You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<imgsrc="https://upload.wikimedia.org/wikipedia/commons/thumb/e/ea/Presidential_Standard_of_Belarus_%28fictional%29.svg/240px-Presidential_Standard_of_Belarus_%28fictional%29.svg.png"width="20"height="20"alt="Voices From Belarus" />](https://bysol.org/en/)[](https://vshymanskyy.github.io/StandWithUkraine)
5
5
6
-
Setup EKS cluster with necessary controllers, operators and monitoring stack. Similar projects:
6
+
## Overview
7
+
8
+
This project provides a ready-to-use configuration for setting up an AWS EKS cluster with all necessary controllers, operators, and monitoring stack. By using this configuration, DevOps engineers can save 1-2 months of work.
9
+
10
+
### Key Features
11
+
12
+
-**Node Group Templates**: Templates for creating Managed Node Groups and Fargate Profile linked to each availability zone individually.
13
+
-**Default Settings and Integration**: Reasonable default values and integration between modules for seamless setup.
14
+
-**Best-in-Class Modules**: Selection of the best modules for various purposes, such as ingress and monitoring.
I'm Filipp - Lead DevOps Engineer with 12+ years of experiencebased in Poland (utc+2). Currently I'm open to work and considering Senior, Lead or Architect DevOps role with b2b contract from 7k$\mo and 100% remote. I have extensive experience as a primary or lead DevOps engineer in product teams and startups. If you are looking for a DevOps engineer for a project, then contact me on [linkedin](https://www.linkedin.com/in/filipp-frizzy-289a0360/).
27
+
I'm Filipp - a Lead DevOps Engineer with 12+ years of experience, currently based in Poland (UTC+2). I am open to work and considering Senior, Lead, or Architect DevOps roles with a B2B contract from $7k/month and 100% remote. I have extensive experience as a primary or lead DevOps engineer in product teams and startups. If you are looking for a DevOps engineer for a project, contact me on [LinkedIn](https://www.linkedin.com/in/filipp-frizzy-289a0360/).
17
28
18
29
From my side:
19
-
-I have been working as Ops and DevOps engineer since 2012, including more than 7 years of experience working with UK & US teams
20
-
-I have experience as Single, Main or Lead DevOps for small teams of other Ops people
21
-
-I have experience with migration of services into Docker environment, including Kubernetes, Docker Swarm and AWS Elastic Containers
22
-
- AWS is my primary cloud since 2015, but manage Azure or GCP also not a big problem for me
23
-
-I have experience with Gitlab, Github, Jenkins, Argocd and Fluxcd CI & CD
24
-
-I write Terraform, Terragrunt, Asible, Saltstack and other IaC setups
25
-
-I solved few disasters in production with various K8S setups
26
-
-I can do SQL and NoSQL HA setups, like Galera Mysql, Mongodb, Kafka, ZooKeeper, Clickhouse, Redis and so one
27
-
-I did a lot of monitoring solutions with Prometheus\Victoriametrics, EFK, Zabbix and so one
28
-
-I have 2 open source projects with more than 1k stars
29
-
30
-
## What is included
30
+
-Working as Ops and DevOps engineer since 2012, with over 7 years of experience with UK & US teams.
31
+
-Experience as Single, Main, or Lead DevOps for small teams of other Ops people.
32
+
-Migration of services into Docker environments, including Kubernetes, Docker Swarm, and AWS Elastic Containers.
33
+
- AWS is my primary cloud since 2015
34
+
-Proficient with GitLab, GitHub, Jenkins, ArgoCD, and FluxCD CI & CD.
35
+
-Writing Terraform, Terragrunt, Ansible, SaltStack, and other IaC setups.
36
+
-Solved several production disasters with various Kubernetes setups.
37
+
-Skilled in SQL and NoSQL HA setups, like Galera MySQL, MongoDB, Kafka, ZooKeeper, Clickhouse, Redis, etc.
38
+
-Developed many monitoring solutions with Prometheus, VictoriaMetrics, EFK, Zabbix, etc.
39
+
-Authored 2 open source projects with over 1k stars.
This module contain local-exec block with `kubectl patch` for applying `tolerations` and `nodeSelector` deployments in `kube-system` namespace, that will work only in unix shell, so it will fail on Windows. This patch is necessary as some of eks addons currently doesn't support `tolerations` and `nodeSelector` in their configurations, but only necessary if you will use host nodes with taints to separate `management` processes from other. You can disable it by set`apply_kubectl_patch` variable to `false`.
91
+
This module contains a local-exec block with `kubectl patch` for applying `tolerations` and `nodeSelector` deployments in the `kube-system` namespace, which will only work in a Unix shell, and will fail on Windows. This patch is necessary as some EKS addons currently don't support `tolerations` and `nodeSelector` in their configurations, but it is only necessary if you use host nodes with taints to separate `management` processes from others. You can disable it by setting the`apply_kubectl_patch` variable to `false`.
81
92
82
93
## Example
94
+
83
95
```
84
96
cd example
85
97
terraform init
@@ -88,38 +100,41 @@ terraform apply
88
100
terraform output all
89
101
```
90
102
91
-
to destroy everything run (you may need to run it twice one by one)
103
+
To destroy everything, run (you may need to run it twice):
92
104
```
93
105
terraform destroy -auto-approve
94
106
```
95
107
96
-
force destroy in case of problems
108
+
Force destroy in case of problems:
97
109
```
98
110
helm ls -a --all-namespaces | awk 'NR > 1 { print "-n "$2, $1}' | xargs -L1 helm delete
99
111
kubectl delete all --all --all-namespaces
100
112
terraform destroy -auto-approve
101
113
```
102
114
103
-
After `terraform destroy` check ec2 volumes for unused disks as aws-ebs-csi-driver doesn't delete it by default after deleting helm releases.
115
+
After `terraform destroy`, check EC2 volumes for unused disks as the aws-ebs-csi-driver doesn't delete them by default after deleting helm releases.
104
116
105
117
## Security
106
118
107
-
`victoria-metrics-k8s-stack` deployed without internal password protection. Multiple charts such as `apisix`, `qryn` and `uptrace` contain explicit passwords in the values and do not use k8s secrets.
119
+
`victoria-metrics-k8s-stack`is deployed without internal password protection. Multiple charts such as `apisix`, `qryn`, and `uptrace` contain explicit passwords in the values and do not use Kubernetes secrets.
108
120
109
-
## Upgrading process
121
+
## Upgrading Process
110
122
111
-
Helm upgrade `reset_values` flag set to `true` for everything except databases like postgresql and clickhouse, see this [explain](https://shipmight.com/blog/understanding-helm-upgrade-reset-reuse-values)
123
+
Helm upgrade `reset_values` flag is set to `true` for everything except databases like PostgreSQL and Clickhouse. See this [explanation](https://shipmight.com/blog/understanding-helm-upgrade-reset-reuse-values).
112
124
113
125
## Outputs
114
126
115
-
Check the [./example/outputs.example](./example/outputs.example) file to get an example of the output. For setting DNS you can describe ingress external address with kubectl: `kubectl get service/apisix-ingress-controller-apisix-gateway -n ingress-apisix`.
127
+
Check the [./example/outputs.example](./example/outputs.example) file to get an example of the output. For setting DNS, you can describe the ingress external address with `kubectl`:
128
+
```
129
+
kubectl get service/apisix-ingress-controller-apisix-gateway -n ingress-apisix
130
+
```
116
131
117
-
Also `~/.kube/eks-${account_id}-${region}-${cluster_name}`kubeconfig will be created by `aws eks` utility.
132
+
Additionally, a kubeconfig file `~/.kube/eks-${account_id}-${region}-${cluster_name}` will be created by the`aws eks` utility.
0 commit comments