This repo shows as a demo for using components in terraform-aws-eks-blueprints to create and config EKS clusters
- pull terraform-aws-eks-blueprints repo (from and put it next to this repo
Here is the high level design of the solution. The solution has been split into 3 different Terraform stacks for simplicity.
- VPC,
- Creates a new VPC and 3 Public and Private Subnets
- VPC Endpoints for various services and S3 VPC Endpoint gateway
- security groups for ingress and egress, NAT, IGW, dns...
- Creates EKS Cluster Control plane with a private/public endpoint
- Managed node group
- self managed node group
- fargate_profiles
- enable AMP for next step
- create opensearch (VPC mode) in public subnet for next step
- launch template for karpenter autoscalling (even optional for karpenter)
2a. EKS with addon
- create a eks cluster with fargate and managed node group
- also includes add-ons
- cannot use with eks folder together since they share the same VPC
EKS adds-on
Argo CD
AMP (/ at end in workspace url) tf deploys irsa and workspace. argocd deploys promethus chart
log with fluent bit
observability/amp-amg-opensearch goes to opensearch (vpc) not work. even work, it is for damonset not built-in. nothing need to deploy for built-in except configmapnote: fargate built-in fluentbit deploy manually note: fluentbit demaonset and opensearch how to do manually note: complete-kubernetes-addons goes to cloudwatch log
karpenter with irsa
test karpenter deploy default_provisioner and inflate.yaml
kubectl get deployment inflate
kubectl scale deployment inflate --replicas 1
kubectl describe node --selector=intent=apps
optional. for add-ons not covered, you can get charts and check in your git repo for argocd. You may need to manaully create IRSA.
fargate-serverless-VPC is a seperate example which puts VPC, EKS-fargate and addons into the same folder.
It creates a eks cluster with fargate only, opensearch service and irsa for adot.
need to modify backend.conf and base.tfvars in each subfolder and make sure the variables are matched
terraform init -backend-config backend.conf -reconfigure
terraform plan -var-file base.tfvars
terraform apply -var-file base.tfvars -auto-approve
terraform destroy -var-file base.tfvars -auto-approve
2.1 VPC - Please refer to the [instructions](./vpc/ to deploy a new VPC.
output: vpc_id, private_subnets, public_subnets
2.2 EKS - Please refer to the [instructions](./eks/ to deploy a private EKS cluster
refer to VPC status bucket to get vpc and subnets
output: cluster_id, configure_kubectl
2.3 Add-ons - Please refer to the [instructions](./add-ons/ to deploy the add-ons to the private EKS cluster using GitOps.
manually add cluster id, region and amp_endpoint
To teardown and remove the resources created in this example:
terraform destroy -target="module.eks_blueprints_kubernetes_addons" -var-file base.tfvars -auto-approve
terraform destroy -target="module.eks_blueprints" -var-file base.tfvars -auto-approve
terraform destroy -target="module.vpc" -var-file base.tfvars -auto-approve
Finally, destroy any additional resources that are not in the above modules
terraform destroy -auto-approve -var-file base.tfvars
# known issues:
1. affinity settings in some applications can only work on one node group. so better create node group with >3 nodes
2. the default alb image is too old in blueprints. reset image in argocd repo alb chart value.yaml
3. fluentbit deploy with argocd error