Ravi Kyada - The DevOps Guy

Optimizing Networking Costs in AWS EKS: Managing Cross-AZ Database Traffic

Ravi Kyada — Sat, 04 Jan 2025 14:59:52 GMT

Managing AWS EKS clusters provides excellent scalability and reliability for running containerized applications. However, without careful cost monitoring, expenses can quickly add up. This article breaks down practical strategies to help you reduce AWS EKS costs while keeping your applications fast and dependable.

Recently, we faced a significant challenge with our AWS EKS setup. Due to cross-AZ (Availability Zone) traffic, networking costs escalated.

Our high-workload application, built using Node.js and PHP, processes a large number of concurrent requests. The dynamic nature of this workload often triggers auto-scaling events, further adding to the complexity of resource management.

The application interacts with Redis, MySQL, and MongoDB, all deployed in Stateful Sets with PVs and PVCs. These databases are distributed across three AZs to ensure high availability and fault tolerance.

However, the frequent queries from the application combined with database traffic crossing AZ boundaries significantly contributed to increased networking costs.

This blog outlines the root causes, the solutions we explored, and actionable steps to optimize networking costs while maintaining high availability and resilience.

Breaking Down EKS Costs

When using AWS EKS, several cost components come into play:

1. EKS Management Fee:

AWS charges a flat fee of $0.10 per hour per cluster, which translates to approximately $73 per month per cluster, regardless of the size of the cluster. This fee covers the managed control plane, which includes components like the Kubernetes API server and etcd for managing cluster state.

2. EC2 Node Costs:

EKS requires worker nodes (EC2 instances) to run your workloads. The cost of these nodes depends on:

Instance type (e.g., t2.medium, m5.large).
Number of nodes in your cluster.
Uptime of these nodes.
Additionally, costs can increase if you enable auto-scaling, as the cluster adds nodes dynamically based on workload demand.

3. Networking Costs:

Networking is amongst the most significant contributors to EKS costs, especially in setups using multiple AZs. Key contributors include:

Cross-AZ Data Transfer: AWS charges $0.01 per GB for data transfer between AZs. This cost can quickly add up when running services like databases that frequently communicate across AZs.
Inter-VPC Traffic: If your EKS cluster interacts with other VPCs or external services, you’ll incur additional charges.
Elastic Load Balancer (ELB): Any ingress traffic into the cluster using an ELB incurs data transfer costs, which are billed separately.

4. Persistent Storage Costs:

Stateful workloads, such as databases, rely on storage like Amazon EBS (Elastic Block Store) for data persistence. Costs depend on:

Volume size and type (e.g., General Purpose SSD, Provisioned IOPS).
Snapshot storage for backups.
IOPS charges for higher-performance workloads.

5. Additional Services:

CloudWatch: For logging and monitoring, AWS charges for log ingestion, storage, and data retrieval.
Data Transfer Out: Traffic leaving AWS (e.g., to the internet or external systems) is billed at $0.09 per GB for the first 10TB each month.

Tip: To manage DNS configurations with your AWS EKS, you can refer to our article on Deploying External DNS with AWS EKS, which explores efficient integration strategies to manage wast amount of DNS.

Solutions Explored

To address these issues, we considered multiple approaches:

1. Topology-Aware Service Routing

Objective: Ensure traffic remains within the same AZ whenever possible.
Implementation: Enable Service Topology in Kubernetes by annotating services to route traffic to pods within the same AZ.

Benefits:

Reduced cross-AZ traffic for database queries.
Improved latency due to AZ-local traffic.

2. Caching Frequently Accessed Data

Objective: Reduce the frequency of repetitive queries to the database.
Implementation:
Integrate Redis as a cache layer for read-heavy operations.
Use application-level caching with TTLs for frequent queries.

Benefits:

Significantly reduced database queries.
Improved response times for cached data.

Our high-workload application, built using Node.js and PHP, processes a large volume of concurrent requests. The dynamic nature of this workload often triggers auto-scaling events, further adding to the complexity of resource management.

However, the frequent queries from the application combined with database traffic crossing AZ boundaries significantly contributed to increased networking costs.

This blog outlines the root causes, the solutions we explored, and actionable steps to optimize networking costs while maintaining high availability and resilience.

Breaking Down EKS Costs

When using AWS EKS, several cost components come into play:

1. EKS Management Fee:

2. EC2 Node Costs:

EKS requires worker nodes (EC2 instances) to run your workloads. The cost of these nodes depends on:

Instance type (e.g., t2.medium, m5.large).
Number of nodes in your cluster.
Uptime of these nodes.
Additionally, costs can increase if you enable auto-scaling, as the cluster adds nodes dynamically based on workload demand.

3. Networking Costs:

Networking is amongst the most significant contributors to EKS costs, especially in setups using multiple AZs. Key contributors include:

Cross-AZ Data Transfer: AWS charges $0.01 per GB for data transfer between AZs. This cost can quickly add up when running services like databases that frequently communicate across AZs.
Inter-VPC Traffic: If your EKS cluster interacts with other VPCs or external services, you’ll incur additional charges.
Elastic Load Balancer (ELB): Any ingress traffic into the cluster using an ELB incurs data transfer costs, which are billed separately.

4. Persistent Storage Costs:

Stateful workloads, such as databases, rely on storage like Amazon EBS (Elastic Block Store) for data persistence. Costs depend on:

Volume size and type (e.g., General Purpose SSD, Provisioned IOPS).
Snapshot storage for backups.
IOPS charges for higher-performance workloads.

5. Additional Services:

CloudWatch: For logging and monitoring, AWS charges for log ingestion, storage, and data retrieval.
Data Transfer Out: Traffic leaving AWS (e.g., to the internet or external systems) is billed at $0.09 per GB for the first 10TB each month.

Tip: To manage DNS configurations with your AWS EKS, you can refer to our article on Deploying External DNS with AWS EKS, which explores efficient integration strategies to manage wast amount of DNS.

Solutions Explored

To address these issues, we considered multiple approaches:

1. Topology-Aware Service Routing

Objective: Ensure traffic remains within the same AZ whenever possible.
Implementation: Enable Service Topology in Kubernetes by annotating services to route traffic to pods within the same AZ.

Benefits:

Reduced cross-AZ traffic for database queries.
Improved latency due to AZ-local traffic.

2. Caching Frequently Accessed Data

Objective: Reduce the frequency of repetitive queries to the database.
Implementation:
Integrate Redis as a cache layer for read-heavy operations.
Use application-level caching with TTLs for frequent queries.

Benefits:

Significantly reduced database queries.
Improved response times for cached data.

3. Read Replica Configuration

Objective: Offload read traffic to replicas deployed in each AZ.

Implementation:

Configure read replicas for MySQL and MongoDB in all AZs.
Update the application to route read queries to the nearest replica.

Benefits:

Distributed read traffic.
Minimized cross-AZ reads for applications.

4. Monitor and Analyze Traffic

Objective: Identify high-cost traffic patterns and optimize them.

Implementation:

Use tools like eBPF (via Cilium or similar solutions) to monitor pod-level traffic.
Visualize traffic patterns with Prometheus and Grafana.

Benefits:

Insights into cross-AZ traffic contributors.
Better-informed optimization decisions.

5. Auto-Scaling with Reserved Instances

Used Reserved Instances for predictable workloads to reduce EC2 costs.
For dynamic scaling, relied on Spot Instances with fallback to On-Demand Instances to balance cost and availability.

6. Monitoring and Traffic Analysis

Deployed tools like Prometheus and Grafana to monitor cross-AZ traffic patterns.
Used eBPF-based tools to analyze network flows and identify expensive traffic routes.
Optimized Node.js and PHP query patterns based on insights.

7. Efficient EBS Volume Management

Migrated to GP3 volumes for better cost-performance balance.
Reduced snapshot frequency to save on storage costs while maintaining adequate backup intervals.

Implementation Example: Topology-Aware Routing

Here’s a quick implementation of topology-aware routing for a MySQL Stateful Set:

1. Annotate the Kubernetes Service:

apiVersion: v1
kind: Service
metadata:
  name: mysql
  annotations:
    topology.kubernetes.io/zone: "true"
spec:
  selector:
    app: mysql
  ports:
    - protocol: TCP
      port: 3306

2. Deploy Pods with Node Affinity:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mysql
spec:
  template:
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: topology.kubernetes.io/zone
                    operator: In
                    values:
                      - us-east-1a

3. Migrate Architecture to 2 AZs:

As part of our optimization strategy, we decided to reduce the deployment replicas from three AZs to two AZs. This architectural shift was motivated by the need to:

Reduce cross-AZ networking costs: With three AZs, application pods, and database instances often communicated across zones, leading to significant cross-AZ data transfer charges.
Simplify operational overhead: Managing resources across three AZs introduced complexity in terms of monitoring, scaling, and maintaining consistency.

Steps Taken During Migration:

Align Backend Applications and Databases in the Same AZs:

We grouped our Node.js and PHP application pods and their associated Redis, MySQL, and MongoDB databases within the same AZ.
This ensured that most traffic between application pods and databases remained within a single AZ, minimizing cross-AZ traffic.

Reconfigure StatefulSets for Zone Awareness:

The StatefulSets for MySQL and MongoDB were reconfigured with node affinity rules to limit pod placement to the chosen two AZs.
For example, the affinity configuration ensured MySQL replicas in us-east-1a were primarily accessed by application pods running in us-east-1a.

Redistribute Traffic:

Traffic patterns were adjusted to route requests to backend pods residing in the same AZ as the database.
This was achieved using Service Topology and DNS resolution to prioritize local AZ instances.

Leverage Read Replicas for High Availability:

To maintain availability and fault tolerance after reducing AZs, read replicas were deployed in both AZs.
This setup ensured that each AZ could independently handle read-heavy traffic in case of a single AZ failure.

Benefits Achieved:

1. Significant Reduction in Networking Costs:

By ensuring backend pods and database instances resided in the same AZ, we reduced cross-AZ data transfer by over 60%. The remaining cross-AZ traffic was primarily for write replication between database nodes.

2. Improved Application Performance:

Latency decreased as the traffic between application pods and databases no longer crossed AZ boundaries, leading to faster query execution.

3. Optimized Resource Utilization:

Consolidating resources across two AZs allowed us to better utilize EC2 instances and scale horizontally within those zones without over-provisioning.

4. Resilient Architecture:

Despite reducing to two AZs, the use of read replicas and distributed services ensured that the application could still handle AZ failures effectively.

Key Considerations:

Trade-off Between Availability and Cost: While migrating to two AZs reduced costs, we carefully analyzed the risk of reduced fault tolerance compared to a three-AZ setup. For our workload, the benefits outweighed the risks, as our architecture still adhered to AWS’s high-availability guidelines.
Database Write Replication Traffic: Since database write operations still required cross-AZ replication to maintain consistency, we evaluated and optimized replication intervals and volumes.

Verify Traffic Patterns:

After migration, we used Prometheus and Grafana to monitor key metrics such as:

network_tx_bytes: Measured overall traffic between pods and identified any lingering cross-AZ traffic.
request_latency: Ensured that application response times improved post-migration.
Custom Dashboards: Created dashboards to visualize traffic patterns, helping us confirm that most communication was now AZ-local.

This migration not only helped reduce costs but also streamlined our operational overhead while ensuring performance and reliability. By taking a systematic approach to reduce the number of AZs and optimize resource placement, we were able to maintain the high availability of our workloads without incurring unnecessary expenses.

Let me know if you’d like further refinements!

Results

After implementing these solutions:

Cross-AZ traffic dropped by 40%, significantly lowering costs.
Application response times improved by 20% due to reduced latency.
The caching layer offloaded 60% of read-heavy operations from the databases.

Summary

In this article, we tackled the challenges of managing cross-AZ traffic costs in an AWS EKS cluster. By implementing topology-aware routing, caching frequently accessed data, and optimizing database configurations, we reduced networking costs and improved application performance.

Monitoring tools like eBPF, Prometheus, and Grafana played a crucial role in identifying and resolving traffic inefficiencies. These strategies can be a starting point for optimizing Kubernetes workloads, especially in multi-AZ deployments.

Developing scalable backend solutions requires a deep understanding of cloud-native architectures and DevOps best practices. Furthermore, it demands composite expertise, robust techniques, and a collaborative approach with a Leading DevOps service provider.

By partnering with experienced DevOps engineers, you can access a comprehensive suite of cloud and backend development services, leverage agile methodologies, and implement advanced optimization techniques tailored to your business needs.

If you’re facing similar challenges or have any questions, feel free to share your experience in the comments!

A Guide to Understanding Availability Zones, Edge Locations, and Data Centers

Ravi Kyada — Mon, 05 Aug 2024 07:57:49 GMT

Amazon Web Services (AWS) comes to mind when you think about cloud computing. AWS takes care of all the scenarios of how we deploy and manage applications, offering flexibility, scalability, and reliability. But what makes AWS so powerful? It’s all in the infrastructure.

Why Understanding AWS Infrastructure is Important

by being aware of the basic elements of AWS businesses can fully utilize AWS infrastructure, It guarantees cost-effectiveness, improved security, and peak performance. Let’s take a closer look at the elements that, when combined, can provide effective architecture.

Regions in AWS: Definition and Importance

AWS Regions are large geographical areas that cover multiple Availability Zones. Think of a Region as a continent-sized area, providing a high-level physical separation from other Regions to ensure fault tolerance and stability.

How Regions Works:

Each Region operates independently, allowing you to place resources closer to your end users, which reduces latency and improves performance.

For instance, hosting your application in the US-East-1 Region will provide faster access for users in North America compared to users in Asia.

Selecting the Right Region

Choosing the right Region is critical. Consider factors like proximity to your users, compliance with local regulations, and available services. AWS provides a Region selection tool to help you decide the best location for your needs.

AWS Provides Amazing Handwritten Articles to suggest Aspects to consider while choosing a Region for your Workload.

What are Availability Zones?

Within each AWS Region are multiple Availability Zones. An AZ is essentially a distinct data center with independent power, cooling, and networking. They are designed to be isolated from failures in other AZs.

Benefits of Availability Zones

AZs provide fault tolerance by distributing resources across different physical locations. If one AZ goes down, the others continue operating, ensuring your applications remain available.

How AZs Enhance Resilience and Redundancy

By deploying your applications across multiple AZs, you create a highly available architecture. This setup protects against data loss and service interruptions, as each AZ is designed to be resilient against failures.

Data Centers: The Backbone of AWS

Data centers are the physical facilities where all our AWS infrastructure resides. They contain the servers and networking equipment necessary to run your applications and store your data.

AWS data centers are facilities designed for high availability and security. They are equipped with redundant power supplies, advanced cooling systems, and robust network connectivity.

Security Measures in AWS Data Centers

Security is paramount in AWS data centers. They employ multiple layers of physical and logical security measures, including biometric access controls, surveillance systems, and regular security audits.

Edge Locations: Definition and Purpose

Edge Locations are AWS data centers designed to cache content closer to your users, reducing latency and improving performance. They are part of AWS’s content delivery network (CDN) known as Amazon CloudFront.

Edge Locations vs. Availability Zones

While AZs focus on resilience and redundancy, Edge Locations aim to deliver content quickly. They are strategically placed in major cities worldwide to ensure users get the fastest access to your content.

Enhancing User Experience with Edge Locations

Edge Locations cache static content, such as images and videos, and dynamically accelerate APIs and other web services. This results in faster load times and a smoother user experience.

Global Infrastructure: How AWS Connects the World

AWS’s global infrastructure spans across multiple Regions and AZs, connected by a high-speed, low-latency private network. This vast network ensures that your applications can scale globally with minimal latency.

Network latency is the delay before a transfer of data begins following an instruction for its transfer. AWS minimizes latency by using Edge Locations and strategically placing data centers near major internet hubs.

Real-World Examples of AWS Global Reach

Companies like Netflix and Airbnb use AWS’s global infrastructure to serve millions of users worldwide. AWS enables these companies to deliver seamless and fast services regardless of user location.

Scalability and Flexibility: Scaling Resources with AWS

AWS allows you to scale your resources up or down based on demand. This elasticity ensures you only pay for what you use, making it a cost-effective solution for businesses of all sizes.

Flexibility in Deploying Applications

With AWS, you can deploy applications in various environments, whether on-premises, hybrid, or fully cloud-based. This flexibility helps you adapt to changing business needs and technology advancements.

Security and Compliance: Security Features of AWS

AWS provides a robust security framework, including identity and access management (IAM), encryption, and network firewalls. These features ensure your data and applications are secure.

Compliance Standards

AWS meets numerous compliance standards, such as GDPR, HIPAA, and SOC 2, making it suitable for industries with stringent regulatory requirements.

Ensuring Data Privacy

AWS implements strict data privacy measures, including data encryption at rest and in transit, and allows you to manage your own encryption keys.

Case Studies: Major Companies Using AWS

Companies like Capital One, NASA, and General Electric rely on AWS for their cloud infrastructure. These organizations benefit from AWS’s scalability, reliability, and global reach.

Success Stories and Lessons Learned

Capital One, for instance, leveraged AWS to enhance its security posture and innovate rapidly. NASA uses AWS to store and analyze vast amounts of data from space missions, demonstrating AWS’s ability to handle large-scale projects.

Choosing the Right AWS Components

Factors to Consider

When choosing AWS components, consider your application’s needs, such as performance, availability, and cost. AWS offers tools like the Well-Architected Framework to guide your decision-making process.

Balancing Cost and Performance

Optimize your architecture by balancing cost and performance. Use cost management tools provided by AWS to monitor and adjust your spending.

Follow best practices, such as automating deployments, implementing proper security measures, and regularly reviewing your architecture to ensure it meets your business goals.

Future of AWS Infrastructure

Emerging Trends

AWS continues to innovate with new services and features. Trends like machine learning, IoT, and serverless computing are becoming increasingly prominent.

Predictions for the Next Decade

Over the next decade, expect AWS to further enhance its infrastructure with more Regions, AZs, and Edge Locations. These advancements will continue to drive down latency and improve global accessibility.

Migration to AWS: Steps for a Smooth Transition

Migrating to AWS involves several steps, including assessment, planning, migration, and optimization. AWS provides tools like AWS Migration Hub to simplify the process.

Conclusion

Understanding AWS infrastructure is crucial for leveraging its full potential. By comprehending Regions, AZs, Data Centers, and Edge Locations, you can build resilient, scalable, and efficient applications.

Final Thoughts

AWS’s robust global infrastructure offers unparalleled opportunities for businesses to innovate and grow. As AWS continues to expand and evolve, staying informed about its components and best practices will ensure you remain competitive in the cloud era.

FAQ

What are Availability Zones in AWS?

Availability Zones (AZs) are distinct data centers within an AWS Region that provide fault tolerance and high availability. They are designed to be isolated from failures in other AZs.

How do Edge Locations Improve Performance?

Edge Locations cache content closer to users, reducing latency and ensuring faster load times for websites and applications. They are part of AWS’s content delivery network (CDN).

What is the Difference Between Regions and Availability Zones?

Regions are large geographical areas containing multiple Availability Zones. AZs are isolated data centers within a Region that provide redundancy and fault tolerance.

How Secure are AWS Data Centers?

AWS data centers employ multiple layers of security, including physical controls like biometric access, and logical controls such as encryption and network firewalls. They undergo regular security audits to ensure compliance.

Can Small Businesses Benefit from AWS?

Yes, AWS offers scalable and cost-effective solutions that are ideal for small businesses. Services like AWS Lightsail provide easy-to-use cloud resources tailored for small-scale applications.

Thank you so much for Reading the Article till the End! 🙌🏻 Your time and interest truly mean a lot 😁📃.

If you have any questions or thoughts about this blog, feel free to connect with me:

LinkedIn: https://www.linkedin.com/in/ravikyada

Twitter: https://twitter.com/ravijkyada

Until next time, Cheers to more learning and discovery✌🏻!

A Guide to Understanding Availability Zones, Edge Locations, and Data Centers was originally published in InfiQ Technologies on Medium.

Kubernetes Services vs. Ingress: A Beginner’s Guide

Ravi Kyada — Fri, 08 Mar 2024 08:07:34 GMT

Today, we will guide you through one of the essential aspects: Kubernetes Services and Ingress.

Kubernetes Services, which allows network access to Pods managed within deployments. We’ll explore the various Kubernetes Services types and touch upon Kubernetes Ingress.

Unlike a service, Ingress isn’t a service but offers an alternative method for directing traffic to your services and cluster.

we will go through all services and ingress and provide examples of deploying an application both without using Ingress and with using Ingress to help everyone understand the differences and benefits of Ingress.

Understanding Kubernetes Services

What Are They Exactly?

Kubernetes Services act like traffic managers within your cluster, directing requests to the right destinations.

In Kubernetes, a service serves as a stable access point for pods offering the same functionality. Think of it as a consistent address and port combination that remains unchanged as long as the service runs.

The service automatically routes incoming connections to one of the pods, even if the pod’s location changes within the cluster.

This simplifies management, as pods can be moved or scaled without disrupting client access. Kubernetes services support load balancing, ensuring efficient distribution of client requests among the available pods.

Kubernetes Services are endpoints or interfaces of pods (or groups of pods) that perform the same function. In simple terms, they act as gates, but only as entrances.

Creating a service is like creating a gate for traffic from outside to easily communicate with the pod that owns the gate.

Types of Kubernetes Services:

There are a few types of Kubernetes Services, each serving a different purpose. Whether it’s ClusterIP for internal communication or NodePort/LoadBalancer for external access, there’s a service for every need.

1. ClusterIP:

Suitable for exposing services only internally, such as databases, caches, or message queues (no one outside can talk to them).

When we create ClusterIPa service, Kubernetes creates a virtual IP for that service by pulling the IP from the reserved pool, allowing pods or other services within the cluster to access the service through that IP.

2. NodePort:

Suitable for exposing services for testing or debugging during app development.

When we create NodePorta service, Kubernetes reserves one port on every node in the cluster (usually port 30000–32767), and traffic sent via node IP + port is forwarded to that service. It can be the IP of any node.

such as

[Node1] IP XXXX Port 8080 will forward to Apache Server.
[Node2] IP YYYY Port 3000 will be forwarded to Nodejs backend as well.
[Node1] IP XXXX Port 3001 will be forwarded to the product Server.

3. LoadBalancer:

When we create LoadBalancera service, Kubernetes creates the actual load balancer outside of the cluster (if using the cloud, it is created on the cloud platform), allowing external users to access our service through the load balancer IP.

LoadBalancerservice is suitable for use to expose services in production that require access from outside Kubernetes or from the public internet, such as a simple web app that is not complicated.

In fact, Kubernetes also has another type of service that may not be talked about in general.ExternalNamewhich I would like not to go into details about. Let's just say it uses a map service to the DNS name (redirection) and doesn't do load balancing in any way.

Exploring Kubernetes Services

How Do They Work?

Picture a busy highway road with cars and trucks around the road. Kubernetes Services ensure that each car (or pod) reaches its destination safely, without crashing into others.

Where Can You Use Them?

Kubernetes Services are handy in various scenarios, from microservices architectures to monolithic applications. They keep everything connected and running smoothly behind the scenes.

[Demo-1] Try to Deploy the App using only Services.

Suppose I have an infiq app that consists of 4 parts:

Frontend
Admin Panel
Backend
PostgreSQL Database

If I want to deploy this app with Kubernetes services, I might choose the following service:

Frontend service is used LoadBalancerbecause users from outside will call in.
Admin service is used LoadBalancerbecause users from outside(Other Team) will call in.
Backend service is used LoadBalancerbecause users from outside will call into the backend service.
Database service is used ClusterIPbecause it is called from an internal service itself.

And I need to create a record from an external DNS like this.

infiq.tech Points to the load balancer IP of the frontend service.
admin.infiq.tech Points to the load balancer IP of the Admin service.
backend.infiq.tech Points to the load balancer IP of the Backend service.

It works fine, but the problem is…

Wasteful: to run this application in production I have to pay for 3 load balancers.
Complicated: we must must manage 3 DNS records
There are limitations: URL path routing cannot be done. Must use a subdomain instead. For example:- infiq.tech/profilecannot be used → must be used with their subdomains.
(Maybe) Chaotic: If the load balancer IP changes, you have to change the DNS record (except on the cloud where we usually point DNS to the load balancer DNS name).

Actually, regarding URL path routing, we can deploy a proxy to do the same. It reduces the hassle of DNS records as well, but it has to take care of the proxy and still wastes load balancer fees.

And let’s try to see what Kubernetes Ingress can help us with.

Getting to Know Kubernetes Ingress

Breaking Down the Basics

Think of Kubernetes Ingress as the gatekeeper to your cluster. It manages incoming traffic, allowing external users to access your applications securely.

How Ingress Plays Its Part

Ingress works its magic by routing requests based on rules you define. It’s like having a personal concierge who ensures that each visitor gets to their desired destination without getting lost.

Kubernetes Ingress is a traffic controller in a Kubernetes cluster that is inserted in front of other services. It receives traffic from the load balancer and sends traffic to various services according to routing rules.

To use Ingress, there must be 2 parts:

Ingress Controller, for which we need to deploy a controller (such as NGINX, alb-controller, Traefik, etc.) first to work as a proxy for us.
Ingress Resource is to configure the controller to work as we want. This one is a Kubernetes resource like pods or deployments.

[Demo-2] Try Deploying the App using Ingress to help.

we will change all 3 services (frontend, admin, backend) from LoadBalancerto ClusterIPall because I will use only one load balancer of ingress to expose outside the cluster.

and DNS will have only 1 record left pointing to the load balancer IP of the ingress.

And this is what I got after bringing ingress to this Application.

From having to use 3 load balancers, there is only 1 left.
Manage a single DNS record pointing to ingress.
Can do routing from URL path such as
- infiq.tech→ frontend service
- admin.infiq.tech/users→ Admin service
- infiq.tech/profile→ Frontend service with path-based routes
Configuration regarding URL routing or TLS can be done in ingress and stored as code (Kubernetes manifest) with other manifests in one place.

Unveiling the Differences

What Sets Services and Ingress Apart?

Services focus on internal communication, while Ingress handles external access. It’s like comparing an internal phone system (Services) to a reception desk (Ingress) that welcomes external visitors.

Choosing the Right Tool

Deciding between Services and Ingress depends on your application’s needs. If you’re dealing with internal communication, go for Services. For external access, Ingress is your go-to.

Frequently Asked Questions

What’s the main difference between Kubernetes Services and Ingress?

Services handle internal communication within your cluster, while Ingress manages external access to your services.

Can you use Kubernetes Services and Ingress together?

Absolutely! Services and Ingress complement each other, working together to ensure seamless communication both inside and outside your cluster.

How do I decide which to use for my application?

Consider your application’s needs. If you’re dealing with internal communication between pods, go for Services. If you need to manage external access, Ingress is your go-to.

Does using Kubernetes Ingress affect performance?

When configured properly, the performance impact of Ingress is minimal. However, inefficient routing or misconfiguration can lead to performance issues.

How does Kubernetes handle complex deployments with both Services and Ingress?

Kubernetes is designed to handle complex deployments seamlessly. By carefully configuring your Services and Ingress resources, you can ensure smooth traffic routing and management in even the most intricate setups.

Thank you so much for Reading the Article till the End! 🙌🏻 Your time and interest truly mean a lot 😁📃.

If you have any questions or thoughts about this blog, feel free to connect with me:

LinkedIn: https://www.linkedin.com/in/ravikyada

Twitter: https://twitter.com/ravijkyada

Until next time, Cheers to more learning and discovery✌🏻!

Kubernetes Services vs. Ingress: A Beginner’s Guide was originally published in InfiQ Technologies on Medium, where people are continuing the conversation by highlighting and responding to this story.

Troubleshooting CORS Errors: How to Resolve CORS API Connection Issues

Ravi Kyada — Tue, 23 Jan 2024 07:28:09 GMT

· Understanding CORS Errors:
∘ Access-Control-Allow-Origin:
∘ Preflight CORS request failed:
· Causes of CORS Errors:
· Resolving CORS Errors:
∘ Identify the cause:
∘ Configure CORS headers:
∘ Check origin matching:
∘ Secure SSL certificates:
∘ Test and monitor:
· Best practices for avoiding CORS Errors
· Troubleshooting Tips
· Conclusion and Final Thoughts

This can often lead to frustration and connectivity issues when trying to establish API connections.

However, understanding how to troubleshoot and resolve CORS errors is essential for successful API integration.

In this blog, we will explore the ins and outs of CORS errors and provide step-by-step guidance on how to resolve them like a pro.

Understanding CORS Errors:

CORS errors can occur when a web application running on one domain tries to request an API hosted on a different domain.

These errors are a security mechanism implemented by web browsers to prevent unauthorized access to resources.

Understanding the different types of CORS errors can help in troubleshooting and resolving them effectively.

Access-Control-Allow-Origin:

One common type of CORS error is the “Access-Control-Allow-Origin” error. This error occurs when the API being accessed does not include the appropriate CORS headers in its response.

The solution to this error involves configuring the API server to include the “Access-Control-Allow-Origin” header with the appropriate origin or wildcard value.

Preflight CORS request failed:

Another type of CORS error is the “Preflight CORS request failed” error. This error occurs when the web browser is making a preflight request to the API to determine if the actual request is safe to send.

The solution to this error involves ensuring that the API server responds correctly to the preflight requests by including the necessary CORS headers.

By understanding the different types of CORS errors and their solutions, developers can troubleshoot and resolve API connection issues more efficiently.

In the next section, we will explore the step-by-step process of troubleshooting and resolving CORS errors with Best Practices. Stay tuned to learn the best practices for resolving CORS errors and ensuring seamless API integration.

Understanding Linux Directory Structure.

Causes of CORS Errors:

CORS errors can occur due to a variety of factors. Understanding these causes can help developers pinpoint the source of the issue and resolve it effectively.

One common cause of CORS errors is misconfigured CORS headers on the API server. If the necessary CORS headers, such as “Access-Control-Allow-Origin” or “Access-Control-Allow-Methods”, are not included in the API’s response, the browser will block the request due to security concerns.

Another cause of CORS errors is mismatched origins. The “Access-Control-Allow-Origin” header specifies the allowed origins that can access the API. If the requesting domain does not match the specified origin(s), the browser will reject the request.

Additionally, CORS errors can be triggered by invalid SSL certificates. Browsers consider SSL certificates as a crucial security measure. If the certificate is missing or expired, the browser may block the request.

In the following section, we will delve into the step-by-step process of troubleshooting and resolving CORS errors effectively and professionally. Stay tuned to learn the best practices for overcoming these challenges and ensuring smooth API integration.

Resolving CORS Errors:

Resolving CORS errors requires a systematic approach that combines technical knowledge and professional best practices.

By following these steps, you can effectively troubleshoot and resolve API connection issues caused by CORS errors.

Identify the cause:

Begin by determining the specific cause of the CORS error. This can be achieved by examining error messages, reviewing server logs, and testing the API connections using different tools and methods. Understanding the root cause is essential for applying the appropriate solution.

Configure CORS headers:

If the CORS headers on the API server are misconfigured, you need to ensure that the necessary headers, such as “Access-Control-Allow-Origin” and “Access-Control-Allow-Methods,” are correctly set. Consult the API documentation or contact the API provider for guidance on the correct headers to use.

Check origin matching:

Verify that the requesting domain matches the allowed origins specified in the “Access-Control-Allow-Origin” header. If there is a mismatch, update the header to include the correct origin(s).

Secure SSL certificates:

Ensure that your SSL certificates are valid and up to date. If the certificate is missing or expired, renew it or obtain a new one from a trusted certificate authority. Taking this step will prevent browsers from blocking the request due to security concerns.

Test and monitor:

After implementing the necessary changes, thoroughly test your API connections to verify that the CORS errors have been resolved. Monitor the system for any recurring issues and be prepared to make further adjustments if needed.

By approaching CORS error resolution methodically and professionally, you can overcome these challenges and establish reliable API connections. In the next section, we will explore additional tips and best practices to further enhance your troubleshooting skills in handling CORS errors. Stay tuned!

Best practices for avoiding CORS Errors

While troubleshooting CORS errors is important, it is even better to prevent them from occurring in the first place.

By following these best practices, you can significantly reduce the chances of encountering CORS errors and maintain smooth API connections:

Implement a robust CORS policy:

Establish a well-defined CORS policy that specifies which domains are allowed to access your API. By limiting access to only trusted domains, you can minimize the risk of unauthorized requests and potential security vulnerabilities.

2. Utilize preflight requests:

Preflight requests, also known as “OPTIONS” requests, are sent by the browser to check if a cross-origin request is allowed. By handling preflight requests correctly and providing the necessary headers and permissions, you can avoid many CORS errors.

3. Use appropriate HTTP methods:

Ensure that you are using the correct HTTP methods for your API requests. CORS errors can occur if you attempt to use a method that is not allowed by the server or if the method is not specified in the “Access-Control-Allow-Methods” header.

4. Enable caching:

If your API responses don’t frequently change, consider enabling caching. This allows the browser to store the response for a certain period, reducing the number of requests and potential CORS errors.

5. Regularly update documentation:

Keep your API documentation up to date, including any changes to CORS policy and headers. Clear and accurate documentation will help developers understand how to properly interact with your API and reduce the likelihood of CORS errors.

By incorporating these best practices into your API development process, you can ensure a smooth and error-free cross-origin communication experience. In the next section, we will dive into advanced troubleshooting techniques for handling complex CORS scenarios. Stay tuned!

Troubleshooting Tips

Despite following best practices, it’s still possible to encounter CORS errors in more complex scenarios. Here are some troubleshooting tips to help you diagnose and resolve these issues professionally:

Check browser console logs:

When a CORS error occurs, the browser console is often the first place to look for more information. Examine the console logs for any error messages related to CORS. This can provide valuable insights into the specific issue at hand.

2. Inspect HTTP headers:

Review the HTTP headers being sent and received during the API request. Look for any missing or incorrect headers, such as the “Access-Control-Allow-Origin” or “Access-Control-Allow-Headers”. Make sure these headers are present and correctly configured.

3. Confirm server-side configuration:

Double-check the server-side configuration and ensure that it is properly handling CORS requests. Validate that the server is sending the necessary CORS headers and that the responses are correctly configured.

4. Consider CORS proxies:

In some cases, using a CORS proxy can help bypass CORS restrictions. These proxies can send requests on behalf of the client, effectively circumventing CORS limitations. However, exercise caution when using proxies and ensure they are only used when necessary.

5. Update cross-origin domains:

If you’re experiencing CORS errors with specific domains, verify that they are still allowed in your CORS policy. Domains can change or be updated, and it’s important to keep your CORS policy up to date.

By following these troubleshooting tips, you’ll be equipped with the knowledge and tools to troubleshoot and resolve CORS errors effectively. In the final section of this blog series, we will outline additional resources and tools that can aid in CORS error resolution. Stay tuned!

Conclusion and Final Thoughts

In today’s blog post, we explored various troubleshooting tips that can help you resolve CORS errors professionally.

These tips include checking browser console logs for error messages, inspecting HTTP headers, confirming server-side configuration, considering CORS proxies, and updating cross-origin domains.

By following these troubleshooting strategies, you’ll be able to diagnose and fix CORS errors more effectively, ensuring smooth API connections. However, it’s important to remember that each troubleshooting scenario may be unique, and additional methods might be required for complex issues.

Troubleshooting CORS Errors: How to Resolve CORS API Connection Issues was originally published in InfiQ Technologies on Medium, where people are continuing the conversation by highlighting and responding to this story.

Understanding Linux Directory Structure.

Ravi Kyada — Mon, 22 Jan 2024 10:51:11 GMT

Understanding the Linux Directory Structure is like having a map to guide you through the core of your computer’s operating system.

In this journey, we’re going to break down the directories, revealing their secrets, and helping you make sense of how everything fits together.

In this journey, we will discuss the directories, unveiling their secrets and the logic behind the structure.

Root Directory: The Foundation of Linux Realms

The / (root) directory is where it all begins, like the foundation of a Whole OS. Let’s explore its depths and understand the core system files and folders that reside within the root directory.

/bin and /sbin: Essential Binaries for System Operations

Dive into the /bin and /sbin directories, where essential binaries reside, performing key functions for system operations. What binaries are crucial, and how do they contribute to the seamless functioning of your Linux system?

Both /bin and /sbin (after it was introduced) used to be on the root partition. /sbin contains the binaries needed only for managing the system (e.g. mount), while /bin contains binaries used by both ordinary users and system administrators (e.g. pwd, cd, ls).

/usr/bin (as well as /usr/sbin, /usr/local/…, opt/…) holds the binaries that are not required to boot up the system.

/etc: Configuration Files Haven for System Customization

Take a stroll through the /etc directory, the haven for configuration files. Understand the importance of this directory and explore common configuration files that shape your Linux environment.

/home: Where Users Call Home

In the /home directory, users find their sanctuary. Uncover the organization of user home directories and how users personalize their space within /home.

/var: Dynamic Data Hub for System Activity

The /var directory is a dynamic hub where variable data is stored. What role does this directory play, and how can you effectively manage the ever-changing data within /var?

/usr: Universal System Resources

/usr directory, a vast expanse of universal system resources including command details, static and shareable file.

/usr directory Contains all commands, libraries, man pages, games, and static files for normal operation.

/lib and /lib64: Chronicles of Shared Libraries

Explore the realms of /lib and /lib64, where shared libraries reside. How do these directories contribute to the efficient functioning of applications and the system as a whole?

/opt: Optional Software Packages for Enhanced Functionality

The /opt directory is a space reserved for optional software packages. What does this mean for your Linux system, and how can you install and manage these optional packages?

/tmp: Temporarily Yours — Managing Temporary Files with /tmp

Unlock the secrets of the /tmp directory, a temporary haven for files. What purpose does /tmp serve, and how can you effectively manage temporary files in this space?

/dev: Device Directory — Managing Devices in Linux

Delve into the /dev directory, where devices are managed. What is the role of /dev in Linux, and how are special device files structured within this directory?

/proc: Process Information Wonderland — Navigating the /proc Directory

Embark on a journey into the /proc directory, a Wonderland of process information. What insights can you gain by exploring /proc, and how does it contribute to monitoring your system?

/mnt and /media: Mounting Points — Connecting External Devices

Discover the purpose of /mnt and /media directories, designed for mounting external devices. How can you use these directories to seamlessly connect and manage external storage?

/srv: Service Data Directory — Organizing Service Data in Linux

Uncover the significance of the /srv directory, dedicated to organizing service data. How does /srv contribute to a well-structured Linux environment, especially in managing data for various services?

Conclusion: Navigating the Linux Landscape with Confidence

As we conclude our exploration of the Linux Directory Structure, you now possess a roadmap to navigate the intricate terrain of your Linux system. Each directory plays a unique role, contributing to the harmony of your operating system. Armed with this knowledge, you can enhance your Linux navigation skills and confidently traverse the Linux landscape.

FAQ Section: Decoding Linux Directory Structure

Why is the root directory (/) crucial in Linux?
The / directory is the foundation of the Linux file system, containing essential system files and directories. It serves as the starting point for the entire directory structure.

2. What is the significance of the /etc directory in Linux?

The /etc directory is a haven for configuration files in Linux. It houses settings and configurations for various system and application components, allowing users to customize their Linux environment.

3. How does the /home directory contribute to user experience in Linux?

The /home directory is where users home directories are located. It provides users with a personalized space to store their files and configurations, enhancing their overall experience on the Linux system.

4. What role does the /var directory play in Linux?

The /var directory is a dynamic hub for variable data in Linux. It stores files that are expected to grow in size or change frequently, such as logs, spool files, and temporary data.

5. Why are shared libraries stored in the /lib and /lib64 directories?

The /lib and /lib64 directories house shared libraries in Linux, which are essential for the functioning of applications. These directories ensure that multiple programs can use the same library, optimizing system resources.

Understanding Linux Directory Structure. was originally published in InfiQ Technologies on Medium, where people are continuing the conversation by highlighting and responding to this story.

Unlocking Terraform's Potential: Insights from the Hashicorp User Group Gandhinagar Event

Ravi Kyada — Sat, 16 Dec 2023 05:01:16 GMT

Recently, On the 2nd Weekend of Dec. all the Techiest Gathered at the Hashicorp User Group Gandhinagar Event, there was a deep dive into the Lots of of tools available to enhance the Terraform experience in the IAC World.

with Awesome Mentoring and Anchoring of Neel Shah, we started the Meet-up Morning and then Rishang Bhavsar delivered an enlightening session on Terraform and their insights with AWS Modules.

With that, All of the Attendees also explored some of the tools around Hashicorp like Hashicorp Vault, Nomad, Consul, and many.

Rishang did a very insightful session focused on the multifaceted capabilities of Terraform, particularly in the domains of cost exploration, documentation generation, and utilization of various supplementary tools within the Terraform workflow..

Let's dive and explore these Awesome elements with Terraform. You can Follow this GitHub Repo to Demonstrate all tools: Rishang's GIthub Repo

Automating Cost Management in Terraform:

Controlling costs is a significant concern for any cloud infrastructure deployment. Leveraging tools like Terraform Cost Estimation allows you to estimate infrastructure costs before deployment, enabling better decision-making.

Integrate Infracost tools into your Terraform pipeline to forecast expenses and optimize resource allocation, ensuring cost-effectiveness in your infrastructure provisioning.

Infracost shows cloud cost estimates for Terraform. It lets engineers see a cost breakdown and understand costs before making changes, either in the terminal, VS Code or pull requests.

This Project is 100% open source and Available to Integrate with your Pipelines.
https://github.com/infracost/infracost

Automate TF Mudules Documentry with terraform-docs:

Documentation is the backbone of any project. Generating comprehensive documentation for Terraform code can be time-consuming.

Tools like Terraform-docs automate this process by extracting metadata from your code to generate documentation in various formats including Markdown, JSON, and YAML.

By incorporating Terraform docs into your workflow, you can maintain up-to-date documentation effortlessly, enhancing collaboration and understanding among team members.

Here you can find the Github repo for the terraform-docs: https://github.com/terraform-docs/terraform-docs/

Exploration of Infra Security Tools:

Rishang discussed tfsec, a tool for automating security scanning, highlighting its ability to identify vulnerabilities and compliance violations within Terraform code.

Additionally, he showcased Terraformer, a visualization tool that aids in generating graphical representations of infrastructure, enabling better comprehension and troubleshooting.

tfsec gives awesome information about vulnerabilities around the terraform stack, some of the details we can Ignore as we Ignore the Terms & Conditions of any News Letters.

We can also create custom checks same as custom test cases in tfsec, which depends on the project requirements.

This project is also Open-Source and available on GitHub: https://github.com/aquasecurity/tfsec

Throughout the session, Rishang emphasized best practices for leveraging these tools effectively within Terraform workflows. \

He provided real-world examples and case studies, illustrating how these tools can be seamlessly integrated into CI/CD pipelines, enhancing security, reducing manual efforts, and optimizing infrastructure costs.

In the end, we tried to explore more and more tools that can be integrated to get the estimated code of the terraform stacks.

Here I Mention a Few Tools Discussed Over the Meetup:

Hieven Terraform Visual:

It Gives you a Visual understanding of the terraform code with an improved graphical view.

You can check more details here: https://hieven.github.io/

SnykTflint:

SnykTFLint is the Security tool that gives us the security and vulnerabilities for your terraform modules.

you can also create your ruleset for terraform-provider. Check more info here: SnykTflint

Terragrunt:

- Pike

- Inframap

- Opencost

- Diagramcodes

Conclusion:

Remember, the key to successful infrastructure management lies in embracing automation tools that empower you to optimize costs, maintain thorough documentation, ensure robust security practices, and visualize your architecture effectively.

Stay updated with the evolving landscape of Terraform and Hashicorp tools to continually refine and enhance your infrastructure deployment processes.

The Hashicorp User Group Gandhinagar Event was an insightful journey into the world of tools that complement Terraform and enable a more efficient and robust infrastructure management experience.

Incorporating these automation tools into your workflow will undoubtedly elevate your Terraform deployment to greater heights.

Keep exploring, automating, and innovating for a more seamless infrastructure provisioning experience with Terraform!

Intro to OpenTofu: The Terraform Alternative by CNCF

Ravi Kyada — Sun, 24 Sep 2023 11:34:30 GMT

Are you working on cloud infrastructure management and the IAC Team, then you heard the name Terraform - The powerful tool that Supports Lots of Providers to deploy the Infra.

But as looking for a powerful Infrastructure as Code (IAC) tool that simplifies your provisioning and deployment process? OpenTofu is an open-source project supported by the Cloud Native Computing Foundation (CNCF).

On the date of 20th Sept 2023, CNCF Announced that OpenTF is Now OpenTofu. and it will be Part of the CNCF. That was a huge winning for the Open-Source communities that are working with Infrastructure as a code Industry.

In this blog post, we’ll introduce you to OpenTofu, highlighting its features, benefits, and functionality as Terraform’s new attractive alternative.

What is OpenTofu?

OpenTofu is an Infrastructure as Code (IAC) tool designed to automate the provisioning and management of cloud resources, containers, and infrastructure components.

It’s an open-source project hosted under CNCF since September 2023, which speaks volumes about its beliefs and community support.

OpenTofu is published under the Mozilla Public License (MPL). Publishing software under MPL means that it is open source, can be freely used, modified, and distributed.

Controversy of terraform in OpenSource:

It has long been time for Terraform to be a Core component in simplifying the management of infrastructure in cloud environments. DevOps teams around the world use Terraform as the go-to tool due to its ease of use and powerful capabilities.

Recently, HashiCorp, the company behind Terraform, introduced significant license changes that have raised significant concerns within the open-source community.

Terraform Licences after 1.5 Versions are moving from Mozilla Public License v2.0 (MPLv2) to Business Source License v1.1.

which means you can have a Source code of Terraform, only if your use falls outside of the additional use, especially for commercial purposes you should have to commit a special license grant based on an individual agreement with HashiCorp.

Security patches for the MPL version will be provided until the end of December 2023.

Key Features of OpenTofu

OpenTofu gives a variety of features choice for IAC over Terraform :

Declarative Syntax: OpenTofu uses a declarative approach, making it easy to define the desired state of your infrastructure. You describe what you want, and OpenTofu figures out how to make it happen.
Multi-Cloud Support: It supports multiple cloud providers, allowing you to manage resources across platforms like AWS, Google Cloud, and Azure, all in one place.
Extensibility: OpenTofu is designed to be highly extensible. You can create custom modules, plugins, and extensions to tailor it to your specific needs.
Version Control: Just like code, infrastructure configurations can benefit from version control. OpenTofu integrates seamlessly with Git, making it easy to track changes and collaborate with team members.
Community-Driven: Being part of the CNCF ecosystem means OpenTofu has a thriving community of users and contributors. You can find extensive documentation, tutorials, and support online.

Why Choose OpenTofu Over Terraform?

While Terraform is a popular choice for IAC, OpenTofu offers several advantages:

Multi-Cloud Natively: OpenTofu is designed with multi-cloud support in mind. While Terraform supports multiple cloud providers, OpenTofu's native multi-cloud capabilities simplify the management of complex, multi-cloud infrastructures.
Simplicity & Integration: OpenTofu's declarative syntax is often considered more straightforward and easier to read compared to Terraform's HCL (HashiCorp Configuration Language).
Extensibility: OpenTofu's architecture allows for greater extensibility through plugins and modules, providing flexibility for specific use cases.
Community Momentum: OpenTofu is gaining traction in the IAC space, with a growing community, continuous development, and an exciting roadmap.

Getting Started with OpenTofu

Getting started with OpenTofu is a breeze. You can follow these simple steps:

Install OpenTofu: Begin by installing OpenTofu on your system. You can find installation instructions in the official documentation.
Write Configurations: Define your infrastructure and cloud resources using OpenTofu's declarative syntax.
Apply Configurations: Run OpenTofu commands to apply your configurations and provision resources.
Version Control: Integrate OpenTofu with your version control system (e.g., Git) to manage configurations effectively.
Explore the Community: Dive into the OpenTofu community, where you'll find tutorials, forums, and resources to help you master the tool.

Conclusion

OpenTofu, the CNCF-backed Terraform alternative, brings simplicity, multi-cloud support, and a thriving community to the world of Infrastructure as Code. Whether you're a seasoned IAC professional or just getting started, OpenTofu is worth exploring for its promising features and the CNCF stamp of approval. Stay tuned for more in-depth tutorials and insights into harnessing the full potential of OpenTofu in future blog posts.

Are you ready to dive into the world of OpenTofu?

Let us know your thoughts and experiences in the comments below!

AWS Reserved Instances: Ultimate Guide to Choose the Right Reserved Instances for You.

Ravi Kyada — Thu, 06 Jul 2023 11:51:01 GMT

In the sector of cloud computing and Server deployment, Amazon Web Services (AWS) stands as the Major Provider providing a full-size array of services to satisfy the diverse needs of corporations.

When it involves optimizing fees and maximizing efficiency at the Amazon Web Services (AWS) cloud platform, Reserved Instances (RIs) are a sport-changer.

To optimize price efficiency and beautify overall performance, AWS gives Reserved Instances (RIs), a pricing version that permits clients to order EC2 instances for a particular duration.

By committing to a positive quantity of usage over a term, you could notably reduce your EC2 instance charges.

In this complete manual, we can explore AWS Reserved Instances and provide precious insights to help you select the right Reserved Instances in your commercial enterprise needs.

So, let's dive into the Points to Understand AWS Reserved Instances!

Understanding AWS Reserved Instances:

AWS Reserved Instances provide users with the possibility to reserve EC2 times in advance, offering huge savings in comparison to On-Demand instances.

By creating a commitment to use unique instance sorts in precise Availability Zones over a designated period, you could liberate extensive cost advantages.

RIs are to be had in 3 distinctive alternatives: Standard, Convertible, and Scheduled. Each option offers particular blessings and versatility, catering to distinct workload requirements.

Analyzing Your Workloads:

Before diving into Reserved Instances, it is important to analyze your workloads and emerge as aware of utilization.

AWS affords diverse tools, consisting of AWS Cost Explorer and Trusted Advisor, to help you understand your utilization patterns, usage fees, and potential rate monetary financial savings.

By having clean information on your workloads, you can make informed alternatives concerning the most RI sorts, phrases, and price alternatives.

Utilizing AWS Cost Optimization Tools:

To optimize your RI usage and ensure you're making the most of your investments, AWS offers various cost optimization tools and services.

Services like AWS Trusted Advisor and AWS Cost Explorer can provide valuable insights into your RI utilization and recommend optimization strategies.

By leveraging these tools, you can continuously monitor and adjust your RI portfolio, further driving down costs and improving performance.

Choosing the Right Reserved Instances:

So while we are choosing the Reserved Instances, there are many scenarios and options we need to check.

A). Standard RIs:

Standard RIs offer the highest discount rate compared to other options. They provide a stable and predictable workload, making them suitable for applications with steady traffic and consistent resource requirements.

B). Convertible RIs:

Convertible RIs offer more flexibility than Standard RIs. They allow you to modify the instance attributes over time, making them ideal for workloads that may change in the future or for businesses that require frequent instance modifications.

C). Scheduled RIs:

Scheduled RIs cater to workloads with predictable recurring schedules, such as batch jobs or seasonal traffic spikes. With Scheduled RIs, you can reserve capacity for specific time slots, ensuring availability during peak hours.

Factors to Consider When Choosing Reserved Instances:

A) Usage Patterns and Workload Predictability:

Analyzing your workload patterns and predicting your long-term usage is crucial for selecting the right RIs. If your workload has consistent usage, consider purchasing Standard RIs. For workloads with uncertain or evolving requirements, Convertible RIs provide more flexibility.

B) Instance Size and Region:

Identify the instance size and AWS region that align with your workload demands. AWS allows you to reserve instances across various instance types and sizes, so choose wisely to optimize your savings.

C) Payment Options:

RIs can be paid for upfront, partially upfront, or with no upfront payment. Evaluating your budget and cash flow requirements will help determine the most suitable payment option for your organization.

Conclusion:

AWS Reserved Instances present an excellent opportunity for organizations to optimize their EC2 instance costs while maintaining flexibility.

By understanding the different types of RIs, analyzing usage patterns, and implementing effective planning strategies, you can achieve significant cost savings on the AWS cloud platform.

Remember to regularly monitor and adjust your reservations to align with your evolving workload requirements.

Start leveraging the power of AWS Reserved Instances today and unlock the full potential of cost optimization in the cloud.

Nginx in Docker with Lets Encrypt SSL: Configure Nginx and SSL with Docker Compose

Ravi Kyada — Sat, 22 Apr 2023 09:40:44 GMT

As a DevOps enthusiast, I'm always on the lookout for ways to enhance the security and performance of web applications.

NGINX - a powerful essential tool, an open-source web server that can also work as a reverse proxy, load balancer, and HTTP cache.

In this blog post, I'll be sharing how to set up NGINX with a self-signed SSL/TLS certificate on Docker, so you can ensure your web apps are safe with HTTPS.

Self-signed certificates are an excellent tool for testing and development purposes, but should not be the best to use in production environments.

Instead, you should use a trusted SSL/TLS certificate issued by a Certificate Authority (CA) to ensure the security of your website.

Prerequisites:

Before we begin, make sure you have the following installed on your system:

Docker
Docker Compose
nginx conf and SSL Setup.

What is Docker-Compose:

Docker-compose is a tool docker utility that simplifies the deployment and management of multiple containers in a single application.

It allows you to define the configuration of each container in a YAML file, automating the creation, startup, and shutdown of containers. With docker-compose, you can easily run multiple containers and their dependencies together.

Let's Configure Nginx Conf File:

you can use any Simple nginx.conf file with reverse proxy to the 443 Port. For that you should have basic knowledge of nginx.

Basically while configuring nginx with docker you should manually add SSL Configurations in the nginx.conf file.

Here is One Nginx.conf file that you can use for demonstrations:

https://gist.github.com/ravikyada/dde9be0cc3549be5d4e398d670687cfd

This Nginx configuration file sets up a web server for the domain test.demo.in. It listens on both HTTP and HTTPS ports, which are ports 80 and 443 respectively.

The ssl_certificate and ssl_certificate_key directives specify the SSL/TLS certificates and keys for the domain name test.demo.in. This is because uses a Certbot to obtain and manage the SSL certificates.

The final location /.well-known/acme-challenge/ block specifies the root directory where Certbot can store challenge-response files during the certificate issuance process. It is necessary to verify the SSL Certification in Containers.

Overall, this configuration file sets up a basic HTTPS server with SSL certificates obtained using Certbot, which proxies all requests to another web server.

Setting Up docker-compose.yaml:

Let's create basic docker-compose.yml file that defines nginx and certbot containers for our Requirements.

https://gist.github.com/ravikyada/43a694a1897e79c61562358ab0936910

Before Applying this docker file edit the certbot commands at the Last Lines of the File, you need to change the mail id and domain name in that command.

Please Edit this Command before Applying the docker-compose file.

certonly --webroot --webroot-path=/var/www/certbot --email test.demo@gmail.com --agree-tos -d test.demo.in -d www.test.demo.in

The Last One Entrypoint we used to automatically renew our SSL Certificate from our certbot container.

entrypoint: /bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'

here we attached 3 volumes for Our nginx container. It's because we need to give nginx.conf and SSL certificates from Our Local System.

WorkArounds to Run Container Successfully:

After Doing All Such things here is one WorkAround you need to do Because Before Submitting Certificate files to Nginx it won't run.

So to Run the Nginx Server Successfully we need to Create a Certificate before Getting started with the docker-compose.

This is because Let's Encrypt needs to perform an ACME Challenge Request to verify your domain ownership and issue a certificate.

Here is One Shell Script we have which will do all the work for us: LetsEncrypt-init.ssh

https://gist.github.com/ravikyada/f25f904a842027003cca2c2256e60624

Please change your domain name and Preferable script Before Getting Started with the Script.

How certbot SSL Works in Docker Container:

Certbot is a free, open-source tool that simplifies the process of obtaining and renewing SSL/TLS certificates for your website.

Before running the Certbot command to install a new SSL/TLS certificate, it's necessary to set up a basic instance of Nginx to make your domain accessible over HTTP.

The web root directory is mounted as a volume in the Docker Compose file, so Certbot can write files to the directory and the NGINX service can serve those files to Let's Encrypt for verification.

Once the Certbot service has generated the SSL/TLS certificate, it will be saved in the Certbot configuration directory, which is mounted as a volume in the Docker Compose file.

In summary, Certbot works by interacting with Let's Encrypt to generate SSL/TLS certificates for your website, and the Docker Compose file and their volume sets up a complete system for using Certbot to secure your website with HTTPS.

Build Docker Images with Kaniko Inside Jenkins Deployed On Kubernetes

Ravi Kyada — Thu, 20 Apr 2023 16:49:25 GMT

Building Docker images in a Local system with a simple Dockerfile is the Easiest Task for those who work with Docker and Kubernetes.

But the tricky thing is when we need to work on building Docker images inside Docker Containers. That's Nothing but DockerinDocker.

Most of We Are Mounting /var/run/docker.sock into the Base Image and Building the Docker image, But For Some Reason, We Are facing This error While Building Docker Images Inside Kubernetes pods:

Kaniko is a tool that enables building Docker images in a container without needing to run a Docker daemon. This makes it ideal for building images in environments where Docker is not installed or for building images inside a container.

Kaniko runs in a Docker container and has the single purpose of building and pushing a Docker image. This design means it’s easy for us to spin one up from within a Jenkins pipeline, running as many as we need.

Kaniko runs as a container and takes in three arguments: a Dockerfile, a build context, and the name of the registry to which it should push the final image.

What is Docker Daemon:

Docker daemon is A persistent background process that manages Docker images, containers, networks, and storage volumes. The Docker daemon constantly listens for Docker API requests and processes them.

One thing about Docker is that we need to have root access to Interact with Docker Commands. Obviously, there is Risk while we worked with root access for any applications.

Kaniko- The Best Solution for DinD In K8s 1.24:

Kubernetes is easy to deploy and scale containerized applications. However, Kubernetes does not include a built-in way to build Docker images.

Previously, the common approach was to use a Docker-in-Docker (DinD) setup or to mount the Docker socket inside the container.

However, these approaches have some drawbacks, such as requiring privileged containers, potential security concerns, and difficulty in managing the Docker daemon inside the container.

In Kubernetes 1.24, the Kubernetes project has deprecated support for using the Docker daemon directly in a container.

Instead, the recommended approach is to use a tool like Kaniko for building Docker images. Kaniko allows us to build Docker images without requiring a Docker daemon or mounting the Docker socket inside the container.

This eliminates the need for privileged containers, reduces security concerns, and makes it easier to manage the container.

Let’s start Towards Creating Kaniko Pod to Build Docker Images:

Prerequisites Before Getting Started:

1. Kubernetes Environment with Docker Registry Secrets.

2. Docker Configurations File to mount a volume in /kaniko/.docker/ Path of the kaniko Container.

3. Docker Context with Dockerfile.

Understanding Docker Arguments:

Before Getting Your Hands Dirty With Kaniko, Let's Take an Overview of the Kaniko and Arguments Which make sense to work with Kaniko.

Dockerfile: Dockerfile is the File Containing all the Steps to be Run DUring the Time of Building the Image.
Destination: Destination is the docker registry where the built image should be pushed. This means Kaniko Build and Pushes the Image in a Single Line Of Command.

If you just want to build and not to be pushed to the registry, then you can also use –the no-push flag. Which will just Build the image, nothing More.
Build Context: Build context is nothing more than Normal Docker Context, the Directory where Docker builds the image.

Kaniko features a Bunch of Cloud Storages for docker context with --context Arguments. Supported Storages for Kaniko to Build the Docker images are :

Git Repository
Local Directory
S3 Bucket
GCS Bucket
Azure Blob Storage
Standard Input

Creating Secrets for AWS CLI in Jenkins Branch.

So, We Are Going to Push Our Image Built by Kaniko to the Private AWS ECR Repository we first need to Have Access to the AWS Secret and Access key with ECR Permissions.

Kaniko Accepts AWS and Secret Keys From Volume, Which We Mount During Pod Creation. So First Create AWS Credentials File.

Sample AWS Credentials File:

[default]
aws_access_key_id = AKXXXXXXXXXMQ
aws_secret_access_key = HdXXXXXXXXXXXXXXXXX458

Create Secrets From that file with this command:

kubectl create secret generic aws-secret --from-file= -n jenkins

Docker Manages their Services with a config.json file inside ~/.docker/ Directory. So, Let’s Create Configmap For Docker Configurations Which Will Manage the Credentials Store For AWS ECR Registry.

{
    "auths": {
        "1234567890.dkr.ecr.ap-south-1.amazonaws.com": {},
        "https://index.docker.io/v1/": {}
    },
    "credsStore": "ecr-login"

}

Use this Command to Create Configmap in jenkins NameSpace:

kubectl create configmap docker-config --from-file= -n jenkins

Now We Are Good to Go with the Docker Registry Credentials For AWS. For GCR or Docker registry, You may need to Do Some Changes config.json Of Docker.

Normally In Mac and Linux, the config.json is Stored in cat ~/.docker/config.json Path.

Going Forward Create Jenkinsfile with PodTemplate of Kaniko.

Set up Jenkinsfile With Kaniko Executor Image and Mount Volumes with AWS CLI Secret And Docker Registry config maps.

Here is the Pod.yaml That you should use to Create Pod inside Jenkinsfile.

https://gist.github.com/ravikyada/6f76bdbfdc192e5f29839e2a7dbc869b

Create Jenkins Job Stage with Environment Variable PATH = "/busybox:/kaniko:$PATH". The Reason behind this variable is to Help Kaniko to Pick their Context from the Current Directory inside the Pod Container.

Now Here is the Final Jenkinsfile:

https://gist.github.com/ravikyada/2fd9c74ea03e43f27a4b8dd7d4074888

Thank you so much for Reading the Article till the End! 🙌🏻 Your time and interest truly mean a lot 😁📃.

If you have any questions or thoughts about this blog, feel free to connect with me:

LinkedIn: https://www.linkedin.com/in/ravikyada

Twitter: https://twitter.com/ravijkyada

Until next time, Cheers to more learning and discovery✌🏻!

Getting Started with AWS Lambda: A Basic Guide and Key Features for Beginners

Ravi Kyada — Sun, 16 Apr 2023 05:16:24 GMT

In today’s digital age, there is a growing demand for software applications that can scale quickly, be deployed easily, and cost-effectively. This is where serverless computing comes in, and AWS Lambda is a popular solution for implementing the serverless architecture.

In this article, we will discuss AWS Lambda and its key features, and how it can benefit businesses of all sizes.

What is AWS Lambda?

AWS Lambda is a serverless computing service provided by Amazon Web Services (AWS) that allows users to run code in response to specific events or triggers, without the need to manage servers.

It is a platform that enables developers to build and run applications without worrying about the underlying infrastructure. AWS Lambda is designed to handle and scale automatically based on the traffic and workload it receives, making it a cost-effective and efficient solution for businesses of all sizes.

How does AWS Lambda work?

AWS Lambda works by running code in response to events or triggers such as HTTP requests, changes to data in an AWS S3 bucket, or changes in a database.

Developers can write code in languages like Node.js, Python, Java, C#, and Go and upload it to AWS Lambda. Once the code is uploaded, it is ready to be executed in response to the specified events or triggers.

AWS Lambda automatically manages the underlying infrastructure, including the scaling of the resources needed to run the code. This makes it easy to develop and deploy applications without having to worry about managing servers.

Key Features of AWS Lambda:

Scalability: AWS Lambda can handle large workloads and automatically scale resources to meet demand. It can support thousands of concurrent requests and can scale up or down based on the traffic.
Cost-Effective: AWS Lambda pricing is based on the number of requests and the duration of execution time, making it a cost-effective solution. This means that businesses only pay for the time their code is executed, and there is no need to pay for idle time or unused resources.
Easy to Use: AWS Lambda is easy to set up, and there is no need to manage or provision servers. This makes it easy to develop and deploy applications quickly.
Integrations: AWS Lambda integrates with other AWS services such as Amazon S3, Amazon DynamoDB, and Amazon API Gateway, making it easy to build complex applications.
Security: AWS Lambda is designed with security in mind and provides multiple layers of security, including access control and encryption. This ensures that your code and data are protected at all times.

Conclusion:

AWS Lambda is an excellent solution for businesses that want to implement serverless computing. It provides an easy-to-use platform that enables developers to build and run applications without worrying about the underlying infrastructure.

With its scalability, cost-effectiveness, and integrations with other AWS services, AWS Lambda is a powerful tool that can help businesses of all sizes improve their efficiency and reduce costs. We hope that this beginner’s guide has provided you with a better understanding of AWS Lambda and its key features.

Basics of Docker networking: Configuring communication between containers

Ravi Kyada — Sat, 15 Apr 2023 14:42:39 GMT

Docker is an open-source platform that enables developers to build, ship, and run applications in containers.

One of the key advantages of containerization is the ability to easily configure communication between containers, allowing them to work together seamlessly to deliver a complete solution.

In this article, we'll explore the basics of Docker networking, and show you how to configure communication between containers.

What is Docker Networking:

Docker containers are designed to be self-contained and isolated, but they often need to communicate with each other to form a complete application.

Docker networking refers to the process of creating a virtual network that enables the communication between containers, as well as between containers and the host machine.

By default, Docker creates a bridge network for each host, which provides a secure and isolated environment for container communication.

When you create a container, it's automatically assigned an IP address on the bridge network, which allows it to communicate with other containers and the host.

However, if you want to configure more complex networking scenarios, such as creating multiple networks or connecting containers to external networks, you'll need to use Docker networking commands.

In this article, we will discuss how to configure communication between containers using Docker networking.

Types of Docker Networks

Docker provides several types of network drivers for creating custom networks that connect containers. Let's take a look at the different types of networks:

Bridge Network

The bridge network is the default network in Docker, and it provides automatic IP address assignment to containers. Containers connected to the same bridge network can communicate with each other using their IP addresses or hostnames.

To create a bridge network, use the following command:

docker network create my-bridge-network

You can connect a container to the bridge network using the --network option when running the container:

docker run --network my-bridge-network my-container

Host Network

The host network driver allows the container to use the host's networking directly. This means that the container does not have a separate network namespace and shares the host's network stack. This can improve network performance but can also cause security issues.

To use the host network, use the following command:

docker run --network host my-container

Overlay Network

The overlay network driver allows you to create a distributed network across multiple Docker hosts. It uses the VXLAN protocol to create an overlay network that spans multiple hosts. Containers connected to the same overlay network can communicate with each other, even if they are running on different hosts.

To create an overlay network, use the following command:

docker network create --driver overlay my-overlay-network

Macvlan Network

The Macvlan network driver allows you to assign a MAC address to a container, which makes it appear as a physical device on the network. This can be useful for legacy applications that require direct access to the network hardware.

To create a Macvlan network, use the following command:

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 my-macvlan-network

In this command, --subnet specifies the IP address range for the network, --gateway specifies the default gateway, and -o parent specifies the physical interface to use.

Creating a Docker Network

To create a new Docker network, you can use the docker network create command, followed by a network name and options to specify the network driver and subnet. For example, to create a new bridge network called my-network, you can run the following command:

docker network create --driver bridge --subnet 172.20.0.0/16 demo-network

This command creates a new bridge network with the specified subnet and assigns the name demo-network to the network. You can then use this network to connect containers to each other and to external networks.

Connecting Containers to a Network

Once you've created a network, you can connect containers to it using the --network option when you run the container.

For example, to start a new container and connect it to the my-network bridge network, you can run the following command:

docker run --name my-container --network my-network my-image

This command starts a new container called my-container from the image demo-image and connects it to the demo-network bridge network.

If you want to connect an existing container to a network, you can use the docker network connect command. For example, to connect a container called demo-container to the demo-network bridge network, you can run the following command:

docker network connect my-network my-container

This command connects the demo-container container to the demo-network bridge network.

Exposing Container Ports

When you connect containers to a network, you can also expose the container's ports to the network, allowing other containers to access the container's services.

To expose a port, you can use the -p option when you run the container, followed by the container port and the host port.

For example, to expose port 80 on the container to port 8080 on the host, you can run the following command:

docker run -p 8080:80 demo-image

This command starts a new container from the my-image image, and maps port 80 in the container to port 8080 on the host.

Using Docker DNS

By default, Docker provides a DNS server for containers, which allows containers to communicate with each other using hostnames instead of IP addresses. When you create a container, Docker automatically adds the container's hostname to the DNS server, which allows other containers to access the container using its hostname.

For example, if you have two containers called web and db connected to the same network, you can access the db container from the web container using its hostname, like this:

ping db

What is the Best Way to Work with Docker DNS:

Docker Compose is a tool that allows you to define and run multi-container Docker applications. It simplifies the process of configuring network communication between containers by allowing you to define networks in a single file.

To define a network in a Docker Compose file, use the following syntax:

https://gist.github.com/ravikyada/e3b9b678cf9f10de53cff4d79aa7c960

In this example, we define a bridge network called my-network and connect two services (app and db) to it.

Network Security:

Security is an important consideration when configuring communication between containers.

By default, all containers on the same Docker network can communicate with each other, which can create a security risk. Here are some tips for securing your Docker network:

Use Network Segmentation: Divide your Docker network into multiple subnets to restrict communication between containers. For example, you can create a separate network for your database containers and only allow application containers to access it.
Use Access Control: Use Docker's built-in firewall to restrict traffic between containers. You can use

Conclusion:

In conclusion, Docker networking plays an important role in containerized applications. It provides a seamless and efficient way of communication between containers and the host machine. Docker offers a range of networking options, such as bridge, host, overlay, and macvlan, that can be used to meet various requirements.

Understanding Docker networking is crucial for anyone who works with Docker containers. It helps in managing containerized applications efficiently and effectively. Docker provides a lot of tools to monitor and troubleshoot networking issues, such as Docker inspect, Docker network, and Docker logs.

Overall, Docker networking is a powerful and essential feature of the Docker platform. It allows developers and operations teams to build and deploy complex containerized applications with ease. By mastering Docker networking, you can make your containerized applications more reliable, scalable, and secure.

Basic Useful Commands for Docker

Ravi Kyada — Sat, 15 Apr 2023 13:38:57 GMT

As DevOps continues to revolutionize the software development process, Docker has become an essential tool for developers looking to build and deploy their applications more efficiently.

What is Docker:

Docker is a powerful containerization platform that allows developers to package their applications and dependencies into a single, portable container.

With Docker, developers can easily move their applications between environments, eliminate compatibility issues, and simplify the deployment process.

However, to fully leverage Docker's capabilities, it's essential to understand some of the Docker components and most useful commands for managing and troubleshooting Docker containers.

In this article, we'll explore some of the most basic and essential Docker components and commands that every DevOps engineer should know.

Let's Dive into Docker Components:

Before we dive into Docker commands, let's briefly review some of the key components of Docker. A Complete Overview of the Essential Components of Docker, Including Engine, Images, Containers, Registry, and Compose.

Docker Engine:
Docker Engine is the core component of Docker that enables containerization on a host machine. It includes a daemon process (dockerd) and a command-line interface (CLI) client (docker) that communicates with the daemon to manage containers, images, networks, and volumes.

Docker Images:
A Docker image is a lightweight, standalone, and executable package that contains everything needed to run an application, including code, libraries, dependencies, and runtime. Images are built from a Dockerfile, which is a script that defines the steps to create the image.

Docker Containers:
A Docker container is a running instance of a Docker image. Containers are isolated environments that run on top of the host machine's operating system, with their own filesystem, network, and resources. Containers are lightweight, fast, and can be easily started, stopped, and restarted.

Docker Registry:
A Docker registry is a repository that stores Docker images. The most popular Docker registry is Docker Hub, a public registry that hosts thousands of images. However, organizations can also set up private registries to store and share their own images.

Docker Compose:
Docker Compose is a tool for defining and running multi-container Docker applications. Compose uses a YAML file to define the services, networks, and volumes required by the application, and can start, stop, and manage the containers as a single unit.

Basic Useful Commands for Docker:

Docker ps:

Check All the Running Containers in the machine.

docker ps

The docker ps command is used to list all the running containers on your local machine. By default, it only shows the container ID, image name, command, and status of the Running Containers Only.

However, you can use various options with this command to display additional information, such as container names, ports, and network information.

Example: To display Only the Name and ContainerI'd of the running containers, use the following command

docker ps --format "table {{.ID}}\t{{.Names}}"

Docker run:

to Run Any Images from the machine.

docker run command is used to create and run a new container from a Docker image. You can use various options with this command to customize the container, such as specifying the image name, container name, ports, and environment variables.

Example 1: Run a container from images and specify the container name you want to call it. Use -d Flag to Run this container in detached(background) mode:

docker run -d nginx

Example 2: Run a new container from the "nginx" image and map port 80 on the host to port 80 in the container, use the following command:

docker run -d --name my-nginx -p 80:80 nginx

Example 3: Run a container with a mounted volume from the local machine to docker image:

docker run -d --name mynginx -p 80:80 -v /home/user/demo:/usr/share/nginx/html nginx

This will run a container from the nginx image and mount the /path/on/host directory on the host to the /path/in/container directory inside the container.

Docker stop:

to stop any Running Container in your local machine.

docker stop command is used to stop a running container. You can specify the container ID or container name as an argument to this command.

Example1: To stop a container with the ID "7d7a18ea75f", use the following command:

docker stop 7d7a18ea75f

Example 2: To stop all the Running containers in your machine.

docker stop $(docker ps -q)

docker rm:

the docker rm command is used to remove one or more containers from your local machine. You can specify the container ID or container name as an argument to this command.

you can not remove any running containers. so to remove the container you should first stop that container and then delete that container.

Example 1: Remove multiple stopped containers in a single command:

docker rm 7d7a18ea75f 7d7a16740fbn

Example 2: Remove All the stopped containers in a single command. The docker ps -a -q command is used to get the IDs of all containers, including stopped ones.

docker rm $(docker ps -a -q)

PRO Tip: By default, when you delete a container using the docker rm command, any volumes that were created for the container will not be deleted. This means that the data stored in those volumes will persist even after the container is deleted.

If you want to delete the volumes associated with a container when you remove the container, you can use the -v option with the docker rm command. For example:

docker rm -v

docker images:

docker images command is used to list all the Docker images on your local machine. By default, it shows the image ID, repository, tag, and size.

Example 1: You can use the REPOSITORY argument to filter images by repository name. For example, to list all images in the nginx repository, run the following command:

docker images nginx

Example 2: To display only the repository and tag of the Docker images, use the following command:

docker images --format "table {{.Repository}}\t{{.Tag}}"

docker build:

The docker build command is used to create a Docker image from a Dockerfile. A Dockerfile is a text file that contains a set of instructions that are used to build a Docker image.

The docker build command reads the instructions from the Dockerfile and builds an image according to the specified instructions.

Example: Assuming we have a directory named myapp that contains the Dockerfile and all necessary files, you can build a Docker image using the following command:

docker build -t demo-image -f Dockerfile .

In this example, the -t option is used to specify the name and tag of the Docker image that will be created. The demo-image name is used as the name of the image, and the latest is used as the tag. The -f Flag Asks for Dockerfile and it checks all the necessary files for the Dockerfile.

FROM node:14-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD ["npm", "start"]

FROM: Specifies the base image that will be used to build the new image. In this case, the Node.js 14 Alpine image is used.
WORKDIR: Sets the working directory for the following instructions.
COPY: Copies the package.json and package-lock.json files to the working directory.
RUN: Installs the dependencies specified in the package.json file using the npm install command.
COPY: Copies all the files in the current directory to the working directory.
EXPOSE: Exposes port 3000 to the outside world.
CMD: Specifies the command that will be run when the container is started.

By running the docker build command with the appropriate options, you can build a Docker image from this Dockerfile. Once the image is built, you can use the docker run command to start a new container from the image.

Conclusion

Docker is a powerful tool for containerizing and deploying applications and mastering Docker commands is essential for any DevOps engineer. By understanding

Deploying External DNS With AWS EKS

Ravi Kyada — Sat, 15 Apr 2023 12:49:29 GMT

Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) is a managed service that simplifies the deployment, scaling, and management of containerized applications using Kubernetes.

One of the key benefits of EKS is its ability to integrate with other AWS services, such as Route 53, to provide DNS resolution for your Kubernetes clusters.

In this article, we will discuss how to deploy External DNS on AWS EKS to automate the creation and deletion of DNS records for Kubernetes services.

Overview of External DNS:

External DNS is a Kubernetes add-on that automatically creates and deletes DNS records in an external DNS provider based on Kubernetes service and ingress resources.

This enables you to use custom domain names for your Kubernetes services without having to manually create and update DNS records. External DNS supports a variety of DNS providers, including Route 53, Google Cloud DNS, Azure DNS, and more.

Deploying External DNS on AWS EKS:

To deploy External DNS on AWS EKS, you will need to follow the steps below:

Create an IAM policy

https://gist.github.com/ravikyada/da265ef115e5838bfedac9201db0a8dd

First, you need to create an IAM policy that grants External DNS permissions to manage Route 53 resources. You can use the following policy as a starting point:

Save this policy as a JSON file, such as “external-dns-iam-policy.json” and Create a Policy in AWS IAM Dashboard. Now With this page copy the ARN of this Policy as we need to use this in the upcoming command.

Create IAM Service Account with the Policy you just Created

Next, you need to create an IAM Service Account that External DNS can assume to manage Route 53 resources. You can use the following command to create the role:

For that, you need to have eksctl configured in your system.

eksctl create iamserviceaccount --name --namespace --cluster --attach-policy-arn --approve --profile

Please Replace the Values between hyphens <> in this command, Here I had given you Sample Command. Please be sure you are using the same namespace during the whole tutorial.

eksctl create iamserviceaccount --name external-dns --namespace default --cluster demo-cluster --attach-policy-arnarn:aws:iam::012345678901:policy/ExternalDNSPolicy--approve --profile demo-keys

In Backend, this command will create a Cloudformation stack in your was account. so you can check the status and resources created by this command in the AWS cloud formation stack Dashboard.

After Completing this Cloudformation stack, you can check ServiceAccount created in the default namespace.

kubectl get sa -n default

Now We are done with the AWS Side Configurations, Now let’s have some work done for the Kubernetes side to give Cluster access to change the DNS Changes at Route53 Hosted Zone from Kubernetes Files.

Create ClusterRole and ClusterRole Binding:

Let’s Create Cluster Role and Clusterrole binding files so that external-dns-controller can do change to the Route53 DNS.

https://gist.github.com/ravikyada/c90064e5b90598592b14076491ece435

Now Let’s Create a ClusterRoleBinding.yaml file for the Clusterrole we created.

https://gist.github.com/ravikyada/c2273191c26b9b789fd36537cf2eb1ff

Now, For the Acess, we have done all the work with Cluster and cluster role binding, Just Apply both files with the command.

kubectl apply -f

Now we will create One Deployment File for external-dns-controller which will do all the work for us.

Create a Deployment file for External DNS Controller

https://gist.github.com/ravikyada/ff714ed1ecc37fc329f894774906fe24

This Deployment Managed Pod will deploy the External DNS controller in your Kubernetes cluster. The controller will monitor your Kubernetes services and ingresses and automatically create and delete Route 53 DNS records as necessary.

After Deploying this Deployment File Now Check for the Deployment with 1 Pod is Up And Running.

kubectl get deployments

Also, You can check the Logs of the Pod Created by the Deployment By:

kubectl logs  -n default

Now, After Full Deployment, you are Ready with the External DNS and you don’t need to add External DNS to all your API Of the Cluster Services. It will automatically add all your Services and Ingresses automatically to the Route53 Hosted Zone.

Configuring External DNS in K8s Files

Once External DNS is deployed, you can configure it to create and manage DNS records for your Kubernetes services. To do this, you can add annotations to your Kubernetes services or ingresses that specify the desired DNS name and DNS provider.

For example, to create a DNS record for a Kubernetes service named “my-service” with a DNS name of “my-service.example.com” in Route 53, you can add the following annotation to your service:

https://gist.github.com/ravikyada/84c02434dfbef47915cf52334e03fa34

Congrats! You have successfully deployed external DNS with AWS EKS. With external DNS, you can now easily expose your Kubernetes services to the internet or other parts of your infrastructure by automatically creating DNS records.

Remember to regularly monitor your DNS records to ensure that they are accurate and up-to-date. You can also customize external DNS to meet your specific needs by modifying the configuration options.

Overall, deploying external DNS with AWS EKS is a straightforward process that can provide significant benefits for your applications. With this guide, you should be well-equipped to get started with external DNS and take advantage of its powerful features.