Skip to content
This repository has been archived by the owner on Nov 2, 2020. It is now read-only.
/ datagov-tf-eks-helm Public archive
forked from abdennour/eks-training

Infrastructure-as-Code for spinning up EKS and deploying Helm charts via Terraform. Based on https://github.com/abdennour/eks-training

Notifications You must be signed in to change notification settings

GSA/datagov-tf-eks-helm

 
 

Repository files navigation

Overview

Infrastructure-as-Code for spinning up EKS and deploying Helm charts via Terraform. Based on https://github.com/abdennour/eks-training, which is the material for this Udemy course

This repository is intended as a proving ground for managing services cleanly ahead of bundling the terraform into a brokerpak for the cloud-service-broker.

Requirements

Docker Compose is the only command-line client needed, and you can install it in the stock way. All other clients (aws, kubectl, helm, terraform) are run via docker-compose run --rm <clientname>.

Setup

Copy the .env.secrets-template file to .env.secrets, then customize the values inside

cp .env.secrets-template .env.secrets
<editorname> .env.secrets

Environment configuration is keyed off the current Terraform workspace name. Terraform will maintain a separate .tfstate file for each workspace.

The implicit Terraform workspace default corresponds to a production environment. For each additional environment, you'll need a terraform workspace with the corresponding name. The repository currently contains configuration for a staging environment, so create that workspace:

docker-compose run --rm terraform workspace new staging

You can run docker-compose run --rm terraform workspace select default to switch back to the default (production) configuration later.

There is a wrapper script, run-docker-compose.sh, that invokes the given client and args while paying attention to which environment you're in, eg ./run-docker-compose terraform plan. (You may want to alias dcr='./run-docker-compose.sh' to reduce the amount of typing needed to operate this way, eg dcr terraform plan.)

Initialize the Terraform modules

./run-docker-compose.sh terraform init

Create an IAM user that you want to be used by Terraform:

  1. Click Services > IAM > Users > Add user.
  2. Supply a name (eg terraform-operator) and click Programmatic Access for the Access Type.
  3. Click Attach existing policies directly and select the policy AdministratorAccess (or a more constrained policy as appropriate).
  4. Skip the tags and create the user.
  5. Note the Access key ID and Secret access key.

Authenticate with AWS:

  1. Run ./run-docker-compose.sh aws configure --profile terraform-operator.
  2. Supply the Access key ID and Secret access key from above.
  3. Supply your desired region (and edit locals.tf if it's not us-east-1).
  4. Leave the output format as-is.

Run Terraform apply:

./run-docker-compose.sh terraform apply

Teardown

Run Terraform destory

./run-docker-compose.sh terraform destroy

TODO

When you run terraform destroy, it gets stuck deleting the VPC that was created:

Error: Error deleting VPC: DependencyViolation: The vpc 'vpc-[redacted]' has dependencies and cannot be deleted.
        status code: 400, request id: [some-id]

You can still destroy that VPC by hand in the AWS console, so it's not clear what's up here... It seems like the Terraform module is unaware that it can delete the Security Groups, which are preventing the VPC from being deleted.

Remove the reference to Bret's Docker image for Terraform when it's safe to do so

Missing documentation (that would cover the course material):

  • How to set up the auditor user/role with kubectl and config map

Potential enhancements:

About

Infrastructure-as-Code for spinning up EKS and deploying Helm charts via Terraform. Based on https://github.com/abdennour/eks-training

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 80.6%
  • Smarty 17.7%
  • Shell 1.7%