- Making the cluster private and accessing to the cluster only through a bastion host
- Configuring generated terraform code to use the right AWS credentials
You need to have the following tools installed:
A Keybase username with a key pair is required for encrypting the AWS Secret Access Key for kops user by Terraform and decrypting it on your local machine.
You need to have the following AWS resources:
- A Route53 Hosted Zone for your domain
- A S3 Bucket for Terraform backend state named as
terraform.<domain_name>
The infra-terraform
project will create the following resources for kops:
- IAM (Group and User)
- S3 (Bucket)
- Route53 (Hosted Zone and Records)
- VPC (VPC, Subnets, Elastic IPs, Gateways, Route Tables, etc.)
Change the directory to infra-terraform
project and
create a file named terraform.tfvars
with the following variables set.
access_key = "..."
secret_key = "..."
region = "..."
environment = "..."
domain = "..."
keybase_username = "..."
az_count = 3|5
create_subnets = true|false
enable_vpc_logs = true|false
Now, run the following commands to deploy the infrastructure resources.
make init plan
make apply
After this step, you have three options for deploying the cluster.
After the infra-terraform
project is successfully deployed,
change the directory to root and run the following command:
./kops.sh create
If no error, you can run the following command to actually deploy the cluster:
./kops.sh update
For deleting the cluster, run the following command:
./kops.sh delete
NOTE: If using this approach, the az_count
variable in infra-terraform
project is also going to be the number of masters
in your cluster.
After the infra-terraform
project is successfully deployed,
change the directory to root and run the following command:
./kops.sh manifest
After the infra-terraform
project is successfully deployed,
change the directory to root and run the following command:
./kops.sh terraform
If no error, change the directory to kops-terraform
and first run these commands:
make init upgrade
This initialize the Terraform project and migrates the Terraform source code to the latest version (0.12
).
Now, you can plan and apply this Terraform project as usual.
make plan
make apply
For tearing down your cluster, you have to start with one of the three options that you deployed your cluster with.
If you deployed your cluster using kops.sh
, you can simply run:
./kops.sh delete
If you deployed your cluster using kops.sh
, change the directory to the root and run:
./kops.sh delete
If you deployed your cluster using Terraform, change the directory to kops-terraform
and run:
make destroy
make clean purge
Finally, you can clean up infra-terraform
project by changing the directory to it and run:
make destroy clean