Login
September 12, 2024|
Voiced by Amazon Polly |
Overview
This guide walks through integrating AWS CodeBuild with Amazon Elastic Kubernetes Service (EKS) to streamline application build and deployment. By the end, you will have a CodeBuild project configured to interact with your Amazon EKS cluster.
Introduction
Integrating AWS CodeBuild with Amazon EKS enhances CI/CD pipelines, enabling automated application deployment and efficient operations.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Prerequisite
- Ensure the following before starting:
- A running Amazon EKS cluster
- AWS CLI and kubectl installed and configured
- IAM permissions for creating roles and updating EKS configurations
- Basic knowledge of Kubernetes and AWS CodeBuild
Step-by-Step Guide
Step 1: Create an AWS IAM Role for AWS CodeBuild
To allow CodeBuild to interact with your Amazon EKS cluster, create an AWS IAM role:
- In the AWS Management Console, navigate to IAM.
- Select Roles > Create Role.
- Choose CodeBuild as the trusted entity and proceed to set permissions.
4. Attach Policies:
You need to attach policies that allow the AWS CodeBuild role to interact with EKS and other AWS services like S3, CloudWatch, and others that your build might require.
You can attach the following managed policies:
- AmazonEKSWorkerNodePolicy
- AmazonEC2ContainerRegistryPowerUser
- AmazonS3ReadOnlyAccess (optional, depending on your use case)
- EKS-FULL-ACESS
- EKSCodeBuildPolicy
- EC2FullAccess
- Review and Create Role:
- After attaching the required policies, name your role, e.g., <integrated_ekscodebuild>. Review the settings and click Create Role.
Step 2: Attach the AWS IAM Role to the Amazon EKS aws-auth ConfigMap
The next step is to allow the newly created AWS IAM role to authenticate with your Amazon EKS cluster. You need to update the aws-auth ConfigMap in your Amazon EKS cluster to do this.
- Modify the ConfigMap:
|
1 |
kubectl get configmap aws-auth -n kube-system -o yaml > aws-auth.yaml |
Add the AWS IAM role for AWS CodeBuild under the mapRoles section of the aws-auth ConfigMap. Here’s an example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
apiVersion: v1 data: mapRoles: | - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::********************:role/*********_noderole username: system:node:{{EC2PrivateDNSName}} - groups: - system:masters rolearn: arn:aws:iam::**********:role/service-role/integrated_ekscodebuild username: integrated_ekscodebuild - groups: - system:masters rolearn: arn:aws:iam::**********:role/integrated_ekscodebuild username: integrated_ekscodebuild |
2. Apply the Updated ConfigMap:
After modifying the ConfigMap, apply it to your Amazon EKS cluster:
This step allows the AWS CodeBuild role to interact with the Kubernetes API as a system:masters user, giving it admin privileges.
Step 3: Create the CodeBuild Project
Now that the AWS IAM role is ready and configured in the Amazon EKS cluster, the next step is to create the Code Build project.
Please go through the blog below to create a build project for AWS CodeBuild.
Building and Pushing Docker Images with AWS CodeBuild (cloudthat.com)
Don’t forget to enable the Privileged, which helps build the docker image in the ubuntu server.
Buildspec File: Create a buildspec.yml file in your repository to define the build and deployment steps. Here’s an example:
In Pre-build, kindly go through the Blog
Building and Pushing Docker Images with AWS CodeBuild (cloudthat.com)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
version: 0.2 phases: install: # runtime-versions: # docker: 18 commands: - nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 & - timeout 15 sh -c "until docker info; do echo .; sleep 1; done" post_build: commands: - echo $flag - CREDENTIALS=$(aws sts assume-role --role-arn arn:aws:iam:**************:role/service-role/integration_ekscodebuildrole --role-session-name <your email address>--duration-seconds 900) - export AWS_ACCESS_KEY_ID="$(echo ${CREDENTIALS} | jq -r '.Credentials.AccessKeyId')" - export AWS_SECRET_ACCESS_KEY="$(echo ${CREDENTIALS} | jq -r '.Credentials.SecretAccessKey')" - export AWS_SESSION_TOKEN="$(echo ${CREDENTIALS} | jq -r '.Credentials.SessionToken')" - export AWS_EXPIRATION=$(echo ${CREDENTIALS} | jq -r '.Credentials.Expiration') - aws eks update-kubeconfig --name <your EKS cluster> --region ap-south-1 - echo "Apply changes to kube manifests" - kubectl get ns - cd ../../ - sed -i 's@CONTAINER_IMAGE@'"$REPOSITORY_URI:$newimagename-$TAG"'@' ./Deployments/GetMessageStatus.yaml - cat ./Deployments/deployment.yaml - kubectl apply -f ./Deployments/deployment.yaml |
- Save and Start Build:
Once your project is configured, click Create Build Project. You can now start a build and monitor the build logs to see the progress of your deployment to Amazon EKS.
Just push the code in the tree format below.
Copy the Code from the Below Github Repo
https://github.com/v-karthik-kumar/EKS_CICD.git
Step 4: Push the code in the repository
It Will trigger the Respective CodeBuild according to the buildspec file It will Build the docker image and push it to the Amazon ECR repository.
The same image will be used in the deployment file to deploy the yaml file in the Amazon EKS cluster.
Conclusion
In this guide, we integrated AWS CodeBuild with an Amazon EKS cluster. We created an AWS IAM role for AWS CodeBuild, updated the aws-auth ConfigMap in the Amazon EKS cluster, and set up an AWS CodeBuild project that builds and deploys to the Amazon EKS cluster.
This setup can be further extended with additional automation, such as triggering the CodeBuild project from a CI/CD pipeline or integrating it with other AWS services.
Drop a query if you have any questions regarding AWS CodeBuild or Amazon EKS and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner and many more.
To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.
FAQs
1. Why is an AWS IAM role needed to integrate AWS CodeBuild with Amazon EKS?
ANS: – The AWS IAM role allows AWS CodeBuild to authenticate and interact securely with the Amazon EKS cluster.
2. How do I deploy a Docker image to Amazon EKS using CodeBuild?
ANS: – AWS CodeBuild pushes the Docker image to Amazon ECR and then updates the Amazon EKS deployment using kubectl.
WRITTEN BY Karthik Kumar P V
Karthik Kumar Patro Voona is a Research Associate (Kubernetes) at CloudThat Technologies. He Holds Bachelor's degree in Information and Technology and has good programming knowledge of Python. He has experience in both AWS and Azure. He has a passion for Cloud-computing and DevOps. He has good working experience in Kubernetes and DevOps Tools like Terraform, Ansible, and Jenkins. He is a very good Team player, Adaptive and interested in exploring new technologies.
PREV
Comments