Altschool Cloud Engineering Capstone Project: Deployment of Socks Shop, a microservices-based application, on Kubernetes using Infrastructure as Code (IaaC).
We aim to deploy a microservices-based application, specifically the Socks Shop, using a modern approach that emphasizes automation and efficiency. The goal is to use Infrastructure as Code (IaaC) for rapid and reliable deployment on Kubernetes. The main task is to set up the Socks Shop application, a demonstration of a microservices architecture, available on GitHub. Using tools and technologies that automate the setup process, ensuring that the application can be deployed quickly and consistently.
graph LR
A[AWS] --> B(Route53)
A --> C(EKS Cluster)
C --> D{Node Group (t3.small)}
C --> D{Node Group (t3.small)}
C --> E(Terraform)
E --> F(Kubernetes)
F --> G(Socks Shop)
F --> H{Prometheus}
F --> I{Grafana}
B --> J(Public Internet)
J --> F
K(CI/CD Pipeline) --> E
- This architecture utilizes AWS services: Route53 for domain management, EKS for the Kubernetes cluster, and IAM for authentication (not explicitly shown).
- The EKS cluster uses two node groups of t3.small instance types.
- Terraform manages the infrastructure resources.
- The Kubernetes cluster hosts the Socks Shop application, Prometheus for monitoring, and Grafana for visualization.
- The public internet can access the application through a domain hosted on Route53, which routes traffic to the ingress on the Kubernetes cluster.
- A CI/CD pipeline automates deployments using Terraform and Helm charts.
-The following has to be installed/configured;
- Terraform
- AWS Account
- AWS cli
- Kubernetes
- Kubectl
- Helm
- Prometheus & grafana installed with helm
- ELK Stack
- Let's Encrypt
-
Configure AWS CLI: Set up AWS credentials and configure the AWS CLI for interacting with AWS services.
-
Terraform Configuration:
- Create a directory "terraform" to keep all teraform configuration files; You can get configuration commands for each file from the official terraform documentation.
mkdir terraform cd terraform- Define VPC resources (network, subnets, security groups) in vpc.tf file.
touch vpc.tf
- Define the EKS cluster configuration (node groups, IAM roles) in eks-cluster.tf.
touch eks-cluster.tf
- Use variables in terraform.tfvars to customize resource settings.
-
Run Terraform:
-Use terraform init and terraform apply to provision the infrastructure.
terraform init
terraform plan
terraform apply --auto-approve #the flag --auto-approve can be added to avoid the prompt for confirmation.
Below are images of my eks cluster, vpc and ec2 instances provisioned by terraform:
-
Kubernetes Configuration:
-Create a folder to keep all kubernetes configuration files.
mkdir kubernetes cd kubernetes-keep both deployment.yaml and ingress.yaml files in the directory.
-configure the kubectl to connect to the EKS cluster, the specified region and the cluster name.
aws eks update-kubeconfig --name=alameen-eks-cluster --region=us-east-1
-After the infrastructure has been provisioned, run the command to deploy with kubernetes
kubectl apply -f deployment.yaml
-
Displaying front-end of Application:
-ingress-nginx chart can be installed with helm, this helps us create a loadbalancer
-After that has been created, we would specify a domain name hosted in aws route53 within our ingress file configurations where the front-end can be displayed
-we then run kubectl command below to apply changes;
kubectl apply -f ingress.yaml
-Below are images of our front-end displayed:
-
CI/CD Pipeline:
CI/CD Pipeline will be set up using GitHub Actions to automate infrastructure provisioning and application deployments triggered by code changes.
-
Monitoring:
-
Monitoring tools (Prometheus & Grafana) will be installed using helm after first adding the prometheus repo to our project from artifacthub;
-
Run the command to install helm:
helm install prometheus-community --namespace sock-shop prometheus-community/kube-prometheus-stack
-Both prometheus and grafana can be added to the configurations of the ingress.yaml file and hosted on aws route53.
- They can then be accessed as shown below;
-Prometheus:
-Grafana:
You can use the command below to get running services on kubernetes:
kubectl get svc -n sock-shop
-
-
Security:
The application will be secured with HTTPS using a Let's Encrypt certificate. Let's Encrypt is a free, automated, and open certificate authority that provides free SSL/TLS certificates for websites. The certificate will be used to secure the communication between the client and the Socks-Shop application, ensuring that the data is encrypted and secure.
This README document has provided a comprehensive overview of the Socks Shop microservices application deployment on Kubernetes using Infrastructure as Code (IaC). We have covered the key components, architecture, and steps involved in setting up the project.
Key Takeaways:
- Infrastructure as Code: Terraform was used to automate the provisioning of infrastructure resources on AWS, including the EKS cluster, VPC, and other necessary components.
- Microservices Architecture: The Socks Shop application is a collection of microservices deployed on Kubernetes, enabling scalability and flexibility.
- Monitoring and Alerting: Prometheus and Grafana were integrated to provide robust monitoring and visualization of application metrics.
- CI/CD Pipeline: The use of a CI/CD pipeline (GitHub Actions) automated the deployment process, ensuring consistency and efficiency.
- Security: Best practices for security were considered, including the use of HTTPS with Let's Encrypt and potential network perimeter security measures.
Future Enhancements:
- Scaling: Implement automated scaling mechanisms to adjust application resources based on load.
- Service Mesh: Explore the use of a service mesh like Istio for advanced traffic management and observability.
- Additional Monitoring: Consider adding more metrics and dashboards to gain deeper insights into application performance.
- Security Best Practices: Continuously review and update security measures to address evolving threats.
By following the steps outlined in this README and considering the future enhancements, you can further improve the deployment and management of the Socks Shop application on Kubernetes.