Provisioning AWS EKS with Terraform | English

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys welcome to Mr cloudbook channel in this particular video we are going to discuss about how to provision an e cluster on our AWS using the terraform okay so I'm going to explain everything from the scratch and we are going to use the default VPC for this particular provisioning of eeks okay first of all go to AWS console and create an IM user so we need the access key and secret access key for our configuration okay so let's go to the AWS console and in the search bar search for I IM and click on enter and you can see here in the left side panel you have to click on users and create a user so let's create a username so for eks right I'm just providing the name as eks here and provide the access and I want to create an IM user autogenerate password is enough click on next and attach policies directly and use the administrator access okay for the I'm inan for the learning purpose you have to open the administrator access if you want to just want to create an AKs and you have to go with the E2 full access and eks full access also okay and just click on next and you have to click on create user and you can see our user is created here and let's continue I don't want to download that one and this is the user we created right Ys just click on this one and you have to click on the security credentials and you have to create an access Keys here okay so let's create access key and CLA we are waiting for CLA right and I turn you have to agree these terms and click on next and if you want to provide any tag value you can provide I'm not providing anything here and just click on create access key and it will create an access key and secret access key and you can download this particular file okay so I am going to delete this one however that's why I'm not downloading this file so let's open our services in a new tab just right click and open a link in a new tab and you can come here so let's open our elastic kubernetes service also okay and you can see this is our cluster right if you want to create any cluster you have to click on ADD cluster here and you have to click on Create and you have to provide your name and ver and everything right so you have to create an role for this particular e okay so you have to click on here and it will provide any new tab okay so how to create an a cluster and everything so we are going to do this from the terraform now okay so let's go open this one and new tab okay you have to open a new tab and search for the uh eks CL data resource terraform okay and enter and you can see you have to select this particular resources okay so select the resources not data okay so select the resources you have to create an separate folder for this particular eks I already have that one okay you can see here I already open my visual studio code also in that particular folder so that is named eks this is my folder name eks okay so let's create an file so what are our files requirement main.tf file is required for our creation of or provision of anys cluster or anything from our AWS and we need the provider. TF also provider. TF and these are the two files we need okay I'm not going to make this one complex okay everyone even the beginner can understand this particular T cluster okay so go back here and open a new tab and search for the provider. TF here provider. terraform AWS you have to just click on that one you have to see this so in the first result you have to click on AWS provider here so let's copy this particular one okay all you have to do is just copy this one up to here up to provider just right click and copy it and come back to visual studio code and select the provider. TF file and paste the content that you copied and you have to change your uh region here okay uh let me change to AP South one okay so I'm going to use the Mumbai region so that is AP iph sou iPhone one here and let's save this one okay and you have to close this one okay we don't need anymore okay so this will use this particular provider AWS and that will go to this particular region AP South one and it will provision ours cluster in the AP sou one I mean Mumbai region okay so let's close this one and we need to only main.tf file okay so let's close this one also we don't need any more this let's close this provided DF so you can see here for the Amazon EK clust we need the particular role I mean service tole for our eks okay so if you click here Amazon eks user guide we will open a new tab so we have to create an e cluster role here okay so this is the tested policy we have to attach to our a ro okay so if you click on here on the console aw it will open a new tab for for our I am Ro creation okay so let's go and do that one manually I will go explain manually and with the terraform also okay so don't need to worry about that you have to just to know how to create an em okay so you have to you can see here I don't have any roles here I have just two roles so let's in the left side panel click on roles here and you have to click on create role and just select the AWS service and in the service user case you have to select the eks okay me SE it for e here and you have to select the E here and you have to select this particular e cluster okay so you have to click on next you can see it we have only one policy okay we have to add this particular policy in order to create this particular role you have to come tows cluster Ro resource we already opened a new tab right so you can come down here so this is the example I am Ro for every e cluster okay so let's copy this particular role okay let's I will explain everything and just try copy it and come back to your main.tf file so first we need the role in order to create an e cluster okay let's see what is this particular data am policy attachment for the EK server so this is the policy you can see here so this is the same thing we are using so you can see version and the statement and allow principal and AKs amazon.com service so the same thing you have to add it here okay you can see the principal and the service and you can see the statement and everything is same okay so it will automatically add that particular policy okay this is the AKs policy okay updated policy and we added that here and so resource what is the IM am role so what is the name you want for this particular role you can change the name here also uks cluster example so let me write this one as a cloud okay so assume role policy so this what is where we get this particular policy we will get this particular policy from here okay so you can see here AWS IM policy document this is the policy document and we are using the data here data block okay that's why data. AWS IM policy. asum r. Json so our policies are in Json format that's why we are using the Json so we need to attach am policy okay and this is the policy we are adding you can see this is the policy name Amazon e cluster policy if you go back here and roll section you can see this is the policy we are using just click on here and you can see the policy management what it will do and everything okay and you can see you have to just copy this particular Arn okay so let's copy this one so Arn is copied and you have to let me open a new SP here and let me show that one so we already added but you can see we are getting the same policy okay so that is the Arn we are using here okay so let me delete that one so we are adding the Amazon e cluster policy I mean what is this role name okay so if you get the question so it will add this particular e cluster Cloud so we are creating a role but we are not adding any attachments right in order to add this particular policy that we are creating to this particular user so we need to provide this particular role and we are calling it from here AWS Ro do example dot name so you can see name so we are calling this particular name so this particular Amazon e cluster policy will attach to this particular role so what is our role name a AKs cluster and Cloud okay so this is how you have to create an IM Ro for your particular cluster okay so let's go back here and let me close this one we don't know this anymore and leave and you have to close this one also okay so you can see we already created in a ro and next you can see we need to provide the cluster name so it when we have to provide the kubernetes version also if you want but we are not providing anything because it will automatically take the latest version of 1.28 okay so you can see here and nothing we are changing here we are just providing the name and we are adding the role so we already created a role here you can see this is the role we are created from our AWS resource and you can see resource Ro and let me copy this one okay up to here and let me copy it here and paste it here and let me save it here so this will Prov in a cluster you can see our resource we are using the resource to create an AWS e cluster with the name of example so I'm going with the same resour I'm not changing anything you can directly change your cluster name here okay so let me change the name here so what is the name you want I just want eks I and Cloud here okay so I want the name as KS cloud and let me close this one I am not using this particular subet present now so let me clear this one and you can see you will get this particular error okay so for the RO Arn and everything because we need the VPC config you can see two few blocks specified for VPC config at least one blocks are specified so we need the VPC here okay so in order to use your original I mean your default UPC you have to provide like this okay after the policy attachment let's use any get VPC data so we are getting our VPC data from here let's provide data so I am calling our data okay from here so AWS uncore VPC and brackets let's open a default so we need the default one right that's why I'm providing the default here and let's open a new bracket and let's call your by providing the default is equals to true you have to provide like this and this will collect your existing default VPC details okay so we need the public subnets also so let's get those Also let's get public subnets for hour and and enter you can see we are getting the public subnets let's call it from the data sorry so let's write the data space and within the brackets we have to call aore subnets subnets here and it will call the subnets and we we do just need the public one only so just provide the public here and open a new bracket here and let's filter it so we need the we we have to filter this okay why we are using the filter means it will collect both the private and public Subs but we need only private one okay so let's provide the name name equals to so we're using this particular VPC okay so this VPC right so that's why I'm using this particular VPC ID so it will automatically call your VPC ID okay so what is your VPC ID and everything from here so from this particular data okay so after the name you have to provide the values okay so just select the values here and we have to use the string and where we need to get the values so you have to get this values from here right so let's provide here come here and you have to provide the data do AWS bpc a wscore bpc and you have to select the default do ID and let's save this one okay so if you get the doubt again let me explain clearly so particular this data so this data block will get this particular AWS VPC so it will search for the default your VPC in your particular AP South one okay so it will using this particular default one is equals to True means we are setting okay use this particular VPC only default one it will collect the data from this particular default VPC so this data block will get your particular VPC that you are present in your reason so it will get only the default VPC complete data okay so next we need the data public subnets in order to create your cluster okay so data so we are again using the data block to get your AWS subnets so it will grab your every submits okay so we are just providing the name block here as a public and for the filter we are using the name so we are using this particular VPC iph ID and the values so for the we are using this particular data from here so use this particular VPC data and just I need the public subnets from that particular VPC so this is the public data subit okay this particular block will get the public subit data from your VPC okay so let's use those uh public subnets for our e cluster creation okay so that is then you have to provide VPC config here to not getting any error let's create that one so in the VPC config you have to use the sub netore ID here okay so this is the subnet idore IDs and we are going to get the public subnets from where we are getting data and this is the data right it will get the public subnets okay so let's copy that one data do AWS underscore subnets and you have to select this one so this is the public subnet we are getting from here so this is the data we are using a data here and subnets here this is the AWS subnets and this is the public and this is the public so it will get the public subnet IDs from from this data okay from your default public submits data okay so you have to provide the do IDs here okay do ID okay so this is how you have to provide to get your public I mean subnets public subnets to create your eks cluster Ro okay so this is done uh let me close this one okay you can see so it will depends on this particular cluster creation will depends on this particular rule so whenever we create a cluster we need am Ro so that's why we are depending on that particular IM Ro so whenever the IM Ro is present then only create an e cluster otherwise wait till this particular cluster role will creat up to our cluster R create so you can see so this is the cluster rle we are creating okay let's close this one so let's open a terminal and let's see whether we are getting the E cluster or not so before that you have to provide an AWS configure okay so let's do that okay so if you provide AWS configure enter and you have to provide your access keys and secret access key that you generated last time okay so this is the access key and Secret access key let's copy this access key and come here and let me paste it here and enter and you have to copy this particular secret access key and you have to paste it here and enter use the AP sou one okay so Jan format that is also okay so and it's created and first we need to provide the Terra form in it so it will initialize your back end it will download every dependency from the AWS in order to provision your resources in your AWS okay so we are just now creating the eks cluster only with the am role of a cluster policy you can see here uh let me close this one once first it will create an am am Ro then it will collect the data of your default VPC and it will collect the public subet data also and then only it will create the eks cluster with the name eks cloud and it will using the public subnets that we are get getting from this particular data okay and it will depends upon the particular Amazon cluster okay so it will depend on this one okay then only our cluster will create it's successfully initialized let's clear the screen and you have to provide the terraform validate to see the syntax is working F or not of our terraform file okay if you provide terraform validate it will check and everything and if you provide any error you will get error here only okay and you can see the configuration is valid so let's provide the terraform plan to see what it's creating okay so terraform plan and enter so let's increase this one and you don't know how to install a terraform locally I already made a dedicated video on that one so I will provide the link in the description you can watch that video and you can do the Jenkins provisioning from that one video and after that you can watch this particular e cluster also you can see here and first it will creating the I mean it's providing like it's creating a cluster okay so you can see it's the name of the cluster is eks cloud and you can see it's creating an AM roll okay you can see Force detach policies and everything it's just creating the name as a cluster cloud and it's attaching your Cloud I mean Ro to a cluster Cloud okay so it's attaching your policy to this particular a cloud cluster you can see here this is the role it's using Okay so let's clear the screen and you have to provide the Terra form apply and enter and you have to provide the action as s here and enter and it will take minimum 10 to 15 minutes to create an a cluster okay so maximum it will take 10 minutes you can see it's first creating the am Ro okay so we need the RO so that's why it's creating the first am role and it attaching the some policies and now after that it's creating the cluster okay and whenever you have any existing uh roles for this particular e you have to delete those rules okay so otherwise you will get the conflict error okay so that's why you have to delete the existing rules that you have on this particular e Ro or E node group and anything okay just remove those and you have to run this particular e cluster from the terraform okay so meanwhile it's creating Let's uh discuss about the a cluster node policy also I mean how to create a node group and everything okay so for the cluster we need the node group okay so let let's open a new tab and you have to search for the E cluster node group and you have to click on enter and you will get the E node group resources here we have to click on here so you can see so example usage okay this is the example usage we are going to use but I'm not using this one okay first of all we need the IM rules even the node group requestes The IM Ro also okay so let's copy that one from here so this is the example I am Ro we are using for the a node group okay so let's copy this and I will explain over there right click and copy it here okay so let's create an empty file okay uh let's make it as a main. txt and enter and it will take some time to create your request cluster okay that's why I'm explaining your node group creation Also let's past that one and enter and save it once and you can see where did you get this particular resource okay if you get the doubt you have to wait till the cluster creation okay so we are using the easy to service okay so we are using the easy to service policy so these are the policies we have to attach to our node group okay so it it requires Amazon a worker node policy attachment and it requires Amazon AK cni policy and it requires Amazon ec2 container read only so these three policies you have to attach to your node group rule am rule okay so this will create an i role forever node group okay so if you want to provide the node group name so let's provide as an Cloud here okay with the name as a cloud and save it here and it will create the node okay so let's come back and let's create the node group from here so everything you can use these resources only to create anything okay so let's copy this resource and everything from up to depends on okay till the end you have to copy that one and you have to paste after this one okay let's paste it here and you can see uh let make it a comment here you can easily understand uh create node group and you can see this is the resource we are using so to create an AWS eks node group and you can see here it's completed all almost after 7 Minutes 12 seconds okay so let's go back to my AWS console and let's see whether it's created or not and you can see here on the C click on clusters and you have to refresh this one and you can see I provided the name as E cloud here and if you click on here and you can see it's automatically taking the 1.28 and you can see created 8 minutes ago and we in order to create an node group you have to click on compute and you have to click on ADD node group and we need the node group name okay that's why we are providing the node group name and we need the IM R you can see here so that's why we are creating the am Ro and you have to click on next and everything from here next okay so let's copy this Ro okay so let's copy this complete txt file that we are using and delete that file we don't need anymore so let's add here okay let me close this ones so come here and paste the code that you copied okay so this is the code we are using now so first we will create the IM node group rule okay so this will get you will get this from here okay you can see if you click on click on this particular IM console and you can see we already have this CS cluster Cloud but because we are created using this from terraform right so let's click on create R and you have to select the AWS service and use case you have to select the ac2 and you have to click on next and you have to use the some permission policies right what we are going to attach so we are going to attach the CNA policy you have to search for CNA and you have to add this one if you click on this one you will get the Arn okay so the same Arn we are using inside our policy attachment okay and this is the Arn let's copy and let me show one only so I want to show where we getting these irn okay and if you paste it here this is the same irn policy we are using uh let's Tab and you can see we are using the same policy okay so these both are same okay a and am and everything same okay so we are getting these policies from there okay so where we are getting the Arn means you have to go there and you have to copy that particular Arn and you have to add it here and for the IM role to where we have to attach this policies you have to add this policies to the particular role okay so AWS ro. example do name you have to add this particular name okay so it will add these three policies and next we are going to create the cluster node group okay so cluster name where we are getting the cluster name so you can see AWS cluster if you go up here and you can see here we are getting the cluster name from here a cluster do example do name you have to provide like that and you can see here AWS cluster example. name so we are getting that name we have to provide the node group and name so I provided the node cloud and node Arn we have to provide the Arn from here okay so from AWS example do AWS ro. example. so it will attach this particular Ro to our node group okay and let me delete this AWS subnets okay I don't want this and we need to attach our own subnets that we are getting from our data so let's provide like this subnet uncore IDs you have to use the data AWS subnets do IU you have to use this one do ID so we are getting the public setet from our data right that's why we are using the data and AWS subnets and public IDs so this particular AKs node group will use this public subnets to create the cluster this subnet IDs will use the data from here okay you can see we already collecting the data from here right so to get the public subnets so it will use those public subnets to create your cluster node group is instance okay so for the scaling config I'm using the max size equals to 2 and minimum size equals to 1 so I'm not using any more than that and if you want to provide the two instances desired it will create the two instance but I'm going with the one so whenever the CPUs is increased more than 80% it will automatically increase the another instance okay so whenever the CPU uses decreased below the 80% it will reduce it to your minimum size is one okay and I don't want this also okay so for the basic we don't need this and for the instance role I mean instance types you have to use the instance type otherwise it will create an T2 medium T3 medium instance for your node group okay so but we need just enough for the t2 micro is enough for our instance type for our node group okay and it will automatically depends on these policies okay so these three policies whenever these three policies is created then only our node group will be created okay so you have to save it here and you have to come up again and go to the terminal here and you have to provide the terraform validate and enter and you can see so AWS IM role we are getting the error right let's see the error so at the line of 51 and you can see come here so this is the error we are getting so you have to use the name I mean name it's already taken from here I think we provided a name here and you can see so we are used the name at the am Ro for our cluster but node group also we are using the same name okay that's why we are getting the error so let's make it to one okay and you have to use the one here also okay roll example one dot name so and save and you have to use the otherwise it will add to our main group I mean it will these policies will add to our particular cluster group use this particular AWS IM ro. example one so we are getting the example one so it then only these three policies will attach this to this particular role okay so otherwise it will add to this role okay otherwise those roles are added to this particular example okay so I'm using just example same right so that's why I'm providing this example one okay so these three policies will attach to this role so that is done you have to use the example one here okay so example one. uh for the node group also it will attach this particular cluster Ro so but we need the uh this R okay so that is done and let's save this and you have to increase this one and if you provide the terraform validate again and you can see our configuration is valid and succeeded okay so let me clear the screen and you have to create the terraform I have to provide the terraform plan here and enter and you can see it's refreshing everything and it's creating the five to add okay so let's apply this so let me play first and let me explain it will create an IM role with CNA policy and worker node policy and container register policy and you can see it will create an IM Ro and it will create a node group with the t2 micro instance type okay and it's using the public subnets from our AP South one and it's setting the scaling config to 1 2 1 so desired is one and maximum is two and minimum is one and it will press the our cluster group just apply so it will create IM am role and it will create the node group only okay and you have to provide us here and enter so you can see here it's creating the am Ro first because we use it depends on right so our node group will depends on this particular IM Ro that's why it's creating the IM Ro first and then after that it's creating the node group you can see here so AKs node group is creating and you can see the resources is added and if you go back to your AWS console a cluster here search for the A and click on enter so this is the cluster R we created a club if you click on this one you can see uh kubernetes version is 1.28 and everything F you can see this is created 20 minutes ago and if you click on compute you will see our node group is created you can see with the name of node cloud and desired size is one and you can see this is the active state number so if you go back to your AWS console you have to click on E2 otherwise you have to see the roles okay so we created the roles right so you can see if you refresh this one you will get the roles okay so this is the node group cloud and if you click on this one we added the three attach policies right you can see these are the policies we attached container register only CNA policy and worker node policy and if you come back again for the cluster Cloud we attached only one policy you can see this is this is the E cluster policy we attached for our main cluster okay so these are the roles we created right and our roles is created and our cluster is created and we have to see whether it's created our thisit instance or not okay so whenever the node group is created it will create an E2 instance and you can see instance is running set to one if you click on this one you will get this automatically you can see it's running so this is getting from our uh a cluster let me delete this one let's see whether it's creating again another instance or not let's click on instance and I want to terminate this one so because we provided the scaling configurate if you delete this one it has to automatically create another instance okay you can see it's no matching instances found and you can just refresh this one you can see the time also here so you can see our time is 1144 now and you can see here let me refresh this one and you can see it's it's created another ac2 instance if you click on the time you can see at the 11:45 it's already created your another ac2 instance okay so that is our scaling config is also working fine and everything even cluster is and everything is created and you have to click on cloud sell here so you have to click on let me open it in a new tab you have to click on here so let's click on a Windows in a new browser let's close it here so our Cloud cell will open in a new tab and you have to click on close and let me close this one and it will create an cell Cloud cell if you see here if you provide the cube CTL get nodes here you will get the error okay so because we didn't ad anything okay so we need to provide the AWS eks update config and everything okay so this is the command we have to use okay so let me paste that one so you can see this is the command we have to use AWS update Cube config so in order to get your cluster info so let's remove this one we have to provide the name of your eks cluster okay so you can see this is the name of my cluster let's copy this one and come back to Cloud cell and let's remove the name and you have to use this name and for the reason you have to use API P out one so we created the cluster in AP South one right that's why you have to provide the Reon also and and you have to click on enter and you can see it's added a new context and if you see Cube C get nodes now you will get the error definitely so you can see our it's cannot reaching to our API Group okay so we will get the error like this okay so let's clear the screen and you have to use this particular AWS configure here and enter and you have to provide the same user credentials that you use to create your R provision your terraform okay so let's copy this one and this is the same access key I used to create our prision my ews cluster okay so that's why you have to save this one but I'm going to delete one this one right so I'm not saving that's why I open the in another new tab okay so let's use this one copy that and come back to your a Cloud cell here and paste that one and enter and you have to provide your secret key also copy this one and go to Cloud cell and paste it there and enter and you have to use the default regon we us to create AP South one right so AP South one and Json and if you now if you provide Cube CTL get nodes you will get the output okay you can see our one instance is up and running so this is how you have to create an aw cluster using the terraform so if you want to delete the cluster all you have to do is go back to here off to your es code and you have to provide the terraform destroy I I auto I approve command to destroy everything okay so if you click on enter it will destroy everything okay so it will take some time to destroy everything and you can see it's deleting the First Data we are getting so it's first reading the data and you can see it's starting deleting by providing the a to destroy you can see our destruction is completed eight resources is completely destroyed it's taken up to you can see here it's taking up to 6 minutes to delete your node group to delete your cluster it's taking 1 minutes and 20 seconds so totally it's taking 9 minutes to delete your complete dist I mean complete cluster okay and if you go back to our AWS console here you can see we are getting the error means our cluster is deleted if you click on clusters and if you can refres this one and you can see no clusters is found meanwhile let me delete my uh key also I I don't so let me delete this user also okay so go back to users so I don't want this one so let's select this one and click on delete and you have to provide your name and click on delete user so you can see our user is deleting okay so that is done so this is how you have to create your ex cluster using the terraform I hope you understand everything clearly and you learn something new from this particular video and thanks for watching the video and keep on supporting

Info

Channel: Mr. Cloud Book

Views: 5,093

Rating: undefined out of 5

Keywords:

Id: 5-PZnYaoZUM

Channel Id: undefined

Length: 37min 44sec (2264 seconds)

Published: Mon Oct 23 2023