This repository is a testing playground I created for my demonstration for this meetup event.
You should not be using it for any kind of production related work.
This is still a work in progress !
This playground stands on the shoulders of these giants:
- terraform-aws-eks-blueprints
- terraform-aws-eks-ack-addons
- crossplane-on-eks (formally known as
crossplane-aws-blueprints
). - pre-commit-terraform
- And so much more ...
- An AWS account and an IAM user, with an Access Key & Secret Key, that has enough permissions (i.e. using the
AdministratorAccess
policy). - A working installation of the AWSCLI with the Access Key & Secret Key configured (i.e with
aws configure
). - An account on Terraform Cloud (or just a workspace if you already have an account, or do whatever modifications are required to work with your specific setup if you don't use Terraform Cloud).
I would recommend setting the Execution mode to "local" in your workspace.
This way you get a remote state backend for free without the hassle of creating and maintaining a bootstrap bucket, and you still preserve the original Terraform oss cli workflow. - A Docker Hub account, if you plan on testing Crossplane's Packaging capabilities.
- If you are using
asdf-vm
, just runasdf install
.
If you are not, then:- You should definitely consider using it ;)
- Install the tools & versions listed in
.tool-versions
on your own.
/!\ NOTE: use terraform 1.3.3 to avoid this issue when using 1.3.4+.
-
Create a new file called
tfc.tf
containing the following (make sure to replace placeholders):terraform { cloud { organization = "<YOUR_TERRAFORM_CLOUD_ORGANIZATION>" workspaces { name = "<YOUR_TERRAFORM_CLOUD_WORKSPACE>" } } }
-
Then provision this playground:
# Init ❯ terraform init # Plan ❯ terraform plan -out=plans/out.plan # Apply ❯ terraform apply plans/out.plan # If you have other clusters in your kube config, run ❯ $(terraform output --raw configure_kubectl) # Or if you don't have any other clusters in your kube config, run: ❯ sed -i 's/: null/: []/g' ~/.kube/config && $(terraform output --raw configure_kubectl) # You should be able to see all pods with: ❯ kubectl get pods -A
-
Enable the controllers you'd like from the list of controllers supported by the terraform-aws-eks-ack-addons project in the
main.tf
file, for example:module "eks_blueprints_ack_addons" { source = "aws-ia/eks-ack-addons/aws" cluster_id = module.eks_blueprints.eks_cluster_id # Wait for data plane to be ready data_plane_wait_arn = module.eks_blueprints.managed_node_group_arn[0] enable_api_gatewayv2 = false enable_dynamodb = false enable_s3 = true enable_rds = true enable_amp = true tags = local.tags }
-
Then Plan/Apply those changes, if any:
# Plan ❯ terraform plan -out=plans/out.plan # Apply ❯ terraform apply plans/out.plan
See examples of managing cloud resources with ACK in the examples/ack/
directory.
-
Adjust versions and Policies in the
locals.tf
file, for example:crossplane_helm_config = { name = "crossplane" chart = "crossplane" repository = "https://charts.crossplane.io/stable/" version = "1.10.1" namespace = "crossplane-system" } crossplane_aws_provider_config = { enable = true provider_aws_version = "v0.33.0" additional_irsa_policies = ["arn:aws:iam::aws:policy/AmazonS3FullAccess", "arn:aws:iam::aws:policy/AmazonSQSFullAccess", "arn:aws:iam::aws:policy/AmazonRDSFullAccess", "arn:aws:iam::aws:policy/AmazonVPCFullAccess"] }
-
Set the
enable_crossplane
totrue
in themain.tf
file. -
Then Plan/Apply those changes, if any:
# Plan ❯ terraform plan -out=plans/out.plan # Apply ❯ terraform apply plans/out.plan
See examples of managing Cloud Resources with Crossplane in the examples/crossplane/1-resources/
directory.
See examples of managing Composed Cloud Resources with Crossplane in the examples/crossplane/2-compositions/
directory.
See examples of creating and distributing Packaged Compositions of Cloud Resources with Crossplane in the examples/crossplane/3-packages/
directory.
-
If its not already enabled, enable the ArgoCD add-on from the EKS Blueprint
module "eks_blueprints_kubernetes_addons" { source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.17.0" ... enable_argocd = true ... }
-
Then Plan/Apply those changes, if any:
# Plan ❯ terraform plan -out=plans/out.plan # Apply ❯ terraform apply plans/out.plan
-
Once ArgoCD is installed, get the default ArgoCD admin password
❯ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
-
Use k9s to create a port-forward to access the ArgoCD UI (recommended), or create a port-forward with kubectl
❯ ARGOCD_SERVER_POD=$(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server --no-headers -o jsonpath="{.items[].metadata.name}") ❯ kubectl port-forward -n argocd "pods/${ARGOCD_SERVER_POD}" 8080:8080 &
-
Login with the CLI
❯ argocd login localhost:8080 --insecure
See examples of declaratively deploy everything in the examples/argocd/
directory.
To destroy this playground:
# First of all, delete all ArgoCD apps deployed either from the ArgoCD CLI or UI
❯ argocd app delete argocd/crossplane-ack-meetup
# Then, delete all infrastructure
❯ terraform destroy -target="module.eks_blueprints_ack_addons" -auto-approve
❯ terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
❯ terraform destroy -target="module.eks_blueprints" -auto-approve
❯ terraform destroy -auto-approve