PRE-ALPHA. Please don't use the project for any production workloads. Also, be sure to spin your cluster down if you aren't using it as it will cost you--or your company--money.
- If you don't already have one, sign up for a Google Cloud Platform account.
- Download the
gcloudcommand-line tool. - Create a project in GCP named
k8s-the-hard-way-tf. - On the command line, run:
gcloud initto set up your account credentials/project details to point at the newly created project. - Create a service account (
IAM & admin>Service accounts>+ CREATE SERVICE ACCOUNT) in thek8s-the-hard-way-tfproject withOwnerpermissions, create/download the*.jsoncredentials generated by the service account, and place them in a safe location on your local machine. - Set your Google Application credentials using:
export GOOGLE_APPLICATION_CREDENTIALS=<path-to-your-credentials-json>. - Go to the
certsdirectory, and run thecreate-ca.shscript, followed by thegen-certs.shscript. This will create a self-signed CA, and create/sign all of the generated certs with that CA. - Go to the
configsdirectory, and run thegen-config.shscript. This will create the encryption configuration for the new Kubernetes cluster. - Add a public
sshkey to your project metadata (Compute Engine>Metadata>SSH Keys) using the format<protocol> <key-blob> <username@example.com>. The virtual machines you spin up will inherit this public key and allow theremote-execprovisioners to work. - Fill in the variables in
variables.tfthat haveTODOnext to them. - OPTIONAL: Edit the GitHub usernames in
scripts/add-ssh-keys.shto give trusted colleagues/friends access to the machines in your Kubernetes cluster (see the Motivation section for more details). - Run:
terraform initto initialize Terraform. - Run:
terraform planto see the planned changes that Terraform will make. - Run:
terraform applyto create your Kubernetes cluster. NOTE: The firstterraform applymight fail because theCompute Engine API has not been used in projectbefore. Follow the link provided in the error message (should be something likehttps://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=0123456789) and clickENABLE. After the API is enabled, rerunterraform apply. - Configure
kubectlto use the new cluster by running theconfigure-kubectlscript. - Run
kubectl get cs(or another related command) to test the cluster's component statuses.
Make a PR and we'll go from there!
This cluster was designed for the purpose of enabling effective study for the Certified Kubernetes Administrator (CKA) exam. The vision was to define a custom, from-scratch Kubernetes cluster in Terraform (using Kelsey Hightower's kubernetes-the-hard-way tutorial as a reference point--thanks Kelsey), so that you could spin up a Kubernetes cluster with access to all of its internal components--including the Control Plane--on-demand, and destroy it if the cluster became unusable, or you just want to start over. This code enabled the majority of the Cloud Engineers at Nebulaworks to effectively study for, and get their CKA through hands-on practice in a CKA-exam-like environment (see below).
How we would practice creating/using Kubernetes objects and completing tasks for the CKA:
- Run
terraform applyto create your Kubernetes cluster. - Scour the Kubernetes reference docs and try to create the objects/complete the tasks that you see.
How we would practice for things breaking in the CKA:
- Edit
scripts/add-ssh-keys.shto give trusted colleagues/friends access to the machines in your Kubernetes cluster. - Run
terraform applyto create your Kubernetes cluster. - Have your trusted colleagues/friends
sshinto your cluster and break things [you'll need to give them the username for your machines (runwhoami), and the IP addresses of your machines (runterraform output)]. - Fix the things that are broken.