This example deploys the following
- Basic EKS Cluster with VPC
- Creates a new sample VPC, 3 Private Subnets and 3 Public Subnets
- Creates Internet gateway for Public Subnets and NAT Gateway for Private Subnets
- Enables cert-manager module
- Enables aws-privateca-issuer module
- Creates AWS Certificate Manager Private Certificate Authority, enables and activates it
- Creates the CRDs to fetch
tls.crt,tls.keyandca.crt, which will be available as Kubernetes Secret. Now you may mount the secret in the application for end to end TLS.
Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply
git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.gitInitialize a working directory with configuration files
cd examples/tls-with-aws-pca-issuer/
terraform initVerify the resources created by this execution
export AWS_REGION=<ENTER YOUR REGION> # Select your own region
terraform planDeploy the pattern
terraform applyEnter yes to apply.
EKS Cluster details can be extracted from terraform output or from AWS Console to get the name of cluster.
This following command used to update the kubeconfig in your local machine where you run kubectl commands to interact with your EKS Cluster.
~/.kube/config file gets updated with cluster details and certificate from the below command
$ aws eks --region <enter-your-region> update-kubeconfig --name <cluster-name>
$ kubectl get nodes
$ kubectl get pods -n aws-privateca-issuer
$ kubectl get pods -n cert-manager
$ kubectl get Certificate
To clean up your environment, destroy the Terraform modules in reverse order.
Destroy the Kubernetes Add-ons, EKS cluster with Node groups and VPC
terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
terraform destroy -target="module.eks_blueprints" -auto-approve
terraform destroy -target="module.vpc" -auto-approveFinally, destroy any additional resources that are not in the above modules
terraform destroy -auto-approve