Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Moved to eks and vpc community modules | Added awsaccountid & awsregi…
…on commit0 kubernetes vars
- Loading branch information
Shah Newaz Khan
committed
Oct 28, 2019
1 parent
8c27716
commit 46a3fcd
Showing
57 changed files
with
1,977 additions
and
401 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,29 +1,95 @@ | ||
# EKS Terraform | ||
## Guidelines & Style Convention Summary | ||
|
||
AWS Resources created: | ||
- All Terraform configuration should be formatted with `terraform fmt` before being accepted into this repository. | ||
- This repository is Terraform version >= 0.12, as such, leverage features from this release whenever possible. | ||
See https://www.terraform.io/upgrade-guides/0-12.html for more information. | ||
- Leverage community-maintained Terraform modules whenever possible. | ||
- Attempt to minimize duplication whenever possible, but only within reason -- sometimes duplication is an acceptable solution. | ||
- Follow style conventions described in `docs/guide.pdf` whenever possible. | ||
- Whenever possible, inject resources down versus referencing resources across modules. This has been made easier with new features in v0.12. | ||
- Whenever possible, define the types of variables. | ||
|
||
- EKS Cluster: AWS managed Kubernetes cluster of master servers | ||
- AutoScaling Group containing 2 m4.large instances based on the latest EKS Amazon Linux 2 AMI: Operator managed Kubernetes worker nodes for running Kubernetes service deployments | ||
- Associated VPC, Internet Gateway, Security Groups, and Subnets: Operator managed networking resources for the EKS Cluster and worker node instances | ||
- Associated IAM Roles and Policies: Operator managed access resources for EKS and worker node instances | ||
### Module Conventions | ||
|
||
## Pre-requisites | ||
- All modules should contain the following: | ||
|
||
- Setup the [AWS credentials](https://www.terraform.io/docs/providers/aws/index.html#environment-variables) for terraform | ||
`README.md`: A description of the module. | ||
`main.tf`: Module entrypoint where instantiation of resources happens. | ||
`variables.tf`: Module variables. | ||
`outputs.tf`: Output values (optional). | ||
`files/`: Any / all files required by the module. | ||
|
||
## Spin up cluster | ||
- All module variables must have a description. | ||
- Again, leverage community-maintained Terraform modules whenever possible. | ||
- Avoid writing a module that is simply a wrapper of a Terraform resource unless absolutely necessary. | ||
|
||
```shell | ||
### Environment Conventions | ||
|
||
terraform plan | ||
terraform apply | ||
- All environments should contain the following: | ||
|
||
`main.tf`: Toplevel terraform configuration file that instantiates the `environment` module. | ||
|
||
- Configuration should be pushed "top->down" from the `environment` module to it's submodules. | ||
|
||
### The Environment Module | ||
|
||
- The `environment` module can be considered the top-level module, all other modules are imported from this module. | ||
- Environment-specific variables should be exposed via the `variables.tf` file in this module, where they will be set from within the appropriate environment in the `environments/` directory. | ||
- The `environment` module contains the following: | ||
|
||
`main.tf`: Module entrypoint where instantiation of resources happens. | ||
`backend.tf`: Terraform remote state configuration. | ||
`provider.tf`: Provider configuration. | ||
`variables.tf`: Environment-specific variables are desclared here. | ||
`versions.tf`: Terraform version information. | ||
`files/`: (DEPRECATED) | ||
|
||
## Directory Structure | ||
|
||
``` | ||
README.md | ||
environments/ | ||
production/ | ||
main.tf | ||
staging/ | ||
main.tf | ||
development/ | ||
main.tf | ||
docs/ | ||
guide.pdf | ||
modules/ | ||
environment/ | ||
... | ||
<module-a>/ | ||
files/ | ||
scripts/ | ||
main.tf | ||
outputs.tf | ||
variables.tf | ||
<module-n>/ | ||
... | ||
``` | ||
|
||
## AWS Guidelines | ||
|
||
- TODO: Identity/Access Management (IAM) Guidelines | ||
|
||
## Kubernetes Guidelines | ||
|
||
- When to use the Terraform Kuberenetes Provider and when to use manifests? | ||
|
||
- Use the Terraform Kubernetes Provider (`provider "kubernetes"`) whenever you are provisioning a resource that could be considered relatively static (think Ingress, RoleBinding, CluterRoleBinding, etc). | ||
|
||
- Use conventional Kubernetes manifests / `kubectl` when provisioning resouirces that could be considered dynamic (think Deployments). | ||
|
||
## Application | ||
|
||
1. Set up a profile for your project with your credentials in a specific profile in `~/.aws/credentials` and then export the following env var: | ||
`export AWS_PROFILE=<project_name>` | ||
|
||
### Connect to cluster | ||
The EKS service does not provide a cluster-level API parameter or resource to automatically configure the underlying Kubernetes cluster to allow worker nodes to join the cluster via AWS IAM role authentication. | ||
2. Run the following from the appropriate environment directory under `environments/`: | ||
|
||
- Run `aws eks update-kubeconfig --name staging` to configure `kubectl` | ||
- Run `terraform output config_map_aws_auth` and save the configuration into a file, e.g. config_map_aws_auth.yaml | ||
- Run `kubectl apply -f config_map_aws_auth.yaml` | ||
- You can verify the worker nodes are joining the cluster via: `kubectl get nodes --watch` | ||
``` | ||
environment/development$ terraform init | ||
environment/development$ terraform plan | ||
``` |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.