Flightdeck for AWS consists of Terraform modules to provision AWS resources and configuration for clusters as well as Helm charts and configuration to install necessary resources into provisioned clusters.
Before installing, you will need:
- An AWS account or organization. An organization is recommend to facilitate multi-account setup and single sign-on.
- AWS credentials with administrative access to each account.
- A Terraform state backend in each account. If you don't have state backends yet, You can use our Cloudformation template to provision them.
You can deploy Flightdeck in your AWS organization by applying the major modules in order.
We recommend separate clusters for pre-production and production. Each cluster will need a network, ingress stack, cluster, and the Flightdeck platform. We also recommend isolating the stack for each stage into its own AWS account.
Flightdeck requires a VPC with public and private subnets. The VPC and subnets must be tagged following the conventions of the Kubernetes AWS cloud provider.
You can use the same VPC for multiple clusters by using more than one cluster tag. We recommend using separate VPCs for production and pre-production.
You can create a VPC and all required resources following the required conventions and our recommended best practices using the network module. If you have an existing VPC you'd like to use, make sure your VPC and its subnets have the appropriate tags.
Flightdeck uses application load balancers to route public traffic to the cluster. You can reuse the same load balancer for multiple clusters, but each cluster will require its own target group. You can provision a load balancer and target groups using the ingress module.
Flightdeck deploys on top of AWS EKS. We recommend using separate EKS clusters for production and pre-production. You can provision the required AWS resources including an EKS cluster using the cluster module.
Flightdeck contains pre-configured Helm charts for SRE. You can deploy the platform in your clusters using the platform module.
In order for pods running in your cluster to access AWS resources, you will need to create IAM roles in your AWS accounts and service accounts in your cluster. You can use the included service account role module to create roles that work with clusters created using Flightdeck.