Host web application inside AWS EKS cluster using ALB + NGINX. The web link: https://web.stevejcliu.com/
This repo builds a CICD pipeline for depolying this web application into EKS cluster.
There is no manual task needed during this CICD process. The related travis build can be found through the build status.
One of example for build from scratch: https://travis-ci.org/github/junchil/web-kubernetes/builds/700292258
VPC:
- In the vpc module, it create four subnets: public subnets, private subnets, master subnets and worker subnets.
- Public subnets and master subnets are public to internet. They are connected to Internet gateway.
- Private subnets and worker subnets are private. They are connected to NAT gateway for getting internet traffic.
- Bastion host sits in the public subnets.
- Amazon EKS is using both master subnets and worker subnets.
- Kubernetes worker nodes sit in worker subnets.
- For saving money, the terraform doesn't provide ASG for bastion host, and nat gateway in each AZs.
Cluster:
- Kubernetes worker nodes are using Auto Scaling Group. It also supports Spot Instance.
Bastion host:
- Bastion host is a single vm which sits in the public subnets. It is used for managing the kubernetes work nodes if there is a need.
- SSH port 22 is enabled in bastion host vm.
-
Kubernetes ingress resources by provisioning Application Load Balancers with aws-alb-ingress-controller
-
Auto DNS entry with external-dns. The following two records are automatically generated by it.
-
Ingress controller that uses ConfigMap to store the nginx configuration. nginx-ingress
-
SSL Enable
-
Hostname -> routing rules
-
Can support multiple ingress class
kubectl get po NAME READY STATUS RESTARTS AGE reawebrelease-albcontroller-64bc5d66b9-6sjs8 1/1 Running 0 13h reawebrelease-externaldns-6bd6fb5cf7-zwcwl 1/1 Running 0 13h reawebrelease-nginx-controller-7f557dfcf9-b2xxh 1/1 Running 0 157m reawebrelease-nginx-default-backend-7569d789f-vsjcm 1/1 Running 0 13h reawebrelease-reaweb-5dd9d87b77-hsvp5 1/1 Running 0 157m reawebrelease-reaweb-5dd9d87b77-xgg24 1/1 Running 0 13h reawebrelease-testbox-67d8cd9c6-nmn87 1/1 Running 0 13h kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE reawebrelease-albcontroller 1/1 1 1 14h reawebrelease-externaldns 1/1 1 1 14h reawebrelease-nginx-controller 1/1 1 1 14h reawebrelease-nginx-default-backend 1/1 1 1 14h reawebrelease-reaweb 2/2 2 2 14h reawebrelease-testbox 1/1 1 1 14h kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 40h reawebrelease-externaldns ClusterIP 172.20.161.112 <none> 7979/TCP 13h reawebrelease-nginx-controller NodePort 172.20.208.243 <none> 80:30959/TCP,443:30307/TCP 13h reawebrelease-nginx-default-backend ClusterIP 172.20.32.31 <none> 80/TCP 13h reawebrelease-reaweb NodePort 172.20.54.40 <none> 9292:31678/TCP 13h kubectl get ingress NAME HOSTS ADDRESS PORTS AGE reawebrelease-elb-ingress * ac97d66b-default-reawebrel-8f71-1282660860.ap-southeast-2.elb.amazonaws.com 80 14h reawebrelease-reaweb * 10.0.148.82 kubectl get nodes NAME STATUS ROLES AGE VERSION ip-10-0-148-82.ap-southeast-2.compute.internal Ready <none> 42h v1.16.8-eks-e16311 ip-10-0-162-59.ap-southeast-2.compute.internal Ready <none> 16h v1.16.8-eks-e16311 ip-10-0-188-140.ap-southeast-2.compute.internal Ready <none> 42h v1.16.8-eks-e16311 -
https://aws.amazon.com/blogs/opensource/kubernetes-ingress-aws-alb-ingress-controller/
-
https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
-
https://github.com/helm/charts/tree/master/incubator/aws-alb-ingress-controller
-
https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/public-private-route53.md
-
https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/alb-ingress.md
-
https://medium.com/@sajid2045/aws-eks-ingress-option-alb-nginx-fc64a4a5ea9f