This is a file that contains cmd i run in terminal
Update kubeconfig
aws eks update-kubeconfig --region eu-central-1 --name myr-eks
Aws get user, to check if the user is the one we expect
aws iam get-user
Verify Configuration
kubectl get nodes
Add & update Helm Repo
helm repo add jetstack https://charts.jetstack.io && helm repo update
Install cert-manager
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace -f oc-cert-manager-values.yaml
Expected output for cluster-issuers
NAME: cert-manager
LAST DEPLOYED: Fri Jan 17 09:10:18 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
⚠️ WARNING: `installCRDs` is deprecated, use `crds.enabled` instead.
cert-manager v1.16.3 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
{[ Uninstall cert-manager ]}
helm uninstall cert-manager --namespace cert-manager
Verify cert-manager installation
kubectl get pods --namespace cert-manager
Expected output from cert-manager installation
NAME READY STATUS RESTARTS AGE
cert-manager-56d4c7dfb7-zjw9t 1/1 Running 0 9m4s
cert-manager-cainjector-6dc54dcd78-6xnwr 1/1 Running 0 9m4s
cert-manager-webhook-5d74598b49-htv6m 1/1 Running 0 9m4s
If everything is ok, let’s install cluster-issuers
kubectl apply -f cluster-issuers.yaml # one for prod and one for staging
Verify cluster-issuers installation
kubectl get clusterissuers
Expected output for cluster-issuers
NAME READY AGE
letsencrypt-production True 52s
letsencrypt-staging True 70s
Now we need to install the ingress controller, in this case, we will use nginx
helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace -f oc-nginx-ingress-values.yaml
{[ Uninstall nginx-ingress ]}
helm uninstall nginx-ingress --namespace ingress-nginx
Verify nginx-ingress installation
kubectl get pods --namespace ingress-nginx
Expected output for nginx-ingress installation
NAME READY STATUS RESTARTS AGE
nginx-ingress-ingress-nginx-controller-69786fcbcf-ns7bz 1/1 Running 0 70s
But the most important, we need to verify that the aws load balancer is created (and is not for free)
aws elb describe-load-balancers --region eu-central-1
also, we can get public ip of the load balancer
kubectl get svc -n ingress-nginx
or more like DNS name
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-ingress-nginx-controller LoadBalancer 10.100.187.190 a1f89970798f0470994dcbff9157a272-1612871129.eu-central-1.elb.amazonaws.com 80:32072/TCP,443:30113/TCP 8m14s
nginx-ingress-ingress-nginx-controller-admission ClusterIP 10.100.195.55 <none> 443/TCP 8m14s
when you pass this url to the browser, you should see the default nginx page, in my case 404 page not found.
Finally, we can start deploying our apps
kubectl apply -f deployment.yaml
✅ Important: Disclaimer about services and AWS
when using LoadBalancer, AWS will create a new load balancer for each service, so be careful with the costs. NodePort is a good option for testing, but not for production, you need to manage the ports and the security groups. Cluster IP is a good option for internal services, but you need to manage the ingress controller. Ingress controller when you create a new ingress, it will create a new rule in the load balancer, so you can have multiple services in the same load balancer.