Kubernetes - DigitalOcean - Terraform

Deploy your Kubernetes cluster on DigitalOcean using Terraform.

Requirements

• DigitalOcean account
• DigitalOcean Token In DO's settings/tokens/new
• Terraform

On Mac

With brew installed, all tools can be installed with

brew install terraform kubectl 

Do all the following steps from a development machine. It does not matter where it is, as long as it is connected to the internet. This one will be subsequently used to access the cluster via kubectl.

Generate private / public keys

ssh-keygen -t rsa -b 4096

The system will prompt you for a file path to save the key, we will go with ~/.ssh/id_rsa in this tutorial.

Add your public key in the DigitalOcean control panel

Do it here. Name it and paste the public key just below Add SSH Key.

Add this key to your SSH agent

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa

Invoke Terraform

We put our DigitalOcean token in the file ./secrets/DO_TOKEN (this directory is mentioned in .gitignore, of course, so we don't leak it)

Then we setup the environment variables (step into this repository root).

export TF_VAR_do_token=$(cat ./secrets/DO_TOKEN)
export TF_VAR_ssh_fingerprint=$(ssh-keygen -E MD5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}' | sed 's/MD5://g')

If you are using an older version of OpenSSH (<6.9), replace the last line with

export TF_VAR_ssh_fingerprint=$(ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}')

There is a convenience script for you in ./setup_terraform.sh. Invoke it as

. ./setup_terraform.sh

Optionally, you can customize the datacenter region via:

export TF_VAR_do_region=fra1

The default region is nyc3. You can find a list of available regions from DigitalOcean.

After setup, call terraform apply

terraform apply

That should do! kubectl is configured, so you can just check the nodes (get no) and the pods (get po).

$ KUBECONFIG=$PWD/secrets/admin.conf kubectl get no
NAME          LABELS                               STATUS
X.X.X.X   kubernetes.io/hostname=X.X.X.X   Ready     2m
Y.Y.Y.Y   kubernetes.io/hostname=Y.Y.Y.Y   Ready     2m

$ KUBECONFIG=$PWD/secrets/admin.conf kubectl --namespace=kube-system get po
NAME                                   READY     STATUS    RESTARTS   AGE
kube-apiserver-X.X.X.X                    1/1       Running   0          13m
kube-controller-manager-X.X.X.X           1/1       Running   0          12m
kube-proxy-X.X.X.X                        1/1       Running   0          12m
kube-proxy-X.X.X.X                        1/1       Running   0          11m
kube-proxy-X.X.X.X                        1/1       Running   0          12m
kube-scheduler-X.X.X.X                    1/1       Running   0          13m

You are good to go. Now, we can keep on reading to dive into the specifics.

Setup kubectl

After the installation is complete, terraform will put the kubeconfig in secrets/admin.conf. Test your brand new cluster

KUBECONF=$PWD/secrets/admin.conf kubectl get nodes

You should get something similar to

$ kubectl get nodes
NAME          LABELS                               STATUS
X.X.X.X       kubernetes.io/hostname=X.X.X.X       Ready

Deploy microbot with External IP

The file 04-microbot.yaml will be rendered (i.e. replace the value EXT_IP1), and then kubectl will create the Service and Replication Controller.

To see the IP of the service, run kubectl get svc and look for the EXTERNAL-IP (should be the first worker's ext-ip).