This repository provides method to create underlying Kubernetes infrastructure for running containerised applications. This step is needed to sucesfully complete Cloud DevOps Engineer Nanodegree Program Capstone project. The simpliest way would be to use official CLI for Amazon EKS - eksctl.

You will need:

• an AWS account with the IAM permissions listed on the EKS module documentation,
• a configured AWS CLI
• kubectl
• direnv

We are using Environment Variables for providing credentials for authentication. Template file for applying AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY can be found in .envrc-dist file.

Copy .envrc-dist to .envrc add the exact parameters

• replace <AWS_ACCESS_KEY_ID> with your Access key ID
• replace <AWS_SECRET_ACCESS_KEY> with Secret access key

and let direnv load environment variables.

In your terminal, clone the following repository.

$ git clone https://github.com/loncarales/udacity-capstone-infra.git

Copy main.tf-dist file to main.tf file and configure the following:

backend "s3" {
    bucket         = "<S3_BUCKET_NAME>" // S3 bucket name
    key            = "global/s3/<OBJECT_KEY>.tfstate" // Object key name
    region         = "<AWS_REGION>" // AWS Region
    dynamodb_table = "<DynamoDB_TABLE_NAME>" // DynamoDB table name
    encrypt        = true
}

The values must be the same as configured in the repository https://github.com/loncarales/terraform-state-management.

Once you have cloned the repository, initialize your Terraform workspace, which will download and configure the providers.

$ terraform init
$ terraform plan

Run terraform apply and review the planned actions.

Your terminal output should indicate the plan is running and what resources will be created. This process should take approximately 10 - 15 minutes. Upon successful application, your terminal prints the outputs defined in outputs.tf.

Run the following command to retrieve the access credentials for your cluster and automatically configure kubectl.

$ aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)

While we can deploy the Kubernetes metrics server and dashboard using Terraform, kubectl is used so we don't need to configure our Terraform Kubernetes Provider.

Download and unzip the metrics server by running the following command.

$ wget -O v0.3.6.tar.gz https://codeload.github.com/kubernetes-sigs/metrics-server/tar.gz/v0.3.6 && tar -xzf v0.3.6.tar.gz
$ kubectl apply -f metrics-server-0.3.6/deploy/1.8+/
$ kubectl get deployment metrics-server -n kube-system

The following command will schedule the resources necessary for the dashboard.

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

Now, create a proxy server that will allow you to navigate to the dashboard from the browser on your local machine. This will continue running until you stop the process by pressing CTRL + C.

$ kubectl proxy 

You should be able to access the Kubernetes dashboard here.

To use the Kubernetes dashboard, you need to create a ClusterRoleBinding and provide an authorization token. This gives the cluster-admin permission to access the kubernetes-dashboard. Authenticating using kubeconfig is not an option.

In another terminal (do not close the kubectl proxy process), create the ClusterRoleBinding resource.

$ kubectl apply -f https://raw.githubusercontent.com/hashicorp/learn-terraform-provision-eks-cluster/master/kubernetes-dashboard-admin.rbac.yaml

Then, generate the authorization token.

$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep service-controller-token | awk '{print $1}')

Remember to destroy any resources you create once you no longer need them. Run the destroy command and confirm with yes in your terminal.

$ terraform destroy