Running Kubernetes on OpenStack with kubeadm and terraform, only accesible with a vpn
Create a main.tf with the following content (obviously set the variables to your real values):
module "my_cluster" {
source = "git::https://github.com/johscheuer/kubernetes-on-openstack.git"
auth_url = "${var.auth_url}"
cluster_name = "${var.cluster_name}"
username = "${var.username}"
password = "${var.password}"
domain_name = "${var.domain_name}"
project_id = "${var.project_id}"
image_name = "${var.image_name}"
kubeversion = "${var.kubeversion}"
tenant_name = "${var.tenant_name}"
}Fetch the module, initialize the folder and run plan:
terraform get --update
terraform init
terraform planNow you can create the cluster:
terraform applyThe Kubernetes cluster will use Keystone authentication (over a WebHook). For more information have a look here. After running terraform apply there will be output how to authenticate against the newly created cluster. In order to actually authenticate with KeyStone you need to perform the following steps described here. The --insecure-skip-tls-verify=true is needed because we use the auto-generated certificates of kubeadm. There are possible workarounds to remove the flag (e.g. fetch the ca from the Kubernetes master).
Keep in mind: As a default all users in the (OpenStack) project will have cluster-admin rights.
When the machine has booted:
ssh ubuntu@<floating-ip>To access the API server from external (as long as the Keystone auth doesn't work):
scp ubuntu@<floating-ip>:/home/ubuntu/.kube/config ~/.kube/my_cluster_config
export KUBECONFIG=~/.kube/my_cluster_config
kubectl get cs- Docs
- image (architecture)
- LB for API server
- OpenStack integration (testing)
- Authentication over OpenStack (keystone)
- Create a module
- HA control plane (https://kubernetes.io/docs/setup/independent/high-availability)
- Add extra disks to master and worker
- Use Clear Containers