- EC2 instance from Amazon Linux 2 AMI
- Install Git
- Install Terraform
- Install pip & AWS CLI
- Install kubectl and shell autocompletion
- Install aws-iam-authenticator
- Read https://learn.hashicorp.com/terraform/aws/eks-intro
sudo yum install git -y
curl -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py --user
pip install awscli --upgrade --user
curl https://releases.hashicorp.com/terraform/0.11.11/terraform_0.11.11_linux_amd64.zip -O terraform_0.11.11_linux_amd64.zip
unzip terraform_0.11.11_linux_amd64.zip
sudo mv terraform /usr/local/bin/
sudo chmod 755 /usr/local/bin/terraform
curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator \
&& curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator.sha256 \
&& chmod +x ./aws-iam-authenticator \
&& sudo cp aws-iam-authenticator /usr/local/bin/aws-iam-authenticator \
&& sudo ln -s /usr/local/bin/aws-iam-authenticator /usr/local/bin/heptio-authenticator-aws
curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl \
&& curl -o kubectl.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl.sha256 \
&& chmod +x ./kubectl \
&& cp kubectl /usr/local/bin/kubectl
sudo yum install bash-completion -y
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
sudo yum install jq -y
Open AWS Console, go to EC2 dashboard and create Key Pair with EKS
name.
git clone https://github.com/ejlp12/devops-tf-eks.git
cd devops-tf-eks
# Create new Terraform workspace, you can skip this if you want to use default workspace
terraform workspace new demo
# Initialize terraform to download required plugin
terraform init
# Run
terraform apply
To connect your kubectl
from your workstation:
make kubelet-config
# Run the output of above command
Until the above step, your workstation is already able to connect to EKS master node. You can try using kubectl get nodes
, but your worker nodes are not joining the EKS cluster yet so you will not get list of nodes in the output.
Run this command to allow worker nodes to join:
make config-map-aws-auth
# Wait until all worker node status are READY, then press CTRL+C
Take a moment to see /home/ec2-user/devops-tf-eks/kubeconfig
file
https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl -n kube-system edit service kubernetes-dashboard
# Change `type: ClusterIP` to type: `LoadBalancer`
kubectl -n kube-system get service kubernetes-dashboard
# Copy the EXTERNAL_IP e.g. a6fa8d8b32af511e9ae4302ba93ddbc7-2096269263.us-east-1.elb.amazonaws.com and open from browser using https://
# Generate token for login
aws-iam-authenticator token -i demo-cluster --token-only
or
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
Heapster used for Kubernetes Dasboard to monitor cluster.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
cat > eks-admin-service-account.yaml <<__EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: eks-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: eks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: eks-admin
namespace: kube-system
__EOF
kubectl apply -f eks-admin-service-account.yaml
Test our cluster by running a sample Application.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-service.json
kubectl get services -o wide
Ouput from the above command:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
guestbook LoadBalancer 172.20.252.139 adb02982e2b0b11e9bf7f12bbcf228fe-531034664.us-east-1.elb.amazonaws.com 3000:32438/TCP 40m app=guestbook
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 4h <none>
redis-master ClusterIP 172.20.251.38 <none> 6379/TCP 41m app=redis,role=master
redis-slave ClusterIP 172.20.156.30 <none> 6379/TCP 41m app=redis,role=slave
- Look the code at here: https://github.com/kubernetes/examples/blob/87f1ce167f34c7b6927a36f7e21a18f282fe5c4b/guestbook-go/main.go#L77
- It is using a hostname with port
masterPool = simpleredis.NewConnectionPoolHost("redis-master:6379") slavePool = simpleredis.NewConnectionPoolHost("redis-slave:6379")
- The hostname is actually a kubernetes service name, specified here:
kubectl delete rc/redis-master rc/redis-slave rc/guestbook svc/redis-master svc/redis-slave svc/guestbook