Screenshot.png

This is a file that contains cmd I run in the terminal

The purpose of this file is to deploy PrestaShop on AWS EKS using NGINX Ingress, cert-manager and best practices for cost-effective, production-ready setups.

Update kubeconfig

aws eks update-kubeconfig --region eu-central-1 --name myr-eks

Aws get user, to check if the user is the one we expect

aws iam get-user

Verify Configuration, to check if the configuration is correct

kubectl get nodes

Add & update Helm Repo, jetstack is the repo for cert-manager

helm repo add jetstack https://charts.jetstack.io && helm repo update

Install cert-manager, with -f we can pass custom values

helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace  -f oc-cert-manager-values.yaml

Expected output for cluster-issuers

NAME: cert-manager
LAST DEPLOYED: Fri Jan 17 09:10:18 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
⚠️  WARNING: `installCRDs` is deprecated, use `crds.enabled` instead.
cert-manager v1.16.3 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/

✅ Important:

If anything goes wrong, you can uninstall cert-manager with the following command

{[ Uninstall cert-manager ]}

helm uninstall cert-manager --namespace cert-manager

Verify cert-manager installation

kubectl get pods --namespace cert-manager

Expected output from cert-manager installation

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-56d4c7dfb7-zjw9t              1/1     Running   0          9m4s
cert-manager-cainjector-6dc54dcd78-6xnwr   1/1     Running   0          9m4s
cert-manager-webhook-5d74598b49-htv6m      1/1     Running   0          9m4s

If everything is OK, let’s install cluster-issuers

kubectl apply -f cluster-issuers.yaml # one for prod and one for staging

Verify cluster-issuers installation

kubectl get clusterissuers

Expected output for cluster-issuers

NAME                     READY   AGE
letsencrypt-production   True    52s
letsencrypt-staging      True    70s

Now we need to install the ingress controller, in this case, we will use nginx

helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace -f oc-nginx-ingress-values.yaml

{[ Uninstall nginx-ingress ]}

helm uninstall nginx-ingress --namespace ingress-nginx

Verify nginx-ingress installation

kubectl get pods --namespace ingress-nginx

Expected output for nginx-ingress installation

NAME                                                      READY   STATUS    RESTARTS   AGE
nginx-ingress-ingress-nginx-controller-69786fcbcf-ns7bz   1/1     Running   0          70s

But the most important, we need to verify that the aws load balancer is created (and is not for free)

aws elb describe-load-balancers --region eu-central-1

also, we can get public ip of the load balancer

kubectl get svc -n ingress-nginx

or more like DNS name

 NAME                                               TYPE           CLUSTER-IP       EXTERNAL-IP                                                                  PORT(S)                      AGE
nginx-ingress-ingress-nginx-controller             LoadBalancer   10.100.187.190   a1f89970798f0470994dcbff9157a272-1612871129.eu-central-1.elb.amazonaws.com   80:32072/TCP,443:30113/TCP   8m14s
nginx-ingress-ingress-nginx-controller-admission   ClusterIP      10.100.195.55    <none>                                                                       443/TCP                      8m14s

when you pass this url to the browser, you should see the default nginx page; in my case, 404 pages are not found.

Finally, we can start deploying our apps

kubectl apply -f deployment.yaml

✅ Important: Disclaimer about services and AWS

When using LoadBalancer, AWS will create a new load balancer for each service, so be careful with the costs. NodePort is a good option for testing, but not for production, you need to manage the ports and the security groups. Cluster IP is a good option for internal services, but you need to manage the ingress controller. Ingress controller when you create new ingress, it will create a new rule in the load balancer, so you can have multiple services in the same load balancer.