Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hobby-kube/provisioning
Kubernetes cluster provisioning using Terraform.
https://github.com/hobby-kube/provisioning
automation guide kubernetes provisioning secure setup terraform
Last synced: 7 days ago
JSON representation
Kubernetes cluster provisioning using Terraform.
- Host: GitHub
- URL: https://github.com/hobby-kube/provisioning
- Owner: hobby-kube
- License: mit
- Created: 2017-04-18T18:58:02.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-09-26T08:36:56.000Z (about 1 year ago)
- Last Synced: 2024-04-11T08:32:43.975Z (7 months ago)
- Topics: automation, guide, kubernetes, provisioning, secure, setup, terraform
- Language: HCL
- Homepage: https://hobby-kube.dev/guide
- Size: 124 KB
- Stars: 311
- Watchers: 16
- Forks: 109
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: security/ufw/main.tf
Awesome Lists containing this project
README
# Kubernetes cluster setup automation
> This is part of the Hobby Kube project. Functionality of the modules is described in the [guide](https://github.com/hobby-kube/guide).
Deploy a secure Kubernetes cluster on [Hetzner Cloud](https://www.hetzner.com/cloud), [Scaleway](https://www.scaleway.com/), [DigitalOcean](https://www.digitalocean.com/) or [Packet](https://www.packet.com/) using [Terraform](https://www.terraform.io/).
## Setup
### Requirements
The following packages are required to be installed locally:
```sh
brew install terraform kubectl jq wireguard-tools
```Modules are using ssh-agent for remote operations. Add your SSH key with `ssh-add -K` if Terraform repeatedly fails to connect to remote hosts.
### Configuration
**Important:** Modify only [main.tf](main.tf) in project root, comment or uncomment sections as needed. All variables in [variables.tf](variables.tf) can be set
either directly or from environment variable.Export the following environment variables depending on the modules you're using:
#### Set number of hosts (nodes)
```sh
export TF_VAR_node_count=3
```#### Set number of etcd members
The first N nodes will be part of the etcd cluster.
3 or 5 are good values, see [here](https://coreos.com/etcd/docs/latest/faq.html#system-requirements).```sh
export TF_VAR_etcd_node_count=3
```#### Using Hetzner Cloud as provider
```sh
export TF_VAR_hcloud_token=
export TF_VAR_hcloud_ssh_keys=
export TF_VAR_hcloud_ssh_keys='["", ""]'
# Defaults:
# export TF_VAR_hcloud_location="nbg1"
# export TF_VAR_hcloud_type="cx11"
# export TF_VAR_hcloud_image="ubuntu-24.04"
```SSH keys are referenced by their description. Visit the Hetzner Cloud console at
`https://console.hetzner.cloud/projects//access/sshkeys`#### Using Scaleway as provider
```sh
export TF_VAR_scaleway_organization_id=
export TF_VAR_scaleway_access_key= # can be omitted for now
export TF_VAR_scaleway_secret_key=
# Defaults:
# export TF_VAR_scaleway_zone="nl-ams-1"
# export TF_VAR_scaleway_type="DEV1-S"
# export TF_VAR_scaleway_image="Ubuntu 24.04 Noble Numbat"
# export TF_VAR_scaleway_image_architecture="x86_64"
```#### Using DigitalOcean as provider
```sh
export TF_VAR_digitalocean_token=
export TF_VAR_digitalocean_ssh_keys=
export TF_VAR_digitalocean_ssh_keys='["", ""]'
# Defaults:
# export TF_VAR_digitalocean_region="fra1"
# export TF_VAR_digitalocean_size="1gb"
# export TF_VAR_digitalocean_image="ubuntu-24-04-x64"
```You can get SSH key IDs using [this API](https://developers.digitalocean.com/documentation/v2/#list-all-keys).
#### Using Packet as provider
```sh
export TF_VAR_packet_auth_token=
export TF_VAR_packet_project_id=
# Defaults:
# export TF_VAR_packet_facility="sjc1"
# export TF_VAR_packet_plan="c1.small.x86"
# export TF_VAR_packet_operating_system="ubuntu_24_04"
```#### Using vSphere as provider
```sh
export TF_VAR_vsphere_server=
export TF_VAR_vsphere_datacenter=
export TF_VAR_vsphere_cluster=
export TF_VAR_vsphere_network=
export TF_VAR_vsphere_datastore=
export TF_VAR_vsphere_vm_template=
export TF_VAR_vsphere_user=
export TF_VAR_vsphere_password=
# Defaults:
# export TF_VAR_vsphere_vm_linked_clone=false
# export TF_VAR_vsphere_vm_num_cpus="2"
# export TF_VAR_vsphere_vm_memory="2048"
```Template VM needs to pre-configured so that root can login using SSH key.
#### Using UpCloud as provider
```sh
export TF_VAR_upcloud_username=
export TF_VAR_upcloud_password=
export TF_VAR_upcloud_ssh_keys='[""]'
# Defaults:
# export TF_VAR_upcloud_zone="de-fra1"
# export TF_VAR_upcloud_plan="1xCPU-2GB"
# export TF_VAR_upcloud_disk_template="Ubuntu Server 24.04 LTS (Noble Numbat)"
```You will need API credentials to use the UpCloud terraform provider, see https://upcloud.com/community/tutorials/getting-started-upcloud-api/ for more info.
#### Using Cloudflare for DNS entries
```sh
export TF_VAR_domain= # e.g. example.org
export TF_VAR_cloudflare_api_token=
```#### Using Amazon Route 53 for DNS entries
```sh
export TF_VAR_domain= # e.g. example.org shall be already added to hosted zones.
export TF_VAR_aws_access_key=
export TF_VAR_aws_secret_key=
export TF_VAR_aws_region= # e.g. eu-west-1
```#### Install additional APT packages
Each provider takes an optional variable to install further packages during provisioning:
```
module "provider" {
# ...
apt_packages = ["ceph-common", "nfs-common"]
}
```#### Add more firewall rules
Security/ufw takes an optional variable to add custom firewall rules during provisioning:
```
module "firewall" {
# ...
additional_rules = ["allow 1194/udp", "allow ftp"]
}
```### Execute
From the root of this project...
```sh
# fetch the required modules
$ terraform init# see what `terraform apply` will do
$ terraform plan# execute it
$ terraform apply
```## Using modules independently
Modules in this repository can be used independently:
```hcl
module "kubernetes" {
source = "github.com/hobby-kube/provisioning/service/kubernetes"# Or to pin a certain commit
# source = "git::https://github.com/hobby-kube/provisioning.git//service/kubernetes?ref=800d5d5031245cf31a803a147eaa40a0de0573f1"
}
```After adding this to your plan, run `terraform get` to fetch the module.