1 00:00:02,060 --> 00:00:04,040 And here we can get started 2 00:00:04,040 --> 00:00:05,700 with creating a cluster 3 00:00:05,700 --> 00:00:09,120 because, keep in mind, the cluster is what we need 4 00:00:09,120 --> 00:00:10,980 to create on our own. 5 00:00:10,980 --> 00:00:13,580 The things that run on the cluster, 6 00:00:13,580 --> 00:00:18,030 the pods and the containers, that's managed by Kubernetes. 7 00:00:18,030 --> 00:00:20,890 But the infrastructure, the network, 8 00:00:20,890 --> 00:00:23,510 all of that needs to be created by us, 9 00:00:23,510 --> 00:00:28,200 though the EKS service will actually make that a breeze. 10 00:00:28,200 --> 00:00:31,060 Now, it all starts with giving that cluster a name, 11 00:00:31,060 --> 00:00:35,010 and I will simply name it kub-dep-demo 12 00:00:35,010 --> 00:00:37,660 for Kubernetes Deployment Demo, 13 00:00:37,660 --> 00:00:40,270 but, of course, this name is up to you. 14 00:00:40,270 --> 00:00:43,480 Now, once you chose a name, click Next step. 15 00:00:43,480 --> 00:00:45,520 And here on this page, you can now configure 16 00:00:45,520 --> 00:00:48,340 some general things about your cluster. 17 00:00:48,340 --> 00:00:50,850 For example, the Kubernetes version, 18 00:00:50,850 --> 00:00:54,840 for me at the moment, the latest version I can pick is 1.17, 19 00:00:54,840 --> 00:00:57,230 so that's the version I will go with. 20 00:00:57,230 --> 00:00:59,810 And the next thing you need to pick here 21 00:00:59,810 --> 00:01:02,120 is the Cluster Service Role. 22 00:01:02,120 --> 00:01:04,530 Now, to understand this, you have to understand 23 00:01:04,530 --> 00:01:09,530 how AWS, and actually most cloud providers, works. 24 00:01:09,725 --> 00:01:13,800 AWS is powerful, and you got a bunch of services here. 25 00:01:13,800 --> 00:01:16,270 And these services can also work together. 26 00:01:16,270 --> 00:01:19,220 For example, EKS, behind the scenes, 27 00:01:19,220 --> 00:01:22,090 will create some EC2 instances. 28 00:01:22,090 --> 00:01:23,540 EC2 is that service 29 00:01:23,540 --> 00:01:26,560 which allows you to launch these virtual instances, 30 00:01:26,560 --> 00:01:28,600 these remote computers in the end, 31 00:01:28,600 --> 00:01:32,370 and EKS will use that service under the hood. 32 00:01:32,370 --> 00:01:34,420 The idea with EKS 33 00:01:34,420 --> 00:01:37,420 just is that you don't have to do this on your own, 34 00:01:37,420 --> 00:01:40,090 but that instead, it's managed for you. 35 00:01:40,090 --> 00:01:42,540 And in order to allow EKS 36 00:01:42,540 --> 00:01:45,800 to create other resources on your behalf, 37 00:01:45,800 --> 00:01:48,970 you need to give it appropriate permissions. 38 00:01:48,970 --> 00:01:52,440 And you do that with another AWS service 39 00:01:52,440 --> 00:01:57,333 which allows you to manage permissions, the IAM service, 40 00:01:58,260 --> 00:02:02,190 which stands for Identity and Access Management. 41 00:02:02,190 --> 00:02:05,000 Here, you can configure various roles 42 00:02:05,000 --> 00:02:08,800 which you then can assign to users or other services, 43 00:02:08,800 --> 00:02:13,410 in the end controlling what these users and services can do. 44 00:02:13,410 --> 00:02:17,150 And here, we wanna create a role for the EKS service, 45 00:02:17,150 --> 00:02:20,080 giving that service certain permissions 46 00:02:20,080 --> 00:02:22,430 to do something on our behalf. 47 00:02:22,430 --> 00:02:23,693 That's the idea here. 48 00:02:24,770 --> 00:02:28,030 So therefore, here on the IAM Console, 49 00:02:28,030 --> 00:02:32,400 which I opened in a new tab, you wanna create a new role. 50 00:02:32,400 --> 00:02:36,470 And here, make sure AWS service is selected. 51 00:02:36,470 --> 00:02:39,240 Scroll down to EKS. 52 00:02:39,240 --> 00:02:43,820 You can also, of course, simply search for that on the page. 53 00:02:43,820 --> 00:02:48,120 Click on EKS and then choose EKS Cluster. 54 00:02:48,120 --> 00:02:51,010 This will gie you a predefined role, 55 00:02:51,010 --> 00:02:53,750 which is predefined for EKS 56 00:02:53,750 --> 00:02:57,900 to give EKS all the permissions it needs. 57 00:02:57,900 --> 00:03:01,090 Simply click Next Permissions with that selected 58 00:03:02,170 --> 00:03:05,893 and confirm this page without any changes. 59 00:03:06,740 --> 00:03:08,400 You can add tags here, 60 00:03:08,400 --> 00:03:12,190 which are not important though, so we will just continue. 61 00:03:12,190 --> 00:03:14,210 Review this and give this a name. 62 00:03:14,210 --> 00:03:16,583 And I will name it eksClusterRole. 63 00:03:17,640 --> 00:03:19,230 But this name is totally up to you. 64 00:03:19,230 --> 00:03:22,580 You just need to give some name to your role. 65 00:03:22,580 --> 00:03:25,370 Once you chose a name, click Create role, 66 00:03:25,370 --> 00:03:27,600 and this will now create such a role. 67 00:03:27,600 --> 00:03:29,690 Now, you see I already got a bunch of roles. 68 00:03:29,690 --> 00:03:32,350 Of course, you probably have less roles than that, 69 00:03:32,350 --> 00:03:35,650 but you now got this very important EKS role. 70 00:03:35,650 --> 00:03:37,150 With that created, 71 00:03:37,150 --> 00:03:41,870 go back to the EKS cluster configuration page here. 72 00:03:41,870 --> 00:03:45,620 And on Select role, click that refresh icon 73 00:03:45,620 --> 00:03:48,633 and then select the role you just created. 74 00:03:50,420 --> 00:03:53,560 Now, with that, you can leave all the other defaults 75 00:03:53,560 --> 00:03:55,223 and click on Next. 76 00:03:56,080 --> 00:03:59,510 As a next step, we now need to set up or configure 77 00:03:59,510 --> 00:04:02,980 the network for this cluster. 78 00:04:02,980 --> 00:04:06,120 So the network to which all these nodes, 79 00:04:06,120 --> 00:04:09,050 the remote machines, will be added. 80 00:04:09,050 --> 00:04:11,490 And, of course, this network needs to be created 81 00:04:11,490 --> 00:04:15,650 such that to some extent, it is accessible from outside, 82 00:04:15,650 --> 00:04:17,220 so from the world wide web, 83 00:04:17,220 --> 00:04:21,180 and to some extent it's only accessible from inside 84 00:04:21,180 --> 00:04:23,410 so that protected network 85 00:04:23,410 --> 00:04:26,010 internal communication is possible, 86 00:04:26,010 --> 00:04:29,360 but at the same time, it's possible to send requests 87 00:04:29,360 --> 00:04:32,580 from the outside world into that cluster. 88 00:04:32,580 --> 00:04:34,230 Now, to create such a network, 89 00:04:34,230 --> 00:04:36,820 you could use this VPC Console, 90 00:04:36,820 --> 00:04:39,940 but actually click on Services here at the top 91 00:04:39,940 --> 00:04:44,030 and search for cloud formation 92 00:04:44,030 --> 00:04:46,280 and open this in a new tab. 93 00:04:46,280 --> 00:04:49,652 You can close the IAM tab by the way. 94 00:04:49,652 --> 00:04:51,230 CloudFormation is a service 95 00:04:51,230 --> 00:04:55,740 which allows you to easily create things with other services 96 00:04:55,740 --> 00:04:57,880 based on certain templates. 97 00:04:57,880 --> 00:05:02,750 Simply click on Create stack here, leave all the defaults. 98 00:05:02,750 --> 00:05:06,500 And then here, you need to paste in a certain URL, 99 00:05:06,500 --> 00:05:09,230 which you find on the attached page. 100 00:05:09,230 --> 00:05:12,360 Attached to this lecture, you find a link to this page, 101 00:05:12,360 --> 00:05:16,210 and here you will find this URL. 102 00:05:16,210 --> 00:05:17,180 Copy that URL 103 00:05:18,660 --> 00:05:22,150 and paste that here into this box, 104 00:05:22,150 --> 00:05:23,910 and then click Next. 105 00:05:23,910 --> 00:05:25,940 And this simply contains a template 106 00:05:25,940 --> 00:05:28,220 for the network which you wanna create. 107 00:05:28,220 --> 00:05:32,210 So click Next, leave all these parameters, 108 00:05:32,210 --> 00:05:36,633 just give this stack a name, for example, eksVpc, 109 00:05:38,630 --> 00:05:40,660 and click Next. 110 00:05:40,660 --> 00:05:42,810 You can add tags, but you don't need to. 111 00:05:42,810 --> 00:05:45,740 You can leave all the other defaults here as they are. 112 00:05:45,740 --> 00:05:50,293 You don't need to fill anything out here, and click Next. 113 00:05:51,710 --> 00:05:55,890 And then at the end here, click Create stack. 114 00:05:55,890 --> 00:05:58,953 And this will now create such a VPC network for you, 115 00:05:59,840 --> 00:06:02,380 which can take a short while. 116 00:06:02,380 --> 00:06:04,700 But actually even before this finish, 117 00:06:04,700 --> 00:06:08,490 you can close this page, it will continue nonetheless, 118 00:06:08,490 --> 00:06:11,210 and then go to your Cluster page again, 119 00:06:11,210 --> 00:06:13,100 click this refresh icon, 120 00:06:13,100 --> 00:06:16,640 and now select the newly created VPC here 121 00:06:16,640 --> 00:06:18,613 with that name you assigned. 122 00:06:19,760 --> 00:06:23,033 Leave all the other defaults here as they are. 123 00:06:24,090 --> 00:06:28,480 And for Cluster endpoint access, choose Public and private 124 00:06:28,480 --> 00:06:31,730 because we wanna create a cluster which is both able 125 00:06:31,730 --> 00:06:35,290 to handle incoming requests from the outside world 126 00:06:35,290 --> 00:06:40,290 as well as have protected traffic inside of the cluster. 127 00:06:41,330 --> 00:06:45,730 So, node-to-node or pods-to-pods traffic 128 00:06:45,730 --> 00:06:47,740 should be inside of the cluster 129 00:06:47,740 --> 00:06:51,160 and not go out of the cluster back into it. 130 00:06:51,160 --> 00:06:52,610 And at the same time, of course, 131 00:06:52,610 --> 00:06:54,680 we want to have certain endpoints 132 00:06:54,680 --> 00:06:57,790 which should be reachable from outside. 133 00:06:57,790 --> 00:07:01,990 So let's go for Public and private here, and click Next. 134 00:07:01,990 --> 00:07:04,250 You don't need to enable anything here, 135 00:07:04,250 --> 00:07:07,273 but if you want extra logging, you can, of course, do that. 136 00:07:08,370 --> 00:07:12,020 Click Next again, and now review all your settings, 137 00:07:12,020 --> 00:07:14,320 and if you're happy, click Create. 138 00:07:14,320 --> 00:07:18,410 And this will now create such EKS cluster, 139 00:07:18,410 --> 00:07:22,580 so a Kubernetes Cluster with help of EKS. 140 00:07:22,580 --> 00:07:23,620 And for the moment, 141 00:07:23,620 --> 00:07:27,400 it will set up the network and all these things. 142 00:07:27,400 --> 00:07:30,290 As a next step, we're going to add nodes. 143 00:07:30,290 --> 00:07:32,570 We're going to add the remote machines 144 00:07:32,570 --> 00:07:36,940 on which the Kubernetes software is installed, so to say, 145 00:07:36,940 --> 00:07:41,120 and on which we then, of course, all can run our pods. 146 00:07:41,120 --> 00:07:44,810 So let's wait for this cluster creation to finish, 147 00:07:44,810 --> 00:07:47,423 which can take a couple of minutes actually. 148 00:07:48,740 --> 00:07:51,850 Now, actually, whilst this is still creating, 149 00:07:51,850 --> 00:07:54,500 we can already work on something else 150 00:07:54,500 --> 00:07:57,540 and keep that running in the background. 151 00:07:57,540 --> 00:08:00,660 Remember that kubectl command? Of course, you do. 152 00:08:00,660 --> 00:08:02,030 We use it all the time 153 00:08:02,030 --> 00:08:05,750 to, in the end, send commands to our cluster. 154 00:08:05,750 --> 00:08:09,060 And at the moment, we're doing this with minikube. 155 00:08:09,060 --> 00:08:11,290 When I run kubectl apply, 156 00:08:11,290 --> 00:08:14,000 and I wanna apply a certain configuration, 157 00:08:14,000 --> 00:08:17,313 this command is sent to the minikube cluster. 158 00:08:18,150 --> 00:08:22,750 Now, soon, we wanna send this to our EKS cluster instead. 159 00:08:22,750 --> 00:08:24,770 And you might wonder anyways, 160 00:08:24,770 --> 00:08:28,293 how does kubectl know that we wanna talk to minikube? 161 00:08:29,380 --> 00:08:32,110 Well, the cost- of a certain file, 162 00:08:32,110 --> 00:08:34,270 which you find in your User folder, 163 00:08:34,270 --> 00:08:37,363 both on macOS as well as Windows. 164 00:08:38,570 --> 00:08:41,880 In your User folder on both operating systems, 165 00:08:41,880 --> 00:08:44,693 you will find a .kube folder. 166 00:08:49,390 --> 00:08:53,040 And make sure you're able to see hidden folders and files. 167 00:08:53,040 --> 00:08:56,470 Otherwise, this folder might not show up. 168 00:08:56,470 --> 00:08:59,010 So you have this .kube folder, 169 00:08:59,010 --> 00:09:02,340 and in there, you'll have a config file. 170 00:09:02,340 --> 00:09:05,270 You can open this with any text editor, 171 00:09:05,270 --> 00:09:08,283 on Windows with Notepad, for example. 172 00:09:11,120 --> 00:09:13,540 And this is a configuration file 173 00:09:13,540 --> 00:09:17,450 which will be used by the kubectl command. 174 00:09:17,450 --> 00:09:19,970 And at the moment, it holds information 175 00:09:19,970 --> 00:09:24,150 which allows kubectl to connect to the minikube cluster 176 00:09:24,150 --> 00:09:26,313 which runs in a virtual machine. 177 00:09:27,720 --> 00:09:31,400 Now, that was nice up to this point, that is what we needed, 178 00:09:31,400 --> 00:09:33,830 but, of course, now that will change. 179 00:09:33,830 --> 00:09:35,860 Now, we wanna change this file 180 00:09:35,860 --> 00:09:39,080 such that it's able to talk to our EKS cluster 181 00:09:39,080 --> 00:09:40,663 once that is set up. 182 00:09:41,590 --> 00:09:43,420 So therefore, I would recommend 183 00:09:43,420 --> 00:09:48,240 that you just copy this file for the moment and save a copy, 184 00:09:48,240 --> 00:09:51,950 maybe named config.minikube, 185 00:09:51,950 --> 00:09:54,160 so that you can always easily go back 186 00:09:54,160 --> 00:09:56,500 if you wanna talk to minikube again, 187 00:09:56,500 --> 00:10:00,490 because now we're going to override the original config file 188 00:10:00,490 --> 00:10:04,803 with a config file that allows us to communicate with EKS. 189 00:10:06,000 --> 00:10:09,200 Now, to override it, the easiest way of doing that 190 00:10:09,200 --> 00:10:13,672 is to use a certain tool which AWS offers, 191 00:10:13,672 --> 00:10:17,200 the AWS Command Line Interface. 192 00:10:17,200 --> 00:10:22,003 And you can simply search for AWS CLI to find that tool. 193 00:10:22,910 --> 00:10:25,690 Now, that's a tool which allows you to run commands 194 00:10:25,690 --> 00:10:28,910 from inside the command line on your local machine 195 00:10:28,910 --> 00:10:31,890 against your AWS account. 196 00:10:31,890 --> 00:10:34,470 For that, you need to download and install it, 197 00:10:34,470 --> 00:10:36,630 and there's a Windows installer available, 198 00:10:36,630 --> 00:10:40,460 and a MacOS installer, and an installer for Linux. 199 00:10:40,460 --> 00:10:43,400 And I will, of course, use the MacOS installer, 200 00:10:43,400 --> 00:10:44,920 but you should, of course, use the one 201 00:10:44,920 --> 00:10:47,810 appropriate for your operating system. 202 00:10:47,810 --> 00:10:49,590 And it's a straightforward installer 203 00:10:49,590 --> 00:10:51,060 which gets downloaded here 204 00:10:51,060 --> 00:10:53,160 through which you can simply walk 205 00:10:53,160 --> 00:10:55,150 by confirming all the defaults. 206 00:10:55,150 --> 00:10:57,010 And in the end, this will then set up 207 00:10:57,010 --> 00:11:00,883 this command line interface tool on your machine. 208 00:11:02,440 --> 00:11:07,080 So make sure you install that tool on your machine. 209 00:11:07,080 --> 00:11:10,050 And once it is installed on your local machine, 210 00:11:10,050 --> 00:11:12,590 you will be able to use that. 211 00:11:12,590 --> 00:11:15,950 Now, actually, in order to be able to use that, 212 00:11:15,950 --> 00:11:17,343 we need to go back to AWS 213 00:11:18,610 --> 00:11:20,330 and then click on your account name 214 00:11:20,330 --> 00:11:22,350 in the top-right corner 215 00:11:22,350 --> 00:11:27,350 and go to My Security Credentials, open that in a new tab, 216 00:11:27,740 --> 00:11:30,790 and here go to Access Keys. 217 00:11:30,790 --> 00:11:33,400 This is an access key which you will need, 218 00:11:33,400 --> 00:11:38,110 if with the AWS CLI, in order to be able to run commands 219 00:11:38,110 --> 00:11:41,100 against this AWS account. 220 00:11:41,100 --> 00:11:43,820 So create a new access key here 221 00:11:43,820 --> 00:11:46,900 and download the key file this gives you. 222 00:11:46,900 --> 00:11:49,800 Save it anywhere and make sure you don't lose it. 223 00:11:49,800 --> 00:11:51,230 You can create a new one 224 00:11:51,230 --> 00:11:53,380 and delete the existing one if you do, 225 00:11:53,380 --> 00:11:56,760 but it's better to not lose it in the first place. 226 00:11:56,760 --> 00:11:58,810 Now this file which you got there, 227 00:11:58,810 --> 00:12:02,850 that's a file you can open with any text editor, 228 00:12:02,850 --> 00:12:05,670 for example, also with Visual Studio Code, 229 00:12:05,670 --> 00:12:08,520 by simply dragging and dropping it into that file. 230 00:12:08,520 --> 00:12:13,520 And here, you'll find an AccessKeyId and an AWSSecretKey, 231 00:12:13,960 --> 00:12:15,080 and we will need both 232 00:12:15,960 --> 00:12:19,260 because now you should run aws configure 233 00:12:19,260 --> 00:12:23,330 to connect the AWS CLI, which we installed, 234 00:12:23,330 --> 00:12:26,610 to your account, your AWS account, 235 00:12:26,610 --> 00:12:29,990 so that it's able to successfully run commands 236 00:12:29,990 --> 00:12:31,640 in that account. 237 00:12:31,640 --> 00:12:34,220 So just run aws configure, 238 00:12:34,220 --> 00:12:37,990 and then enter your Access Key ID here 239 00:12:37,990 --> 00:12:39,003 and hit Enter. 240 00:12:40,330 --> 00:12:45,110 Enter your AWS Secret Key thereafter, 241 00:12:45,110 --> 00:12:48,880 copy and paste it from that CSV file which you downloaded, 242 00:12:48,880 --> 00:12:51,240 enter it here and hit Enter. 243 00:12:51,240 --> 00:12:55,920 Enter your default region name, which could be us-east-1. 244 00:12:55,920 --> 00:13:00,500 This concept of region is a key concept in AWS. 245 00:13:00,500 --> 00:13:03,580 You can select a region up here in the right corner. 246 00:13:03,580 --> 00:13:06,740 And services are available in different regions. 247 00:13:06,740 --> 00:13:11,740 And, for example, here I set up my EKS cluster in the Ohio, 248 00:13:12,150 --> 00:13:14,490 the us-east-2 region, 249 00:13:14,490 --> 00:13:17,040 and therefore, actually, that is the region 250 00:13:17,040 --> 00:13:18,773 I am going to pick here. 251 00:13:19,970 --> 00:13:23,270 Hit Enter, and you don't need to enter anything here 252 00:13:23,270 --> 00:13:25,923 for the fourth option, and hit Enter again. 253 00:13:27,470 --> 00:13:30,130 Now, the AWS CLI is configured 254 00:13:30,130 --> 00:13:33,690 such that it can talk to your AWS account 255 00:13:33,690 --> 00:13:35,403 and do things for you. 256 00:13:36,420 --> 00:13:40,050 And we need that because we need to run one specific command 257 00:13:40,050 --> 00:13:43,450 for which we need this cluster to be active though. 258 00:13:43,450 --> 00:13:45,830 So make sure you wait until it is active 259 00:13:45,830 --> 00:13:48,640 and until it is done being created. 260 00:13:48,640 --> 00:13:52,170 Once that is the case, once your cluster is up and running, 261 00:13:52,170 --> 00:13:54,940 use the AWS CLI 262 00:13:54,940 --> 00:13:58,700 and enter aws, whitespace, eks 263 00:13:58,700 --> 00:14:03,700 to do something with the EKS service, --region, 264 00:14:04,930 --> 00:14:07,800 and now ensure you pick the region you have here 265 00:14:07,800 --> 00:14:11,340 in the top-right corner for your running cluster, 266 00:14:11,340 --> 00:14:14,923 so in my case, us-east-2, 267 00:14:17,520 --> 00:14:19,360 and enter this here. 268 00:14:19,360 --> 00:14:22,040 Make sure you have no typo. 269 00:14:22,040 --> 00:14:27,040 And then run the update-kubeconfig command, 270 00:14:27,440 --> 00:14:31,570 and then --name, and then your cluster name, 271 00:14:31,570 --> 00:14:35,720 so in my case, that's kub-dep-demo, 272 00:14:35,720 --> 00:14:37,873 the cluster name you chose earlier. 273 00:14:38,740 --> 00:14:40,110 And what this will do 274 00:14:40,110 --> 00:14:43,780 is it will update this kube config file here 275 00:14:43,780 --> 00:14:46,400 with all the data it needs for kubectl 276 00:14:47,250 --> 00:14:51,143 to talk to your AWS cluster instead of minikube. 277 00:14:52,270 --> 00:14:54,810 So hit Enter after you save 278 00:14:54,810 --> 00:14:58,190 your original minikube configuration file. 279 00:14:58,190 --> 00:15:01,110 And if you would now inspect this config file again 280 00:15:01,110 --> 00:15:03,530 with a text editor, you would notice 281 00:15:03,530 --> 00:15:07,720 that there's a lot of AWS-specific data in there. 282 00:15:07,720 --> 00:15:11,550 And indeed now, if you run kubectl get pods, 283 00:15:11,550 --> 00:15:14,710 this will do the same as it did before, 284 00:15:14,710 --> 00:15:18,290 but it will actually talk to your AWS cluster 285 00:15:18,290 --> 00:15:20,593 and not to the minikube cluster. 286 00:15:21,460 --> 00:15:24,083 Indeed, you can now run minikube delete, 287 00:15:25,650 --> 00:15:28,170 and it deletes that minikube cluster 288 00:15:29,360 --> 00:15:33,060 and you would still be able to run kubectl get pods, 289 00:15:33,060 --> 00:15:35,740 because this now executes 290 00:15:35,740 --> 00:15:39,480 in your AWS-managed EKS cluster, 291 00:15:39,480 --> 00:15:42,333 and that's, of course, great and an important step.