You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
5.0 KiB

  1. # Kubernetes on GCP with Terraform
  2. Provision a Kubernetes cluster on GCP using Terraform and Kubespray
  3. ## Overview
  4. The setup looks like following
  5. ```text
  6. Kubernetes cluster
  7. +-----------------------+
  8. +---------------+ | +--------------+ |
  9. | | | | +--------------+ |
  10. | API server LB +---------> | | | |
  11. | | | | | Master/etcd | |
  12. +---------------+ | | | node(s) | |
  13. | +-+ | |
  14. | +--------------+ |
  15. | ^ |
  16. | | |
  17. | v |
  18. +---------------+ | +--------------+ |
  19. | | | | +--------------+ |
  20. | Ingress LB +---------> | | | |
  21. | | | | | Worker | |
  22. +---------------+ | | | node(s) | |
  23. | +-+ | |
  24. | +--------------+ |
  25. +-----------------------+
  26. ```
  27. ## Requirements
  28. * Terraform 0.12.0 or newer
  29. ## Quickstart
  30. To get a cluster up and running you'll need a JSON keyfile.
  31. Set the path to the file in the `tfvars.json` file and run the following:
  32. ```bash
  33. terraform apply -var-file tfvars.json -state dev-cluster.tfstate -var gcp_project_id=<ID of your GCP project> -var keyfile_location=<location of the json keyfile>
  34. ```
  35. To generate kubespray inventory based on the terraform state file you can run the following:
  36. ```bash
  37. ./generate-inventory.sh dev-cluster.tfstate > inventory.ini
  38. ```
  39. You should now have a inventory file named `inventory.ini` that you can use with kubespray, e.g.
  40. ```bash
  41. ansible-playbook -i contrib/terraform/gcs/inventory.ini cluster.yml -b -v
  42. ```
  43. ## Variables
  44. ### Required
  45. * `keyfile_location`: Location to the keyfile to use as credentials for the google terraform provider
  46. * `gcp_project_id`: ID of the GCP project to deploy the cluster in
  47. * `ssh_pub_key`: Path to public ssh key to use for all machines
  48. * `region`: The region where to run the cluster
  49. * `machines`: Machines to provision. Key of this object will be used as the name of the machine
  50. * `node_type`: The role of this node *(master|worker)*
  51. * `size`: The size to use
  52. * `zone`: The zone the machine should run in
  53. * `additional_disks`: Extra disks to add to the machine. Key of this object will be used as the disk name
  54. * `size`: Size of the disk (in GB)
  55. * `boot_disk`: The boot disk to use
  56. * `image_name`: Name of the image
  57. * `size`: Size of the boot disk (in GB)
  58. * `ssh_whitelist`: List of IP ranges (CIDR) that will be allowed to ssh to the nodes
  59. * `api_server_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to the API server
  60. * `nodeport_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to the kubernetes nodes on port 30000-32767 (kubernetes nodeports)
  61. * `ingress_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to ingress on ports 80 and 443
  62. * `extra_ingress_firewalls`: Additional ingress firewall rules. Key will be used as the name of the rule
  63. * `source_ranges`: List of IP ranges (CIDR). Example: `["8.8.8.8"]`
  64. * `protocol`: Protocol. Example `"tcp"`
  65. * `ports`: List of ports, as string. Example `["53"]`
  66. * `target_tags`: List of target tag (either the machine name or `control-plane` or `worker`). Example: `["control-plane", "worker-0"]`
  67. ### Optional
  68. * `prefix`: Prefix to use for all resources, required to be unique for all clusters in the same project *(Defaults to `default`)*
  69. * `master_sa_email`: Service account email to use for the control plane nodes *(Defaults to `""`, auto generate one)*
  70. * `master_sa_scopes`: Service account email to use for the control plane nodes *(Defaults to `["https://www.googleapis.com/auth/cloud-platform"]`)*
  71. * `master_preemptible`: Enable [preemptible](https://cloud.google.com/compute/docs/instances/preemptible)
  72. for the control plane nodes *(Defaults to `false`)*
  73. * `master_additional_disk_type`: [Disk type](https://cloud.google.com/compute/docs/disks/#disk-types)
  74. for extra disks added on the control plane nodes *(Defaults to `"pd-ssd"`)*
  75. * `worker_sa_email`: Service account email to use for the worker nodes *(Defaults to `""`, auto generate one)*
  76. * `worker_sa_scopes`: Service account email to use for the worker nodes *(Defaults to `["https://www.googleapis.com/auth/cloud-platform"]`)*
  77. * `worker_preemptible`: Enable [preemptible](https://cloud.google.com/compute/docs/instances/preemptible)
  78. for the worker nodes *(Defaults to `false`)*
  79. * `worker_additional_disk_type`: [Disk type](https://cloud.google.com/compute/docs/disks/#disk-types)
  80. for extra disks added on the worker nodes *(Defaults to `"pd-ssd"`)*
  81. An example variables file can be found `tfvars.json`
  82. ## Known limitations
  83. This solution does not provide a solution to use a bastion host. Thus all the nodes must expose a public IP for kubespray to work.