Manage Your AWS Resources from Kubernetes with ACK
More people are adopting Kubernetes in their environments every day and it is already a huge leap in the evolving of the technology. Kubernetes project started as a Container Orchestration Platform but now it is much more than that. We run our mission critical and production workloads on Kubernetes, we run our end to end tests on Kubernetes and we use Kubernetes as a development environment. But Kubernetes is evolving too. The project is becoming a Control Plane for everything. That means we are using Kubernetes to manage other resources in other environments or other platforms. This includes Public Cloud environments too of course. Because, its API is easily extensible and can integrate with other things. Also, managing Kubernetes resources with YAML files is a lot easier than learning third party tools every day.
Most of us use AWS services with either one of these options:
- AWS Management Console
- AWS CLI
- IaC (Infrastructure as Code) with tools like Terraform or Cloudformation or Pulumi
But that means we need to learn these tools or approaches for managing the AWS Resources we have in our environment. That’s not extremely hard and actually I use Terraform on a daily basis. But some people don’t have the time to learn all these new technologies/approaches and already have familiarity with Kubernetes and managing Kubernetes resources with a declarative approach using YAML. Also, using AWS Management Console and AWS CLI makes it harder for everyone to follow the changes in the infrastructure. Having a declarative option is the best approach for everyone.
The question is how to manage AWS resources from Kubernetes.
AWS Controllers for Kubernetes (ACK) allows you to manage AWS Services directly from your Kubernetes cluster with plain YAML files. ACK is an open source project built by the engineers in AWS and you can find the details about the project from GitHub. You can also contribute to the project and I should mention it is highly encouraged. As you already know, AWS provides a lot of managed services like Databases, Object Stores, Message Queues etc. and we often need these supporting resources for our applications running on Kubernetes clusters. With ACK, you can define and consume these resources from your Kubernetes clusters.
As you can see from the architecture diagram above, a user makes a request to the kube-apiserver to create an S3 Bucket resource. Apiserver writes that request to etcd and makes an API request to AWS for creating that S3 Bucket. These AWS resources are managed in Kubernetes Clusters as Custom Resources(CR). If the user making that request has the permissions for creating this CR then the Bucket is created.
There are multiple Controllers for different AWS Services and these are called Service Controllers. You can find the detailed information for these Service Controllers and their release cycles from the project’s website. Contributors are working really hard to extend the supported services list in ACK. You can also raise an issue in the project’s GitHub page if you want additional AWS services to be added to ACK.
Let’s see the ACK in action!
I have created a GitHub repository for this demonstration. In this repository, you can find Terraform codes for creating an EKS Cluster, scripts for creating Service Controllers and example Kubernetes YAML files for ACK Resources. I will also update this repo constantly to add more examples for ACK Resources.
I have already created the EKS Cluster and connected to it. For this demonstration I will create an S3 bucket. I run the script with the service name option: ./ack_controller_install.sh s3
The script has two functions with different actions.
First function pulls the required Service Controller Helm Chart from the official AWS ECR Registry and installs it to the cluster.
Second function creates the required OIDC Provider for the Kubernetes cluster and creates IAM Roles for Service Account (IRSA) configurations with the required permissions.
After running this script, I can now create S3 Bucket resources using the example files in the repository. I use the simple_bucket.yaml file and change the bucket name to test-bucket-ack-resource. I create the resource with the kubectl apply command.
Now, I have an S3 Bucket created in my AWS Account. Let’s see the details.
Great! I can now start using the S3 Bucket.
I also created a cleanup script in the repository that you can use. The cleanup script uninstalls the Helm Chart for the Service Controller, deletes the CRDs, deletes the OIDC Provider for EKS Cluster and deletes the EKS Cluster itself. You can use the script with adding the service name in the end like ./cleanup.sh s3.
Kubernetes is becoming much more than just a container orchestration tool. With the help of tools like ACK our life is getting easier. Creating and consuming AWS Services from Kubernetes Clusters with ACK is making it extremely easy for everyone to use supporting resources for their application. Supported services for ACK will increase in time for sure but you can definitely check out and start using in your environments.