Amazon EKS (Elastic Kubernetes Service) Fargate is a powerful service that allows you to run Kubernetes pods without managing the underlying infrastructure. It provides a serverless compute engine for containers that lets you focus on deploying applications rather than managing servers. This blog post will guide you through setting up an EKS Fargate cluster, installing necessary add-ons, deploying microservices, and configuring the AWS Ingress Controller to expose your services. We will also touch on managing networking and security within EKS Fargate.

Introduction to Amazon EKS Fargate

Amazon EKS Fargate is a serverless computing engine that runs Kubernetes pods. It simplifies operations by removing the need to manage servers and nodes, allowing developers to focus on application development. With EKS Fargate, you can benefit from the scalability and reliability of AWS infrastructure without the operational overhead.

Setting Up an EKS Fargate Cluster

Prerequisites

Before setting up the EKS Fargate cluster, ensure you have the following:

  • An AWS account with appropriate permissions.
  • AWS CLI installed and configured.
  • kubectl installed and configured.

Steps to Set Up EKS Fargate Cluster

  1. Create an EKS Cluster:

    eksctl create cluster –name my-eks-fargate-cluster –region us-west-2 –fargate
  2. Configure kubectl:

    aws eks –region us-west-2 update-kubeconfig –name my-eks-fargate-cluster
  1. Create Fargate Profiles:

    eksctl create fargateprofile –cluster my-eks-fargate-cluster –name my-fargate-profile –namespace default

Installing EKS Add-ons for Fargate

EKS add-ons enhance the functionality of your cluster. Essential add-ons include the AWS VPC CNI, CoreDNS, and kube-proxy.

  1. Install AWS VPC CNI:

    kubectl apply -k github.com/aws/eks-charts/stable/aws-node-termination-handler/crds?ref=master
  2. Install CoreDNS:

    kubectl apply -k github.com/aws/eks-charts/stable/coredns/crds?ref=master
  1. Install kube-proxy:

    kubectl apply -k github.com/aws/eks-charts/stable/kube-proxy/crds?ref=master

Deploying Microservices on EKS Fargate

Sample Deployment YAML

Create a deployment YAML file for your microservice:

apiVersion: apps/v1

kind: Deployment

metadata:

  name: my-microservice

  labels:

    app: my-microservice

spec:

  replicas: 2

  selector:

    matchLabels:

      app: my-microservice

  template:

    metadata:

      labels:

        app: my-microservice

    spec:

      containers:

      – name: my-microservice

        image: my-microservice-image:latest

        ports:

        – containerPort: 80

Apply the deployment:

kubectl apply -f my-microservice-deployment.yaml

Configuring and Deploying the AWS Ingress Controller

Install AWS Load Balancer Controller

  1. Create IAM policy:

    curl -o iam_policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json

aws iam create-policy –policy-name AWSLoadBalancerControllerIAMPolicy –policy-document file://iam_policy.json

  1. Create an IAM service account:

    eksctl create iamserviceaccount –cluster=my-eks-fargate-cluster –namespace=kube-system –name=aws-load-balancer-controller –attach-policy-arn=arn:aws:iam::<AWS_ACCOUNT_ID>:policy/AWSLoadBalancerControllerIAMPolicy –approve
  1. Install the controller:

    helm repo add eks https://aws.github.io/eks-charts

helm repo update

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system –set clusterName=my-eks-fargate-cluster –set serviceAccount.create=false –set serviceAccount.name=aws-load-balancer-controller

Exposing Microservices with AWS Ingress Controller

Create an Ingress resource to expose your microservice:

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  name: my-ingress

  namespace: default

  annotations:

    kubernetes.io/ingress.class: alb

    alb.ingress.kubernetes.io/scheme: internet-facing

spec:

  rules:

  – http:

      paths:

      – path: /

        pathType: Prefix

        backend:

          service:

            name: my-microservice

            port:

              number: 80

Apply the Ingress resource:

kubectl apply -f my-ingress.yaml

Managing Networking and Security in EKS Fargate

Networking

  • VPC Configuration: Ensure your VPC has appropriate subnets and route tables.
  • Security Groups: Define security groups to control inbound and outbound traffic.

Security

  • IAM Roles: Use IAM roles to provide necessary permissions to your pods.
  • Secrets Management: Utilize AWS Secrets Manager or Kubernetes secrets to manage sensitive data.

Monitoring and Logging

  • CloudWatch: Integrate with CloudWatch for monitoring and logging.
  • AWS Config: Use AWS Config to ensure compliance with security policies.

Conclusion

Amazon EKS Fargate simplifies the management of Kubernetes clusters by abstracting the underlying infrastructure. With the AWS Ingress Controller, you can easily expose your microservices to the internet. This guide covered the essentials for starting with EKS Fargate and deploying your applications with robust networking and security configurations.

References

Using ALB Ingress Controller with Amazon EKS on Fargate

Building and deploying Fargate with EKS in an enterprise context using the AWS Cloud Development Kit and cdk8s+