Production Recommendations

AWS

ami_id

It’s very important to set this Terraform variable to avoid future Terraform attempts to recreate your control plane instance.

This can be set after initial terraform apply, and you can find its initial discovered values in your Terraform state by using:

terraform state show data.aws_ami.ami

Example output:

# data.aws_ami.ami:
data "aws_ami" "ami" {
    ...
    id                    = "ami-00f6fb16625871821"
    ...

This example AMI ID is "ami-00f6fb16625871821", in your case it may be different.

In the terraform.tfvars file:

ami_id = "ami-00f6fb16625871821"

internal_api_lb

In order to hide your Kubernetes API endpoint from the external world, it’s recommended to use internal_api_lb which will cause ELB to be created in “internal” mode (accessible only from inside of your VPC).

internal_api_lb = true

In order to access your cluster later from outside, there is built-in HTTPS proxy tunnel in KubeOne.

kubeone proxy -t .

Now having this, point your kubectl to this proxy:

export HTTPS_PROXY=http://127.0.0.1:8888
kubectl get nodes

Resulted terraform.tfvars

The resulting terraform.tfvars will now include the following variables:

cluster_name    = "my-cool-cluster"
ami_id          = "ami-00f6fb16625871821"
internal_api_lb = true