Amaan Sayyed's Blog
Step-by-Step Guide to 3-Tier Architecture Deployment on AWS EKS via Helm

Step-by-Step Guide to 3-Tier Architecture Deployment on AWS EKS via Helm

Amaan Sayyed's photo
Amaan Sayyed
·

7 min read

Table of contents

This blog provides a comprehensive guide for deploying a 3-tier architecture on AWS using Elastic Kubernetes Service (EKS) and Helm. It covers the key concepts of a 3-tier architecture, which typically includes a presentation layer (frontend), application layer (backend), and data layer (database). The guide explains how to set up AWS EKS, configure Helm, and deploy each layer of the architecture in a Kubernetes environment. The steps include creating necessary AWS resources, writing Kubernetes manifests for each tier, and using Helm to simplify application deployment and management. It also provides insights into best practices for security, scalability, and monitoring in the cloud-native environment.

Step 1: Create IAM User in AWS

1. Log in to the AWS console using your credentials.

2. In the search bar, enter ‘IAM’ to access the IAM Dashboard.

3. Navigate to the ‘Users’ section and select ‘Create User’.

4. Enter a Name, Check the Desired Options, and Proceed to Next Step

5. Click Next.

6. Click on Attach Policies directly

7. Use AdministratorAccess(Just for learning Purpose)

8. Click Next.

9. Click on Create user.

10. Click on View user.

11. Click on Security credentials

12. Now under security credentials, Go to Access keys

13. Click on Create access key

14. Select CLI & Accept terms and click on Next

15. Download .csv file and click on Done

Step 2: Create EC2 Instance

  1. Sign in to AWS Console: Log in to your AWS Management Console.

  2. Navigate to EC2 Dashboard: Go to the EC2 Dashboard by selecting “Services” in the top menu and then choosing “EC2” under the Compute section.

  3. Launch Instance: Click on the “Launch Instance” button to start the instance creation process.

  4. Choose an Amazon Machine Image (AMI): Select an appropriate AMI for your instance. For example, you can choose Ubuntu image.

  5. Choose an Instance Type: In the “Choose Instance Type” step, select t2.medium as your instance type. Proceed by clicking “Next: Configure Instance Details.”

  6. Configure Instance Details:

    • For “Number of Instances,” set it to 1 (unless you need multiple instances).

    • Configure additional settings like network, subnets, IAM role, etc., if necessary.

    • For “Storage,” click “Add New Volume” and set the size to 8GB (or modify the existing storage to 16GB).

    • Click “Next: Add Tags” when you’re done.

  7. Add Tags (Optional): Add any desired tags to your instance. This step is optional, but it helps in organizing instances.

  8. Configure Security Group:

    • Choose an existing security group or create a new one.

    • Ensure the security group has the necessary inbound/outbound rules to allow access as required.

  9. Review and Launch: Review the configuration details. Ensure everything is set as desired.

  10. Select Key Pair:

    • Select “Choose an existing key pair” and choose the key pair from the dropdown.

    • Acknowledge that you have access to the selected private key file.

    • Click “Launch Instances” to create the instance.

  11. Access the EC2 Instance: Once the instance is launched, you can access it using the key pair and the instance’s public IP or DNS.

Step 3: Connect to Instance and Install Required Packages

Install Eksctl

sudo apt update
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version

Install Kubectl

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.28.3/2023-11-14/bin/linux/amd64/kubectl
chmod +x ./kubectl
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
kubectl version --client

Install AWS-CLI

sudo apt install unzip -y
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Install HELM

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

Step 4: EKS Setup

Configure AWS Settings for us-west-2 Region

aws configure

Clone the GitHub Repository.

git clone https://github.com/amaan-sayyed/K8s-Projects.git
cd K8s-projects
cd 3-tier E-Commerce App

Create Cluster

eksctl create cluster --name demo-cluster-three-tier-1 --region us-west-2

Setting Up Commands for Configuring IAM OIDC Provider

USE CLUSTER NAME demo-cluster-three-tier-1

export cluster_name=<CLUSTER-NAME>

The command “export cluster_name=” is used in a computer’s command-line interface to create a named storage space (variable) that holds a specific value. It’s like giving a name to something so you can use it later. In this case, it’s creating a storage space called “cluster_name” and putting a value in it, which represents the name of a cluster. This helps remember and use the cluster’s name in other commands or programs without typing it repeatedly.

oidc_id=$(aws eks describe-cluster --name $cluster_name --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)

This command uses the AWS CLI (Command Line Interface) to extract a specific piece of information about an Amazon EKS (Elastic Kubernetes Service) cluster.

Check if there is an IAM OIDC provider configured already

aws iam list-open-id-connect-providers | grep $oidc_id | cut -d "/" -f4

This command utilizes the AWS CLI (Command Line Interface) to list OpenID Connect (OIDC) providers in your AWS Identity and Access Management (IAM) and extract specific information.

eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve

EKSCTL command used to associate the IAM OIDC provider with an Amazon EKS (Elastic Kubernetes Service) cluster.

Setup alb add on

Download IAM policy

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json

Create IAM Policy

aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json

Create IAM role

Please Add cluster name and Aws account ID

eksctl create iamserviceaccount \
  --cluster=<your-cluster-name> \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --role-name AmazonEKSLoadBalancerControllerRole \
  --attach-policy-arn=arn:aws:iam::<your-aws-account-id>:policy/AWSLoadBalancerControllerIAMPolicy \
  --approve

Implement ALB Controller

Add Helm Repository for Deployment

helm repo add eks https://aws.github.io/eks-charts

Update the repo

helm repo update eks

Update the VPC_ID in the following command after retrieving the VPC ID from EKS

helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=demo-cluster-three-tier-1 --set serviceAccount.create=false --set serviceAccount.name=aws-load-balancer-controller --set region=us-west-2 --set vpcId=<vpc-id>

Ensure Operational Deployment Success

kubectl get deployment -n kube-system aws-load-balancer-controller

EBS CSI Plugin Setup and Configuration

The Amazon EBS CSI plugin requires IAM permissions to make calls to AWS APIs on your behalf.

Create an IAM role and attach a policy. AWS maintains an AWS managed policy or you can create your own custom policy. You can create an IAM role and attach the AWS managed policy with the following command. Replace my-cluster with the name of your cluster. The command deploys an AWS CloudFormation stack that creates an IAM role and attaches the IAM policy to it.

Please add Cluster name

eksctl create iamserviceaccount \
    --name ebs-csi-controller-sa \
    --namespace kube-system \
    --cluster <YOUR-CLUSTER-NAME> \
    --role-name AmazonEKS_EBS_CSI_DriverRole \
    --role-only \
    --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
    --approve

Execute the following command, replacing ‘YOUR_CLUSTER_NAME’ with the actual name of your cluster and ‘YOUR_ACCOUNT_ID’ with your account ID.

eksctl create addon --name aws-ebs-csi-driver --cluster <YOUR-CLUSTER-NAME> --service-account-role-arn arn:aws:iam::<AWS-ACCOUNT-ID>:role/AmazonEKS_EBS_CSI_DriverRole --force

Step 5: Deploy Helm Chart

Navigate into the Helm and Establish a New Namespace

cd helm
kubectl create ns robot-shop

Now

helm install robot-shop --namespace robot-shop .

HELM CHART DEPLOYED!!!

Now check pods

kubectl get pods -n robot-shop

Check service

kubectl get svc -n robot-shop

Now Apply ingress

kubectl apply -f ingress.yaml

Navigate to AWS Console, Locate EC2, and Access Load Balancers — Copy DNS

Open a new tab and paste

Step 6: Delete this cluster

eksctl delete cluster --name demo-cluster-three-tier-1 --region us-west-2

Conclusion

In conclusion, deploying a 3-tier architecture on AWS EKS via Helm provides a robust and scalable solution for modern cloud-native applications. By leveraging EKS for managed Kubernetes and Helm for simplified deployments, organizations can streamline their infrastructure management while ensuring high availability, security, and scalability. This guide has walked you through the process of setting up and deploying each layer of the 3-tier architecture, from frontend to database, with a focus on best practices and optimal configurations. With this knowledge, you are now equipped to deploy resilient, scalable applications in the cloud, paving the way for efficient, cost-effective, and manageable deployments.

Feel free to checkout my blog : https://amaansayyed.hashnode.dev/

And connect with me at LinkedIn : www.linkedin.com/in/amaan-sayyed-351593258

Kubernetes