In a previous post we introduced how to use a Rancher Server with Terraform Rancher Provider to deploy Rancher’s Kubernetes Engine (RKE) with the TK8 Cattle AWS provisioner on auto-provisioned EC2 machines.In this post I’ll introduce the TK8 Cattle EKS provisioner by the awesome Shantanu Deshpande to deploy an EKS Cluster with the tk8ctl tool talking to a Rancher Server using a valid SSL certificate running on our local machine.Rancher launched EKS vs. Rancher launched RKE ClusterWith Rancher Server you can launch or import any Kubernetes cluster on any cloud provider or existing bare-metal servers or virtual machines.In the case of AWS, we can either choose to use RKE with new nodes on Amazon EC2 or the managed Amazon EKS offering.With EKS one doesn’t need to worry about managing the control plane or even the worker nodes, AWS manages everything for us at the price of a lower Kubernetes version, which is Kubernetes v1.14.8 at this time of writing.With RKE, we can use the latest Kubernetes 1.16.x or soon 1.17.x versions, but we need to manage the control plane and worker nodes on our own, which requires skilled Kubernetes and Rancher professionals.Harshal Shah shares his experience nicely in this blog post about Lessons Learned from running EKS in Production, which I highly recommend to read, if you’d like to free-up your time to be able to deal with other challenges.In a previous post I wrote about a dilemma by deciding on how to run and manage multiple Kubernetes clusters using OpenShift, RKE, EKS or Kubeadm on AWS.Let’s get startedPrerequisitesMost probably you have already these tools installed listed below, except mkcert and tk8ctl:AWS CLITerraform 0.12Docker for Desktopgit climkcerttk8ctlGet the sourcegit clone https://github.com/kubernauts/tk8-provisioner-cattle-eks.gitcd tk8-provisioner-cattle-eksInstall Rancher with Docker and mkcertAs mentioned at the beginning we are going to use Rancher Server and Rancher’s API via code to deploy and manage the life cycle of our EKS clusters with tk8ctl and the Cattle EKS provisioner.To keep things simple, we’ll install Rancher on our local machine with docker and mkcert to get a valid SSL certificate in our browser, which we need to talk to with the following simple commands on MacOS (on Linux you need to follow these mkcert instructions and copy the rootCA.pem from the right directory on linux to your working directory):$ brew install mkcert$ mkcert — install$ mkcert '*.rancher.svc'# on MacOS# cp $HOME/Library/Application Support/mkcert/rootCA.pem cacerts.pem# on Ubuntu Linux# cp /home/ubuntu/.local/share/mkcert/rootCA.pem cacerts.pem# cp _wildcard.rancher.svc.pem cert.pem# cp _wildcard.rancher.svc-key.pem key.pem$ sudo echo "127.0.0.1 gui.rancher.svc" >> /etc/hostsdocker run -d -p 80:80 -p 443:443 -v $PWD/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v $PWD/key.pem:/etc/rancher/ssl/key.pem -v $PWD/cert.pem:/etc/rancher/ssl/cert.pem rancher/rancher:stable$ open https://gui.rancher.svcWith that you should be able to access Rancher on https://gui.rancher.svc without TLS warnings!Get the tk8ctl CLIDownload the latest tk8ctl release and place it in your path:# On MacOS$ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-darwin-amd64chmod +x tk8ctl-darwin-amd64mv tk8ctl-darwin-amd64 /usr/local/bin/tk8ctl$ tk8ctl version# ignore any warnings for now, you’ll get a config.yaml file which we’ll overwrite shortly# On Linux$ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-linux-amd64chmod +x tk8ctl-linux-amd64$ sudo mv tk8ctl-linux-amd64 /usr/local/bin/tk8ctl$ tk8ctl version# provide any value for aws access and secret key, you’ll get a config.yaml file which we’ll overwriteSet AWS and Terraform Rancher Provider variablesGet the bearer token from Rancher UI in the menu via API & Keys:and provide your AWS access and secret keys in a file called e.g. cattle_eks_env_vars.template:https://medium.com/media/7e1e05d06680754e8a20465782e29e06/hrefand source the file:$ source cattle_eks_env_vars.templateDeploy EKS with tk8ctlNow you’re ready to deploy EKS via Rancher API:$ cp example/config-eks-gui.rancher.svc.yaml config.yaml$ tk8ctl cluster install cattle-eksAfter some seconds you should see in the Rancher Server GUI an EKS cluster in the provisioning state, take a cup of coffee or a delicious red wine, your EKS cluster needs about 15 min. to get ready.Access your EKS clusterTo access your EKS Cluster you can either get the kubeconfig from Rancher UI and save it as kubeconfig.yaml and run:KUBECONFIG=kubeconfig.yaml kubectl get nodesor you can run the following aws eks command to update your default kubeconfig file with the new context:aws eks update-kubeconfig –name tk8-tpr2-eksClean-Uptk8ctl cluster destroy cattle-eksWe’re hiring!We are looking for engineers who love to work in Open Source communities like Kubernetes, Rancher, Docker, etc.If you wish to work on such projects please do visit our job offerings page.TK8 Cattle EKS Provisioner with Terraform Rancher Provider was originally published in Kubernauts on Medium, where people are continuing the conversation by highlighting and responding to this story.
Quelle: blog.kubernauts.io
TK8 Cattle EKS Provisioner with Terraform Rancher Provider
Published by