This project requires the AWS CLI to be installed and configured, and a local Terraform installation. Additionally, you will want a local kubectl installation.
- AWS CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
- Terraform (https://learn.hashicorp.com/terraform/getting-started/install.html)
- kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/)
The first time you use you must cd into the project directory and run terraform init. This will initialize the repo as a terraform project and download the aws and http provider plugins.
Once initialized you will want to run terraform plan. The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled and then determines what actions are necessary to achieve the desired state specified in the configuration files.
This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state. For example, terraform plan might be run before committing a change to version control, to create confidence that it will behave as expected.
The optional -out argument can be used to save the generated plan to a file for later execution with terraform apply, which can be useful when running Terraform in automation.
Once you have a successful terraform plan run, you can then run terraform apply. The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.
Basically this runs "for real". The end result will be running AWS infrastructure.
The EKS service does not provide a cluster-level API parameter or resource to automatically configure the underlying Kubernetes cluster to allow worker nodes to join the cluster via AWS IAM role authentication.
To output an example IAM Role authentication ConfigMap from your Terraform configuration:
- Run
terraform output config_map_aws_authand save the configuration into a file, e.g.config_map_aws_auth.yaml - Run
kubectl apply -f config_map_aws_auth.yaml - You can verify the worker nodes are joining the cluster via:
kubectl get nodes --watch
At this point, you should be able to utilize Kubernetes as expected!
NOTE: This full configuration utilizes the Terraform http provider to call out to icanhazip.com to determine your local workstation external IP for easily configuring EC2 Security Group access to the Kubernetes master servers. Feel free to replace this as necessary.