AWS - EKS Failover

-


 In this post, we will see how to do an AZ failover for an EKS Cluster.


Above is the typical multi-region failover where we will have 2 DNS records.

Primary EKS cluster in US-EAST-1 with DNS east.eks.com

Secondary EKS Cluster in US-WEST with DNS west.eks.com

This means we will have 2 A records for the address www.app.com.

DNS failover will happen whenever there is a health check failure.

But in this post, we will how to perform AZ resiliency. Regions are a collection of AZs.

Let's imagine an EKS Cluster is created on a single region us-east-1 with 2 AZs us-east-1a and us-east-1b.


In this single region architecture, We have core nodes 1 or 2 in each AZ (Nodes where K8s core components like Kube-API, Kube Scheduler, ETCD, and others will be running).

Similarly, We will have a set of worker nodes running on both the AZs (US-EAST-1A and US-EAST1B).

When we create a deployment with 2 replicas, each will be created in one AZ.

1st copy in US-EAST-1A 
2nd copy in US-EAST-1B

This can be seen using # kubectl get pods -o wide or kubectl get pods --field-selector spec.nodeName=node1

Now, How we can do failover?

One important thing before we do failover. We must ensure the deployments are running with a minimum of 2 replicas else during the failover we will have downtime to create pods in other AZ.

Once that's validated we can perform TAINT and DRAIN.

TAINT -> Will mark the node UNSCHEDULABLE which means no new workloads are accepted on the worker node.

So, we TAINT all the worker nodes in US_EAST_1A using:

Eg:

# kubectl taint node us-east-1a-workernode key:NoExecute

root@kubemaster:~/.kube# kubectl describe node kubeclient1 | grep -i taint
Taints:             key:NoExecute
root@kubemaster:~/.kube#

Once all the worker nodes are TAINTED then we need to DRAIN all the worker nodes in US_EAST_1A.

DRAIN -> Will delete the pods on the worker nodes and create them on available worker nodes. In our case, we drained all the US_EAST_1A worker nodes which will eventually force the workloads to recreate on US_EAST_1B.

# kubectl drain us-east-1a-workernode  --ignore-daemonsets

Once all the worker nodes in us-east-1a are drained. You should see the workloads on us-east-1b.

Can be verified with  # kubectl get pods -o wide or kubectl get pods --field-selector spec.nodeName=node1




Comments

Post a Comment

Popular posts from this blog

SRE/DevOps Syllabus

-
Image
  DEVOPS/SRE Principles. Git What is Git? Architecture of Git. Working principle of Git. Create and cloning a repo. Version control branching. Version control commit. Version control managing workflows. Git hooks. Git Reflog. Git Stash. Git Cherry Picking. Undoing changes in different states of Git. Git based terraform template management. AWS CI/CD SDLC Automation. Code Commit. Code Build. Code Deployment. Code Pipeline. Elastic Beankstalk. Code Artifact. CodeGuru. Terraform Terraform Basics. Terraform State. Working with Terraform. Terraform with AWS. Remote State. Terraform Provisioners. Terraform Import, Tainting and Debugging. Terraform Modules. Terraform Functions and Conditional Expressions. Automation using Python - AWS AWS lambda. Automating EC2 with Lambda. Automating S3 with Lambda. Automating VPC with Lambda. Cost optimization with Lambda. SNS,SQS and SES with Python. Managing and Automating AWS Security with Python. Kubernetes - CKAD Application Developer. Kubernetes A...
Read more

AWS Code Commit - CI/CD Series Part 1

-
Image
  This is a multi-part series to show how to implement a CI/CD pipeline in AWS. In this post, We will see how to use AWS Code Commit. AWS CodeCommit is a fully managed source control service that allows you to store and manage your code securely in the cloud.  It provides a private Git repository for your code and supports all Git commands and workflows. CodeCommit also integrates with other AWS services like AWS CodePipeline and AWS CodeBuild, allowing you to automate your entire software release process. This can help you streamline your development workflows and improve the overall efficiency of your team. I created a repo from AWS CodeCommit -> Create Repository. And I begin with cloning the repo locally. So that I can make changes and push it. To clone the repo click on "HTTPS" under Clone URL. I make changes to index.html file. Now push it to AWS CodeCommit. Let’s verify the changes in AWS Code commit. Changes are reflected in AWS CodeCommit. We are done with Part ...
Read more

Docker - Preventing IP overlapping

-
Image
  What is IP address overlapping? When the container IP address overlaps with another IP external, then the application running on the container is not accessible from outside due to the IP address overlapping.  NOTE: This IP address overlapping can happen on the bridge interface IP or docker container IP. Let's see how to address this IP overlapping issue on the bridge interface. I already have a running container.  root@demo:~# docker run -d --name web --network mynet1 nginx:alpine 268647e11011d513d2357ce1c81e0f48787038a83d01d028d31a5b29dbdb885b root@demo:~# docker container ls CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS     NAMES 268647e11011   nginx:alpine   "/docker-entrypoint.…"   4 seconds ago   Up 3 seconds   80/tcp  ...
Read more