TK8 Cattle EKS Provisioner with Terraform Rancher Provider

31. Dezember 2019 Digitalisierung



    • In a previous post we introduced how to use a Rancher Server with Terraform Rancher Provider to deploy Rancher’s Kubernetes Engine (RKE) with the TK8 Cattle AWS provisioner on auto-provisioned EC2 machines.

    In this post I’ll introduce the TK8 Cattle EKS provisioner by the awesome Shantanu Deshpande to deploy an EKS Cluster with the tk8ctl tool talking to a Rancher Server using a valid SSL certificate running on our local machine.

    Rancher launched EKS vs. Rancher launched RKE Cluster

    With Rancher Server you can launch or import any Kubernetes cluster on any cloud provider or existing bare-metal servers or virtual machines.

    In the case of AWS, we can either choose to use RKE with new nodes on Amazon EC2 or the managed Amazon EKS offering.

    With EKS one doesn’t need to worry about managing the control plane or even the worker nodes, AWS manages everything for us at the price of a lower Kubernetes version, which is Kubernetes v1.14.8 at this time of writing.

    With RKE, we can use the latest Kubernetes 1.16.x or soon 1.17.x versions, but we need to manage the control plane and worker nodes on our own, which requires skilled Kubernetes and Rancher professionals.

    Harshal Shah shares his experience nicely in this blog post about Lessons Learned from running EKS in Production, which I highly recommend to read, if you’d like to free-up your time to be able to deal with other challenges.

    In a previous post I wrote about a dilemma by deciding on how to run and manage multiple Kubernetes clusters using OpenShift, RKE, EKS or Kubeadm on AWS.

    Let’s get started

    Prerequisites

    Most probably you have already these tools installed listed below, except mkcert and tk8ctl:

    AWS CLI
    Terraform 0.12
    Docker for Desktop
    git cli
    mkcert
    tk8ctl

    Get the source

    git clone https://github.com/kubernauts/tk8-provisioner-cattle-eks.git
    cd tk8-provisioner-cattle-eks

    Install Rancher with Docker and mkcert

    As mentioned at the beginning we are going to use Rancher Server and Rancher’s API via code to deploy and manage the life cycle of our EKS clusters with tk8ctl and the Cattle EKS provisioner.

    To keep things simple, we’ll install Rancher on our local machine with docker and mkcert to get a valid SSL certificate in our browser, which we need to talk to with the following simple commands on MacOS (on Linux you need to follow these mkcert instructions and copy the rootCA.pem from the right directory on linux to your working directory):


    $ brew install mkcert
    $ mkcert — install
    $ mkcert '*.rancher.svc'
    # on MacOS
    # cp $HOME/Library/Application\ Support/mkcert/rootCA.pem cacerts.pem
    # on Ubuntu Linux
    # cp /home/ubuntu/.local/share/mkcert/rootCA.pem cacerts.pem
    # cp _wildcard.rancher.svc.pem cert.pem
    # cp _wildcard.rancher.svc-key.pem key.pem
    $ sudo echo "127.0.0.1 gui.rancher.svc" >> /etc/hosts
    docker run -d -p 80:80 -p 443:443 -v $PWD/cacerts.pem:/etc/rancher/ssl/cacerts.pem -v $PWD/key.pem:/etc/rancher/ssl/key.pem -v $PWD/cert.pem:/etc/rancher/ssl/cert.pem rancher/rancher:stable
    $ open https://gui.rancher.svc

    With that you should be able to access Rancher on https://gui.rancher.svc without TLS warnings!

    Get the tk8ctl CLI

    Download the latest tk8ctl release and place it in your path:

    # On MacOS
    $ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-darwin-amd64
    chmod +x tk8ctl-darwin-amd64
    mv tk8ctl-darwin-amd64 /usr/local/bin/tk8ctl
    $ tk8ctl version
    # ignore any warnings for now, you’ll get a config.yaml file which we’ll overwrite shortly
    # On Linux
    $ wget https://github.com/kubernauts/tk8/releases/download/v0.7.7/tk8ctl-linux-amd64
    chmod +x tk8ctl-linux-amd64
    $ sudo mv tk8ctl-linux-amd64 /usr/local/bin/tk8ctl
    $ tk8ctl version
    # provide any value for aws access and secret key, you’ll get a config.yaml file which we’ll overwrite

    Set AWS and Terraform Rancher Provider variables

    Get the bearer token from Rancher UI in the menu via API & Keys:

    and provide your AWS access and secret keys in a file called e.g. cattle_eks_env_vars.template:

    and source the file:

    $ source cattle_eks_env_vars.template

    Deploy EKS with tk8ctl

    Now you’re ready to deploy EKS via Rancher API:


    $ cp example/config-eks-gui.rancher.svc.yaml config.yaml
    $ tk8ctl cluster install cattle-eks

    After some seconds you should see in the Rancher Server GUI an EKS cluster in the provisioning state, take a cup of coffee or a delicious red wine, your EKS cluster needs about 15 min. to get ready.

    Access your EKS cluster

    To access your EKS Cluster you can either get the kubeconfig from Rancher UI and save it as kubeconfig.yaml and run:

    KUBECONFIG=kubeconfig.yaml kubectl get nodes

    or you can run the following aws eks command to update your default kubeconfig file with the new context:

    aws eks update-kubeconfig --name tk8-tpr2-eks

    Clean-Up

    tk8ctl cluster destroy cattle-eks

    We’re hiring!

    We are looking for engineers who love to work in Open Source communities like Kubernetes, Rancher, Docker, etc.

    If you wish to work on such projects please do visit our job offerings page.

    TK8 Cattle EKS Provisioner with Terraform Rancher Provider was originally published in Kubernauts on Medium, where people are continuing the conversation by highlighting and responding to this story.

    Mehr zu Kubernetes Services, Kubernetes Training und Rancher dedicated as a Service lesen unter https://blog.kubernauts.io/tk8-cattle-eks-provisioner-with-terraform-rancher-provider-d5f5c4ccf43e?source=rss—-d831ce817894—4