Bootstrap AWS EKS with Autoscaler and Gitops

Overview

• Create Initial AWS Resources
• Update locals.tf and provider.tf with Initial AWS Resource Details
• Run Terraform to create Terraformed AWS Resources
• Run ./script/configure.sh to update FluxCD Manafests with Terraformed AWS Resource Details
• Create Github Resources and set credentials Env Variables
• Run Flux Bootstrap to deploy Initial GitOps Resources, GitOps controlled K8s Addons & Configs, GitOps controlled K8s Apps

Inital AWS Resources

• AWS Account - A basic container for AWS resources and security boundary.
• Identity Center User - Short-lived authentication. No distributing access keys and associated risk of exposed secrets. Forced 2FA for CLI Access.
• S3 Bucket for Terraform State - Terraform must store state about managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, and keep track of metadata
• Dynamo DB for Terraform State Locking - Ensures that only one operation (like apply or plan) that could write or change the state is performed at a time. Price likely not a concern given DynamoDB's Utility Pricing model and the low volume of transactions.
• Route53 Zone - Controls how to Route traffic for a specific domain, and subdomains.

Github Resources

• Repository - The Source of Truth for your Infrastructure. FluxCD will monitor this repo (and the repos it references) for changes and applies them to your cluster.
• Flux User for Github Organization - When performing GitOps using a Organization Owned Repo, Flux recommends you create a dedicated user.
• Personal Access Token - Flux requires Github Authentication Secrets since it acts on your repo during the bootstrap process.

Terraformed AWS Resources

• ACM - Amazon Certficate Manager - Provision and manage SSL/TLS certificates with AWS services and connected resources
• VPC - Amazon Virtual Private Cloud - Define and launch AWS resources in a logically isolated virtual network
• EKS - Amazon Elastic Kubernetes Service - The most trusted way to start, run, and scale Kubernetes
• ECR - Amazon Elastic Container Registry - Easily store, share, and deploy your container software anywhere
• EKS Roles - IAM Roles for Service Accounts - Allow K8s pods to assume specific AWS IAM roles, enabling fine-grained permission control for applications, such as an K8s Autoscaler, without embedding AWS credentials within them.

Initial GitOps Resources

• GitRepository (A Continious Delivery Source)
• Kustomization (A Continious Delivery Pipeline)

GitOps Controlled K8s Addons & Configs

• Load Balance Controller
• Cluster Autoscaler - Cluster Autoscaler - a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. Requires Kubernetes v1.3.0 or greater
• External DNS - External DNS - a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes Services to make them discoverable.
• Metrics Server - Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.

GitOps Controlled K8s Apps

• Weave-Gitops - GitOps UI for FluxCD

Other Resources

• https://github.com/aws-samples/flux-eks-gitops-config