Production Recommendations
AWS
ami_id
It’s very important to set this Terraform variable to avoid future Terraform attempts to recreate your control plane
instance.
This can be set after initial terraform apply
, and you can find its initial discovered values in your Terraform state by
using:
terraform state show data.aws_ami.ami
Example output:
# data.aws_ami.ami:
data "aws_ami" "ami" {
...
id = "ami-00f6fb16625871821"
...
This example AMI ID is "ami-00f6fb16625871821"
, in your case it may be different.
In the terraform.tfvars file:
ami_id = "ami-00f6fb16625871821"
internal_api_lb
In order to hide your Kubernetes API endpoint from the external world, it’s recommended to use internal_api_lb
which
will cause ELB to be created in “internal” mode (accessible only from inside of your VPC).
In order to access your cluster later from outside, there is built-in HTTPS proxy tunnel in KubeOne.
Now having this, point your kubectl to this proxy:
export HTTPS_PROXY=http://127.0.0.1:8888
kubectl get nodes
The resulting terraform.tfvars
will now include the following variables:
cluster_name = "my-cool-cluster"
ami_id = "ami-00f6fb16625871821"
internal_api_lb = true