWS CLI 2 Upgrade Steps
# Remove the existing AWS CLI
sudo yum remove awscli
# Install the AWS CLI 2
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
# Check AWS CLI version
aws --version
Prerequisites 2 of 6. Install eksctl CLI tool
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo cp /tmp/eksctl /usr/bin
eksctl version
Prerequisites 3 of 6. Install kubectl CLI tool
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
kubectl version --short --client
Prerequisites 4 of 6. Install helm CLI tool
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
helm version
Prerequistes 5 of 6. Create an IAM User eks-user with AdministratorAccess policy.
AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users -/- [Create user]
Specify user details -/- User details -/- User name: eks-user [Next]
Set permissions -/- permissions options -/- Attach policies directly -/- AdministratorAccess [Next]
Review and create [create user]
Prerequisites 6 of 6. Create an Access Key for the eks-user
Warning: Do not click 'Done' until you have retrieved your access keys.
AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users [eks-user]
[Security credentials]
[Create access key]
Access key best practices & alternatives -/- Other [Next]
Set description tag -optional [Create access key]
Retrieve access keys [Done]
1 of 6. [Cloud9] Disable Managed Credentials on Cloud9
(Very Important - DO NOT SKIP)
Preferences -/- AWS Settings -/- Credentials -/- DISABLE 'AWS managed temporary credentails'
2 of 6. [Cloud9] Authenticate with eks-user access key
Note: These are fake values, for demonstration purposes only. Please use the actual key values.
export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYYYYY
3 of 6. [Cloud9] Create S3 and DynamoDB table using Terraform
Record your DynamoDB table and S3 Bucket Name. It will be used later.
cd /home/ec2-user/environment/human-gov-infrastructure/terraform
terraform show
terraform plan
terraform apply
4 of 6. [Cloud9] Create an EKS Cluster
Note: This step can take 15 minutes or so.
eksctl create cluster --name humangov-cluster --region us-east-1 --nodegroup-name standard-workers --node-type t3.medium --nodes 1
5 of 6. [Cloud9] Update Local Kubernetes Config
If you check the .kube/config file from the ouput, you'll see your Kubernetes settings in that file.
aws eks update-kubeconfig --name humangov-cluster --region us-east-1
6 of 6. [Cloud9] Verify Cluster Connectivity
kubectl get svc
kubectl get nodes
References
Install or update to the latest version of the AWS CLI - AWS Command Line Interface
What is the AWS Command Line Interface? - AWS Command Line Interface
Identity and Access Management for AWS Cloud9 - AWS Cloud9
Creating or updating a kubeconfig file for an Amazon EKS cluster - Amazon EKS
Creating and managing clusters - eksctl
kubectl Quick Reference | Kubernetes
Command: apply | Terraform | HashiCorp Developer
Command: plan | Terraform | HashiCorp Developer
Command: show | Terraform | HashiCorp Developer
Linux fundamentals: How to copy, move, and rename files and directories | Enable Sysadmin
Tips and tricks for curl and wget | Enable Sysadmin
What is yum and how do I use it? - Red Hat Customer Portal
Comments
Post a Comment