EKS Infrastructure Deployment FOR BITBUCKET PIPELINE DEPLOYMENT
This repository contains all the CloudFormation templates and BitBucket Pipeline to build an EKS infrastructure
Click the Settings in the left pane to view the AWS variables under Pipelines - Repository Variables
- Create AWS IAM user (eg. bitbucket-pipeline-iam) to allow CloudFormation deployment
- Update the Pipeline Repository variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
- Create EC2 key pair as 'pem' file (eg. eg. eks-node-key-pair-{environment})and store credentials in Parameter store (eg. /{environment}/eks-node-key-pair)
- Update Cloudformation templates as needed.
- In the Bitbucket pipeline yaml file change the IAM user and role properties in the "Update ConfigMap" section. Also change the account number on the "Associate EKS service account with ingress controller" section *move the account and IAM role/user to pipeline variables
- Once checked in, the pipeline will automatically trigger and deploy the environment. Make sure you use detailed comments about the changes that were made.
- Create access key and secret key in AWS console for the IAM user that gets created from the pipeline.
- Connect to EKS cluster (see below for more details)
Make sure Kubectl, AWSCLI, HELM3, and aws-iam-authenticator are installed on your terminal.
Run aws configure and enter the access key and secret key for the IAM user created from the pipeline.
run command below to configure kubectl and replace cluster and role variables
aws --region us-east-1 eks update-kubeconfig --name CLUSTERNAME
Run kubectl get pods to verify you are connected then run other commands as needed to troubleshoot or configure cluster.
Deploy the K8S dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
Generate Token file to log into the dashboard and save the token output
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
Start the kubectl proxy with the command below
kubectl proxy
Log into the dashboard from a browser with the URL below
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#!/login
Supply the token when prompted
The steps below were used to setup the repository to use a pipeline to build the AWS Infrastructure
- Create IAM user with programmatic access only in the AWS console with the appropriate permissions needed to create the resources. Do not overprovision with Administrator access.
- In the IaC repository, click on Repository settings and then Respository Variables under the Pipeline section
- Create the variables below for the IAM user created above
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
- Under the Pipeline section, click on Settings and Enable Pipelines if it isn't already. Keep in mind when you check code in the Pipeline will automatically run, so you may want to temporarily disable this when making multiple changes.
Use these steps to clone from SourceTree, our client for using the repository command-line free. Cloning allows you to work on your files locally. If you don't yet have SourceTree, download and install first. If you prefer to clone from the command line, see Clone a repository.
- You’ll see the clone button under the Source heading. Click that button.
- Now click Check out in SourceTree. You may need to create a SourceTree account or log in.
- When you see the Clone New dialog in SourceTree, update the destination path and name if you’d like to and then click Clone.
- Open the directory you just created to see your repository’s files.
Now that you're more familiar with your Bitbucket repository, go ahead and add a new file locally. You can push your change back to Bitbucket with SourceTree, or you can add, commit, and push from the command line.