Deploying into an existing AWS VPCΒΆ
Tarmak has experimental support for deploying clusters into an existing AWS VPC.
To enable this, you will need to note down the IDs for the VPC and subnets you want to deploy to.
For example, if we have the following infrastructure (notation in terraform):
provider "aws" {
region = "eu-west-1"
}
data "aws_availability_zones" "available" {}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags {
Name = "test_vpc"
}
}
resource "aws_eip" "nat" {
vpc = true
}
resource "aws_subnet" "public" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.main.id}"
cidr_block = "${cidrsubnet(cidrsubnet(aws_vpc.main.cidr_block, 3, 0), 3, count.index)}"
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
tags {
Name = "public_${data.aws_availability_zones.available.names[count.index]}"
}
}
resource "aws_subnet" "private" {
count = "${length(data.aws_availability_zones.available.names)}"
vpc_id = "${aws_vpc.main.id}"
cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 3, count.index + 1)}"
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
tags {
Name = "private_${data.aws_availability_zones.available.names[count.index]}"
}
}
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
}
resource "aws_nat_gateway" "main" {
depends_on = ["aws_internet_gateway.main"]
allocation_id = "${aws_eip.nat.id}"
subnet_id = "${aws_subnet.public.*.id[count.index]}"
}
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
}
resource "aws_route" "public" {
route_table_id = "${aws_route_table.public.id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.main.id}"
}
resource "aws_route_table" "private" {
vpc_id = "${aws_vpc.main.id}"
}
resource "aws_route" "private" {
route_table_id = "${aws_route_table.private.id}"
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.main.id}"
}
resource "aws_route_table_association" "public" {
count = "${length(data.aws_availability_zones.available.names)}"
subnet_id = "${aws_subnet.public.*.id[count.index]}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "private" {
count = "${length(data.aws_availability_zones.available.names)}"
subnet_id = "${aws_subnet.private.*.id[count.index]}"
route_table_id = "${aws_route_table.private.id}"
}
output "tarmak_config" {
value = <<EOF
network:
cidr: "${aws_vpc.main.cidr_block}"
metadata:
annotations:
tarmak.io/existing-vpc-id: "${aws_vpc.main.id}"
tarmak.io/existing-public-subnet-ids: "${join(",",aws_subnet.public.*.id)}"
tarmak.io/existing-private-subnet-ids: "${join(",",aws_subnet.private.*.id)}"
EOF
}
Run tarmak init as normal. Before running the apply stage, add the
following annotations to your clusters network configuration (located in
~/.tarmak/tarmak.yaml):
network:
cidr: 10.99.0.0/16
metadata:
creationTimestamp: null
annotations:
tarmak.io/existing-vpc-id: vpc-xxxxxxxx
tarmak.io/existing-public-subnet-ids: subnet-xxxxxxxx,subnet-xxxxxxxx,subnet-xxxxxxxx
tarmak.io/existing-private-subnet-ids: subnet-xxxxxxxx,subnet-xxxxxxxx,subnet-xxxxxxxx
Note you need to add these annotations to all clusters for that VPC, this includes hub clusters.
Now you can run tarmak cluster apply and continue as normal.
Warning
Deploying Tarmak into an existing VPC will not automatically create VPC endpoints for AWS services. It is strongly recommended that at least an S3 VPC endpoint is present for your deployed cluster.