Amazon EKS (Kubernetes) installation and configuration and Virtuoso docker container deployment

What

This document details how to install and configure Amazon EKS and deploy a Virtuoso Docker container within it.

Amazon EKS Installation & Configuration

Amazon Elastic Container Service for Kubernetes (Amazon EKS) document provides details on setting up an EKS cluster. The eksctl tool makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS availability zones to eliminate a single point of failure.

The AWS Getting Started with Amazon EKS guide details the steps in setting up EKS under an AWS IAM user account.

The AWS CLI can be installed on a local machine to manage a EKS cluster as detailed in the Connecting a cluster guide.

A successful installation and configuration can be confirmed with the aws eks describe-cluster --name <cluster-name> --query cluster.status command:

De-iMac-1540:kubernetes hwilliams$ aws eks describe-cluster --name eksKubeCluster --query cluster.status
"ACTIVE"
De-iMac-1540:kubernetes hwilliams$

and can then be added as an available context to the current local Kubernetes configuration with the aws eks update-kubeconfig --name <cluster-name> command:

De-iMac-1540:kubernetes hwilliams$ aws eks update-kubeconfig --name eksKubeCluster
Updated context arn:aws:eks:us-east-1:129096879518:cluster/eksKubeCluster in /Users/hwilliams/.kube/config
De-iMac-1540:kubernetes hwilliams$

The available kubernetes context’s can then be viewed with the kubectl config get-contexts command to confirm it has been added and made the currently available context:

De-iMac-1540:docker hwilliams$ kubectl config get-contexts
CURRENT   NAME                                                        CLUSTER                                                     AUTHINFO                                                    NAMESPACE
*         arn:aws:eks:us-east-1:129096879518:cluster/eksKubeCluster   arn:aws:eks:us-east-1:129096879518:cluster/eksKubeCluster   arn:aws:eks:us-east-1:129096879518:cluster/eksKubeCluster   
          docker-for-desktop                                          docker-for-desktop-cluster                                  docker-for-desktop                                          
          minikube                                                    minikube                                                    minikube                                                    
De-iMac-1540:docker hwilliams$

Deployment of Virtuoso Docker container

Now the kubernetes (kubectl) context is set to the Amazon EKS installation, a Virtuoso docker container can be deployed as normal to the EKS worker nodes on AWS, with the kubectl run <name> ... and kubectl expose deployment <name> ... commands. Although as the EKS worker nodes are in AWS you cannot access them on localhost, thus to an Ingress Load balancer needs to be specified to as part of the deployment command to make the Virtuoso Container accessible from an external AWS DNS name with the --type=LoadBalancer attribute:

De-iMac-1540:virtuoso-test hwilliams$ kubectl run dh-vos7 --image=openlink/virtuoso-opensource-7 --port=8890
deployment.apps "dh-vos7" created
De-iMac-1540:virtuoso-test hwilliams$ kubectl expose deployment dh-vos7 --port=8890 --target-port=8890  --name=dh-vos7 --type=LoadBalancer
service "dh-vos7" exposed
De-iMac-1540:virtuoso-test hwilliams$ 

A description of the deployed Virtuoso service can be obtained with the kubectl describe services <name> command:

De-iMac-1540:virtuoso-test hwilliams$ kubectl describe services dh-vos7
Name:                     dh-vos7
Namespace:                default
Labels:                   run=dh-vos7
Annotations:              <none>
Selector:                 run=dh-vos7
Type:                     LoadBalancer
IP:                       10.100.33.17
LoadBalancer Ingress:     a421cf16b178e11e9907002dd8e13126-1265902190.us-east-1.elb.amazonaws.com
Port:                     <unset>  8890/TCP
TargetPort:               8890/TCP
NodePort:                 <unset>  31598/TCP
Endpoints:                192.168.97.103:8890
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age   From                Message
  ----    ------                ----  ----                -------
  Normal  EnsuringLoadBalancer  17s   service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   15s   service-controller  Ensured load balancer
De-iMac-1540:virtuoso-test hwilliams$

With the LoadBalancer Ingress attribute providing the external hostname the service is available on, thus the Virtuoso deployment can be accessed on http://a421cf16b178e11e9907002dd8e13126-1265902190.us-east-1.elb.amazonaws.com:8890

The Virtuoso dba users password can be determined by connecting to the deployed docker image and checking the contents of the cat /settings/dba_password file:

De-iMac-1540:virtuoso-test hwilliams$ kubectl exec -it dh-vos7-7769fb6cbd-wxtpw -- /bin/bash
root@dh-vos7-7769fb6cbd-wxtpw:/opt/virtuoso-opensource/database# pwd
/opt/virtuoso-opensource/database
root@dh-vos7-7769fb6cbd-wxtpw:/opt/virtuoso-opensource/database# cat /settings/dba_password
jtv9g5rP
root@dh-vos7-7769fb6cbd-wxtpw:/opt/virtuoso-opensource/database#

Kubernetes Web UI (Dashboard) Deployment

Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster resources. You can use Dashboard to get an overview of applications running on your cluster, as well as for creating or modifying individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc). For instructions on deployment see the Web UI Dashboard documentation.

Once deployed the Dashboard is accessed via a proxy with the kubectl proxy command:

De-iMac-1540:docker hwilliams$ kubectl proxy
Starting to serve on 127.0.0.1:8001

This will make Dashboard available at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

The kubectl port-forward can be used to easily exposed a service port on the localhost machine with a command of the form kubectl port-forward svc/dh-vos7 8890:8890 which will automatically expose the port for access on localhost:8890, enabling HTTP access to the Virtuoso web server interface.

Related

• Virtuoso Enterprise Edition Docker -- Quick Start Guide
• Creating and managing clusters - eksctl
• Installing or updating to the latest version of the AWS CLI - AWS Command Line Interface
• Connect an external Kubernetes cluster to the Amazon EKS Management Console - Amazon EKS
• Use Port Forwarding to Access Applications in a Cluster | Kubernetes)
• Create an External Load Balancer | Kubernetes
• https://console.aws.amazon.com/cloudformation
• GitHub - kubernetes-sigs/aws-iam-authenticator: A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
• Installing or updating to the latest version of the AWS CLI - AWS Command Line Interface
• Amazon EKS Achieves ISO and PCI Compliance