Introduction
This guide will show you how to use Amazon ElastiCache for Redis as a distributed cache for user session management. You will use Amazon Elastic Kubernetes Service (EKS) to deploy a Python Flask application. The Python Flask application will randomly create a color cached and store it in the server-side session state to Amazon ElastiCache for Redis. As part of this guide, you will create a container image containing the code for the Python Flask container. You will be uploaded the container image to a private Amazon Elastic Container Registry. This is a two-part article.
This first article will discuss what technologies we will use, the prerequisites and architecture overview, and the configuration and setup process.
You can access all of the code used in my GitHub Repository.
Technologies we are going to use:
Amazon ElastiCache is a fully managed in-memory caching service that Amazon Web Services (AWS) provides. It's designed to improve the performance of web applications by allowing them to retrieve data from fast, in-memory caches rather than slower disk-based databases. ElastiCache supports two open-source caching engines: Redis and Memcached. Use cases include caching, session storage, gaming leaderboards, geospatial applications, real-time analytics, and queuing.
Amazon Elastic Kubernetes Service (EKS) is a fully managed service that enables users to run Kubernetes on Amazon Web Services (AWS) without the need to address the underlying Kubernetes control plane. It allows the deployment, scaling, and management of containerized applications using Kubernetes tools. EKS is fully compatible with applications running on any standard Kubernetes environment, facilitating easy migration. It integrates with various AWS services, ensuring seamless security, compliance, and auditing. Use cases include microservices applications, hybrid cloud architectures, machine learning applications, batch processing, and application migration.
Amazon Elastic Container Registry (ECR) is a fully managed container registry that allows developers to store, manage, and deploy Docker or Open Container Initiative (OCI) images. It is designed for high performance, scalability, and security, with features such as AWS resource-based permissions, support for private repositories, HTTPS transfer, and automatic encryption at rest. ECR is integrated with AWS's container orchestration services, Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS), making deploying the stored container images to these services easy. It's commonly used in a workflow involving the development of a Docker container locally, followed by building and pushing that container image to ECR for deployment to a cloud environment.
Amazon Route 53 is a scalable and highly available cloud-based Domain Name System (DNS) service provided by Amazon Web Services (AWS). It is designed to route users to internet applications by translating domain names into numeric IP addresses that computers use to connect. Key features include domain registration, DNS routing, health checks, traffic flow based on various criteria, and the ability to handle large query volumes with low latency. Route 53 can route user traffic to infrastructure within AWS (like EC2 instances or S3 buckets) or outside AWS, making it crucial for many AWS-based applications.
AWS Certificate Manager (ACM) is a service provided by Amazon Web Services that simplifies the management and deployment of SSL/TLS certificates for AWS-based websites and applications. Key features include automatic certificate issuance and renewal, centralized certificate management, integration with other AWS services, and secure storage of private keys. With ACM, you can also create private certificate authorities and manage the lifecycle of private certificates through ACM Private Certificate Authority (CA).
Amazon Virtual Private Cloud (Amazon VPC) is a service provided by Amazon Web Services (AWS) that allows you to create a virtual network in the AWS cloud. It gives you control over your network configuration by allowing you to create subnets, define access control, and establish connectivity options. You can securely connect your VPC to your on-premises infrastructure or other VPCs using VPN or AWS Direct Connect. Amazon VPC enables you to provision resources within a logically isolated environment and provides features like security groups, route tables, and gateways for efficient networking.
Amazon's Application Load Balancer (ALB) with Amazon Elastic Kubernetes Service (EKS). The ALB automatically distributes incoming application traffic across multiple targets in AWS. When used with Amazon EKS, the ALB routes traffic to Kubernetes applications based on the Kubernetes Ingress resource. The setup provides a single, scalable entry point to applications, handling tasks like SSL offloading, sticky sessions, and advanced routing rules.
Infrastructure as Code (IaC) is a method for managing and provisioning computing infrastructure through machine-readable definition files, which replace manual hardware configuration or interactive configuration tools. IaC benefits include speed and simplicity, consistency across environments, version control for auditing, rollbacks, and cost savings through automation. Common IaC tools include Terraform, Ansible, Chef, Puppet, and AWS CloudFormation, which allow infrastructure setup and modifications via code.
Terraform from HashiCorp is an open-source Infrastructure as Code (IaC) tool that allows users to define, provision, and manage data center infrastructure using a declarative configuration language. Key features include infrastructure as code, execution plans, resource graphs, and change automation. Terraform is provider-agnostic, supporting multiple providers like AWS, GCP, Azure, and more, enabling users to manage various infrastructure services using the same tool and configuration syntax. This cross-provider support can be beneficial for teams working with multiple cloud providers.
Kubernetes, also known as K8s, is an open-source platform designed to automate containerized applications' deployment, scaling, and management. Google initially developed it, and the Cloud Native Computing Foundation maintains it. Critical features of Kubernetes include Pods (the smallest deployable units of computing that can be created and managed), Services (abstract ways to expose applications running on a set of Pods), Ingress (manages external access to services), ReplicaSets (ensures a specified number of Pod replicas are running), Deployments (provides updates for Pods and ReplicaSets), and Scaling (Kubernetes can scale based on CPU usage or other metrics). Kubernetes also supports rolling updates and rollbacks and allows decoupling configuration artifacts from image content for better portability.
Helmis a package manager for Kubernetes that simplifies the deployment and management of Kubernetes applications. It uses a packaging format called "charts," which are pre-configured Kubernetes resources. Key features include "Charts" for packaging resources, "Releases" for running instances of a chart within a Kubernetes cluster, "Repositories" for storing and sharing charts, and a command-line interface for interacting with Helm and Kubernetes. Helm can manage complexity and provide tools to manage large applications.
Kubernetes Metrics Server is a component that collects real-time resource utilization data from Kubernetes clusters. It retrieves metrics such as CPU and memory usage from nodes and pods and provides them to other components and tools for monitoring and autoscaling purposes. It is lightweight, scalable, and accessed using the Kubernetes Metrics API. Overall, the Metrics Server helps manage the performance and efficiency of Kubernetes workloads.
Kubernetes External DNS is a tool that automates the management of DNS records for services in a Kubernetes cluster. It updates DNS providers such as Amazon Route 53 with the appropriate records based on changes to Kubernetes services. This enables external clients to access services using human-readable domain names, providing dynamic DNS resolution for Kubernetes services.
Prerequisites
Before you begin, make sure you have the following before starting:
- An active AWS account. You can create a new AWS account here.
- AWS CLI installed and configured. Instructions can be found here.
- Terraform installed. Instructions can be found here.
- Helm installed. Instructions can be found here.
- Kubernetes CLI (kubectl). Instructions can be found here.
Architecture Overview
Amazon ElastiCache
resource "aws_elasticache_replication_group" "elasticache" {
replication_group_id = local.elasticache_cluster_id
description = local.project
node_type = "cache.t3.small"
engine_version = "7.0"
port = 6379
parameter_group_name = "default.redis7.cluster.on"
automatic_failover_enabled = true
multi_az_enabled = true
subnet_group_name = module.vpc.elasticache_subnet_group
security_group_ids = [module.elasticache_sg.security_group_id]
preferred_cache_cluster_azs = local.azs
num_cache_clusters = 3
at_rest_encryption_enabled = true
transit_encryption_enabled = true
user_group_ids = [aws_elasticache_user_group.elasticache.id]
depends_on = [module.vpc]
}
...
Amazon EKS
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.0"
cluster_name = local.eks_cluster_name
cluster_version = local.eks_cluster_version
cluster_endpoint_private_access = true
cluster_endpoint_public_access = true
cluster_addons = {
kube-proxy = {
most_recent = true
resolve_conflicts = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
}
vpc-cni = {
most_recent = true
resolve_conflicts = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
service_account_role_arn = module.vpc_cni_ipv4_irsa_role.iam_role_arn
}
}
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
depends_on = [module.vpc]
}
...
Amazon ECR
module "ecr" {
source = "terraform-aws-modules/ecr/aws"
version = "~> 1.6.0"
repository_name = local.ecr_repo_name
create_lifecycle_policy = true
repository_image_tag_mutability = "MUTABLE"
repository_lifecycle_policy = jsonencode({
rules = [
{
rulePriority = 1,
description = "Keep last 5 untagged images",
selection = {
tagStatus = "untagged",
countType = "imageCountMoreThan",
countNumber = 4
},
action = {
type = "expire"
}
},
]
})
repository_force_delete = true
depends_on = [module.vpc]
}
Amazon VPC
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0.0"
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 64)]
name = local.vpc_name
cidr = local.vpc_cidr
azs = local.azs
enable_nat_gateway = true
single_nat_gateway = true
enable_dns_hostnames = true
enable_dns_support = true
create_flow_log_cloudwatch_iam_role = true
create_flow_log_cloudwatch_log_group = true
enable_dhcp_options = true
enable_flow_log = true
flow_log_cloudwatch_log_group_retention_in_days = 7
flow_log_max_aggregation_interval = 60
elasticache_subnet_group_name = "${local.elasticache_cluster_id}-subnet-group"
public_subnet_tags = {
"kubernetes.io/cluster/${local.eks_cluster_name}" = "shared"
"kubernetes.io/role/elb" = 1
}
private_subnet_tags = {
"kubernetes.io/cluster/${local.eks_cluster_name}" = "shared"
"kubernetes.io/role/internal-elb" = 1
}
elasticache_subnet_tags = {
"Description" = "ElastiCache Subnet"
}
}
Amazon ACM
resource "aws_acm_certificate" "color" {
domain_name = local.custom_domain_name
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
...
Amazon ALB
Amazon ALB will automatically be created when you deploy the Color App using Helm. This will be discussed in part 2 of this article.
Amazon Route 53
When you deploy the Color App using Helm, the public domain you will use will be registered automatically in Amazon Route 53. This will be discussed in part 2 of this article.
We just finished reviewing the architecture that will be created by Terraform code. Several of the code blocks from above are just snippets of code. Please see the git repo for the complete code.
Configuration
- Amazon ElastiCache
- Amazon Elastic Kubernetes Service (EKS)
- Amazon Elastic Container Registry (ECR)
- AWS Key Management Service (KMS)
- Amazon Route 53
- AWS Certificate Manager (ACM)
- Amazon Virtual Private Cloud (Amazon VPC)
- IAM policies and roles
Setup
Follow these steps to set up the environment.
Step 1. Set variables in "locals.tf". Below are some of the variables that should be set.
- aws region
- aws profile
- tags
- custom_domain_name
- public_domain
Step 2. Update Terraform S3 Backend in provider.tf
- bucket
- key
- profile
- dynamodb_table
Step 3. Initialize Terraform
terraform init
Step 4. Validate the Terraform code
terraform validate
Step 5. Run, review, and save a Terraform plan
terraform plan -out=plan.out
Step 6. Apply the Terraform plan
terraform apply plan.out
Step 7. Review Terraform apply results.
After completing the above steps, you should have a running and working Amazon ElastiCache Redis cluster, Amazon EKS Cluster, and Amazon ECR.
Please stay tuned for the next article, where we will complete the following tasks.
- Configure access to Amazon EKS Cluster
- Build and push our Docker image to Amazon ECR
- Deploy supporting services to Kubernetes
- Deploy Python Flask Color application to Kubernetes
- Demonstrate how Session Cache works with our Python Flask Color App and Amazon ElastiCache
- Clean up apps and infrastructure
