Status: WIP - bastion still can't reach private endpoint
Deploy a basic EKS cluster.
- deploy VPC that meets the EKS networkign requirements with aws cloudformation
- deploy EKS cluster with terraform
Required:
- docker
- an aws account
00-vpc has resouces to deploy the VPC that meets eks network requirements
eks has terraform config to spin up eks cluster.
Most dependencies are managed in the compose.yaml and respective Dockerfile, this has a couple of services so that you don't have to install terraform or aws-cli.
We'll use the scripts/do-action.sh <action> to roll out deployment, which calls the compose service as needed.
configure programmatic access for aws-cli:
Verify aws cli picks up creds okay with the compose:
docker compose run aws iam list-usersIf it works it works
./scripts/do-action.sh deploy-eks-vpcThis deploys a basic subnet that meets the networking requirements for an EKS cluster.
This will get the outputs from the VPC cloudformation stack. Fill in the rest yourself:
./scripts/do-action.sh seed-tfvars-file We'll just use a local tf backend for now. Do a plan first if you'd like:
docker compose run terraform -chdir=eks plan -var-file eks-play.tfvarsDeploy:
./scripts/do-action.sh deploy-eks-clusteryes when prompted
Now you can connect to the bastion instance with Session Manager and reach the cluster once you authenticate.
Run:
aws configuredocker compose run terraform -chdir=eks destroy -var-file eks-play.tfvarssay yes when prompted.
Then the VPC:
aws cloudformation delete-stack --stack-name=eks-vpc;double check in console