Hello Readers, hope you all are doing good. We cannot deny the fact that every technical enthusiast is crazy for kubernetes and in simple words , it has revolutionized the use of containerization when it comes to application deployment.
There are number of ways to use kubernetes, some of them are as below-
Vanilla Kubernetes built via kubeadm
Kubernetes with cloud platform ( Amazon EKS , Azure AKS and Google GKE)
Kubernetes deployed via KOPS, Rancher and other tools available.
Also touching upon the concept of IAC i.e infrastructure as a code, now a days people are too lazy to do anything manually , no one wants to login to the console and do multiple clicks to get the work done.
So today we are going to learn , how to deploy a 3 node Amazon EKS cluster with terraform.
What is EKS ?
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service.
EKS is deeply integrated with services such as Amazon CloudWatch, Auto Scaling Groups, AWS Identity and Access Management (IAM), and Amazon Virtual Private Cloud (VPC), providing you a seamless experience to monitor, scale, and load-balance your applications.
EKS integrates with AWS App Mesh and provides a Kubernetes native experience to consume service mesh features and bring rich observability, traffic controls and security features to applications.
Additionally, EKS provides a scale able and highly-available control plane that runs across multiple availability zones to eliminate a single point of failure.
EKS runs upstream Kubernetes and is certified Kubernetes conformant so you can leverage all benefits of open source tooling from the community. You can also easily migrate any standard Kubernetes application to EKS without needing to refactor your code.
EKS is secure by default.
EKS is well supported by EKS-optimized AMIs which have all the pre-requisite software already installed that makes worker nodes deployed with these AMIs compatible with the cluster and come in all packages pre-installed such as kubectl, docker, IAM authenticator etc.
EKS supports use of spot instances in launching the worker nodes which in turn save cost.
EKS provides a managed control plane, basic architecture look like below.
EKS provides k8s master nodes, API server, etcd layers etc.
3 masters and 3 etcd nodes by default
Backups, etcd snapshots, autos scaling included
You provision and manage the EC2 worker nodes
Masters and etcd are multi AZ ( Availability Zone)
EKS scales master nodes for you
EKS networking (CNI plugin) works closely with amazon VPC and provision the networking so that pods and other Kubernetes objects can talk to each other.
Configure the EKS cluster with Terraform
For sure we can create an EKS cluster using console but here we are going to follow a production grade method i.e we will deploy EKS with terraform. Follow the below instructions to get your cluster up and running.
Login to a CentOS 7 machine with a user having sudo permissions
yum install epel-release -y yum install python-pip -y pip install awscli yum install wget unzip -y yum install git -y
Download and configure terraform binary as well as the code for EKS cluster
wget https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip -y unzip terraform_0.12.28_linux_amd64.zip mv terraform /usr/local/bin/ git clone https://github.com/linuxadvise/eks-terraform.git
Configure AWS credentials of an IAM user with admin permissions. We are using admin user just because it’s a demo, while working in production environment we need to provide only necessary level of access.
NOTE : It is not at all permissible to show your AWS keys publicly but this is just to show you in real time , how it is done. This key pair has already been rotated.
Now go to the directory where terraform code is there and execute below three commands.
terraform init terraform plan terraform apply
This code will create a 3 node EKS cluster in ap-south-1 region
After the command finishes executing, output will be like below.
NOTE: Please read the README file from the code files for better understanding.
Download and configure kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
Download IAM authenticator
wget curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator chmod +x aws-iam-authenticator mv aws-iam-authenticator /usr/bin
Now execute the below commands to generate the kubeconfig file.
aws sts get-caller-identity aws eks --region ap-south-1 update-kubeconfig --name terraform-eks-demo
Run the below command to access the cluster
[linuxadvise@linuxadvise .kube]$ kubectl get nodes NAME STATUS ROLES AGE VERSION ip-10-0-0-212.ap-south-1.compute.internal Ready <none> 42m v1.16.12-eks-904af05 ip-10-0-1-42.ap-south-1.compute.internal Ready <none> 42m v1.16.12-eks-904af05 ip-10-0-1-77.ap-south-1.compute