This example deploys the following
- Basic EKS Cluster with VPC
- Creates a new sample VPC, 3 Private Subnets and 3 Public Subnets
- Creates Internet gateway for Public Subnets and NAT Gateway for Private Subnets
- Enables cert-manager module
- Enables aws-privateca-issuer module
- Creates AWS Certificate Manager Private Certificate Authority, enables and activates it
- Creates the CRDs to fetch
tls.crt
,tls.key
andca.crt
, which will be available as Kubernetes Secret. Now you may mount the secret in the application for end to end TLS.
Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply
git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git
Initialize a working directory with configuration files
cd examples/tls-with-aws-pca-issuer/
terraform init
Verify the resources created by this execution
export AWS_REGION=<ENTER YOUR REGION> # Select your own region
terraform plan
Deploy the pattern
terraform apply
Enter yes
to apply.
EKS Cluster details can be extracted from terraform output or from AWS Console to get the name of cluster.
This following command used to update the kubeconfig
in your local machine where you run kubectl commands to interact with your EKS Cluster.
~/.kube/config
file gets updated with cluster details and certificate from the below command
$ aws eks --region <enter-your-region> update-kubeconfig --name <cluster-name>
$ kubectl get nodes
$ kubectl get pods -n aws-privateca-issuer
$ kubectl get pods -n cert-manager
$ kubectl get Certificate
To clean up your environment, destroy the Terraform modules in reverse order.
Destroy the Kubernetes Add-ons, EKS cluster with Node groups and VPC
terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
terraform destroy -target="module.eks_blueprints" -auto-approve
terraform destroy -target="module.vpc" -auto-approve
Finally, destroy any additional resources that are not in the above modules
terraform destroy -auto-approve