Master the basics of AWS EKS and GitLab CI/CD with 99% J-type engineers

Self-introduction

hello.

My name is Meiko and I am the creator of the first lecture on DevOps, infrastructure, and cloud.

Currently, we are working on building, managing, and operating an environment for deploying actual services in a cloud-native environment integrated with EKS clusters and Gitlab, as well as establishing a work request integration plan in preparation for expanding the DevOps organization and automating the platform engineering aspect. I am doing it.

Lecture Notes (The fastest way to understand a technology is to implement it yourself)

I will minimize the explanations except for the core theories I think, and focus on practical exercises.

Rather than simply providing recipes, we've prepared this lecture to help you understand the essence of infrastructure structure and operational flow as easily as possible, based on personally created architecture diagrams and sequence diagrams.

EKS provisioning focuses on configuration based on the EKS Best Practices document .

If you don't have knowledge or practical experience with AWS, K8S, Git, and Docker, it can be a bit daunting.

Additionally, since the training is conducted through AWS services, charges will inevitably be incurred.

Please be sure to watch the lecture introduction video before deciding whether to take the course.

We provide a custom Notion template to help you take the course.

There are many things to install and prepare before the practice, such as installing various CLI tools, purchasing Gitlab, Slack, DB, and domain, and there will be a lot to cover.
So! As someone with a Power J personality, I've prepared a Notion template to help you navigate the course!

Please copy each template and use it privately.

(Refer to lecture materials)

Take the lecture with the template above and organize it once to plan your infrastructure work!

And I recommend that you organize it on your own personal blog later and create your own knowledge.

We have prepared the AWS infrastructure so that you can build it by completing the corresponding tickets that specify the level of preparation required before proceeding with the practical training while watching the lecture.

Practice sequence

1. We will proceed with installing and setting up the essential tools required for the practice.

2. Quickly provision AWS Elastic Kubernetes Service (EKS) clusters and required AWS services by executing yaml files provided with the eksctl command. We are conducting a practical training.

   1. Creating in the AWS console has been minimized.

3. Learn core commands such as kubectl, helm, and aws-cli and proceed with essential settings for the cluster.

4. Gitlab Pipeline Custom

   1. Gitlab Runner (using shared runner)

   2. Gitlab AutoDevOps

   3. Gitlab AutoDeploy Image

   4. Gitlab Kubernetes Agent

5. Deploy the NestJS project to EKS directly provisioned through the Gitlab Pipeline configured in step 4.

6. Hands-on training on handling environment variables with enhanced security through IRSA and AWS Secrets Manager in a NestJS project.

   
   

First, let's deploy basic settings and essential open source projects ( Loki, Grafana, Prometheus, Istio, etc. ) directly to the cluster. Then, if you proceed with the concept and practice of IAC such as Ansible or Terraform , you will understand why it is convenient and why it is used. (If this lecture is successful(?), I plan to continue creating in-depth follow-up lectures.)

Send Pipeline monitoring notifications to Slack

AWS services you can use

Architecture diagram

Pipeline flow

In addition to building an EKS cluster and pipeline as above, we will also configure important monitoring in a Kubernetes environment, how to inject IAM in Kubernetes, and look at traffic flow.

After attending the lecture, you will have a deep understanding of the DevOps workflow.

What is not covered in this lecture

In order to achieve the goal of this lecture, which is to configure a cluster with a good structure and set up the essential settings before the operation stage, we will not cover the AutoScaling settings, backup strategies, HPA configuration and operation principles, and application load testing required in actual operation, and will cover them in the next in-depth lecture.

It also doesn't use Terraform or Ansible, which are IACs required for infrastructure provisioning and configuration settings.

Finally, due to cost considerations and the complexity of the training, we do not use the following AWS services. While some are inexpensive, we have considered only the most essential services.

1. It would be correct to place the Bastion-Host (EC2) in a public subnet and access the cluster through SSH to the instance, but since we are focusing on infrastructure configuration, we decided that it is unnecessary and did not configure it, so we proceed by sending a request to the API Server in the cluster Control Plane through IAM locally.

2. DB does not use RDS, but uses a free DB (Postgres) provided by Superbase.

   1. We will practice creating a single Secret in AWS Secrets Manager, not in env, for this DB endpoint information, and then receiving and using the value when the application pod starts.

3. The registry also uses Gitlab Registry instead of ECR.

Learn about these things

Things to note before taking the course