In this article we are going to deploy a 3-tier architecture application of robot selling company using kubernetes and helm in EKS cluster.
Step 01 : Installing prerequisites.
We need to install following tools as prerequisites:
kubectl : To communicate with eks cluster, you can use this documentation for installing https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
eksctl : A command line tool for working with EKS clusters that automates many individual tasks. you can use this documentation for installing https://docs.aws.amazon.com/eks/latest/userguide/setting-up.html
aws cli : A command line tool for working with AWS services, including Amazon EKS. you can use this documentation for installing https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
configure the aws access key and secret key to connect with aws account using aws configure.
helm : Install helm binary using the following documentation based on your OS.
https://helm.sh/docs/intro/install/
Step02 : Creating an EKS Cluster.
In this we are creating on eks cluster for our application to run.
Create a eks cluster using below command.
eksctl create cluster --name three-tier-architecture --region ap-south-1I’m using name as three-tier-architecture for my cluster you can use yours and I’m deploying in ap-south-1 region.
After creating the EKS cluster we need to add the kube-config into out kubectl in order to connect with our eks cluster using following commands.
aws eks update-kubeconfig --region ap-south-1 --name three-tier-architecture
Step 03 : Configuring IAM OIDC Provider.
Configuring IAM OIDC Provider. For more info about IAM OIDC check this documentation. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html
Steps to Configure IAM OIDC Provider.
export cluster_name=three-tier-architecture
oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
Check if there is any IAM OIDC Configured already using below commands.
aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4If not run the following command.
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
Step 04 : Setup an ALB in AWS.
In this step we setting a ALB in aws for serving the web application.
Download IAM policy.
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.jsonCreate a IAM policy from the file we downloaded from previous command.
aws iam create-policy \ --policy-name AWSLoadBalancerControllerIAMPolicy \ --policy-document file://iam_policy.jsonWe need to create a IAM role for our EKS cluster.
eksctl create iamserviceaccount \ --cluster=three-tier-architecture \ --namespace=kube-system \ --name=aws-load-balancer-controller \ --role-name AmazonEKSLoadBalancerControllerRole \ --attach-policy-arn=arn:aws:iam::533267114211:policy/AWSLoadBalancerControllerIAMPolicy \ --approveYou need to replace the values for cluster name and AWS Account ID with your values.
Step 05 : Deploying ALB controller.
Add the helm repo of eks-charts.
helm repo add eks https://aws.github.io/eks-chartsUpdate the helm repo.
helm repo update eksInstall the repo with custom values.
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=three-tier-architecture --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller --set region=ap-south-1 --set vpcId=vpc-024004e9d0c284be2You need to change clustername, region, and vpc id with your use case.
Verify the deployement.
kubectl get deployment -n kube-system aws-load-balancer-controller
Step 06 : EBS CSI Pluging Configuration.
The Amazon EBS CSI plugin requires IAM permissions to make calls to AWS APIs on your behalf. To grant these permissions, you need to create an IAM role and attach the necessary policy. AWS provides a managed policy (
AmazonEBSCSIDriverPolicy) for this purpose, or you can create a custom policy.eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster three-tier-architecture \ --role-name AmazonEKS_EBS_CSI_DriverRole \ --role-only \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approveAbove command deploys an AWS CloudFormation stack to create the IAM role and attach the specified IAM policy to it.
Run the following command. Replace the cluster name and account ID
eksctl create addon --name aws-ebs-csi-driver --cluster three-tier-architecture --service-account-role-arn arn:aws:iam::533267114211:role/AmazonEKS_EBS_CSI_DriverRole --forceNote: If your cluster is in the AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS Regions, then replace arn:aws: with arn:aws-us-gov:.
Step 07 : Finally deploying our application into our EKS cluster using helm.
Now clone the repository using “git clone https://github.com/SalmanSk7/3-tier-arch-kubernetes.git“.
Once clone is completed then navigate to the “EKS/helm” folder.
Run following commands to install the helm charts into EKS cluster.
kubectl create ns robot-shop helm install robot-shop --namespace robot-shop .Watch the deployement is up and running using following command, It takes some time to all pods are up.
kubectl get pods -n robot-shop -wNow wait for some time to all the Pods are up and running.
Once all pods are up and running we need to expose our web application to external world, for that there is a file named “ingress.yaml“ in helm folder just apply this yaml using following command.
kubectl apply -f ingress.yamlOnce the ingress is created, go to the load balancer service in aws console, please wait for the load balancers to active state.
- Once the load balancer is active, copy the dns name and paste in the browser. you will see the following page.
We successfully deployed our three tier architecture application using kubernetes and helm in EKS cluster.
After completion of project don’t forget to delete the cluster using following command and wait for some time clean up all services automatically.
eksctl delete cluster --name three-tier-architecture --region ap-south-1