AWS EKS via Terraform: Three Tier microservice Application Deployment with Prometheus and Grafana
HTML-код
- Опубликовано: 5 авг 2024
- 🔧 AWS EKS via Terraform: Three-Tier Microservice Application Deployment with Prometheus and Grafana
In this tutorial, we dive deep into deploying a robust three-tier microservice application on AWS EKS using Terraform. We'll walk you through the entire process, from setting up your EKS cluster to deploying your microservices, and ensuring they're monitored effectively with Prometheus and Grafana.
🕒 Timestamps:
00:00 - Introduction
00:26 - Prerequisite
00:49 - AWS IAM Set-up
05:27 - Setting up AWS EKS with Terraform
18:27 - Deploying the microservices on EKS
32:22 - Implementing monitoring solutions with Prometheus
39:40 - Conclusion & Wrap-up
#kubernetes #aws #eks #terraform
📊 Key Takeaways:
Setting up AWS EKS with Terraform.
Implementing monitoring solutions with Prometheus and Grafana.
🔗 GitHub Repository:
Three Tier EKS Infrastructure as Code (IAC): github.com/sd031/three-tier-e...
Make sure to clone the repo and follow along for a hands-on experience!
👍 If you found this tutorial helpful, please give it a thumbs up, share, and subscribe for more cloud and DevOps content!
KEYWORDS:
AWS
AS EKS
TERRAFORM
MICROSERVICES
AWS EKS TERRAFORM PROJECT WITH SOURCE CODE
AWS EKS TUTORIAL FOR BEGINNERS
AWS EKS EASY WAY
TERRAFORM EKS
PROMETHEUS
GRAFANA
AWS APPLICATION LOAD BALANCER (ALB)
KUBERNETES
AWS TUTORIAL
EKS TUTORIAL
AWS TRAINING - Наука
Repo: github.com/sd031/three-tier-eks-iac#prerequisite
🕒 Timestamps:
00:00 - Introduction
00:26 - Prerequisite
00:49 - AWS IAM Set-up
05:27 - Setting up AWS EKS with Terraform
18:27 - Deploying the microservices on EKS
32:22 - Implementing monitoring solutions with Prometheus
39:40 - Conclusion & Wrap-up
Do comment for any confusion , also I am improving the read me and improving more features , so keep checking the repo time to time
Absolutely amazing project.
Thanks for this sandip bhai ✨️
Thanks Shubham ☺
Thank you dude, u really helped me learning 😇😇😇
Hat's off 🎉
Awesome
Thanks :)
i need help here for me the frontend application is not coming up with the similar dns i mentioned
When you have set the Type: ClusterIP to LoadBalancer, it is creating Classic LB. But as you know, AWS has declared to obsolete CLB in near future, please let me know, how do we create ALB for Type: LoadBalancer?
Here is a ALB example: github.com/sd031/three-tier-eks-iac/blob/main/k8s_manifests/full_stack_lb.yaml
Thanks Sandip@@learnTechWithSandip
Sandip da, can you explain the cluster autoscaller part more, I did not quite understand it fullly how you did that ? Rest was awesome
Hi Sandip
Getting rootcert.pem file missing.
Hi Sandip, can u please explain a little bit about oidc_providers > and why we need this?
OIDC (OpenID Connect) is a popular identity layer on top of the OAuth 2.0 protocol. In the context of Kubernetes, OIDC can be used for authentication to the Kubernetes API server. Amazon EKS (Elastic Kubernetes Service) supports OIDC as an authentication method.
Here's a general overview of how to set up OIDC providers in Kubernetes on EKS:
EKS Cluster with OIDC Enabled:
When creating an EKS cluster, OIDC is enabled by default. You can verify this by checking the cluster's OIDC issuer URL in the EKS console or using the AWS CLI.
IAM OIDC Identity Provider:
Create an OIDC identity provider in the IAM console using the OIDC issuer URL from your EKS cluster.
Associate the OIDC provider with a trust policy that trusts the EKS cluster's OIDC issuer.
IAM Role for Service Account:
Create an IAM role that trusts the OIDC identity provider.
Attach policies to this role that grant the necessary permissions for your workloads.
Annotate the Kubernetes service account with the IAM role ARN.
Service Account in Kubernetes:
Create a Kubernetes service account in the namespace where your workload will run.
Annotate the service account with the IAM role ARN using the eks.amazonaws.com/role-arn annotation.
Pod Configuration:
Deploy your pods using the annotated service account. The AWS SDK or CLI in the pod will use the role associated with the service account for authentication.
Kubernetes API Server Authentication:
If you want to use OIDC for authenticating to the Kubernetes API server, you'll need to set up an OIDC provider (like Dex, Keycloak, etc.) and configure the API server to use it.
Create OIDC identity tokens and use them with kubectl for authentication.
OIDC Tokens:
Workloads in EKS can assume roles using OIDC tokens. The aws-iam-authenticator helps generate tokens that can be used for assuming roles via OIDC.
RBAC:
Use Kubernetes RBAC to define what actions a user or a workload can perform in the cluster.
@learnTechWithSandip It would be great if you could also make a video on how to write these Terraform modules and .tf files from scratch in realtime and what resources normally one should keep handy while creating infra using Terraform. Thanks ...
Let me do that in part 2 👍
exactly and applies it one by one for better understanding
Where is aws architecture diagram for this whole project? Can you share it?
Great Video.
I have one question
"In a real company setup, how Terraform is set up. You've got a bunch of DevOps folks on the team, and they need to create infrastructure for the same project. They can use S3 buckets for remote state and use DynamoDB for locking. But here's the thing: do they provision resources on their own local or do they use a pipeline?"
pipeline is standard way of deployments
so for that they use separate account, so that production workload don't get effected during testing or development, production code deployment happen via CICD pipeline on master / main / production branch changes.
Thanks for this video...what costs(approx) this setup for demo?
Approx: 126.94 USD
Calculation (Rrough cost, as actual depends on usage and requirements ): calculator.aws/#/estimate?id=6de64c2108d7ecd1e68dcaeadfa36909bbae8e2e
kube-system/cluster-autoscaler failed to create kubernetes rest client for update of resource: Unauthor
ized.
Error: Kubernetes cluster unreachable: the server has asked for the client to provide credentials.
│ Error: The configmap "aws-auth" does not exist
getting this error while creating clutser please let me know how to resolve this error
make sure from this system running terraform, has admin permissions (IAM Setup) , make sure you have installed AWS CLI V2 and finally:
us-east-1.console.aws.amazon.com/iamv2/home?region=us-west-2#/account_settings
make sure all STS endpoints are enabled
@@learnTechWithSandip i have given admin permission to the user but how to configure or enable STS please guide
@@gautamjoshi2329 see the link I have given, there the sts endpoint enable/ disable option is there
can we Integrate this in CICD ? if yes how ?
yes, check this: ruclips.net/video/u_TDxuO6URA/видео.html&ab_channel=SandipDas
Https certificate how to configure?
Here update the lb yaml file:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:region:account-id:certificate/certificate-id
Generate the certificate from AWS ACM
Here how it works: kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/how-it-works/
How can i do this for AKS?
the resources and coding for the same will be a lot different, let me plan something for AKS similar during Jan
while I appreciate your toturial, I would really like to see how all these terrafoms file been written not just a walk through. What kind of resources you looked at to write these terraforms. Please help
Glad you have asked, it took around 1 week to read different articles, specially terraform eks and vpc module related documentation and different articles to get this done . I will share a separate post on the process of making this kind of infra
@@learnTechWithSandip thank you so much! This is actually the kind of thing a lot of people would be interested in. The process leading up to this great tutorial. if you can share these resources that would be great
Use an alias tf for terraform. You will save lot of repetitive typing.
Bro i was doing one project ditto today.
Great, hope this helps :)
Hey Sandip, one request as a brother, please change your chair. I know it looks good for RUclips videos but in the long run it will make you suffer. Buy something ergonomic please as we engineers have to sit for long hours. Take care and thanks for your videos
Sure, I actually have two chairs :
amzn.to/3PTuenf
amzn.to/3PY6pL2
Both these chairs actually Ergonomic and comfortable for long hours
@@learnTechWithSandip Great to know, hope you are using the other ergonomic one more 😊 Amar same ekta greensoul er gaming chair chilo, I developed back issues in the long run. Switched to an ergonomic one now and my back thanks me everyday
@@krishanuchakraborty3500 same here, halka back pain holchilo, tai mesh chair ta kini and besi kore use kori :)
From LinkedIn