github.com/docker/compose-on-kubernetes@v0.5.0/docs/install-on-eks.md

github.com/docker/compose-on-kubernetes@v0.5.0/docs/install-on-eks.md (about)

     1  # Install on Amazon EKS
     2  
     3  ## Pre-requisites
     4  - To install Compose on Kubernetes on Amazon EKS, you must create an EKS cluster.
     5  - To install etcd using these instructions, you must have [Helm](https://helm.sh) in your client environment.
     6  - [Download the Compose on Kubernetes installer](https://github.com/docker/compose-on-kubernetes/releases).
     7  
     8  ## Create compose namespace
     9  
    10  Just run `kubectl create namespace compose`.
    11  
    12  ## Deploy etcd
    13  
    14  Compose on Kubernetes requires an etcd instance (in addition to the kube-system etcd instance). Please follow [How to deploy etcd](./deploy-etcd.md).
    15  
    16  ## Deploy Compose on Kubernetes
    17  
    18  Run `installer-[darwin|linux|windows.exe] -namespace=compose -etcd-servers=http://compose-etcd-client:2379`.
    19  
    20  **Note: To setup Mutual TLS with the etcd instance, you can use `etcd-ca-file`, `etcd-key-file` and `etcd-cert-file` flags.**
    21  
    22  ## Deploy a stack in the cluster
    23  
    24  By now you should be able to [Check that Compose on Kubernetes is installed](../README.md#check-that-compose-on-kubernetes-is-installed) and [Deploy a stack](../README.md#deploy-a-stack).
    25  
    26  Then when listing resources with `kubectl get svc` you should see something like:
    27  ``` 
    28  NAME            TYPE           CLUSTER-IP       EXTERNAL-IP                                                                  PORT(S)           AGE
    29  db              ClusterIP      None             <none>                                                                       55555/TCP         4m51s
    30  kubernetes      ClusterIP      10.100.0.1       <none>                                                                       443/TCP           27m
    31  web             ClusterIP      None             <none>                                                                       55555/TCP         4m51s
    32  web-published   LoadBalancer   10.100.130.153   ad0884309cd8a11e98ccc0246f5f7bb0-1039555521.eu-central-1.elb.amazonaws.com   33000:30123/TCP   4m51s
    33  words           ClusterIP      None             <none>                                                                       55555/TCP         4m51s
    34  ```
    35  
    36  To access our example web application, open a browser and go to `<LoadBalancer external-ip>:33000`.
    37  
    38  ## Optional: use kubernetes service proxy
    39  ** This step is required to run e2e tests against EKS **
    40  
    41  Kubernetes API allows accessing a service from client over an authenticated channel by proxying communication. End-2-end
    42  tests do rely 
    43  
    44  ```
    45  +----------+    +---------------+                   +-----------------------+     +---------------+    +----------+
    46  |   curl   | -> | kubectl proxy | ====[tunnel]====> | kubernetes API server | --> |  kube proxy   | -> | service  |  
    47  | (client) |    |               |  (authenticated)  |    (control plane)    | (*) | (worker node) |    | (tcp:80) |
    48  +----------+    +---------------+                   +-----------------------+     +---------------+    +----------+
    49  ```
    50  With default setup, EKS cluster is created with network security group to block communication (*) between Kubernetes control 
    51  plane and worker nodes on privileged ports (<1024)). For e2e tests to run, or rely on API server proxy for other use
    52   cases, you'll need to lower EKS network security (details [here](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)).
    53