DEV Community

Budiono Santoso for AWS Community Builders

Posted on • Updated on

Containers on AWS - Amazon Elastic Kubernetes Service (EKS) on Amazon EC2

Architecture

Hello everyone. I am Budi and want to write about try experience using Amazon Elastic Kubernetes Services (EKS) on Amazon EC2. Amazon EKS is an AWS service that managed Kubernetes on AWS.

Amazon EKS managed your Kubernetes control plane node. Amazon EKS also can deploy worker nodes to Amazon EC2 or AWS Fargate. But for this tutorial, I try the first time using Amazon EKS (on Amazon EC2).

NOTE OPTIONAL: Use AWS Cloud9 for text editor online. If you want to try AWS Cloud9, you can see the link.

Before creating the EKS cluster, install several configurations:

  • eksctl is a command line for creating an EKS cluster. Install eksctl with the command:


    curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
    sudo mv /tmp/eksctl /usr/local/bin
    eksctl version


Enter fullscreen mode Exit fullscreen mode
  • kubectl is a command line for manage Kubernetes worker nodes. Install kubectl with the command:


    curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.7/2022-06-29/bin/linux/amd64/kubectl
    chmod +x ./kubectl
    mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
    kubectl version --short --client


Enter fullscreen mode Exit fullscreen mode
  • AWS CLI is a command line from AWS. Install AWS CLI with the command:


    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
    unzip awscliv2.zip
    sudo ./aws/install
    aws --version


Enter fullscreen mode Exit fullscreen mode

For YAML file, I share my YAML file for creating an EKS cluster in my GitHub:

learnaws/firsteks.yaml at main · budionosan/learnaws (github.com)

After 3 steps is already finished, you can create an EKS cluster:

eksctl create cluster -f firsteks.yaml
Enter fullscreen mode Exit fullscreen mode

EKS cluster currently process created

If may to read about VPC, you can see the link. Go to VPC to check VPC in the EKS cluster and find VPC with the name eksctl-budionosaneks-cluster.

VPC

Filter subnets based on VPC ID. This VPC has 4 subnets — 2 public subnets and 2 private subnets.

Subnets

Filter route table based on VPC ID. This VPC has 4 route tables — 1 default route table, 1 public route table and 2 private route tables.

Route Table

The public route table has 2 subnets that associated with VPC — 2 public subnets — availability zone us-west-2a and us-west-2b.

Filter internet gateway based on VPC ID. This VPC has 1 internet gateway.

Internet Gateway

Check elastic IP. Elastic IP associated with NAT gateway. When creating a NAT gateway, must have elastic IP (for the public).

Elastic IP

NAT Gateway

Filter security group based on VPC ID. This VPC has 4 security groups — 1 default security group, 1 security group for EKS cluster, 1 security group for Kubernetes control plane and 1 security group for Kubernetes node group.

Security Group

Wait 15–20 minutes to create the EKS cluster and EC2 node group. The EC2 node group has 2 instances. After the EKS cluster is created, your EKS cluster is ready for use.

EKS Cluster

Go to CloudFormation and focus on the EKS cluster. EKS cluster created by CloudFormation and managed by eksctl. Focus also on EKS managed node. EKS managed node is the same process.

CloudFormation

Go to EC2 and see available 2 EC2 instances that already managed node groups with different availability zone.

EC2 instances

Go to the EKS cluster, click Compute and see Node groups. The managed node groups have 2 EC2 instances and have an Auto scaling template. For Fargate profiles, you can use this when you create EKS on AWS Fargate.

Node groups.

EKS Networking

On the EC2 page, go to Auto Scaling groups. This Auto scaling has 2 instances.

EC2 Auto Scaling

UPDATE: This tutorial has an update with add AWS Load Balancer Controller for the application load balancer (not classic load balancer).

After the EKS cluster is ready to use, create IAM OIDC (Identity and Access Management OpenID Connect) to use IAM roles for service accounts in the EKS cluster.

eksctl utils associate-iam-oidc-provider --cluster budionosaneks --region us-west-2 --approve
Enter fullscreen mode Exit fullscreen mode

IAM OIDC

IAM OIDC and IAM Policy for AWS Load Balancer Controller

AWS Load Balancer Controller managed Elastic Load Balancers for an EKS cluster.

  • An AWS Application Load Balancer (ALB) when you create a Kubernetes Ingress.

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

To create Ingress, you must have ingress controller. For this tutorial, use AWS Load Balancer Controller for the ingress controller.

  • An AWS Network Load Balancer (NLB) when you create a Kubernetes service of type LoadBalancer.

For this tutorial, use AWS Application Load Balancer (ALB). Create IAM policy for AWS Load Balancer Controller.

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json
aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json
Enter fullscreen mode Exit fullscreen mode

Create IAM role for EKS service account named aws-load-balancer-controller in the kube-system namespace.

eksctl create iamserviceaccount \
  --cluster=budionosaneks \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::<YOUR_AWS_ACCOUNT>:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --approve
Enter fullscreen mode Exit fullscreen mode

Installing Helm. Helm is package manager for Kubernetes.

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
Enter fullscreen mode Exit fullscreen mode

IAM Service Account and installing HELM

Install AWS Load Balancer Controller use Helm that already installed.

helm repo add eks https://aws.github.io/eks-charts
helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=budionosaneks \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=us-west-2
Enter fullscreen mode Exit fullscreen mode

Install AWS Load Balancer Controller

After install AWS Load Balancer Controller, check AWS Load Balancer Controller already installed or not.

kubectl get deployment -n kube-system aws-load-balancer-controller
Enter fullscreen mode Exit fullscreen mode

Create deployment in the EKS cluster using my Amazon ECR private.

kubectl create deployment budionosaneks --image=<YOUR_ECR_IMAGE>
Enter fullscreen mode Exit fullscreen mode

For service, I share my service YAML file for creating service EKS cluster in my GitHub:

learnaws/service.yaml at main · budionosan/learnaws (github.com)

Also for ingress, I share my ingress YAML file for creating ingress EKS cluster in my GitHub:

learnaws/ingress.yaml at main · budionosan/learnaws (github.com)

When creating an ingress, use variable — load balancer name, scheme (internet-facing or internal), target type (ip or instance), and ingress class name — ALB (Application Load Balancer).

After creating the service and ingress YAML file, apply two YAML files to create a load balancer in AWS.

kubectl apply -f service.yaml
kubectl apply -f ingress.yaml
Enter fullscreen mode Exit fullscreen mode

Check Amazon EC2, scroll, and click Load Balancer. See the Load Balancer has 2 URL load balancers — classic (deprecated) and application type.

Load Balancer

Click the application load balancer name for detail. This load balancer is associated with VPC which was already created when creating the EKS cluster.

Load Balancer detail

Still on Amazon EC2, then check Target Groups. Target groups associated with the load balancer. Click the target group name for detail.

Target Groups

Target groups detail

Back to the load balancer, copy the DNS name to a new tab. My web application is running and ready to use. It means the load balancer is successful.

Load balancer is successful

Thank you for the reading. Coming soon, I share my experience when use Amazon EKS on AWS Fargate and also Amazon EKS with Amazon RDS :)

Top comments (0)