Navigating Robot Shop's Infrastructure: A Deep Dive into the 3-Tier Architecture, 8 Core Services, and Dual Database System
Table of contents
- Step2: Create EC2 Instance
- Step3: Connect to Instance and Install Required Packages
- Step4: EKS Setup
- Setting Up Commands for Configuring IAM OIDC Provider
- Check if there is an IAM OIDC provider configured already
- Setting Up ALB Add-On:
- Implement ALB Controller
- EBS CSI Plugin Setup and Configuration
- Step5: DELETE CLUSTER
Exploring Stan’s Robot Shop:
Stan's Robot Shop is a versatile microservices application that takes you on a journey from Docker Compose deployment to integrating IAM OIDC with Amazon EKS clusters. Dive into the world of containerized applications, orchestration, and monitoring. Stan's Robot Shop is more than just a destination; it's a secure space to master NodeJS, Java, Python, Kubernetes, and monitoring tools like Instance. Use it as a starting point to enhance your skills in microservices, container orchestration, and monitoring in a straightforward manner.
Step 1: IAM User Creation in AWS
1. Log in to the AWS console using your credentials.
2. In the search bar, enter ‘IAM’ to access the IAM Dashboard.
3. Navigate to the ‘Users’ section and select ‘Create User’.
Enter a Name, Check the Desired Options, and Proceed to Next Step
Explore Direct Attachment of Policies: Leveraging AdministratorAccess for Educational Purposes
Click Next
Click on Create user
Select View User to Access User Details
Access Security Credentials
Now, within security credentials, navigate to Access keys and proceed to Create a new access key.
Choose CLI, Agree to Terms, and Proceed to Next
Download the .csv File and Click ‘Done’
Step2: Create EC2 Instance
Provisioning an EC2 Instance on AWS: A Step-by-Step Guide
1. Sign in to AWS Console:
Log in to your AWS Management Console.
2. Navigate to EC2 Dashboard:
Access the EC2 Dashboard by selecting “Services” in the top menu.
Choose “EC2” under the Compute section.
3. Launch Instance:
Click on the “Launch Instance” button to initiate the creation process.
4. Choose an Amazon Machine Image (AMI):
Select a suitable AMI (e.g., Ubuntu) for your instance.
5. Choose an Instance Type:
In the “Choose Instance Type” step, opt for t2.medium.
Proceed by clicking “Next: Configure Instance Details.”
- Configure Instance Details:
Set “Number of Instances” to 1 (adjust if necessary).
Configure additional settings such as network, subnets, IAM role, etc.
For “Storage,” add a new volume and set the size to 8GB (or modify existing storage to 16GB).
Click “Next: Add Tags” when configuration is complete.
7. Add Tags (Optional):
Optionally, add tags to organize your instance.
8. Configure Security Group:
Choose an existing security group or create a new one.
Ensure the security group has necessary inbound/outbound rules for required access.
9. Review and Launch:
Review the configuration details to ensure they are as desired.
10. Select Key Pair:
Choose “Choose an existing key pair” from the dropdown.
Acknowledge access to the selected private key file.
11. Launch Instances:
Click “Launch Instances” to create the EC2 instance.
12. Access the EC2 Instance:
Once the instance is launched, access it using the selected key pair and the instance’s public IP or DNS.
Optimize Security for Your EC2 Instance: Implement Essential Permissions and Best Practices in Configuring Security Groups and Key Pairs.
Step3: Connect to Instance and Install Required Packages
Eksctl
sudo apt update
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
Kubectl
curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.3/2023-11-14/bin/linux/amd64/kubectl
sudo chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
kubectl version --client
Aws CLI
sudo apt install unzip -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
Helm
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
Step4: EKS Setup
Configure AWS Settings for us-east-1 Region
aws configure
Clone the GitHub Repository: A Step-by-Step Guide
git clone https://github.com/mudit097/three-tier-architecture-demo.git
cd 3TierDB
Establish Cluster
eksctl create cluster --name demo-cluster-three-tier-1 --region us-east-1
Certainly! Here’s a revised version of the title:
Setting Up Commands for Configuring IAM OIDC Provider
USE CLUSTER NAME demo-cluster-three-tier-1
export cluster_name=<CLUSTER-NAME>
Utilize 'export cluster_name=' in the command-line interface to create a designated storage variable. This streamlines the storage and retrieval of specific values, eliminating repetitive typing. The assigned 'cluster_name' facilitates efficient recall and utilization in various commands or programs, enhancing overall productivity.
oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
Extracting Specific Information from an Amazon EKS Cluster Using AWS CLI
Check if there is an IAM OIDC provider configured already
aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4
Using AWS CLI to Retrieve Information: Listing OpenID Connect (OIDC) Providers in AWS IAM
eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
Associating IAM OIDC Provider with Amazon EKS Cluster Using EKSCTL Command
Setting Up ALB Add-On:
Downloading IAM Policy
Create IAM Policy
-O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
aws iam create-policy \
--policy-name AWSLoadBalancerControllerIAMPolicy \
--policy-document file://iam_policy.json
Create IAM Role with Cluster Name and AWS Account ID
eksctl create iamserviceaccount \
--cluster=<your-cluster-name> \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
--approve
Obtaining AWS Account ID: Navigate to the AWS Console, click on your profile name on the right side, and copy the account ID.
Implement ALB Controller
Add Helm Repository for Deployment
helm repo add eks https://aws.github.io/eks-charts
Repository Refresh: Latest Updates
helm repo update eks
Update the VPC_ID in the following command after retrieving the VPC ID from EKS
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=demo-cluster-three-tier-1 --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller --set region=us-east-1 --set vpcId=<vpc-id>
Ensure Operational Deployment Success
kubectl get deployment -n kube-system aws-load-balancer-controller
EBS CSI Plugin Setup and Configuration
The Amazon EBS CSI Plugin Requires IAM Permissions for AWS API Calls on Behalf of Your Cluster.
Create an IAM Role and Attach a Policy for Cluster: [Your Cluster Name]. AWS provides an AWS Managed Policy, or you can craft a Custom Policy. Use the following command to create an IAM role and attach the AWS Managed Policy; ensure to replace ‘my-cluster’ with your cluster’s name. This command deploys an AWS CloudFormation stack, establishing an IAM role and linking the IAM policy to it.
eksctl create iamserviceaccount \
--name ebs-csi-controller-sa \
--namespace kube-system \
--cluster <YOUR-CLUSTER-NAME> \
--role-name AmazonEKS_EBS_CSI_DriverRole \
--role-only \
--attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
--approve
Execute the following command, replacing ‘YOUR_CLUSTER_NAME’ with the actual name of your cluster and ‘YOUR_ACCOUNT_ID’ with your account ID.
eksctl create addon --name aws-ebs-csi-driver --cluster <YOUR-CLUSTER-NAME> --service-account-role-arn arn:aws:iam::<AWS-ACCOUNT-ID>:role/AmazonEKS_EBS_CSI_DriverRole --force
Navigate into the Helm and Establish a New Namespace
cd helm
kubectl create ns robot-shop
Now
helm install robot-shop --namespace robot-shop .
Time for Pod Check
kubectl get pods -n robot-shop
Check service
kubectl get svc -n robot-shop
Now Accepting Ingress Applications
kubectl apply -f ingress.yaml
Navigate to AWS Console, Locate EC2, and Access Load Balancers — Copy DNS
k8s-robotsho-robotsho-55094ff83e-535495866.us-east-1.elb.amazonaws.com
Open a fresh tab and insert
Step5: DELETE CLUSTER
Input This Command Immediately
eksctl delete cluster --name demo-cluster-three-tier-1 --region us-east-1
This guide aims to give you useful tips and practical advice to help you become more skilled in working with containerized applications and Kubernetes.
Thank you for taking the time to read this guide.