motivation: most of the examples I found were either old, didn't use SSL, had a lot of self-built terraform modules. In this demo we use only vendor modules or the excellent terraform-aws-modules community modules.
this demo includes the following:
- everything is created with Terraform
- Kubernetes on EKS using IRSA
- AWS-Load-Balancer-Controller ingress with TLS
- Route53 auto-configuration of domain names
- ACM auto-provisioned certificates
- Cloudfront distribution with some simple defaults (note that AWS requires that you verify your AWS account to use the CDN, contact AWS support for that)
in only 443 lines of code!
- You must have an AWS account with a registered domain and/or functioning hosted zone ready to deploy to, and Cloudfront enabled
- You must customize the
domain_namevariable invariables.tf - You may change
aws_regionto deploy elsewhere invariables.tf - You may change
cluster_nameas well invariables.tf
assuming you are on mac, you need the following:
brew install tfenv
brew install kubectl
brew install helm
brew install awscli
tfenv install 1.1.9Note: you should substitute example.com, us-east-1 and mycluster with what you configured in variables.tf
to put up the cluster:
terraform init
terraform applygenerate your kube config and see pods running:
aws eks --region us-east-1 update-kubeconfig --name mycluster
kubectl get nodesThe ALB ingress only accepts HTTPS connections: https://origin.example.com
The real site should be available on Cloudflare CDN:
- https://example.com
- https://www.example.com
- http://example.com will redirect to https
- http://www.example.com will redirect to https
from here we can add a service mesh, gitops, centralized logging, monitoring, alerting, backup, autoscaling, instance termination handling, the list goes on
I would love any feedback in case you see some better way of doing things
To remove all created resources:
terraform destroy