Deploying a 2048 Game on AWS EKS Fargate with Load Balancing: A Deep Dive

Kubernetes (K8s) and Amazon Elastic Kubernetes Service (EKS) empower developers to build scalable, reliable, and containerized applications. In this guide, we'll demonstrate how to deploy the classic 2048 game on EKS, using AWS Fargate for a serverless experience and the AWS Load Balancer Controller for seamless traffic management.

Why AWS EKS Fargate & Load Balancing?

• Scalability: EKS effortlessly scales your application up or down based on demand, ensuring optimal performance during peak traffic periods.
• High Availability: AWS Load Balancer Controller automatically distributes incoming traffic across multiple pods of your application, preventing downtime even when individual components fail.
• Serverless Simplicity: Fargate eliminates the need to manage worker nodes, allowing you to focus on your application development. You pay only for the resources your application consumes, making it cost-effective.

Understanding the Components

• EKS Cluster: The foundation for our application. This is our Kubernetes environment managed by AWS.
• Fargate Profile: This enables EKS to run pods directly on Fargate, AWS's serverless compute engine.
• Namespace: A virtual cluster within Kubernetes used to organize resources. Our game will live in the game-2048 namespace.
• Deployment: Defines how the 2048 game application will be deployed (how many replicas/instances, which container image to use, etc.).
• Service: Exposes the 2048 game to other components within the Kubernetes cluster.
• Ingress: Acts as the entry point to our application from the outside world. The AWS Load Balancer Controller will create a load balancer based on this Ingress configuration.
• AWS Load Balancer Controller: This is the Kubernetes controller that integrates with AWS Application Load Balancers (ALBs). It watches for Ingress resources and provisions ALBs accordingly.
• IAM OIDC Provider: This allows EKS to authenticate with AWS IAM, enabling us to assign fine-grained permissions to our Kubernetes service accounts.

Steps to Deployment

1. Create EKS Cluster:

eksctl create cluster --name demo-cluster-1 --region us-east-1 --fargate        

This command creates an EKS cluster named "demo-cluster-1" in the us-east-1 region using Fargate.

Now Update your local kubeconfig file to connect with kubectl .

aws eks --region us-east-1 update-kubeconfig --name demo-cluster-1         

This will connect your cluster with kubectl command line you will avail to control your cluster using kubectl command.

2. Create Fargate Profile and Namespace:

eksctl create fargateprofile \
    --cluster demo-cluster-1 \
    --region us-east-1 \
    --name alb-sample-app \
    --namespace game-2048        

This command prepares your cluster to run the application in a serverless Fargate environment and creates a dedicated namespace (game-2048) for it.

3. Deploy the 2048 Game Application:

kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/examples/2048/2048_full.yaml        

In this URL are the Deployment, Service, and Ingress resources for the 2048 game application that was already created previously.

Here is the complete breakdown of the YAML file below:

---
apiVersion: v1
kind: Namespace
metadata:
  name: game-2048
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: game-2048
  name: deployment-2048
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: app-2048
  replicas: 5
  template:
    metadata:
      labels:
        app.kubernetes.io/name: app-2048
    spec:
      containers:
      - image: public.ecr.aws/l6m2t8p7/docker-2048:latest
        imagePullPolicy: Always
        name: app-2048
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  namespace: game-2048
  name: service-2048
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: NodePort
  selector:
    app.kubernetes.io/name: app-2048
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: game-2048
  name: ingress-2048
  annotations:
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: service-2048
              port:
                number: 80        

4. Configure IAM OIDC Provider and Policy:

Now Associate an IAM OIDC provider with your cluster:

eksctl utils associate-iam-oidc-provider --cluster demo-cluster-1 --approve        

• Than Create an IAM policy for the AWS Load Balancer Controller:

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
aws iam create-policy \
    --policy-name AWSLoadBalancerControllerIAMPolicy \
    --policy-document file://iam_policy.json        

This command will create the IAM Policy that is needed to seemingly run the application.

5. Create IAM Role and Service Account:

• Now you have to Create an IAM role and service account for the controller using this command :

eksctl create iamserviceaccount \
    --cluster=demo-cluster-1 \
    --namespace=kube-system \
    --name=aws-load-balancer-controller-1 \
    --role-name AmazonEKSLoadBalancerControllerRole \
    --attach-policy-arn=arn:aws:iam::YOUR_ACCOUNT_ID:policy/AWSLoadBalancerControllerIAMPolicy \
    --approve        

• Important: Replace YOUR_ACCOUNT_ID and YOUR_IAM_ROLE_ARN with your values.

This command will create the IAM Service account and Attach the Policy to AWS LoadBalencerControler

6. Deploy AWS Load Balancer Controller:

helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system \
    --set clusterName=demo-cluster-1 \
    --set serviceAccount.create=false \
    --set serviceAccount.name=aws-load-balancer-controller-1 \
    --set region=us-east-1 \
    --set vpcId=YOUR_VPC_ID \        

This will create the application Load Balancer and expose the application onto the internet and you user will access the app using a single endpoint

6. Verify and Access the Application:

kubectl get ingress -n game-2048        

Note the load balancer DNS name and open it in your web browser to play the 2048 game!

Congratulations you have successfully deployed an game on the Kubernetes cluster.

Key Points:

• This guide simplifies the process of deploying and load balancing applications on EKS Fargate.
• Be sure to replace placeholders like YOUR_ACCOUNT_ID, YOUR_VPC_ID, and YOUR_IAM_ROLE_ARN with your actual values.

Now Let's break down how to remove each resource created during this deployment process.

1. Delete the Application Resources:

• Ingress , Service and Deployment

kubectl delete ingress ingress-2048 -n game-2048
kubectl delete service service-2048 -n game-2048
kubectl delete deployment deployment-2048 -n game-2048        

• Namespace:

kubectl delete namespace game-2048        

2. Delete Load Balancer Controller:

helm uninstall aws-load-balancer-controller -n kube-system        

3. Delete IAM Resources:

• IAM Service Account:

eksctl delete iamserviceaccount --cluster=demo-cluster-1 --namespace=kube-system --name=aws-load-balancer-controller-1        

• IAM Policy:

aws iam delete-policy --policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/AWSLoadBalancerControllerIAMPolicy        

4. Delete EKS Cluster (if desired):

eksctl delete cluster --name demo-cluster-1        

Additional Notes:

• Order: It's generally a good practice to delete resources in the reverse order of creation.
• Confirmation: Pay attention to the prompts and confirm your actions when deleting resources.
• Manual Cleanup: Double-check the AWS console to ensure that any additional resources (e.g., Load Balancers, Target Groups) created by the Load Balancer Controller have been deleted.
• VPC Resources: If you created any additional VPC resources for the EKS cluster, such as subnets or security groups, you will need to delete them separately through the AWS console or CLI