Welcome to Stack Simplify

Author: Kalyan Reddy Daida

12-Microservices-Deployment-on-EKS/temp

@@ -0,0 +1,182 @@
+# Microservices Distributed Tracing with X-Ray on AWS EKS
+
+## Step-01: Introduction
+### Introduction to AWS XRay & k8s DaemonSets 
+- Understand about AWS X-Ray Services
+- Understand Kubernetes DaemonSets
+- Understand the AWS X-Ray and Microservices network design on EKS Cluster
+- Understand about Service Map, Traces and Segments in AWS X-Ray
+
+### Usecase Description
+- User Management **getNotificationAppInfo**  will call Notification service **notification-xray** which will evetually send traces to AWS X-Ray service
+- We are going to depict one Microservice calling other Microservice
+
+### List of Docker Images used in this section
+| Application Name                 | Docker Image Name                          |
+| ------------------------------- | --------------------------------------------- |
+| User Management Microservice | stacksimplify/kube-usermanagement-microservice:3.0.0-AWS-XRay-MySQLDB |
+| Notifications Microservice V1 | stacksimplify/kube-notifications-microservice:3.0.0-AWS-XRay |
+
+## Step-02: Pre-requisite: AWS RDS Database, ALB Ingress Controller & External DNS
+
+### AWS RDS Database
+- We have created AWS RDS Database as part of section [06-EKS-Storage-with-RDS-Database](/06-EKS-Storage-with-RDS-Database/README.md)
+- We even created a `externalName service: 01-MySQL-externalName-Service.yml` in our Kubernetes manifests to point to that RDS Database. 
+
+### ALB Ingress Controller & External DNS
+- We are going to deploy a application which will also have a `ALB Ingress Service` and also will register its DNS name in Route53 using `External DNS`
+- Which means we should have both related pods running in our EKS cluster. 
+- We have installed **ALB Ingress Controller** as part of section [08-01-ALB-Ingress-Install](/08-ELB-Application-LoadBalancers/08-01-ALB-Ingress-Install/README.md)
+- We have installed **External DNS** as part of section [08-06-01-Deploy-ExternalDNS-on-EKS](/08-ELB-Application-LoadBalancers/08-06-ALB-Ingress-ExternalDNS/08-06-01-Deploy-ExternalDNS-on-EKS/README.md)
+```
+# Verify alb-ingress-controller pod running in namespace kube-system
+kubectl get pods -n kube-system
+
+# Verify external-dns pod running in default namespace
+kubectl get pods
+```
+
+## Step-03: Create IAM permissions for AWS X-Ray daemon
+```
+# Template
+eksctl create iamserviceaccount \
+    --name service_account_name \
+    --namespace service_account_namespace \
+    --cluster cluster_name \
+    --attach-policy-arn arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess \
+    --approve \
+    --override-existing-serviceaccounts
+
+# Replace Name, Namespace, Cluster Info (if any changes)
+eksctl create iamserviceaccount \
+    --name xray-daemon \
+    --namespace default \
+    --cluster eksdemo1 \
+    --attach-policy-arn arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess \
+    --approve \
+    --override-existing-serviceaccounts
+```
+
+### Verify Service Account and AWS IAM Role
+```
+# List k8s Service Accounts
+kubectl get sa
+
+# Describe Service Account (Verify IAM Role annotated)
+kubectl describe sa xray-daemon
+
+# List IAM Roles on eksdemo1 Cluster created with eksctl
+eksctl  get iamserviceaccount --cluster eksdemo1
+```
+
+## Step-04: Update IAM Role ARN in xray-k8s-daemonset.yml
+### Get AWS IAM Role ARN for xray-daemon
+```
+# Get AWS IAM Role ARN
+eksctl  get iamserviceaccount xray-daemon --cluster eksdemo1
+```
+### Update  xray-k8s-daemonset.yml
+- File Name: kube-manifests/01-XRay-DaemonSet/xray-k8s-daemonset.yml
+```yml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: xray-daemon
+  name: xray-daemon
+  namespace: default
+  # Update IAM Role ARN created for X-Ray access
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-addon-iamserviceaccount-defa-Role1-20F5AWU2J61F
+```
+
+### Deploy X-Ray DaemonSet on our EKS Cluster
+```
+# Deploy
+kubectl apply -f kube-manifests/01-XRay-DaemonSet/xray-k8s-daemonset.yml
+
+# Verify Deployment, Service & Pod
+kubectl get deploy,svc,pod
+
+# Verify X-Ray Logs
+kubectl logs -f <X-Ray Pod Name>
+kubectl logs -f xray-daemon-phszp  
+
+# List & Describe DaemonSet
+kubectl get daemonset
+kubectl describe daemonset xray-daemon
+```
+
+## Step-05: Review Deployment Manifests
+- **02-UserManagementMicroservice-Deployment.yml**
+```yml
+# Change-1: Image Tag is 3.0.0-AWS-XRay-MySQLDB
+      containers:
+        - name: usermgmt-restapp
+          image: stacksimplify/kube-usermanagement-microservice:3.0.0-AWS-XRay-MySQLDB
+
+# Change-2: New Environment Variables related to AWS X-Ray
+            - name: AWS_XRAY_TRACING_NAME 
+              value: "User-Management-Microservice"                
+            - name: AWS_XRAY_DAEMON_ADDRESS
+              value: "xray-service.default:2000"    
+            - name: AWS_XRAY_CONTEXT_MISSING 
+              value: "LOG_ERROR"  # Log an error and continue, Ideally RUNTIME_ERROR – Throw a runtime exception which is default option if not configured                                            
+```
+- **04-NotificationMicroservice-Deployment.yml**
+```yml
+# Change-1: Image Tag is 3.0.0-AWS-XRay
+    spec:
+      containers:
+        - name: notification-service
+          image: stacksimplify/kube-notifications-microservice:3.0.0-AWS-XRay
+
+# Change-2: New Environment Variables related to AWS X-Ray
+            - name: AWS_XRAY_TRACING_NAME 
+              value: "V1-Notification-Microservice"              
+            - name: AWS_XRAY_DAEMON_ADDRESS
+              value: "xray-service.default:2000"      
+            - name: AWS_XRAY_CONTEXT_MISSING 
+              value: "LOG_ERROR"  # Log an error and continue, Ideally RUNTIME_ERROR – Throw a runtime exception which is default option if not configured                                            
+
+```
+
+## Step-06: Review Ingress Manifest
+```yml
+# Change-1-For-You: Update with your SSL Cert ARN when using template
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:180789647333:certificate/9f042b5d-86fd-4fad-96d0-c81c5abc71e1
+
+# Change-2-For-You: Update with your "yourdomainname.com"
+    # External DNS - For creating a Record Set in Route53
+    external-dns.alpha.kubernetes.io/hostname: services.kubeoncloud.com, ums.kubeoncloud.com       
+```
+
+## Step-07: Deploy Manifests
+```
+# Deploy
+kubectl apply -f kube-manifests/02-Applications
+
+# Verify
+kubectl get pods
+```
+
+## Step-08: Test
+```
+# Test
+https://ums.kubeoncloud.com/usermgmt/notification-xray
+https://services.kubeoncloud.com/usermgmt/notification-xray
+
+# Your Domain Name
+https://<Replace-your-domain-name>/usermgmt/notification-xray
+```
+
+
+## References
+- https://github.com/aws-samples/aws-xray-kubernetes/
+- https://github.com/aws-samples/aws-xray-kubernetes/blob/master/xray-daemon/xray-k8s-daemonset.yaml
+- https://aws.amazon.com/blogs/compute/application-tracing-on-kubernetes-with-aws-x-ray/
+- https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-configuration.html
+- https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-configuration.html#xray-sdk-java-configuration-plugins
+- https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-httpclients.html
+- https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-filters.html
+- https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk-java-sqlclients.html

13-Microservices-Distributed-Tracing-using-AWS-XRay-on-EKS/README.md

@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: xray-daemon
+  name: xray-daemon
+  namespace: default
+  # Update IAM Role ARN created for X-Ray access
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::180789647333:role/eksctl-eksdemo1-addon-iamserviceaccount-defa-Role1-20F5AWU2J61F
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: xray-daemon
+  namespace: default
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: xray-daemon
+  template:
+    metadata:
+      labels:
+        app: xray-daemon
+    spec:
+      serviceAccountName: xray-daemon
+      volumes:
+        - name: config-volume
+          configMap:
+            name: "xray-config"
+      containers:
+        - name: xray-daemon
+          image: amazon/aws-xray-daemon
+          command: ["/usr/bin/xray", "-c", "/aws/xray/config.yaml"]
+          resources:
+            requests:
+              cpu: 256m
+              memory: 32Mi
+            limits:
+              cpu: 512m
+              memory: 64Mi
+          ports:
+            - name: xray-ingest
+              containerPort: 2000
+              hostPort: 2000
+              protocol: UDP
+            - name: xray-tcp
+              containerPort: 2000
+              hostPort: 2000
+              protocol: TCP
+          volumeMounts:
+            - name: config-volume
+              mountPath: /aws/xray
+              readOnly: true
+---
+# Configuration for AWS X-Ray daemon
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: xray-config
+  namespace: default
+data:
+  config.yaml: |-
+    TotalBufferSizeMB: 24
+    Socket:
+      UDPAddress: "0.0.0.0:2000"
+      TCPAddress: "0.0.0.0:2000"
+    Version: 2
+---
+# k8s service definition for AWS X-Ray daemon headless service
+apiVersion: v1
+kind: Service
+metadata:
+  name: xray-service
+  namespace: default
+spec:
+  selector:
+    app: xray-daemon
+  clusterIP: None
+  ports:
+    - name: xray-ingest
+      port: 2000
+      protocol: UDP
+    - name: xray-tcp
+      port: 2000
+      protocol: TCP

13-Microservices-Distributed-Tracing-using-AWS-XRay-on-EKS/kube-manifests/01-XRay-DaemonSet/.DS_Store

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  type: ExternalName
+  externalName: usermgmtdb.cxojydmxwly6.us-east-1.rds.amazonaws.com

13-Microservices-Distributed-Tracing-using-AWS-XRay-on-EKS/kube-manifests/01-XRay-DaemonSet/xray-k8s-daemonset.yml

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: usermgmt-microservice
+  labels:
+    app: usermgmt-restapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: usermgmt-restapp
+  template:
+    metadata:
+      labels:
+        app: usermgmt-restapp
+    spec:
+      initContainers:
+        - name: init-db
+          image: busybox:1.31
+          command: ['sh', '-c', 'echo -e "Checking for the availability of MySQL Server deployment"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL DB Server has started";']
+      containers:
+        - name: usermgmt-restapp
+          image: stacksimplify/kube-usermanagement-microservice:3.0.0-AWS-XRay-MySQLDB
+          ports:
+            - containerPort: 8095
+          imagePullPolicy: Always            
+          env:
+            - name: DB_HOSTNAME
+              value: "mysql"
+            - name: DB_PORT
+              value: "3306"
+            - name: DB_NAME
+              value: "usermgmt"
+            - name: DB_USERNAME
+              value: "dbadmin"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-db-password
+                  key: db-password
+            - name: NOTIFICATION_SERVICE_HOST
+              value: "notification-clusterip-service"
+            - name: NOTIFICATION_SERVICE_PORT
+              value: "8096"    
+            - name: AWS_XRAY_TRACING_NAME 
+              value: "User-Management-Microservice"                
+            - name: AWS_XRAY_DAEMON_ADDRESS
+              value: "xray-service.default:2000"    
+            - name: AWS_XRAY_CONTEXT_MISSING 
+              value: "LOG_ERROR"  # Log an error and continue, Ideally RUNTIME_ERROR – Throw a runtime exception which is default option if not configured                                            
+          livenessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - nc -z localhost 8095
+            initialDelaySeconds: 60
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /usermgmt/health-status
+              port: 8095
+            initialDelaySeconds: 60
+            periodSeconds: 10          
+---
+# Kubernetes Secrets
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysql-db-password
+#type: Opaque means that from kubernetes's point of view the contents of this Secret is unstructured, it can contain arbitrary key-value pairs. In contrast, there is the Secret storing ServiceAccount credentials, or the ones used as ImagePullSecret . These have a constrained contents.
+type: Opaque
+data:
+  # Output of echo -n 'dbpassword11' | base64
+  db-password: ZGJwYXNzd29yZDEx
+

13-Microservices-Distributed-Tracing-using-AWS-XRay-on-EKS/kube-manifests/02-Applications/01-MySQL-externalName-Service.yml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: usermgmt-restapp-nodeport-service
+  labels:
+    app: usermgmt-restapp
+  annotations:
+  #Important Note:  Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer  
+    alb.ingress.kubernetes.io/healthcheck-path: /usermgmt/health-status
+spec:
+  type: NodePort
+  selector:
+    app: usermgmt-restapp
+  ports:
+  - port: 8095
+    targetPort: 8095