How MiQ manages EKS add-ons via Terraform
K Kushal Varma, Devops engineer II, MiQ
Introduction
Discover the secrets of automating EKS add-ons and optimizing their usage in your EKS clusters with the help of Terraform. At MiQ, we’ve successfully slashed the deployment time for EKS add-ons by an impressive 30%, outperforming manual deployment using manifest files. But first, let’s dive into a comprehensive understanding of the powerful duo — EKS and Terraform.
EKS(Elastic Kubernetes Service)
EKS is a managed Kubernetes service that makes it easy to deploy, manage and scale containerized applications in the AWS cloud. One of the key benefits of using EKS is its support for add-ons.
Why EKS add-ons?
Kubernetes add-ons are pre-configured and managed software components designed to enhance the functionality of a Kubernetes cluster. With EKS managed add-ons, installing and configuring these add-ons becomes effortless. If you’re seeking a straightforward, secure, and compatible approach to enrich your EKS cluster’s capabilities, then EKS managed add-ons are the perfect choice.
Here is a table that summarizes the advantages of using EKS add-ons instead of self-managed add-ons:
Terraform
Terraform, an innovative open-source Infrastructure as Code (IaC) tool, allows you to define and control your infrastructure using a declarative approach. With its automation capabilities, you can easily provision and manage your infrastructure, guaranteeing a harmonious and replicable state at all times.
Now we’ll discuss an overview of the different types of essential EKS add-ons available, which are Kube-proxy, CoreDNS, Amazon VPC CNI and learn how MiQ effortlessly manages them using Terraform.
Key Prerequisite: IAM permissions
Below are some key prerequisites while installing EKS add-ons that are useful tips to remember:
Before installing an EKS add-on, it is essential to check the required IAM permissions and ensure that your IAM role or user has the necessary permissions. For example, adding the AmazonEKSClusterPolicyAddonPermission policy to the IAM role which allows you to add add-ons to your EKS clusters.
Implementation
In this section, we’ll be covering the implementation of Kube-proxy, CoreDNS, Amazon VPC CNI using Terraform.
CoreDNS
AWS managed EKS add-on CoreDNS using Terraform:
Terraform resource configuration.
resource "aws_eks_addon" "coredns" {
cluster_name = var.cluster_name
addon_name = "coredns"
addon_version = "v1.8.7-eksbuild.4"
resolve_conflicts = "OVERWRITE"
tags = {
"eks_addon" = "coredns"
}
}After Terraform is applied, you can verify from the AWS console that the CoreDNS add-on is added to the cluster as shown below.
VPC_CNI
AWS managed EKS add-on vpc_cni using Terraform:
Terraform resource configuration will be the same as shown in code 1.1, Changes are required only on attributes addon_name and addon_version
After terraform apply, you can verify from the aws console that the vpc_cni add-on is also added to the cluster as shown below.
Kube-Proxy
AWS managed EKS add-on Kube-proxy using Terraform:
Terraform resource configuration will be the same as shown in code 1.1, Changes are required only on attributes addon_name and addon_version
After terraform apply, you can verify from the aws console that the kube-proxy add-on is also added to the cluster as shown below.
EKS Add-ons during upgrade activity
When you upgrade your Amazon EKS cluster, you can also upgrade the EKS managed add-ons that are installed on your cluster. But this upgrade of EKS managed add-ons is not automatically covered during EKS cluster upgrade. You have to upgrade your add-ons manually or using terraform.
For upgrading EKS managed add-ons manually from the console please refer here.
For upgrading EKS managed add-ons using Terraform, update “addon_version” in your Terraform resource block to the latest version.
Frequently faced issues
- Version compatibility issues
You can check the compatibility of your cluster with specific add-ons by reviewing the release notes for each add-on. If there are compatibility issues, you may need to update your cluster to a newer version or modify your configuration to ensure compatibility. Please refer to the official AWS website for compatible versions.
- Installation Issues
Installation issues can occur due to several reasons, such as incorrect configuration settings, lack of permissions, or network issues. To avoid these issues, it is important to follow the installation instructions provided by AWS and double-check your configuration settings. If the issue persists, check your IAM permissions and network connectivity to ensure that you can access the necessary resources.
- Performance Issues
These issues can be caused by various factors, such as resource limitations, network latency, or incorrect configuration settings. To troubleshoot performance issues, you can start by reviewing the logs for the add-on in question and checking the metrics for your Kubernetes cluster. If necessary, you can adjust the configuration settings to optimize performance and increase resource allocation.
Conclusion
Amazon managed EKS add-ons can help you optimize and streamline your kubernetes workloads on AWS. By using Terraform, you can automate the deployment of these add-ons and ensure consistent and repeatable deployments.
By automating the process instead of relying on manual intervention as it was done previously, we have eliminated any room for human error. This revolutionary approach not only streamlines operations but also enhances overall efficiency. Our clients experience this positive impact firsthand, as the automated process reduced the time MiQ’s devops teams were spending on deployment by 30%, freeing up time to spend on other client-facing requests. This game-changing advancement ensures a seamless and error-free experience, allowing us to focus on what truly matters — delivering exceptional results for our clients.
Kushal is a DevOps engineer at MiQ, based in Bengaluru. Outside of work, you’ll find him playing Esports, exploring new places, and staying up to date with the latest tech.
