Deploying an EKS Cluster with Terraform: Best Practices

Deploying an EKS Cluster with Terraform: Best Practices

Amazon Elastic Container Service for Kubernetes (EKS) is a managed container service that makes it easy to deploy, manage, and scale containerised applications. In this tutorial, we will cover how to deploy an EKS cluster using Terraform, a popular infrastructure as code (IaC) tool. We'll also highlight best practices for deploying EKS clusters with Terraform.

Prerequisites

  • An AWS account with the necessary permissions to create and manage EKS clusters

  • Terraform installed on your machine (version 1.0 or later)

  • AWS CLI installed on your machine (version 2.0 or later)

Step 1: Create an AWS VPC

Before deploying an EKS cluster, you need to create a Virtual Private Cloud (VPC) in your AWS account. You can use the AWS Management Console or Terraform to create the VPC.

resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"
}

Step 2: Create an EKS Cluster

Next, you need to create an EKS cluster using Terraform. You can use the aws_eks_cluster resource to create the cluster.

resource "aws_eks_cluster" "example" {
  name     = "example-cluster"
  role_arn = aws_iam_role.example.arn

  vpc_resolver {
    security_group_ids = [aws_security_group.example.id]
  }
}

Step 3: Create an IAM Role for the EKS Cluster

To create an EKS cluster, you need to provide an IAM role that will be used by the cluster. You can use the aws_iam_role resource to create the role.

resource "aws_iam_role" "example" {
  name        = "example-role"
  description = "Example role for EKS cluster"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

Step 4: Create a Security Group for the EKS Cluster

You also need to create a security group that will be used by the EKS cluster. You can use the aws_security_group resource to create the group.

resource "aws_security_group" "example" {
  name        = "example-sg"
  description = "Example security group for EKS cluster"

  ingress {
    from_port   = 0
    to_port     = 65535
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Step 5: Create an EKS Node Group

Finally, you need to create an EKS node group that will be used by the cluster. You can use the aws_eks_node_group resource to create the node group.

resource "aws_eks_node_group" "example" {
  cluster_name    = aws_eks_cluster.example.name
  node_role_arn   = aws_iam_role.example.arn
  num_nodes       = 3

  scaling_config {
    desired_size = 3
    max_size      = 3
    min_size      = 1
  }
}

Best Practices

Here are some best practices to keep in mind when deploying an EKS cluster with Terraform:

  • Use a consistent naming convention: Use a consistent naming convention for your resources, such as using the same prefix for all resources.

  • Use IAM roles instead of access keys: Instead of using access keys, use IAM roles to manage access to your EKS cluster.

  • Use security groups to control network traffic: Use security groups to control network traffic and ensure that only authorized traffic can reach your EKS cluster.

  • Use node groups with scaling configurations: Use node groups with scaling configurations to automatically scale your EKS cluster based on workload demands.

  • Monitor and troubleshoot your EKS cluster: Monitor and troubleshoot your EKS cluster regularly to ensure that it is running smoothly and efficiently.

Conclusion

In this tutorial, we covered how to deploy an EKS cluster using Terraform. We also highlighted best practices for deploying EKS clusters with Terraform. By following these best practices, you can ensure that your EKS cluster is deployed securely and efficiently, and that it is able to meet the needs of your workload.

Code

Here is the complete code example:

provider "aws" {
  region = "us-west-2"
}

resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_eks_cluster" "example" {
  name     = "example-cluster"
  role_arn = aws_iam_role.example.arn

  vpc_resolver {
    security_group_ids = [aws_security_group.example.id]
  }
}

resource "aws_iam_role" "example" {
  name        = "example-role"
  description = "Example role for EKS cluster"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_security_group" "example" {
  name        = "example-sg"
  description = "Example security group for EKS cluster"

  ingress {
    from_port   = 0
    to_port     = 65535
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_eks_node_group" "example" {
  cluster_name    = aws_eks_cluster.example.name
  node_role_arn   = aws_iam_role.example.arn
  num_nodes       = 3

  scaling_config {
    desired_size = 3
    max_size      = 3
    min_size      = 1
  }
}

Thanks

If you find this article helpful please drop a like, If you have any doubts, feel free to drop a comment.

Did you find this article valuable?

Support Abhishek Singh by becoming a sponsor. Any amount is appreciated!