User Guide How to Use Payara Micro with Kubernetes via Amazon Web Services EKS The Payara® Platform - Production-Ready, Cloud Native and Aggressively Compatible. How to Use Payara Micro with Kubernetes via Amazon Web Services EKS Contents Amazon Web Services Elastic Kubernetes Service (EKS) 2 Requirements 2 AWS Account Setup 3 Creating the Kubernetes Cluster 6 Payara Micro Sample Application 8 Preparing our Docker Image 15 Preparing the Kubernetes Cluster for Payara Micro 18 Provision the Kubernetes Cluster with a new Deployment and Service 19 Testing the Sample Application in a Cluster 25 Summary 29 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS Kubernetes has become the de-facto solution for container orchestration in the cloud. Kubernetes is a complex tool designed for operating hybrid platforms. If you intend to deploy a Payara Micro Kubernetes cluster using a cloud provider you have to follow specific instructions for the provider of your choice (Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc.) as they all have separate implementation mechanisms for provisioning new clusters. The purpose of this guide is to showcase how to create a new Kubernetes cluster in Amazon Web Services and to set up a deploy- ment using a sample WAR application running on Payara Micro. The contents of this guide will cover: • What is AWS Elastic Kubernetes Service (EKS)? • Requirements for how to set up your environment • How to setup your AWS account • Creating the Kubernetes cluster • The structure of the Payara Micro sample application • How to prepare the Docker image to deploy in the cluster • Provision your Kubernetes cluster with a new Deployment • Testing the application in the cluster You can also watch our video tutorial for this guide on YouTube: 1 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS Amazon Web Services Elastic Kubernetes Service (EKS) The Amazon Web Services infrastructure offers a special service called the Elastic Kubernetes Service (EKS) that allows users to easily create and manage the lifecycle of a Kubernetes cluster in the AWS infrastructure without the need for maintaining the control plane components of the clus- ter. One of the main advantages of this service is that the health and availability of the Kubernetes control plane is guaranteed by it, lifting the burden off the back of the users. EKS will create a con- trol plane for each Kubernetes cluster in a specific AWS region. The EKS service doesn’t operate by itself in maintaining the cluster, though; the following AWS services are used in conjunction with it: • Amazon EC2 which manages the nodes of the Kubernetes cluster as virtual instances, with its corresponding security groups and corresponding AMIs used to provision the contents of each node. • Amazon VPC which manages the networking aspects of the cluster, policies to restrict traffic between the nodes of the cluster and the control plane. Along with this, policies for role based authorization are placed to isolate the cluster from unwanted access. • Amazon Elastic Load Balancing, for distributing the load of requests received by the cluster. • Identity and Access Management (IAM), for authentication provided to administrators and other users. • Amazon CloudFormation, to maintain template stacks used to create and maintain the state of the cluster as intended. Requirements In order to set up your first cluster using Amazon EKS you will first be required to install the following tools in your local machine: • The Amazon Web Services command-line interface (aws-cli). You can read more informa- tion about how to install this tool for your Operating System here. • Have Docker installed locally on your machine. • The kubetcl command-line utility which will allow you to interact with the Kubernetes cluster. There are multiple ways to install this tool: • For Windows and macOS environments, the utility will be included when installing either Docker Desktop or Minikube. I personally recommend using Docker Desktop since it provides both Docker and Kubernetes management tools with one installation. • For most environments, you can install the utility directly using either a package man- ager (apt/yum/snap for Linux, Brew for macOS, Chocolatey for Windows), or download the utility directly to your local machine as well. Both alternatives are documented here. 2 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS AWS Account Setup In order to create and interact with the cluster, you will have to set up an Amazon Web Service user account locally on your machine to be used with the command-line utilities. Although you can use your personal account, it is a recommended practice to set up a different user account with limited permissions in case it gets compromised. This account should be used for programmatic access to the AWS API services via the command line interface exclusively. To create this account, log in to your personal AWS account and head to the Identity and Access Management (IAM) service and proceed to create a new user under the Users option. Hit the Add User button and provide the following data: Hit the Next:Permissions button and in the following screen set the permissions for the account. You’ll have to head to the Attach existing policies directly tab and then use the search input to add the following policies: • AdministratorAccess • AmazonEKSClusterPolicy • AmazonEKSServicePolicy 3 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS Hit the Next:Tags button and in the following screen leave the tag input fields blank. Proceed to the review screen and review that the user’s settings are correct: To finish the process, hit theCreate user button. The user account will be created. Take special attention to the credentials that are listed in the table for the user, Access key ID, and Secret access 4 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS key. You will use these credentials to set up the account’s programmatic access for the AWS com- mand-line interface. Click the Show link to display the secret access key: The secret access key will only be available for display on the result screens for the user creation. Once you close this screen, you will not be able to get this key anywhere within the administration console. This is by design in order to protect this key. If you forget it, you will have to create a new set of credentials, which is outside the scope of this guide. With the user account created, the following step will be to configure the AWS command-line utility to use these credentials. To do this, run the aws configure command. You will be requested the access ID and key, a default AWS region, and the default output format: $ aws configure AWS Access Key ID [none]: AKIAWO5SNRHVGXWZDRXS AWS Secret Access Key [none]: ----------------------------------- Default region name [none]: us-west-2 Default output format [none]: json 5 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS With this, your command-line interface is ready to remotely interact with the EKS service. Creating the Kubernetes Cluster The first and most important step on provisioning our Kubernetes cluster will be to create it. To quickly create a new Kubernetes cluster, we will use the eksctl create cluster command and we will use the following initial arguments: • Cluster Name • Version • Starting number of nodes • The region where the cluster nodes will be hosted • Type of EC2 instances used to create the cluster nodes. With the following command, we will create a new cluster with 3 nodes all living in the us-west-2 region. All three nodes will be created using t2-medium sized EC2 instances (2 vCPUs and 4 GB of RAM which should be enough for each node to host multiple pods): $ eksctl create cluster --name demo-cluster --version 1.11 --nodes 3 --region us-west-2 --node-type t2.medium using region us-west-2 setting availability zones to [us-west-2a us-west-2b us-west-2c] subnets for us-west-2a - public:192.168.0.0/19 private:192.168.96.0/19 subnets for us-west-2b - public:192.168.32.0/19 private:192.168.128.0/19 subnets for us-west-2c - public:192.168.64.0/19 private:192.168.160.0/19 nodegroup "ng-223fb37a" will use "ami-057d1c0dcb254a878" [AmazonLinux2/1.11] using Kubernetes version 1.11 creating EKS cluster "demo-cluster" in "us-west-2" region will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --name=demo-cluster' 2 sequential tasks: { create cluster control plane "demo-cluster", create nodegroup "ng-223fb37a" } building cluster stack "eksctl-demo-cluster-cluster" deploying stack "eksctl-demo-cluster-cluster" building nodegroup stack "eksctl-demo-cluster-nodegroup-ng-223fb37a" --nodes-min=3 was set automatically for nodegroup ng-223fb37a 6 How to Use Payara Micro with Kubernetes via Amazon Web Services EKS --nodes-max=3 was set automatically for nodegroup ng-223fb37a deploying stack "eksctl-demo-cluster-nodegroup-ng-223fb37a" all EKS cluster resource for "demo-cluster" had been created saved kubeconfig as "~/.kube/config" adding role "arn:aws:iam::444366424554:role/eksctl-demo-cluster-nodegroup-ng- NodeInstanceRole-D0W6INN7UAMA" to auth ConfigMap nodegroup "ng-223fb37a" has 0 node(s) waiting for at least 3 node(s) to become ready in "ng-223fb37a" nodegroup "ng-223fb37a" has 3 node(s) node "ip-192-168-19-140.us-west-2.compute.internal" is ready node "ip-192-168-40-33.us-west-2.compute.internal" is ready node "ip-192-168-79-238.us-west-2.compute.internal" is ready kubectl command should work with "~/.kube/config", try 'kubectl get nodes' EKS cluster "demo-cluster" in "us-west-2" region is ready Kubernetes Version For this example the version of the Kubernetes cluster being created is 1.11.