aws api_仅需20分钟即可在AWS上部署Kubernetes和Restful API

aws api

Just a few years back, setting up Kubernetes clusters and deploying Microservices and APIs used to take an awful lot of time. Initially there were no managed Kubernetes clusters and everyone had to roll up their sleeves and set up something from scratch. The introduction of managed clusters by AWS, Google Cloud, and Azure was a game-changer, and made Kubernetes much more accessible.

Ĵ乌斯在几年前，建立Kubernetes集群和部署用于拍摄非常多的时间微服务和API。 最初没有托管的Kubernetes集群，每个人都必须袖手旁观，并从头开始建立一些东西。 AWS ， Google Cloud和Azure对托管集群的引入改变了游戏规则，使Kubernetes更加易于访问。

What I will try and demonstrate here, is how much faster it has become to provision Kubernetes and APIs these days. You still need to have of course in-depth knowledge and understand what you are doing. You still need to have decent skills with the command line and experience with a variety of languages and AWS. But tools have improved and something that used to take hours can now take a few minutes.

我将在这里尝试演示的是，如今配置Kubernetes和API的速度已经提高了多少。 当然，您仍然需要具有深入的知识并了解您在做什么。 您仍然需要具备命令行方面的良好技能，并需要使用多种语言和AWS的经验。 但是工具已经得到改进，以前需要几个小时才能完成的工作现在可能需要几分钟。

In the next few sections, I will share with you the necessary tools and a step by step guide to provision a Kubernetes cluster, deploy a simple Todo API written in Python and expose it via an AWS Elastic Load Balancer. This entire process usually takes me around 20 minutes, enough time to go and get some fresh coffee.

在接下来的几节中，我将与您分享必要的工具和逐步指南，以配置Kubernetes集群，部署用Python编写的简单Todo API并通过AWS Elastic Load Balancer公开它。 这整个过程通常需要我大约20分钟，足够的时间去喝些新鲜的咖啡。

So let’s dive straight in!

因此，让我们直接潜水吧！

入门 (Getting started)

I will admit that you need to have a few scripts and repositories ready before you try this. Links to the repos are made available in later sections. You will also need to have decent skills with the command line. I am using zsh as my default shell, with decent autocompletion that really boosts my productivity here.

我承认，在尝试此操作之前，您需要准备一些脚本和存储库。 稍后部分中提供了指向回购协议的链接。 您还需要在命令行上具有不错的技能。 我使用zsh作为默认外壳程序，并具有不错的自动完成功能，这确实提高了我的生产力。

Before we even start though, let’s check the list of prerequisites, from tools to install, to AWS services you need to be familiar with:

在开始之前，我们先检查一下先决条件列表，从要安装的工具到您需要熟悉的AWS服务：

• AWS EKS: stands for Elastic Kubernetes Service and offers managed Kubernetes clusters. The managed part, means that Amazon provides scalable and highly-available master nodes deployed across multiple AWS availability zones

  AWS EKS ：代表Elastic Kubernetes服务，并提供托管的Kubernetes集群。 托管部分意味着Amazon提供了跨多个AWS可用性区域部署的可扩展且高度可用的主节点

• AWS Cloudformation: used to provision AWS resources such as servers, Virtual Private Networks (VPC), service accounts and more

  AWS Cloudformation ：用于供应AWS资源，例如服务器，虚拟专用网络(VPC)，服务帐户等

• AWS ELB: is a load balancer that distributes incoming traffic to our cluster services via an NGINX Ingress Controller

  AWS ELB ：是一个负载平衡器，可通过NGINX入口控制器将传入流量分配给我们的集群服务

• NGINX Ingress Controller: is an application that runs in the cluster and configures an HTTP load balancer according to Ingress resources. In this demo we will use it to expose our API via an AWS ELB

  NGINX Ingress Controller ：是一个在集群中运行的应用程序，根据Ingress资源配置HTTP负载均衡器。 在此演示中，我们将使用它通过AWS ELB公开我们的API

• AWS CLI: the command line tool you really need to know if you want to provision or manage resources on AWS

  AWS CLI ：您确实需要知道是否要在AWS上配置或管理资源的命令行工具

• AWS IAM: this is where access to resources is managed

  AWS IAM ：这是管理资源访问的地方

• AWS ECR: stands for Elastic Container Registry and it’s the Amazon Docker container registry where we will push our Todo API

  AWS ECR ：代表Elastic Container Registry，这是我们将推送Todo API的Amazon Docker容器注册表

• eksctl: this is the CLI tool that we are going to use to deploy the cluster. Effectively eksctl creates Cloudformation stacks and offers the YAML approach in parameterising and provisioning Kubernetes

  eksctl ：这是我们将用于部署集群的CLI工具。 eksctl有效eksctl创建了Cloudformation堆栈并在参数化和配置Kubernetes中提供了YAML方法

• kubectl: the Kubernetes CLI tool

  kubectl ：Kubernetes CLI工具

• Helm: this is the package manager for Kubernetes that we’ll be using to install applications in our cluster

  Helm ：这是Kubernetes的软件包管理器，我们将使用它在集群中安装应用程序

计时器从00:00开始-设置Kubernetes (Timer starts at 00:00 — Provision Kubernetes)

Before we start our imaginary timer and provision a new cluster, you will need to download the tools mentioned earlier and more specifically eksctl. Initially developed by Weaveworks and later adopted by AWS, eksctl covers a range of commands for creating, managing and deleting clusters. It allows you to create groups of nodes for different workloads, set up service accounts and more.

在启动虚拟计时器并配置新集群之前，您需要下载前面提到的工具，尤其是eksctl 。 eksctl最初由Weaveworks开发，后来被AWS采纳，涵盖了用于创建，管理和删除集群的一系列命令。 它允许您为不同的工作负载创建节点组，设置服务帐户等。

Once you download the tool you can create a new cluster using the create cluster command and a configuration YAML file like the one in Figure 1. This file contains a few parameters such as the number and type of nodes, networking configuration, access control to AWS services, etc.

下载该工具后，您可以使用create cluster命令和一个配置YAML文件( 如图1中的文件)创建一个新集群。 该文件包含一些参数，例如节点的数量和类型，网络配置，对AWS服务的访问控制等。

Before you start, you have to really decide what kind of cluster you need. This is a simple demo, so I am provisioning a small cluster with 3 worker nodes of m5.large EC2 type on three availability zones. One thing to note, is that you will have to replace the serviceRoleARN with the one you set up on AWS IAM.

在开始之前，您必须真正决定所需的集群类型。 这是一个简单的演示，因此我将在三个可用区上配置一个具有3个m5.large EC2类型工作节点的小型集群。 要注意的一件事是，您将必须用在AWS IAM上设置的serviceRoleARN替换serviceRoleARN。

Figure 1: The cluster.yaml required to create a new Kubernetes cluster.

图1：创建新Kubernetes集群所需的cluster.yaml。

Once your cluster.yaml is ready you can execute the command below and start the timer.

一旦您的cluster.yaml准备就绪，您就可以执行以下命令并启动计时器。

eksctl create cluster -f cluster.yaml

It usually takes around 15 minutes in my region to provision a new cluster and as you can see below, there is plenty of logging information.

在我所在的地区，通常大约需要15分钟才能配置一个新集群，并且正如您在下面看到的那样，这里有很多日志信息。

Figure 2: eksctl creates a new cluster with the configuration given in cluster.yaml.

图2：eksctl使用cluster.yaml中给定的配置创建一个新集群。

After 15 minutes, once the cluster is up and running, we install the Kubernetes dashboard, with three successive commands using a config file for the Metrics server, Kubernetes dashboard and the required EKS service account. The YAML files referenced below and the config for the cluster can be found in the Github repo here.

15分钟后，一旦群集启动并运行，我们将使用三个连续的命令安装Kubernetes仪表板，该命令使用用于Metrics服务器的配置文件，Kubernetes仪表板和所需的EKS服务帐户。 下面引用的YAML文件和集群的配置可以在此处的Github存储库中找到 。

kubectl apply -f metrics-components.yamlkubectl apply -f kubernetes-dashboard.yamlkubectl apply -f eks-admin-service-account.yaml

Once the dashboard is installed, you can access it by running kubectl proxy and visiting the page below:

安装仪表板后，您可以通过运行kubectl proxy并访问以下页面来访问它：

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#!/login

You will be asked for an authentication token which you can retrieve by executing:

系统将要求您提供身份验证令牌，可以通过执行以下操作来检索该令牌：

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')

And viola! The dashboard shows 3 healthy nodes up and running, in three availability zones and with minimal CPU and Memory utilization.

和中提琴！ 仪表板显示了3个运行正常的节点，它们处于三个可用区中，并且CPU和内存使用率最低。

Figure 3: Kubernetes dashboard is showing a healthy set of new nodes.

图3：Kubernetes仪表板显示了一组健康的新节点。

计时器在00:16-设置Todo API (Timer at 00:16 - Set up the Todo API)

After 16 minutes, we have only a tiny bit of time left to deploy our demo API. There are 1000s of todo APIs available on the web but for the purposes of this article, I developed something really simple with a few endpoints available. The API is written in Python and the Flask framework, and uses Helm charts for deployment. The source code can be found here and has some basic instructions on how to build and push the Docker images to AWS ECR.

16分钟后，我们只剩下一小段时间来部署我们的演示API。 Web上有数千种todo API，但是出于本文的目的，我开发了一些非常简单的东西，并提供了一些端点。 该API用Python和Flask框架编写，并使用Helm图表进行部署。 可在此处找到源代码，并提供了有关如何构建并将Docker映像推送到AWS ECR的一些基本说明。

The API is serving to clients via three endpoints, one used by Kubernetes to check the health of the service, and two more to add or retrieve todo items.

该API通过三个端点为客户端提供服务，其中一个端点被Kubernetes用于检查服务的运行状况，另外两个端点用于添加或检索待办事项。

GET /healthzPOST /tasksGET /tasks

To use this API in Kubernetes you need to first build and push a Docker image to AWS ECR. You create a new repository as can be seen below with security scans enabled by default. It is useful to see if there are any critical vulnerabilities in the images used by Kubernetes.

要在Kubernetes中使用此API，您需要首先构建Docker映像并将其推送到AWS ECR 。 您将创建一个新的存储库，如下所示，默认情况下启用了安全扫描。 查看Kubernetes使用的映像中是否存在任何严重漏洞很有用。

Figure 4: Create a repository on AWS ECR.

图4：在AWS ECR上创建一个存储库。

Once the Docker image is pushed we can reference it in the deployment Helm charts with the correct tag. I often reference the latest tag for the image, if I am not interested in a specific version.

推送Docker映像后，我们可以使用正确的标签在部署Helm图表中引用它。 如果我对特定版本不感兴趣，我通常会引用图像的latest标签。

计时器在00:18 — 设置NGINX入口控制器 (Timer at 00:18 — Set up an NGINX Ingress Controller)

To expose any Restful API running inside Kubernetes you will need to set up an NGINX Ingress Controller . Ingress Controllers are connected to an AWS Elastic Load Balancer and distribute incoming traffic to Kubernetes pods and services.

要公开Kubernetes中运行的任何Restful API，您需要设置一个NGINX Ingress Controller 。 入口控制器连接到AWS Elastic Load Balancer，并将传入流量分发到Kubernetes窗格和服务。

You can install an Ingress Controller using the official helm chart which resides in the repo https://kubernetes-charts.storage.googleapis.com/ . You will need to add the Helm repo first before you try and install anything. You will also need to configure NGINX so that you can expose your API via an Elastic Load Balancer.

您可以使用位于仓库https://kubernetes-charts.storage.googleapis.com/的官方头盔图表来安装Ingress Controller。 在尝试安装任何组件之前，您需要先添加Helm存储库。 您还需要配置NGINX以便可以通过Elastic Load Balancer公开API。

The nginx-ingress-values.yaml that you can find in the repo I mentioned earlier, contains all the configuration settings you need to expose the Todo API. It is worth mentioning here, that I am using a Network Load Balancer for this set up, which allows the distribution of traffic based on network variables, such as IP address and destination ports.

您可以在我前面提到的存储库中找到nginx-ingress-values.yaml ，其中包含公开Todo API所需的所有配置设置。 在这里值得一提的是，我为此设置使用了网络负载均衡器 ，它允许基于网络变量(例如IP地址和目标端口)分配流量。

service.beta.kubernetes.io/aws-load-balancer-type: nlb

Once the configuration settings are ready you can begin the installation of the NGINX Ingress Controller:

准备好配置设置后，就可以开始安装NGINX Ingress Controller ：

$ helm repo add stable https://kubernetes-charts.storage.googleapis.com/$ helm repo update$ helm install nginx-ingress stable/nginx-ingress -f nginx-ingress-values.yaml -n kube-system

It takes a few seconds and the Elastic Load Balancer appears ready on the AWS Console, while pods with a single Ingress Controller and a default backend are running on Kubernetes.

这会花费几秒钟，并且Elastic Load Balancer会在AWS控制台上显示就绪，而带有单个Ingress Controller和默认后端的Pod正在Kubernetes上运行。

计时器在00:19 —部署API (Timer at 00:19 — Deploy the API)

As mentioned earlier, Helm is a package manager that speeds up the deployment of applications in Kubernetes. Deployments can consist of a number of components such as replica sets, Ingress services, Cron Jobs, secrets, etc. With Helm we accelerate the deployment process and use a single file of parameter values to provision our Kubernetes resources.

如前所述，Helm是一个程序包管理器，可加快Kubernetes中应用程序的部署。 部署可以包含许多组件，例如副本集，Ingress服务，Cron Jobs，机密等。借助Helm，我们可以加快部署过程，并使用单个参数值文件来配置Kubernetes资源。

For the deployment of the Todo API I am using 3 replicas that will get deployed on 3 availability zones, tiny amount of memory resources and a single Gunicorn worker. Gunicorn is a production grade web server, that is commonly used to deploy Restful APIs written in Python and Flask.

对于Todo API的部署，我正在使用3个副本，这些副本将部署在3个可用区，少量内存资源和一个Gunicorn worker上。 Gunicorn是生产级的Web服务器，通常用于部署用Python和Flask编写的Restful API。

The parameter that needs attention of course is the Ingress service host, which will have to be replaced with the internet-facing load balancer of your AWS configuration. This value will essentially expose your API and make it accessible to the path specified, in this case /todoapp/api/v1.

当然，需要注意的参数是Ingress服务主机，必须将其替换为AWS配置的面向互联网的负载平衡器。 该值实际上将公开您的API，并使其可访问指定的路径，在本例中为/todoapp/api/v1 。

Figure 5: Helm values file for Todo API

图5：Todo API的Helm值文件

Once all the values are ready you can execute the command below and after a few seconds have the Todo API up and running.

准备好所有值后，您可以执行下面的命令，几秒钟后启动并运行Todo API。

helm install todoapp deployment/todoapp/ -f deployment/prod-values.yaml

计时器在00:20！ (Timer at 00:20!)

At last, after 20 minutes the API is deployed with three pods running in Kubernetes (Figure 6) and exposed via the load balancer as seen in the Swagger documentation (Figure 7).

最后，在20分钟后，该API部署了三个在Kubernetes中运行的Pod( 图6 )，并通过负载均衡器公开(如Swagger文档中所示) ( 图7) 。

Figure 6: Three pods running the Todo API.

图6：运行Todo API的三个Pod。

You can now create some new tasks and store them in memory or retrieve them from the GET endpoint.

现在，您可以创建一些新任务并将其存储在内存中，或者从GET端点检索它们。

Figure 7: Access the API via the loadbalancer.

图7：通过负载平衡器访问API。

From this point onwards, you can continue by setting up the AWS API Gateway and AWS Cloudfront to expose the API to the outside world securely. You can set up users in AWS Cognito and enable OAuth2.0 authentication, add rate limiting and security rules in AWS WAF.

从现在开始，您可以继续设置AWS API Gateway和AWS Cloudfront，以将API安全地暴露给外界。 您可以在AWS Cognito中设置用户并启用OAuth2.0身份验证，在AWS WAF中添加速率限制和安全规则。

There is still plenty of work to do before you have a production grade, secure API, however we have only spent 20 minutes so far to create a cluster and deploy our application.

在拥有生产级的安全API之前，仍有大量工作要做，但是到目前为止，我们仅花费了20分钟来创建集群并部署我们的应用程序。

Enjoy your coffee!

享受你的咖啡！

翻译自: https://medium.com/swlh/deploy-kubernetes-and-a-restful-api-on-aws-in-just-20-minutes-353372da6216

aws api