Deployment di AWS EKS
Dokumentasi deployment di AWS EKS
Create Cluster AWS EKS using eksctl
eksctl
System Requirements
Installed
awscli
(https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)IAM with
administratoraccess
(https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html)installed
eksctl
(https://eksctl.io/introduction/installation/)installed
kubectl
(https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux)
Inisiasi awscli
awscli
Pada langkah awal lakukan inisiasi awscli
dengan IAM Users yang memiliki policy AdministratorAccess
seperti gambar di bawah.

lalu lakukan configure untuk awscli
dengan menggunakan
aws configure
AWS Access Key ID [****************NT5Q]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [****************9mlg]: <YOUR_SECRET_KEY>
Default region name [ap-southeast-1]: <YOUR_REGION>
Default output format [json]:
lakukan pengecekan apabila konfigurasi sudah benar dengan command
aws eks list-clusters
{
"clusters": [
]
}
Create Cluster
Apabila sudah dapat melakukan list eks cluster seperti response diatas, maka langsung lakukan create cluster dengan eksctl
. Langkah pertama create file cluster.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: cluster-sapawarga-sg
region: ap-southeast-1
nodeGroups:
- name: node-cluster-sapawarga
instanceType: m5.large
desiredCapacity: 2
cloudWatch:
clusterLogging:
# enable specific types of cluster control plane logs
enableTypes: ["audit", "authenticator", "controllerManager"]
lalu jalankan command berikut
eksctl create cluster -f simple-cluster.yaml
tunggu beberapa saat dan cek dashboard Console AWS di Services > EC2 .

lakukan verifikasi akses Kubernetes cluster dengan CLI kubectl
aws eks --region ap-southeast-1 update-kubeconfig --name cluster-sapawarga-sg
Konfigurasi Context di kubeconfig
kubeconfig
TBD
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 6d
selesai. enjoy orchestrating.
Install Ingress EKS L7
System requirements
AWS EKS cluster sudah dibuat
Sudah meng-install
kubectl
with context cluster
Inisiasi Ingress
Langkah pertama , lakukan inisiasi ingress pada cluster
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
Buat file `service-l7.yaml` sebagai berikut
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
# replace with the correct value of the generated certificate in the AWS console
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:924939894012:certificate/9f880639-7e47-41f4-bd9e-ed1f05616f1d"
# the backend instances are HTTP
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
# Map port 443
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
# increased to '3600' to avoid any potential issues.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
---
Jalankan command di bawah ini
kubectl apply -f service-l7.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l7.yaml
Konfigurasi SSL
untuk file service-l7.yaml sudah di include dengan certificate ssl. untuk menggenarate ssl dapat melakukan langkah dibawah ini
https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/
lalu akan mendapatkan "role id arn certificate"
lakukan pengecekan ingress pada cluster aws eks dengan command
kubect get service -n ingress-nginx
Maka akan mendapat response
ingress-nginx ingress-nginx LoadBalancer 10.100.167.233 ae94bbdd7de7b11e9a5e7069be407832-960182193.ap-southeast-1.elb.amazonaws.com 80:32055/TCP,443:31346/TCP 5h16m
Last updated