Amazon EKS Deep Dive
AWS Training Architect II in Content
This course will explore Amazon Elastic Container Service for Kubernetes (Amazon EKS) from the very basics of its configuration to an in-depth review of its use cases and advanced features.
We will talk about how EKS is architected in order to provide a better understanding of how to manage container-based applications at scale.
Once we have a solid foundation of the basics, we will dive into the configuration, management, and deployment of a microservices-based application in EKS.
Access interactive diagram: https://interactive.linuxacademy.com/diagrams/TheEKSManifest.html
Join the Linux Academy community slack for chat here: https://linuxacademy-community-slack.herokuapp.com/ and join the #containers channel.
If you're wondering whether this course is for you and what you need to know before taking it, then look no further. This video describes the intended audience, pre-requisites, and gives a brief overview of the concepts covered throughout this course.
This course will explore Amazon Elastic Container Service for Kubernetes (EKS) from the very basics of its configuration to an in-depth review of its use cases and advanced features. We will talk about how EKS is architected to provide a better understanding of how to manage container-based applications at scale. Once we have a solid foundation of the basics, we will dive into the advanced use cases to uncover the power of EKS.
Join the Linux Academy community slack for chat here and join the
About the Training Architect
Get to know a little bit more about me, the author!
Working with the Interactive Diagram
The Interactive Diagram for this course is a tool to provide both an overview and a detailed breakdown of all the EKS components covered. You'll see it incorporated throughout the course and, in this lesson, you'll learn how you can also use it independently to fortify your understanding of EKS. LINK: EKS Manifest
This hands-on EKS Deep Dive course is great for those new to EKS or those who want to expand what they already know. However, you should have some prerequisite knowledge before considering this course as we will be getting our hands dirty with
kubectl, the AWS Management Console, Linux command line, Docker, and modifying configuration files with YAML and JSON. If you're a bit rusty or inexperienced in any of these areas, then it may behoove you to freshen up a bit before jumping into this course.
Now that we've got the introductory section of this course out of the way, we can start to dig into the basics of Amazon Elastic Container Service for Kubernetes, or EKS. We're going to be covering a few different concepts in this video topic, including:What is EKS?Managed Control PlaneKubernetes & VPC NetworkingAWS CNI Network PluginEKS-optimized AMISpot Instances This will provide you with a high-level explanation of the fundamentals of Amazon EKS.
Configuring an EKS Cluster
In this video, we'll be creating an Amazon EKS cluster using the AWS Management Console, and then configuring our command line utilities to connect to the cluster. Some of the topics we'll be covering in this video are:Creating the EKS service roleCreating the VPC infrastructure using CloudFormationCreating a cluster in the AWS Management ConsoleConfiguring kubectl for EKSConfiguring aws-iam-authenticator
Provisioning Worker Nodes
In this video, we'll be picking up where we left off in the previous one, where we deployed our VPC infrastructure and created our EKS cluster. Some of the topics we'll be covering in this video are: Launching EKS worker nodesDeploying the Kubernetes dashboard Installing the Kubernetes Dashboard
Installing Heapster and InfluxDB
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
Create an administrative account and cluster role binding
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
kubectl apply -f eks-admin-service-account.yaml kubectl apply -f eks-admin-cluster-role-binding.yaml
Get a token
kubectl proxy --address 0.0.0.0 --accept-hosts '.*' &
Log in http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login Cloudformation Template https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-11-07/amazon-eks-nodegroup.yaml
aws-iam-authenticator -i <cluster_name> token
In this lesson, we're going to talk about IAM authentication in EKS. Some of the topics we'll be covering are:How EKS authentication and authorization workGranting IAM users access to an EKS cluster
Developing for EKS
Developing for EKS
Understanding the Application Architecture
This lecture uses a walkthrough of the architecture diagram to show details of the sample application architecture. We'll see how it's composed of a web frontend and two utility microservices, including integration points with AWS.
Building from Source
This lecture explains how to install and configure all the prerequisites necessary for building our sample application from source code.
Publishing to ECR
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. This lecture shows how ECR is integrated with EKS, simplifying the development to production workflow.
Deploying to EKS
This lecture details how to deploy our sample microservices-based application to an EKS cluster.
Make sure your EC2 worker nodes' IAM role has both DynamoDB and S3 access.
For example, you can grant
AmazonS3FullAccess policies to the Node Instance Role. Without access to these AWS resources, the containers will fail to respond healthy, and the load balancer won't register them in service.
EKS in Production
EKS in Production
Autoscaling an EKS Cluster
In this lesson, we're going to discuss the two most common methods for autoscaling an EKS cluster: the Cluster Autoscaler (CA) and the Horizontal Pod Autoscaler (HPA).
Monitoring an EKS Cluster
In this video, we'll be looking at some options for monitoring your EKS cluster. Some of the topics we'll cover are:CloudWatch LimitationsGathering metrics with PrometheusVisualizing data with Grafana
Updating EKS in Production
In this video, we'll discuss updating your EKS cluster running in production. Some of the topics we'll cover are:Updating the cluster version to a newer Kubernetes releaseSwitching the DNS provider from kube-dns to CoreDNSUpdating the worker node group to a newer Kubernetes release
Applying Best Practices
Applying Best Practices
Logging with CloudTrail
CloudTrail is very important in the security realm, because it records every API call executed on our resources. We can also create trails that allow us to store logs longer than 90 days, and use them to trigger automation events. It is a best security practice to make sure CloudTrial logging is always enabled. This video gives information about what CloudTrail does and how to configure it.
Continuous Deployment with EKS
In this video, we'll build a CI/CD pipeline using AWS CodePipeline. The CI/CD pipeline will deploy a sample Kubernetes service. Then we will commit a code change to the GitHub repository, and observe the automated delivery of this change to the cluster.
Application Tracing with X-Ray
In this video, we're going to learn about tracing our application with AWS X-Ray. We'll deploy the X-Ray agent, as a DaemonSet, and sample microservices that are instrumented with the X-Ray SDK. Then we'll make some sample requests, and examine the traces and service maps in the AWS Management Console.
Logging to CloudWatch Logs with Fluentd
In this lesson, we'll be learning how to send our containers' logs up to CloudWatch Logs, using Fluentd.
Now that you've completed your deep dive of EKS, here are a few suggestions on what you should do next.
Now that you have completed the coruse - take the time to share your success and get recognized in our community and LinkedIn.