Deployment di AWS EKS

Dokumentasi deployment di AWS EKS

Create Cluster AWS EKS using eksctl

System Requirements

Inisiasi awscli

Pada langkah awal lakukan inisiasi awscli dengan IAM Users yang memiliki policy AdministratorAccess seperti gambar di bawah.

lalu lakukan configure untuk awscli dengan menggunakan 

aws configure
AWS Access Key ID [****************NT5Q]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [****************9mlg]: <YOUR_SECRET_KEY>
Default region name [ap-southeast-1]: <YOUR_REGION>
Default output format [json]:

lakukan pengecekan apabila konfigurasi sudah benar dengan command

aws eks list-clusters
{
    "clusters": [
    ]
}

Create Cluster

Apabila sudah dapat melakukan list eks cluster seperti response diatas, maka langsung lakukan create cluster dengan eksctl. Langkah pertama create file cluster.yaml

cluster.yaml
---
apiVersion: eksctl.io/v1alpha5

kind: ClusterConfig

metadata:
  name: cluster-sapawarga-sg
  region: ap-southeast-1

nodeGroups:
  - name: node-cluster-sapawarga
    instanceType: m5.large
    desiredCapacity: 2

cloudWatch:
    clusterLogging:
        # enable specific types of cluster control plane logs
        enableTypes: ["audit", "authenticator", "controllerManager"]

lalu jalankan command berikut 

eksctl create cluster -f simple-cluster.yaml

tunggu beberapa saat dan cek dashboard Console AWS di Services > EC2 .

lakukan verifikasi akses Kubernetes cluster dengan CLI kubectl

aws eks --region ap-southeast-1 update-kubeconfig --name cluster-sapawarga-sg

Konfigurasi Context di kubeconfig

TBD

kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   6d

selesai. enjoy orchestrating.

Install Ingress EKS L7

System requirements

  • AWS EKS cluster sudah dibuat

  • Sudah meng-install kubectl with context cluster

Inisiasi Ingress

Langkah pertama , lakukan inisiasi ingress pada cluster 

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

Buat file `service-l7.yaml` sebagai berikut


kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  annotations:
    # replace with the correct value of the generated certificate in the AWS console
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:924939894012:certificate/9f880639-7e47-41f4-bd9e-ed1f05616f1d"
    # the backend instances are HTTP
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    # Map port 443
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
    # increased to '3600' to avoid any potential issues.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

---

Jalankan command di bawah ini

kubectl apply -f service-l7.yaml 
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l7.yaml

Konfigurasi SSL

untuk file service-l7.yaml sudah di include dengan certificate ssl. untuk menggenarate ssl dapat melakukan langkah dibawah ini

https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/

lalu akan mendapatkan "role id arn certificate"

lakukan pengecekan ingress pada cluster aws eks dengan command

kubect get service -n ingress-nginx

Maka akan mendapat response

ingress-nginx   ingress-nginx        LoadBalancer   10.100.167.233   ae94bbdd7de7b11e9a5e7069be407832-960182193.ap-southeast-1.elb.amazonaws.com   80:32055/TCP,443:31346/TCP   5h16m
PreviousDevOpsNextCascade Permission

Last updated