Deploy Kubernetes resources and packages using Amazon EKS and a Helm chart repository in Amazon S3 - AWS Prescriptive Guidance

Deploy Kubernetes resources and packages using Amazon EKS and a Helm chart repository in Amazon S3

Created by Sagar Panigrahi (AWS)

Environment: PoC or pilot

Technologies: Containers & microservices; DevOps

AWS services: Amazon EKS

Summary

This pattern helps you to manage Kubernetes applications efficiently, regardless of their complexity. The pattern integrates Helm into your existing continuous integration and continuous delivery (CI/CD)  pipelines to deploy applications into a Kubernetes cluster. Helm is a Kubernetes package manager that helps you manage Kubernetes applications. Helm charts help to define, install, and upgrade complex Kubernetes applications. Charts can be versioned and stored in Helm repositories, which improves mean time to restore (MTTR) during outages. 

This pattern uses Amazon Elastic Kubernetes Service (Amazon EKS) for the Kubernetes cluster. It uses Amazon Simple Storage Service (Amazon S3) as a Helm chart repository, so that the charts can be centrally managed and accessed by developers across the organization.

Prerequisites and limitations

Prerequisites

  • An active Amazon Web Services (AWS) account with a virtual private cloud (VPC)

  • An Amazon EKS cluster 

  • Worker nodes set up within the Amazon EKS cluster and ready to take workloads

  • Kubectl for configuring the Amazon EKS kubeconfig file for the target cluster in the client machine

  • AWS Identity and Access Management (IAM) access to create the S3 bucket

  • IAM (programmatic or role) access to Amazon S3 from the client machine

  • Source code management and a CI/CD pipeline

Limitations

  • There is no support at this time for upgrading, deleting, or managing custom resource definitions (CRDs).

  • If you are using a resource that refers to a CRD, the CRD must be installed separately (outside of the chart).

Product versions

  • Helm v3.6.3

Architecture

Target technology stack

  • Amazon EKS

  • Amazon VPC

  • Amazon S3

  • Source code management

  • Helm

  • Kubectl

Target architecture 

Client Helm and Kubectl deploy a Helm chart repo in Amazon S3 for Amazon EKS clusters.

Automation and scale

  • AWS CloudFormation can be used to automate the infrastructure creation. For more information, see Creating Amazon EKS resources with AWS CloudFormation in the Amazon EKS documentation.

  • Helm is to be incorporated into your existing CI/CD automation tool to automate the packaging and versioning of Helm charts (out of scope for this pattern).

  • GitVersion or Jenkins build numbers can be used to automate the versioning of charts.

Tools

Tools

  • Amazon EKS – Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service for running Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications.

  • Helm – Helm is a package manager for Kubernetes that helps you install and manage applications on your Kubernetes cluster.

  • Amazon S3 – Amazon Simple Storage Service (Amazon S3) is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web.

  • Kubectl – Kubectl is a command line utility for running commands against Kubernetes clusters.

Code

The example code is attached.

Epics

TaskDescriptionSkills required

Install the Helm client.

To download and install the Helm client on your local system, use the following command. 

sudo curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
DevOps engineer

Validate the Helm installation.

To validate that Helm is able to communicate with the Kubernetes API server within the Amazon EKS cluster, run helm version.

DevOps engineer
TaskDescriptionSkills required

Create a Helm chart for NGINX.

To create a helm chart named my-nginx on the client machine, run helm create my-nginx.

DevOps engineer

Review the structure of the chart.

To review the structure of the chart, run the tree command tree my-nginx/.

DevOps engineer

Deactivate service account creation in the chart.

In values.yaml, under the serviceAccount section, set the create key to false. This is turned off because there is no requirement to create a service account for this pattern.

DevOps engineer

Validate (lint) the modified chart for syntactical errors.

To validate the chart for any syntactical error before installing it in the target cluster, run helm lint my-nginx/.

DevOps engineer

Install the chart to deploy Kubernetes resources.

To run the Helm chart installation, use the following command. 

helm install --name my-nginx-release --debug my-nginx/ --namespace helm-space

The optional debug flag outputs all debug messages during the installation. The namespace flag specifies the namespace in which the resources part of this chart will be created.

DevOps engineer

Review the resources in the Amazon EKS cluster.

To review the resources that were created as part of the Helm chart in the helm-space namespace, use the following command. 

kubectl get all -n helm-space
DevOps engineer
TaskDescriptionSkills required

Modify and upgrade the release.

To modify the chart, in values.yaml, change the replicaCount value to 2. Then upgrade the already installed release by running the following command.

helm upgrade my-nginx-release my-nginx/ --namespace helm-space
DevOps engineer

Review the history of the Helm release.

To list all the revisions for a specific release that have been installed using Helm, run the following command. 

helm history my-nginx-release
DevOps engineer

Review the details for a specific revision.

Before switching or rolling back to a working version, and for an additional layer of validation before installing a revision, view which values were passed to each of the revisions by using the following command.

helm get --revision=2 my-nginx-release
DevOps engineer

Roll back to a previous version.

To roll back to a previous revision, use the following command. 

helm rollback my-nginx-release 1

This example is rolling back to revision number 1.

DevOps engineer
TaskDescriptionSkills required

Create an S3 bucket for Helm charts.

Create a unique S3 bucket. In the bucket, create a folder called charts. The example in this pattern uses s3://my-helm-charts/charts as the target chart repository.

Cloud administrator

Install the Helm plugin for Amazon S3.

To install the helm-s3 plugin on your client machine, use the following command. 

helm plugin install https://github.com/hypnoglow/helm-s3.git --version 0.10.0

Note: Helm V3 support is available with plugin version 0.9.0 and above.

DevOps engineer

Initialize the Amazon S3 Helm repository.

To initialize the target folder as a Helm repository, use the following command. 

helm S3 init s3://my-helm-charts/charts

The command creates an index.yaml file in the target to track all the chart information that is stored at that location.

DevOps engineer

Add the Amazon S3 repository to Helm.

To add the repository in the client machine, use the following command.

helm repo add my-helm-charts s3://my-helm-charts/charts

This command adds an alias to the target repository in the Helm client machine.

DevOps engineer

Review the repository list.

To view the list of repositories in the Helm client machine, run helm repo list.

DevOps engineer
TaskDescriptionSkills required

Package the chart.

To package the my-nginx chart that you created, run helm package ./my-nginx/. The command packages all the contents of the my-nginx chart folder into an archive file, which is named using the version number that is mentioned in the Chart.yaml file.

DevOps engineer

Store the package in the Amazon S3 Helm repository.

To upload the package to the Helm repository in Amazon S3, run the following command, using the correct name of the .tgz file.

helm s3 push ./my-nginx-0.1.0.tgz my-helm-charts
DevOps engineer

Search for the Helm chart.

To confirm that the chart appears both locally and in the Helm repository in Amazon S3, run the following command.

helm search repo my-nginx
DevOps engineer
TaskDescriptionSkills required

Modify and package the chart.

In values.yaml, set the replicaCount value to 1. Then package the chart by running helm package ./my-nginx/, this time changing the version in Chart.yaml to 0.1.1

The versioning is ideally updated through automation using tools such as GitVersion or Jenkins build numbers in a CI/CD pipeline. Automating the version number is out of scope for this pattern.

DevOps engineer

Push the new version to the Helm repository in Amazon S3.

To push the new package with version of 0.1.1 to the my-helm-charts Helm repository in Amazon S3, run the following command.

helm s3 push ./my-nginx-0.1.1.tgz my-helm-charts
DevOps engineer
TaskDescriptionSkills required

Search for all versions of the my-nginx chart.

To view all the available versions of a chart, run the following command with the --versions flag.

helm search repo my-nginx --versions

Without the flag, Helm by default displays the latest uploaded version of a chart.

DevOps engineer

Install a chart from the Amazon S3 Helm repository.

The search results from the previous task show the multiple versions of the my-nginx chart. To install the new version (0.1.1) from the Amazon S3 Helm repository, use the following command.

helm upgrade my-nginx-release my-helm-charts/my-nginx --version 0.1.1 --namespace helm-space
DevOps engineer

Related resources

Attachments

To access additional content that is associated with this document, unzip the following file: attachment.zip