- Website: https://www.terraform.io
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
If you're new to Terraform and want to get started creating infrastructure, see the introduction section of the Terraform website.
All documentation is available on the Terraform website:
Implementing a CI/CD pipeline leveraging Kubernetes gives you freedom from hasles of managing runtime environments. At times, teams within an organization used different stack for development which suit them best. And, a runtime agnostic pipeline can make the job easy for everyone. This repository contains terraform files to provision an EKS cluster on AWS and facilitate a CI/CD pipeline. It would roll out:
- An EKS Cluster
- A Worker Node
- Auto-scaling group for worker node
- A VPC
- Persistent Volume & Volume Claim
- Jenkins
Files:
- main.tf provisions a Worker Nodes, Kubernetes & Helm providers using the AWS EKS Module.
- resources.tf provisions resources like, namespaces and role bindings.
- variables.tf maps role and accounts.
- versions.tf contains version details of various providers.
- vpc.tf provisions a VPC, subnets and availability zones using the AWS VPC Module.
In addition to this, the repository contains helm charts to enable CI/CD pipeline using Jenkins.
Following are some prerequisites:
Using Git, clone this repository into your workspace and navigate to the repostiory folder.
$ cd terraform-aws-eks-
You'll need an AWS account with the IAM permissions listed on the EKS module documentation
-
Access your "My Security Credentials" section in your profile.
- Create an access key if you don't have one.
-
Configure AWS CLI
$ aws configure AWS Access Key ID [None]: "Your access key id" AWS Secret Access Key [None]: "Your secret access key" Default region name [None]: "Your preferred region" Default output format [None]: json
- Download latest version of Terraform from here and after unzipping, configure the system's path.
- Download the latest release of Kubectl from here to run commands against your Kubernetes cluster. Configure the system's path as well.
- Install HELM CLI to work on your application charts from here.
- Install Open SSL for certificate generation from here.
Using any preferred CLI, navigate to this repository on your local workspace.
To provision the infrastructure, use the following basic Terraform commands from your preferred CLI in your working directory.
$ terraform init
$ terraform plan
$ terraform applyNOTE: Provisioning infrastructure can take some time. It might fail with a connection error. Update your kube-config file with the following command and re-run.
$ aws eks update-kubeconfig --name <cluster-name> --region <region>Once your infrastrucure is provisioned, you can query various details using kubectl.
To deploy Jenkins in you cluster, you can either use helm or terraform resourcing templates.
Using Helm
Start with creating a separate namespace for Jenkins and a service account with appropriate RBAC.
Also, Creating a pesistent volume and binding it with a claim for Jenkins ensures that your data is not lost in case of Jenkins container crash, evict etc.
Navigate to jenkins folder and execute the following commands -
To create namespace:
$ kubectl create namespace jenkinsTo create service account and apply RBAC:
$ kubectl apply -f jenkins-sa.yamlTo create namespace:
$ kubectl create namespace jenkinsTo create persistent volume:
$ kubectl apply -f jenkins-volumes.yamlTo create a claim:
$ kubectl apply -f jenkins-pvc.yaml$ chart=jenkins/jenkins
$ helm install jenkins -n jenkins -f values.yaml ./helm $chart Using Terraform:
Update your Terraform configuration files to provision:
- Resource for creating namespace for Jenkins
- Resource for creating a Service Account
- Resource for creating a persistent volume
- Resource to bind the persistent volume with claim for Jenkins namespace.
- Helm chart resource to provision Jenkins.
And execute these again:
$ terraform init
$ terraform plan
$ terraform applyCurrently ServiceType has been defined as LoadBalancer (refer Jenkins Helm Chart). This enables a LoadBalancer with a public endpoint. This is not a good practice and your kubernetes services should be exposed only behind an NLB or ALB.
Jenkins can be installed in your cluster by provisioning a helm resource or by using helm commands. Helm chart for the same are available under helm-jenkins.
Once the setup is complete:
-
Using kubectl identify the public ip of the service and login.
-
Login to Jenkins using password configured or use the inital password. You'll have to do a kubectl exex into the pod to get these details.
- use kubectl port-forward do connect with the pod.
-
Once logged in, configure the plugins required.
-
A Kubernetes plugin for Jenkins pipeline has been incorporated in the base image used for this setup.
- Go to Jenkins Configuration and scroll to the bottom and click on "a separate configuration .page"
- You can see Kubernetes already available as a cloud provider
- Click on Kubernetes Cloud Details -
CLick on Test Connection
- Configure pod details -
You have two option after this -
- In pod templates, you can specify the type of containers to spin. You can provide the image details and other required parameters accordingly.
- Specify the containers in your pipeline script.
You can refer here for further details.
Use the following command to remove the infrastructure.
$ terraform destroyEnable Docker Bridge Network:
Docker:
Helm Chart Creation:
Kubectl Cheatsheet:
Terraform:
- Ingress configuration to be incorporated.
- Terraform destroy terminates with unauthorized error.
Specify other modules if required. Fix yet to be identified.
$ terraform state list terraform state rm module.eks.kubernetes_config_map.aws_auth terraform state rm kubernetes_persistent_volume.jenkins_pv terraform state rm kubernetes_secret.docker_secret terraform state rm kubernetes_namespace.jenkins - Handle image retrieval from private repository in Terraform templates.