This project uses Terraform to deploy a 3-Tier Architecture on AWS which consists of the following:
-
Virtual Private Cloud
-
Private, public and database subnets.
-
Bastion, private and database EC2 instances.
-
Internet for Bastion EC2 instances.
-
NAT gateway for private EC2 instances to communicate with the internet.
-
Elastic IPs assigned for NAT gateways.
No routes created from NAT gateway to database instances.
Shell scripts used to automate deployment of kubernetes cluster to private EC2 instances with kubespray.
Inventory list for ansible is dynamically build with .tpl template.
Amazon EKS cluster is best for production but not deployed due to financial costs.
-
Install Terraform
-
Install AWS CLI
-
Generate key pair for connection to EC2 instances in AWS console. Name it
terraform-key. ChooseRSAkey pair type and use.pemkey file format. -
Minimum required version of Kubernetes is
v1.27
Clone this repository to local machine
cd /
git clone [email protected]:odennav/terraform-aws-vpc-kubespray.git
cd terraform-kubernetes-aws-vpc-kubespray/terraformImplement terraform commands sequentially in local machine to create the AWS infrastructure.
Initialize terraform working directory
terraform initValidate the syntax of the terraform configuration files
terraform validateCreate an execution plan that describes the changes terraform will make to the infrastructure
terraform planApply the changes described in execution plan
terraform apply -auto-approveCheck AWS console for instances created and running
Use the .pem key from AWS to SSH into the public EC2 instance.
IPv4 address of public EC2 instance will be shown in terraform outputs.
ssh -i private-key/terraform-key.pem ec2-user@<ipaddress>Its possible to use public EC2 instance as a jumpbox to ssh into private EC2 instances within the VPC.
Change root password upon first-Login to dev-Control machine
sudo passwdSwitch to root user.
Add new user to sudo group. In this case new user is odennav-admin
sudo useradd odennav-admin
sudo usermod -aG wheel odennav-adminTest sudo privileges by switching to new user
su - odennav-admin
sudo ls /rootYou'll notice prompt to enter your user password.
To disable this prompt for every sudo command, implement the following:
Add sudoers file for odennav-admin user
cd /etc/sudoers.d/
sudo echo "odennav-admin ALL=(ALL) NOPASSWD: ALL" > odennav-adminSet permissions for sudoers file
sudo chmod 0440 odennav-adminUpdate yum package manager
sudo yum update -y
sudo yum upgrade -yConfirm Git was installed by terraform
git --versionConfirm terraform-key was transferred to public EC2 instance by null provisioner
terraform-key.pem should be copied to another folder because it will be deleted if node is restarted or shutdown
ls -la /tmp/terraform-key.pem
cp /tmp/terraform-key.pem /Change permissions of terraform-key.pem file
SSH test will fail if permissions of .pem key are not secure enough
sudo chmod 400 /tmp/terraform-key.pemClone this repository to control-dev node
cd /
git clone [email protected]:odennav/terraform-aws-vpc-kubespray.git
git clone [email protected]:kubernetes-sigs/kubespray.gitCopy IPv4 adresses of private EC2 instances deployed by Terraform
Check IPv4 addresses in inventory file and input them in bash-scripts/ipaddr-list.txt
Don't change format seen in .txt file, ip addresses will be read by the shell scripts.
For security reasons, don't share your private ips.
Install yum and python utilities
sudo chmod 770 dependencies-install
sudo ./dependencies-installSetup nodes for Kubernetes cluster
sudo chmod 770 kubespray-deploy.sh
sudo ./kubespray-env-build.shChange directory to your local kubespray repository and execute the ansilbe playbook to deploy kubernetes cluster with kubespray
cd /kubespray
ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=odennav-admin cluster.ymlTo tear down the infrastructure created by Terraform.
terraform destroyEnjoy!