This project contains a fully fonctional Terraform template for creating a new EKS cluster into an AWS account.
The resources below will be created:
- A dedicated VPC (with public subnets for load balancers and private subnets for EKS workers)
- One EKS Cluster and EC2 workers
- CloudWatch log groups & IAM configuration
- Deploying a Fluentd for sending logs from pods to CloudWatch
Optionally:
- Install the Kubernetes dashboard
- Install metrics-server for HPA (Horizontal Pod AutoScaling)
- Install cluster-autoscaler (for better AWS AutoScaling)
- Install Istio/Kiali/Jaegger tools
All optional parts are installed with a separate template. You can install all of them, a subset, or none by deleting the unwanted file.
You can custom the installation of that cluster with the following input variables:
Variable | Purpose of that variable | Default values |
---|---|---|
region | AWS region | eu-west-1 |
availability_zones | List of AZs to use | eu-west-1a, b & c |
vpc_cidr | CIDR used by the VPC | 10.0.0.0/16 |
public_subnets | Public subnets | subnet 1, 2, 3 |
private_subnets | Private subnets | subnet 10, 20, 30 |
cluster_name | Name of the cluster EKS | my-eks-cluster |
cluster_version | Version of K8s to deploy | 1.12 |
cluster_enabled_log_types | Logs to send (CloudWatch) | [] |
private_endpoint | Activate private endpoint | false |
public_endpoint | Activate public endpoint | true |
instance_size | Family/size of the workers | t2.medium |
key_pair | Key pair name for the workers | "" |
encrypted_volumes | Activating EBS encrypting | false |
kms_key_id | ID of the KMS key ID | "" |
log_retention | Retention of the logs in days | 7 |
Before launching this template you must have installed the dependencies bellow:
- kubectl client
- aws-iam-authenticator (cf. https://docs.aws.amazon.com/fr_fr/eks/latest/userguide/install-aws-iam-authenticator.html)
The aws-iam-authenticator client must be in your PATH variable.
This template use a Terraform module for lauchning EKS resources and this module will launch as post-actions some CLI commands (for authorising workers to join EKS for instance). These commands needs an Unix shell to runs successfully.
So, please use this template on an Unix/Linux/MacOS system.
Clone this Git repository and install dependencies (cf. Prerequisites chapter).
$ terraform init
$ terraform plan (enter your access keys as requested or create a .tfvars file)
$ terraform apply
This repository is split into several parts:
- (Terraform) The first part will create a standalone EKS cluster
- (Terraform) The second part contains templates for deploying Dashboard, metrics-server, autoscaler (with Terraform Helm provider)
- (Documentation) Just a documentation for deploying Istio/Kiali/Jaeger into your cluster
Note: the kubeconfig file will be created into the terraform directory after the apply step.
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> create namespace simple-demo
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> run --namespace simple-demo echoheaders --image=gcr.io/google_containers/echoserver:1.4 --replicas=1 --port=8080
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> expose --namespace=simple-demo deployment echoheaders --type=LoadBalancer --port=80 --target-port=8080 --name=echoheaders-public
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> --namespace=simple-demo describe service echoheaders-public
Name: echoheaders-public
Namespace: simple-demo
Labels: run=echoheaders
Selector: run=echoheaders
Type: LoadBalancer
IP: 10.103.66.255
LoadBalancer Ingress: a9201a1bdfc6411e68fdc06048bde387-495139964.us-west-1.elb.amazonaws.com
Port: <unset> 80/TCP
NodePort: <unset> 30031/TCP
Endpoints: 192.168.96.196:8080
Session Affinity: None
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
2m 2m 1 {service-controller } Normal Creating LoadBalancer Creating load balancer
1m 1m 1 {service-controller } Normal Created LoadBalancer Created load balancer
Then, you can access to this application (after few minutes) by the ELB URL. Here: http://a9201a1bdfc6411e68fdc06048bde387-495139964.us-west-1.elb.amazonaws.com
Before launching the destroy step, you have to delete your services.
If you don't delete your services, you still have ELB (and SG) spawned in your VPC and it's will stuck your destroy process.
$ terraform destroy
This template is under MIT license.