This configuration will deploy a Kubernetes cluster with:
- one master
- some workers
- a Weave Net pod network
The configuration was built from the instructions found on this page: https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
This configuration requires terraform-provider-cloudca installed.
- Installation instructions are available here: https://github.com/cloud-ca/terraform-provider-cloudca#installation.and
- Create a file terraform.tfvars containing the following variables:
api_key: your cloud.ca API keyorganization_code: name used to connect to cloud.ca - <organization_code>.cloud.caadmin: a list of users in your organization who will have theEnvironment Adminroleread_only: a list of users in your organization who wil have theRead Onlyrole
- You can also override the following variables in the terraform.tfvars file
service_code:compute-qcorcompute-on(default:compute-qc)zone_id:QC-1orQC-2when usingcompute-qc,ON-1when usingcompute-on(default:QC-2)prefix: a prefix for all resources created (default:k8s)username: the username you will use to connect to the machines (default:kubernetes)
- Initialize Terraform using
terraform init
Terraform will output a command to connect to the bastion node at the end of the run.
The Kubernetes configuration was copied on the bastion node to the user's home directory.
With this user, you should be able to run kubectl commands. For example, at the end of
the Terraform run, try executing kubectl get nodes to see if all workers have joined
the cluster successfully, and kubectl get pods --namespace kube-system to make sure all
system components started properly (give it time, it takes a few minutes to fully
initialize).
This configuration also contains the necessary configuration to create a basic Vault deployment. If you want to create the Vault deployment, you will need to:
- Create an Object Storage environment, and a container
- Specify the following values in terraform.tfvars:
os_username: Object storageUser namein cloud.caos_project: Object StorageTenant namein cloud.caos_password: Object StoragePasswordin cloud.caos_auth_url: Object StorageAuthentication endpointin cloud.cacontainer: Container used to store Vault datadeploy_vault: Set this to true
This will write a vault.yaml manifest in the manifests/ folder, upload it to the
Kubernetes cluster and start the deployment. You will need to take care of the Vault
initialization. Note that this manifest will create 3 replicas of a non-HA Vault servers
connected to the same storage backend. You can access this container by creating a public IP and a
load balancing rule that will redirect requests to the right NodePort that was reserved by Kubernetes.
kubectl get deploymentswill show the deploymentkubectl get pods -o widewill show the 3 replicas of the vault podskubectl get svc -l app-vaultwill show the node port that was assign for this deployment