🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com 👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: ruclips.net/p/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl
amazing tutorial, i encountered issue with the route table syntax tho had to troubleshoot it for few hours , i ended up using a different module , but other than that, its working smooth , thanks a lot
🔴UPDATED🔴 How to create EKS Cluster using Terraform MODULES (AWS Load Balancer Controller + Autoscaler + IRSA) - ruclips.net/video/kRKmcYC71J4/видео.html Monitor EKS & EC2 instances with MANAGED Prometheus - ruclips.net/video/-nUQNFAX5TI/видео.html Native EKS Ingress: AWS Load Balancer Controller - ruclips.net/video/MZyrxzb7yAU/видео.html How to Add IAM User and IAM Role to AWS EKS Cluster? - ruclips.net/video/EGdN21F2Jfw/видео.html How to Create EKS Cluster Using eksctl? - ruclips.net/video/56bgjtGUzGE/видео.html
@Anton Putra thanks very much for shared this amazing tutorial, I did it complete step by step and only I did small changes, but everithing is work ok, thanks again :)
@@AntonPutra Quick question! how I can SSH to EKS Worker Nodes, which variables I need to add and if I need to add it to 7-nodes.tf or in 0-provider.tf file?
thanks for uploading the video. I found the instructions to be a little too quick, and pasting some of the code examples were hard to follow because they were too large/long, and the video pace was a bit quick.
super all the best keep it up , i like yours video , great super amazing video , PLEASE DO MAKING SAME REAL TIME EKS CLUSTER VIDEOS , i appreciate you /////
Great Video Anton! For-Self Managed K8S clusters using EKS but using " worker-groups" as worker nodes with Auto-Scaling, will the same policies you attached to your IAM role be the same? Looking forward to more great stuff from you!
Sure, 1. GitHub Actions Self Hosted Runner (Autoscaling with Kubernetes) 2. How to Create Your Own GitHub Actions? ruclips.net/video/jwdG6D-AB1k/видео.html 3. Build a Docker Image and Publish It to GCP GCR & Artifact Registry using Github Actions - ruclips.net/video/6dLHcnlPi_U/видео.html 4. Build a Docker Image and Publish It to AWS ECR using Github Actions ruclips.net/video/Hv5UcBYseus/видео.html
u did not tell about vpcendpoint which are required when we deploy app on nodegroup in private subnets and some security group settings as well , please can you clarify on this ?
Thanks, I already have 2 Horizontal Pod Autoscaler CUSTOM METRICS & PROMETHEUS - ruclips.net/video/iodq-4srXA8/видео.html Kubernetes Horizontal Pod Autoscaler - ruclips.net/video/pI_pMsuazqw/видео.html
Awesome video. I have been automated my deployment EKS using terraform since I watch your video it make me to practice it. I have question is the terraform can execute a script since I'm using rancher inside the kubernetes for manage my Kubernetes using EKS.
Thanks, yes terraform can execute local script and/or remote script. Frequently it is used with configuration management tools such as Ansible, Puppet, etc. Here is a reference www.terraform.io/language/resources/provisioners/local-exec www.terraform.io/language/resources/provisioners/remote-exec
How do you pass aws credential to the pod? Because i get an error "unable to locate credential. You can configure credentials by running aws configure"
hello! thank u v much this is v informational. was wondering how to limit public network access through inbound rules/security groups like an ec2 - currently the loadbalancer is accessible anywhere
It depends on the load balancer. Network load balancer does not have security groups and inherit rules from ec2 instances. Application load balancer needs it's own security group. If you can explain your use case i can give more specific recommendation.
@@AntonPutra thanks so much for getting back. so i use the hasura graphql engine in a container, and if i deploy with a load balancer, i can reach the UI via a call to the dns. The graphql also has to be accessible to rds and an app in cloudfront. so it appears that maybe the ec2 security group is best to manage public accessibility of the hasura UI, and an application load balancer is the best solution to manager the graphql engine and its connections to the rds and cloudfront application - does this sound right?
Hey awesome video sir.. one request, u havent attached service account,cluster role and binding related to autoscaler group in the link you provided. Could you please add that in your notes.🙏 Whole cluster-autoscaler.yaml file is missing in the given link.
Hi Anton, I am getting errror " │ Inappropriate value for attribute "route": element 0: attribute "core_network_arn" is required." in route tables creation.
How do you tackle the situation when the cluster autoscaler has changed the cluster scaling from 1 to 2 (and terraform won't know this) and then you need to perform a terraform deployment? In that case the scaling config will show the desired size of the cluster node has been changed and will try to put it back to 1, isn't it?
Your videos have helped me a lot. However, I'm still confused about load balancing. Somehow your cluster knows to create a load balancer when you create a LoadBalancer service. My cluster does not do that. Is there some setting or policy I need to add somewhere to make that work?
Kubernetes project have intree controllers that responsible for creating load balancers in different supported clouds. If you on premise or even bare metal try to install metallb. Otherwise just kubectl describe svc to get error message
does the code for the autoscaler need to be updated? the pod keeps crashing for me, at firts i though it was the amount of memory but after raising it it keeps crashing and the logs are way to many to make sense, when i use describe pod i just get Back-off restarting failed container
@@AntonPutra I change the image version to 1.22.1 but still gave me problems, then i notice that the problem was that i did not change the account number on my rol, and after doing the change seens to be running just fine.
Thank you very much for the video Anton. It was really awesome and helpful. How can we setup the aws load balancer controller for eks ingress via Terraform?
Thanks, I usually configure only AWS staff using terraform such as IAM permissions for controller. Deployment itself (YAML) is managed by other tools such as flux. You could however to use Terraform Kubernetes Provider - registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
There is a way with AWS Load Balancer Controller.You need to create TargetGroupBinding. It is a custom resource (CR) that can expose your pods using an existing ALB TargetGroup or NLB TargetGroup. I'm. going to create tutorial soon, here is a link for official doc - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/targetgroupbinding/targetgroupbinding/
Autoscaling block in terraform only configures AWS autoscaling group with min, max and desired size. Job of autoscaler deployed in K8s is to adjust desired size based on the load.
Well, the general recommendation by AWS to use nat gateway per availability zone. But for the last five years, I have never had issues with nat gateways. It's cost vs. ha balance that you need to decide for yourself. AWS will always try to convince you to use multi az and multi-region :)
I don't understand: - why public subnets are REQUIRED - why are you forced to connect private subnets to internet - why do you use private LB if it's same as public LB since private subnets are connected to internet
- only if you want to expose your apps to internet - typically we have 3 types of subnets: 1. public with internet gateway 2. private with nat gateway 3. isolated without access to internet, usually used for databases - it's not the same. Private LB only accessible within VPC, public LBs accessible from the internet
@@AntonPutra oh right, DB subnets, thanks for reminder, I'll go over it. Also your tutorial is shallow on launch template topic. You do know that slightest wrong in mandatory user data results in "instances failed to join cluster" yet you skipped it. Why user data? How about 99 max pods on t3.small?
Hi sir, This is really helpfull videos for me, I faces some issues here on route.tf file, when I press terraform apply then its shows this issues- 1. Error: Incorrect attribute value type │ │ on routes.tf line 4, in resource "aws_route_table" "private": │ 4: route = [ │ 5: { │ 6: cidr_block = "0.0.0.0/0" │ 7: nat_gateway_id = aws_nat_gateway.nat.id │ 8: carrier_gateway_id = "" 2. Inappropriate value for attribute "route": element 0: attribute "core_network_arn" is required 3. Error: Incorrect attribute value type │ │ on routes.tf line 30, in resource "aws_route_table" "public": │ 30: route = [ │ 31: { │ 32: cidr_block = "0.0.0.0/0" │ 33: gateway_id = aws_internet_gateway.igw.id │ 34: nat_gateway_id = "" │ 35: carrier_gateway_id = "" help me to solve this issues.
🔴 - To support my channel, I’d like to offer Mentorship/On-the-Job Support/Consulting - me@antonputra.com
👉 [UPDATED] AWS EKS Kubernetes Tutorial [NEW]: ruclips.net/p/PLiMWaCMwGJXnKY6XmeifEpjIfkWRo9v2l&si=wc6LIC5V2tD-Tzwl
Excellent! In my opinion, using terraform to create EKS clusters is better than depending on CloudFormation or eksctl
agree
this is first video in series , should'nt it be gradually go from basic towards advanced .....great work indeed
Thank you! I've created so many tutorials about EKS that I don't even remember what's in them, lol.
👉 How to Manage Secrets in Terraform - ruclips.net/video/3N0tGKwvBdA/видео.html
👉 Terraform Tips & Tricks - ruclips.net/video/7S94oUTy2z4/видео.html
👉 ArgoCD Tutorial - ruclips.net/video/zGndgdGa1Tc/видео.html
Anton, very good, one of the best explanation I saw! Thank you!
amazing tutorial, i encountered issue with the route table syntax tho had to troubleshoot it for few hours , i ended up using a different module , but other than that, its working smooth , thanks a lot
Do u mind providing source code that?
Excellent Start to EKS via Terraform -- Many Thanks for this ....
You're very welcome!
спасибо большое, Антон Путра! Thank you for sharing your knowledge!
welcome =)
🟢 [New] Terragrunt Tutorial: Create VPC, EKS from Scratch! (Step-by-Step) - ruclips.net/video/yduHaOj3XMg/видео.html
simple but very clear, like this course
Glad to hear that!
🔴UPDATED🔴 How to create EKS Cluster using Terraform MODULES (AWS Load Balancer Controller + Autoscaler + IRSA) - ruclips.net/video/kRKmcYC71J4/видео.html
Monitor EKS & EC2 instances with MANAGED Prometheus - ruclips.net/video/-nUQNFAX5TI/видео.html
Native EKS Ingress: AWS Load Balancer Controller - ruclips.net/video/MZyrxzb7yAU/видео.html
How to Add IAM User and IAM Role to AWS EKS Cluster? - ruclips.net/video/EGdN21F2Jfw/видео.html
How to Create EKS Cluster Using eksctl? - ruclips.net/video/56bgjtGUzGE/видео.html
Get Full-Length High-Quality DevOps Tutorials for Free - Subscribe Now! - ruclips.net/user/AntonPutra
I am not able to find github link for above project I found it for modules one
@Anton Putra thanks very much for shared this amazing tutorial, I did it complete step by step and only I did small changes, but everithing is work ok, thanks again :)
welcome!
brilliant workshop well done and thank you :)
Excellent video. Keep rocking with more videos
Thanks!
thank you so much Anton for providing such a content , subscribed 👌
My plreasure!
Awesome! Well explained, thanks!!
You're welcome!
Great video, learning a lot. Thanks a lot 5 stars video.
Thanks Alberto!
@@AntonPutra Quick question! how I can SSH to EKS Worker Nodes, which variables I need to add and if I need to add it to 7-nodes.tf or in 0-provider.tf file?
@@albertoporras3341 out of curiosity, WHY on earth would you do that
Спасибо большое за гайд, очень помогло!
pojaluysta =)
thank you very much!
Welcome!
Thank you, learned a lot and subscribed!! 👍
Welcome aboard! :)
Super👍
Thank you 👍
thanks for uploading the video. I found the instructions to be a little too quick, and pasting some of the code examples were hard to follow because they were too large/long, and the video pace was a bit quick.
Thanks for the feedback, you can find the source code in the github repo
Excellent stuff!
Glad you liked it!
Hey Anton, thanks for this video it is awsome!
Could you please do another one withTerraform but with ArgoCD included?
Thanks again.
Sure!
Great video!!!
Thank you!!
super all the best keep it up , i like yours video , great super amazing video , PLEASE DO MAKING SAME REAL TIME EKS CLUSTER VIDEOS , i appreciate you /////
Great Video Anton! For-Self Managed K8S clusters using EKS but using " worker-groups" as worker nodes with Auto-Scaling, will the same policies you attached to your IAM role be the same? Looking forward to more great stuff from you!
Thanks Abimbola! I haven't tested, but should be the same.
Nice video and explaination, I have tried everything. JFYI cluster-autoscaler.yaml code is missing in your DOC
Thanks
Thanks
Welcome
Could please show create eks node using launch template
Sure, here - github.com/antonputra/tutorials/blob/b09834856cc27ad8aa2fde45fbcd655a9a1425dd/lessons/150/terraform/7-nodes.tf#L129-L139
Thanks Anton for great video. I try to create CI-CD pipeline for github action. There is some code exemple that I can use?
Sure,
1. GitHub Actions Self Hosted Runner (Autoscaling with Kubernetes)
2. How to Create Your Own GitHub Actions? ruclips.net/video/jwdG6D-AB1k/видео.html
3. Build a Docker Image and Publish It to GCP GCR & Artifact Registry using Github Actions - ruclips.net/video/6dLHcnlPi_U/видео.html
4. Build a Docker Image and Publish It to AWS ECR using Github Actions ruclips.net/video/Hv5UcBYseus/видео.html
And I am really junior :) I mean also if there is some repository for using terraform to create github action for eks! Thanks again
u did not tell about vpcendpoint which are required when we deploy app on nodegroup in private subnets and some security group settings as well , please can you clarify on this ?
Security Group is managed by the EKS, not sure what do you mean.. You can expose app using private or public service of type load balancer.
Great video as usual Anton. could you add HPA ?
Thanks, I already have 2
Horizontal Pod Autoscaler CUSTOM METRICS & PROMETHEUS - ruclips.net/video/iodq-4srXA8/видео.html
Kubernetes Horizontal Pod Autoscaler - ruclips.net/video/pI_pMsuazqw/видео.html
Awesome video. I have been automated my deployment EKS using terraform since I watch your video it make me to practice it. I have question is the terraform can execute a script since I'm using rancher inside the kubernetes for manage my Kubernetes using EKS.
Thanks, yes terraform can execute local script and/or remote script. Frequently it is used with configuration management tools such as Ansible, Puppet, etc. Here is a reference
www.terraform.io/language/resources/provisioners/local-exec
www.terraform.io/language/resources/provisioners/remote-exec
How do you pass aws credential to the pod?
Because i get an error "unable to locate credential. You can configure credentials by running aws configure"
Turns out i just miss indentation 😅
@@kossei8096 ok :)
SIr thanks
welcome!
Great tutorial! Thanks for the video. I'm curious why there is no security groups in the terraform files?
Thanks, as far as I remember EKS will generate them for you.
Nice video Anton. Could you please share terraform script using EKS fargate?
Thanks, here - github.com/antonputra/tutorials/tree/main/lessons/102
hello! thank u v much this is v informational.
was wondering how to limit public network access through inbound rules/security groups like an ec2 - currently the loadbalancer is accessible anywhere
It depends on the load balancer. Network load balancer does not have security groups and inherit rules from ec2 instances. Application load balancer needs it's own security group. If you can explain your use case i can give more specific recommendation.
@@AntonPutra thanks so much for getting back. so i use the hasura graphql engine in a container, and if i deploy with a load balancer, i can reach the UI via a call to the dns. The graphql also has to be accessible to rds and an app in cloudfront. so it appears that maybe the ec2 security group is best to manage public accessibility of the hasura UI, and an application load balancer is the best solution to manager the graphql engine and its connections to the rds and cloudfront application - does this sound right?
Hey awesome video sir.. one request, u havent attached service account,cluster role and binding related to autoscaler group in the link you provided. Could you please add that in your notes.🙏
Whole cluster-autoscaler.yaml file is missing in the given link.
this one?
github.com/antonputra/tutorials/blob/main/lessons/102/k8s/cluster-autoscaler.yaml
Thanks a lot! Could you tell how you made VS Code folder icons prettier & what's the terminal Theme? Looks beautiful! :)
I believe I used "this extension - marketplace.visualstudio.com/items?itemName=vscode-icons-team.vscode-icons.
For the terminal it's item2 + ohmyz.sh/
Hi Anton, I am getting errror "
│ Inappropriate value for attribute "route": element 0: attribute "core_network_arn" is required." in route tables creation.
if i get the same error will provide a feedback
Very nice, but you could speak more slowly.. ;)
Thank, noted!
Lol had to check my playback speed
Hi Anton, great video mate, may i ask, can we set up autoscaler to scale automatically based on the load? and if yes, how? thanks!
Sure, i have few tutorials on my channel how to scale based on cpu & memory as well as custom metrics defined using prometheus
What if I don't want to use elastic IP?
Is there another way to configure this?
elastic ip for what? nat? well use public subnets with igw
How do you tackle the situation when the cluster autoscaler has changed the cluster scaling from 1 to 2 (and terraform won't know this) and then you need to perform a terraform deployment? In that case the scaling config will show the desired size of the cluster node has been changed and will try to put it back to 1, isn't it?
It should not happen. How do you manage your node pool? (managed, unmanaged, or separate autoscaling group)
Your videos have helped me a lot. However, I'm still confused about load balancing. Somehow your cluster knows to create a load balancer when you create a LoadBalancer service. My cluster does not do that. Is there some setting or policy I need to add somewhere to make that work?
Kubernetes project have intree controllers that responsible for creating load balancers in different supported clouds. If you on premise or even bare metal try to install metallb. Otherwise just kubectl describe svc to get error message
@@AntonPutra I'm in EKS. But your reply helped a lot. I'm tracing error now.
How do I test the private load balancer?
Test? You can open it in AWS console and find scheme property.
does the code for the autoscaler need to be updated? the pod keeps crashing for me, at firts i though it was the amount of memory but after raising it it keeps crashing and the logs are way to many to make sense, when i use describe pod i just get Back-off restarting failed container
make sure you match autoscaler version to your k8s as close as possible
@@AntonPutra I change the image version to 1.22.1 but still gave me problems, then i notice that the problem was that i did not change the account number on my rol, and after doing the change seens to be running just fine.
@@crimson27271 good to know, need to put a warning there =)
do we need to create an iam role demo explicitly ? u did not create one in the video, or do you have one already ?
It's in the terraform code. Yes, you need 1 role for control plane and another one for node pool.
Скажи, а у тебя было время посмотреть в сторону Karpenter? я вот глянул, крутая штука, вроде бы.
Poka net, sdelay video pro karpenter navernoe cherez nedelyu.
Thank you very much for the video Anton. It was really awesome and helpful. How can we setup the aws load balancer controller for eks ingress via Terraform?
Thanks, I usually configure only AWS staff using terraform such as IAM permissions for controller. Deployment itself (YAML) is managed by other tools such as flux. You could however to use Terraform Kubernetes Provider - registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
Do you implement vpc_cni ?
Yes, EKS supports native VPC networking (via CNI plugin)
Quick question: why didn't you also add add-ons in your eks.tf file? Will the cluster work without add-ons?
It will work with and without adonds. Do you have any specific addon in mind?
@@AntonPutra EFS
@@aryadiadi6888 ew fargate
what terraform version did you use in this tutorial?
I don't remember the exact version but higher 1.1.x. Next time will commit terraform lock file.
Hi Anton,
If we deploy an ALB how can we reuse the ALB for other services/ingress?
There is a way with AWS Load Balancer Controller.You need to create TargetGroupBinding. It is a custom resource (CR) that can expose your pods using an existing ALB TargetGroup or NLB TargetGroup. I'm. going to create tutorial soon, here is a link for official doc - kubernetes-sigs.github.io/aws-load-balancer-controller/v2.3/guide/targetgroupbinding/targetgroupbinding/
Why do we use cluster autoscaler as deployment if we already have node autoscaling in the nodes.tf file ?
I mean this one:
resource "aws_eks_node_group" "private-nodes" {
cluster_name = aws_eks_cluster.demo.name
node_group_name = "private-nodes"
node_role_arn = aws_iam_role.nodes.arn
subnet_ids = [
aws_subnet.private-us-east-1a.id,
aws_subnet.private-us-east-1b.id
]
capacity_type = "ON_DEMAND"
instance_types = ["t3.small"]
scaling_config {
desired_size = 2
max_size = 5
min_size = 2
}
update_config {
max_unavailable = 1
}
Autoscaling block in terraform only configures AWS autoscaling group with min, max and desired size. Job of autoscaler deployed in K8s is to adjust desired size based on the load.
Why did you use only one nat gateway in this section?
Well, the general recommendation by AWS to use nat gateway per availability zone. But for the last five years, I have never had issues with nat gateways. It's cost vs. ha balance that you need to decide for yourself. AWS will always try to convince you to use multi az and multi-region :)
Thank you for the good video and kind reply😁
I don't understand:
- why public subnets are REQUIRED
- why are you forced to connect private subnets to internet
- why do you use private LB if it's same as public LB since private subnets are connected to internet
- only if you want to expose your apps to internet
- typically we have 3 types of subnets: 1. public with internet gateway 2. private with nat gateway 3. isolated without access to internet, usually used for databases
- it's not the same. Private LB only accessible within VPC, public LBs accessible from the internet
@@AntonPutra oh right, DB subnets, thanks for reminder, I'll go over it.
Also your tutorial is shallow on launch template topic. You do know that slightest wrong in mandatory user data results in "instances failed to join cluster" yet you skipped it.
Why user data?
How about 99 max pods on t3.small?
Good content, but too fast making it less effective
Very fast
noted
Hi sir, This is really helpfull videos for me, I faces some issues here on route.tf file, when I press terraform apply then its shows this issues-
1. Error: Incorrect attribute value type
│
│ on routes.tf line 4, in resource "aws_route_table" "private":
│ 4: route = [
│ 5: {
│ 6: cidr_block = "0.0.0.0/0"
│ 7: nat_gateway_id = aws_nat_gateway.nat.id
│ 8: carrier_gateway_id = ""
2. Inappropriate value for attribute "route": element 0: attribute "core_network_arn" is required
3. Error: Incorrect attribute value type
│
│ on routes.tf line 30, in resource "aws_route_table" "public":
│ 30: route = [
│ 31: {
│ 32: cidr_block = "0.0.0.0/0"
│ 33: gateway_id = aws_internet_gateway.igw.id
│ 34: nat_gateway_id = ""
│ 35: carrier_gateway_id = ""
help me to solve this issues.
Why? Because.