This is Part 1 of a multi-part, self-paced quick start exercise that will focus on provisioning a PaaS environment in AWS using Terraform.
What Will You Do¶
In part 1, you will:
- Create the following resources using Rafay's Terraform provider
- Group Association
- Cloud Credential
- Custom Blueprint
- Cluster Override
- EKS Cluster
- Verify cluster health
- Review available dashboards
Step 1: Configure & Provision Rafay Resources¶
In this step, you will configure and customize your AWS EKS Cluster using Terraform with some configuration files.
Make sure the following are installed or available.
- Text editor (or ability to update files using a terminal)
Make sure you have the following information. You may need to create these in your AWS environment or in the console.
To provision a cluster using Terraform:
- Download and decompress the Get Started package. Navigate to the
- Download the CLI config from the "MY TOOLS" section in the console.
- Edit the
config.jsonfile. The file location is terraform/pas_terraform/artifacts/credentials/config.json. For this exercise, just change the following.
terraform.tfvarsfile. The file location is terraform/pas_terraform/eks/terraform.tfvars. For this exercise, just update the following.
Open the terminal or command line.
- Navigate to the
- Initializes the directory containing the Terraform configuration files, preparing the directory for use with Terraform.
- Validates the configuration files in the directory, without accessing any remote services.
terraform apply. Enter
- Provisions the cluster.
It can take 30 minutes to provision the cluster. Check the console for the provisioning status.
Step 2: Verify Cluster¶
Once provisioning is complete, you should have a ready to use AWS EKS Cluster. We will verify the cluster by checking its health and status.
Step 3: Cluster Status & Health¶
The Kubernetes management operator automatically deployed on the cluster by the controller will "maintain a heartbeat" with the controller and will "proactively monitor" the status of the components on the worker node required for communication with the control plane and the controller.
- Cluster reachability should be not more than 1 minute
- Control plane should report as Healthy
Step 4: Zero Trust Kubectl¶
Your EKS Cluster's API Server is private and secure (i.e. cloaked and not directly reachable on the Internet). The controller provides a zero trust kubectl channel for authorized users.
- Click the "Kubectl" button on the cluster card.
- This will launch a web based kubectl shell for you to securely interact with the API server over a zero trust channel
- Type something like "kubectl get pod -n rafay-system"
Step 5: Kubernetes Resources¶
The dashboard also comes with an integrated Kubernetes dashboard. Click on "Resources" and you will be presented with all the Kubernetes resources organized using a number of filters.
Congratulations! At this point, you have
- Successfully configured and provisioned an AWS EKS cluster
- Used zero trust kubectl to securely access the AKS cluster's API server
- Used the integrated k8s dashboards to monitor and view details about the cluster