Microservices Deployment on EKS ¶
Step-00: What are Microservices? ¶
- Understand what are microservices on a very high level
Kubernetes Manifests ¶
#01-MySQL-externalName-Service.yml
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
type: ExternalName
externalName: usermgmtdb.cxojydmxwly6.us-east-1.rds.amazonaws.com
#02-UserManagementMicroservice-Deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: usermgmt-microservice
labels:
app: usermgmt-restapp
spec:
replicas: 1
selector:
matchLabels:
app: usermgmt-restapp
template:
metadata:
labels:
app: usermgmt-restapp
spec:
initContainers:
- name: init-db
image: busybox:1.31
command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e " >> MySQL DB Server has started";']
containers:
- name: usermgmt-restapp
image: stacksimplify/kube-usermanagement-microservice:1.0.0
ports:
- containerPort: 8095
env:
- name: DB_HOSTNAME
value: "mysql"
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: "usermgmt"
- name: DB_USERNAME
value: "dbadmin"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-db-password
key: db-password
- name: NOTIFICATION_SERVICE_HOST
value: "notification-clusterip-service"
- name: NOTIFICATION_SERVICE_PORT
value: "8096"
livenessProbe:
exec:
command:
- /bin/sh
- -c
- nc -z localhost 8095
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
httpGet:
path: /usermgmt/health-status
port: 8095
initialDelaySeconds: 60
periodSeconds: 10
---
# Kubernetes Secrets
apiVersion: v1
kind: Secret
metadata:
name: mysql-db-password
#type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs. In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret . These have a constrained contents.
type: Opaque
data:
# Output of echo -n 'dbpassword11' | base64
db-password: ZGJwYXNzd29yZDEx
#03-UserManagement-NodePort-Service.yml
apiVersion: v1
kind: Service
metadata:
name: usermgmt-restapp-nodeport-service
labels:
app: usermgmt-restapp
annotations:
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
spec:
type: NodePort
selector:
app: usermgmt-restapp
ports:
- port: 8095
targetPort: 8095
#04-NotificationMicroservice-Deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: notification-microservice
labels:
app: notification-restapp
spec:
replicas: 1
selector:
matchLabels:
app: notification-restapp
template:
metadata:
labels:
app: notification-restapp
spec:
containers:
- name: notification-service
image: stacksimplify/kube-notifications-microservice:1.0.0
ports:
- containerPort: 8096
imagePullPolicy: Always
env:
- name: AWS_MAIL_SERVER_HOST
value: "smtp-service"
- name: AWS_MAIL_SERVER_USERNAME
value: "AKIASUF7HC7SQJ6BCLVS"
- name: AWS_MAIL_SERVER_PASSWORD
value: "BARcmLiC68wgmhTy/cQvz/E8vFzeizGqdeASNtCs6+Nv"
- name: AWS_MAIL_SERVER_FROM_ADDRESS
value: "stacksimplify@gmail.com"
#05-NotificationMicroservice-SMTP-externalName-Service.yml
apiVersion: v1
kind: Service
metadata:
name: smtp-service
spec:
type: ExternalName
externalName: email-smtp.us-east-1.amazonaws.com
#06-NotificationMicroservice-ClusterIP-Service.yml
apiVersion: v1
kind: Service
metadata:
name: notification-clusterip-service
labels:
app: notification-restapp
spec:
type: ClusterIP
selector:
app: notification-restapp
ports:
- port: 8096
targetPort: 8096
#07-ALB-Ingress-SSL-Redirect-ExternalDNS.yml
# Annotations Reference: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: eks-microservices-demo
labels:
app: usermgmt-restapp
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
## SSL Settings
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1
#alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-1-2017-01 #Optional (Picks default if not used)
# SSL Redirect Setting
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
# External DNS - For creating a Record Set in Route53
external-dns.alpha.kubernetes.io/hostname: services.kubeoncloud.com, ums.kubeoncloud.com
spec:
rules:
- http:
paths:
- path: /* # SSL Redirect Setting
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: usermgmt-restapp-nodeport-service
servicePort: 8095
# Important Note-1: In path based routing order is very important, if we are going to use "/*", try to use it at the end of all rules.
Step-01: What are we going to learn in this section? ¶
- We are going to deploy two microservices.
- User Management Service
- Notification Service
Usecase Description ¶
- User Management Create User API will call Notification service Send Notification API to send an email to user when we create a user.
List of Docker Images used in this section ¶
| Application Name | Docker Image Name |
|---|---|
| User Management Microservice | stacksimplify/kube-usermanagement-microservice:1.0.0 |
| Notifications Microservice V1 | stacksimplify/kube-notifications-microservice:1.0.0 |
| Notifications Microservice V2 | stacksimplify/kube-notifications-microservice:2.0.0 |
Step-02: Pre-requisite -1: AWS RDS Database, ALB Ingress Controller & External DNS ¶
AWS RDS Database ¶
- We have created AWS RDS Database as part of section 06-EKS-Storage-with-RDS-Database
- We even created a
externalName service: 01-MySQL-externalName-Service.ymlin our Kubernetes manifests to point to that RDS Database.
ALB Ingress Controller & External DNS ¶
- We are going to deploy a application which will also have a
ALB Ingress Serviceand also will register its DNS name in Route53 usingExternal DNS - Which means we should have both related pods running in our EKS cluster.
- We have installed ALB Ingress Controller as part of section 08-01-ALB-Ingress-Install
- We have installed External DNS as part of section 08-06-01-Deploy-ExternalDNS-on-EKS
# Verify alb-ingress-controller pod running in namespace kube-system kubectl get pods -n kube-system # Verify external-dns pod running in default namespace kubectl get pods
Step-03: Pre-requisite-2: Create Simple Email Service - SES SMTP Credentials ¶
SMTP Credentials ¶
- Go to Services -> Simple Email Service
- SMTP Settings --> Create My SMTP Credentials
- IAM User Name: append the default generated name with microservice or something so we have a reference of this IAM user created for our ECS Microservice deployment
- Download the credentials and update the same for below environment variables which you are going to provide in kubernetes manifest
04-NotificationMicroservice-Deployment.ymlAWS_MAIL_SERVER_HOST=email-smtp.us-east-1.amazonaws.com AWS_MAIL_SERVER_USERNAME=**** AWS_MAIL_SERVER_PASSWORD=*** AWS_MAIL_SERVER_FROM_ADDRESS= use-a-valid-email@gmail.com - Important Note: Environment variable AWS_MAIL_SERVER_FROM_ADDRESS value should be a valid email address and also verified in SES.
Verfiy Email Addresses to which notifications we need to send. ¶
- We need two email addresses for testing Notification Service.
- Email Addresses
- Verify a New Email Address
- Email Address Verification Request will be sent to that address, click on link to verify your email.
- From Address: stacksimplify@gmail.com (replace with your ids during verification)
- To Address: dkalyanreddy@gmail.com (replace with your ids during verification)
- Important Note: We need to ensure all the emails (FromAddress email) and (ToAddress emails) to be verified here.
- Reference Link: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html
- Environment Variables
- AWS_MAIL_SERVER_HOST=email-smtp.us-east-1.amazonaws.com
- AWS_MAIL_SERVER_USERNAME=*
- AWS_MAIL_SERVER_PASSWORD=*
- AWS_MAIL_SERVER_FROM_ADDRESS=stacksimplify@gmail.com
AWS EKS - Elastic Kubernetes Service - Masterclass ¶
Step-04: Create Notification Microservice Deployment Manifest ¶
- Update environment Variables for Notification Microservice
- Notification Microservice Deployment
- name: AWS_MAIL_SERVER_HOST value: "smtp-service" - name: AWS_MAIL_SERVER_USERNAME value: "AKIABCDEDFASUBKLDOAX" - name: AWS_MAIL_SERVER_PASSWORD value: "Bdsdsadsd32qcsads65B4oLo7kMgmKZqhJtEipuE5unLx" - name: AWS_MAIL_SERVER_FROM_ADDRESS value: "stacksimplify@gmail.com"
Step-05: Create Notification Microservice SMTP ExternalName Service ¶
apiVersion: v1
kind: Service
metadata:
name: smtp-service
spec:
type: ExternalName
externalName: email-smtp.us-east-1.amazonaws.com
Step-06: Create Notification Microservice NodePort Service ¶
apiVersion: v1
kind: Service
metadata:
name: notification-clusterip-service
labels:
app: notification-restapp
spec:
type: ClusterIP
selector:
app: notification-restapp
ports:
- port: 8096
targetPort: 8096
Step-07: Update User Management Microservice Deployment Manifest with Notification Service Environment Variables. ¶
- User Management Service new environment varibales related to Notification Microservice in addition to already which were configured related to MySQL
- Update in
02-UserManagementMicroservice-Deployment.yml- name: NOTIFICATION_SERVICE_HOST value: "notification-clusterip-service" - name: NOTIFICATION_SERVICE_PORT value: "8096"
Step-08: Update ALB Ingress Service Kubernetes Manifest ¶
- Update Ingress Service to ensure only target it is going to have is User Management Service
- Remove /app1, /app2 contexts
# External DNS - For creating a Record Set in Route53 external-dns.alpha.kubernetes.io/hostname: services.kubeoncloud.com, ums.kubeoncloud.com spec: rules: - http: paths: - path: /* # SSL Redirect Setting backend: serviceName: ssl-redirect servicePort: use-annotation - path: /* backend: serviceName: usermgmt-restapp-nodeport-service servicePort: 8095
Step-09: Deploy Microservices manifests ¶
# Deploy Microservices manifests
kubectl apply -f V1-Microservices/
Step-10: Verify the Deployment using kubectl ¶
# List Pods
kubectl get pods
# User Management Microservice Logs
kubectl logs -f $(kubectl get po | egrep -o 'usermgmt-microservice-[A-Za-z0-9-]+')
# Notification Microservice Logs
kubectl logs -f $(kubectl get po | egrep -o 'notification-microservice-[A-Za-z0-9-]+')
# External DNS Logs
kubectl logs -f $(kubectl get po | egrep -o 'external-dns-[A-Za-z0-9-]+')
# List Ingress
kubectl get ingress
Step-11: Verify Microservices health-status via browser ¶
# User Management Service Health-Status
https://services.kubeoncloud.com/usermgmt/health-status
# Notification Microservice Health-Status via User Management
https://services.kubeoncloud.com/usermgmt/notification-health-status
https://services.kubeoncloud.com/usermgmt/notification-service-info
Step-12: Import postman project to Postman client on our desktop. ¶
- Import postman project
- Add environment url
- https://services.kubeoncloud.com (Replace with your ALB DNS registered url on your environment)
Step-13: Test both Microservices using Postman ¶
User Management Service ¶
- Create User
- Verify the email id to confirm account creation email received.
- List User
- Verify if newly created user got listed.
Step-14: Rollout New Deployment - Set Image Option ¶
# Rollout New Deployment using Set Image
kubectl set image deployment/notification-microservice notification-service=stacksimplify/kube-notifications-microservice:2.0.0 --record=true
# Verify Rollout Status
kubectl rollout status deployment/notification-microservice
# Verify ReplicaSets
kubectl get rs
# Verify Rollout History
kubectl rollout history deployment/notification-microservice
# Access Application (Should see V2)
https://services.kubeoncloud.com/usermgmt/notification-health-status
# Roll back to Previous Version
kubectl rollout undo deployment/notification-microservice
# Access Application (Should see V1)
https://services.kubeoncloud.com/usermgmt/notification-health-status
Step-15: Rollout New Deployment - kubectl Edit ¶
# Rollout New Deployment using kubectl edit, change image version to 2.0.0
kubectl edit deployment/notification-microservice
# Verify Rollout Status
kubectl rollout status deployment/notification-microservice
# Verify ReplicaSets
kubectl get rs
# Verify Rollout History
kubectl rollout history deployment/notification-microservice
# Access Application (Should see V2)
https://services.kubeoncloud.com/usermgmt/notification-health-status
# Roll back to Previous Version
kubectl rollout undo deployment/notification-microservice
# Access Application (Should see V1)
https://services.kubeoncloud.com/usermgmt/notification-health-status
Step-16: Rollout New Deployment - Update manifest & kubectl apply ¶
# Rollout New Deployment by updating yaml manifest 2.0.0
kubectl apply -f kube-manifests/
# Verify Rollout Status
kubectl rollout status deployment/notification-microservice
# Verify ReplicaSets
kubectl get rs
# Verify Rollout History
kubectl rollout history deployment/notification-microservice
# Access Application (Should see V2)
https://services.kubeoncloud.com/usermgmt/notification-health-status
# Roll back to Previous Version
kubectl rollout undo deployment/notification-microservice
# Access Application (Should see V1)
https://services.kubeoncloud.com/usermgmt/notification-health-status
Step-17: Clean-up ¶
kubectl delete -f kube-manifests/