Skip to content

Instantly share code, notes, and snippets.

@ejlp12
Last active April 23, 2019 10:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ejlp12/9ef50a34cf73e163fdad5698224e9c76 to your computer and use it in GitHub Desktop.
Save ejlp12/9ef50a34cf73e163fdad5698224e9c76 to your computer and use it in GitHub Desktop.

Machine Used for this demo

  • EC2 instance from Amazon Linux 2 AMI

Preparation

sudo yum install git -y

curl -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py --user
pip install awscli --upgrade --user

curl https://releases.hashicorp.com/terraform/0.11.11/terraform_0.11.11_linux_amd64.zip -O terraform_0.11.11_linux_amd64.zip
unzip terraform_0.11.11_linux_amd64.zip
sudo mv terraform /usr/local/bin/
sudo chmod 755 /usr/local/bin/terraform

curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator \
&& curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/aws-iam-authenticator.sha256 \
&& chmod +x ./aws-iam-authenticator \
&& sudo cp aws-iam-authenticator /usr/local/bin/aws-iam-authenticator \
&& sudo  ln -s /usr/local/bin/aws-iam-authenticator /usr/local/bin/heptio-authenticator-aws

curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl \
&& curl -o kubectl.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.11.5/2018-12-06/bin/linux/amd64/kubectl.sha256 \
&& chmod +x ./kubectl \
&& cp kubectl /usr/local/bin/kubectl
sudo yum install bash-completion -y
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc

sudo yum install jq -y

Create EKS Cluster

Open AWS Console, go to EC2 dashboard and create Key Pair with EKS name.

git clone https://github.com/ejlp12/devops-tf-eks.git
cd devops-tf-eks

# Create new Terraform workspace, you can skip this if you want to use default workspace
terraform workspace new demo

# Initialize terraform to download required plugin
terraform init

# Run 
terraform apply

To connect your kubectl from your workstation:

make kubelet-config
# Run the output of above command

Until the above step, your workstation is already able to connect to EKS master node. You can try using kubectl get nodes, but your worker nodes are not joining the EKS cluster yet so you will not get list of nodes in the output.

Run this command to allow worker nodes to join:

make config-map-aws-auth
# Wait until all worker node status are READY, then press CTRL+C

Take a moment to see /home/ec2-user/devops-tf-eks/kubeconfig file

Setup Kubernetes Dashboard

https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

kubectl -n kube-system edit service kubernetes-dashboard
# Change `type: ClusterIP` to type: `LoadBalancer`

kubectl -n kube-system get service kubernetes-dashboard
# Copy the EXTERNAL_IP e.g. a6fa8d8b32af511e9ae4302ba93ddbc7-2096269263.us-east-1.elb.amazonaws.com and open from browser using https://

# Generate token for login
aws-iam-authenticator token -i demo-cluster --token-only

or

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')

Setup Heapster

Heapster used for Kubernetes Dasboard to monitor cluster.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

cat > eks-admin-service-account.yaml <<__EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: eks-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: eks-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: eks-admin
  namespace: kube-system
__EOF

kubectl apply -f eks-admin-service-account.yaml

Guestbook Application with Redis as backend

Test our cluster by running a sample Application.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-service.json
kubectl get services -o wide

Ouput from the above command:

NAME           TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)          AGE       SELECTOR
guestbook      LoadBalancer   172.20.252.139   adb02982e2b0b11e9bf7f12bbcf228fe-531034664.us-east-1.elb.amazonaws.com   3000:32438/TCP   40m       app=guestbook
kubernetes     ClusterIP      172.20.0.1       <none>                                                                   443/TCP          4h        <none>
redis-master   ClusterIP      172.20.251.38    <none>                                                                   6379/TCP         41m       app=redis,role=master
redis-slave    ClusterIP      172.20.156.30    <none>                                                                   6379/TCP         41m       app=redis,role=slave

How Guestbook app connect to Redis?

Cleanup Guesbook App & Redis

kubectl delete rc/redis-master rc/redis-slave rc/guestbook svc/redis-master svc/redis-slave svc/guestbook
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment