IaC For Kubeadm Cluster on AWS EC2 using Terraform and Ansible

This repo can be used to bootstrap a cluster in Amazon EC2. Just fork this repo and follow the below steps to set things up. Terraform is used to provision the infrastructure and Ansible is used to configure the kubeadm cluster on the nodes.

---

Configure an AWS ROLE for Keyless Authentication to AWS

Follow this link to setup Keyless Authentication to AWS using Github as OIDC Provider

Also allow this role to access the S3 backend configured for storing terraform state files

---

Architecture Diagram

---

Modify terraform.tfvars

The file terraform/tfvars contains all variables you need in order to tweak the provisioning of the cluster

---

Setup the Following Github Repository Secrets

Secret	Description
AWS_ROLE	This role is used by Github Actions to run Terraform modules and access AWS Secrets via Keyless Authentication to AWS via OIDC
AWS_REGION	Region to deploy the cluster in
AWS_KUBECONFIG_SECRET	Name of the AWS Secret

---

Run the deploy cluster workflow and obtain the KUBECONFIG from AWS Secrets

aws secretsmanager get-secret-value --secret-id $SECRET_ID  --query SecretBinary --output text | base64 --decode > $KUBECONFIG_PATH

Deployment Steps

Access the cluster via kubectl

export KUBECONFIG=$KUBECONFIG_PATH

---

Destroying the infra

Run the destroy_infra github action manually