Being that Amazon is one of the most-used cloud vendors, it is only natural that one may ask “How can Kubernetes be used in AWS?“. And the answer is – not that different than with other cloud vendors. What one needs is two things (and this applies universally): a Kubernetes cluster + the Percona XtraDB Cluster (PXC). Let’s start by creating the K8S cluster.
Amazon EKS
Like every other major cloud vendor, Amazon also has its own service available to make easy the task of creating and maintaining a K8S cluster called Amazon Elastic Kubernetes Service (EKS). There are two ways to create the cluster: one is using a tool called eksctl (which is the one we are going to use) and the other one is using the AWS management console which is a more manual approach. Now, before deploying the cluster with eksctl, there are a few requirements that need to be met:
- Have kubectl installed
- Have the latest AWS CLI installed
- Have AWS IAM authenticator
- And, of course, have eksctl installed
Installing kubectl
There is more than one way to get kubectl. We are going to install the binary hosted by Amazon (compatible with the upstream version). The following steps are for Linux:
1 2 3 |
curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/<code class="replaceable">bin/linux/amd64/kubectl chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin |
Once that is done, you can verify that the installation was done properly by asking for the version: kubectl version –short –client.
1 2 |
[root@ip-192-168-1-239 ~]# kubectl version --short --client Client Version: v1.14.7-eks-1861c5 |
All good!
Installing the AWS CLI
To get the new (experimental) AWS CLI version 2, run:
1 2 3 |
curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install |
Verifying:
1 2 |
[root@ip-192-168-1-239 ~]# /usr/local/bin/aws2 --version aws-cli/2.0.0dev3 Python/3.7.3 Linux/3.10.0-1062.1.2.el7.x86_64 botocore/2.0.0dev2 |
You can export the /usr/local/bin path to the environment variable PATH so you can use the “aws2” command directly.
Installing AWS IAM Authenticator
Similar to the previous installations, just run the following commands as described in the AWS IAM authenticator documentation:
1 2 3 |
curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/aws-iam-authenticator chmod +x ./aws-iam-authenticator mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin |
And validate:
1 2 3 4 5 6 7 |
[root@ip-192-168-1-239 ~]# aws-iam-authenticator help A tool to authenticate to Kubernetes using AWS IAM credentials Usage: aws-iam-authenticator [command] ...... |
Don’t forget to configure your AWS CLI credentials, for example (not real info):
1 2 3 4 5 |
$ aws2 configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]: json |
Installing eksctl
Similar instructions. Follow these steps:
1 2 |
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp sudo mv /tmp/eksctl /usr/local/bin |
And verify:
1 2 |
[root@ip-192-168-1-239 ~]# eksctl version [ℹ] version.Info{BuiltAt:"", GitCommit:"", GitTag:"0.12.0"} |
Now we are ready to deploy the Kubernetes cluster.
Creating the Kubernetes Cluster
And now the moment of truth. To create the cluster, one just needs to execute one command (with several parameters), but that is pretty much all. For this case, the command looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 |
eksctl create cluster \ --name percona1 \ --version 1.14 \ --region us-east-2 \ --nodegroup-name percona-standard-workers \ --node-type t3.medium \ --nodes 3 \ --nodes-min 1 \ --nodes-max 4 \ --ssh-access \ --ssh-public-key /root/.ssh/id_rsa.pub \ --managed |
The parameters used are just a small subset of everything that is available, and one that can seen by running “eksctl create cluster –help”, but for this case what we asked of EKS is to create a cluster named Percona using K8S version 1.14, in the aws region us-east-2 (Ohio), giving a name of percona-standard-workers to the nodegroup, using t3.medium EC2 instances for the nodes, with a total of three nodes (min 1 max 4), and enabling SSH access for the nodes using the SSH public key provided.
Note that all these parameters can be passed using a config file with YAML format, as explained in the documentation. Now, after the command is executed, the cluster is ready to be deployed. This process is not fast and could take around 15 minutes to finish. Be patient.
The output will look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[ℹ] eksctl version 0.12.0 [ℹ] using region us-east-2 [ℹ] setting availability zones to [us-east-2a us-east-2b us-east-2c] [ℹ] subnets for us-east-2a - public:192.168.0.0/19 private:192.168.96.0/19 [ℹ] subnets for us-east-2b - public:192.168.32.0/19 private:192.168.128.0/19 [ℹ] subnets for us-east-2c - public:192.168.64.0/19 private:192.168.160.0/19 [ℹ] using SSH public key "/root/.ssh/id_rsa.pub" as "eksctl-percona1-nodegroup-percona-standard-workers-5e:8e:f6:14:2f:5a:f1:40:6f:33:e9:53:4a:13:c5:40" [ℹ] using Kubernetes version 1.14 [ℹ] creating EKS cluster "percona1" in "us-east-2" region with managed nodes [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial managed nodegroup [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-2 --cluster=percona1' [ℹ] CloudWatch logging will not be enabled for cluster "percona1" in "us-east-2" [ℹ] you can enable it with 'eksctl utils update-cluster-logging --region=us-east-2 --cluster=percona1' [ℹ] Kubernetes API endpoint access will use default of {publicAccess=true, privateAccess=false} for cluster "percona1" in "us-east-2" [ℹ |