Working on EKS

LICENSE

@@ -0,0 +1,13 @@
+Copyright 2018 Internet2
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

@@ -2,10 +2,31 @@
 
 Terraform configuration to create an AWS EKS cluster
 
-(Adapted from https://github.com/terraform-providers/terraform-provider-aws)
+Adapted from https://github.com/terraform-providers/terraform-provider-aws
 
-This is the full configuration from https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html
+For details, see https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html
 
 See that guide for additional information.
 
-NOTE: This full configuration utilizes the [Terraform http provider](https://www.terraform.io/docs/providers/http/index.html) to call out to icanhazip.com to determine your local workstation external IP for easily configuring EC2 Security Group access to the Kubernetes master servers. Feel free to replace this as necessary.
+## Getting started
+
+1. Apply the configuration:
+```
+$ terraform apply
+```
+
+2. Create a kubeconfig file:
+```
+$ terraform output kubeconfig > kubeconfig
+```
+
+3. Create and apply the config map:
+```
+$ terraform output config_map_aws_auth > config_map_aws_auth.yaml && \
+KUBECONFIG=kubeconfig kubectl apply -f config_map_aws_auth.yaml
+```
+
+4. Verify that the worker nodes have joined the cluster:
+```
+KUBECONFIG=kubeconfig kubectl get nodes
+```

eks-cluster.tf

@@ -61,15 +61,15 @@ resource "aws_security_group_rule" "cluster-ingress-node-https" {
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "cluster-ingress-workstation-https" {
-  cidr_blocks       = ["${local.workstation-external-cidr}"]
-  description       = "Allow workstation to communicate with the cluster API Server"
-  from_port         = 443
-  protocol          = "tcp"
-  security_group_id = "${aws_security_group.cluster.id}"
-  to_port           = 443
-  type              = "ingress"
-}
+#resource "aws_security_group_rule" "cluster-ingress-workstation-https" {
+#  cidr_blocks       = ["${local.workstation-external-cidr}"]
+#  description       = "Allow workstation to communicate with the cluster API Server"
+#  from_port         = 443
+#  protocol          = "tcp"
+#  security_group_id = "${aws_security_group.cluster.id}"
+#  to_port           = 443
+#  type              = "ingress"
+#}
 
 resource "aws_eks_cluster" "cluster" {
   name     = "${var.cluster-name}"