It’s very important to set this Terraform variable to avoid future Terraform attempts to recreate your control plane instance.
This can be set after initial terraform apply, and you can find its initial discovered values in your Terraform state by
using:
terraform state show data.aws_ami.ami
Example output:
# data.aws_ami.ami:
data "aws_ami" "ami" {
...
id = "ami-00f6fb16625871821"
...
This this example AMI ID is "ami-00f6fb16625871821", in your case it may be different.
In the terraform.tfvars file:
ami_id = "ami-00f6fb16625871821"
In order to hide your Kubernetes API endpoint from the external world, it’s recommended to use internal_api_lb which
will cause ELB to be created in “internal” mode (accessible only from inside of your VPC).
internal_api_lb = true
In order to access your cluster later from outside, there is built-in HTTPS proxy tunnel in KubeOne.
kubeone proxy -t .
Now having this, point your kubectl to this proxy:
export HTTPS_PROXY=http://127.0.0.1:8888
kubectl get nodes
The resulting terraform.tfvars will now include the following variables:
cluster_name = "my-cool-cluster"
ami_id = "ami-00f6fb16625871821"
internal_api_lb = true