Deployment di AWS EKS

Dokumentasi deployment di AWS EKS

PreviousDevOps NextCascade Permission

Last updated 5 years ago

Deployment di AWS EKS

Dokumentasi deployment di AWS EKS

Create Cluster AWS EKS using `eksctl`

System Requirements

Installed awscli (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
IAM with administratoraccess (https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html)
installed eksctl (https://eksctl.io/introduction/installation/)
installed kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux)

Inisiasi `awscli`

Pada langkah awal lakukan inisiasi awscli dengan IAM Users yang memiliki policy AdministratorAccess seperti gambar di bawah.

lalu lakukan configure untuk awscli dengan menggunakan

aws configure
AWS Access Key ID [****************NT5Q]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [****************9mlg]: <YOUR_SECRET_KEY>
Default region name [ap-southeast-1]: <YOUR_REGION>
Default output format [json]:

lakukan pengecekan apabila konfigurasi sudah benar dengan command

aws eks list-clusters

{
    "clusters": [
    ]
}

Create Cluster

Apabila sudah dapat melakukan list eks cluster seperti response diatas, maka langsung lakukan create cluster dengan eksctl. Langkah pertama create file cluster.yaml

cluster.yaml

---
apiVersion: eksctl.io/v1alpha5

kind: ClusterConfig

metadata:
  name: cluster-sapawarga-sg
  region: ap-southeast-1

nodeGroups:
  - name: node-cluster-sapawarga
    instanceType: m5.large
    desiredCapacity: 2

cloudWatch:
    clusterLogging:
        # enable specific types of cluster control plane logs
        enableTypes: ["audit", "authenticator", "controllerManager"]

lalu jalankan command berikut

eksctl create cluster -f simple-cluster.yaml

tunggu beberapa saat dan cek dashboard Console AWS di Services > EC2 .

lakukan verifikasi akses Kubernetes cluster dengan CLI kubectl

aws eks --region ap-southeast-1 update-kubeconfig --name cluster-sapawarga-sg

Konfigurasi Context di `kubeconfig`

TBD

kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   6d

selesai. enjoy orchestrating.

Install Ingress EKS L7

System requirements

AWS EKS cluster sudah dibuat
Sudah meng-install kubectl with context cluster

Inisiasi Ingress

Langkah pertama , lakukan inisiasi ingress pada cluster

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

Buat file `service-l7.yaml` sebagai berikut


kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  annotations:
    # replace with the correct value of the generated certificate in the AWS console
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:924939894012:certificate/9f880639-7e47-41f4-bd9e-ed1f05616f1d"
    # the backend instances are HTTP
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    # Map port 443
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
    # increased to '3600' to avoid any potential issues.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

---

Jalankan command di bawah ini

kubectl apply -f service-l7.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l7.yaml

Konfigurasi SSL

untuk file service-l7.yaml sudah di include dengan certificate ssl. untuk menggenarate ssl dapat melakukan langkah dibawah ini

https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/

lalu akan mendapatkan "role id arn certificate"

lakukan pengecekan ingress pada cluster aws eks dengan command

kubect get service -n ingress-nginx

Maka akan mendapat response

ingress-nginx   ingress-nginx        LoadBalancer   10.100.167.233   ae94bbdd7de7b11e9a5e7069be407832-960182193.ap-southeast-1.elb.amazonaws.com   80:32055/TCP,443:31346/TCP   5h16m

PreviousDevOps NextCascade Permission

Last updated 5 years ago

Create Cluster AWS EKS using `eksctl`

System Requirements

Installed awscli (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
IAM with administratoraccess (https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html)
installed eksctl (https://eksctl.io/introduction/installation/)
installed kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux)

Inisiasi `awscli`

Pada langkah awal lakukan inisiasi awscli dengan IAM Users yang memiliki policy AdministratorAccess seperti gambar di bawah.

lalu lakukan configure untuk awscli dengan menggunakan

aws configure
AWS Access Key ID [****************NT5Q]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [****************9mlg]: <YOUR_SECRET_KEY>
Default region name [ap-southeast-1]: <YOUR_REGION>
Default output format [json]:

lakukan pengecekan apabila konfigurasi sudah benar dengan command

aws eks list-clusters

{
    "clusters": [
    ]
}

Create Cluster

Apabila sudah dapat melakukan list eks cluster seperti response diatas, maka langsung lakukan create cluster dengan eksctl. Langkah pertama create file cluster.yaml

cluster.yaml

---
apiVersion: eksctl.io/v1alpha5

kind: ClusterConfig

metadata:
  name: cluster-sapawarga-sg
  region: ap-southeast-1

nodeGroups:
  - name: node-cluster-sapawarga
    instanceType: m5.large
    desiredCapacity: 2

cloudWatch:
    clusterLogging:
        # enable specific types of cluster control plane logs
        enableTypes: ["audit", "authenticator", "controllerManager"]

lalu jalankan command berikut

eksctl create cluster -f simple-cluster.yaml

tunggu beberapa saat dan cek dashboard Console AWS di Services > EC2 .

lakukan verifikasi akses Kubernetes cluster dengan CLI kubectl

aws eks --region ap-southeast-1 update-kubeconfig --name cluster-sapawarga-sg

Konfigurasi Context di `kubeconfig`

TBD

kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.100.0.1   <none>        443/TCP   6d

selesai. enjoy orchestrating.

Install Ingress EKS L7

System requirements

AWS EKS cluster sudah dibuat
Sudah meng-install kubectl with context cluster

Inisiasi Ingress

Langkah pertama , lakukan inisiasi ingress pada cluster

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

Buat file `service-l7.yaml` sebagai berikut


kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  annotations:
    # replace with the correct value of the generated certificate in the AWS console
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-southeast-1:924939894012:certificate/9f880639-7e47-41f4-bd9e-ed1f05616f1d"
    # the backend instances are HTTP
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
    # Map port 443
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
    # Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
    # NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
    # increased to '3600' to avoid any potential issues.
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

---

Jalankan command di bawah ini

kubectl apply -f service-l7.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/patch-configmap-l7.yaml

Konfigurasi SSL

untuk file service-l7.yaml sudah di include dengan certificate ssl. untuk menggenarate ssl dapat melakukan langkah dibawah ini

https://aws.amazon.com/premiumsupport/knowledge-center/import-ssl-certificate-to-iam/

lalu akan mendapatkan "role id arn certificate"

lakukan pengecekan ingress pada cluster aws eks dengan command

kubect get service -n ingress-nginx

Maka akan mendapat response

ingress-nginx   ingress-nginx        LoadBalancer   10.100.167.233   ae94bbdd7de7b11e9a5e7069be407832-960182193.ap-southeast-1.elb.amazonaws.com   80:32055/TCP,443:31346/TCP   5h16m

Create Cluster AWS EKS using eksctl

System Requirements

Inisiasi awscli

Create Cluster

Konfigurasi Context di kubeconfig

Install Ingress EKS L7

System requirements

Inisiasi Ingress

Konfigurasi SSL

Create Cluster AWS EKS using eksctl

System Requirements

Inisiasi awscli

Create Cluster

Konfigurasi Context di kubeconfig

Install Ingress EKS L7

System requirements

Inisiasi Ingress

Konfigurasi SSL

Create Cluster AWS EKS using `eksctl`

Inisiasi `awscli`

Konfigurasi Context di `kubeconfig`

Create Cluster AWS EKS using `eksctl`

Inisiasi `awscli`

Konfigurasi Context di `kubeconfig`