motivation: most of the examples I found were either old, didn't use SSL, had a lot of self-built terraform modules. In this demo we use only vendor modules or the excellent terraform-aws-modules community modules.
this demo includes the following:
- everything is created with Terraform
- Kubernetes on EKS using IRSA
- AWS-Load-Balancer-Controller ingress with TLS
- Route53 auto-configuration of domain names
- ACM auto-provisioned certificates
- Cloudfront distribution with some simple defaults (note that AWS requires that you verify your AWS account to use the CDN, contact AWS support for that)
- Flagger, Flux and Istio
- You must have an AWS account with a registered domain and/or functioning hosted zone ready to deploy to, and Cloudfront enabled
- You must customize the
domain_namevariable invariables.tf - You may change
aws_regionto deploy elsewhere invariables.tf - You may change
cluster_nameas well invariables.tf
assuming you are on mac, you need the following:
brew install tfenv kubectl helm awscli
brew install fluxcd/tap/flux
brew install jq yq
tfenv install 1.1.9Note: you should substitute example.com, us-east-1 and mycluster with what you configured in variables.tf
to put up the cluster:
terraform init
terraform applygenerate your kube config and see pods running:
aws eks --region us-east-1 update-kubeconfig --name mycluster
kubectl get nodesThe ALB ingress only accepts HTTPS connections: https://origin.example.com
The real site should be available on Cloudflare CDN:
- https://example.com
- https://www.example.com
- http://example.com will redirect to https
- http://www.example.com will redirect to https
from here we can add a service mesh, gitops, centralized logging, monitoring, alerting, backup, autoscaling, instance termination handling, the list goes on
I would love any feedback in case you see some better way of doing things
To remove all created resources:
terraform destroy