EKS Mixed Mode Deployment Fargate Serverless & EC2 Worker Nodes - 3 Apps ¶
Step-01: What are we going to learn? ¶
- We are going to learn about writing Fargate Profiles using YAML wherein with YAML we can create multiple fargate profiles at a time.
- Understand about
namespaces and labelsinfargate profiles - Deploy 3 Apps in a mixed Mode
- 2 Apps to 2 different Fargate Profiles
- 1 App to EKS EC2 Manged Node Group
- Test and clean-up
- Refer Presentation from slide 116 onwards
Step-02: Create Advanced Fargate Profile with yml ¶
Create Fargate Profile manifest ¶
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: eksdemo1 # Name of the EKS Cluster
region: us-east-1
fargateProfiles:
- name: fp-app2
selectors:
# All workloads in the "ns-app2" Kubernetes namespace will be
# scheduled onto Fargate:
- namespace: ns-app2
- name: fp-ums
selectors:
# All workloads in the "ns-ums" Kubernetes namespace matching the following
# label selectors will be scheduled onto Fargate:
- namespace: ns-ums
labels:
runon: fargate
Step-03: Create Fargate Profiles using YAML files ¶
# Create Fargate Profiles using YAML file
eksctl create fargateprofile -f kube-manifests/01-Fargate-Advanced-Profiles/01-fargate-profiles.yml
Step-04: Get list of Fargate profiles ¶
# List Fargate profiles
eksctl get fargateprofile --cluster eksdemo1
# View in yaml format
eksctl get fargateprofile --cluster eksdemo1 -o yaml
Kubernetes Manifests - App1 ¶
#01-namespace.yml
apiVersion: v1
kind: Namespace
metadata:
name: ns-app1
# Apps deployed in this namespace will run on a EC2 Managed Node Group
#02-Nginx-App1-Deployment-and-NodePortService.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app1-nginx-deployment
labels:
app: app1-nginx
namespace: ns-app1
spec:
replicas: 2
selector:
matchLabels:
app: app1-nginx
template:
metadata:
labels:
app: app1-nginx
spec:
containers:
- name: app1-nginx
image: stacksimplify/kube-nginxapp1:1.0.0
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "500m"
limits:
memory: "500Mi"
cpu: "1000m"
---
apiVersion: v1
kind: Service
metadata:
name: app1-nginx-nodeport-service
labels:
app: app1-nginx
namespace: ns-app1
annotations:
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
alb.ingress.kubernetes.io/healthcheck-path: /app1/index.html
spec:
type: NodePort
selector:
app: app1-nginx
ports:
- port: 80
targetPort: 80
#03-ALB-Ingress-SSL-Redirect-with-ExternalDNS.yml
# Annotations Reference: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app1-ingress-service
labels:
app: app1-nginx
namespace: ns-app1
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
#alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
## SSL Settings
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1
#alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)
# SSL Redirect Setting
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
# External DNS - For creating a Record Set in Route53
external-dns.alpha.kubernetes.io/hostname: app1.kubeoncloud.com
spec:
rules:
- http:
paths:
- path: /* # SSL Redirect Setting
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: app1-nginx-nodeport-service
servicePort: 80
# Important Note-1: In path based routing order is very important, if we are going to use "/*", try to use it at the end of all rules.
Kubernetes Manifests - App2 ¶
#01-namespace.yml
apiVersion: v1
kind: Namespace
metadata:
name: ns-app2
# Apps deployed in this namespace will run on a Fargate fp-app2
#02-Nginx-App2-Deployment-and-NodePortService.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app2-nginx-deployment
labels:
app: app2-nginx
namespace: ns-app2
spec:
replicas: 2
selector:
matchLabels:
app: app2-nginx
template:
metadata:
labels:
app: app2-nginx
spec:
containers:
- name: app2-nginx
image: stacksimplify/kube-nginxapp2:1.0.0
ports:
- containerPort: 80
resources:
requests:
memory: "128Mi"
cpu: "500m"
limits:
memory: "500Mi"
cpu: "1000m"
---
apiVersion: v1
kind: Service
metadata:
name: app2-nginx-nodeport-service
labels:
app: app2-nginx
namespace: ns-app2
annotations:
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
alb.ingress.kubernetes.io/healthcheck-path: /app2/index.html
# For Fargate
alb.ingress.kubernetes.io/target-type: ip
spec:
type: NodePort
selector:
app: app2-nginx
ports:
- port: 80
targetPort: 80
#03-ALB-Ingress-SSL-Redirect-with-ExternalDNS.yml
# Annotations Reference: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app2-ingress-service
labels:
app: app2-nginx
namespace: ns-app2
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
#alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
## SSL Settings
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1
#alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)
# SSL Redirect Setting
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
# External DNS - For creating a Record Set in Route53
external-dns.alpha.kubernetes.io/hostname: app2.kubeoncloud.com
# For Fargate
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /* # SSL Redirect Setting
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: app2-nginx-nodeport-service
servicePort: 80
# Important Note-1: In path based routing order is very important, if we are going to use "/*", try to use it at the end of all rules.
Kubernetes Manifests - User Management Microservice ¶
#01-namespace.yml
apiVersion: v1
kind: Namespace
metadata:
name: ns-ums
# Apps deployed in this namespace will run on a Fargate fp-ums
#02-MySQL-externalName-Service.yml
apiVersion: v1
kind: Service
metadata:
name: mysql
labels:
runon: fargate
namespace: ns-ums
spec:
type: ExternalName
externalName: usermgmtdb.cxojydmxwly6.us-east-1.rds.amazonaws.com
#03-UserManagementMicroservice-Deployment-Service.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: usermgmt-microservice
labels:
app: usermgmt-restapp
runon: fargate
namespace: ns-ums
spec:
replicas: 2
selector:
matchLabels:
app: usermgmt-restapp
template:
metadata:
labels:
app: usermgmt-restapp
runon: fargate
spec:
initContainers:
- name: init-db
image: busybox:1.31
command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e " >> MySQL DB Server has started";']
containers:
- name: usermgmt-restapp
image: stacksimplify/kube-usermanagement-microservice:1.0.0
resources:
requests:
memory: "128Mi"
cpu: "500m"
limits:
memory: "500Mi"
cpu: "1000m"
ports:
- containerPort: 8095
env:
- name: DB_HOSTNAME
value: "mysql"
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: "usermgmt"
- name: DB_USERNAME
value: "dbadmin" # RDS DB Username is dbadmin
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-db-password
key: db-password
livenessProbe:
exec:
command:
- /bin/sh
- -c
- nc -z localhost 8095
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
httpGet:
path: /usermgmt/health-status
port: 8095
initialDelaySeconds: 60
periodSeconds: 10
#04-Kubernetes-Secrets.yml
apiVersion: v1
kind: Secret
metadata:
name: mysql-db-password
labels:
runon: fargate
namespace: ns-ums
type: Opaque
data:
db-password: ZGJwYXNzd29yZDEx
#05-UserManagement-NodePort-Service.yml
apiVersion: v1
kind: Service
metadata:
name: usermgmt-restapp-nodeport-service
labels:
app: usermgmt-restapp
runon: fargate
namespace: ns-ums
annotations:
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
spec:
type: NodePort
selector:
app: usermgmt-restapp
ports:
- port: 8095
targetPort: 8095
#06-ALB-Ingress-SSL-Redirect-with-ExternalDNS.yml
# Annotations Reference: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ums-ingress-service
labels:
app: usermgmt-restapp
runon: fargate
namespace: ns-ums
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
#alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
## SSL Settings
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1
#alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)
# SSL Redirect Setting
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
# External DNS - For creating a Record Set in Route53
external-dns.alpha.kubernetes.io/hostname: ums.kubeoncloud.com
# For Fargate
alb.ingress.kubernetes.io/target-type: ip
spec:
rules:
- http:
paths:
- path: /* # SSL Redirect Setting
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: usermgmt-restapp-nodeport-service
servicePort: 8095
# Important Note-1: In path based routing order is very important, if we are going to use "/*", try to use it at the end of all rules.
Step-05: Review App1, App2 and UMS Manifests ¶
- Review Namespaces
- ns-app1
- ns-app2
- ns-ums
- Discuss about label present in
ns-umsnamespace- namespace: ns-ums labels: runon: fargate - Discuss about target-type
# For Fargate alb.ingress.kubernetes.io/target-type: ip
Best Selling AWS EKS Kubernetes Course on Udemy ¶
- Absolute practical scenarios required for real-time implementations
- 18 AWS Services covered in combination with AWS EKS
- 31 Kubernetes Concepts covered in combination with AWS EKS & AWS Services
- Step by Step Documentation on Github and Website
- 18 Docker Images available on Docker Hub for implementing practical scenarios
Step-06: Deploy Apps ¶
- Pre-requisite Check: Verify if RDS DB which is required for UMS Service is UP and RUNNING.
# Deploy Apps kubectl apply -R -f kube-manifests/02-Applications/
Step-07: Verify deployed Apps ¶
Verify using kubectl ¶
# Verify Ingress
kubectl get ingress --all-namespaces
# Verify Pods
kubectl get pods --all-namespaces -o wide
# Verify Fargate Nodes
kubectl get nodes -o wide
Verify ALB & Target Groups ¶
- Verify ALB Listeneres, Rules
- Verify Target Groups
- App1: Should use Target Type as
instance - App2, UMS: Should use Target Type as
ip
Access Applications ¶
- App1: http://app1.kubeoncloud.com/app1/index.html
- App2: http://app2.kubeoncloud.com/app2/index.html
- UMS Health Status Page: http://ums.kubeoncloud.com/usermgmt/health-status
- UMS List Users: http://ums.kubeoncloud.com/usermgmt/users
Free Courses ¶
Start with our Getting Started Free Courses!
Step-08: Delete Apps ¶
# delete Apps
kubectl delete -R -f kube-manifests/02-Applications/
Step-09: Delete Fargate Profile ¶
# Get list of Fargate Profiles in a cluster
eksctl get fargateprofile --cluster eksdemo1
# Delete Fargate Profile
eksctl delete fargateprofile --cluster <cluster-name> --name <Fargate-Profile-Name> --wait
eksctl delete fargateprofile --cluster eksdemo1 --name fp-app2 --wait
eksctl delete fargateprofile --cluster eksdemo1 --name fp-ums --wait
Reference github Issue for ALB Ingress with Cross Namespaces ¶
- https://github.com/kubernetes/kubernetes/issues/17088