AWS EKS with Terraform using the VS Code
Provisioning AWS EKS (Elastic Kubernetes Service) with Terraform involves using Terraform scripts to define and manage the AWS resources required for setting up and running a K8 cluster on the AWS .
Perquisites:
Installed to be on your Local Machine.
For Installing All for this , Follow the Official Document of that tools.
Terraform VS Code Aws CLI Aws Account
Install Terraform
You have to install Terraform on your local machine. You can download it from the official Terraform website (https://www.terraform.io/downloads.html) and follow the installation instructions for your operating system.
Then we need to create a user on the AWS and after creating the user , generate the Access & Secrete Access Key, for the connecting the AWS with Terraform.
after Creating the user we need to some access/permissions to this user. creating & managing the terraform permissions or provide the aws Administrator permissions/access.
Configure AWS Credentials:
aws configure
EKS [ Elastic Kubernetes Services ]
provider.tf
The provider.tf file is used to define the provider configuration. A Terraform provider is responsible for managing the lifecycle of a particular type of infrastructure, such as AWS, Azure, Google Cloud, etc. It specifies the details of the cloud provider you are using and any necessary authentication or configuration parameters.
provider.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "us-east-2"
}
main.tf
The main.tf file is typically the main entry point for your Terraform configuration. It contains the resource definitions and configurations necessary for your infrastructure. In the context of provisioning AWS EKS with Terraform, it would include the definition of your EKS cluster, associated networking resources, and any other dependencies.
# IAM Role for EKS Cluster
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["eks.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "example" {
name = "eks-cluster-Cloud"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = aws_iam_role.example.name
}
#get VPC data
data "aws_vpc" "default"{
default = true
}
#get public subnets for the cluster
data "aws_subnets" "public" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}
#cluster provision
resource "aws_eks_cluster" "example" {
name = "EKS_Cloud"
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = data.aws_subnets.public.ids
}
# Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
# Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
depends_on = [
aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
]
}
Terraform init
Terraform initRun the command in your Terraform project directory to initialize the project. This downloads the necessary provider plugins and sets up the working directory.
terraform.lock.hcl File:
terraform.lock.hcl File:The terraform.lock.hcl file is related to Terraform modules and is used to pin module versions. It's created automatically when you use the terraform init command to initialize a Terraform configuration that uses modules.
terraform validate
terraform validate
The terraform validate command checks the syntax and structure of your Terraform configuration files. It ensures that your configurations are correctly written and that all the necessary providers and modules are available.
terraform plan
terraform plan
The terraform plan command is used to create an execution plan. It provides a preview of the changes that Terraform will make to your infrastructure based on your configuration. This is a critical step before actually applying any changes to your infrastructure.
terraform apply
terraform applyApply the Terraform configuration to create the AWS resources. This step might take some time as it provisions the EKS cluster, associated networking resources, and other dependencies.
Output of the created EKS Cluster through Terraform
IAM roles for EKS node group
#IAM roles for EKS node group
resource "aws_iam_role" "example1" {
name = "eks-node-group-Cloud"
assume_role_policy = jsonencode({
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
}]
Version = "2012-10-17"
})
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.example1.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.example1.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.example1.name
}
create node group
#create node group
resource "aws_eks_node_group" "example" {
cluster_name = aws_eks_cluster.example.name
node_group_name = "Node-Cloud"
node_role_arn = aws_iam_role.example1.arn
subnet_ids = data.aws_subnets.public.ids
scaling_config {
desired_size = 1
max_size = 2
min_size = 1
}
instance_types = [ "t2.micro" ]
# Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
# Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
depends_on = [
aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
]
}
terraform validate
output of the created the node on the eks Cluster
terraform.tfstate File
terraform.tfstate FileThe terraform.tfstate file is a crucial component in Terraform. It stores the current state of your infrastructure managed by Terraform. This state includes information about the resources created, their attributes, dependencies, and metadata necessary for Terraform to understand and manage your infrastructure.
Last updated