Forem: Xmen143

AWS EKS — DEEP DIVE

Xmen143 — Fri, 15 Jul 2022 12:03:32 +0000

⚜️What is Amazon EKS?

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. Amazon EKS:

Automatically scales control plane instances based on load, detects and replaces unhealthy control plane instances, and it provides automated version updates and patching for them.
• Is integrated with many AWS services to provide scalability and security for your applications, including the following capabilities:
• Amazon ECR for container images
• Elastic Load Balancing for load distribution
• IAM for authentication.

⚜️How does Amazon EKS work?

⚜️Getting started with Amazon EKS is easy:

Create an Amazon EKS cluster in the AWS Management Console or with the AWS CLI or one of the AWS SDKs.
Launch managed or self-managed Amazon EC2 nodes, or deploy your workloads to AWS Fargate.
When your cluster is ready, you can configure your favorite Kubernetes tools, such as kubectl, to communicate with your cluster.
Deploy and manage workloads on your Amazon EKS cluster the same way that you would with any other Kubernetes environment.
⚜️Management Console and AWS CLI:

⚜️To create your cluster

Create an Amazon VPC with public and private subnets that meets Amazon EKS requirements.

aws cloudformation create-stack \
— region ap-south-1 \
— stack-name my-eks-stack \
— template-url https://s3.us-west-2.amazonaws.com/amazon-eks/
cloudformation/2020–10–29/amazon-eks-vpc-private-subnets.yaml

Create a cluster IAM role and attach the required Amazon EKS IAM managed policy to it. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.

a. Copy the following contents to a file named cluster-role-trust-policy.json.
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “eks.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create the role.

aws iam create-role \
— role-name myAmazonEKSClusterRole \
— assume-role-policy-document file://”cluster-role-trust-policy.json”

c. Attach the required Amazon EKS managed IAM policy to the role.

aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
— role-name myAmazonEKSClusterRole

Open the Amazon EKS console.

Step 2: Configure cluster communication

Choose Add cluster, and then choose Create. If you don’t see this option, then choose Clusters in the left navigation pane first.
On the Configure cluster page, do the following:

Enter a Name for your cluster, such as my-cluster.
For Cluster Service Role, choose myAmazonEKSClusterRole.
Leave the remaining settings at their default values and choose Next.

On the Specify networking page, do the following:

Choose the ID of the VPC that you created in a previous step from the VPC dropdown list. It is something like vpc-00x0000x000x0x000 | my-eks-vpc-stack-VPC.
Leave the remaining settings at their default values and choose Next.
7.On the Configure logging page, choose Next.

On the Review and create page, choose Create.

⚜️Step 2: Configure your computer to communicate with your cluster.

In this section, you create a kubeconfig file for your cluster. The settings in this file enable the kubectl CLI to communicate with your cluster.
To configure your computer to communicate with your cluster.

Create or update a kubeconfig file for your cluster.
aws eks update-kubeconfig — region ap-south-1 — name my-cluster

Test your configuration.

kubectl get svc

⚜️Create nodes

Fargate — Linux — Choose this type of node if you want to run Linux applications on AWS Fargate. Fargate is a serverless compute engine that lets you deploy Kubernetes pods without managing Amazon EC2 instances.

• Managed nodes — Linux — Choose this type of node if you want to run Amazon Linux applications on Amazon EC2 instances.
To create a Fargate profile

Create an IAM role and attach the required Amazon EKS IAM managed policy to it. The Amazon EKS pod execution role provides the IAM permissions to do this.

a. Copy the following contents to a file named pod-execution-role-trustpolicy.json.

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Condition”: {
“ArnLike”: {
“aws:SourceArn”: “arn:aws:eks:regioncode:111122223333:fargateprofile/my-cluster/*”
}
},
“Principal”: {
“Service”: “eks-fargate-pods.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create a pod execution IAM role.

aws iam create-role \
— role-name AmazonEKSFargatePodExecutionRole \
— assume-role-policy-document file://”pod-execution-role-trust-policy.json”

c. Attach the required Amazon EKS managed IAM policy to the role.

aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy \
— role-name AmazonEKSFargatePodExecutionRole

Open the Amazon EKS console.
On the Clusters page, choose the my-cluster cluster.
On the my-cluster page, do the following:
a. Choose the Compute tab.
b. Under Fargate Profiles, choose Add Fargate Profile.
On the Configure Fargate Profile page, do the following:
a. For Name, enter a unique name for your Fargate profile, such as my-profile.
b. For Pod execution role, choose the AmazonEKSFargatePodExecutionRole that you created in a previous step.
c. Choose the Subnets dropdown and deselect any subnet with Public in its name. Only private subnets are supported for pods that are running on Fargate.
d. Choose Next.
On the Configure pod selection page, do the following:
a. For Namespace, enter default.
b. Choose Next.
On the Review and create page, review the information for your Fargate profile and choose Create.
After a few minutes, the Status in the Fargate Profile configuration section will change from Creating to Active. Don’t continue to the next step until the status is Active.
If you plan to deploy all pods to Fargate (none to Amazon EC2 nodes), do the following to create another Fargate profile and run the default name resolver (CoreDNS) on Fargate.

⚜️Amazon EC2 Linux managed node group
To create your Amazon EC2 Linux managed node group

Create a node IAM role and attach the required Amazon EKS IAM managed policy to it. Nodes receive permissions for these API calls through an IAM instance profile and associated policies.

a. Copy the following contents to a file named node-role-trust-policy.json.
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “ec2.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}

b. Create the node IAM role.
aws iam create-role \
— role-name myAmazonEKSNodeRole \
— assume-role-policy-document file://”node-role-trust-policy.json”

c. Attach the required managed IAM policies to the role.
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
— role-name myAmazonEKSNodeRole

⚜️
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
— role-name myAmazonEKSNodeRole
aws iam attach-role-policy \
— policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
— role-name myAmazonEKSNodeRole

Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
Choose the name of the cluster that you created in Step 1: Create your Amazon EKS cluster , such as my-cluster.
On the my-cluster page, do the following: a. Choose the Compute tab. b. Choose Add Node Group.
On the Configure Node Group page, do the following: a. For Name, enter a unique name for your managed node group, such as my-nodegroup. b. For Node IAM role name, choose myAmazonEKSNodeRole role that you created in a previous step. We recommend that each node group use its own unique IAM role. c. Choose Next.
On the Set compute and scaling configuration page, accept the default values and choose Next.
On the Specify networking page, accept the default values and choose Next.
On the Review and create page, review your managed node group configuration and choose Create.
After several minutes, the Status in the Node Group configuration section will change from Creating to Active. Don’t continue to the next step until the status is Active.

THANK YOU !!

💠Keep Learning Keep Sharing💠

Amazon - Elastic Container Service(Deep Dive)

Xmen143 — Wed, 06 Jul 2022 13:43:20 +0000

❄️Overview
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that provides the most secure, reliable and scalable way to run containerized applications.

Amazon ECS is a highly scalable, fast container management service that makes it easy to run, stop, and manage containers on a cluster. ECS comes with two launch types: EC2 and Fargate. The containers can run on a serverless infrastructure that is managed by AWS Fargate.

Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.

⚜️Components of Amazon ECS Works and How They Work?
Basic components of Amazon ECS are Docker containers running on EC2 instance or you could go serverless by lounging services and tasks using AWS Fargate. But before we go any further, to fully understand how Amazon ECS works and why it's so powerful, one must first have to understand Docker.

Docker is a client-server development application that containerized applications in a lightweight environment containing all necessary dependencies that specific applications may need to run. Multiple different containers can be run on a single machine, making Docker very popular with developers when it comes to decoupling applications of running specific job types in batch.

⚜️AWS ECS -Task Definitions
To prepare your application to run on Amazon ECS, you need to create a task definition. A task definition is a text file (in JSON format) that describes one or more containers (up to 10) that make up your application. The job definition can specify various parameters for your containerized application. For example, you can use these parameters to indicate which containers to run, which ports should be open, which data volumes should be used, what Docker networking mode to use, and Identity and Access Management (IAM) roles. Almost everything you can run in a command-line Docker command can be defined using ECS task definitions.

⚜️AWS ECS -Tasks and Scheduling
A task is an instance of a task definition running in a cluster. After you create a task definition for your application in Amazon ECS, you can specify the number of tasks to run on your cluster. The Amazon ECS Task Scheduler is responsible for placing tasks in a cluster. There are two primary scheduler strategies: The REPLICA strategy places a desired number of tasks in your cluster, and maintains this number of tasks, restoring them if some of them fail. The DAEMON strategy places one task on each active container instance that meets the relevant criteria.

⚜️AWS ECS -Cluster
An Amazon ECS cluster is a logical grouping of services, each composed of one or more tasks. The first time you use Amazon ECS, a default cluster is created. You can create additional clusters in your account to achieve resource isolation for different workloads or projects. There are two ways to run cluster resources - on EC2 instances or via Amazon Fargate.

⚜️Container Agent - The container agent runs on each container instance in an Amazon ECS cluster. The agent sends information about currently running tasks, and resource utilization, to Amazon ECS. Amazon ECS can use the agent to start and stop tasks as needed.
AWS ECS Deployment Options: EC2 vs Fargate

ECS can use Elastic Compute Cloud (EC2) instances to run containers. EC2 instances are deployed as part of the Amazon EC2 service, and "registered" in a defined ECS cluster, meaning that EC2 can use those instances to deploy containers. You can run an ECS cluster within an existing VPC, making it accessible to existing AWS resources running in that VPC. An alternative way to deploy ECS containers is with Amazon Fargate. Fargate removes responsibility for provisioning, configuring, and managing EC2 instances, allowing AWS to manage EC2 instances for you. With Fargate you don't need to manage servers, but you must ensure that task definitions are stateless.

🔅Common Use Case: Microservices
In order to handle increasing loads and scalability, teams are experimenting with microservice architecture by decoupling their monolithic apps. Thankfully Amazon ECS streamlines this process by providing administrators and engineers container orchestration capabilities to manage and control containerized independent services.

🔅Common Use Case: Batch Jobs
AWS Batch uses the Amazon ECS Agent to execute and carry out containerized jobs that run specific tasks. AWS Batch enables engineers to easily manage, run, and scale batch operations from tens to hundreds and thousands of containerized compute jobs.
THANK YOU !!

💠Keep Learning Keep Sharing💠

AWS CloudWatch — Use Cases

Xmen143 — Mon, 04 Jul 2022 20:31:38 +0000

❄️ AWS CloudWatch
CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards so you can get a unified view of your AWS resources, applications, and services that run on AWS and on premises.

📄Overview
⚜️Why AWS CloudWatch?

Amazon CloudWatch is the component of Amazon Web Services that provides real-time monitoring of AWS resources and customer applications running on Amazon infrastructure.

The following image shows the different AWS resources monitored by Amazon CloudWatch.

🔅Uses Cases:
Configure Amazon CloudWatch to send a notification when CPU utilization of an instance is greater than 1%.

👉Step 1 : Creating a CPU utilization metric
Go to Amazon CloudWatch Management Console and select metrics from the navigation pane.

👉Step 2 : Click on Metrics — All metrics.
Click on Graphed metrics.

👉Step 3: Click on Add metrics using browse or query.
Click EC2 -View automatic dashboard

👉Step 4: Creating an alarm to notify when CPU Utilization metric of the instance is greater than 1%.
Now select the Graphed Metrics option on the same page. Then set the time period according to your need. And choose an alarm icon located beside the selected instance.

Then create a Alarm.

Step 5:

Create new topic if you don’t have any existing topics.

If you want to Autoscaling according to CPU utilization.

Click Add Auto Scaling Action.

👉Step 6: Give your alarm a name and description. Set the Threshold condition.

👉Step 7:
You want AWS to send you an email notification whenever the alarm condition is satisfied. The notification is sent through Amazon SNS Topic.

👉Step 8: Congratulations, you have successfully configured Amazon CloudWatch Alarm to monitor your instance. You will receive the notification through an e-mail on the mail-id you have specified when the alarm condition is met.

🔅Use Case 2: You can log the changes in the state of an Amazon EC2 instance by using CloudWatch Events with the assistance of AWS Lambda function.

Benefits of Amazon CloudWatch
Amazon CloudWatch allows you to access all your data from a single platform. It is natively integrated with more than 70 AWS services. Vodafone company uses Amazon CloudWatch with Auto Scaling groups to monitor CPU usage and to scale from three Amazon EC2 instances to nine during peak periods automatically.

Provides real-time insights so that you can optimize operational costs and AWS resources. Kellogg company uses Amazon CloudWatch for monitoring, which helps the company make better decisions around the capacity they need, so that they can avoid wastage.

THANK YOU !!

💠Keep Learning Keep Sharing💠