Difference between revisions of "Deploy EKS cluster using Terraform"
Jump to navigation
Jump to search
| (30 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | * Code: https://github.com/hashicorp/learn-terraform-provision-eks-cluster | ||
| + | |||
| + | * Terraform EKS module examples: https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples | ||
| + | ** [[Terraform EKS module Karpenter example]]: https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/karpenter | ||
| + | |||
* [[Terraform EKS module]]: | * [[Terraform EKS module]]: | ||
** https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest | ** https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest | ||
| Line 5: | Line 10: | ||
*** <code>[[aws_eks_cluster]]</code> ([[Terraform EKS apply output]], <code>[[terraform show (grep resource) in EKS|terraform show]]</code> | <code>grep [[resource]]</code>) | *** <code>[[aws_eks_cluster]]</code> ([[Terraform EKS apply output]], <code>[[terraform show (grep resource) in EKS|terraform show]]</code> | <code>grep [[resource]]</code>) | ||
*** <code>[[aws_eks_addon]]</code> | *** <code>[[aws_eks_addon]]</code> | ||
| − | ** | + | ** [[Terraform eks managed node groups]]: <code>[[Terraform eks managed node groups: instance types|instance_types]]</code> |
| + | |||
== Example == | == Example == | ||
| Line 12: | Line 18: | ||
:<code>[[git clone]] https://github.com/hashicorp/learn-terraform-provision-eks-cluster && [[cd learn-terraform-provision-eks-cluster]]</code> | :<code>[[git clone]] https://github.com/hashicorp/learn-terraform-provision-eks-cluster && [[cd learn-terraform-provision-eks-cluster]]</code> | ||
| − | + | 2) Change parameters | |
| − | + | * Change <code>[[name]]</code> in [[main.tf ( formerly eks-cluster.tf)|main.tf]] ([[Terraform module: vpc]] section) to your prefered VPC name | |
| − | + | * Change cluster_name in <code>[[main.tf ( formerly eks-cluster.tf)|main.tf]]</code> | |
| − | * | ||
| − | + | 3) Execute: | |
| + | * Create TFC account with mail or [[GitHub Account]] and create an [[Organization]] / Project / Workspace | ||
| + | * <code>[[tf login]]</code> and get an authentication token ([[~/.terraform.d/credentials.tfrc.json]]) | ||
| + | * Change [[TFC execution mode]] to [[local]] for your workspace in [[TFC web portal]] | ||
| + | 4) | ||
| + | * Configure your [[AWS profile]] name in [[~/.aws/config]] to do not use default or make your working profile the default one. | ||
| + | * <code>[[export]] [[TF_CLOUD_ORGANIZATION]]=your_organization_name</code> | ||
| + | Change your [[terraform.tf]] file with values from your new TFC account: | ||
[[terraform init]] #It may take several minutes | [[terraform init]] #It may take several minutes | ||
[[terraform plan]] | [[terraform plan]] | ||
| Line 27: | Line 39: | ||
one liner: export [[TF_CLOUD_ORGANIZATION]]=test && [[tf init]] && [[tf plan]] && [[tf apply]] | one liner: export [[TF_CLOUD_ORGANIZATION]]=test && [[tf init]] && [[tf plan]] && [[tf apply]] | ||
| − | + | 5) Update configuration | |
Update [[kubeconfig]] with credentials: | Update [[kubeconfig]] with credentials: | ||
| − | [[aws eks]] --region $([[terraform output -raw region]]) [[update-kubeconfig]] --name $([[terraform output -raw]] cluster_name) | + | [[aws eks]] --region $([[terraform output -raw region]]) [[update-kubeconfig]] --name $([[terraform output -raw]] cluster_name) [[--profile]] XXXX |
[[Added new context]] arn:aws:eks:us-east-2:XXXXXXX:cluster/myeks-eks-xxxx to /Users/youruser/[[.kube/config]] | [[Added new context]] arn:aws:eks:us-east-2:XXXXXXX:cluster/myeks-eks-xxxx to /Users/youruser/[[.kube/config]] | ||
| − | + | 7) Upgrade cluster to the lastest version: <code>[[cluster_version]]</code> | |
| + | |||
| + | 7.1) Review EKS cluster created | ||
[[kubectl get nodes]] | [[kubectl get nodes]] | ||
NAME STATUS ROLES AGE VERSION | NAME STATUS ROLES AGE VERSION | ||
| Line 44: | Line 58: | ||
<code>[[terraform show (EKS using Terraform)|terraform show]] | grep -w resource | sort | uniq | [[wc -l]]</code> | <code>[[terraform show (EKS using Terraform)|terraform show]] | grep -w resource | sort | uniq | [[wc -l]]</code> | ||
34 | 34 | ||
| + | |||
| + | 2025 execution: | ||
| + | <code>[[terraform show (EKS using Terraform)|terraform show]] | grep -w resource | sort | uniq | [[wc -l]]</code> | ||
| + | 37 | ||
4) Configure <code>[[kubectl]]</code> | 4) Configure <code>[[kubectl]]</code> | ||
| Line 63: | Line 81: | ||
* <code>[[Error: Invalid or missing required argument]] .../... [[TF_CLOUD_ORGANIZATION]]</code> | * <code>[[Error: Invalid or missing required argument]] .../... [[TF_CLOUD_ORGANIZATION]]</code> | ||
* [[Unable to parse config file]] ~/.aws/config | * [[Unable to parse config file]] ~/.aws/config | ||
| + | * [[Error: Retrieving AWS account details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 403]] | ||
== Related == | == Related == | ||
| − | * [[Addons]]: <code>[[eks-pod-identity-agent]]</code>, <code>[[aws-efs-csi-driver]]</code> | + | * [[Addons]]: <code>[[eks-pod-identity-agent]]</code>, <code>[[aws-efs-csi-driver]], [[amazon-cloudwatch-observability]]</code> |
* <code>[[helm install]]</code> | * <code>[[helm install]]</code> | ||
* <code>[[aws eks update-kubeconfig --name my-eks-cluster-name]]</code> | * <code>[[aws eks update-kubeconfig --name my-eks-cluster-name]]</code> | ||
| Line 76: | Line 95: | ||
* <code>[[aws eks create-cluster]]</code> | * <code>[[aws eks create-cluster]]</code> | ||
* <code>[[asg_desired_capacity]]</code>, <code>[[InstanceType]]</code> | * <code>[[asg_desired_capacity]]</code>, <code>[[InstanceType]]</code> | ||
| − | |||
* [[K8s installation]]: <code>[[eksctl create cluster]]</code> | * [[K8s installation]]: <code>[[eksctl create cluster]]</code> | ||
* [[Deploy GKE cluster using Terraform]] | * [[Deploy GKE cluster using Terraform]] | ||
| Line 84: | Line 102: | ||
* [[terraform.tf]] | * [[terraform.tf]] | ||
* [[Apply complete! Resources: 63 added, 0 changed, 0 destroyed.]] | * [[Apply complete! Resources: 63 added, 0 changed, 0 destroyed.]] | ||
| + | * [[Terraform destroy]]: | ||
| + | ** <code>[[Warning: EC2 Default Network ACL]]</code> | ||
| + | ** <code>[[Warning: Helm uninstall returned an information message]]</code> | ||
== Activities == | == Activities == | ||
* Review https://learn.hashicorp.com/tutorials/terraform/eks | * Review https://learn.hashicorp.com/tutorials/terraform/eks | ||
* [[Create your first EKS Cluster using AWS Management Console]] | * [[Create your first EKS Cluster using AWS Management Console]] | ||
| + | * [[Stop all nodes in your EKS cluster]] | ||
| + | * [[Helm install nginx-ingress]] | ||
== See also == | == See also == | ||
Latest revision as of 10:22, 7 February 2025
- Terraform EKS module examples: https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples
- Terraform EKS module:
Contents
Example[edit]
0) Download code
git clone https://github.com/hashicorp/learn-terraform-provision-eks-cluster && cd learn-terraform-provision-eks-cluster
2) Change parameters
- Change
namein main.tf (Terraform module: vpc section) to your prefered VPC name - Change cluster_name in
main.tf
3) Execute:
- Create TFC account with mail or GitHub Account and create an Organization / Project / Workspace
tf loginand get an authentication token (~/.terraform.d/credentials.tfrc.json)- Change TFC execution mode to local for your workspace in TFC web portal
4)
- Configure your AWS profile name in ~/.aws/config to do not use default or make your working profile the default one.
export TF_CLOUD_ORGANIZATION=your_organization_name
Change your terraform.tf file with values from your new TFC account: terraform init #It may take several minutes terraform plan terraform apply: Terraform EKS apply output It may take around 15 min
one liner: export TF_CLOUD_ORGANIZATION=test && tf init && tf plan && tf apply
5) Update configuration
Update kubeconfig with credentials: aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name) --profile XXXX Added new context arn:aws:eks:us-east-2:XXXXXXX:cluster/myeks-eks-xxxx to /Users/youruser/.kube/config
7) Upgrade cluster to the lastest version: cluster_version
7.1) Review EKS cluster created
kubectl get nodes NAME STATUS ROLES AGE VERSION ip-10-0-1-29.us-east-2.compute.internal Ready <none> 5m31s v1.23.9-eks-ba74326 ip-10-0-1-47.us-east-2.compute.internal Ready <none> 5m21s v1.23.9-eks-ba74326 ip-10-0-2-121.us-east-2.compute.internal Ready <none> 5m13s v1.23.9-eks-ba74326
3) Review resources:
terraform show | grep -w resource | sort | uniqterraform show | grep -w resource | sort | uniq | wc -l34
2025 execution:
terraform show | grep -w resource | sort | uniq | wc -l
37
4) Configure kubectl
aws eks list-clusters --output text | awk '{print $2}' aws eks update-kubeconfig --name my-eks-cluster-name
5) Review cluster status/configuration
kubectl cluster-info kubectl cluster-info dump kubectl get all -A Default EKS installation
6) Install your desired addons:
helm install
Errors[edit]
Error: Failed to read organizationError: failed to create backend alias to target "". The hostname is not in the correct format.Error: Invalid or missing required argument .../... TF_CLOUD_ORGANIZATION- Unable to parse config file ~/.aws/config
- Error: Retrieving AWS account details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 403
Related[edit]
- Addons:
eks-pod-identity-agent,aws-efs-csi-driver, amazon-cloudwatch-observability helm installaws eks update-kubeconfig --name my-eks-cluster-namekubectl cluster-infokubectl get nodes,kubectl describe nodeskubeclt get servicesTerraform resource: aws eks clusterAccessDenied ... CreateRoleiam:CreatePolicy,iam:CreateRoleaws eks create-clusterasg_desired_capacity,InstanceType- K8s installation:
eksctl create cluster - Deploy GKE cluster using Terraform
eks-cluster.tfhttps://github.com/hashicorp/learn-terraform-provision-eks-cluster/blob/main/eks-cluster.tfworker_groupsnode_groups- terraform.tf
- Apply complete! Resources: 63 added, 0 changed, 0 destroyed.
- Terraform destroy:
Activities[edit]
- Review https://learn.hashicorp.com/tutorials/terraform/eks
- Create your first EKS Cluster using AWS Management Console
- Stop all nodes in your EKS cluster
- Helm install nginx-ingress
See also[edit]
- Terraform EKS module: Deploy EKS cluster using Terraform,
manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC - Terraform EKS, Terraform EKS module, Deploy EKS cluster using Terraform, Terraform EKS apply output,
terraform show, ~/.kube/config,aws_eks_cluster, aws_eks_addon, module.eks_managed_node_group, eks-cluster.tf, node_groups, worker_groups
Advertising:
