https://github.com/shini4i/disposable-k8s-cluster

A simple project for bootstrapping kubernetes cluster for short experiments
https://github.com/shini4i/disposable-k8s-cluster

argocd bootstrap homelab k8s-at-home kubernetes learning-by-doing sandbox terraform workshop

Last synced: 4 days ago
JSON representation

A simple project for bootstrapping kubernetes cluster for short experiments

• Host: GitHub
• URL: https://github.com/shini4i/disposable-k8s-cluster
• Owner: shini4i
• License: mit
• Created: 2023-05-12T12:28:48.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-05T16:24:11.000Z (7 days ago)
• Last Synced: 2024-11-05T17:31:01.697Z (7 days ago)
• Topics: argocd, bootstrap, homelab, k8s-at-home, kubernetes, learning-by-doing, sandbox, terraform, workshop
• Language: HCL
• Homepage:
• Size: 84 KB
• Stars: 6
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        


# disposable-k8s-cluster

This repository contains a set of scripts to create a disposable kubernetes cluster on one of supported cloud providers.





## General information

This project is intended to be used as a playground for testing and learning purposes. It is not intended to be used in

production.

It was created in the way that should support extending it with new cloud providers and new applications.

Currently supported bootstrap options:

* [DigitalOcean](https://www.digitalocean.com/)

* [kind](https://kind.sigs.k8s.io/) - not a cloud provider, but a tool to create a kubernetes cluster on a local machine

Additionally, to simplify access to the cluster, we are

deploying [external-dns](https://github.com/kubernetes-sigs/external-dns) and [cert-manager](https://cert-manager.io/)

to the cluster.

Those two controllers will be used to automatically create DNS records and TLS certificates for the ingress resources in

the cluster.

> [!NOTE]

> In case the certificates and dns records are not required, the project can be bootstrapped with `SKIP_EXPOSE=true`

### Default applications

The following applications (controllers) are deployed to the cluster by default:

* [ArgoCD](https://argoproj.github.io/argo-cd/) - a declarative, GitOps continuous delivery tool for Kubernetes

* [cert-manager](https://cert-manager.io/) - used to automatically create TLS certificates for the ingress resources

* [external-dns](https://github.com/kubernetes-sigs/external-dns) - used to automatically create DNS records for the

  ingress resources

* [reflector](https://github.com/emberstack/kubernetes-reflector) - used for copying objects between namespaces [1]

* [traefik](https://traefik.io/) - used as an ingress controller

## Prerequisites

### Mandatory

* [OpenTofu](https://opentofu.org/) - used to create the cluster and deploy default applications

* [tfswitch](https://tfswitch.warrensbox.com/) - used to ensure that the correct version of tofu is used

* [GNU make](https://www.gnu.org/software/make/) - used to orchestrate the deployment

* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - used to interact with the cluster

### Optional

* [direnv](https://direnv.net/) - used to automatically load environment variables from `.env` or `.envrc` files

## Configuration

A list of environment variables that can be used to configure the deployment:

| Variable                      | Description                                                                        | Required | Notes                   |

|-------------------------------|------------------------------------------------------------------------------------|----------|-------------------------|

| `TF_VAR_do_token`             | DigitalOcean API token (required only when using DigitalOcean as a cloud provider) | No       |                         |

| `TF_VAR_cloudflare_api_token` | Cloudflare API token (required for generating TLS certificates and DNS records)    | Yes      | Unless SKIP_EXPOSE=true |

| `KUBECONFIG`                  | Path to the kubeconfig file (should be set to `./kubeconfig`)                      | Yes      |

| `DISPOSABLE_DOMAIN`           | Domain that will be used to create DNS records and TLS certificates                | Yes      |                         |

| `SKIP_EXPOSE`                 | Whether `external-dns` and `cert-manager` deployment should be skipped             | No       |                         |

## Usage

To set up a temporary kubernetes cluster, including infrastructure and common services run:

```bash

make bootstrap

```

To destroy ephemeral kubernetes cluster run:

```bash

make destroy

```

To stop kind cluster run:

```bash

make stop

```

To start kind cluster run:

```bash

make start

```

### Reflector

One of potential use cases would be to configure automatic copy of `docker-registry` secret across all namespaces:

```bash

kubectl create secret docker-registry regcred \

--docker-server=registry.example.com \

--docker-username=user \

--docker-password=verysecretsecret

```

And later on add the following annotation to the `regcred` secret:

```

reflector.v1.k8s.emberstack.com/reflection-allowed: "true"

reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"

reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: ""

```

## Contributing

Contributions are welcome! Feel free to submit a pull request. For major changes, please open an issue first to discuss.

[1]: #reflector