These scripts deploy an EKS Kubernetes cluster inside an existing VPC resource from AWS
-
Create a
variables.py
file, like the following example:class Variables: vpc_id = "vpc-xxxxxxxxx" """VPC ID where the EKS cluster is going to be deployed""" stack_name = "prod_cluster" """Name for the resources linked to this EKS"""
-
Create a new stack with any name you need:
$ pulumi stack init eks-project
-
Set the AWS region (example below):
$ pulumi config set aws:region us-east-2
-
Run
pulumi preview
to preview, and deploy changes bypulumi up
-
View the cluster name via
stack output
-
Verify that the EKS cluster exists, by either using the AWS Console or running
aws eks list-clusters
. -
Update your KubeConfig, Authenticate to your Kubernetes Cluster and verify you have API access and nodes running, in case of missing the permissions to access nodes please visit this page
Linux:
Define the KMS key
that you are going to use and be sure that your AWS CLI
is pointing to the correct AWS account
export SOPS_KMS_ARN=arn:aws:kms:REGION:ACCOUNT-ID:alias/ALIAS-NAME
- Encrypt:
sops -e NAME-OF-YOUR-STACK.json > stacks/NAME-OF-YOUR-STACK.enc
- Decrypt:
sops --output-type json -d NAME-OF-YOUR-STACK.enc > NAME-OF-YOUR-STACK.json
If you need to update/change anything on a living cluster created by this same stack, follow the below steps:
-
Decrypt the stack file that you are going to use. (see "How to encrypt/decrypt stack files" section)
-
Clone the repository
-
you should import the stack that you want to use/update, create a stack for this new import (also, you can use default stack)
$ pulumi stack import --file stack.json
-
Run
pulumi preview
to preview, and deploy changes bypulumi up
(using the stack created in the before step), also you need to create thevariables.py
file with the correct variables, if any variable is different it's going to update the current stack wth unwanted changes, right after importing the stack and defining thevariables.py
run apulumi preview
the output should indicate no changes. (maybe somemessages
outputs)
if you update a living cluster shared with a team then it's necessary to update/create a stack file. if you are updating a stack the name of the file should be the same as you received, if not, you can choose the name.
pulumi stack export --file stack.json
Encrypt the file (see "How to encrypt/decrypt stack files" section) and save it in stacks
folder then push the changes.