3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)

This article is one of four (4) in a series:

1 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 1, you will set up the Kubernetes Cluster on Amazon Elastic Kubernetes Service (EKS).

2 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 2, you will install an AWS Application Load Balancer.

3 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 3, you will use Kubernetes to deploy the HumanGov application for California.

4 of 4: Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free)
In part 4, you will use Amazon Route 53 to name the application and AWS Certificate Manager to secure access to the application. You will also use Kubernetes to deploy ingress controller, so that Internet users can connect to the application. After testing, you will decommission the infrastructure.

For background on this series, go here:

Escaping Vendor Lock-in Jail (How Kubernetes Set Us Free) | A Four-Part Series

Prequisite 1 of 1. Create Role & Service Account for Cluster to S3 and DynamoDB tables

eksctl create iamserviceaccount \ --cluster=humangov-cluster \ --name=humangov-pod-execution-role \ --role-name HumanGovPodExecutionRole \ --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3FullAccess \ --attach-policy-arn=arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess \ --region us-east-1 \ --approve

1 of 8. [Cloud9]

Get to the application directory

cd human-gov-application/src

2 of 8. [Cloud9] Create a container repository and get the push comamnds

Amazon Elastic Container Registry -/- Public Registry -/- Repositories -/- [Create repository] General settings -/- Visibility settings: Public Detail -/- Repository name: humangov-app [Create repository] humangov-app -/- [View push commands]

3 of 8. [Cloud9] Authentication to Registry.

Retrieve an authentication token then authenticate your Docker client to your public Elastic Container Registry (ECR)

This, and subsequent commands were sourced from the 'push commands'

aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/i7y0m4q9

4 of 8. [Cloud9] Build Docker image.

For information on building a Docker file from scratch see the instructions here . You can skip this step if your image is already built:

docker build -t humangov-app . ​

5 of 8 . [Cloud9] Tag the image.

docker tag humangov-app:latest public.ecr.aws/i7y0m4q9/humangov-app:latest

6 of 8. [Cloud9] Push image to repository.

docker push public.ecr.aws/i7y0m4q9/humangov-app:latest

7 of 8. [Cloud9] Create humangov-california.yaml

Place the file under the human-gov-application/src directory.

Note: image and bucket value should match your own resource names

apiVersion: apps/v1 kind: Deployment metadata: name: humangov-python-app-california spec: replicas: 1 selector: matchLabels: app: humangov-python-app-california template: metadata: labels: app: humangov-python-app-california spec: serviceAccountName: humangov-pod-execution-role containers: - name: humangov-python-app-california image: public.ecr.aws/i7y0m4q9/humangov-app:latest env: - name: AWS_BUCKET value: "humangov-california-s3-zsmb" - name: AWS_DYNAMODB_TABLE value: "humangov-california-dynamodb" - name: AWS_REGION value: "us-east-1" - name: US_STATE value: "california" --- apiVersion: v1 kind: Service metadata: name: humangov-python-app-service-california spec: type: ClusterIP selector: app: humangov-python-app-california ports: - protocol: TCP port: 8000 targetPort: 8000 --- apiVersion: apps/v1 kind: Deployment metadata: name: humangov-nginx-reverse-proxy-california spec: replicas: 1 selector: matchLabels: app: humangov-nginx-reverse-proxy-california template: metadata: labels: app: humangov-nginx-reverse-proxy-california spec: containers: - name: humangov-nginx-reverse-proxy-california image: nginx:alpine ports: - containerPort: 80 volumeMounts: - name: humangov-nginx-config-california-vol mountPath: /etc/nginx/ volumes: - name: humangov-nginx-config-california-vol configMap: name: humangov-nginx-config-california --- apiVersion: v1 kind: Service metadata: name: humangov-nginx-service-california spec: selector: app: humangov-nginx-reverse-proxy-california ports: - protocol: TCP port: 80 targetPort: 80 --- apiVersion: v1 kind: ConfigMap metadata: name: humangov-nginx-config-california data: nginx.conf: | events { worker_connections 1024; } http { server { listen 80; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://humangov-python-app-service-california:8000; # App container } } } proxy_params: | proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ---------------

8 of 8. [Cloud9] Apply the humangov-california.yaml

kubectl get pods kubectl apply -f humangov-california.yaml kubectl get pods kubectl get svc kubectl get deployment

References

Container Registry - Amazon Elastic Container Registry (Amazon ECR) - AWS

get-login-password — AWS CLI 1.32.53 Command Reference

docker build | Docker Docs

docker push | Docker Docs

docker image tag | Docker Docs

docker run | Docker Docs

IAM Roles for Service Accounts - eksctl

kubectl Quick Reference | Kubernetes


Lewis Lampkin, III - Blog

Lewis Lampkin, III - LinkedIn

Lewis Lampkin, III - Medium

Comments

Popular posts from this blog

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Orphaned No More: Adopting AWS Lambda