--- title: Kubernetes cluster creation description: ForgeRock provides Terraform artifacts for Amazon EKS cluster creation. Use them when you deploy the CDM. After deploying the CDM, you can use your cluster as a sandbox to explore Ping Identity Platform customization. component: forgeops version: 7.4 page_id: forgeops::cdm/eks/setup/cluster canonical_url: https://docs.pingidentity.com/forgeops/7.4/cdm/eks/setup/cluster.html keywords: ["CDM", "EKS", "Kubernetes Cluster", "Terraform", "Ingress Controller", "NGINX", "Certificate Manager"] section_ids: next_step: Next step --- # Kubernetes cluster creation ForgeRock provides Terraform artifacts for Amazon EKS cluster creation. Use them when you deploy the CDM. After deploying the CDM, you can use your cluster as a sandbox to explore Ping Identity Platform customization. When you [create a project plan](../../../start/start-here.html#planning), you'll need to identify your organization's preferred infrastructure-as-code solution, and create your own cluster creation automation scripts, if necessary. Here are the steps the ForgeOps Team followed to create a Kubernetes cluster on Amazon EKS: 1. Create a cluster using Terraform artifacts in the `forgeops-extras` repository: 1. Change to the directory that contains Terraform artifacts: ``` $ cd /path/to/forgeops-extras/terraform ``` 2. Run the tf-apply script to create your cluster: ``` $ ./tf-apply ``` Respond `yes` to the `Do you want to perform these actions?` prompt. When the tf-apply script finishes, it issues a message that provides the path to a kubeconfig file for the cluster. The script creates: * The EKS cluster * The `fast` storage class * The `ds-snapshot-class` volume snapshot class The script deploys: * An ingress controller * Certificate manager 2. Set your Kubernetes context to reference the new cluster by setting the `KUBECONFIG` environment variable as shown in the message from the tf-apply command's output. 3. To verify the tf-apply script created the cluster, log in to the AWS console. Access the console panel for the Amazon Elastic Kubernetes Service, and then list the EKS clusters. The new cluster should appear in the list of Kubernetes clusters. 4. Get the ingress controller's FQDN from the `EXTERNAL-IP` column of the kubectl get services command output: ``` $ kubectl get services --namespace ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx-controller LoadBalancer 10.100.43.88 k8s-ingress ...elb.us-east-1.amazonaws.com 80:30005/TCP,443:30770/TCP 62s ingress-nginx-controller-admission ClusterIP 10.100.2.215 443/TCP 62s ``` 5. Run the host command to get the ingress controller's external IP addresses. For example: ``` $ host k8s-ingress ...elb.us-east-1.amazonaws.com k8s-ingress ...elb.us-east-1.amazonaws.com has address 3.210.123.210 k8s-ingress ...elb.us-east-1.amazonaws.com has address 3.208.207.77 k8s-ingress ...elb.us-east-1.amazonaws.com has address 44.197.104.140 ``` Depending on the state of the cluster, between one and three IP addresses appear in the host command's output. 6. Configure hostname resolution for the ingress controller: 1. Choose an FQDN (referred to as the *deployment FQDN*) that you'll use when you deploy the Ping Identity Platform, and when you access its GUIs and REST APIs. Examples in this documentation use `cdm.example.com` as the deployment FQDN. You are not required to use `cdm.example.com`; you can specify any FQDN you like. 2. If DNS does not resolve your deployment FQDN, add an entry to the /etc/hosts file that maps the ingress controller's external IP address to the deployment FQDN. For example: ``` 3.210.123.210 cdm.example.com ``` ## Next step * [icon: check-square-o, set=fa][Become familiar with the CDM](../../intro.html) * [icon: check-square-o, set=fa][Understand CDM architecture](../../architecture.html) * [icon: check-square-o, set=fa][Set up your local environment and create a cluster](../../setup-cdm.html) * [icon: square-o, set=fa]*[Deploy the platform](../../deploy.html)* * [icon: square-o, set=fa][Access platform UIs and APIs](../../access.html) * [icon: square-o, set=fa][Plan for production deployment](../../next-steps.html)