πŸ“ŒPart 1 Streamlining AWS Infrastructure for Kubernetes: A Guide to Terraform & Ansible Setup

Vikas SurveVikas Surve
4 min read

1️⃣ Overview

This section covers automating AWS infrastructure setup for Kubernetes using:

βœ… Terraform Modules for AWS Infrastructure
βœ… Ansible Roles for Configuring EC2 Instances
βœ… IAM Roles, Security Enhancements, and System Optimizations
βœ… Troubleshooting and Best Practices

By the end of this guide, you’ll have a production-ready AWS environment for Kubernetes.


2️⃣ AWS Credentials & Configuration

πŸ”Ή Why is this important?

AWS authentication is required for Terraform and Ansible to create and manage resources.

πŸ”Ή Step 1: Install AWS CLI

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

πŸ”Ή Step 2: Configure AWS Credentials

aws configure

Enter your credentials:

AWS Access Key ID [None]: AKIAXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: us-east-1
Default output format [None]: json

πŸ”Ή Step 3: Verify AWS Access

aws sts get-caller-identity

βœ… Expected Output:

{
    "UserId": "AIDAEXAMPLEID",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/Admin"
}

3️⃣ Terraform Setup for AWS Infrastructure

πŸ”Ή Why Use Terraform Modules?

  • Modular & Reusable: Allows different teams to manage VPC, EC2, Security Groups independently.

  • Scalability: Makes infrastructure modifications easy.

  • Consistency: Avoids manual setup errors.


πŸ”Ή Terraform Directory Structure

terraform-setup/
│── modules/
β”‚   │── vpc/
β”‚   β”‚   β”œβ”€β”€ main.tf
β”‚   β”‚   β”œβ”€β”€ variables.tf
β”‚   β”‚   β”œβ”€β”€ outputs.tf
β”‚   │── ec2/
β”‚   β”‚   β”œβ”€β”€ main.tf
β”‚   β”‚   β”œβ”€β”€ variables.tf
β”‚   β”‚   β”œβ”€β”€ outputs.tf
│── main.tf
│── variables.tf
│── outputs.tf
│── terraform.tfvars

πŸ”Ή Module 1: VPC (modules/vpc/main.tf)

Creates a VPC and Subnet for Kubernetes networking.

resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
  enable_dns_support = true
  enable_dns_hostnames = true
}

resource "aws_subnet" "public_subnet" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = var.subnet_cidr
  map_public_ip_on_launch = true
}

Variables (modules/vpc/variables.tf)

variable "vpc_cidr" { default = "10.0.0.0/16" }
variable "subnet_cidr" { default = "10.0.1.0/24" }

πŸ”Ή Module 2: Security Groups (modules/security/main.tf)

Manages network security by restricting access.

resource "aws_security_group" "k8s_sg" {
  vpc_id = var.vpc_id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

πŸ”Ή Module 3: IAM Role for EC2 (modules/iam/main.tf)

Allows EC2 to interact with AWS services.

resource "aws_iam_role" "ec2_role" {
  name = "ec2-k8s-role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

πŸ”Ή Module 4: EC2 Instance (modules/ec2/main.tf)

Deploys an EC2 instance with Ubuntu.

resource "aws_instance" "ec2" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = var.instance_type
  subnet_id     = var.subnet_id
  key_name      = var.key_name
  iam_instance_profile = aws_iam_role.ec2_role.name
}

πŸ”Ή Deploy Terraform Configuration

terraform init
terraform apply -auto-approve

βœ… Sample Output:

Apply complete! Resources: 5 added.
ec2_public_ip = "3.85.76.182"

4️⃣ Ansible Setup for Kubernetes Dependencies

πŸ”Ή Why Use Ansible?

  • Automates EC2 Configuration (installs Docker, Kind, kubectl).

  • Ensures Consistency across multiple instances.


πŸ”Ή Ansible Directory Structure

ansible-setup/
│── roles/
β”‚   │── common/
β”‚   β”‚   β”œβ”€β”€ tasks/
β”‚   β”‚   β”‚   β”œβ”€β”€ main.yml
β”‚   │── kubernetes/
β”‚   β”‚   β”œβ”€β”€ tasks/
β”‚   β”‚   β”‚   β”œβ”€β”€ main.yml
│── inventory.ini
│── setup.yml

πŸ”Ή Role: Install Dependencies (roles/common/tasks/main.yml)

- name: Install dependencies
  apt:
    name: ['docker.io', 'curl']
    state: present
    update_cache: yes

πŸ”Ή Role: Setup Kind Cluster (roles/kubernetes/tasks/main.yml)

- name: Install Kind
  shell: |
    curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
    chmod +x ./kind
    sudo mv ./kind /usr/local/bin/kind

- name: Create Kind Cluster
  shell: kind create cluster --name easyshop

πŸ”Ή Ansible Playbook (setup.yml)

- name: Setup Kubernetes Cluster
  hosts: servers
  become: yes
  roles:
    - common
    - kubernetes

5️⃣ Validation & Testing

Check if Kind Cluster is Running

kubectl get nodes

βœ… Expected Output:

NAME                     STATUS   ROLES    AGE     VERSION
kind-control-plane       Ready    master   2m      v1.28.0

6️⃣ Troubleshooting & Best Practices

Common Terraform Errors

  • "IAM role does not exist" β†’ Ensure the IAM role is created before EC2 starts.

  • "Security group not found" β†’ Check that Security Groups are correctly referenced.

Common Ansible Errors

  • SSH Connection Issues β†’ Ensure EC2 key pair matches the one defined in Terraform.

  • Permission Denied β†’ Use become: yes in Ansible tasks for elevated privileges.


🎯 Conclusion

πŸš€ AWS infrastructure is now production-ready!
βœ… Terraform Modules for VPC, Security, IAM, EC2
βœ… Ansible Roles for Configuring Kubernetes Dependencies

πŸ“Œ Next Step: Kind Cluster & Application Deployment

0
Subscribe to my newsletter

Read articles from Vikas Surve directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Vikas Surve
Vikas Surve