- At least one AWS Account with
- AWS CLI configured with the account you want to deploy into
- An AWS route53 domain name if you want default Ingresses to just work. box. It is fine without it but External DNS and Cert Manager won't work out of the box
Dependencies can be found in
this file is compatible with asdf which is not a hard
requirement but our way of managing required tooling.
for p in $(cut -d " " -f1 .tool-versions); do asdf plugin-add $p; done
asdf install
adapt to your requirements
# Your AWS Account ID
aws_account_id: 161285725140
# Prefix to be added to created resources
prefix: pio-teks
# AWS S3 bucket region where Terraform will store state
tf_state_bucket_region: eu-west-1
# Github username or organization, this can be used by Flux2 to auto configure
# Github bootstrap
github_owner: particuleio
- In
adapt to your requirements, it is also possible to override variables defined inglobal_values.yaml
here, for example when using different AWS account per environment. Here we will use only one AWS account and deploy the production environment.
# Environment name, normally equal to folder name, here it is production by default
env: production
# Default domain name that will be used by default ingress resources, use a registered Route53 domain in the AWS Account
default_domain_name: clusterfrak-dynamics.io
- In
there is nothing to change if you want to use the example region (eu-west-1
), if you want to use another region, just rename the folder, for exampleus-east-1
and then editregion_values.yaml
to suit your need.
aws_region: eu-west-1
will be used to compute full cluster name, the default is$PREFIX-$ENV_$NAME
which is defined here. It is of course possible to override default variable inside the respectiveterragrunt.hcl
files -
You can edit each modules individually inside
. For official modules, please refer to their respective documentations. Foreks-addons
you can check the module here. -
Configure Flux2 Gitops in
or disable it if needed, you will need a GITHUB_TOKEN available from you terminal. Also to configure it according the your repository name.
# For this to work:
# * GITHUB_TOKEN should be set
flux2 = {
enabled = true
target_path = "gitops/clusters/${include.root.locals.merged.env}/${include.root.locals.merged.name}"
github_url = "ssh://git@github.com/${include.root.locals.merged.github_owner}/teks"
repository = "teks"
branch = "main"
repository_visibility = "public"
version = "v0.25.3"
auto_image_update = true
- Make sure you AWS credential are correctly loaded inside your terminal, then
from the
terragrunt run-all apply
INFO[0000] The stack at /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo will be processed in the following order for command apply:
Group 1
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/encryption-config
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/vpc
Group 2
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/eks
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/vpc-endpoints
Group 3
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/aws-auth
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons-critical
Group 4
- Module /home/klefevre/git/archifleks/teks-quickstart/terragrunt/live/production/eu-west-1/clusters/demo/eks-addons
- Load Kubeconfig, you still need to have the AWS CLI loaded and configure with the right account
export KUBECONFIG=$PWD/eks/kubeconfig
- Check out ingress objects
k get ingress --all-namespaces
monitoring kube-prometheus-stack-grafana nginx telemetry.clusterfrak-dynamics.io k8s-ingressn-ingressn-d192ac60af-c080dd921f212013.elb.eu-west-1.amazonaws.com 80, 443 12m
- Log into Grafana. From the
terragrunt output grafana_password
Use the cluster to do stuff you normally do on a Kubernetes Cluster
To destroy everything simply run
terragrunt run-all destroy --terragrunt-exclude-dir=aws-auth
from theeu-west-1/clusters/demo
namespace deletion, you can run the following command:
kubectl get namespace "flux-system" -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/namespaces/flux-system/finalize -f -
- Verify everything is deleted on AWS console (I just did not want the quickstart to end on an odd number)