You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
# Kubernetes on UpCloud with Terraform
Provision a Kubernetes cluster on [UpCloud](https://upcloud.com/) using Terraform and Kubespray
## Overview
The setup looks like following
```text Kubernetes cluster+--------------------------+| +--------------+ || | +--------------+ || --> | | | || | | Master/etcd | || | | node(s) | || +-+ | || +--------------+ || ^ || | || v || +--------------+ || | +--------------+ || --> | | | || | | Worker | || | | node(s) | || +-+ | || +--------------+ |+--------------------------+```
The nodes uses a private network for node to node communication and a public interface for all external communication.
## Requirements
* Terraform 0.13.0 or newer
## Quickstart
NOTE: Assumes you are at the root of the kubespray repo.
For authentication in your cluster you can use the environment variables.
```bashexport TF_VAR_UPCLOUD_USERNAME=usernameexport TF_VAR_UPCLOUD_PASSWORD=password```
To allow API access to your UpCloud account, you need to allow API connections by visiting [Account-page](https://hub.upcloud.com/account) in your UpCloud Hub.
Copy the cluster configuration file.
```bashCLUSTER=my-upcloud-clustercp -r inventory/sample inventory/$CLUSTERcp contrib/terraform/upcloud/cluster-settings.tfvars inventory/$CLUSTER/export ANSIBLE_CONFIG=ansible.cfgcd inventory/$CLUSTER```
Edit `cluster-settings.tfvars` to match your requirement.
Run Terraform to create the infrastructure.
```bashterraform init ../../contrib/terraform/upcloudterraform apply --var-file cluster-settings.tfvars \ -state=tfstate-$CLUSTER.tfstate \ ../../contrib/terraform/upcloud/```
You should now have a inventory file named `inventory.ini` that you can use with kubespray.You can use the inventory file with kubespray to set up a cluster.
It is a good idea to check that you have basic SSH connectivity to the nodes. You can do that by:
```bashansible -i inventory.ini -m ping all```
You can setup Kubernetes with kubespray using the generated inventory:
```bashansible-playbook -i inventory.ini ../../cluster.yml -b -v```
## Teardown
You can teardown your infrastructure using the following Terraform command:
```bashterraform destroy --var-file cluster-settings.tfvars \ -state=tfstate-$CLUSTER.tfstate \ ../../contrib/terraform/upcloud/```
## Variables
* `prefix`: Prefix to add to all resources, if set to "" don't set any prefix* `template_name`: The name or UUID of a base image* `username`: a user to access the nodes, defaults to "ubuntu"* `private_network_cidr`: CIDR to use for the private network, defaults to "172.16.0.0/24"* `ssh_public_keys`: List of public SSH keys to install on all machines* `zone`: The zone where to run the cluster* `machines`: Machines to provision. Key of this object will be used as the name of the machine * `node_type`: The role of this node *(master|worker)* * `plan`: Preconfigured cpu/mem plan to use (disables `cpu` and `mem` attributes below) * `cpu`: number of cpu cores * `mem`: memory size in MB * `disk_size`: The size of the storage in GB * `additional_disks`: Additional disks to attach to the node. * `size`: The size of the additional disk in GB * `tier`: The tier of disk to use (`maxiops` is the only one you can choose atm)* `firewall_enabled`: Enable firewall rules* `firewall_default_deny_in`: Set the firewall to deny inbound traffic by default. Automatically adds UpCloud DNS server and NTP port allowlisting.* `firewall_default_deny_out`: Set the firewall to deny outbound traffic by default.* `master_allowed_remote_ips`: List of IP ranges that should be allowed to access API of masters * `start_address`: Start of address range to allow * `end_address`: End of address range to allow* `k8s_allowed_remote_ips`: List of IP ranges that should be allowed SSH access to all nodes * `start_address`: Start of address range to allow * `end_address`: End of address range to allow* `master_allowed_ports`: List of port ranges that should be allowed to access the masters * `protocol`: Protocol *(tcp|udp|icmp)* * `port_range_min`: Start of port range to allow * `port_range_max`: End of port range to allow * `start_address`: Start of address range to allow * `end_address`: End of address range to allow* `worker_allowed_ports`: List of port ranges that should be allowed to access the workers * `protocol`: Protocol *(tcp|udp|icmp)* * `port_range_min`: Start of port range to allow * `port_range_max`: End of port range to allow * `start_address`: Start of address range to allow * `end_address`: End of address range to allow* `loadbalancer_enabled`: Enable managed load balancer* `loadbalancer_plan`: Plan to use for load balancer *(development|production-small)** `loadbalancers`: Ports to load balance and which machines to forward to. Key of this object will be used as the name of the load balancer frontends/backends * `port`: Port to load balance. * `backend_servers`: List of servers that traffic to the port should be forwarded to.
|
