Re-deploy workload

In order to test the custom networking updates we have made so far, lets update the checkout deployment to run the pods in the new node we provisioned in the previous step.

To make the change, run the following command to modify the checkout deployment in your cluster

~$kubectl apply -k ~/environment/eks-workshop/modules/networking/custom-networking/sampleapp

~$kubectl rollout status deployment/checkout -n checkout --timeout 180s

The command adds a nodeSelector to the checkout deployment.

Kustomize Patch

~/environment/eks-workshop/modules/networking/custom-networking/sampleapp/checkout.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: checkout
  namespace: checkout
spec:
  template:
    spec:
      nodeSelector:
        eks.amazonaws.com/nodegroup: custom-networking

Deployment/checkout

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/created-by: eks-workshop
    app.kubernetes.io/type: app
  name: checkout
  namespace: checkout
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: service
      app.kubernetes.io/instance: checkout
      app.kubernetes.io/name: checkout
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      labels:
        app.kubernetes.io/component: service
        app.kubernetes.io/created-by: eks-workshop
        app.kubernetes.io/instance: checkout
        app.kubernetes.io/name: checkout
    spec:
      containers:
        - envFrom:
            - configMapRef:
                name: checkout
          image: public.ecr.aws/aws-containers/retail-store-sample-checkout:1.2.1
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 30
            periodSeconds: 3
          name: checkout
          ports:
            - containerPort: 8080
              name: http
              protocol: TCP
          resources:
            limits:
              memory: 512Mi
            requests:
              cpu: 250m
              memory: 512Mi
          securityContext:
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
          volumeMounts:
            - mountPath: /tmp
              name: tmp-volume
      nodeSelector:
        eks.amazonaws.com/nodegroup: custom-networking
      securityContext:
        fsGroup: 1000
      serviceAccountName: checkout
      volumes:
        - emptyDir:
            medium: Memory
          name: tmp-volume

Diff

             readOnlyRootFilesystem: true
           volumeMounts:
             - mountPath: /tmp
               name: tmp-volume
+      nodeSelector:
+        eks.amazonaws.com/nodegroup: custom-networking
       securityContext:
         fsGroup: 1000
       serviceAccountName: checkout
       volumes:

Let's review the microservices deployed in the “checkout” namespace.

~$kubectl get pods -n checkout -o wide

NAME                              READY   STATUS    RESTARTS   AGE   IP             NODE                                         NOMINATED NODE   READINESS GATES

checkout-5fbbc99bb7-brn2m         1/1     Running   0          98s   100.64.10.16   ip-10-42-10-14.us-west-2.compute.internal    <none>           <none>

checkout-redis-6cfd7d8787-8n99n   1/1     Running   0          49m   10.42.12.33    ip-10-42-12-155.us-west-2.compute.internal   <none>           <none>

You can see that the checkout pod is assigned an IP address from the 100.64.0.0 CIDR block that was added to the VPC. Pods that have not yet been redeployed are still assigned addresses from the 10.42.0.0 CIDR block, because it was the only CIDR block originally associated with the VPC. In this example, the checkout-redis pod still has an address from this range.