Provision VPC in AWS & Deploy a Kubernetes Cluster

This project uses Terraform to deploy a 3-Tier Architecture on AWS which consists of the following:

• Virtual Private Cloud

• Private, public and database subnets.

• Bastion, private and database EC2 instances.

• Internet gateway for Bastion EC2 instances.

• NAT gateway for private EC2 instances to communicate with the internet.

• Elastic IPs assigned for NAT gateways.

No routes created from NAT gateway to database instances.

Requirements

• Install Terraform

• Install AWS CLI

• Generate key pair for connection to EC2 instances in AWS console. Name it terraform-key. Choose RSA key pair type and use .pem key file format.

• Minimum required version of Kubernetes is v1.27

Shell scripts used to automate deployment of kubernetes cluster to private EC2 instances with kubespray.

Inventory list for ansible is dynamically built with .tpl template.

Getting Started

Clone this repository to local machine

cd /
git clone git@github.com:odennav/terraform-aws-vpc-kubespray.git
cd terraform-kubernetes-aws-vpc-kubespray/terraform

Implement terraform commands sequentially in local machine to create the AWS infrastructure.

Initialize terraform working directory

terraform init

Validate the syntax of the terraform configuration files

terraform validate

Create an execution plan that describes the changes terraform will make to the infrastructure

terraform plan

Apply the changes described in execution plan

terraform apply -auto-approve

Check AWS console for instances created and running

---

Use the .pem key from AWS to SSH into the public EC2 instance.

IPv4 address of public EC2 instance will be shown in terraform outputs.

ssh -i private-key/terraform-key.pem ec2-user@<ipaddress>

Its possible to use public EC2 instance as a jumpbox to ssh into private EC2 instances within the VPC.

Change root password upon first-Login to dev-Control machine

sudo passwd

Switch to root user.

Add new user to sudo group. In this case new user is odennav-admin

sudo useradd odennav-admin
sudo usermod -aG wheel odennav-admin

Test sudo privileges by switching to new user

su - odennav-admin
sudo ls /root

You'll notice prompt to enter your user password.

To disable this prompt for every sudo command, implement the following:

Add sudoers file for odennav-admin user

cd /etc/sudoers.d/
sudo echo "odennav-admin ALL=(ALL) NOPASSWD: ALL" > odennav-admin

Set permissions for sudoers file

sudo chmod 0440 odennav-admin

Update yum package manager

sudo yum update -y
sudo yum upgrade -y

Confirm Git was installed by terraform

git --version

Confirm terraform-key was transferred to public EC2 instance by null provisioner

terraform-key.pem should be copied to another folder because it will be deleted if node is restarted or shutdown

ls -la /tmp/terraform-key.pem
cp /tmp/terraform-key.pem /

Change permissions of terraform-key.pem file

SSH test will fail if permissions of .pem key are not secure enough

sudo chmod 400 /tmp/terraform-key.pem

Clone this repository to control-dev node

cd /
git clone git@github.com:odennav/terraform-aws-vpc-kubespray.git
git clone git@github.com:kubernetes-sigs/kubespray.git

Copy IPv4 adresses of private EC2 instances deployed by Terraform

Check IPv4 addresses in inventory file and input them in bash-scripts/ipaddr-list.txt

Don't change format seen in .txt file, ip addresses will be read by the shell scripts.

For security reasons, don't share your private ips.

---

Install yum and python utilities

sudo chmod 770 dependencies-install
sudo ./dependencies-install

Setup nodes for Kubernetes cluster

sudo chmod 770 kubespray-deploy.sh
sudo ./kubespray-env-build.sh

Change directory to your local kubespray repository and execute the ansilbe playbook to deploy kubernetes cluster with kubespray

cd /kubespray
ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=odennav-admin cluster.yml

---

Destroying Resources(Optional)

To tear down the infrastructure created by Terraform.

terraform destroy

---

Enjoy!