[EKS Hand-on Series] Introduction and setup environment

With the power of Amazon Elastic Kubernetes Service (Amazon EKS), we are now able to run Kubernetes in the AWS cloud and on-premises data centers. In this series of blogs, let find out what EKS offer to us and how to implement best practices to it.

About me

I'm currently a DevOps Engineer at MegazoneCloud, I have over 2.5 year of experiences in DevOps. I have experience in AWS, GCP, Terraform, Kubernetes,... You can check out my Linkedin profile in here.
I'm not experience in blogging :'> so your feedback is really appreciated. Please feel free you share your thought regard the blogs, I will try to improve the content. Thank you.

About this series

What is this series about?
This series will help you getting started with Kubernetes and EKS with mainly hand-ons, from beginner-friendly to intermediate and some advanced, the series will also contain lots of hand-on with popular tools like terraform, kubectl,... so stay tuned :3. To me, the best learning method is to practice first and theory later, so I will be mainly focus on doing the exercises, labs and I will explain some theory on the way (in plain-text of course :3).

This series is for who?
This series is mainly designed for students, developers who new to K8s, EKS, but anyone who interested can take this as well.

Hope you will learn something from this. Neither to say, let start the series :3.

Prerequisite

What you will need to follow this series:

• An AWS account
• Accessibility to machine terminal

The following step is what we will do in this article:

Step 1: Create IAM user and access key.
Step 2: Install and configure tools.
Step 3: Setup terraform environment.

Without further ado, let's get our hand dirty! :D

Create IAM user and access key

When we first create our AWS Account, we will have a root user from email and password we registered to AWS. AWS recommend not to use this root user for managing and deploying resources on AWS, instead we should create an IAM user to handle this.

First, go to IAM and create a new user.

Fill out the user information, make sure to leave a tick on option Provide user access to the AWS Management Console and untick the option Users must create a new password at next sign-in like the picture below to save ourself some time.


After hit next, in the permission section, provide the user with policy AdministratorAccess.

AWS recommend to provide least privilege for our user but for purpose of this series we will make this simple by providing full permission for our user. For production environment, please follow AWS best practices in here

After that hit next, and next and wala, you have created your IAM user, remember to save the csv file for later use.

Next, let create an access key for this user so we can use it for command line interface later.

Select Command line interface (CLI) and hit Next, Create Access Key and the key is your. Remember to download CSV file for later use.

Install and configure tools

AWS CLI

For AWS CLI, please follow this link to install. If you are a Mac user like I do, you can use the following command.

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg ./AWSCLIV2.pkg -target /

Let verify the installation by following command.

~ aws --version
aws-cli/2.11.11 Python/3.11.2 Darwin/22.4.0 exe/x86_64 prompt/off

If you get output similar to above, it's mean you have successfully install AWS CLI.
Alright, let's get used to AWS CLI a little bit. Let's create an CLI profile to store your access key so you can connect to AWS resources via CLI. Run the following command:

aws configure --profile eks-hand-on-series

Then input the access key and secret from the csv file you saved above.

To select the profile, export the following environment variable:

export AWS_PROFILE=eks-hand-on-series

Let's verify if AWS CLI is authenticated

~ aws sts get-caller-identity --no-cli-pager
{
    "UserId": "<your-user-id>",
    "Account": "<your-user-account-number",
    "Arn": "<your-user-account>"
}

If the output include your user, it's mean AWS CLI is authenticated. Great work!

Terraform

For the terraform installation, please follow this link. For Mac, you can the following commands:

brew tap hashicorp/tap
brew install hashicorp/tap/terraform

If you don't have brew yet, install it from here.
Let's verify if terraform is installed.

~ terraform --version
Terraform v1.4.5
on darwin_arm64

Your version of Terraform is out of date! The latest version
is 1.5.7. You can update by downloading from https://www.terraform.io/downloads.html

Good job! Let move on to setup terraform environment.

Setup terraform environment

First, setup your directory like this.

├── README.md
├── backend
│   └──  main.tf
├── data.tf
├── main.tf
├── outputs.tf
├── provider.tf
├── variables.tf
└── version.tf

Next let's setup initialize terraform directory and create remote backend for terraform state file, open up your favorite IDE and edit backend/main.tf file with following content:

# Bucket used to store our state file
resource "aws_s3_bucket" "state_file" {
  bucket = "terraform-lock-state-<random-number>"
}

# Enabling bucket versioning to keep backup copies of the state file
resource "aws_s3_bucket_versioning" "state_file" {
  bucket = aws_s3_bucket.state_file.id

  versioning_configuration {
    status = "Enabled"
  }
}

# Table used to store the lock to prevent parallel runs causing issues
resource "aws_dynamodb_table" "state_file_lock" {
  name           = "terraform-lock-state-<random-number>"
  read_capacity  = 5
  write_capacity = 5
  hash_key       = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }
}

provider.tf file.

provider "aws" {
  region = "ap-southeast-1"
  default_tags {
    tags = {
      environment = "Dev"
    }
  }
}

version.tf file

terraform {
  required_version = " ~> 1.4.5"

  backend "s3" {
     bucket         = "eks-hand-on-series-<random-number>"
     key            = "tf-aws-bootstrap/terraform.tfstate"
     region         = "ap-southeast-1"
     dynamodb_table = "terraform-lock-state-<random-number>"
  }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0.0"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "~> 2.20.0"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "~> 2.9.0"
    }
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = ">= 1.14"
    }
  }
}

Note: Please remember to change to a random number so the bucket won't be duplicate and run terraform.
Now, let's run terraform init to install the provider and initialize local backend, make sure you are in correct directory (backend). The result should look like this.

Next, run terraform apply --auto-approve to create remote backend. You should get the result below.

Go back to main directory and run terraform init.

Now your state file will be store in S3 bucket. Don't worry about the cost. S3 and DynamoDB won't charge you until 5GB of storage being used, so you can keep this until you have finished the series or you can terminate it whenever you like with terraform destroy (remember to be in correct directory)

Conclusion

Congrats! We have successfully setup terraform environment... Finally, we can focus on the main task :). In the next post, I will show you how to create your first cluster with encrypted feature enabled using terraform. It will be really exciting so stay tune :3

The source code is upload here
I will update it usually so be patient.

Thank you and happy hacking!