Deploy an EKS cluster - PaloAltoNetworks/cn-series-deploy GitHub Wiki
The /eks folder contains a Terraform plan that deploys a Kubernetes cluster in Amazon's Elastic Kubernetes Service (EKS). The cluster design meets the minimum requirements to support a CN-Series Next-Generation Firewall and will span across multiple availability zones for maximum redundancy and scalability.
- Configure the AWS CLI with your credentials.
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: ENTER- Create a
terraform.tfvarsfile and add the following variables and their associated values.
location = "" # The AWS region
ssh_key_name = "" # The contents of your SSH public key- Initialize the Terraform providers.
$ terraform init- Validate the Terraform plan.
$ terraform plan- Apply the Terraform plan.
$ terraform apply- Update the kubeconfig file with the new cluster's information.
$ aws eks update-kubeconfig --name $(terraform output eks_cluster_name)- Verify the cluster nodes have been built and are in a Ready status.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-192-168-42-180.us-west-2.compute.internal Ready <none> 42m v1.14.9
ip-192-168-67-38.us-west-2.compute.internal Ready <none> 42m v1.14.9- You are now ready to deploy the CN‐Series Firewall.