Complete Aws Eks Masterclass (Best Practices) In 2022

Learn AWS EKS Best Practices using Handson (Helm, Ingress Controller SSL Termination, RBAC, IRSA, CA, HPA, Monitoring)

What you'll learn

how to setup K8s dashboard with RBAC

how to monitor K8s cluster and apps using Prometheus and Grafana

how to configure SSL Termination at AWS ELB created by ingress controller using k8s service YAML

how to authenticate and authorize AWS IAM users to AWS EKS cluster using aws-iam-authenticator, aws-auth ConfigMap, and RBAC (Role Based Access Control) aka ClusterRoleBinding

how to authorize Pods to AWS resources by creating pod-level IAM permission using IRSA (IAM Role for Service Account)

how to scale EKS worker nodes automatically using CA (Cluster Autoscaler using IRSA) and how to stress test it

how to scale pods automatically using HPA (horizontal pod autoscaler) and how to stress test it

why you shouldn't use eksctl managed worker nodes in production

why you should be careful when using EKS's default AWS-VPC-CNI plugin, because Pod IP pool gets exhausted based on EC2 instance type

Requirements

you have decent knowledge of AWS (EC2, VPC, subnet, load balancer, IAM, etc)

you have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)

you have development experience in Kubernetes YAML resources

Description

*Updated the course material on Nov 17th 2022If I summarize this course in one sentence?Learn production-proof AWS EKS Best Practices using Handson concepts and labs (e.g. Helm, Dashboard, Ingress, SSL Termination, AWS ELB Logging, RBAC, IRSA, CA, HPA, Monitoring).☆Please check preview videos to see if this course is really for you☆Are you one of the below?You want to learn how to use managed Kubernetes cluster on AWS EKSYou feel overwhelmed and don't know where to start with AWS EKSYou learned Kubernetes with minikube but don't know how to deploy K8s cluster on AWSYou want to know production-ready AWS EKS best Practices such as SSL Termination at AWS ELB, RBAC (Role Based Access Control), IRSA (IAM Role for Service Account), CA (Cluster Autoscaler using IRSA)You want to be able to configure SSL for AWS ELB using K8s ingress controllerYou want to be able to give right permissions to AWS IAM users in K8s cluster using ClusterRoleBinding (RBAC: Role Based Access Control)You don't know how pod-level AWS IAM authentication (IRSA: IAM Role for Service Account) worksYou want to learn how to monitor K8s apps using Prometheus and GrafanaWho should take this courseyou have decent knowledge of AWS (EC2, VPC, subnet, load balancer, IAM, etc)you have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)you don't know how to go about learning Kubernetes on AWSyou have development experience in Kubernetes YAML resourcesyou want to learn about production-ready best practices for AWS EKS regarding security, monitoring, scaling, and performanceyou want to learn ins and outs of AWS EKS from a cloud DevOps working at an US company in SFyou want to improve your AWS EKS knowledge and skillswho should NOT need to take this courseyou already know a lot of AWS EKSyou are not planning on using Kuberenetes on AWSyou have never used AWS (EC2, VPC, subnet, load balancer, IAM, etc) beforeyou have never deployed pods in Kubernetes cluster In this course, you will learn various aspects of AWS EKS best practices such as:how to setup K8s dashboard with RBAChow to monitor K8s cluster and apps using Prometheus and Grafanahow to configure SSL Termination at AWS ELB created by ingress controller using k8s service YAMLhow to authenticate and authorize AWS IAM users to AWS EKS cluster using aws-iam-authenticator, aws-auth ConfigMap, and RBAC (Role Based Access Control) aka ClusterRoleBindinghow to authorize Pods to AWS resources by creating pod-level IAM permission using IRSA (IAM Role for Service Account)how to scale EKS worker nodes automatically using CA (Cluster Autoscaler using IRSA) and how to stress test ithow to scale pods automatically using HPA (horizontal pod autoscaler) and how to stress test itwhy you shouldn't use eksctl managed worker nodes in productionwhy you should be careful when using EKS's default AWS-VPC-CNI plugin, because Pod IP pool gets exhausted based on EC2 instance type6 Reasons why you should take this course:1. Instructed by a cloud DevOps engineer (with CKA and certified AWS DevOps pro) working at US company in SFI have been pretty handson with Kubernetes, AWS, and AWS EKS. With 6.5+ industry experience in both North America and Europe, I breakdown and explain hard concepts using diagrams2. Abstract Concepts Explained with DiagramsYou usually don't find a solution in multiple languages. Catered for Java backend developers and Python developers. Also beneficial if you know one of them but also want to learn the other.3. Updated Knowledge about AWS EKS in 2020Some of the tools (such as kube2iam for pod-level IAM permissions) are outdated. I will demonstrate 2020-updated version of tools and concepts.4. A Little Detail Matters in ProductionWhen setting up AWS EKS cluster for production, you need to pay lots of attentions to security, reliability, and resilience. I have included how to secure HTTP connection to AWS ELB, how to enable AWS ELB access logs, how to configure pod-level IAM permission using IRSA, how to authorize AWS IAM users to K8s cluster using RBAC, how to setup CA with IRSAetc5. Tons of handson!I won't bore you with dry lectures. Instead every concepts are paired with handson demo.6. Entire course under SIX HOURSI tried to make this course compact and concise so students can learn the concepts and handson skills in shorted amount of time, because I know a life of software engineer is already pretty busy :)My background & Education & Career experienceCloud DevOps Software Engineer with 6.5+ years experienceBachelor of Science in Computing Science from a Canadian universityKnows Java, C#, C++, Bash, Python, JavaScript, Terraform, IaCExpert in AWS (holds AWS DevOps Professional certification) and Kubernetes (holds Certified Kubernetes Administrator, CKA)I will see you inside!

Overview

Section 1: Introduction

Lecture 1 6 Reasons Why You Should Take this Course!

Lecture 2 Instructor's background & career experiences

Section 2: Kubernetes Overview

Lecture 3 Download course material

Lecture 4 Kubernetes Master Worker Architecture

Lecture 5 K8s Master Node (Control Plane) Overview

Lecture 6 K8s Worker Node (Data Plane) Overview

Lecture 7 K8s Objects Recap (Pod, Deployment, Service, Ingress, ConfigMap)

Section 3: 2 Setup AWS and EKS

Lecture 8 AWS Setup (Account, IAM user, Access Key, IAM policy)

Lecture 9 TIPS: How to Reduce AWS Billing & Setup Email Alerts

Lecture 10 Install CLIs (aws, aws-iam-authenticator, kubectl, eksctl)

Lecture 11 Create named AWS Profile in ~/.aws/credentials

Lecture 12 Create AWS EKS Cluster using eksctl

Lecture 13 AWS Networking Architecture Recap (VPC, subnets, AZ, etc)

Lecture 14 EKS Console Walkthrough

Section 4: Helm Chart Quick Intro

Lecture 15 Helm Overview (Chart Anatomy)

Lecture 16 Helm Commands Demo (repo, install, upgrade, rollback)

Section 5: Kubernetes Dashboard

Lecture 17 Why Deploying Kubernetes Dashboard

Lecture 18 Step 1: Install Metrics Server

Lecture 19 Step 2: Install K8s Dashboard v2

Lecture 20 Step 3: Create RBAC (Role-Based Authorization) for Dashboard and Log in

Lecture 21 K8s Dashboard Walkthrough (namespace, logs, exec into shell)

Section 6: Deploy Sample App (Guestbook App)

Lecture 22 Deploy Pods and Services and Access Externally (public AWS ELB)

Lecture 23 Guestbook App Architecture (AWS & K8s) Explained

Section 7: Expose App using Ingress (L7 Load Balancer)

Lecture 24 Why Ingress instead of Service of type LoadBalancer?

Lecture 25 Install Nginx Ingress Controller using Helm Chart

Lecture 26 Create Ingress Resource YAML for L7 HTTP (path/host) Load Balancing

Lecture 27 Enable SSL Termination at AWS ELB by Provisioning SSL Self-Signed Cert

Lecture 28 How to Fix "400 Bad Request: Plain HTTP request was send to HTTPS port"

Lecture 29 Enable AWS ELB Access Log (S3 Bucket, Bucket Policy, K8s Service YAML)

Lecture 30 Limitations with Nginx Ingress Controller (Why Istio Service Mesh is Awesome)

Lecture 31 Recap of Ingress Controller, SSL, Istio Service Mesh

Section 8: Authentication and Authorization (K8s RBAC）

Lecture 32 AWS User Authentication & Authorization in K8s (aws-auth ConfigMap)

Lecture 33 AWS IAM User Authentication in K8s Process Breakdown (aws-iam-authenticator)

Lecture 34 Kubeconfig and aws-auth ConfigMap for Authorization

Lecture 35 Create new AWS IAM user

Lecture 36 Allow AWS IAM user to K8s Cluster as K8s Admin (ANTI-PATTERN!)

Lecture 37 Restrict K8s User Access by RBAC (ClusterRoleBinding)

Lecture 38 Restrict AWS User Access by Binding them to ClusterRole in aws-auth ConfigMap

Lecture 39 Recap of Authentication and Authorization in K8s Cluster for AWS IAM User & Role

Section 9: Monitoring with Prometheus and Grafana

Lecture 40 Install Prometheus using Helm Chart

Lecture 41 Install Grafana using Helm Chart (Dashboard Walkthrough)

Section 10: EKS Control Plane Logging

Lecture 42 Enable K8s Control Plane Loggings (api server, authenticator, control manager)

Section 11: (ADVANCED) Pod-Level AWS Authorization: IRSA (IAM Role for Service Account)

Lecture 43 Pod Authentication & Authorization in K8s using ServviceAccount and ClusterRole

Lecture 44 Pod Authorization to AWS using EC2 Instance Profile's IAM Role (ANTI-PATTERN)

Lecture 45 IRSA Architecture Diagram Overview Explained

Lecture 46 Step 1: Create AWS IAM Assumable Role specifying K8s Namespace & ServiceAccount

Lecture 47 Step 2: Annotate K8s ServiceAccount with AWS IAM Role ARN

Lecture 48 Step 3: Create a Pod YAML using IRSA ServiceAccount

Lecture 49 Step 4: Block Access to EC2 Instance Metadata using iptables command

Section 12: Cluster Autoscaler (CA) for EKS Worker Nodes Autoscaling

Lecture 50 Cluster Autoscaler Overview

Lecture 51 Step 1: Add Tags to AWS ASG (AutoScalingGroup)

Lecture 52 Step 2: Add IAM Permissions to ClusterAutoscaler Pod using IRSA

Lecture 53 Step 3: Install ClusterAutoscaler using Helm Chart

Lecture 54 Stress Test and Debug ClusterAutoscaler

Lecture 55 Limitations with eksctl Managed Worker Nodes

Section 13: Horizontal Pod Autoscaler (HPA) for Pod Autoscaling

Lecture 56 Horizontal Pod Autoscaler Overview

Lecture 57 Step 1: Install Metrics Server

Lecture 58 Step 2: Add Resource Request and Limit in Pod YAML

Lecture 59 Step 3: Create Horizontal Pod Autoscaler object

Lecture 60 Stress Test HPA

Section 14: Limitations with EKS's AWS-Default-VPC CNI

Lecture 61 AWS-VPC-CNI's Limitations with Pod IP Pools based in EC2 Instance Type

Section 15: Limitations with eksctl Managed Worker Nodes

Lecture 62 eksctl Managed Nodes Downside (can't use userdata script, taint, label)

Section 16: Cleanup

Lecture 63 Cleanup (eksctl delete cluster)

Section 17: BONUS

Lecture 64 Connect with me

You want to learn how to use managed Kubernetes cluster on AWS EKS,You feel overwhelmed and don't know where to start with AWS EKS,You want to know production-ready AWS EKS best Practices such as SSL Termination at AWS ELB, RBAC (Role Based Access Control), IRSA (IAM Role for Service Account), CA (Cluster Autoscaler using IRSA),You want to be able to configure SSL for AWS ELB using K8s ingress controller,You want to be able to give right permissions to AWS IAM users in K8s cluster using ClusterRoleBinding (RBAC: Role Based Access Control),You don't know how pod-level AWS IAM authentication (IRSA: IAM Role for Service Account) works,You want to learn how to monitor K8s apps using Prometheus and Grafana