Add kubernetes module for aws

[tei-k]

Description

https://scalar-labs.atlassian.net/browse/DLT-7400

Done

• Add Kubernetes module for AWS
• Only support node group

Confirm

• Terraform apply

$ cd example/aws/kubernetes
$ terraform apply -var-file=example.tfvars

• Copy configuration files (scalar-k8/conf)
  • inventory.ini
  • kube_config (Copy from ${eks_cluster_name}_kubeconfig)
• Fix scalar-k8/conf/scalardl-custom-values.yaml

-      service.beta.kubernetes.io/azure-load-balancer-internal: "true"
-      service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "k8s_ingress"
+      service.beta.kubernetes.io/aws-load-balancer-type: clb
+      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+      # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "k8s_ingress"

• ansible-playbook (scalar-k8/)

$ ansible-playbook -i ${SCALAR_K8S_CONFIG_DIR}/inventory.ini playbooks/playbook-install-tools.yml
$ ansible-playbook -i ${SCALAR_K8S_CONFIG_DIR}/inventory.ini playbooks/playbook-deploy-scalardl.yml
$ ansible-playbook -i ${SCALAR_K8S_CONFIG_DIR}/inventory.ini playbooks/playbook-deploy-prometheus.yml

• Get resources

$ k get pod,svc -o wide

Ref

• https://github.com/terraform-aws-modules/terraform-aws-eks
• https://github.com/cloudposse/terraform-aws-eks-cluster

[feeblefakie]

Overall looking good. Left some suggestions and comments.

[feeblefakie]

Suggested change

	description = "Custom definition kubernetes properties that include name of the cluster, kubernetes version, etc.."
	description = "Custom definition kubernetes properties that include the name of the cluster, kubernetes version, etc.."

[feeblefakie]

Is it really a map of map? or typo?

[tei-k]

Yes, It's a map of maps.

[feeblefakie]

Do we need to add a subsection for privileges in EKS deployment?
https://github.com/scalar-labs/scalar-terraform/blob/master/docs/CloudPrivileges.md

[tei-k]

Oh, We need some privileges like below.
https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/iam-permissions.md

[ymorimo]

As with the other examples, the default region should be here at the top of example.tfvars.
(I didn't use the default ap-northeast-1 region and I got lost when terraform apply couldn't find the VPC that the network module created.)

Suggested change

	# Optional
	region = "ap-northeast-1"
	# Optional

[tei-k]

Good point! 👍
Also added backend.tf.s3 and remote.tf.s3 in 41f7f45

[ymorimo]

@tei-k Question.

I got the following kube_config output after terraform apply,

clusters:
- cluster:
    server: https://D0BE5C2FAD77ED66ED29817523BB7182.yl4.us-west-1.eks.amazonaws.com
    certificate-authority-data: LS0tLS1CRUdJTiBDRV...

but the server host in that file resolves to private IP addresses. Because of this kubectl fails to communicate with the endpoint.

$ host d0be5c2fad77ed66ed29817523bb7182.yl4.us-west-1.eks.amazonaws.com
d0be5c2fad77ed66ed29817523bb7182.yl4.us-west-1.eks.amazonaws.com has address 10.42.1.144
d0be5c2fad77ed66ed29817523bb7182.yl4.us-west-1.eks.amazonaws.com has address 10.42.41.117

Can you tell what is happening?

[tei-k]

@ymorimo

but the server host in that file resolves to private IP addresses. Because of this kubectl fails to communicate with the endpoint.

Good point! 👍 Sorry for missing of explanation on this point.

Because cluster_endpoint_public_access is false in the current default setting, So cannot access this endpoint from local.
To operate from the bastion we need to set up authentication manually.

Can you first create environment with cluster_endpoint_public_access = "true" ?

example.tfvars

# cluster_endpoint_private_access      = "true"
cluster_endpoint_public_access       = "true"

[feeblefakie]

LGTM!

Please create a PR for the update in scalardl-custom-values.yaml once this PR is merged.
Also, please write a getting started doc once Yusuke's doc reorganization is completed.

[ymorimo]

It worked. Thanks. LGTM!