2021-03-15 08:41:04 +00:00
# Kubernetes on UpCloud with Terraform
Provision a Kubernetes cluster on [UpCloud ](https://upcloud.com/ ) using Terraform and Kubespray
## Overview
The setup looks like following
```text
Kubernetes cluster
2021-09-10 20:55:21 +00:00
+--------------------------+
| +--------------+ |
| | +--------------+ |
| --> | | | |
| | | Master/etcd | |
| | | node(s) | |
| +-+ | |
| +--------------+ |
| ^ |
| | |
| v |
| +--------------+ |
| | +--------------+ |
| --> | | | |
| | | Worker | |
| | | node(s) | |
| +-+ | |
| +--------------+ |
+--------------------------+
2021-03-15 08:41:04 +00:00
```
2021-09-10 20:55:21 +00:00
The nodes uses a private network for node to node communication and a public interface for all external communication.
2021-03-15 08:41:04 +00:00
## Requirements
* Terraform 0.13.0 or newer
## Quickstart
NOTE: Assumes you are at the root of the kubespray repo.
For authentication in your cluster you can use the environment variables.
```bash
export TF_VAR_UPCLOUD_USERNAME=username
export TF_VAR_UPCLOUD_PASSWORD=password
```
To allow API access to your UpCloud account, you need to allow API connections by visiting [Account-page ](https://hub.upcloud.com/account ) in your UpCloud Hub.
Copy the cluster configuration file.
```bash
CLUSTER=my-upcloud-cluster
cp -r inventory/sample inventory/$CLUSTER
cp contrib/terraform/upcloud/cluster-settings.tfvars inventory/$CLUSTER/
export ANSIBLE_CONFIG=ansible.cfg
cd inventory/$CLUSTER
```
Edit `cluster-settings.tfvars` to match your requirement.
Run Terraform to create the infrastructure.
```bash
terraform init ../../contrib/terraform/upcloud
terraform apply --var-file cluster-settings.tfvars \
-state=tfstate-$CLUSTER.tfstate \
../../contrib/terraform/upcloud/
```
You should now have a inventory file named `inventory.ini` that you can use with kubespray.
You can use the inventory file with kubespray to set up a cluster.
It is a good idea to check that you have basic SSH connectivity to the nodes. You can do that by:
```bash
ansible -i inventory.ini -m ping all
```
You can setup Kubernetes with kubespray using the generated inventory:
```bash
ansible-playbook -i inventory.ini ../../cluster.yml -b -v
```
## Teardown
You can teardown your infrastructure using the following Terraform command:
```bash
terraform destroy --var-file cluster-settings.tfvars \
-state=tfstate-$CLUSTER.tfstate \
../../contrib/terraform/upcloud/
```
## Variables
2021-09-10 20:55:21 +00:00
* `prefix` : Prefix to add to all resources, if set to "" don't set any prefix
2021-03-15 08:41:04 +00:00
* `template_name` : The name or UUID of a base image
2021-09-10 20:55:21 +00:00
* `username` : a user to access the nodes, defaults to "ubuntu"
* `private_network_cidr` : CIDR to use for the private network, defaults to "172.16.0.0/24"
2021-03-15 08:41:04 +00:00
* `ssh_public_keys` : List of public SSH keys to install on all machines
* `zone` : The zone where to run the cluster
* `machines` : Machines to provision. Key of this object will be used as the name of the machine
* `node_type` : The role of this node *(master|worker)*
2022-05-11 17:15:03 +00:00
* `plan` : Preconfigured cpu/mem plan to use (disables `cpu` and `mem` attributes below)
2021-03-15 08:41:04 +00:00
* `cpu` : number of cpu cores
* `mem` : memory size in MB
* `disk_size` : The size of the storage in GB
2021-09-10 20:55:21 +00:00
* `additional_disks` : Additional disks to attach to the node.
* `size` : The size of the additional disk in GB
* `tier` : The tier of disk to use (`maxiops` is the only one you can choose atm)
2022-05-11 17:15:03 +00:00
* `firewall_enabled` : Enable firewall rules
2022-07-19 07:18:06 +00:00
* `firewall_default_deny_in` : Set the firewall to deny inbound traffic by default. Automatically adds UpCloud DNS server and NTP port allowlisting.
* `firewall_default_deny_out` : Set the firewall to deny outbound traffic by default.
2022-05-11 17:15:03 +00:00
* `master_allowed_remote_ips` : List of IP ranges that should be allowed to access API of masters
* `start_address` : Start of address range to allow
* `end_address` : End of address range to allow
* `k8s_allowed_remote_ips` : List of IP ranges that should be allowed SSH access to all nodes
* `start_address` : Start of address range to allow
* `end_address` : End of address range to allow
2022-07-19 07:18:06 +00:00
* `master_allowed_ports` : List of port ranges that should be allowed to access the masters
* `protocol` : Protocol *(tcp|udp|icmp)*
* `port_range_min` : Start of port range to allow
* `port_range_max` : End of port range to allow
* `start_address` : Start of address range to allow
* `end_address` : End of address range to allow
* `worker_allowed_ports` : List of port ranges that should be allowed to access the workers
* `protocol` : Protocol *(tcp|udp|icmp)*
* `port_range_min` : Start of port range to allow
* `port_range_max` : End of port range to allow
* `start_address` : Start of address range to allow
* `end_address` : End of address range to allow
2022-05-11 17:15:03 +00:00
* `loadbalancer_enabled` : Enable managed load balancer
* `loadbalancer_plan` : Plan to use for load balancer *(development|production-small)*
* `loadbalancers` : Ports to load balance and which machines to forward to. Key of this object will be used as the name of the load balancer frontends/backends
* `port` : Port to load balance.
* `backend_servers` : List of servers that traffic to the port should be forwarded to.