How to Create EKS Cluster Using Terraform | Deploy EKS using IaC Terraform

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi and Welcome to Cloud cohop I'm excited to share today's tutorial with you on how to provision AWS elastic kubernetes services using terraform so this is a crucial skill for anyone in devops cloud or Sr roles let me briefly explain what AWS eks is eks is a managed cun service provided by Amazon terraform is an infrastructure as a tool use for building changing and fashioning infrastructure my goal today is to guide you through setting up an eks cluster using terraform I'll be talking you through the entire process ensuring it is easy to follow even for beginners please feel free to drop your questions in the comments below and don't forget to like share and subscribe for more content in cloud and devops stick around to the end for some professional tips and common pitfalls to avoid let's dive in into this exciting journey of mastering AWS eks with [Music] terraform to start off Tero on my local computer I'll be using vs code so I already have a order here called IC Code which is infrastructure as a code for this project so here I I have to create um the files that I need the first file I will create is terraform dotf that's the extension for terraform files this terraform dotf file will contain all the providers that we need or the informations that we need for our model that will be deploying which is the eks modu and that comes with the VPC so first here I will go to Google and search for terraform AWS provider here essentially I'm looking to see like the version and just the code in general and copy that over to my terraform TF file so here you see um like the versions like all the requirements s that the sample of what is in here you can copy over the things that you need and before you even start of this be sure that you have set up your environment to be able to deploy AWS um infrastructures from your local computer or from your local machine so here I'll be copying this over copy and I'll take this over to vs code so here I'll move this over and zoom in a little bit so you can see what I am typing so here I'll start with terraform it's just going to follow the same format from what we saw in the documentation if you have this extension on your vs code it will help with auto completing um your syntax that will be the tform extension you can search that in your extension and add it if you don't already have it so here the source is the hash cop/ AWS and here I'll will add the version to be very careful with the version and be sure that the version you having or you're adding will be compatible with every other thing your resources the infrastructure or like other providers that you'll be having so apart from the um Tor grer you can also have the grer equal to means that fashion and above it should support it so here will add the next provider which is random random is a a provider it will help with um generating you know random IDs and strings for uniqueness in in our resources version here you can you know go over to the documentation here I will search for the AWS [Music] eks terap model because I want to look through the dependencies for this resource that I want to provision go back to dependencies and look here we have the providers we have the AWS cloud in it kubernetes we have time and we have the TLs you see all the supporting or all the versions that this providers are supporting this versions and greater you can go through them and look and see what works for your environment so AWS is the cloud service time really you know it helps with um you know timing if you're adding scheduling and timing resource in your in your infrastructure or in your resources it will you know help when you're putting time timer or like putting scheduling and timing resources So Random what does this provideed do random is uh is used for generating random IDs or strings for um uniqueness in our resource so I will copy this over and change um the listing it will be the same structure so I already have random next will be the I'll add the yeah I already have the random so it will be the same the sources are the same which is a hash AWS so this will be hash cup random and the version for this one will be tter greater than 3.5.1 so next will be TS TS is essential for you know creating and managing Sals certificates of course it's a dependency for creating a WS eks we need TLS you know we need certificates we need CA certificates in our uh kubernetes cluster so this will help with that process so next will be so time I've explained that it helps with the scheduling if you're adding uh scheduling or timing resource the version here will be 0.10 to0 next I will have the cloud in it so the cloud in it is used for handling Cloud initialization scripts so if you have um scripts that will run when you're provisioning your infrastructures it will help in provisioning those um or running those scripts in the cloud or in your Cloud infrastructure so it will initialize the script the version will be 2 3.2 no 2.32 you can go with this we go back here and check for the other other dependent that we need what does the next will be the kubernetes you see how that is you can copy this over it's the same thing so kuet is obviously because we are deploying ketes so is crucial for managing resources within our our cuetes cluster we are going with 2 2 three yeah2 yeah in this terraform file we are also going to add information for our backend configuration so I'll go here and search for that so you see how the structure is I'll search for terraform AWS back end yep so I'll be using S3 bucket as my back and have a look here you see how the structure is back end will be S3 then bucket's name you write the key or more like the part to the folder then you add the region so copy this and come over to vs code and paste in here so this setup allows terraform to store its you know State file in an est3 bucket you know enabling features like Stitch locking and consistency so bucket name I'm saying Cloud call Hub 007 be sure to change this if you're using the same you'll change this up be sure that you have this setup before you run this to go to your AWS and create a bucket called Cloud call oh give it a unique name because it has to be unique globally key will be terraform TF state region I will stick with us East one we'll go over again and look through this code and yeah I WR the the version for terraform required version for this value will be 1 6 3 look over again and be sure that we are okay with all the versions and all the providers that we have added and the structure the formatting the next file I'll be creating here will be variables. TF so variables is going to help with all the parameters that I know that I will use across my files or like across the model so instead of repeating them I can have the value here set so I can use them call it is in the v and call it with the with the value that I'll be adding here so first will be the region the description here will be you know it can be anything you can set it to anything you like so the the type I'll set that to strength then the theault so default here if I put it at as yours is one so it means anytime I call use the vow do region is going to use this this default if not unless if I specify the region then you can use the region I specify if not it's going to use this default I'll copy this over and duplicate CU it's still going to be the same structure so next here will be the cluster name so cluster name I'll be using it a lot in the module so instead of repeating the name I can always um color it using the V function apart from that if I want to change the clust name I can only change it in one place which is in this variables. file so it's really important to have your variables any information that you know will be occurring a lot in your files you can just set them here in your variables and you know you have minimum error trying to you know do it over the next file I'll be creating is the main.tf file here I'll create main.tf so in this file I'll be adding um the provider again and just you know specifying some uh more information about our Motel here so the provider here for the kubernetes pretty much the same thing you know trying to Define my host more like our um cluster end point here which means we're using the you know eks module to get end point of our kubernetes cluster and the host attribute will be it will get this from the module which I've not created I will create this so the module dot eks do cluster endpoint so it's going to get those cluster end points from the module that will be creating called the eks eks so next will be the cluster CA certificates I'll be using base 64 decode so this will decode the base 64 encoded certificate data from our eks module which is you know required for secure communication within the cluster The Source [Music] here oh I made a mistake let me delete this and yep so completed no work for this one let me just type it out eks cluster certificate so it's going to get this from the eks modu so in the eks module there there's going to be the cluster certificate Authority data in there so it would decode using B 64 to decode the certificate Authority data yeah I'll delete this one more bracket yep so again I would write provider AWS be the next provider for this AWS and in this I'll be writing the region so region here I'll be using the valve function and so it will be taking the region from our region so you see once I did The Vow there is region and there's also clust name because I already have that set in the variables tfile so next is data that's the data source is going to fetch information about our AWS availability Zone this is you know useful for creating resources in m zones for high availability okay here I'll do the Locos and I'll be using this in my eks modu so it to get this from Custer name I'll call that to be you know V is going to bring up all the variables I have which is the cost name yeah everything looks good next I will create the VPC module VPC dotf I will go here and check what they have for documentation for AWS VPC model and check that out here the first link open that in a different Tab and look here yeah you see the modu VPC and you see all the you know specifications here and all the pars I'm going to copy this and look through again and see more information here yeah go to vs code then paste this and modify it to you know what I need modu name is VPC the source is from terraform AWS module VPC AWS go here again and check for version 552 uh I can hear specify version in my module that'll be equal to add that as a string 5.52 yep does okay VPC name I'll will give it a name of my choice you can decide what you want to name your VPC Cloud Core eks VPC for cider you can stick with this or you can you know just make some changes it has a wide range of you know CER blocks or like side number IPS that it can generate from this so you can you know tweak it make it what works for you that's fine name is good cider is good here for AZ I'm going to do something here which would be to use the slice slice function to get the available availability zone for me you can stick with this and you know write the availability Zone you have for your region but I'm going to use the slice function here go through this data that was specified in in our main. file it will get this data then it will get the names and need to pull slid from 0 to three so it's going to take the first value which is 0 1 2 3 so it means the third one is going to is going to exclude that or three is going to exclude that which is the fourth value at 20 here 20 here 20 yeah because I changed my side of block to at 20 here okay everything looks good enable not get way through enable enable VPN get way through wa to add one more thing here which will be the I'm going to add the single not K wheel I'm going to set that as true DNS host name aome is missing okay let me add the single knot Gateway yep say that that's true everything looks good yeah yeah it's meting the S yep okay next I'm going to check the tax the TXS are okay but I want to you know modify it to what works for me for the TX I will put public subnet whatever tag that works for you is fine but here I just want to tag some of my you know tag my vpcs so I know which is for public and which is uh private you can skip this process if that works for you but this is highly recommended if you're if you have a lot of vpcs in your in your infrastructure and you want to know which ones are for your cuetes cluster so he's going to have a placeholder here for local um cluster name so it's going to get my cluster name and put it in here as a tag for my public subnet this equal to Shar and next I'll put um kubernetes this. iio slash row SLB that will be for also saying that this will Target with the EB that's elastic load balancer for my vpc's all my subnets copy this over and write this private of net TS I'm change a little bit here uh for this I'll add in tunal Das e up equal to one I set that in the public too as well yep and in the private quter one yeah everything looks good next I'll be writing the AKs cluster terraform module AKs Das cluster. TF I'll go over to the documentation and yeah I have this open now check for yep that's the eks open that up scroll down here um nope go down to look at what we have for sample yeah you see that there's even VPC IDs this looks good U let's check more things here yeah we can go back up and copy this PS code paste then we can tweak from here and you know make some changes there are just some things we don't need here I'm okay with the model sauce version um cluster version cluster name I will change this yeah it's going to take local yep so remember I mentioned this in the main.cf file where it took the variable from our variables fold variables file this verion it's okay make a space here VPC ID so it's going to take this from the model VPC and it's going to take the VPC ID so once the VPC is generated or is created it will take the VPC ID and bring it in here ID so subnet ID is will be next oh we already have this here subnet IDs will be equal to modu do VPC do private subnet subnet closer end points Public Access I'll leave it as [Music] true then Clos the addon I don't need that I already have vpcs yeah I think from here I'm going to take them out and here too out so the eks manag node groups so here we are going to specify the notes that we need if you're going to have different node groups which is going to be maybe the master the work node and how many we need for each so one here I'll give um a name for this group one I'll name that as master so this note group will be the master note group instance type uh I'm going to change this since it's just saging instance type here will be T2 medium you can check AWS documentation and know what you need for your instance types if this is production environment it can go larger depending on the size of your application and the size of things you need running in your cluster so you can check this with your software engine minimum Max here I'm setting the auto scaling so it means the minimum node will be one and the maximum can be three and the desired that will be like the state it will be at when it start to to copy this over changes to two and this will be my walk note group and I will have the same instance type as the Walker go down here I'm not sure I need the rest of this things down here I'm going to take them out select delete then go up again missing one more Ginger bracket out of here yeah everything looks good yeah this works for me so next I'll be output. TF so here are the things I will Define once this infrastructures are provisioned the outputs I need from after applying after running the tform apply so the outputs that I want it's pretty simple I want the cluster name it to Output that I want the cluster end point I want the region I want the security group ID as well so I would WR write all this here [Music] description think I'll pretty much run this fast and see cool everything looks good here so next next will be to look at our back end and go create that bucket on our S3 so whatever name you give make sure you change that or if name is not available globally you can create a new name and replace that in your back end general purpose bucket name yep leave everything as theault then create bucket everything looks good will refresh here where is the refresh yep refresh I'm sure everything looks good cool so see here buckets and objects are not public okay cool everything is all set here I'll adjust the versions I'll drop that a little lower 19.1 19.1 yeah 1.27 for cluster version everything looks good oh one more thing I need to grab the Ami for our cluster Ami type you can get that from AWS documentation here I will take this that's Amazon Linux too that's a L2 I'll add this here every other thing is good First Command here will be ter from init to initialize the back end and initialize our model and see if you run into errors with verion remember go back to your versioning and adjust that next will be to run the terraform validat command to validate our code validate the response looks good configuration is valid next is terraform plan so this is going to show us the plan of all the infrastructure or like the resources the plugins everything that terraform is going to provision the output from terraform plan is going to give you the preview of the changes that you are making in your environment so it's giving you you know it's going to perform the order to transition your infrastructure to the state described in your configuration file which is the TFI that we have written so this will include what resources will be created updated or even destroyed it will also validate your your code you know going to show you um your terraform code or like visibility of your terraform code before applying any changes to your real infrastructure so this really helps in Catching errors or unintended changes before they are applied so it's actually you know just a read only command that outputs the planned actions so everything looks good so now we'll run the terraform apply I will alsoo approve this using this command Dash Auto Dash approve this will Auto approve this process is probably going to take minutes 10 to 20 so this is from the infrastructure or from the resources we are provisioning I'm going to make this uh pretty fast or skip to the end but just bear in mind it's going to take minutes to provision and while doing that you can go to your AWS and look for all the infrastructure that is provisioning first eks wouldn't see anything there yet because that's going to take some time because the dependency of eks is VPC so it's going to create VPC so you see the eks here is still creating and the version is 1.2 7 that we specified in our configuration file so I will go to VPC now to see what is creating VPC and here I'll be looking for the VPC I'll also be looking at the subnets so this is my VPC and the other one is the default VPC I have for my account you see the side arrange you go to subnet you see the subnet that comes with the vpcs so we going to have three private and three public and elastic IP you look at the N Gateway you can look through all the infrastructure that that is going to provision some of them might not be created yet some of them would be yes we have elastic IP created already that comes with a VPC module I'll go back to the terminal look everything is still creating I will take you to the end of it I'm going to pause the video and come back when everything is done cool everything is created we have 59 resources added no change and zero destroyed so this is the output that we specified in our out output. TF file we ask for the endpoints the name the cluster Security Group ID and the region all this might not be necessary if you don't want them but it's good practice to also have um something to Output or you can um use it as input to something else so I'll go check out all the resources go to ec2 here no that's the load go to instance yeah you see the instances they come with the node group we have the two Walker and two Master node go to the eks now and look at our elastic community service here we see the node group yeah we see the eks cluster it is active Yep this is it go to compute and see that we have two note group The Master and the Walker and Des Zed size is two and that will be it I think everything looks good next will be to destroy because I'm not using it for anything I'm just you know doing a demo of how to provision [Music] infrastructure with terraform the terraform destroy is going to destroy everything we have provisioned with the terraform apply so not to worry everything you have provision you're going to destroy everything with this command so I'll go to terraform destroy I can do ter from destroy and do yes when it brings up the plan or I can do auto approve to just you know delete it or to destroy everything it's going to take almost the same time it took to create but I skipped to the end so you see the resources destroyed are 59 so 59 remember we had 59 9 resources added now we had 57 destroyed so I can also go back to AWS and check out so I'll delete the terraform file because I want to be using this you know in the future I don't want all those stored I'll also delete you know the state file from S3 bucket or delete the bucket itself then I'll will go to ec2 to check out the resources that I have have running I have nothing running because I have destroyed if I remove this I will see that they all terminated yeah they were created and they are destroyed so they all terminated here I can check out all the resources other resources to see that to be sure that everything is destroyed so this is more like a cleanup practice that whatever you create you delete so you don't burn up resources on eks resources nothing is here because we have destroyed it so everything is gone on VPC the one we created would be gone our default will still be there yep you see the default is still there the one we created is gone subnet everything is gone this one's at default that came with the default VPC that we have on the account S3 pocket here I will delete it because I might likely be using the same name if I'm going to use the same code or maybe change it you know just more clean up I don't I don't need it anymore so I don't there's no point having it in my S3 bucket so that's the state file I will go delete this since I don't need it you can also um create um Dynamo DB to help with the state locking if you're working with other engineers just to help with um fashioning and locking and making sure that your infrastructures are consistent like everyone gets an updated info of the infrastructure infrastructure you've provision so they don't they don't have duplication of infrastructures in your environment type this out permanently delete delete this will delete I'll go delete the bucket just to make the name available for whoever or make it available for me again in the future delete bucket name I'll copy that and paste then delete pocket that'll be oh everything is cleaned out next I'll be sharing some the tip the professional tips that you need and pitfalls to avoid when provisioning infrastructure with terraform all right thanks for watching bye

Info

Channel: Cloudcore Hub

Views: 2,863

Rating: undefined out of 5

Keywords:

Id: y3Hji6WZ9Z4

Channel Id: undefined

Length: 46min 24sec (2784 seconds)

Published: Mon Feb 12 2024