Getting Started with EKS and Terraform

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] so i've recently created a video series about running kubernetes in the cloud in the series we take larger and smaller cloud providers and we see what it takes to spin up kubernetes in the cloud using their cli tools this is a good opportunity for engineers to learn about multi-cloud so don't limit your potential i've also recently made a video about amazon kubernetes and in that video we take a look at what it takes to spin up an amazon kubernetes service using the amazon cli and eksctl in that video we ran a docker container installed some utilities ran some command line created an item role attached a policy to the role we got a vpc template deployed a cloud formation template ran some more scripts downloaded some json porous the json parse the subnet details pass the security group details ran some more scripts ran the create cluster command list the cluster describe the cluster more commands created the node role added policies to the role ran more commands ran more commands to create the node group and finally we did it the problem with creating infrastructure from scripts is that it becomes really hard to maintain what if i wanted to make a small change somewhere in one of the lines of the scripts i'm not always able to rerun those scripts now scripts may seem like they're repeatable but what if one command fails scripts are not guaranteed to always work and they have to be maintained this is where terror form comes in it allows us to describe our infrastructure in an easy to read modular template we simply tell terraform to deploy it terraform maintains a state of what has been deployed if we want to make a change we simply modify the template terraform will check the state of the current infrastructure figure out the difference and make the change we can version control this template so that it's easy to maintain so let's see what it takes to spin up an eks cluster on amazon using a terraform file [Music] so if you take a look at my github repo i have a kubernetes folder and inside there i have a cloud folder with all the cloud providers of the kubernetes and the cloud series in a recent video i've taken a look at the amazon folder and i have a getting started file showcasing how to spin up eks in amazon using amazon cli and eks ctl in this video we're going to be taking a look at the terraform folder and in here i have a readme that provides all the steps that i'm about to showcase today of how to create an amazon eks cluster using terraform so be sure to check out the links down below to the source code so you can follow along so the first thing we need to do is to authenticate with amazon using the amazon cli for this i like to use docker docker allows me to keep all the dependencies inside of a container so i don't need to install anything on my machine including terraform but to do that i'm going to say docker run minus it i'm going to mount all my files into the container into a working directory folder i'm going to set my entry point to sh and i'm going to run the amazon cli container once i'm inside i can go ahead and install some handy tools like jq for working with json files i have like nano tar unzip and wget just to do some work inside of the container now while that's installing what i'm going to do is head over to the amazon dashboard i'm going to click on my account i'll click on my security credentials and click on access keys and i'm going to create a new temporary access key and i'll delete this when i'm done now that i have all the tools installed in my container the next thing i can do is say aws configure that's going to ask me for an access id a secret key a default data center name and default output which is just json and now i'm authenticated with amazon and now that we have a small disposable container we can go ahead and install terraform which is really quick and easy so now to download terraform i head over to the terraform download page and i scroll down to the linux 64-bit endpoint and i click that and i copy that url then i simply say curl and i curl that url which will download the terraform utility i then unzip it i run chmod and move it to user local bin and now i can type terraform and we can see terraform is now installed and good to go now terraform is going to allow us to describe everything as a file or multiple files and then piece them together so what i'm going to do next is create a terraform file we're going to describe a bunch of variables as inputs describe a security group for our infrastructure then we're going to describe a vpc network with public and private subnets then we're also going to describe an eks cluster with an auto scaling worker group for our nodes we're going to describe a kubernetes deployment with two pods running nginx and then finally describe a kubernetes service of type load balancer to make nginx public you can then take what i'm about to show you as a foundation to build out services on kubernetes so you can do things like deploy your monitoring deploy your ingress controllers your logging services and even your service meshes so the first thing i'm going to do is create a file under here called variables.tf and in this file we'll define our variables for our terraform file variables allow us to pass in external inputs like secrets and configuration to our terraform file and here i'm going to define two variables i'm going to have one called region this is the data center we're going to be deploying our infrastructure to and another one called cluster name this is the name of our eks cluster the next thing i'm going to do is create another file called main.tf and this is going to hold all our infrastructure for terraform you can have multiple tf files and you can nest them together as modules as well in this file we're going to be describing everything for our cluster the first thing is when you say what version of terraform we're going to be using we're also going to use the aws provider to deploy some aws infrastructure other than eks like our network our security groups and things like that so for that i'm going to use the aws provider i'm going to say what version i want to use as well as the region i want to deploy in which comes from the variable file we just created terraform also allows us to create like local variables that hold data sources i'm going to create two data sources one for the eks cluster which is going to hold the cluster id and the other one for the aws ek is cluster auth which is going to hold the cluster id as well i'm also going to create a data source for all the availability zones available in aws we'll talk about the data sources later next up we're going to create some aws security groups for our worker nodes so we basically say the resource we want is an aws security group we give it a name and this is going to be the management security group for our first worker group in the cluster since we're going to be running an eks cluster we're going to create one auto scaling group of machines and attach it to the cluster so this showcases how you would open up security group and define rules per worker group so here i just give it a name and i tie it to the vpc that we're about to create i also say that i want from port and 2 port this is the ssh ports for this node group and the subnet that this node group will run in eks will also allow us to define additional security groups that can apply to all worker groups so in that case we can do something like this we can say resource aw security groups we can define an all worker management group this is just a name i give it a name prefix i tie it to the same vpc that we're about to create and it's also going to be managing ssh for port 22 and i can define additional subnet blocks so this just showcases the flexibility of how you can apply security groups to single node worker groups or to all of them when i create the eks cluster you will be able to see how i'm going to consume these security groups i also highly recommend you check out the terraform aws modules that are maintained by the community in this demo i'm going to be using the aws vpc module to spin up our vpc network and i'm going to use the eks1 to create our amazon eks cluster to create our vpc it's very simple we create a module called vpc and we're going to define the source as the terraform aws modules vpc aws this is basically referring to this module on github and we also specify what version of that module we want to use these modules are very well documented so be sure to check them out so next up i'm going to define a name of our vpc the address range for that network and over here i'm going to consume that data source we defined earlier for the availability zones and i can define some private subnets so here you can see we're defining three private subnets and three public subnets this just showcases the flexibility of how you can set up a network in amazon to run different types of working nodes so you can have worker nodes that are exposed directly to the public and eks or ones that are private now when we spin up eks we're going to be using auto scaling worker nodes and for them to connect we have to enable the nat gateway single net gateway as well as enable dns for hostname so that they can have dns capability the vpc module also allows us to supply public tags as well as private subnet tags so now that we defined some variables as input we've defined our security groups and a vpc let's take a look at what it takes to get an eks cluster now for that i'm going to be using the aws eks community module so we start off by saying module eks we refer to that module on github we give our cluster a name coming from that variable we created earlier we're then going to specify what kubernetes version to run i don't want my nodes to be public so what i'm going to do is i'm going to hook up the subnet and i'm going to hook up the private subnet we created in the top here so this is the private subnet from our vpc i'm going to hook it up to our eks cluster and now auto scaling node groups will be running in the private subnet this means my auto scanning node group will have like private ips rather than be directly accessible from the internet which is a good thing it's also important that i supply a version of this eks module that we're using this module also allows you to supply a timeout for how long you're willing to wait for the cluster to create and then i also supply cluster endpoint private access true this will allow our private endpoints to actually connect to kubernetes and join the cluster automatically and then i finally tell the eks module that i want to use the vpc id of the vpc we created at the top here that will tell the eks module what vpc to join next up i'm going to define the auto scaling worker group i want to deploy so for that i create an array of worker groups and i call this one name as worker group one the instance type i want to use so t2 small you can pass some additional user data the desired capacity for the auto scaling group which i'm going to say just one and in here you can see i can pass an additional security group ids so i've hooked up my aws security group for worker group management one that we created earlier so i'm basically hooking up a security group and if we take a look at the top here i'm basically hooking up this security group to that auto scaling worker group and then what the module also allows us to do is define additional security group ids if there's any other extra security groups that we defined we can attach them here so you can see here i'm attaching the all worker group which we can see if i scroll up it's this one that i created over here and finally this eks module also allows us to bring some additional roles and user accounts to access the kubernetes cluster so by default will be cluster admin but we can basically map some extra roles extra users and extra accounts to this cluster this module will create an aws auth config map that we can actually hook up with our back roles and other things to allow other users to access this cluster as well now you can see we pull these roles and users and accounts from variables so we need to go back to our variable file and we can define some basic values here as examples so we can say we want to map some accounts and these are additional aws account numbers to add to the aws auth config map so you can add a list in here of accounts you'd like to map similarly to accounts we can also map roles so these are like i am roles you want to add to the cluster so you can see here's a default example of how you can add different roles to kubernetes and then finally there's also an ability to map users so you can see additional i am users to add to the aws auth config map so you can define them in an array here and map the users directly to a group so now that we've defined some of the basics like the terraform version the aws provider version we've got some data sources we have our security groups and availability zones we created a vpc and an eks cluster how do we deploy something to this cluster once it's provisioned now terraform also has the ability to define outputs so every time you deploy something as a module you can define outputs and pipe it to another module so basically what we need to do is when we create an eks cluster we need to tell that module to output the cube config file so we can use that for the kubernetes module to deploy stuff to the cluster this is basically how you connect different modules together so in this example what i'm going to do is create a new file called outputs.tf and we're going to be defining some outputs for our eks module the first one is basically the cluster endpoint of the control plane the other one is just for information which is the security group ids that are attached to the cluster control plane the next one is very important it is the cube ctrl config so when the eks module creates a kubernetes cluster it will output the cube config file we can then use this cubeconfig file to pass it to the kubernetes module to spin up deployments pods and services on the eks cluster we can also output the config map that we defined earlier this is the configuration to authenticate to this cluster and this is a configuration you can then use for users and roles and accounts to connect to eks and then finally for information we can also output the region so if you head over to the terraform documentation they basically have a kubernetes provider that allows you to deploy stuff to kubernetes and if you take a look at the left here you can deploy things like namespaces persistent volumes pods roles role bindings secrets services stateful sets and the whole basic kubernetes ecosystem so the first thing we need to do is define the module so we're going to import the kubernetes provider and we're going to pass it authentication details of how to talk to eks so we say host we pass in the cluster endpoint data source we pass in the ca certificate this also comes from the data source we pass in the token as well which is also a data source coming from the eks cluster auth we say we don't need to load a config file and we pass in the version of the provider and this will allow us to authenticate with the kubernetes cluster that we've just created and then next what we want to do is define a deployment so what i have here is a resource called kubernetes deployment i'm going to call it example and this basically represents similar to kubernetes yaml file it represents the yaml file that we want to deploy to kubernetes but it's in terraform format so here we give it we give it a name of our deployment terraform example we pass in some labels we say we want replicas to we pass in a selector and here you can see we pass in a container spec image name we want to run nginx we can pass some cpu and memory resource requests and limits and basically you can do similar things you can do in kubernetes so this is basically the terraform version of the kubernetes yaml that you would normally use so that's to do a deployment and to expose that deployment i can deploy a kubernetes service so for that i create a resource called kubernetes service i give it a name called example you can see i pass metadata name and similarly this represents like the yaml that you would normally deploy to kubernetes so you can see here i have the ports to expose and i say type load balancer so now that we have a terraform file what we need to do is change directory to where that file is located if i do alice we can see we have our main file our outputs and our variables the first thing we need to do is pull in all the modules so we need to say terraform init and that'll go ahead and download all those modules and plugins that we showed in our terraform file now that we've initialized our terraform file we can say terraform plan to get an idea of what terraform will do when we apply this template now what terraform will do is it will check the state terraform has its own state database and it will compare everything that we're trying to apply to the actual infrastructure so you can see here that the plan is to add 48 components change nothing and destroy nothing that's because it's the first time we're defining this infrastructure and if you scroll up you can see everything that terraform is about to create it will showcase and to deploy this infrastructure i'm going to say terraform apply it'll then show me that it's about to add 48 components i say yes i press enter and terraform will now go ahead and provision all that infrastructure we're going to create our security group we're going to create our vpc it's going to create our eks cluster attach it to the vpc spin up our auto scaling group attach it to kubernetes and then spin up two pods on a deployment using a nginx container and also a service of type load balancer to expose that nginx with a public ip now to see what we've deployed we can head over to the aws console click on elastic kubernetes service we can see we have a kubernetes cluster called getting started eks kubernetes version 1.17 and it's now active so if we head over to the ec2 dashboard and we head over to auto scaling groups we can see that we have a new auto scaling group with one instance defined and if we head over to instances we can see our one node kubernetes node is running over here we can also go to load balances and we can see that we have a load balancer that kubernetes has deployed that will expose our nginx pod so to take a look at what we've deployed in kubernetes the first thing we do is say aws eks update config pass in the name of our eks cluster and the region it's deployed to and if i run that it'll go ahead and merge a cube config file to my machine and when i do that i can run cube ctrl get nodes and i can see we have a one node kubernetes cluster running i can say cube ctrl git deploy and i can see we have a terraform example deployment of two pod i can do cube ctrl get pods and see our two nginx pods running now to access that i can say cube ctrl get service and we can see we have a service type load balancer that's exposing our nginx over the internet and then i can go to the browser and put that in the browser and we can see that we've successfully exposed our nginx pod but that's how you deploy an eks cluster using terraform now to clean it up i can run terraform destroy and terraform is good enough to go and check the state of our infrastructure figure out exactly what to destroy and give us a full report it'll then ask us if we're sure that we want to go ahead we can say yes and this module will now go ahead destroy all the vpc security groups eks cluster the auto scaling group as well as the load balancer and stuff that kubernetes has provisioned so i hope this video helped you understand how infrastructure as code and terraform can help you manage kubernetes infrastructure in amazon on eks and let me know about your amazon eks ventures in the comments section below and be sure to like and subscribe and check out the community page in the description box below and if you want to support the channel further be sure to become a member and as always thanks for watching and until next time peace [Music] you
Info
Channel: That DevOps Guy
Views: 14,387
Rating: 4.949091 out of 5
Keywords: devops, infrastructure, as, code, azure, aks, kubernetes, k8s, cloud, training, course, cloudnative, az, github, development, deployment, containers, docker, aws, amazon, web, services, google, gcp, terraform, eks
Id: Qy2A_yJH5-o
Channel Id: undefined
Length: 18min 50sec (1130 seconds)
Published: Mon Sep 14 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.