Lab 1 EKS
1: IAM Instance EC2 Role, admin access
2: SETTINGS
export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region')
test -n "$AWS_REGION" && echo AWS_REGION is "$AWS_REGION" || echo AWS_REGION is not set
echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile
echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile
aws configure set default.region ${AWS_REGION}
aws configure get default.region
aws sts get-caller-identity --query Arn | grep eksworkshop-admin -q && echo "IAM role valid" || echo "IAM role NOT valid"
-
create Key Pair
-
create KMS custom managed key
aws kms create-alias --alias-name alias/eksworkshop --target-key-id $(aws kms create-key --query KeyMetadata.Arn --output text)
export MASTER_ARN=$(aws kms describe-key --key-id alias/eksworkshop --query KeyMetadata.Arn --output text)
echo "export MASTER_ARN=${MASTER_ARN}" | tee -a ~/.bash_profile
- install eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv -v /tmp/eksctl /usr/local/bin
- Confirm the eksctl command works:
eksctl version
- Enable eksctl bash-completion
eksctl completion bash >> ~/.bash_completion
. /etc/profile.d/bash_completion.sh
. ~/.bash_completion
- test IAM Role and validate that your Arn contains and an Instance Id
aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}
3: Create an EKS cluster
cat << EOF > eksworkshop.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: eksworkshop-eksctl
region: ${AWS_REGION}
managedNodeGroups:
- name: nodegroup
desiredCapacity: 3
iam:
withAddonPolicies:
albIngress: true
secretsEncryption:
keyARN: ${MASTER_ARN}
EOF
create cluster command
eksctl create cluster -f eksworkshop.yaml
4: Test the cluster:
$ aws eks --region us-east-1 update-kubeconfig --name EKSCCortez
Get cluster nodes
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-192-168-17-115.us-east-2.compute.internal Ready <none> 67m v1.15.10-eks-bac369
ip-192-168-42-126.us-east-2.compute.internal Ready <none> 67m v1.15.10-eks-bac369
ip-192-168-68-123.us-east-2.compute.internal Ready <none> 67m v1.15.10-eks-bac369
[ec2-user@ip-172-31-5-35 ~]$
5: INSTALL A DEMO APP ON KUBERNETES
Guestbook app written in PHP and using Redis for storing guest entries.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-master-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/redis-slave-service.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-controller.json
kubectl apply -f https://raw.githubusercontent.com/kubernetes/examples/master/guestbook-go/guestbook-service.json
get pods
[ec2-user@ip-172-31-5-35 ~]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
guestbook-fg5q9 0/1 Pending 0 4h57m
guestbook-lr6w9 0/1 Pending 0 4h57m
guestbook-rmxdm 0/1 Pending 0 4h57m
redis-master-7bs4q 0/1 Pending 0 4h57m
redis-slave-dg2kg 0/1 Pending 0 4h57m
redis-slave-mfwwf 0/1 Pending 0 4h57m
describe pods
$ kubectl describe pods
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default guestbook-kc7z7 1/1 Running 0 45m
default guestbook-qdkpv 1/1 Running 0 45m
default guestbook-wp44s 1/1 Running 0 45m
default redis-master-tgd9f 1/1 Running 0 45m
default redis-slave-25z8n 1/1 Running 0 45m
default redis-slave-qkgbk 1/1 Running 0 45m
kube-system aws-node-7fm2b 1/1 Running 0 53m
kube-system aws-node-kq796 1/1 Running 0 53m
kube-system aws-node-ls4xt 1/1 Running 0 53m
kube-system coredns-5fb4bd6df8-s6vpr 1/1 Running 0 57m
kube-system coredns-5fb4bd6df8-x5244 1/1 Running 0 57m
kube-system kube-proxy-7dn58 1/1 Running 0 53m
kube-system kube-proxy-lgtv2 1/1 Running 0 53m
kube-system kube-proxy-xgjdn 1/1 Running 0 53m
get nodes
$ kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
ip-192-168-17-115.us-east-2.compute.internal Ready <none> 50m v1.15.10-eks-bac369 alpha.eksctl.io/cluster-name=eksworkshop-eksctl,alpha.eksctl.io/nodegroup-name=nodegroup,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=m5.large,beta.kubernetes.io/os=linux,eks.amazonaws.com/nodegroup-image=ami-08880278b3cac5832,eks.amazonaws.com/nodegroup=nodegroup,failure-domain.beta.kubernetes.io/region=us-east-2,failure-domain.beta.kubernetes.io/zone=us-east-2b,kubernetes.io/arch=amd64,kubernetes.io/hostname=ip-192-168-17-115.us-east-2.compute.internal,kubernetes.io/os=linux
ip-192-168-42-126.us-east-2.compute.internal Ready <none> 50m v1.15.10-eks-bac369 alpha.eksctl.io/cluster-name=eksworkshop-eksctl,alpha.eksctl.io/nodegroup-name=nodegroup,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=m5.large,beta.kubernetes.io/os=linux,eks.amazonaws.com/nodegroup-image=ami-08880278b3cac5832,eks.amazonaws.com/nodegroup=nodegroup,failure-domain.beta.kubernetes.io/region=us-east-2,failure-domain.beta.kubernetes.io/zone=us-east-2a,kubernetes.io/arch=amd64,kubernetes.io/hostname=ip-192-168-42-126.us-east-2.compute.internal,kubernetes.io/os=linux
ip-192-168-68-123.us-east-2.compute.internal Ready <none> 50m v1.15.10-eks-bac369 alpha.eksctl.io/cluster-name=eksworkshop-eksctl,alpha.eksctl.io/nodegroup-name=nodegroup,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/instance-type=m5.large,beta.kubernetes.io/os=linux,eks.amazonaws.com/nodegroup-image=ami-08880278b3cac5832,eks.amazonaws.com/nodegroup=nodegroup,failure-domain.beta.kubernetes.io/region=us-east-2,failure-domain.beta.kubernetes.io/zone=us-east-2c,kubernetes.io/arch=amd64,kubernetes.io/hostname=ip-192-168-68-123.us-east-2.compute.internal,kubernetes.io/os=linux
another way to get pods
$ kubectl get po --show-labels
NAME READY STATUS RESTARTS AGE LABELS
guestbook-kc7z7 1/1 Running 0 30m app=guestbook
guestbook-qdkpv 1/1 Running 0 30m app=guestbook
guestbook-wp44s 1/1 Running 0 30m app=guestbook
redis-master-tgd9f 1/1 Running 0 31m app=redis,role=master
redis-slave-25z8n 1/1 Running 0 31m app=redis,role=slave
red```
### view the kube config file
$ vim .kube/config
### get services
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
guestbook LoadBalancer 10.100.181.57 acca42460a222450992ad93a597fe11f-494034622.us-east-2.elb.amazonaws.com 3000:31115/TCP 24m
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 36m
redis-master ClusterIP 10.100.246.73 <none> 6379/TCP 24m
redis-slave ClusterIP 10.100.255.129 <none> 6379/TCP 24m
get namespaces
$ kubectl get ns
NAME STATUS AGE
default Active 40m
kube-node-lease Active 40m
kube-public Active 40m
kube-system Active 40m
$ kubectl get events --all-namespaces
NAMESPACE LAST SEEN TYPE REASON OBJECT MESSAGE
default 24m Normal Scheduled pod/guestbook-kc7z7 Successfully assigned default/guestbook-kc7z7 to ip-192-168-17-115.us-east-2.compute.internal
default 24m Normal Pulling pod/guestbook-kc7z7 Pulling image "k8s.gcr.io/guestbook:v3"
default 24m Normal Pulled pod/guestbook-kc7z7 Successfully pulled image "k8s.gcr.io/guestbook:v3"
default 24m Normal Created pod/guestbook-kc7z7 Created container guestbook
default 24m Normal Started pod/guestbook-kc7z7 Started container guestbook
default 24m Normal Scheduled pod/guestbook-qdkpv Successfully assigned default/guestbook-qdkpv to ip-192-168-42-126.us-east-2.compute.internal
default 24m Normal Pulling pod/guestbook-qdkpv Pulling image "k8s.gcr.io/guestbook:v3"
default 24m Normal Pulled pod/guestbook-qdkpv Successfully pulled image "k8s.gcr.io/guestbook:v3"
default 24m Normal Created pod/guestbook-qdkpv Created container guestbook
Another Example: NGINX with 3 Replicas
run Nginx from scratch in 5 mins
$ kubectl run nginx --image nginx --replicas 3 --port 80
deployment.apps/nginx created
expose service
$ kubectl expose deployment nginx --type=LoadBalancer
service/nginx exposed
get services
$ kubectl get services -o=wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
guestbook LoadBalancer 10.100.181.57 acca42460a222450992ad93a597fe11f-494034622.us-east-2.elb.amazonaws.com 3000:31115/TCP 3h47m app=guestbook
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 3h59m <none>
nginx LoadBalancer 10.100.46.84 aec9f297b0c434da2b1f67dfb90de0e6-1071448948.us-east-2.elb.amazonaws.com 80:30507/TCP 14s run=nginx
redis-master ClusterIP 10.100.246.73 <none> 6379/TCP 3h47m app=redis,role=master
redis-slave ClusterIP 10.100.255.129 <none> 6379/TCP 3h47m app=redis,role=slave
get nodes
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-192-168-17-115.us-east-2.compute.internal Ready <none> 3h55m v1.15.10-eks-bac369
ip-192-168-42-126.us-east-2.compute.internal Ready <none> 3h55m v1.15.10-eks-bac369
ip-192-168-68-123.us-east-2.compute.internal Ready <none> 3h55m v1.15.10-eks-bac369
bonus: cheat sheet from linux academy
Cheat Sheet https://linuxacademy.com/site-content/uploads/2019/04/Kubernetes-Cheat-Sheet_07182019.pdf