AWS EKS for Fargate, with eksctl

Guestbook

AWS EKS, with eksctl

Second try with AWS EKS on Fargate. This time with eksctl.

Create EKS cluster:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
๐œ† eksctl create cluster --name sandpit --version 1.14 --region us-east-2 --fargate
[โ„น]  eksctl version 0.11.1
[โ„น]  using region us-east-2
[โ„น]  setting availability zones to [us-east-2b us-east-2a us-east-2c]
[โ„น]  subnets for us-east-2b - public:192.168.0.0/19 private:192.168.96.0/19
[โ„น]  subnets for us-east-2a - public:192.168.32.0/19 private:192.168.128.0/19
[โ„น]  subnets for us-east-2c - public:192.168.64.0/19 private:192.168.160.0/19
[โ„น]  using Kubernetes version 1.14
[โ„น]  creating EKS cluster "sandpit" in "us-east-2" region with Fargate profile
[โ„น]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-2 --cluster=sandpit'
[โ„น]  CloudWatch logging will not be enabled for cluster "sandpit" in "us-east-2"
[โ„น]  you can enable it with 'eksctl utils update-cluster-logging --region=us-east-2 --cluster=sandpit'
[โ„น]  Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "sandpit" in "us-east-2"
[โ„น]  1 task: { create cluster control plane "sandpit" }
[โ„น]  building cluster stack "eksctl-sandpit-cluster"
[โ„น]  deploying stack "eksctl-sandpit-cluster"
[โœ”]  all EKS cluster resources for "sandpit" have been created
[โœ”]  saved kubeconfig as "/Users/terrence/.kube/config"
[โ„น]  creating Fargate profile "fp-default" on EKS cluster "sandpit"
[โ„น]  created Fargate profile "fp-default" on EKS cluster "sandpit"
[โ„น]  "coredns" is now schedulable onto Fargate
[โ„น]  "coredns" is now scheduled onto Fargate
[โ„น]  "coredns" pods are now scheduled onto Fargate
[โ„น]  kubectl command should work with "/Users/terrence/.kube/config", try 'kubectl get nodes'
[โœ”]  EKS cluster "sandpit" in "us-east-2" region is ready

AWS EKS on Fargate, with eksctl - Cluster

Create and add EKS mansged node group:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
๐œ† eksctl create nodegroup --cluster sandpit --name workers --node-type t3a.medium --ssh-access --ssh-public-key aws-us-key --managed
[โ„น]  eksctl version 0.11.1
[โ„น]  using region us-east-2
[โ„น]  will use version 1.14 for new nodegroup(s) based on control plane version
[โ„น]  using EC2 key pair %!!(MISSING)q(*string=<nil>)
[โ„น]  1 nodegroup (workers) was included (based on the include/exclude rules)
[โ„น]  will create a CloudFormation stack for each of 1 managed nodegroups in cluster "sandpit"
[โ„น]  1 task: { 1 task: { create managed nodegroup "workers" } }
[โ„น]  building managed nodegroup stack "eksctl-sandpit-nodegroup-workers"
[โ„น]  deploying stack "eksctl-sandpit-nodegroup-workers"
[โœ”]  created 0 nodegroup(s) in cluster "sandpit"
[โ„น]  nodegroup "workers" has 2 node(s)
[โ„น]  node "ip-192-168-47-175.us-east-2.compute.internal" is ready
[โ„น]  node "ip-192-168-87-98.us-east-2.compute.internal" is ready
[โ„น]  waiting for at least 2 node(s) to become ready in "workers"
[โ„น]  nodegroup "workers" has 2 node(s)
[โ„น]  node "ip-192-168-47-175.us-east-2.compute.internal" is ready
[โ„น]  node "ip-192-168-87-98.us-east-2.compute.internal" is ready
[โœ”]  created 1 managed nodegroup(s) in cluster "sandpit"
[โ„น]  checking security group configuration for all nodegroups
[โ„น]  all nodegroups have up-to-date configuration

Kubernetes Dashboard

Install Kubernetes Dashboard in Kubernetes cluster:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
๐œ† kubectl get services  --all-namespaces
NAMESPACE              NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
default                kubernetes                  ClusterIP   10.100.0.1       <none>        443/TCP         70m
kube-system            kube-dns                    ClusterIP   10.100.0.10      <none>        53/UDP,53/TCP   70m
kube-system            metrics-server              ClusterIP   10.100.142.106   <none>        443/TCP         14m
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.100.91.78     <none>        8000/TCP        11m
kubernetes-dashboard   kubernetes-dashboard        ClusterIP   10.100.75.0      <none>        443/TCP         11m

๐œ† kubectl get pods  --all-namespaces
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE
kube-system            aws-node-cnzrv                               1/1     Running   0          40m
kube-system            aws-node-m9tjp                               1/1     Running   0          40m
kube-system            coredns-7f5cccffc-h44mz                      1/1     Running   0          65m
kube-system            coredns-7f5cccffc-hmx7g                      1/1     Running   0          65m
kube-system            kube-proxy-7kn62                             1/1     Running   0          40m
kube-system            kube-proxy-g57ph                             1/1     Running   0          40m
kube-system            metrics-server-7fcf9cc98b-ftl4k              1/1     Running   0          14m
kubernetes-dashboard   dashboard-metrics-scraper-677768c755-mxlmc   1/1     Running   0          11m
kubernetes-dashboard   kubernetes-dashboard-995fd6fb4-xqcj5         1/1     Running   0          11m

Connect Kubernetes Dashboard via proxy:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
๐œ† cat .kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/terrence/.minikube/ca.crt
    server: https://192.168.99.100:8443
  name: minikube
- cluster:
    certificate-authority-data: LS0tLS1CRUd ... tLS0tLQo=
    server: https://0559DE89F43B8766B56C7FD066C6C50F.yl4.us-east-2.eks.amazonaws.com
  name: sandpit.us-east-2.eksctl.io
contexts:
- context:
    cluster: sandpit.us-east-2.eksctl.io
    user: ADMMiaoT@sandpit.us-east-2.eksctl.io
  name: ADMMiaoT@sandpit.us-east-2.eksctl.io
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: ADMMiaoT@sandpit.us-east-2.eksctl.io
kind: Config
preferences: {}
users:
- name: ADMMiaoT@sandpit.us-east-2.eksctl.io
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - sandpit
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: paradise-dev
- name: minikube
  user:
    client-certificate: /Users/terrence/.minikube/client.crt
    client-key: /Users/terrence/.minikube/client.key

๐œ† kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}'
eks-admin-token-s2gf5

๐œ† kubectl -n kube-system describe secret eks-admin-token-s2gf5
Name:         eks-admin-token-s2gf5
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: eks-admin
              kubernetes.io/service-account.uid: fa3cf514-18bc-11ea-bbdd-0a4cd5e8dc70

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIs ... hpY8upQlA2q40g

๐œ† kubectl proxy

Visit URL http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#!/login

Choose Token, paste the token output from the previous command into the Token field, and choose SIGN IN.

AWS EKS on Fargate, with eksctl - Nodes

With AWS managed nodes, on Node EC2 Instance:

AWS EKS on Fargate, with eksctl - EC2 Instance

First Docker application

Deploy first Docker application react-typescript, from Docker Hub https://hub.docker.com/r/jtech/react-typescript, into Kubernetes.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
๐œ† kubectl run react-typescript --image=jtech/react-typescript --port 3000
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/react-typescript created

๐œ† kubectl describe deployments
Name:                   react-typescript
Namespace:              default
CreationTimestamp:      Mon, 09 Dec 2019 14:56:09 +1100
Labels:                 run=react-typescript
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               run=react-typescript
Replicas:               1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  run=react-typescript
  Containers:
   react-typescript:
    Image:        jtech/react-typescript
    Port:         3000/TCP
    Host Port:    0/TCP
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      False   MinimumReplicasUnavailable
  Progressing    True    ReplicaSetUpdated
OldReplicaSets:  <none>
NewReplicaSet:   react-typescript-867c948446 (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  71s   deployment-controller  Scaled up replica set react-typescript-867c948446 to 1

๐œ† kubectl describe pods react-typescript
Name:               react-typescript-867c948446-qtvrp
Namespace:          default
Priority:           2000001000
PriorityClassName:  system-node-critical
Node:               fargate-ip-192-168-183-250.us-east-2.compute.internal/192.168.183.250
Start Time:         Mon, 09 Dec 2019 14:56:59 +1100
Labels:             eks.amazonaws.com/fargate-profile=fp-default
                    pod-template-hash=867c948446
                    run=react-typescript
Annotations:        kubernetes.io/psp: eks.privileged
Status:             Running
IP:                 192.168.183.250
Controlled By:      ReplicaSet/react-typescript-867c948446
Containers:
  react-typescript:
    Container ID:   containerd://2ea5f1ea4fb731eb844f0e267581e9e188d29ab7a639b7b8ca50c83cfb12b4c3
    Image:          jtech/react-typescript
    Image ID:       docker.io/jtech/react-typescript@sha256:0951fe4d9a24390123c7aa23612c8cdf1d8191a9d8e7d3cbc8bb4d8d763e0ce5
    Port:           3000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 09 Dec 2019 14:57:28 +1100
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-knpqq (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-knpqq:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-knpqq
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason   Age   From                                                            Message
  ----    ------   ----  ----                                                            -------
  Normal  Pulling  76s   kubelet, fargate-ip-192-168-183-250.us-east-2.compute.internal  Pulling image "jtech/react-typescript"
  Normal  Pulled   49s   kubelet, fargate-ip-192-168-183-250.us-east-2.compute.internal  Successfully pulled image "jtech/react-typescript"
  Normal  Created  49s   kubelet, fargate-ip-192-168-183-250.us-east-2.compute.internal  Created container react-typescript
  Normal  Started  49s   kubelet, fargate-ip-192-168-183-250.us-east-2.compute.internal  Started container react-typescript

Expose service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
๐œ† kubectl expose deployment react-typescript --type="NodePort"
service/react-typescript exposed

๐œ† kubectl describe services react-typescript
Name:                     react-typescript
Namespace:                default
Labels:                   run=react-typescript
Annotations:              <none>
Selector:                 run=react-typescript
Type:                     NodePort
IP:                       10.100.54.37
Port:                     <unset>  3000/TCP
TargetPort:               3000/TCP
NodePort:                 <unset>  31799/TCP
Endpoints:                192.168.183.250:3000
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

๐œ† kubectl get services  --all-namespaces
NAMESPACE              NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
default                kubernetes                  ClusterIP   10.100.0.1       <none>        443/TCP          46h
default                react-typescript            NodePort    10.100.54.37     <none>        3000:31799/TCP   4m55s
kube-system            kube-dns                    ClusterIP   10.100.0.10      <none>        53/UDP,53/TCP    46h
kube-system            metrics-server              ClusterIP   10.100.142.106   <none>        443/TCP          45h
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.100.91.78     <none>        8000/TCP         45h
kubernetes-dashboard   kubernetes-dashboard        ClusterIP   10.100.75.0      <none>        443/TCP          45h

Run kubectl proxy and connect to react-typscript application on URL: http://localhost:8001/api/v1/namespaces/default/services/http:react-typescript:3000/proxy/

AWS EKS on Fargate, with eksctl - React Typescript

References