# Deployment di AWS EKS

## Create Cluster AWS EKS using `eksctl`

### System Requirements

* Installed `awscli` (<https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html>)
* IAM with `administratoraccess` (<https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html>)
* installed `eksctl` (<https://eksctl.io/introduction/installation/>)
* installed `kubectl` (<https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux>)

### Inisiasi `awscli`

Pada langkah awal lakukan inisiasi `awscli` dengan IAM Users yang memiliki policy `AdministratorAccess` seperti gambar di bawah.

![](/files/-LpXGro1qCB9ltrGYwuD)

lalu lakukan configure untuk `awscli` dengan  menggunakan&#x20;

```bash
aws configure
AWS Access Key ID [****************NT5Q]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [****************9mlg]: <YOUR_SECRET_KEY>
Default region name [ap-southeast-1]: <YOUR_REGION>
Default output format [json]: 
```

lakukan pengecekan apabila konfigurasi sudah benar dengan command

```
aws eks list-clusters
```

```
{
    "clusters": [
    ]
}
```

### Create Cluster

Apabila sudah dapat melakukan list eks cluster seperti response diatas, maka langsung lakukan create cluster dengan `eksctl`. Langkah pertama create file `cluster.yaml`&#x20;

{% code title="cluster.yaml" %}

```yaml
---
apiVersion: eksctl.io/v1alpha5

kind: ClusterConfig

metadata:
  name: cluster-sapawarga-sg
  region: ap-southeast-1

nodeGroups:
  - name: node-cluster-sapawarga
    instanceType: m5.large
    desiredCapacity: 2

cloudWatch:
    clusterLogging:
        # enable specific types of cluster control plane logs
        enableTypes: ["audit", "authenticator", "controllerManager"]
```

{% endcode %}

lalu jalankan command berikut&#x20;

```
eksctl create cluster -f simple-cluster.yaml
```

tunggu beberapa saat dan cek dashboard Console AWS di **Services** > **EC2** .&#x20;

![](/files/-LpXL2FfUUsxb5RGw1ds)

lakukan verifikasi akses Kubernetes cluster dengan CLI `kubectl`

```
aws eks --region ap-southeast-1 update-kubeconfig --name cluster-sapawarga-sg
```

### Konfigurasi Context di `kubeconfig`

TBD

```
kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   6d
```

selesai. enjoy orchestrating.&#x20;

## Install Ingress EKS L7

### System requirements

* AWS EKS cluster sudah dibuat
* Sudah meng-install `kubectl` with context cluster

### Inisiasi Ingress

Langkah pertama , lakukan inisiasi ingress pada cluster&#x20;

{% code title="" %}

```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
```

{% endcode %}

Buat file \`service-l7.yaml\` sebagai berikut

{% tabs %}
{% tab title="service-l7.yaml" %}

```yaml

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  annotations:
    # replace with the correct value of the generated certificate in the AWS console
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:924939894012:certificate/9f880639-7e47-41f4-bd9e-ed1f05616f1d"
    # the backend instances are HTTP
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    # Map port 443
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
    # increased to '3600' to avoid any potential issues.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

---
```

{% endtab %}

{% tab title="Plain Text" %}

```
```

{% endtab %}
{% endtabs %}

Jalankan command di bawah ini

```
kubectl apply -f service-l7.yaml 
```

```
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l7.yaml
```

### Konfigurasi SSL

untuk file service-l7.yaml sudah di include dengan certificate ssl. untuk menggenarate ssl dapat melakukan langkah dibawah ini&#x20;

<https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/>

lalu akan mendapatkan "role id arn certificate"

lakukan pengecekan ingress pada cluster aws eks dengan command

```bash
kubect get service -n ingress-nginx
```

Maka akan mendapat response

```
ingress-nginx   ingress-nginx        LoadBalancer   10.100.167.233   ae94bbdd7de7b11e9a5e7069be407832-960182193.ap-southeast-1.elb.amazonaws.com   80:32055/TCP,443:31346/TCP   5h16m
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jabardigitalservice.gitbook.io/sapawarga/technical-notes/devops/untitled.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.