Deployment of AWS EKS cluster using Terraform

Posted By : Karan

Apr 29, 2022

As we all know how AWS is playing a very important role in building, deploying and managing websites ,applications and Processes.

So in this article we will learn how to set up one of the important services of AWS i.e EKS Cluster using Terraform.

 

What is Terraform?

Terraform is an open source and cloud-agnostic Infrastructure as Code(IaC) tool.

Notable features of Terraform 

  • Installable Modules
  • Plan and predict changes
  • Dependency graphing
  • State Management

Terraform using declarative configuration files.

Terraform executes *.tf files and the following structure will be followed in this blog:-

  • provider.tf
  • vpc.tf
  • iam.tf
  • ekscluster.tf

 

Step 1: Create a AWS user

The first thing is to create a user in aws for terraform.

In AWS, go to the IAM section and create a user and attach the Administrator Access policy to that user.

Note:- Copy down the access key and secret key as the will be used by terraform for setting up of infrastructure.

 

Step 2: Create provider.tf

Now we will start writing our code for eks infrastructure.

For that create a separate folder under which create a provider.tf file with the following configuration.

As we are using AWS for our infrastructure, we will use the AWS provider block providing it the region with access key and secret key of the user we had created in step1 so that terraform can get the access to our AWS account.

provider "aws" {
  region     = "us-east-1"
  access_key = "**********************"
  secret_key = "*****************************************"
}

 

 

Step 2: Create vpc.tf

For creating the vpc we will be using the terraform-aws-module.

Using a module you can use a shorthand Domain Specific Language(DSL) That will reduce the amount of work.

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  name   = "my-vpc"
  cidr   = "10.0.0.0/16"
  #azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
  azs                = slice(data.aws_availability_zones.available.names, 0, 2)
  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets     = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
  enable_nat_gateway = false
  enable_vpn_gateway = false
  tags = {
    Name = "${var.cluster-name}-vpc"
  }
}

Step 3: Create IAM roles for cluster and node group and attach required policies to them in iam.tf.

 

resource "aws_iam_role" "eks-cluster" {
  name               = "eks-cluster-role"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Effect": "Allow",
      "Sid": "",
      "Principal": {
        "Service": "eks.amazonaws.com"
      }
    }
  ]
}
EOF
}

#This policy provides K8S the permissions it requires to manage resources on your behalf.
resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
  role       = aws_iam_role.eks-cluster.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}


#This policy allows amazon elastic container service for K8S to create and manage the necessary resources to operate EKS clusters.
resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
  role       = aws_iam_role.eks-cluster.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
}


resource "aws_iam_role" "eks-nodes" {
  name               = "eks-node-group"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Effect": "Allow",
      "Sid": "",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      }
    }
  ]
}
EOF
}

resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
  role       = aws_iam_role.eks-nodes.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
}


resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
  role       = aws_iam_role.eks-nodes.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
}

#This policy provides the Amazon VPC CNI plugin the permissions it requires to modify the IP address configuration on your Eks worker nodes.
resource "aws_iam_role_policy_attachment" "AmazonEKSCNIPolicy" {
  role       = aws_iam_role.eks-nodes.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
}

Step 4: Create cluster and nodes in ekscluster.tf

We have attached the role of cluster and node that we have created.

resource "aws_eks_cluster" "aws_eks" {
  name     = eks-cluster
  role_arn = aws_iam_role.eks-cluster-role.arn

  vpc_config {
    subnet_ids = module.vpc.public_subnets
  }

  depends_on = [
    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
  ]

  tags = {
    Name = var.cluster-name
  }
}

resource "aws_eks_node_group" "node" {
  cluster_name    = aws_eks_cluster.aws_eks.name
  node_group_name = "eks-cluster-ng"
  node_role_arn   = aws_iam_role.eks-nodes.arn
  subnet_ids      = module.vpc.public_subnets

  scaling_config {
    desired_size = 1
    max_size     = 2
    min_size     = 1
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Node group handling
  # Otherwise, EKS will not be able to properly delete EC2 instance and Elastic Network interfaces

  depends_on = [
    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.AmazonEKSCNIPolicy,
    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
  ]
}

 

Step 5: Deploy the resources

 

Once we have created the resources ,we can deploy it with the simple commands:

 

  • terraform init: it is used to initialize the working directory and download the required configuration files.
  • terraform apply : it will apply all the changes through which we can reach our desired state.

This will describe all the resources that will be created and will ask for the confirmation in which we have to type yes.

 

After the complete creation of the resources, you can go to your aws console to see your services.

 

Step 6: Destroy the resources

We can destroy these resources with a single command:-

  • terraform destroy : it will describe all the resources that will be deleted.

And also ask for the confirmation in which we have to type yes.

 

This will destroy all the resources in aws that we had created earlier.

 

Leave a

Comment

Name is required

Invalid Name

Comment is required

Recaptcha is required.

blog-detail

March 12, 2024 at 05:14 pm

Your comment is awaiting moderation.

By using this site, you allow our use of cookies. For more information on the cookies we use and how to delete or block them, please read our cookie notice.

Chat with Us
Contact Us

Oodles | Blockchain Development Company

Name is required

Please enter a valid Name

Please enter a valid Phone Number

Please remove URL from text