This Terraform project example allows you to create an EKS with its VPC, its VPN to access it privately and the cluster-autoscaler.
It is excellent for creating your own infrastructure on which you can then carry out your own tests and developments.
In the following diagram we see a summary of the infrastructure that we will create, that is, a VPC with private and public subnets per availability zone, with an EKS and an AWS VPN client that allows you to connect to the private subnets, as well as access the EKS privately.
Below is a figure showing the structure of the project. The various components are separated into dedicated files.
After defining the necessary providers in versions.tf and configuring them in providers.tf, let’s first create the network, i.e. the VPC in vpc.tf, using an excellent module that you can find here: https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest
To access the VPC’s private networks from VPN and thus also the EKS APIs, we add an AWS Client VPN using the following ready-made module:
https://github.com/cloudposse/terraform-aws-ec2-client-vpn
Now we can add the EKS, always using an other excellent ready-made module:
https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest
Two managed node groups have been created, a system one “syscore” and one for “workloads”.
To autoscale the number of nodes of the two managed node groups we also add the cluster-autoscaler installation.
Through the locals.tf file we can parameterize the project according to our needs.
You can find the complete code in this repository:
https://github.com/robertobandini/terraform-eks-with-vpn-and-cluster-autoscaler
Let’s see briefly how to run it.
Obviously, it is assumed that you already have a minimum knowledge of Terraform, AWS and Kubernetes and have already installed and configured the necessary tools such as aws cli for example.
After cloning the repository, it is advisable to edit the locals.tf file with your parameters and then you can proceed to execute the “terraform init” and “terraform apply” commands.
It is first necessary to do an apply without activating the installation of the cluster-autoscaler, via the “cluster_autoscaler_enabled” variable.
Its installation in fact assumes that you can already contact the EKS APIs via the VPN.
Once the first apply has created the VPC, VPN and EKS, you can download the OVPN configuration to connect via VPN with the command:
terraform output -raw ec2_client_vpn_configuration
Depending on the client you are using, you may need to remove the dot at the beginning of the DNS of the VPN endpoint.
Once you are connected to the VPN, you are ready to set the variable that allows the installation of the cluster-autoscaler to true and then apply again with Terraform.
You can then add the cluster to your kubeconfig configuration using the command:
aws eks update-kubeconfig --name test-robb-eks --region eu-west-3
To test the cluster and autoscaling using cluster-autoscaler, simply use the sample deployment:
cd test-deployment
kubectl apply -f nginx-deployment-test.yaml
To delete our infrastructure, at this point it will be sufficient to run a terraform destroy, obviously with the created VPN turned on to uninstall the cluster-autoscaler.