I'm setting up a new EKS (Elastic Kubernetes Service) cluster in a fresh AWS account, and I want to do everything with an Infrastructure as Code (IaC) approach. Most of my infrastructure is already created with Terraform using the AWS EKS Terraform module, and I've added some goodies like external-dns, cert manager, ArgoCD, Karpenter, and an AWS load balancer using EKS blueprints. The cluster looks good, and all the pods are running.
However, I've hit a snag with external-dns. Initially, I needed to assign an IAM role to the service account with an annotation so that it could query Route 53 and create records, but I wasn't sure how to implement this with IaC. To fix it, I created a manifest file and applied it using kubectl, which worked fine.
Now I'm wondering how to continue from here. Management access is restricted to my IP address, and ArgoCD isn't exposed yet. Since I may need to make several adjustments to those deployed add-ons, I'm not sure how to proceed. I wanted to use ArgoCD for these updates, but with it not exposed, should I just patch its deployment instead? Also, I'm curious about how to add services to Argo – is that done through a GUI? I'm feeling a bit lost on the next steps!
1 Answer
From my experience, I wouldn't recommend installing software on Kubernetes directly from Terraform or OpenTofu. A better approach might be using the Helm provider to install ArgoCD through its Helm chart, which you can find at artifacthub.io. This way, you can let ArgoCD take over and manage the rest of your applications using ApplicationSets.
Also, it's essential to set up IAM Role for Service Accounts (IRSA) for the external-dns to work properly with AWS Route 53. Just a thought – hope that helps!
Great, but how do you actually expose the Argo server?