Setting Up an AWS EKS Cluster and Deploying Microservices with Network Load Balancing

Introduction of Kubernetes:

Kubernetes is an open source orchestration tool developed by Google for managing microservices or containerized applications across a distributed cluster of nodes.

Kubernetes provides highly resilient infrastructure with zero downtime deployment capabilities, automatic rollback, scaling, and self-healing of containers (which consists of auto-placement, auto-restart, auto-replication , and scaling of containers based on metrics)

Kubernetes Components and Architecture:

API Server:

The main purpose of the API server in Kubernetes is to receive and process API calls in the form of HTTP requests. These requests are either from other components in the Kubernetes system or they are end-user requests.

Master Node Components:

Kube-api-server : Kubernetes API server is the central management entity that receives all REST requests for modifications (to pods, services, replication sets/controllers and others), serving as frontend to the cluster.

Kube-controller-manager: Runs a number of distinct controller processes in the background (for example, replication controller controls number of replicas in a pod, endpoints controller populates endpoint objects like services and pods, and others) to regulate the shared state of the cluster and perform routine tasks.

Kube-scheduler : Helps schedule the pods (a co-located group of containers inside which our application processes are running) on the various nodes based on resource utilization. It reads the service’s operational requirements and schedules it on the best fit node. For example, if the application needs 1GB of memory and 2 CPU cores, then the pods for that application will be scheduled on a node with at least those resources.

Eksctl and Kubectl Installation:

Eksctl:- eksctl is a command line tool for creating and managing clusters on EKS — Amazon’s managed Kubernetes service for EC2. It is written in Go, uses CloudFormation, was created by Weaveworks and it welcomes contributions from the community.

Kubectl:- It is also a command line tool that interacts with kube-apiserver and send commands to the master node. Each command is converted into an API call.

Installation of eksctl and kubectl,

• https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
• https://github.com/weaveworks/eksctl/blob/main/README.md#installation
• https://kubernetes.io/docs/tasks/tools/

Deployment ,Service and nginx-ingress for your application YML files,

Pod : Generally refers to one or more containers that should be controlled as a single application. A pod encapsulates application containers, storage resources, a unique network ID and other configuration on how to run the containers.

Service : Pods are volatile, that is Kubernetes does not guarantee a given physical pod will be kept alive. Instead, a service represents a logical set of pods and acts as a gateway, allowing (client) pods to send requests to the service without needing to keep track of which physical pods actually make up the service.

Deployment : Describes the desired state of a pod or a replica set, in a yaml file. The deployment controller then gradually updates the environment until the current state matches the desired state specified in the deployment file.

Kubernetes Pod:

● Small group of containers
● Tightly coupled
● Shared namespace
• Share IP address &
• Unique network ID
Managed lifecycle,
• bound to a node, restart in place
• can die, cannot be reborn with same ID

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  lables:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    - containers: 80

Kubernetes Service :

A Kubernetes service is a logical abstraction for a deployed group of pods in a cluster . Since a service enables a group of pods, which provide specific functions to be assigned a name and unique IP address.

apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  namespace: nginx
  labels:
    app.kubernetes.io/name: my-nginx
spec:
  selector:
    app: my-nginx
  ports:
  - name: my-nginx
    port: 80
    targetPort: 80
  type: ClusterIP

Kubernetes Deployment:

A Kubernetes Deployment is used to tell Kubernetes how to create or modify instances of the pods that hold a containerized application. Deployments can scale the number of replica pods, enable rollout of updated code in a controlled manner, or roll back to an earlier deployment version if necessary.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
  namespace: nginx
  labels:
    app.kubernetes.io/name: my-nginx
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 50% # 10 - old 1 - new
      maxUnavailable: 25%
  selector:
    matchLabels:
      app: my-nginx
  template:
    metadata:
      labels:
        app: my-nginx
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
      containers:
      - name: my-nginx
        image: <image_URL>
        ports:
        - containerPort: 80
        resources:
          limits:
            cpu: 500m
            memory: 200Mi
          requests:
            cpu: 500m
            memory: 200Mi

Metric server installation:

● Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
● Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API for use by Horizontal Pod Autoscaler and Vertical Pod Autoscaler.

Installing Metric server using this command,

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

Install a LoadBalancer Controller

● AWS Load Balancer Controller is a controller to help manage Elastic Load Balancers for a Kubernetes cluster.
● It satisfies Kubernetes Ingress resources by provisioning Application Load Balancers.
● It satisfies Kubernetes Service resources by provisioning Network Load Balancers.

Installing AWS LoadBalancer Controller using this command,

helm upgrade -i aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ - set clusterName="<cluster_name>" \ - set serviceAccount.create=false \ - set serviceAccount.name=aws-load-balancer-controller

Installing Helm repo ginx and nginx ingress controller:

● Kubernetes deployment tool for automating creation, packaging, configuration, and deployment of applications and services to Kubernetes clusters.

Add a helm repo,

helm repo add nginx-stable https://helm.nginx.com/stable

Install a nginx-ingress controller,

helm upgrade -i nginx nginx-stable/nginx-ingress -n nginx-system - create-namespace -f nginx-ingress.yml

Nginx-Ingress:

Kubernetes Ingress is an API object that provides routing rules to manage external users’ access to the services in a Kubernetes cluster.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-nginx
  namespace: nginx
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.org/redirect-to-https: "true"
    nginx.org/server-tokens: "false"
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
   tls:
   - hosts:
      - "test.example.com"
   ingressClassName: nginx
   rules:
   - host: "test.example.com"
     http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service: 
            name:  my-nginx
            port:
              number: 80

Install Cert-manager for SSL certificate:

helm repo add jetstack https://charts.jetstack.io
helm repo update

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.11.0 \
  # --set installCRDs=true

Get SSL certificate for our application:

certificate.yml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nginx-tls
  namespace: nginx
spec:
  secretName: nginx-tls
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-prod
  dnsNames:
    - "test.example.com"
  privateKey:
    algorithm: RSA
    size: 4096

cluster-issuer.yml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: test@developer.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - dns01:
        route53:
          hostedZoneID: <r53_HOSTZONE_ID>
          region: <region>
      selector:
        dnsZones:
        - "example.com"

Debug a SSL certificate:

kubectl describe certificate.cert-manager.io/nginx-tls -n nginx
kubectl describe certficaterequest nginx-tls-4vtls -n nginx
kubectl describe order nginx-tls-9wmsw-2649678118 -n nginx