Cluster configuration for GDS teams using the GDS Supported Platform.
- Docker Desktop - Container tooling
- aws-cli - Universal Command Line Interface for Amazon Web Services
- aws-vault - A vault for securely storing and accessing AWS credentials in development environments
- aws-iam-authenticator - A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
go get -u -v github.com/kubernetes-sigs/aws-iam-authenticator/cmd/aws-iam-authenticator
-
Manually
Create S3 Bucket
in the Service Team's AWS accountBucket name
should resolve togds-re-${AWS_ACCOUNT_NAME}-terraform-state
Versioning
should be opt inDefault encryption
should be opt in
-
Manually
Create Hosted Zone
in the Service Team's AWS accountDomain Name
should resolve to${AWS_ACCOUNT_NAME}.aws.ext.govsvc.uk
Type
should be set toPublic Hosted Zone
- Take a note of:
Hosted Zone ID
Domain Name
- Zone's
NS
record type values
-
In the
run-production
AWS account,Create Record Set
in the already existing Hosted ZoneName
field needs to match theDomain Name
from the previous stepType
field needs to be set toNS - Name Server
Value
field needs to contain theNS
records obtained from the Service Team's AWS account
-
Create persistent Terraform
To create your network and other persistent resources for the base of your cluster, copy an existing configuration to manage from under
terraform/accounts/run-sandbox/persistent
--you probably want to tweakresources.tf
appropriately.This leaves you with a manual steps of:
export AWS_DEFAULT_REGION=eu-west-2 cd terraform/accounts/${AWS_ACCOUNT_NAME}/persistent/${DOMAIN} aws-vault exec run-sandbox -- terraform init -upgrade=true aws-vault exec run-sandbox -- terraform apply
-
Create cluster Terraform
Copy an existing cluster configuration from under
terraform/clusters
--you probably want to tweakcluster.tf
appropriately.This leaves you with a manual steps of:
export AWS_DEFAULT_REGION=eu-west-2 cd terraform/clusters/${DOMAIN} aws-vault exec run-sandbox -- terraform init -upgrade=true aws-vault exec run-sandbox -- terraform apply
-
Generate a
kubeconfig
, apply any generated resources to the cluster, commit thekubeconfig
:aws-vault exec run-sandbox -- terraform output kubeconfig > kubeconfig export KUBECONFIG=$(pwd)/kubeconfig aws-vault exec run-sandbox -- kubectl apply -Rf addons/ # This will probably need to be run multiple times git add cluster.tf kubeconfig && git commit # Create branch as usual best practice