Introduction to Amazon EKS Kubernetes for beginners

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] what is up YouTube and welcome to another episode of kubernetes in the cloud today's cloud is going to be Amazon Web Services if Amazon AWS is not your cloud provider feel free to follow along anywhere it'll improve your skills as an engineer to understand the fundamentals of multiple cloud providers in this video we're going back to basics that means no cloud provisioning tools no automation tools no complexity we're going to focus on the basics because the fundamental basics is T we're gonna use the command line to see what it takes to provision a kubernetes cluster on Amazon Web Services so without further ado let's go alright so let's break it down into steps what we are going to do we're going to create an Amazon AWS free account this will give us access to the free tier and I'll talk about that in a second what we're going to do then is we're going to install the AWS CLI this is the command-line interface to interact with Amazon Web Services then we're going to use the CLI to login to our free account and create what's called an iam role this is kind of like a service account that manages our kubernetes resources we will then also use policies policies and AWS are managed by AWS and they basically give our I am role the ability to do things without kubernetes cluster there are a couple of policies that we'll need to assign to this account then what we will do is we will use this account and the AWS CLI to provision what's called a V PC for those of you who don't know it amazon vbc is like a virtual network so what we'll do is we'll spin up a V PC and we'll divide it into three subnets with different IP ranges this will give you an idea of how to install kubernetes into an existing virtual network then what we will do is we will create what's called II ok s this is the kubernetes service for Amazon now this service is not free it'll be charged roughly 0 point one dollar per hour to run in the final thing we're going to do is use the free tier to create an ec2 instance or a virtual machine in one of the subnets so we'll deploy the virtual machine here from the free tier and connected to eks that is using the Amazon AWS CLI another option we'll take a look at is using eks CLI to basically do the same thing just in a much easier simpler fashion now for Amazon ek is basically what ek is is is only the control plane of our kubernetes cluster so the mast in there when we spin up an Amazon eks we pay $0.10 per hour for each of the clusters we create so in this demo what we going to want to do is create a free Amazon account so you come over to Amazon's website look for the AWS free tier and what this allows us to do is this gives us access to compute virtual machines like small ones so t2 micro and t3 micro so this will allow us to spin up virtual machines that we can connect to our eks cluster as working nodes so what you want to do is come over here click on free accounts and then you fill out the information now what all cloud providers do is they ask you for your identity and credit card information they do this to prevent fraud and also make sure you are who you say you are preventing bots accounts spam accounts from misusing the cloud infrastructure and so for those of you who are new to this channel and everything I do is on github in the docker development YouTube series I'm you want to look for the folder kubernetes and Amazon and inside here I have a getting started page so all the commands and everything I do is recorded here so you can follow along so the first thing we need to do is look at the Amazon's command-line interface so for that the easiest way to do this is to install docker and head over to docker hub look for Amazon AWS CLI and this is the command-line interface for Amazon so what we're gonna do is we're gonna say docker run we're gonna run an interactive container and we're gonna mount our source code into the container so we can do all the work inside of the stalker container we're gonna create a bash entry point and we're gonna run this version of the Amazon CLI and then I'm gonna change directory into this kubernetes Amazon folder and if I do Alice you can see we're now inside of the container and we can see our getting started guide over here and then what I'm gonna do is I'm just gonna use yum and I'm gonna install jqj q is basically just a utility for managing JSON files and since Amazon CLI works a lot with JSON and all the security policies are in JSON we're gonna use JQ to process them and work with them so now we're ready to login to AWS so now that we've installed the CLI now we want to configure our AWS CLI credentials so we can start talking to a mezzo the way to do that is sign into the console once you're in the console you want to click on your user account and click on my security credentials so what you want to do is come over to access keys and click create new access key this will generate a new key which you want to keep secure so you want to keep the access key as well as the ID now usually when you deploy a kubernetes cluster to the cloud every cloud provider has different data center regions to deploy to so you're gonna want to go over to Amazon's documentation on regions and look for the region that suit is suitable for you to deploy your cluster to so for me I'm gonna just deploy to Sydney though you want to get the region code for the cluster that you want to deploy to so go ahead and grab that and then what you want to do is log in to AWS using the CLI so you say a AWS configure passing your axis ie your secret key that we've got from the previous step the region name is the default and then output it's just going to be Jason so one thing I like about command-line interfaces is that they should be self documented so if you go AWS these are the commands we can run so AWS is a bunch of sub commands and we can use the help command to get some extra ticks because we're going to be using the AWS CLI but what we want to do is say AWS health and this gives us the help documentation so if we scroll down you can see there's quite a lot here and if we go all the way down we can see the list of services that we can interact with so the CLI allows us to interact with compute we can have a look here this like Athena there's auto scaling this app config the list goes on all the different is cloud formation cloud search cloud build cloud watch code pipeline and the list goes on we want to go down to e for e KS you can see we have eks as a sub come on that's the one we're interested in so just press Q to quit and we can say aw is ek is held and let's have a look and see what we can do with this tool so we can create cluster we can create node groups we can delete clusters we can describe them we can list class this a bunch of stuff we can do with our ek is cluster once we've provisioned it we want to go ahead and create an ek is cluster I am role though roles and service accounts in Amazon is used to do things and interact with the cloud so we need an I am role and basically use the role to assign policies to so that we can use that role and for ek is to manage our cloud resources so in ek is needs to spin up the load balancer Ord needs to scale out ec2 instances it'll use that role to do so now I've I've added all the steps here and to do so so what we gonna want to do is we want to run the AWS I am create role command we give our role in name so I'm just going to call it getting started EJ's role whenever you create a role you need to assume a policy so we're gonna create one role for our PK's cluster and then we're gonna go ahead and and use this JSON file as a basic policy so we basically say allow assume role for the service eks Amazon AWS comm so we pass in that policy document over here and then we read the AR in number back from that Jason that comes back so we want to go ahead and run that now if we take a look at this environment variable this identifier so AR ends are basically identifier z' so we've created a role we've got its identifier and now what we're gonna want to go ahead and do this create policy so for our role to be able to do anything it needs a policy attached to it now AWS has a couple of managed policies for eks so we don't have to worry about the granular details so if we take a look at the next command we're gonna say AWS I am attached role policy and we're gonna attach a policy to our existing role and the policy is gonna be a managed policy so there's an Amazon eks cluster policy that amazon provides us and now our role is ready to go the next part of this guide is we want to go ahead and create an e KS cluster VP see a VP C in Amazon is basically a virtual network so you can either use an existing virtual network or in this demo we're just gonna create a new one from the sample guides here so take a look have a read through this guide and you'll see what they do is we I'm gonna grab a template and they have a bunch of different templates you can create public and private subnets or just public subnets and they basically talk you through what what all the fields in the template means and then you can either go and create it manually or you can use the commands that I've already created here so I've basically just say curl and I'm gonna pull down this template here of a Samba vbc this is just gonna be three public subnets and that we that we want to use so I'm gonna go ahead and download that now if I do Alice you can see we got the V PC llamo here now feel free to have a look at this ya know file if you know a lot more about enemies you can play around with this but you can have control over the subnet and the vbc that you want to deploy so things like the subnet IP address rangers whether you want more public subnets or more private subnets it really doesn't matter you can go ahead and tweak this file or you can use an existing V PC or even a different template or terraform or whatever you want to do to create a V PC so we're gonna go ahead and run this next command which is AWS CloudFormation deploy and we pass in our template file of EBC and we call our stack name getting started eks go ahead and deploy that and that'll take a couple of minutes to deploy now while that's running go ahead into the console click on service and click on cloud formation and you will see your getting started eks stack running and this is basically just spinning up our vbc with public subnets and now that our virtual network is up for hop over to the GUI and i refresh this page we can see that it's done so it's completed it created our our V pcs ready to go so now we can go ahead and deploy a kubernetes cluster in that V PC so what we want to do is we want to say AWS CloudFormation we want to list the stack resources because there's gonna be V PC subnet IDs that we might want to use to drop a kubernetes cluster in that V PC so you want to run that and then I'm piping that to stacked on JSON so that we can go ahead and look at the stack resources so let's take a look at this list so we have control plant security group we've got Internet gateways we've got routes router tables subnets so here we go subnet and what you're gonna need is like the subnet IDs that you want to drop your kubernetes nodes into so we see we have subnet ID 1 we have some knit two and we have subnet 3 so if you're using an existing V PC you're gonna need the subnet IDs in order to proceed so you can drop a kubernetes cluster in that existing V PC now before we go ahead with the create cluster command let's just take a look at the resources VPC config now when you create a cluster you say AWS EK is create cluster you give it a name and then you also provide the role identity there so that role identifier that we created earlier want to provide that that'll tie up the ek is cluster with that I enrolled and this is the important part the resources V PC config so in the stack dot JSON file you'll have all the resource IDs of the subnets that I showed earlier as well as security groups so you need to provide that in to this command so if we take a look at our create cluster command you can see subnet IDs there's a list of the subnet IDs that we want to have kubernetes have the ability to spin up nodes in and then also the security groups and also whether we want public or private endpoint access so what I'm gonna do is I'm gonna go to my stack dot JSON I'm gonna find my subnet IDs and I'm gonna add them here into this comma delimited list and then we're gonna scroll over to the right we see security groups as well so we're gonna go ahead and find our security groups here is these security group control plain security groups so we're gonna grab that ID as well and we're gonna say whether we want endpoint public access I want that true otherwise I won't be able to access my kubernetes cluster so then what we want to do is grab this c'mon and we're gonna paste it into the terminal so this will spit out a bunch of JSON and then we can see here we can just press Q and that means our cluster is now busy creating then there's a few things we can do while we wait for that cluster to be created we can say aw is eks list clusters you can see our cluster is listed here if we want to get more details about the cluster we can say describe cluster and pass the name and this will give us the JSON output and if we take a look down here we can see it's in a status of creating you can also come in to back to the portal and just type in kubernetes and you'll see elastic kubernetes services if you click into that you'll be able to see here we go our cluster is here and it's in a creating state so now that our cluster is up and active we can go ahead and access our cluster so to do that we need a cute config so we're gonna run a command AWS eks update config we pass in the name of the conf of the cluster as well as the region so if we go ahead and press enter this will go ahead and download the cute config and put it into our root cube config folder we can then run the copy command to bring the config to our local folder so we could have a look at that this is the cube config to access the cluster and next bit here is I'm just gonna go ahead and install cube CTL since we don't have cube CTL in this cluster install cube ctrl and move it to user bin and now we're good to go so the first thing I can do is say cube CTL get nodes and when we run that we can see there is no there are no nodes attached to the cluster this is because we've deployed in eks class there's just the control plane and now we have our nodes attached to that cluster so the next thing we need to do is create another role and that role is going to be managing what's called node groups and what we can then do is we can use some other free tier machines to attach to a node group and deploy them into the V PC of our kubernetes cluster so let's go ahead and do that so what we want to do is create another role so what I'm doing is I'm saying aw is I am create role and I'm creating the role the Sam I'm calling the the role with the same name and I'm just attaching nodes to it so this gives you granular permission control for each node group running in your eks cluster so we're gonna create a role with that name and we're gonna assume this time node policy so I got this off the Amazon website and pretty much all this is is another assumed role permission for ec2 Amazon is because we're going to be spending up ec2 instances we're using that as our assumed role policy document so we've passed that in and then again I'm gonna grab the resource identifier number out of that and what I'm gonna do then just to show you and we have our identifier for that role ready to go so these are the three managed policies that we need to add so the Amazon eks worker node policy is more about worker node and security then we have one for CNI policy this will allow container networking on that node group and then we have one for easy to container registry read-only so if you have a container registry on your Amazon account you can actually hook that up so that node can pull from that registry automatically so what we gonna do is we're gonna go ahead and attach these three policies by just pasting the commands into the terminal and now our node pool role is ready to go now before you create your cluster it's important to have a look at the instance types that Amazon provides if we take a look at the documentation they provide a bunch of different machines general-purpose compute memory optimized basically all storage and all cloud providers have different types of machines so you're gonna want to pick some of the machines now you can either use free tier machines or you can go ahead and pick for whatever types of workloads you're planning to run so I'm just gonna go ahead and go with the t2 small instance and then if we take a look at up at my command I've basically just got the bare minimum more sensible type command here that you want to look at its AWS ek is create node group though we're gonna give our cluster name we're gonna give the node group name so give it us a name that is meaningful to you or you can just call it defaults and then what you want to do is pass in that node role so this is the identifier for that role we just created for our node group and then we also have the subnet ID we want to put the node group the node group in so if we go back to Stax JSON I'm just gonna take in this example I'm just gonna use my first subnet so I'm gonna grab that subnet ID and I'm gonna paste that in here then the other thing is you also want to make sure you get enough disk space when you're running containers and there's a docker host on that machine it's gonna sometimes run full of docker images unless you go ahead and manually clean it up and I find a lot of cloud providers put a very small disk on their machines and not all cloud providers do this but I always suggest to explicitly say how much storage you need and then we can say how much basically the scaling config so how many instances we're planning on running so for this demo you have like a minimum size in the maximum size and then desired so I'm just gonna go with a desired of one because I'm not really gonna scale for this demo and here we're just gonna pick out instance type so I'm gonna go ahead and grab this and I'm gonna paste it in the terminal and hit enter and if we go back to our kubernetes cluster and we click on the cluster here we can see if we click on compute we now have a node group that's busy creating so feel free to have a click around here and a play around with the logging updates networking it's a pretty in-depth dashboard pretty cool you can also add faregates as a profile so you can use faregates instead of ec2 instances so now we can see our node group is finally active if I say qct I'll give nodes this time we can see now we have a node attached to our cluster so what I'm gonna do is part of this demo you can see I've got a some create some sample resources just to show you how to interact with the cluster I'm gonna go one folder up and then if we set Alice we can see we have a kubernetes folder we're inside the kubernetes folder so let's create a sample namespace I'm gonna create a namespace called example app and then I'm gonna deploy a secret config map and a hello world app I'm gonna go ahead and run those commands and then the last thing I'm going to do is apply a service type load balancer and while that's applying let's take a look at the service load balancer you can see here type is load balancer so what this does is it tells kubernetes that we need a load balancer exposed to for this hello world app so if we take a look in the Amazon portal we should see an elastic load balancer being provisioned and I can confirm this by sending cube CTL its service in the example app namespace and we can see we have an examples app service here running with an external IP so Amazon has gone and created a load balancer in the cloud and we can then take this IP and I can open up a browser window and we can see if I go to the browser with that address we can see our hello world app is now up and running we can also go into the amazon portal and go to the ec2 dashboard and look for load balancers we can see this load balancer has been created here automatically by kubernetes now if you're interested in knowing more about kubernetes check out the links below to my kubernetes development guide I basically cover namespaces I cover deploying kubernetes on local Mac and Windows and how to configure cube CTL to interface with the cluster I cover deployments config Maps secret services and ingress so more little in-depth tutorials on kubernetes I have available in the links down below now let's take a look at the other alternative so creating an Amazon eks cluster with eks CTL so for that I'm gonna take a look at installing seat the eks CTL and because I'm running in a container I'm gonna grab this here now because I'm running inside of the AWS CLI container now I have to install tar so to unto unzip the package so I say yum install tar that's gonna go ahead and install tar and then I'm gonna just run this command which is gonna go and hit curl it's gonna download ek is CTL and extract it okay and then what I'm gonna do is I'm just gonna extract that zip file into ek CTL I'm gonna chmod and I'm gonna move it into user local bin so then I can say ek is CTL and we're good to go so we can say e KCT I'll create gate update upgrade so all the different commands we can run against kubernetes so this is a little bit more kubernetes focus tool so it's kind of similar to the other cloud providers like aks and gke where there have really specific commands to the cluster this I think AWS has just gone with a separate utility so you can either use editors CLI which is for the larger ecosystem or we can just use ek CTL so if we dig a little bit deeper we can say ek is CTL create help and we can see there's a bunch of things we can create so very similar to the AWS CLI we can create a cluster we can create a node group we can create an iamb service account we can create the identity mapping and we can create a Fargate profile so we can hook up Fargo to an all node group ec2 instances and then if I say EK CTL create cluster we can say - - help and this gives us all the different information now again very similar to the AWS CLI and we prove we can provide names we can provide zones and regions we can provide a config file we can do we can do VPC stuff here as well so we can actually add an initial node group that we want so we don't have to specify a node group command separately we can do it as part of the creation so attach up ec2 instances and we can get ssh public access keys for as well what can we do here's all the VPC networks so if you have a V PC that already exists you can go ahead and attach your your nodes to those to that V PC automatically here then we also have a bunch of cube config file stuff we can do that I've come up with a very similar compact c'mon but this time for eks CT also you can see the two side-by-side here and this one I'm going to say ek is CTL create cluster I'm gonna pass in the name of the cluster this time I'm just gonna say - 1 and then I'm gonna go into the same region region I can specify the version of kubernetes here we say we want to manage node group we're gonna specify we want t two small instances and we just want one node and the nodes disks size so I go ahead and paste that into the terminal and we can see that Amazon has gone on its way it's gonna create a new V BC as part of this attach those machines into that into those subnets and there we go so we can see we now have two clusters one is done with eks CTR the other one with AWS CLI and if I go into this one they're both now active you can see all the API server details here now you can see if we go over to the to the compute section we don't have any node groups yet one thing I did notice if you go over to the cloud formation portal you can see that basically ek is CTL just wraps around cloud formation so it uses cloud formation here to spin up the V PC and all the underlying infrastructure and now it's in progress it's creating a node group so it's creating our compute once our cluster is now up and running and there we go so if you refresh that you can see our node group has appeared and we have one small machine that's busy creating here as part of the node group so it's very important to understand the differences between eks CTR and AWS CLI that's why I'd like to highlight them both as part of this demo so if you followed and long also remember to go ahead and clean up all the resources so I've lived the script here I'll just run through it quickly we're gonna use ek a CTL to delete our cluster then we're gonna use AWS CLI to do the rest of the cluster deletion that we did so we want to firstly delete the node group then delete the cluster then we want to detach the policies to two roles we created and also the three policies we have on the node role and then go ahead and delete the node role as well once we're done and then also take down the the V PC stack that we created for AWS CLI so this will make sure that we don't incur any costs so that was our very basic guide of Amazon eks on how to get a cluster up and running and how to customize a cluster for your existing infrastructure network now if AWS is not your cluster please stay tuned I do have a video on Microsoft Azure Google cloud as well as digitalocean if I haven't covered your cloud please let me know down in the comments now I know we only deploy a HelloWorld application in this demo but that's because we're mainly focused on getting the cluster up and running in the cloud in a future video I will go through the whole CI CD process of different CI CD pipelines and technologies that you can leverage to deploy your applications to a cloud-based kubernetes cluster so I hope you guys enjoyed it hope you found it useful let me know down in the comments what sort of stuff you'd like to see in the future and until next time B's [Music]
Info
Channel: That DevOps Guy
Views: 18,161
Rating: 4.9460502 out of 5
Keywords: programming, docker, devops, devcommunity, community, development, kubernetes, dockerswarm, swarm, containers, linux, azure, cloud, aks, service, cloudcomputing, eks, amazon, aws, web, services
Id: QThadS3Soig
Channel Id: undefined
Length: 26min 57sec (1617 seconds)
Published: Mon Jun 22 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.