From 5495af65c1c0e702f5f7e671df6dd023076c9ad0 Mon Sep 17 00:00:00 2001 From: David Shafer Date: Thu, 26 Jul 2018 10:35:24 -0500 Subject: [PATCH] Working on EKS --- LICENSE | 13 +++++++++++++ README.md | 27 ++++++++++++++++++++++++--- eks-cluster.tf | 18 +++++++++--------- 3 files changed, 46 insertions(+), 12 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1b4ae82 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2018 Internet2 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md index bcbbbb1..44a7840 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,31 @@ Terraform configuration to create an AWS EKS cluster -(Adapted from https://github.com/terraform-providers/terraform-provider-aws) +Adapted from https://github.com/terraform-providers/terraform-provider-aws -This is the full configuration from https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html +For details, see https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html See that guide for additional information. -NOTE: This full configuration utilizes the [Terraform http provider](https://www.terraform.io/docs/providers/http/index.html) to call out to icanhazip.com to determine your local workstation external IP for easily configuring EC2 Security Group access to the Kubernetes master servers. Feel free to replace this as necessary. +## Getting started + +1. Apply the configuration: +``` +$ terraform apply +``` + +2. Create a kubeconfig file: +``` +$ terraform output kubeconfig > kubeconfig +``` + +3. Create and apply the config map: +``` +$ terraform output config_map_aws_auth > config_map_aws_auth.yaml && \ +KUBECONFIG=kubeconfig kubectl apply -f config_map_aws_auth.yaml +``` + +4. Verify that the worker nodes have joined the cluster: +``` +KUBECONFIG=kubeconfig kubectl get nodes +``` diff --git a/eks-cluster.tf b/eks-cluster.tf index 8df998f..9add532 100644 --- a/eks-cluster.tf +++ b/eks-cluster.tf @@ -61,15 +61,15 @@ resource "aws_security_group_rule" "cluster-ingress-node-https" { type = "ingress" } -resource "aws_security_group_rule" "cluster-ingress-workstation-https" { - cidr_blocks = ["${local.workstation-external-cidr}"] - description = "Allow workstation to communicate with the cluster API Server" - from_port = 443 - protocol = "tcp" - security_group_id = "${aws_security_group.cluster.id}" - to_port = 443 - type = "ingress" -} +#resource "aws_security_group_rule" "cluster-ingress-workstation-https" { +# cidr_blocks = ["${local.workstation-external-cidr}"] +# description = "Allow workstation to communicate with the cluster API Server" +# from_port = 443 +# protocol = "tcp" +# security_group_id = "${aws_security_group.cluster.id}" +# to_port = 443 +# type = "ingress" +#} resource "aws_eks_cluster" "cluster" { name = "${var.cluster-name}"