The Amazon Elastic Kubernetes Service (EKS) is the AWS service an abstracted infrastructure requirement for deploying, managing, and scaling DIGIT on AWS.

Prerequisites

AWS account with the IAM permissions listed on the EKS module documentation
AWS CLI configured
AWS IAM Authenticator
kubectl

Set up Terraform with AWS

The first thing to set up is your Terraform. We will create an AWS IAM user for Terraform.

In your AWS console, go to the IAM section and create a user named “FullAccess”. Then add your user to a group named “FullAccessGroup”. Attaches to this group the following rights:

AdministratorAccess
AmazonEKSClusterPolicy

After these steps, AWS will provide you a Secret Access Key and Access Key ID. Save them preciously because this will be the only time AWS gives it to you.

In your own console, create a ~/.aws/credentials file and put your credentials in it:

[default]
 aws_access_key_id=***********
 aws_secret_access_key=****************************

The last step is to create this file:

[default]
 region=eu-west-3

Set up and initialize your Terraform workspace

‌Clone the following repository:

git clone https://github.com/egovernments/DIGIT-DevOps.git
cd DIGIT-DevOps/infra-as-code/terraform

In here, you will find three modules used to provision a EKS cluster, RDS, and Storage.

Kubernetes module:

VPC Resources:
- VPC
- Subnets
- Internet Gateway
- Route Table
EKS Cluster Resources:
- IAM Role to allow EKS service to manage other AWS services
- EC2 Security Group to allow networking traffic with EKS cluster
- EKS Cluster
EKS Worker Nodes Resources:
- IAM role allowing Kubernetes actions to access other AWS services
- EC2 Security Group to allow networking traffic
- Data source to fetch latest EKS worker AMI
- AutoScaling Launch Configuration to configure worker instances
- AutoScaling Group to launch worker instances

Database Module:

Configuration in this directory creates set of RDS resources including DB instance, DB subnet group, and DB parameter group.

Storage Module:

Configuration in this directory creates EBS volume and attaches it together.

Set up an environment

Here, you will find five files used to provision a VPC, security groups, IAM users, storages, EKS cluster, s3 bucket. The final product should be similar to this:

The source for each module in the main.tf is from the modules like:

Configuration in this directory creates a set of:

s3 bucket: to store terraform state.
Network: VPC, security groups.
IAM users auth: using keybase to create admin, deployer, the user.
- Example user keybase user"egovterraform" needs to be created and has to uploaded his public key here - https://keybase.io/egovterraform/pgp_keys.asc
EKS cluster: with master(s) & worker node(s).
Storage(s): for es-master, es-data-v1, es-master-infra, es-data-infra-v1, zookeeper, kafka, kafka-infra.

The Kubernetes tools can be used to verify the newly created cluster. Once terraform apply execution is done it will generate the Kubernetes configuration file or you can get it from terraform state.

Set an environment variable so that kubectl picks up the correct config.

Verify the health of the cluster.

You should see the details of your worker nodes, and they should all have a status Ready.

Provision EKS Cluster (AWS)