EKS Deployment Manual with Terraform

EKS Deployment Manual with Terraform

This manual provides step-by-step instructions for deploying an Amazon EKS (Elastic Kubernetes Service) cluster using Terraform. It includes the configuration of essential components such as AWS credentials, infrastructure provisioning, EBS CSI driver installation, and Kubernetes environment setup.

Make sure to click on the images to have a better view of the details.


Prerequisites

Before starting the deployment, you will need the following:

  • Compressed folder: oneconnecEKS.zip

  • AWS credentials (IAM user):

    • Access Key ID

    • Secret Access Key

  • Region name where the deployment will take place (e.g., us-east-1)

  • Required software (either pre-installed or with installation instructions):

    • Terraform (version _____)

    • AWS CLI (version _____)

    • kubectl (version _____)

  • Key pair for access authentication


Step-by-Step Instructions

1. Initial Setup

1.1 Locate the project folder

Open your terminal and navigate to the directory that contains the Terraform files:
cd path/to/your/project/folder

1.2 Configure your AWS credentials

Run the following command:

aws configure

Then enter the following when prompted:

  • Access Key ID

  • Secret Access Key

  • Default region name (must match your target deployment region)

  • Output format: leave it blank (press Enter)

Imagen

Imagen

Imagen


2. Terraform Initialization

Run the following command:
terraform init

  • Wait for the process to complete (this may take a few minutes).

  • Ensure there are no error messages in red before proceeding.

Imagen

3. Deployment Plan Review

Generate an execution plan:
terraform plan

  • Review the summary output — it should indicate how many resources will be created.

  • If any error messages appear, stop the process and contact the technical team before continuing.

Imagen

4. EKS Cluster Deployment

Run the deployment command:
terraform apply

  1. Enter the name of your key pair when prompted.
Imagen
  1. Type "yes" to confirm the deployment.
Imagen
  1. Wait for the process to finish — this may take 10–20 minutes.
  1. Take note of any output displayed at the end, especially resource names or important URLs.


5. Accessing the AWS Console

Go to: https://console.aws.amazon.com

Navigate to Services > EKS > Clusters

Select your newly created cluster

In the Access tab, click "Add user"
Imagen

Select the IAM user that ran terraform apply (usually your currently logged-in user)

In the Access tab of your EKS cluster, Click "Create access entry"
Imagen
Select the IAM user who ran terraform apply (usually your currently logged-in user)
Imagen

Add the following policies:

  • AmazonEKSAdminPolicy

  • AmazonEKSClusterAdminPolicy

Imagen
Select each policy and click "Add policy"

Click "Next"

Finally, click "Create"
Imagen

6. kubectl Configuration

Update your kubectl configuration with the following command:

aws eks update-kubeconfig --region <your-region> --name <cluster-name>
Imagen

The cluster name should be available from the output of the previous step.

Then verify the connection:

kubectl get nodes

If the connection is successful, you'll see a list of the nodes in your EKS cluster.


7. EBS CSI Driver Configuration

7.1 Retrieve Cluster Information

Run the following commands in your terminal:

# Get the OIDC URL for your cluster (replace "my-cluster" with your actual cluster name)
aws eks describe-cluster --name my-cluster --query "cluster.identity.oidc.issuer" --output text

# Get your AWS Account ID
aws sts get-caller-identity --query "Account" --output text

Take note of these values — you’ll need them in the next steps.

Imagen



7.2 Create Trust Policy

Imagen



Create a file named aws-ebs-csi-driver-trust-policy.json with the following content:
Imagen

Replace the following placeholders:

  • TU_AWS_ACCOUNT_ID: Your AWS Account ID from step 7.1

  • TU_REGION: Your AWS region (e.g., us-east-1)

  • TU_OIDC_ID: The OIDC ID from step 7.1


7.3 Create the IAM Role

To create a new IAM role, run:

aws iam create-role \
  --role-name AmazonEKS_EBS_CSI_DriverRole \
  --assume-role-policy-document file://aws-ebs-csi-driver-trust-policy.json
Imagen

If the role already exists and you need to update it, run:

aws iam update-assume-role-policy \
  --role-name AmazonEKS_EBS_CSI_DriverRole \
  --policy-document file://aws-ebs-csi-driver-trust-policy.json
Imagen


7.4 Attach Policy to the Role
Attach the AWS-managed policy to the IAM role:
aws iam attach-role-policy \
  --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \
  --role-name AmazonEKS_EBS_CSI_DriverRole
Imagen

7.5 Configure the ServiceAccount in Kubernetes
Create the ServiceAccount:
kubectl create serviceaccount ebs-csi-controller-sa -n kube-system

Annotate the ServiceAccount with the IAM role:
kubectl annotate serviceaccount ebs-csi-controller-sa \
  -n kube-system \
  eks.amazonaws.com/role-arn=arn:aws:iam::TU_AWS_ACCOUNT_ID:role/AmazonEKS_EBS_CSI_DriverRole

Replace YOUR_AWS_ACCOUNT_ID with your actual AWS Account ID.
Imagen


7.6 Install the EBS CSI Driver
Deploy the driver using kubectl:
kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=release-1.20"

Imagen

Then, navigate to the deployment directory:
cd oneconnect-kubernetes

Imagen

8. Configure the .env File

Open the oneconnect.env file with a text editor (e.g., nano) and update the environment variables as needed for your deployment:

nano oneconnect.env

Modify the values according to your infrastructure, credentials, and environment-specific settings.

Make sure to save the file before exiting.
Imagen


9. Run the setup.sh Script

9.1 Grant execute permission to the script (if not already set):

chmod +x setup.sh

9.2 Run the setup script:

./setup.sh

Imagen

10. Restart the CSI Controller

To apply changes, restart the EBS CSI Controller:

kubectl rollout restart deployment ebs-csi-controller -n kube-system
Imagen


11. Verify Storage

Check the PersistentVolumeClaim (PVC) status:

kubectl describe pvc st-datasynchub -n datasynchub

Imagen


    • Related Articles

    • OneConnect Deployment and Configuration

      One Connect Platform: Kubernetes Azure Deployment Manual for Private Network This manual outlines the steps required to deploy the One Connect system on a Kubernetes cluster within a Private Network (meaning the OneConnect Platform will not be ...

    • One Connect Deployment - AWS Prerequisites

      Technical Prerequisites for Proof of Concept (PoC) Kubernetes Deployment Options The OneConnect Platform can be deployed on Minikube or vanilla Kubernetes clusters. However, for better scalability and operational simplicity, we recommend using Amazon ...

    • One Connect Cloud Deployment

      Prerequisites Download the required .zip folders attached at the end of the document: sql.zip one-connect.zip kafka-compose.zip Requirements for the Virtual Machine System: Linux Architecture: 64-bit processors (x86_64) support Instance ...

    • One Connect Deployment - Azure Prerequisites

      Before you Begin: The following deployment manuals assumes a basic understanding of Kubernetes concepts. For more information, refer to Kubernetes core concepts for Azure Kubernetes Service (AKS). Before you begin: If you don't have an Azure account, ...

    • Establishment of the Database and Requirements

      One Connect Manual in Azure Establishment of the Database and Requirements Prerequisites For the SQL database, the following are recommended: MariaDB MySQL Download the following sql.zip file - Database Deployment Minimum Resource Requirements ...