In a previous post we introduced how to use a Rancher Server with Terraform Rancher Provider to deploy Rancher’s Kubernetes Engine (RKE) with the TK8 Cattle AWS provisioner on auto-provisioned EC2 machines.
In this post I’ll introduce the TK8 Cattle EKS provisioner by the awesome Shantanu Deshpande to deploy an EKS Cluster with the tk8ctl tool talking to a Rancher Server using a valid SSL certificate running on our local machine.
Rancher launched EKS vs. Rancher launched RKE Cluster
With Rancher Server you can launch or import any Kubernetes cluster on any cloud provider or existing bare-metal servers or virtual machines.
In the case of AWS, we can either choose to use RKE with new nodes on Amazon EC2 or the managed Amazon EKS offering.
With EKS one doesn’t need to worry about managing the control plane or even the worker nodes, AWS manages everything for us at the price of a lower Kubernetes version, which is Kubernetes v1.14.8 at this time of writing.
With RKE, we can use the latest Kubernetes 1.16.x or soon 1.17.x versions, but we need to manage the control plane and worker nodes on our own, which requires skilled Kubernetes and Rancher professionals.
Harshal Shah shares his experience nicely in this blog post about Lessons Learned from running EKS in Production, which I highly recommend to read, if you’d like to free-up your time to be able to deal with other challenges.
In a previous post I wrote about a dilemma by deciding on how to run and manage multiple Kubernetes clusters using OpenShift, RKE, EKS or Kubeadm on AWS.
Let’s get started
Prerequisites
Most probably you have already these tools installed listed below, except mkcert and tk8ctl:
AWS CLI
Terraform 0.12
Docker for Desktop
git cli
mkcert
tk8ctl
Get the source
git clone https://github.com/kubernauts/tk8-provisioner-cattle-eks.git
cd tk8-provisioner-cattle-eks
Install Rancher with Docker and mkcert
As mentioned at the beginning we are going to use Rancher Server and Rancher’s API via code to deploy and manage the life cycle of our EKS clusters with tk8ctl and the Cattle EKS provisioner.
To keep things simple, we’ll install Rancher on our local machine with docker and mkcert to get a valid SSL certificate in our browser, which we need to talk to with the following simple commands on MacOS (on Linux you need to follow these mkcert instructions and copy the rootCA.pem from the right directory on linux to your working directory):
$ brew install mkcert
$ mkcert — install
$ mkcert '*.rancher.svc'
# on MacOS
# cp $HOME/Library/Application\ Support/mkcert/rootCA.pem cacerts.pem
# on Ubuntu Linux
# cp /home/ubuntu/.local/share/mkcert/rootCA.pem cacerts.pem
# cp _wildcard.rancher.svc.pem cert.pem
# cp _wildcard.rancher.svc-key.pem key.pem
$ sudo echo "127.0.0.1 gui.rancher.svc" >> /etc/hosts
docker run -d -p 80:80 -p 443:443 -v $PWD/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v $PWD/key.pem:/etc/rancher/ssl/key.pem -v $PWD/cert.pem:/etc/rancher/ssl/cert.pem rancher/rancher:stable
$ open https://gui.rancher.svc
With that you should be able to access Rancher on https://gui.rancher.svc without TLS warnings!
Get the tk8ctl CLI
Download the latest tk8ctl release and place it in your path:
# On MacOS
$ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-darwin-amd64
chmod +x tk8ctl-darwin-amd64
mv tk8ctl-darwin-amd64 /usr/local/bin/tk8ctl
$ tk8ctl version
# ignore any warnings for now, you’ll get a config.yaml file which we’ll overwrite shortly
# On Linux
$ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-linux-amd64
chmod +x tk8ctl-linux-amd64
$ sudo mv tk8ctl-linux-amd64 /usr/local/bin/tk8ctl
$ tk8ctl version
# provide any value for aws access and secret key, you’ll get a config.yaml file which we’ll overwrite
Set AWS and Terraform Rancher Provider variables
Get the bearer token from Rancher UI in the menu via API & Keys and provide your AWS access and secret keys in a file called e.g. cattle_eks_env_vars.template:
and source the file:
$ source cattle_eks_env_vars.template
Deploy EKS with tk8ctl
Now you’re ready to deploy EKS via Rancher API:
$ cp example/config-eks-gui.rancher.svc.yaml config.yaml
$ tk8ctl cluster install cattle-eks
After some seconds you should see in the Rancher Server GUI an EKS cluster in the provisioning state, take a cup of coffee or a delicious red wine, your EKS cluster needs about 15 min. to get ready.
Access your EKS cluster
To access your EKS Cluster you can either get the kubeconfig from Rancher UI and save it as kubeconfig.yaml and run:
KUBECONFIG=kubeconfig.yaml kubectl get nodes
or you can run the following aws eks command to update your default kubeconfig file with the new context:
aws eks update-kubeconfig --name tk8-tpr2-eks
Clean-Up
tk8ctl cluster destroy cattle-eks
We’re hiring!
We are looking for engineers who love to work in Open Source communities like Kubernetes, Rancher, Docker, etc.
If you wish to work on such projects please do visit our job offerings page.
TK8 Cattle EKS Provisioner with Terraform Rancher Provider was originally published in Kubernauts on Medium, where people are continuing the conversation by highlighting and responding to this story.
Mehr zu Kubernetes Services, Kubernetes Training und Rancher dedicated as a Service lesen unter https://blog.kubernauts.io/tk8-cattle-eks-provisioner-with-terraform-rancher-provider-d5f5c4ccf43e?source=rss—-d831ce817894—4