Git Product home page Git Product logo

junchil / eks-cluster Goto Github PK

View Code? Open in Web Editor NEW
8.0 1.0 3.0 47.2 MB

Deploy golang and python apps in EKS cluster (mix EC2 and Fargate), service meshing using Istio, ALB Ingress, Terraform, Helm, golang admission controller, golang kubernetes operator

License: MIT License

Makefile 13.62% Dockerfile 2.31% Python 0.11% Mustache 1.28% HCL 35.76% Shell 7.71% Go 39.20% HTML 0.01%
eks kubernetes terraform alb helm-charts external-dns istio canary-deployment istio-ingress adminssion-controller

eks-cluster's Introduction

eks-cluster

.github/workflows/aws.yml

Cluster external endpoints:

diagram

diagram

The CICD pipeline can be found here: https://github.com/junchil/eks-cluster/actions

Github secrets

diagram

Overview:

  • Host web application inside aws eks cluster using alb + nginx ingress.
  • CICD using github action
  • Terraform for provision aws resources
  • Helm charts for managing eks cluster

Table of Contents

AWS

Overview: diagram

VPC:

  • In the vpc module, it create two subnets: public subnets, private subnets.
  • Public subnets are public to internet. They are connected to Internet gateway.
  • Private subnets are private. They are connected to NAT gateway for getting internet traffic.
  • Bastion host sits in the public subnets.
  • Amazon EKS is using both public subnets and private subnets.
  • Kubernetes worker nodes sit in private subnets.
  • For saving money, the terraform doesn't provide ASG for bastion host, and nat gateway in each AZs. diagram diagram

EKS Cluster:

ALB: diagram

Bastion host:

  • Bastion host is a single vm which sits in the public subnets. It is used for managing the kubernetes work nodes if there is a need.
  • SSH port 22 is enabled in bastion host vm.

Helm charts

diagram

  • Kubernetes ingress resources by provisioning Application Load Balancers with aws-alb-ingress-controller
  • Auto DNS entry with external-dns. The following two records are automatically generated by it. diagram
  • Ingress controller that uses ConfigMap to store the nginx configuration. nginx-ingress
  • SSL Enable
  • Hostname -> routing rules
  • Can support multiple ingress class kubernetes-ingress
 ~/g/s/gi/j/eks-cluster/i/t/eks | main !2 ?1  kubectl get po             INT | 33m 48s | aws kube | 15:19:05 
NAME                                            READY   STATUS    RESTARTS   AGE
eksapp-albcontroller-74bb58b9fc-2blj9           1/1     Running   0          49m
eksapp-externaldns-595b9688fc-wwk9r             1/1     Running   0          49m
eksapp-golang-app-bfd857976-kwvr4               1/1     Running   0          59m
eksapp-nginx-controller-7c88f9d586-qj6hg        1/1     Running   0          59m
eksapp-nginx-default-backend-566b98cbf8-d2ndp   1/1     Running   0          59m
eksapp-postgresql-0                             1/1     Running   0          59m
eksapp-python-app-5d55d98fbb-6wfc5              1/1     Running   0          59m
eksapp-testbox-c8cbff867-rrzw5                  1/1     Running   0          59m

 ~/g/s/gi/j/eks-cluster/i/t/eks | main !2 ?1  kubectl get deploy               ok | 3s | aws kube | 15:19:12 
NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
eksapp-albcontroller           1/1     1            1           59m
eksapp-externaldns             1/1     1            1           59m
eksapp-golang-app              1/1     1            1           59m
eksapp-nginx-controller        1/1     1            1           59m
eksapp-nginx-default-backend   1/1     1            1           59m
eksapp-python-app              1/1     1            1           59m
eksapp-testbox                 1/1     1            1           59m

 ~/g/s/gi/j/eks-cluster/i/t/eks | main !2 ?1  kubectl get svc                       ok | aws kube | 15:19:32 
NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
eksapp-externaldns             ClusterIP   172.20.29.85     <none>        7979/TCP                     59m
eksapp-golang-app              NodePort    172.20.164.156   <none>        3000:32243/TCP               59m
eksapp-nginx-controller        NodePort    172.20.181.188   <none>        80:32044/TCP,443:31277/TCP   59m
eksapp-nginx-default-backend   ClusterIP   172.20.189.204   <none>        80/TCP                       59m
eksapp-postgresql              ClusterIP   172.20.184.216   <none>        5432/TCP                     59m
eksapp-postgresql-headless     ClusterIP   None             <none>        5432/TCP                     59m
eksapp-python-app              NodePort    172.20.72.232    <none>        5000:31646/TCP               59m
kubernetes                     ClusterIP   172.20.0.1       <none>        443/TCP                      64m

 ~/g/s/gi/j/eks-cluster/i/t/eks | main !2 ?1  kubectl get ingress                   ok | aws kube | 15:19:48 
NAME                 CLASS    HOSTS   ADDRESS                                                                       PORTS   AGE
eksapp-elb-ingress   <none>   *       82b8615f-default-eksappelb-9823-1389826350.ap-southeast-2.elb.amazonaws.com   80      60m
eksapp-golang-app    <none>   *       10.0.228.159                                                                  80      60m
eksapp-python-app    <none>   *       10.0.228.159                                                                  80      60m

 ~/go/src/github.com/junchil/eks-cluster/infra/terraform/eks | main !2 ?1  kubectl get nodes                                                               ok | aws kube | 15:20:07 
NAME                                              STATUS   ROLES    AGE   VERSION
ip-10-0-228-159.ap-southeast-2.compute.internal   Ready    <none>   61m   v1.20.4-eks-6b7464
ip-10-0-232-67.ap-southeast-2.compute.internal    Ready    <none>   61m   v1.20.4-eks-6b7464
ip-10-0-238-13.ap-southeast-2.compute.internal    Ready    <none>   61m   v1.20.4-eks-6b7464

 ~/g/s/gi/j/eks-cluster/infra/terraform/eks | main !2 ?1  kubectl get storageclass                                                                         ok | aws kube | 15:20:58 
NAME            PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
gp2 (default)   kubernetes.io/aws-ebs   Delete          WaitForFirstConsumer   false                  65m

eks-cluster's People

Contributors

junchil avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

david-altea epicsagas truongpx396

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.