Whilst deploying applications on EKS using Terraform is a straightforward process, there are some tools and prerequisites you will need to have on hand to be successful. This tutorial is for use within an AWS cloud platform setting and will take you through the processes to:
The end result will be an automated deployment mechanism using GitOps concept.
For this deployment project, you will need:
You will find the prerequisite conditions for each of these tools in the Prerequisites section.
Before you begin the application deployment, review the design of the AWS account architecture. As you can see in the diagram below, the AWS account architecture is made up of three accounts: developer, management and production. Please be aware that whichever account you have selected at the time of deployment through the GitHub actions and Argo CD, that is where your application will be deployed. For example, if you have selected the Management account, your application will deploy in the Management account.
The code supplied in this tutorial will automatically install and configure the prerequisite tools. If you expect to make modifications to the code, or will be working on a local machine, do make sure you have these tools handy:
(Refer to the tutorial links above for more clarity and guidance.)
Using Amazon Elastic Kubernetes Service (Amazon EKS) makes it easy to manage, deploy and scale containerised applications on both AWS and on-premises systems. And utilising the collaboration tool GitHub makes contributing code to open source projects simple.
Manually perform the following steps on both AWS and GitHub to prepare your application deployment:
As a software workflow automation tool, GitHub Actions, makes code reviews, managing branches and issuing triaging work straightforward. For the purpose of this application deployment, you will use GitHub Actions for the Continuous Integration and branch management. The Prerequisites for GitHubs Actions Integration is:
As an open source infrastructure as code tool (IaC), with Terraform you can build, change and version your infrastructure safely and efficiently. It also includes automatic infrastructure management and significantly reduces provisioning time.
This code will result in the deployment of a single node infrastructure (refer to section 5). If you wish to make modifications to the infrastructure, make sure that all of the criteria below are present:
As a GitOps continuous delivery tool for Kubernetes, Argo CD continuously monitors running applications through its Application Controller. It helps compare the live application with the desired state defined in the Git repository.
Here, Argo CD is used to deploy the infrastructure and applications on Kubernetes. Before deployment, these need to be present in the EKS cluster:
A sequence of events leads to the deployment of your web application, as the architecture diagram below shows. First, the developer commits the developed code to GitHub. Then, GitHub Actions are triggered, creating a container for the code to be built in. This code is automatically pushed to Argo CD where deployment of the cluster occurs on Amazon EKS.
Your web application is now live and accessible to the public.
.
Once your tools and prerequisites are ready, you can deploy your application. Follow the steps below (using the tutorial links if you need them) to take you through the process:
git clone https://github.com/stackgenie/stackgenie-devops-eksapp.git
terraform { backend "s3" { bucket = "terraform-tfstate-bucket-name" region = "eu-west-2" dynamodb_table = "yourtablename-terraform-state-locking" } }
server: ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" hosts: - HOSTNAME
domainFilters: - DOMAIN_NAME serviceAccount: annotations: eks.amazonaws.com/role-arn: DNS_ARN
(You can find the values files inside the Cloned Repo.)
Deploy your application through three different stages:
TF_VERBOSE: 'apply/destroy'
Terraform “apply” will provision the infrastructure
For deprovisioning, follow the steps outline in section 7
Keeping the value as null (“ “) will make no changes (it will cause the nulled steps to be skipped)
ARGO_VERBOSE: 'install/uninstall' DOMAIN_NAME: 'dev.yourdomain.com' ARGO_HOSTNAME: 'argocd.dev.yourdomain.com'
(Leave the ARGO_VERBOSE as null (“ “) if you want to skip this step.)
---
apiVersion: v1
kind: Namespace
metadata:
name: sample
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-app
namespace: sample
spec:
selector:
matchLabels:
app: hello
replicas: 2
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
---
apiVersion: v1
kind: Service
metadata:
name: hello-service
namespace: sample
labels:
app: hello
spec:
type: ClusterIP
selector:
app: hello
ports:
- port: 80
targetPort: 8080
protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
namespace: sample
spec:
rules:
- host: sample.yourdomain.com
http:
paths:
- backend:
serviceName: hello-service
servicePort: 80
WEBAPP_VERBOSE: ""
argocd repo add https://github.com/your-repo-name.git --name sample argocd app create sample \ --repo https://github.com/your-repo-name.git \ --revision branch-name \ --path . \ --dest-namespace web-app \ --dest-server https://kubernetes.default.svc
(If you are using a private repo then use: -username your-github-username –password your-github-password/token with argocd repo add command.)
on: push: branches: - your-branch-name pull_request: branches: - your-branch-name
(When a push is triggered on this branch, it will trigger the deployment)
WORKSPACE_ENV: 'your-env'
Commit and push your changes to trigger the build
(You can monitor the build’s status by selecting the ‘Actions’ tab of your repo. A tick mark will show once each job has been successful – you can check the job logs by clicking the arrow beside each job.)
aws ssm get-parameter --name ARGO_LOGIN_SECRET \ --profile "your-accounts-cli-profile-name" --query Parameter.Value \ --output text | openssl aes-256-cbc -d -a -iter 2 -k "your-cluster-id"
Once you have deployed your application, you will need to test it to see if it works. If you have been successful, you will get the message: “Hello World!!” When you’ve entered the app URL in your browser.
If you have been unsuccessful, we recommend reviewing the code you have used for inaccuracies and mistakes and running through each of the steps as explained above.
Follow these steps to deprovision your application:
We hope that this tutorial was helpful to you. For more advanced learning, refer to other expert StackGenie posts in our Tech Corner.