Terraform is an open-source Infrastructure as Code (IaC) software tool created by HashiCorp. It enables users to define and provision a data center infrastructure. Download and install Terraform.
Terraform will execute all *.tf, so for this tutorial, I propose this architecture:
If you already have an Amazon Web Services account, you can skip this section.
For this tutorial, you need to have an AWS account. But don’t worry, AWS offers you a free trial account to try most services they propose.
First, you have to create your AWS account. You will have to enter your credit card but don’t worry, every component you will deploy will not incur fees.
Then you also have to install AWS CLI.
After these steps, you can log in to your account.
The purpose of this tutorial is to create an Elastic Kubernetes Service (EKS) cluster with Terraform. Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service by AWS. To go deeper you can read this article, which explains another way to deploy an EKS cluster with eksctl.
The first thing to set up is your Terraform. We will create AWS IAM users for Terraform.
In your AWS console, go to the IAM section and create a user named “FullAccess”. Then add your user to a group named “FullAccessGroup”. Attaches to this group the following rights:
After these steps, AWS will provide you a Secret Access Key and Access Key ID. Save them preciously because this will be the only time AWS gives them to you.
In your own console, create a ~/.aws/credentials file and put your credentials in it:
The last step is to create this file:
You are now able to run some Terraform.
We will start this tutorial by creating a provider.tf file. This file contains all the information about which provider you want to use with Terraform.
We specify here to Terraform that we want to use an AWS provider. You also have to be precise in which region you will deploy it and which configuration you will use. See step 1 to set up your AWS configuration.
So we want to create a Kubernetes cluster with EKS. This EKS will be deployed in the default VPC of your account. First, you need to check in your AWS console, the subnet of the default VPC.
By default, you have 3 different subnets, each in different availability zones (AZ). Our EKS needs to be deployed on 2 AZ so you need to pick 2 different subnets.
Here Terraform will create an IAM role for EKS, with 2 policies, our EKS cluster, and finally an eks managed node group with 3 policies. We defined that we want one pod.
You can create a file outputs.tf. It will show you everything you need to connect to your EKS cluster. Here we want the endpoint of EKS and his certificate.
Once you have finished declaring the resources you want to create, you can deploy them. With terraform it is possible with a simple command:
When you launch the “terraform apply” command, Terraform will describe every resource you will create:
Check if it is all good and then you can accept by writing “yes”.
After the complete creation, you can go to your Amazon Web Services account to see your resources:
You can also work with your EKS cluster with AWS CLI by using the command “aws eks update-kubeconfig --name <eks_cluster_name>”. This command constructs a configuration with prepopulated server and certificate authority data values for the cluster you specified.
If you want to destroy your resources with Terraform, you just have to run this command:
terraform destroy
Terraform will show you every resource it will destroy and if you agree you can accept by writing “yes”.
Congratulations! You have just created your first EKS cluster.