How to create AWS EKS cluster using Terraform and connect Kubernetes cluster with ubuntu machine.

Working with container orchestration like kubernetes has always remained on top most priorities. Well , starting from kubernetes then toward EKS has benefited almost every single person on this planet who has used it. As this is all managed AWS very well by taking care of all your infrastructure , deployments and scaling of cluster.

Having said that, still there is some work to do such as creating AWS EKS with right permissions and policy , why not automate this as well? That would be exceptionally well if that happens and yes this will happen right in this tutorial as we will use terraform to automate your creation of EKS cluster.

So in this tutorial we will configure few files in terraform and then you can create as many as cluster in few seconds. Please follow along.

Table of content

  • What is AWS EKS
  • Prerequisites
  • How to install Terraform on ubuntu machine
  • Terraform Configuration Files and Structure
  • Configure Terraform files to create AWS EKS cluster
  • Configure & Connect your Ubuntu Machine to communicate with your cluster
  • Conclusion

What is AWS EKS ( Amazon Elastic Kubernetes Services) ?

Amazon provides its own service AWS EKS where you can host kubernetes without worrying about infrastructure like kubernetes nodes, installation of kubernetes etc. It gives you a platform to host kubernetes.

Some features of Amazon EKS ( Elastic kubernetes service)

  • It expands and scales across many availability zones so that there is always a high availability.
  • It automatically scales and fix any impacted or unhealthy node.
  • It is interlinked with various other AWS services such as IAM, VPC , ECR & ELB etc.
  • It is very secure service.

How does AWS EKS service work?

  • First step in EKS is to create EKS cluster using AWS CLI or AWS Management console.
  • Now, next you can have your own machines EC2 where you can deploy applications or deploy to AWS Fargate which manages it for you.
  • Now connect to kubernetes cluster with kubectl commands.
  • Finally deploy and run applications on EKS cluster.

Prerequisites

  • Ubuntu machine to run terraform preferably 18.04 version + , if you don’t have any machine you can create a ec2 instance on AWS account
  • Recommended to have 4GB RAM
  • At least 5GB of drive space
  • Ubuntu machine should have IAM role attached with AWS EKS full permissions or it is always great to have administrator permissions to work with demo’s.

You may incur a small charge for creating an EC2 instance on Amazon Managed Web Service.

How to Install Terraform on Ubuntu 18.04 LTS

  • Update your already existing system packages.
sudo apt update
  • Download the latest version of terraform in opt directory
wget https://releases.hashicorp.com/terraform/0.14.8/terraform_0.14.8_linux_amd64.zip
This image has an empty alt attribute; its file name is image-163.png
  • Install zip package which will be required to unzip
sudo apt-get install zip -y
  • unzip the Terraform download zip file
unzip terraform*.zip
  • Move the executable to executable directory
sudo mv terraform /usr/local/bin
  • Verify the terraform by checking terraform command and version of terraform
terraform               # To check if terraform is installed 

terraform -version      # To check the terraform version  
This image has an empty alt attribute; its file name is image-164.png
This image has an empty alt attribute; its file name is image-165.png
  • This confirms that terraform has been successfully installed on ubuntu 18.04 machine.

Terraform Configuration Files and Structure

Let us first understand terraform configuration files before running Terraform commands.

  • main.tf : This file contains code that create or import other AWS resources.
  • vars.tf : This file defines variable types and optionally set the values.
  • output.tf: This file helps in generating of the output of AWS resources .The output is generated after the terraform apply command is executed.
  • terraform.tfvars: This file contains the actual values of variables which we created in vars.tf
  • provider.tf: This file is very important . You need to provide the details of providers such as AWS , Oracle or Google etc. so that terraform can make the communication with the same provider and then work with resources.

Configure Terraform files to create AWS EKS cluster

In this demonstration we will create IAM role and IAM policy which we will attach to the same role. Later in this tutorial we will create Kubernetes cluster with proper network configurations. Lets get started and configure terraform files which are required for creation of AWS EKS on AWS account.

  • Create a folder inside opt directory
mkdir /opt/terraform-eks-demo
cd /opt/terraform-eks-demo
  • Now create a file main.tf inside the directory you’re in
vi main.tf
  • This is our main.tf file and paste the below code inside the file.
# Creating IAM role with assume policy so that it can be assumed while connecting with Kubernetes cluster.

resource "aws_iam_role" "iam-role-eks-cluster" {
  name = "terraform-eks-cluster"
  assume_role_policy = <<POLICY
{
 "Version": "2012-10-17",
 "Statement": [
   {
   "Effect": "Allow",
   "Principal": {
    "Service": "eks.amazonaws.com"
   },
   "Action": "sts:AssumeRole"
   }
  ]
 }
POLICY
}

# Attach both EKS-Service and EKS-Cluster policies to the role.

resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSClusterPolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = "${aws_iam_role.iam-role-eks-cluster.name}"
}

resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSServicePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
  role       = "${aws_iam_role.iam-role-eks-cluster.name}"
}

# Crate security group for AWS EKS.

resource "aws_security_group" "eks-cluster" {
  name        = "SG-eks-cluster"
  vpc_id      = "vpc-XXXXXXXXXXX"  # Use your VPC here

  egress {                   # Outbound Rule
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {                  # Inbound Rule
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

}

# Create EKS cluster

resource "aws_eks_cluster" "eks_cluster" {
  name     = "terraformEKScluster"
  role_arn =  "${aws_iam_role.iam-role-eks-cluster.arn}"
  version  = "1.19"

  vpc_config {             # Configure EKS with vpc and network settings 
   security_group_ids = ["${aws_security_group.eks-cluster.id}"]
   subnet_ids         = ["subnet-XXXXX","subnet-XXXXX"] # Use Your Subnets here
    }

  depends_on = [
    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy",
    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSServicePolicy",
   ]
}



# Creating IAM role for EKS nodes with assume policy so that it can assume 


resource "aws_iam_role" "eks_nodes" {
  name = "eks-node-group"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
  role       = aws_iam_role.eks_nodes.name
}

resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
  role       = aws_iam_role.eks_nodes.name
}

resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  role       = aws_iam_role.eks_nodes.name
}

# Create EKS cluster node group

resource "aws_eks_node_group" "node" {
  cluster_name    = aws_eks_cluster.eks_cluster.name
  node_group_name = "node_tuto"
  node_role_arn   = aws_iam_role.eks_nodes.arn
  subnet_ids      = ["subnet-","subnet-"]

  scaling_config {
    desired_size = 1
    max_size     = 1
    min_size     = 1
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
  # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
  depends_on = [
    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
  ]
}
 
 
  • Below should directory of our demo look like.
  • Now your files and code are ready for execution . Initialize the terraform
terraform init
  • Terraform initialized successfully , now its time to see the plan which is kind of blueprint before deployment. We generally use plan to confirm if correct resources is going to provisioned or deleted.
terraform plan
  • After verification , now its time to actually deploy the code using apply.
terraform apply
  • Generally EKS cluster take few minutes to launch.
  • Lets verify our AWS EKS cluster and other components which were created by terraform.
IAM Role with proper permissions.

  • Now verify Amazon EKS cluster
  • Finally verify the node group of the cluster.

Configure & Connect your Ubuntu Machine to communicate with your cluster

Up to now we created Kubernetes cluster in AWS EKS with proper IAM role permissions and configuration , but please make sure to configure AWS credentials on local machine to match with same IAM user or IAM role used while creating the cluster. That means use same IAM role credentials in local machine which we used to create Kubernetes cluster.

Here in this demonstration we are using IAM role credentials in EC2 instance from which we created AWS EKS using terraform. So on the same machine we can perform below steps.

  • Prerequisites – Make sure you have AWS CLI and kubectl installed on ubuntu machine in order to make connection. If you don’t have these two , don’t worry please visit our another article to find both the installation
  • On ubuntu machine configure kubeconfig to make communication from your local machine to Kubernetes cluster in AWS EKS
aws eks update-kubeconfig --region us-east-2 --name terraformEKScluster
  • Now finally test the communication between local machine and cluster .
kubectl get svc

Great we can see the connectivity from our local machine to Kubernetes cluster.

Conclusion:

In this tutorial . Firstly we went through detailed view of what is AWS Elastic kubernetes service and how to create kubernetes cluster using Terraform . Then we showcased connection between Kubernetes cluster and kubectl client on ubuntu machine.

Hope you had a great time seeing this tutorial with detailed explanations and with practical’s. . If you like this , please share with your friends and spread the word.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s