2016-06-07 12:45:25 -07:00
## Kubernetes on AWS with Terraform
**Overview:**
2017-03-01 18:25:58 +01:00
This project will create:
* VPC with Public and Private Subnets in # Availability Zones
* Bastion Hosts and NAT Gateways in the Public Subnet
* A dynamic number of masters, etcd, and worker nodes in the Private Subnet
* even distributed over the # of Availability Zones
* AWS ELB in the Public Subnet for accessing the Kubernetes API from the internet
2016-06-07 12:45:25 -07:00
2017-03-01 18:25:58 +01:00
**Requirements**
2019-12-12 05:42:33 -06:00
- Terraform 0.12.0 or newer
2016-06-07 12:45:25 -07:00
**How to Use:**
2017-04-12 15:11:39 +02:00
- Export the variables for your AWS credentials or edit `credentials.tfvars` :
2016-06-07 12:45:25 -07:00
```
2018-07-05 17:20:02 +08:00
export TF_VAR_AWS_ACCESS_KEY_ID="www"
export TF_VAR_AWS_SECRET_ACCESS_KEY ="xxx"
export TF_VAR_AWS_SSH_KEY_NAME="yyy"
export TF_VAR_AWS_DEFAULT_REGION="zzz"
2016-06-07 12:45:25 -07:00
```
2017-11-30 15:27:52 +00:00
- Update `contrib/terraform/aws/terraform.tfvars` with your data. By default, the Terraform scripts use CoreOS as base image. If you want to change this behaviour, see note "Using other distrib than CoreOs" below.
2017-09-05 10:41:47 -05:00
- Create an AWS EC2 SSH Key
2017-04-12 15:11:39 +02:00
- Run with `terraform apply --var-file="credentials.tfvars"` or `terraform apply` depending if you exported your AWS credentials
2017-09-05 10:41:47 -05:00
Example:
```commandline
2018-05-08 14:55:52 +05:30
terraform apply -var-file=credentials.tfvars
2017-09-05 10:41:47 -05:00
```
2017-04-12 15:11:39 +02:00
- Terraform automatically creates an Ansible Inventory file called `hosts` with the created infrastructure in the directory `inventory`
2017-03-01 18:25:58 +01:00
2017-11-30 15:27:52 +00:00
- Ansible will automatically generate an ssh config file for your bastion hosts. To connect to hosts with ssh using bastion host use generated ssh-bastion.conf.
2017-10-27 14:18:39 +03:00
Ansible automatically detects bastion and changes ssh_args
2017-09-07 13:26:52 -07:00
```commandline
2017-11-30 15:27:52 +00:00
ssh -F ./ssh-bastion.conf user@$ip
2017-09-07 13:26:52 -07:00
```
2017-06-16 13:25:46 -04:00
- Once the infrastructure is created, you can run the kubespray playbooks and supply inventory/hosts with the `-i` flag.
2016-06-07 12:45:25 -07:00
2017-09-05 10:41:47 -05:00
Example (this one assumes you are using CoreOS)
```commandline
2018-10-11 08:32:10 +02:00
ansible-playbook -i ./inventory/hosts ./cluster.yml -e ansible_user=core -b --become-user=root --flush-cache
2017-09-05 10:41:47 -05:00
```
2017-11-30 15:27:52 +00:00
***Using other distrib than CoreOs***
If you want to use another distribution than CoreOS, you can modify the search filters of the 'data "aws_ami" "distro"' in variables.tf.
For example, to use:
- Debian Jessie, replace 'data "aws_ami" "distro"' in variables.tf with
data "aws_ami" "distro" {
most_recent = true
filter {
name = "name"
values = ["debian-jessie-amd64-hvm-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["379101102735"]
}
- Ubuntu 16.04, replace 'data "aws_ami" "distro"' in variables.tf with
data "aws_ami" "distro" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"]
}
- Centos 7, replace 'data "aws_ami" "distro"' in variables.tf with
data "aws_ami" "distro" {
most_recent = true
filter {
name = "name"
values = ["dcos-centos7-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["688023202711"]
}
2017-09-05 10:41:47 -05:00
2017-04-12 15:11:39 +02:00
**Troubleshooting**
***Remaining AWS IAM Instance Profile***:
If the cluster was destroyed without using Terraform it is possible that
the AWS IAM Instance Profiles still remain. To delete them you can use
the `AWS CLI` with the following command:
```
aws iam delete-instance-profile --region < region_name > --instance-profile-name < profile_name >
```
2018-10-31 21:27:58 +08:00
***Ansible Inventory doesn't get created:***
2017-04-12 15:11:39 +02:00
2018-10-31 21:27:58 +08:00
It could happen that Terraform doesn't create an Ansible Inventory file automatically. If this is the case copy the output after `inventory=` and create a file named `hosts` in the directory `inventory` and paste the inventory into the file.
2017-04-12 15:11:39 +02:00
2017-03-01 18:25:58 +01:00
**Architecture**
2016-06-07 12:45:25 -07:00
2017-03-01 18:25:58 +01:00
Pictured is an AWS Infrastructure created with this Terraform project distributed over two Availability Zones.
2016-06-07 12:45:25 -07:00
2017-06-16 13:25:46 -04:00
![AWS Infrastructure with Terraform ](docs/aws_kubespray.png )