Elastic Kubernetes Service: Deployment (Part 2)

This post will continue with how to deploy your React and Node application to EKS Cluster

These are the steps we need to do in order to deploy our application to cluster

1. Setup Cluster
2. Apply necessary IAM roles for cluster
3. Define and apply: deployments, services, ingress
4. Apply ssl for ingress services using ECM

Prerequisites

• kubectl
• AWS CLI
• AWS account

Create necessary VPC, Subnets, Security Groups and Setup Cluster

We should use AWS Cloudformation to deploy with necessary networking configuration for our EKS cluster to work well.

Follow this in Creating AWS EKS Cluster Section only to create cluster with running nodes. Remember to edit region, subnet ids corresponding.

Create AWS Load Balancer Controller

There are two type of Load Balancer we should take note: Network Load Balancer (NLB) and Application Load Balancer (ALB)

In OSI network model, NLB works on layer 3 & 4 (network and transport layers), ALB works on layer 7 (application layer). ALB will be more flexible than NLB, we will use ALB instead of NLB. I was stuck with applying ssl to my services using NLB with no clue after hours of research, then I found out that ALB would do the job.

Detail of creating AWS Load Balancer Controller. Please take a note in the step 4, I used the option Using the AWS Management Console and kubectl but I have issue “AccessDenied sts:AssumeRoleWithWebIdentity” in my load balancer controller, using the eksctl option works on this case, it tooks my hours to resolve, this is a note I found from in this post.

Define and apply resources manifest

There will be 3 types of manifest you will need to define

• Deployment: deploy your application image to cluster nodes.
• Service: expose your application for external access.
• Ingress: work as API gateway, forward request to a service based on route, path.

I have created sample files here

Apply these manifest by:

kubectl apply -f <file-name>.yaml

Here is some few commands you can use later:

Remove applied configurations from a yaml file

kubectl delete -f <file-name>.yaml

Restart a deployment (create new pods)

kubectl rollout restart deployment <deployment-name>

After then, you can access to your app using ingress external ip. Listing ingresses to show addresses

kubectl get ingress

This is my sample 2048 app. You can refer this to create your own.

My 2048 web is exposed with the address above.

Apply ssl for ingress services using ECM

You can request ssl certificates with ECM

In my manifest sample above, you will see that we have alb.ingress.kubernetes.io/certificate-arn annotation. Replace <arn-from-acm> with your new created certificate arn.

Then you must point CNAME records to ingress addresses above, respectively. Now your services have ssl certificated.

That’s a very brief of steps that I took in order to deploy my application to EKS Cluster within one VPC. Beside these front services (services that was exposed to clients), there are internal services like database, redis caching or message queue system, you should deploy it in another VPC isolated from front services and use Peer Connection to wire them together.

Thanks for reading.