/aws-eks

A fully operational Terraform template for creating an AWS EKS cluster

Primary LanguageHCLMIT LicenseMIT

AWS EKS Terraform Template

This project contains a fully fonctional Terraform template for creating a new EKS cluster into an AWS account.

The resources below will be created:

  • A dedicated VPC (with public subnets for load balancers and private subnets for EKS workers)
  • One EKS Cluster and EC2 workers
  • CloudWatch log groups & IAM configuration
  • Deploying a Fluentd for sending logs from pods to CloudWatch

Optionally:

  • Install the Kubernetes dashboard
  • Install metrics-server for HPA (Horizontal Pod AutoScaling)
  • Install cluster-autoscaler (for better AWS AutoScaling)
  • Install Istio/Kiali/Jaegger tools

All optional parts are installed with a separate template. You can install all of them, a subset, or none by deleting the unwanted file.

Input variables

You can custom the installation of that cluster with the following input variables:

Variable Purpose of that variable Default values
region AWS region eu-west-1
availability_zones List of AZs to use eu-west-1a, b & c
vpc_cidr CIDR used by the VPC 10.0.0.0/16
public_subnets Public subnets subnet 1, 2, 3
private_subnets Private subnets subnet 10, 20, 30
cluster_name Name of the cluster EKS my-eks-cluster
cluster_version Version of K8s to deploy 1.12
cluster_enabled_log_types Logs to send (CloudWatch) []
private_endpoint Activate private endpoint false
public_endpoint Activate public endpoint true
instance_size Family/size of the workers t2.medium
key_pair Key pair name for the workers ""
encrypted_volumes Activating EBS encrypting false
kms_key_id ID of the KMS key ID ""
log_retention Retention of the logs in days 7

Architecture

eks

Prerequisites

Before launching this template you must have installed the dependencies bellow:

The aws-iam-authenticator client must be in your PATH variable.

This template use a Terraform module for lauchning EKS resources and this module will launch as post-actions some CLI commands (for authorising workers to join EKS for instance). These commands needs an Unix shell to runs successfully.

So, please use this template on an Unix/Linux/MacOS system.

Launching

Clone this Git repository and install dependencies (cf. Prerequisites chapter).

$ terraform init
$ terraform plan (enter your access keys as requested or create a .tfvars file)
$ terraform apply

Repository organization

This repository is split into several parts:

  1. (Terraform) The first part will create a standalone EKS cluster
  2. (Terraform) The second part contains templates for deploying Dashboard, metrics-server, autoscaler (with Terraform Helm provider)
  3. (Documentation) Just a documentation for deploying Istio/Kiali/Jaeger into your cluster

Deploy a demo application

Note: the kubeconfig file will be created into the terraform directory after the apply step.

$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> create namespace simple-demo
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> run --namespace simple-demo echoheaders --image=gcr.io/google_containers/echoserver:1.4 --replicas=1 --port=8080
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> expose --namespace=simple-demo deployment echoheaders --type=LoadBalancer --port=80 --target-port=8080 --name=echoheaders-public
$ kubectl --kubeconfig kubeconfig_<CLUSTER-NAME> --namespace=simple-demo describe service echoheaders-public
Name:           echoheaders-public
Namespace:      simple-demo
Labels:         run=echoheaders
Selector:       run=echoheaders
Type:           LoadBalancer
IP:         10.103.66.255
LoadBalancer Ingress:   a9201a1bdfc6411e68fdc06048bde387-495139964.us-west-1.elb.amazonaws.com
Port:           <unset> 80/TCP
NodePort:       <unset> 30031/TCP
Endpoints:      192.168.96.196:8080
Session Affinity:   None
Events:
  FirstSeen LastSeen    Count                       From      SubObjectPath   Type          Reason     Message
  --------- --------    -----                       ----      -------------   --------      ------     -------
  2m        2m          1   {service-controller }   Normal    Creating        LoadBalancer  Creating   load balancer
  1m        1m          1   {service-controller }   Normal    Created         LoadBalancer  Created    load balancer

Then, you can access to this application (after few minutes) by the ELB URL. Here: http://a9201a1bdfc6411e68fdc06048bde387-495139964.us-west-1.elb.amazonaws.com

Cleanup

Before launching the destroy step, you have to delete your services.

If you don't delete your services, you still have ELB (and SG) spawned in your VPC and it's will stuck your destroy process.

$ terraform destroy

License

This template is under MIT license.