Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane.
Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.
Amazon EKS runs Kubernetes control plane instances across multiple Availability Zones to ensure high availability. Amazon EKS automatically detects and replaces unhealthy control plane instances, and it provides automated version upgrades and patching for them.
Amazon EKS is also integrated with many AWS services to provide scalability and security for your applications, including the following:
• Amazon ECR for container images • Elastic Load Balancing for load distribution • IAM for authentication • Amazon VPC for isolation
Amazon EKS runs a single tenant Kubernetes control plane for each cluster, and control plane infrastructure is not shared across clusters or AWS accounts.
This control plane consists of at least two API server nodes and three etcd nodes that run across three Availability Zones within a Region. Amazon EKS automatically detects and replaces unhealthy control plane instances, restarting them across the Availability Zones within the Region as needed. Amazon EKS leverages the architecture of AWS Regions in order to maintain high availability. Because of this, Amazon EKS is able to offer an SLA for API server endpoint availability.
Amazon EKS uses Amazon VPC network policies to restrict traffic between control plane components to within a single cluster. Control plane components for a cluster cannot view or receive communication from other clusters or other AWS accounts, except as authorized with Kubernetes RBAC policies. This secure and highly available configuration makes Amazon EKS reliable and recommended for production workloads.
- Command Line – eksctl
- Management Console – Manually create from the console or using cloud formation console
https://awscli.amazonaws.com/AWSCLIV2.msi
- Run the downloaded MSI installer and follow the onscreen instructions. By default, the AWS CLI install c:/Programfiles/
Create an IAM user and configure AWS, put below detail, more info https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
Also download eksctl to work with EKS cluster
Once you downloaded you can write a yaml based config file and deploy this to AWS
Use - eksctl create -f cluster.yml
this will take 5-10 min to deploy and launch. Behind the scene Cloud Formation stack will do the setup for you, networking,SG, etc….
You will see 3 nodes are deployed by EKS for you using Cloud Formation stack
Now lets see using kubectl command to interact with the cluster and nodes
If you want to see what node contain. You can use describe command to see
Use kubectl describe node (nodeid)
Let’s create a namespace to mange the resources(rs/deployment) and policies which we are going to set on the nodes in it with a secure token
kubectl create ns nameofyourchoice
Now Let’s create a deployment with a httpd image at my docker hub account
Kubectl create deployment apachewebserver1 –image=himashu07/apacheweb:latest
You can check your POD should be running using – kubectl get pods
IF you need to check on which node this pod has been launched in AWS EKS. Check out Node IP
Kubectl get pods -o wide
You can scale your deployment so that you have scalability of your pods, Once you scale your deployment, behind the scene EKS Master deploy the pods on differen nodes so that you have all time availability of your pods. Scheduler is the service on the Master which will place the pods on separate nodes.
Kubectl scale deployment apachewebserver1 –replicas=4
Let’s expose the deployment(port 80) so that apache web server can be access outside world and this is backed by LB to share web server load. If you check the service you can grab the external IP and access it. Kubectl expose deployment apachewebserver1 –type=LoadBalancer –port=80
Let’s create a new deployment with a new apache web server image
kubectl create deployment apachewebserver --image=vimal13/apache-webserver-php
I will create a new index.php page and replace the existing index.php folder inside this pod. My page is running @ cd /var/www/html and I will copy a new page here. Once you deploy a new page will be display to you at your LB external IP
kubectl cp index.php apachewebserver-86bb9d8c54-vqzzp:/var/www/html/index.php
But this storage is ephemeral(temporary), as soon as this pod down you will lose this page So, I need a permanent storage/page for this. So, I am going to attach a persistent storage to it. Storage options are Block. File, object. I’ll attach block storage to this POD and mount this to pod web page location. Storage attach is external hard disk so even if pod down data is there. In AWS we have EBS so we will connect EBS volume to this POD.
I’ll create an yml file for PVC storage on EKS cluster. And deploy this pvc Kubectl create -f pvc.yml
But you will see PV is not created. Why ? because storage class is the one who create HDD. Acc to storage class has one annotation, that volume binding mode wait for first consumer. Anyone uses this gp2 they get storage from ebs. So once pod request for this they will create a PV and attach it. I’ll edit the deployment and attach the persistentvolume to this PVC
Let’s now create a new Storage Class
Once Storage Class is created, we need to attach this to PVC so that it uses new IO StorageClass
Now you have PV created and permanent as reclaim policy is retaining. You can mount this to any other node as well.