• Stars
    star
    562
  • Rank 79,281 (Top 2 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Day in Java Developer’s Life, with a taste of Kubernetes

A Day in Java Developer’s Life, with a taste of Kubernetes

Deploying your Java application in a Kubernetes cluster could feel like Alice in Wonderland. You keep going down the rabbit hole and don’t know how to make that ride comfortable. This repository explains how a Java application can be deployed, tested, debugged and monitored in Kubernetes. In addition, it also talks about canary deployment and deployment pipeline.

A comprehensive hands-on course explaining these concepts is available at https://www.linkedin.com/learning/kubernetes-for-java-developers.

Application

We will use a simple Java application built using Spring Boot. The application publishes a REST endpoint that can be invoked at http://{host}:{port}/hello.

The source code is in the app directory.

Build and Test using Maven

  1. Run application:

    cd app
    mvn spring-boot:run
  2. Test application

    curl http://localhost:8080/hello

Build and Test using Docker

Build Docker Image using multi-stage Dockerfile

  1. Create m2.tar.gz:

    mvn -Dmaven.repo.local=./m2 clean package
    tar cvf m2.tar.gz ./m2
  2. Create Docker image:

    docker image build -t arungupta/greeting .

    Explain multi-stage Dockerfile.

Build Docker Image using Jib

  1. Create Docker image:

    mvn compile jib:build -Pjib

The benefits of using Jib over a multi-stage Dockerfile build include:

  • Don’t need to install Docker or run a Docker daemon

  • Don’t need to write a Dockerfile or build the archive of m2 dependencies

  • Much faster

  • Builds reproducibly

The above builds directly to your Docker registry. Alternatively, Jib can also build to a Docker daemon:

mvn compile jib:dockerBuild -Pjib -Ddocker.name=arungupta/greeting

Test built container using Docker

  1. Run container:

    docker container run --name greeting -p 8080:8080 -d arungupta/greeting
  2. Access application:

    curl http://localhost:8080/hello
  3. Remove container:

    docker container rm -f greeting

Minimal Docker Image using Custom JRE

  1. Download JDK 11 and scp to an Amazon Linux instance

  2. Install JDK 11:

    sudo yum install jdk-11.0.1_linux-x64_bin.rpm
  3. Create a custom JRE for the Spring Boot application:

    cp target/app.war target/app.jar
    jlink \
    	--output myjre \
    	--add-modules $(jdeps --print-module-deps target/app.jar),\
    	java.xml,jdk.unsupported,java.sql,java.naming,java.desktop,\
    	java.management,java.security.jgss,java.instrument
  4. Build Docker image using this custom JRE:

    docker image build --file Dockerfile.jre -t arungupta/greeting:jre-slim .
  5. List the Docker images and show the difference in sizes:

    [ec2-user@ip-172-31-21-7 app]$ docker image ls | grep greeting
    arungupta/greeting   jre-slim            9eed25582f36        6 seconds ago       162MB
    arungupta/greeting   latest              1b7c061dad60        10 hours ago        490MB
  6. Run the container:

    docker container run -d -p 8080:8080 arungupta/greeting:jre-slim
  7. Access the application:

    curl http://localhost:8080/hello

Build and Test using Kubernetes

A single node Kubernetes cluster can be easily created on a development machine using Minikube, MicroK8s, KIND, and Docker for Mac. Read on why using these local development environments does not truly represent your prod cluster.

This tutorial will use Docker for Mac.

  1. Ensure that Kubernetes is enabled in Docker for Mac

  2. Show the list of contexts:

    kubectl config get-contexts
  3. Configure kubectl CLI for Kubernetes cluster

    kubectl config use-context docker-for-desktop
  4. Install the Helm CLI:

    brew install kubernetes-helm

    If Helm CLI is already installed then use brew upgrade kubernetes-helm.

  5. Check Helm version:

    helm version
  6. Install Helm in Kubernetes cluster:

    helm init

    If Helm has already been initialized on the cluster, then you may have to upgrade Tiller:

    helm init --upgrade
  7. Install the Helm chart:

    cd ..
    helm install --name myapp manifests/myapp
  8. Check that the pod is running:

    kubectl get pods
  9. Check that the service is up:

    kubectl get svc
  10. Access the application:

    curl http://$(kubectl get svc/myapp-greeting \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):8080/hello

Debug Docker and Kubernetes using IntelliJ

You can debug a Docker container and a Kubernetes Pod if they’re running locally on your machine.

Debug using Kubernetes

This was tested using Docker for Mac/Kubernetes. Use the previously deployed Helm chart.

  1. Show service:

    kubectl get svc
    NAME               TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                         AGE
    greeting-service   LoadBalancer   10.101.39.100    <pending>     80:30854/TCP                    8m
    kubernetes         ClusterIP      10.96.0.1        <none>        443/TCP                         90d
    myapp-greeting     LoadBalancer   10.108.104.178   localhost     8080:32189/TCP,5005:31117/TCP   4s

    Highlight the debug port is also forwarded.

  2. In IntelliJ, Run, Debug, Remote:

    docker debug1
  3. Click on Debug, setup a breakpoint in the class:

    docker debug2
  4. Access the application:

    curl http://$(kubectl get svc/myapp-greeting \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):8080/hello
  5. Show the breakpoint hit in IntelliJ:

    docker debug3
  6. Delete the Helm chart:

    helm delete --purge myapp

Debug using Docker

This was tested using Docker for Mac.

  1. Run container:

    docker container run --name greeting -p 8080:8080 -p 5005:5005 -d arungupta/greeting
  2. Check container:

    $ docker container ls -a
    CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                                            NAMES
    724313157e3c        arungupta/greeting   "java -jar app-swarm…"   3 seconds ago       Up 2 seconds        0.0.0.0:5005->5005/tcp, 0.0.0.0:8080->8080/tcp   greeting
  3. Setup breakpoint as explained above.

  4. Access the application using curl http://localhost:8080/resources/greeting.

Kubernetes Cluster on AWS

This application will be deployed to an Amazon EKS cluster. If you’re looking for a self-paced workshop that provide detailed instructions to get you started with EKS then eksworkshop.com is your place.

Let’s create the cluster first.

  1. Install eksctl CLI:

    brew install weaveworks/tap/eksctl
  2. Create EKS cluster:

    eksctl create cluster --name myeks --nodes 4 --region us-west-2
    2018-10-25T13:45:38+02:00 [ℹ]  setting availability zones to [us-west-2a us-west-2c us-west-2b]
    2018-10-25T13:45:39+02:00 [ℹ]  using "ami-0a54c984b9f908c81" for nodes
    2018-10-25T13:45:39+02:00 [ℹ]  creating EKS cluster "myeks" in "us-west-2" region
    2018-10-25T13:45:39+02:00 [ℹ]  will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
    2018-10-25T13:45:39+02:00 [ℹ]  if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-west-2 --name=myeks'
    2018-10-25T13:45:39+02:00 [ℹ]  creating cluster stack "eksctl-myeks-cluster"
    2018-10-25T13:57:33+02:00 [ℹ]  creating nodegroup stack "eksctl-myeks-nodegroup-0"
    2018-10-25T14:01:18+02:00 [✔]  all EKS cluster resource for "myeks" had been created
    2018-10-25T14:01:18+02:00 [✔]  saved kubeconfig as "/Users/argu/.kube/config"
    2018-10-25T14:01:19+02:00 [ℹ]  the cluster has 0 nodes
    2018-10-25T14:01:19+02:00 [ℹ]  waiting for at least 4 nodes to become ready
    2018-10-25T14:01:50+02:00 [ℹ]  the cluster has 4 nodes
    2018-10-25T14:01:50+02:00 [ℹ]  node "ip-192-168-161-180.us-west-2.compute.internal" is ready
    2018-10-25T14:01:50+02:00 [ℹ]  node "ip-192-168-214-48.us-west-2.compute.internal" is ready
    2018-10-25T14:01:50+02:00 [ℹ]  node "ip-192-168-75-44.us-west-2.compute.internal" is ready
    2018-10-25T14:01:50+02:00 [ℹ]  node "ip-192-168-82-236.us-west-2.compute.internal" is ready
    2018-10-25T14:01:52+02:00 [ℹ]  kubectl command should work with "/Users/argu/.kube/config", try 'kubectl get nodes'
    2018-10-25T14:01:52+02:00 [✔]  EKS cluster "myeks" in "us-west-2" region is ready
  3. Check the nodes:

    kubectl get nodes
    NAME                                            STATUS   ROLES    AGE   VERSION
    ip-192-168-161-180.us-west-2.compute.internal   Ready    <none>   52s   v1.10.3
    ip-192-168-214-48.us-west-2.compute.internal    Ready    <none>   57s   v1.10.3
    ip-192-168-75-44.us-west-2.compute.internal     Ready    <none>   57s   v1.10.3
    ip-192-168-82-236.us-west-2.compute.internal    Ready    <none>   54s   v1.10.3
  4. Get the list of configs:

    kubectl config get-contexts
    CURRENT   NAME                             CLUSTER                      AUTHINFO                         NAMESPACE
    *         [email protected]   myeks.us-west-2.eksctl.io    [email protected]
              docker-for-desktop               docker-for-desktop-cluster   docker-for-desktop

    As indicated by *, kubectl CLI configuration is updated to the recently created cluster.

Migrate from Dev to Prod

  1. Explicitly set the context:

    kubectl config use-context [email protected]
  2. Install Helm:

    kubectl -n kube-system create sa tiller
    kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
    helm init --service-account tiller
  3. Check the list of pods:

    kubectl get pods -n kube-system
    NAME                            READY   STATUS    RESTARTS   AGE
    aws-node-774jf                  1/1     Running   1          2m
    aws-node-jrf5r                  1/1     Running   0          2m
    aws-node-n46tw                  1/1     Running   0          2m
    aws-node-slgns                  1/1     Running   0          2m
    kube-dns-7cc87d595-5tskv        3/3     Running   0          8m
    kube-proxy-2ghg6                1/1     Running   0          2m
    kube-proxy-hqxwg                1/1     Running   0          2m
    kube-proxy-lrwrr                1/1     Running   0          2m
    kube-proxy-x77tq                1/1     Running   0          2m
    tiller-deploy-895d57dd9-txqk4   1/1     Running   0          15s
  4. Redeploy the application:

    helm install --name myapp manifests/myapp
  5. Get the service:

    kubectl get svc
    NAME             TYPE           CLUSTER-IP       EXTERNAL-IP                                                             PORT(S)                         AGE
    kubernetes       ClusterIP      10.100.0.1       <none>                                                                  443/TCP                         17m
    myapp-greeting   LoadBalancer   10.100.241.250   a8713338abef211e8970816cb629d414-71232674.us-east-1.elb.amazonaws.com   8080:32626/TCP,5005:30739/TCP   2m

    It shows the port 8080 and 5005 are published and an Elastic Load Balancer is provisioned. It takes about three minutes for the load balancer to be ready.

  6. Access the application:

    curl http://$(kubectl get svc/myapp-greeting \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):8080/hello
  7. Delete the application:

    helm delete --purge myapp

Service Mesh using AWS App Mesh

AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh can be used with Amazon EKS or Kubernetes running on AWS. In addition, it also works with other container services offered by AWS such as AWS Fargate and Amazon ECS. It also works with microservices deployed on Amazon EC2.

A thorough detailed example that shows how to use App Mesh with EKS is available at Service Mesh with App Mesh. This section provides a simplistic setup using the configuration files from there.

All scripts used in this section are in the manifests/appmesh directory.

Setup IAM Permissions

  1. Set a variable ROLE_NAME to IAM role for the EKS worker nodes:

    ROLE_NAME=$(aws iam list-roles \
    	--query \
    	'Roles[?contains(RoleName,`eksctl-myeks-nodegroup`)].RoleName' --output text)
  2. Setup permissions for the worker nodes:

    aws iam attach-role-policy \
    	--role-name $ROLE_NAME \
    	--policy-arn arn:aws:iam::aws:policy/AWSAppMeshFullAccess

Configure App Mesh

  1. Enable side-car injection by running create.sh script from https://github.com/aws/aws-app-mesh-examples/tree/master/examples/apps/djapp/2_create_injector. You need to change ca-bundle.sh and change MESH_NAME to greeting-app.

  2. Create prod namespace:

    kubectl create namespace prod
  3. Label prod namespace:

    kubectl label namespace prod appmesh.k8s.aws/sidecarInjectorWebhook=enabled
  4. Create CRDs:

    kubectl create -f https://raw.githubusercontent.com/aws/aws-app-mesh-examples/master/examples/apps/djapp/3_add_crds/mesh-definition.yaml
    kubectl create -f https://raw.githubusercontent.com/aws/aws-app-mesh-examples/master/examples/apps/djapp/3_add_crds/virtual-node-definition.yaml
    kubectl create -f https://raw.githubusercontent.com/aws/aws-app-mesh-examples/master/examples/apps/djapp/3_add_crds/virtual-service-definition.yaml
    kubectl create -f https://raw.githubusercontent.com/aws/aws-app-mesh-examples/master/examples/apps/djapp/3_add_crds/controller-deployment.yaml

Create App Mesh Components

  1. Create a Mesh:

    kubectl create -f mesh.yaml
  2. Create Virtual Nodes:

    kubectl create -f virtualnodes.yaml
  3. Create a Virtual Services:

    kubectl create -f virtualservice.yaml
  4. Create deployments:

    kubectl create -f app-hello-howdy.yaml
  5. Create services:

    kubectl create -f services.yaml

Traffic Shifting

  1. Find the name of the talker pod:

    TALKER_POD=$(kubectl get pods \
    	-nprod -lgreeting=talker \
    	-o jsonpath='{.items[0].metadata.name}')
  2. Exec into the talker pod:

    kubectl exec -nprod $TALKER_POD -it bash
  3. Invoke the mostly-hello service to get back mostly Hello response:

    while [ 1 ]; do curl http://mostly-hello.prod.svc.cluster.local:8080/hello; echo;done
  4. CTRL+C to break the loop.

  5. Invoke the mostly-howdy service to get back mostly Howdy response:

    while [ 1 ]; do curl http://mostly-howdy.prod.svc.cluster.local:8080/hello; echo;done
  6. CTRL+C to break the loop.

Service Mesh using Istio

Istio is is a layer 4/7 proxy that routes and load balances traffic over HTTP, WebSocket, HTTP/2, gRPC and supports application protocols such as MongoDB and Redis. Istio uses the Envoy proxy to manage all inbound/outbound traffic in the service mesh.

Istio has a wide variety of traffic management features that live outside the application code, such as A/B testing, phased/canary rollouts, failure recovery, circuit breaker, layer 7 routing and policy enforcement (all provided by the Envoy proxy). Istio also supports ACLs, rate limits, quotas, authentication, request tracing and telemetry collection using its Mixer component. The goal of the Istio project is to support traffic management and security of microservices without requiring any changes to the application; it does this by injecting a sidecar into your pod that handles all network communications.

Install and Configure

  1. Download Istio:

    curl -L https://git.io/getLatestIstio | sh -
    cd istio-1.*
  2. Include istio-1.*/bin directory in PATH

  3. Install Istio on Amazon EKS:

    helm install \
    	--wait \
    	--name istio \
    	--namespace istio-system \
    	install/kubernetes/helm/istio \
    	--set tracing.enabled=true \
    	--set grafana.enabled=true
  4. Verify:

    kubectl get pods -n istio-system
    NAME                                        READY   STATUS    RESTARTS   AGE
    grafana-75485f89b9-4lwg5                    1/1     Running   0          1m
    istio-citadel-84fb7985bf-4dkcx              1/1     Running   0          1m
    istio-egressgateway-bd9fb967d-bsrhz         1/1     Running   0          1m
    istio-galley-655c4f9ccd-qwk42               1/1     Running   0          1m
    istio-ingressgateway-688865c5f7-zj9db       1/1     Running   0          1m
    istio-pilot-6cd69dc444-9qstf                2/2     Running   0          1m
    istio-policy-6b9f4697d-g8hc6                2/2     Running   0          1m
    istio-sidecar-injector-8975849b4-cnd6l      1/1     Running   0          1m
    istio-statsd-prom-bridge-7f44bb5ddb-8r2zx   1/1     Running   0          1m
    istio-telemetry-6b5579595f-nlst8            2/2     Running   0          1m
    istio-tracing-ff94688bb-2w4wg               1/1     Running   0          1m
    prometheus-84bd4b9796-t9kk5                 1/1     Running   0          1m

    Check that both Tracing and Grafana add-ons are enabled.

  5. Enable side car injection for all pods in default namespace

    kubectl label namespace default istio-injection=enabled
  6. From the repo’s main directory, deploy the application:

    kubectl apply -f manifests/app.yaml
  7. Check pods and note that it has two containers (one for the application and one for the sidecar):

    kubectl get pods -l app=greeting
    NAME                       READY     STATUS    RESTARTS   AGE
    greeting-d4f55c7ff-6gz8b   2/2       Running   0          5s
  8. Get list of containers in the pod:

    kubectl get pods -l app=greeting -o jsonpath={.items[*].spec.containers[*].name}
    greeting istio-proxy
  9. Get response:

    curl http://$(kubectl get svc/greeting \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}')/hello

Traffic Shifting

  1. Deploy application with two versions of greeting, one that returns Hello and another that returns Howdy:

    kubectl delete -f manifests/app.yaml
    kubectl apply -f manifests/app-hello-howdy.yaml
  2. Check the list of pods:

    kubectl get pods -l app=greeting
    NAME                              READY     STATUS    RESTARTS   AGE
    greeting-hello-69cc7684d-7g4bx    2/2       Running   0          1m
    greeting-howdy-788b5d4b44-g7pml   2/2       Running   0          1m
  3. Access application multipe times to see different response:

    for i in {1..10}
    do
    	curl -q http://$(kubectl get svc/greeting -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')/hello
    	echo
    done
  4. Setup an Istio rule to split traffic between 75% to Hello and 25% to Howdy version of the greeting service:

    kubectl apply -f manifests/istio/app-rule-75-25.yaml
  5. Invoke the service again to see the traffic split between two services.

Canary Deployment

  1. Setup an Istio rule to divert 10% traffic to canary:

    kubectl delete -f manifests/istio/app-rule-75-25.yaml
    kubectl apply -f manifests/istio/app-canary.yaml
  2. Access application multipe times to see ~10% greeting messages with Howdy:

    for i in {1..50}
    do
    	curl -q http://$(kubectl get svc/greeting -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')/hello
    	echo
    done

Distributed Tracing

Istio is deployed as a sidecar proxy into each of your pods; this means it can see and monitor all the traffic flows between your microservices and generate a graphical representation of your mesh traffic. We’ll use the application you deployed in the previous step to demonstrate this.

By default, tracing is disabled. --set tracing.enabled=true was used during Istio installation to ensure tracing was enabled.

Setup access to the tracing dashboard URL using port-forwarding:

kubectl port-forward \
	-n istio-system \
	pod/$(kubectl get pod \
		-n istio-system \
		-l app=jaeger \
		-o jsonpath='{.items[0].metadata.name}') 16686:16686 &

Access the dashboard at http://localhost:16686, click on Dependencies, DAG.

istio dag

Metrics using Grafana

  1. By default, Grafana is disabled. --set grafana.enabled=true was used during Istio installation to ensure Grafana was enabled. Alternatively, the Grafana add-on can be installed as:

    kubectl apply -f install/kubernetes/addons/grafana.yaml
  2. Verify:

    kubectl get pods -l app=grafana -n istio-system
    NAME                       READY     STATUS    RESTARTS   AGE
    grafana-75485f89b9-n4skw   1/1       Running   0          10m
  3. Forward Istio dashboard using Grafana UI:

    kubectl -n istio-system \
    	port-forward $(kubectl -n istio-system \
    		get pod -l app=grafana \
    		-o jsonpath='{.items[0].metadata.name}') 3000:3000 &
  4. View Istio dashboard http://localhost:3000. Click on Home, Istio Workload Dashboard.

  5. Invoke the endpoint:

    curl http://$(kubectl get svc/greeting \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}')/hello
istio dashboard

Timeouts

Delays and timeouts can be injected in services.

  1. Deploy the application:

    kubectl delete -f manifests/app.yaml
    kubectl apply -f manifests/app-ingress.yaml
  2. Add a 5 seconds delay to calls to the service:

    kubectl apply -f manifests/istio/greeting-delay.yaml
  3. Invoke the service using a 2 seconds timeout:

    export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
    export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http")].port}')
    export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
    curl --connect-timeout 2 http://$GATEWAY_URL/resources/greeting

The service will timeout in 2 seconds.

Chaos using kube-monkey

kube-monkey is an implementation of Netflix’s Chaos Monkey for Kubernetes clusters. It randomly deletes Kubernetes pods in the cluster encouraging and validating the development of failure-resilient services.

  1. Create kube-monkey configuration:

    kubectl apply -f manifests/kubemonkey/kube-monkey-configmap.yaml
  2. Run kube-monkey:

    kubectl apply -f manifests/kubemonkey/kube-monkey-deployment.yaml
  3. Deploy an app that opts-in for pod deletion:

    kubectl apply -f manifests/kubemonkey/app-kube-monkey.yaml

This application agrees to kill up to 40% of pods. The schedule of deletion is defined by kube-monkey configuration and is defined to be between 10am and 4pm on weekdays.

Deployment Pipeline using Skaffold

Skaffold is a command line utility that facilitates continuous development for Kubernetes applications. With Skaffold, you can iterate on your application source code locally then deploy it to a remote Kubernetes cluster.

  1. Check context:

    kubectl config get-contexts
    CURRENT   NAME                               CLUSTER                       AUTHINFO                           NAMESPACE
              [email protected]   eks-gpu.us-west-2.eksctl.io   [email protected]
    *         [email protected]     myeks.us-east-1.eksctl.io     [email protected]
              docker-for-desktop                 docker-for-desktop-cluster    docker-for-desktop
  2. Change to use local Kubernetes cluster:

    kubectl config use-context docker-for-desktop
  3. Download Skaffold:

    curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-darwin-amd64 \
    	&& chmod +x skaffold
  4. Open http://localhost:8080/resources/greeting in browser. This will show the page is not available.

  5. Run Skaffold in the application directory:

    cd app
    skaffold dev
  6. Refresh the page in browser to see the output.

Deployment Pipeline using CodePipeline

Complete detailed instructions are available at https://eksworkshop.com/codepipeline/.

Create IAM role

  1. Create an IAM role and add an in-line policy that will allow the CodeBuild stage to interact with the EKS cluster:

    ACCOUNT_ID=`aws sts get-caller-identity --query Account --output text`
    TRUST="{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::${ACCOUNT_ID}:root\" }, \"Action\": \"sts:AssumeRole\" } ] }"
    echo '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "eks:Describe*", "Resource": "*" } ] }' > /tmp/iam-role-policy
    aws iam create-role --role-name EksWorkshopCodeBuildKubectlRole --assume-role-policy-document "$TRUST" --output text --query 'Role.Arn'
    aws iam put-role-policy --role-name EksWorkshopCodeBuildKubectlRole --policy-name eks-describe --policy-document file:///tmp/iam-role-policy
  2. Add this IAM role to aws-auth ConfigMap for the EKS cluster:

    ROLE="    - rolearn: arn:aws:iam::$ACCOUNT_ID:role/EksWorkshopCodeBuildKubectlRole\n      username: build\n      groups:\n        - system:masters"
    kubectl get -n kube-system configmap/aws-auth -o yaml | awk "/mapRoles: \|/{print;print \"$ROLE\";next}1" > /tmp/aws-auth-patch.yml
    kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)"

Create CloudFormation template

  1. Fork the repo https://github.com/aws-samples/kubernetes-for-java-developers

  2. Create a new GitHub token https://github.com/settings/tokens/new, select repo as the scope, click on Generate Token to generate the token. Copy the generated token.

  3. Launch CodePipeline CloudFormation template.

  4. Specify the correct values for GitHubUser, GitHubToken, GitSourceRepo and EKS cluster name. Change the branch if you need to:

    codepipeline template

    Click on Create stack to create the resources.

View CodePipeline

  1. Once the stack creation is complete, open CodePipeline in the AWS Console.

  2. Select the pipeline and wait for the pipeline status to complete:

    codepipeline status
  3. Access the service:

    curl http://$(kubectl get svc/greeting -n default \
    	-o jsonpath='{.status.loadBalancer.ingress[0].hostname}'):8080/hello

Deployment Pipeline using Jenkins X

  1. Install jx CLI:

    brew tap jenkins-x/jx
    brew install jx
  2. Create a new GitHub token with the following scope:

    jenkinsx github token
  3. Install Jenkins X on Amazon EKS:

    jx install --provider=eks --git-username arun-gupta --git-api-token GITHUB_TOKEN --batch-mode

    Log shows complete run of the command.

  4. Use jx import to import a project. Need Dockerfile and maven application in the root directory.

More Repositories

1

aws-cdk-examples

Example projects using the AWS CDK
Python
4,121
star
2

aws-serverless-workshops

Code and walkthrough labs to set up serverless applications for Wild Rydes workshops
JavaScript
3,977
star
3

aws-workshop-for-kubernetes

AWS Workshop for Kubernetes
Shell
2,618
star
4

aws-machine-learning-university-accelerated-nlp

Machine Learning University: Accelerated Natural Language Processing Class
Jupyter Notebook
2,080
star
5

aws-serverless-airline-booking

Airline Booking is a sample web application that provides Flight Search, Flight Payment, Flight Booking and Loyalty points including end-to-end testing, GraphQL and CI/CD. This web application was the theme of Build on Serverless Season 2 on AWS Twitch running from April 24th until end of August in 2019.
Vue
1,967
star
6

ecs-refarch-cloudformation

A reference architecture for deploying containerized microservices with Amazon ECS and AWS CloudFormation (YAML)
Makefile
1,673
star
7

lambda-refarch-webapp

The Web Application reference architecture is a general-purpose, event-driven, web application back-end that uses AWS Lambda, Amazon API Gateway for its business logic. It also uses Amazon DynamoDB as its database and Amazon Cognito for user management. All static content is hosted using AWS Amplify Console.
JavaScript
1,561
star
8

serverless-patterns

Serverless patterns. Learn more at the website: https://serverlessland.com/patterns.
Python
1,544
star
9

aws-modern-application-workshop

A tutorial for developers that want to learn about how to build modern applications on top of AWS. You will build a sample website that leverages infrastructure as code, containers, serverless code functions, CI/CD, and more.
1,459
star
10

amazon-bedrock-workshop

This is a workshop designed for Amazon Bedrock a foundational model service.
Jupyter Notebook
1,419
star
11

aws-machine-learning-university-accelerated-cv

Machine Learning University: Accelerated Computer Vision Class
Jupyter Notebook
1,409
star
12

aws-glue-samples

AWS Glue code samples
Python
1,277
star
13

aws-deepracer-workshops

DeepRacer workshop content
Jupyter Notebook
1,086
star
14

aws-genai-llm-chatbot

A modular and comprehensive solution to deploy a Multi-LLM and Multi-RAG powered chatbot (Amazon Bedrock, Anthropic, HuggingFace, OpenAI, Meta, AI21, Cohere, Mistral) using AWS CDK on AWS
TypeScript
1,061
star
15

aws-refarch-wordpress

This reference architecture provides best practices and a set of YAML CloudFormation templates for deploying WordPress on AWS.
PHP
1,001
star
16

aws-machine-learning-university-accelerated-tab

Machine Learning University: Accelerated Tabular Data Class
Jupyter Notebook
955
star
17

aws-serverless-ecommerce-platform

Serverless Ecommerce Platform is a sample implementation of a serverless backend for an e-commerce website. This sample is not meant to be used as an e-commerce platform as-is, but as an inspiration on how to build event-driven serverless microservices on AWS.
Python
947
star
18

aws-big-data-blog

Java
895
star
19

machine-learning-samples

Sample applications built using AWS' Amazon Machine Learning.
Python
867
star
20

eks-workshop

AWS Workshop for Learning EKS
CSS
777
star
21

startup-kit-templates

CloudFormation templates to accelerate getting started on AWS.
Python
760
star
22

aws-incident-response-playbooks

756
star
23

aws-security-reference-architecture-examples

Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation and Customizations for AWS Control Tower.
Python
731
star
24

retail-demo-store

AWS Retail Demo Store is a sample retail web application and workshop platform demonstrating how AWS infrastructure and services can be used to build compelling customer experiences for eCommerce, retail, and digital marketing use-cases
Jupyter Notebook
708
star
25

lambda-refarch-imagerecognition

The Image Recognition and Processing Backend reference architecture demonstrates how to use AWS Step Functions to orchestrate a serverless processing workflow using AWS Lambda, Amazon S3, Amazon DynamoDB and Amazon Rekognition.
JavaScript
662
star
26

aws-secure-environment-accelerator

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
HTML
653
star
27

simple-websockets-chat-app

This SAM application provides the Lambda functions, DynamoDB table, and roles to allow you to build a simple chat application based on API Gateway's new WebSocket-based API feature.
JavaScript
632
star
28

aws-codedeploy-samples

Samples and template scenarios for AWS CodeDeploy
Shell
627
star
29

emr-bootstrap-actions

This repository hold the Amazon Elastic MapReduce sample bootstrap actions
Shell
612
star
30

aws-bookstore-demo-app

AWS Bookstore Demo App is a full-stack sample web application that creates a storefront (and backend) for customers to shop for fictitious books. The entire application can be created with a single template. Built on AWS Full-Stack Template.
TypeScript
612
star
31

generative-ai-use-cases-jp

すぐに業務活用できるビジネスユースケース集付きの安全な生成AIアプリ実装
TypeScript
611
star
32

aws-lex-web-ui

Sample Amazon Lex chat bot web interface
JavaScript
607
star
33

hardeneks

Runs checks to see if an EKS cluster follows EKS Best Practices.
Python
603
star
34

lambda-refarch-mobilebackend

Serverless Reference Architecture for creating a Mobile Backend
Objective-C
584
star
35

amazon-personalize-samples

Notebooks and examples on how to onboard and use various features of Amazon Personalize
Jupyter Notebook
572
star
36

aws-serverless-workshop-innovator-island

Welcome to the Innovator Island serverless workshop! This repo contains all the instructions and code you need to complete the workshop.
JavaScript
564
star
37

aws-iot-chat-example

💬 Chat application using AWS IoT platform via MQTT over the WebSocket protocol
JavaScript
534
star
38

aws-dynamodb-examples

DynamoDB Examples
JavaScript
532
star
39

aws-amplify-graphql

Sample using AWS Amplify and AWS AppSync together for user login and authorization when making GraphQL queries and mutations. Also includes complex objects for uploading and downloading data to and from S3 with a React app.
JavaScript
521
star
40

aws-mobile-appsync-chat-starter-angular

GraphQL starter progressive web application (PWA) with Realtime and Offline functionality using AWS AppSync
TypeScript
520
star
41

aws-serverless-security-workshop

In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.
JavaScript
505
star
42

amazon-forecast-samples

Notebooks and examples on how to onboard and use various features of Amazon Forecast.
Jupyter Notebook
471
star
43

lambda-refarch-fileprocessing

Serverless Reference Architecture for Real-time File Processing
Python
450
star
44

ecs-blue-green-deployment

Reference architecture for doing blue green deployments on ECS.
Python
442
star
45

cloudfront-authorization-at-edge

Protect downloads of your content hosted on CloudFront with Cognito authentication using cookies and Lambda@Edge
TypeScript
439
star
46

aws-service-catalog-reference-architectures

Sample CloudFormation templates and architecture for AWS Service Catalog
JavaScript
430
star
47

amazon-bedrock-samples

This repository contains examples for customers to get started using the Amazon Bedrock Service. This contains examples for all available foundational models
Jupyter Notebook
422
star
48

siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.
Python
409
star
49

aws-microservices-deploy-options

This repo contains a simple application that consists of three microservices. Each application is deployed using different Compute options on AWS.
Jsonnet
407
star
50

aws-cost-explorer-report

Python SAM Lambda module for generating an Excel cost report with graphs, including month on month cost changes. Uses the AWS Cost Explorer API for data.
Python
406
star
51

aws-security-workshops

A collection of the latest AWS Security workshops
Jupyter Notebook
401
star
52

aws-sam-java-rest

A sample REST application built on SAM and DynamoDB that demonstrates testing with DynamoDB Local.
Java
400
star
53

amazon-elasticsearch-lambda-samples

Data ingestion for Amazon Elasticsearch Service from S3 and Amazon Kinesis, using AWS Lambda: Sample code
JavaScript
393
star
54

amazon-textract-textractor

Analyze documents with Amazon Textract and generate output in multiple formats.
Jupyter Notebook
390
star
55

amazon-cloudfront-functions

JavaScript
388
star
56

aws-saas-factory-bootcamp

SaaS on AWS Bootcamp - Building SaaS Solutions on AWS
JavaScript
376
star
57

aws-lambda-extensions

A collection of sample extensions to help you get started with AWS Lambda Extensions
Go
376
star
58

amazon-sagemaker-notebook-instance-lifecycle-config-samples

A collection of sample scripts to customize Amazon SageMaker Notebook Instances using Lifecycle Configurations
Shell
366
star
59

non-profit-blockchain

Builds a blockchain network and application to track donations to non-profit organizations, using Amazon Managed Blockchain
SCSS
360
star
60

amazon-textract-code-samples

Amazon Textract Code Samples
Jupyter Notebook
355
star
61

amazon-neptune-samples

Samples and documentation for using the Amazon Neptune graph database service
JavaScript
355
star
62

lambda-refarch-streamprocessing

Serverless Reference Architecture for Real-time Stream Processing
JavaScript
349
star
63

amazon-ecs-java-microservices

This is a reference architecture for java microservice on Amazon ECS
Java
345
star
64

sessions-with-aws-sam

This repo contains all the SAM templates created in the Twitch series #SessionsWithSAM. The show is every Thursday on Twitch at 10 AM PDT.
JavaScript
343
star
65

amazon-rekognition-video-analyzer

A working prototype for capturing frames off of a live MJPEG video stream, identifying objects in near real-time using deep learning, and triggering actions based on an objects watch list.
JavaScript
343
star
66

aws-eks-accelerator-for-terraform

The AWS EKS Accelerator for Terraform is a framework designed to help deploy and operate secure multi-account, multi-region AWS environments. The power of the solution is the configuration file which enables the users to provide a unique terraform state for each cluster and manage multiple clusters from one repository. This code base allows users to deploy EKS add-ons using Helm charts.
HCL
338
star
67

aws-deepcomposer-samples

Jupyter Notebook
336
star
68

amazon-ecs-mythicalmysfits-workshop

A tutorial for developers who want to learn about how to containerized applications on top of AWS using AWS Fargate. You will build a sample website that leverages infrastructure as code, containers, CI/CD, and more! If you're planning on running this, let us know @ [email protected]. At re:Invent 2018, these sessions were run as CON214/CON321/CON322.
HTML
334
star
69

aws-iot-examples

Examples using AWS IoT (Internet of Things). Deprecated. See README for updated guidance.
JavaScript
331
star
70

aws-media-services-simple-vod-workflow

Lab that covers video conversion workflow for Video On Demand using AWS MediaConvert.
Python
328
star
71

php-examples-for-aws-lambda

Demo serverless applications, examples code snippets and resources for PHP
PHP
324
star
72

aws-serverless-cicd-workshop

Learn how to build a CI/CD pipeline for SAM-based applications
CSS
317
star
73

create-react-app-auth-amplify

Implements a basic authentication flow for signing up/signing in users as well as protected client side routing using AWS Amplify.
JavaScript
314
star
74

api-gateway-secure-pet-store

Amazon API Gateway sample using Amazon Cognito credentials through AWS Lambda
Objective-C
309
star
75

aws-etl-orchestrator

A serverless architecture for orchestrating ETL jobs in arbitrarily-complex workflows using AWS Step Functions and AWS Lambda.
Python
307
star
76

amazon-textract-serverless-large-scale-document-processing

Process documents at scale using Amazon Textract
Python
302
star
77

lambda-go-samples

An example of using AWS Lambda with Go
Go
302
star
78

amazon-cloudfront-secure-static-site

Create a secure static website with CloudFront for your registered domain.
JavaScript
300
star
79

amazon-ecs-firelens-examples

Sample logging architectures for FireLens on Amazon ECS and AWS Fargate.
300
star
80

aws-nodejs-sample

Sample project to demonstrate usage of the AWS SDK for Node.js
JavaScript
299
star
81

aws-cognito-apigw-angular-auth

A simple/sample AngularV4-based web app that demonstrates different API authentication options using Amazon Cognito and API Gateway with an AWS Lambda and Amazon DynamoDB backend that stores user details in a complete end to end Serverless fashion.
JavaScript
297
star
82

lambda-ecs-worker-pattern

This example code illustrates how to extend AWS Lambda functionality using Amazon SQS and the Amazon EC2 Container Service (ECS).
POV-Ray SDL
291
star
83

aws-lambda-fanout

A sample AWS Lambda function that accepts messages from an Amazon Kinesis Stream and transfers the messages to another data transport.
JavaScript
289
star
84

aws-saas-factory-ref-solution-serverless-saas

Python
286
star
85

aws-mlu-explain

Visual, Interactive Articles About Machine Learning: https://mlu-explain.github.io/
JavaScript
285
star
86

aws-serverless-shopping-cart

Serverless Shopping Cart is a sample implementation of a serverless shopping cart for an e-commerce website.
Python
282
star
87

aws-serverless-samfarm

This repo is full CI/CD Serverless example which was used in the What's New with AWS Lambda presentation at Re:Invent 2016.
JavaScript
280
star
88

eb-node-express-sample

Sample Express application for AWS Elastic Beanstalk
EJS
279
star
89

eb-py-flask-signup

HTML
270
star
90

codepipeline-nested-cfn

CloudFormation templates, CodeBuild build specification & Python scripts to perform unit tests of a nested CloudFormation template.
Python
269
star
91

aws-amplify-auth-starters

Starter projects for developers looking to build web & mobile applications that have Authentication & protected routing
269
star
92

aws-containers-task-definitions

Task Definitions for running common applications Amazon ECS
264
star
93

aws-proton-cloudformation-sample-templates

Sample templates for AWS Proton
262
star
94

aws2tf

aws2tf - automates the importing of existing AWS resources into Terraform and outputs the Terraform HCL code.
Shell
261
star
95

aws-cdk-changelogs-demo

This is a demo application that uses modern serverless architecture to crawl changelogs from open source projects, parse them, and provide an API and website for viewing them.
JavaScript
260
star
96

designing-cloud-native-microservices-on-aws

Introduce a fluent way to design cloud native microservices via EventStorming workshop, this is a hands-on workshop. Contains such topics: DDD, Event storming, Specification by example. Including the AWS product : Serverless Lambda , DynamoDB, Fargate, CloudWatch.
Java
257
star
97

aws-secrets-manager-rotation-lambdas

Contains Lambda functions to be used for automatic rotation of secrets stored in AWS Secrets Manager
Python
256
star
98

lambda-refarch-iotbackend

Serverless Reference Architecture for creating an IoT Backend
Python
251
star
99

aws-health-aware

AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.
Python
250
star
100

Intelli-Agent

Chatbot Portal with Agent: Streamlined Workflow for Building Agent-Based Applications
Python
250
star