This project groups an AWS EKS Cluster with a basic fargate profile with a reusable module that installs a simple nginx pod into said cluster.
Use just first-setup to install and deploy the cluster. Please note that this changes the default cluster your kubectl points to.
For subsequent changes, use just apply and just plan instead of invoking terraform directly, so that values from .env can be loaded appropriately.
It is necessary to create a .env from .env.template, and to fill in values that make sense for your account
DOMAIN_HOST -> A route53 domain that you control. The account you install this module and cluster to must be able to access a hosted zone for this domain.
The root of the module itself - what will be installed when running just apply - creates an EKS cluster, Fargate profile, and related requisite infrastructure (VPCs, IAM roles, etc)
The module - in the modules/ directory - is responsible for installing an nginx pod into that cluster.
ConfigMap is used to hold the full html content served by nginx to avoid needing to build a custom image. A more complex application might prefer 'baked in' static files to this approach.
Fargate is used instead of managing EC2 worker nodes, because this assures instant availability and avoids the need for scaling and monitoring of worker nodes.
This is implemented with a single NAT gateway and EIP to save on costs. As required by EKS, the control plane is still distributed into two AZs.
Terraform state is stored locally rather than in a safer spot like an S3 bucket. This is done to keep the stack simple.
No use of HTTPs. For the sake of simplicitly - and as nothing private or secret is transmitted - the service only supports HTTP. A certificate could have been added to the load balancer, with SSL termination on the load balancer (requiring no changes to EKS), but this is not implemented.
AWS Load Balancer managed is required because of the use of Fargate. Fargate only supports IP targets for load balancing, and these IPs can be a moving target (such as if the container(s) exit. This is the approach that AWS recommends. Cert-manager is installed because this controller depends on it.
EKS API is left open to the internet (0.0.0.0) which is not ideal, but acceptable for a demo. Authentication via IAM is still required.