Skip to content


This is Part 1 of a multi-part, self-paced quick start exercise that will focus on provisioning a PaaS environment in AWS using Terraform.

What Will You Do

In part 1, you will:

  • Create the following resources using Rafay's Terraform provider
    • Project
    • Group
    • Group Association
    • Cloud Credential
    • Custom Blueprint
    • Add-ons
      • nginx
      • cert-manager
    • Cluster Override
      • nginx
      • cert-manager
    • Repositories
      • nginx
      • cert-manager
    • EKS Cluster
  • Verify cluster health
  • Review available dashboards

Step 1: Configure & Provision Rafay Resources

In this step, you will configure and customize your AWS EKS Cluster using Terraform with some configuration files.

Make sure the following are installed or available.

  • Terraform
  • Text editor (or ability to update files using a terminal)

Make sure you have the following information. You may need to create these in your AWS environment or in the console.

To provision a cluster using Terraform:

  • Download and decompress the Get Started package. Navigate to the terraform/pas_terraform folder.
  • Download the CLI config from the "MY TOOLS" section in the console.
  • Edit the config.json file. The file location is terraform/pas_terraform/artifacts/credentials/config.json. For this exercise, just change the following.
    • api_key
    • api_secret
    • project_id
  • Edit the terraform.tfvars file. The file location is terraform/pas_terraform/eks/terraform.tfvars. For this exercise, just update the following.

    • project
    • rolearn
    • externalid
    • cluster_name
    • k8s_version
    • cluster_location
    • cluster_tags
  • Open the terminal or command line.

  • Navigate to the terraform/pas_terraform/eks folder.
  • Run terraform init.
    • Initializes the directory containing the Terraform configuration files, preparing the directory for use with Terraform.
  • Run terraform validate.
    • Validates the configuration files in the directory, without accessing any remote services.
  • Run terraform apply. Enter yes when prompted.
    • Provisions the cluster.

It can take 30 minutes to provision the cluster. Check the console for the provisioning status.

Create Cluster

Step 2: Verify Cluster

Once provisioning is complete, you should have a ready to use AWS EKS Cluster. We will verify the cluster by checking its health and status.

Step 3: Cluster Status & Health

The Kubernetes management operator automatically deployed on the cluster by the controller will "maintain a heartbeat" with the controller and will "proactively monitor" the status of the components on the worker node required for communication with the control plane and the controller.

  • Cluster reachability should be not more than 1 minute
  • Control plane should report as Healthy

Cluster Health

Step 4: Zero Trust Kubectl

Your EKS Cluster's API Server is private and secure (i.e. cloaked and not directly reachable on the Internet). The controller provides a zero trust kubectl channel for authorized users.

  • Click the "Kubectl" button on the cluster card.
  • This will launch a web based kubectl shell for you to securely interact with the API server over a zero trust channel
  • Type something like "kubectl get pod -n rafay-system"

ZTKA to Cluster

Step 5: Kubernetes Resources

The dashboard also comes with an integrated Kubernetes dashboard. Click on "Resources" and you will be presented with all the Kubernetes resources organized using a number of filters.

AKS k8s Resources


Congratulations! At this point, you have

  • Successfully configured and provisioned an AWS EKS cluster
  • Used zero trust kubectl to securely access the AKS cluster's API server
  • Used the integrated k8s dashboards to monitor and view details about the cluster