1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)

This article is one of four (4) in a series:

1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).

2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.

3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.

4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.

For background on this series, go here:

Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series

Prerequisites1 of 6. Validate AWS CLI version is 2 or above

Prequisites 1.1 Open AWS Cloud 9

Prerequisites 1.2 Run the AWS version command to verify your AWS CLI version. Make sure you have the AWS CLI Version 2.

aws --version

If the AWS CLI is already 2 or above, please skip to PreRequisites step 2 (Install eksctl CLI tool) now. Otherwise, please follow the steps below to upgrade the AWS CLI to version 2 now. DO NOT SKIP IT, otherwise you will have issues while creating the EKS cluster using the eksctl tool.

Prerequisites 1.3 AWS CLI 2 Upgrade Steps

# Remove the existing AWS CLI sudo yum remove awscli ​ # Install the AWS CLI 2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update # Check AWS CLI version aws --version

Prerequisites 2 of 6. Install eksctl CLI tool

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo cp /tmp/eksctl /usr/bin eksctl version ​

Prerequisites 3 of 6. Install kubectl CLI tool

curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.18.9/2020-11-02/bin/linux/amd64/kubectl chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc kubectl version --short --client ​

Prerequisites 4 of 6. Install helm CLI tool

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh helm version ​

Prerequistes 5 of 6. Create an IAM User eks-user with AdministratorAccess policy.

AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users -/- [Create user] Specify user details -/- User details -/- User name: eks-user [Next] Set permissions -/- permissions options -/- Attach policies directly -/- AdministratorAccess [Next] Review and create [create user]

Prerequisites 6 of 6. Create an Access Key for the eks-user

Warning: Do not click 'Done' until you have retrieved your access keys.

AWS Console -/- Identify and Access Management (IAM) -/- Access management -/- Users [eks-user] [Security credentials] [Create access key] Access key best practices & alternatives -/- Other [Next] Set description tag -optional [Create access key] Retrieve access keys [Done]

1 of 6. [Cloud9] Disable Managed Credentials on Cloud9

(Very Important - DO NOT SKIP)

Preferences -/- AWS Settings -/- Credentials -/- DISABLE 'AWS managed temporary credentails'

2 of 6. [Cloud9] Authenticate with eks-user access key

Note: These are fake values, for demonstration purposes only. Please use the actual key values.

export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXX export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYYYYY

3 of 6. [Cloud9] Create S3 and DynamoDB table using Terraform

Record your DynamoDB table and S3 Bucket Name. It will be used later.

cd /home/ec2-user/environment/human-gov-infrastructure/terraform terraform show terraform plan terraform apply ​

4 of 6. [Cloud9] Create an EKS Cluster

Note: This step can take 15 minutes or so.

eksctl create cluster --name humangov-cluster --region us-east-1 --nodegroup-name standard-workers --node-type t3.medium --nodes 1

5 of 6. [Cloud9] Update Local Kubernetes Config

If you check the .kube/config file from the ouput, you'll see your Kubernetes settings in that file.

aws eks update-kubeconfig --name humangov-cluster --region us-east-1

6 of 6. [Cloud9] Verify Cluster Connectivity

kubectl get svc kubectl get nodes

References

Install or update to the latest version of the AWS CLI - AWS Command Line Interface

What is the AWS Command Line Interface? - AWS Command Line Interface

Identity and Access Management for AWS Cloud9 - AWS Cloud9

Creating or updating a kubeconfig file for an Amazon EKS cluster - Amazon EKS

Creating and managing clusters - eksctl

kubectl Quick Reference | Kubernetes

Helm | Helm Version

Command: apply | Terraform | HashiCorp Developer

Command: plan | Terraform | HashiCorp Developer

Command: show | Terraform | HashiCorp Developer

Linux fundamentals: How to copy, move, and rename files and directories | Enable Sysadmin

Tips and tricks for curl and wget | Enable Sysadmin

What is yum and how do I use it? - Red Hat Customer Portal

Lewis Lampkin, III - Blog

Lewis Lampkin, III - LinkedIn

Lewis Lampkin, III - Medium

Comments

Post a Comment

Popular posts from this blog

"This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google along with performance and security metrics to ensure quality of service, generate usage statistics, and to detect and address abuse."
Read more

Orphaned No More: Adopting AWS Lambda

Image
Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture is fully automated on AWS. The architecture is not ready for go-live. All actions so far are for a proof-of-concept that is presented to the Chief Technical Officer (CTO) for review. During the weekly team meeting, Ko (User Experience Lead) reports that his team has performed thousands of tests against the infrastructure, with moves, adds, and changes, and is not finding any issues in the application user interface. Woo (Infrastructure Lead) reports that there are hundreds of 'orphaned' files in the S3 bucket. (These files are considered 'orphaned' because they do not have corresponding records in the DynamoDB table.) Kim (Tech Lead) reports that there is not a trigger to delete the file from the bucket when a user is deleted from the DynamoDB database. Brady (Lawyer) reports that not deleting t
Read more

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture requires Amazon Elastic Compute Cloud (EC2) instances that are maintained by the HumanGov systems administrators. The systems administrators handle all the patching, operations, etc. Due to states wanting their data separate from each other, each state gets a separate set of EC2 instances, which means that as the application scales from one state up to 50 states, the systems administrators will have to patch 50x as many EC2 instances. The system administrators report that they have begun to schedule more and more overtime to handle the maintenance windows for updating the EC2 instances. The lead developer remarked that it was taking longer and longer for new application deployments to get rolled out as the infrastructure grew and more states came on board. By the way, the development environment does not have standa
Read more