PRE-ALPHA. Please don't use the project for any production workloads. Also, be sure to spin your cluster down if you aren't using it as it will cost you--or your company--money.
- If you don't already have one, sign up for a Google Cloud Platform account.
- Download the
gcloud
command-line tool. - Create a project in GCP named
k8s-the-hard-way-tf
. - On the command line, run:
gcloud init
to set up your account credentials/project details to point at the newly created project. - Create a service account (
IAM & admin
>Service accounts
>+ CREATE SERVICE ACCOUNT
) in thek8s-the-hard-way-tf
project withOwner
permissions, create/download the*.json
credentials generated by the service account, and place them in a safe location on your local machine. - Set your Google Application credentials using:
export GOOGLE_APPLICATION_CREDENTIALS=<path-to-your-credentials-json>
. - Go to the
certs
directory, and run thecreate-ca.sh
script, followed by thegen-certs.sh
script. This will create a self-signed CA, and create/sign all of the generated certs with that CA. - Go to the
configs
directory, and run thegen-config.sh
script. This will create the encryption configuration for the new Kubernetes cluster. - Add a public
ssh
key to your project metadata (Compute Engine
>Metadata
>SSH Keys
) using the format<protocol> <key-blob> <[email protected]>
. The virtual machines you spin up will inherit this public key and allow theremote-exec
provisioners to work. - Fill in the variables in
variables.tf
that haveTODO
next to them. - OPTIONAL: Edit the GitHub usernames in
scripts/add-ssh-keys.sh
to give trusted colleagues/friends access to the machines in your Kubernetes cluster (see the Motivation section for more details). - Run:
terraform init
to initialize Terraform. - Run:
terraform plan
to see the planned changes that Terraform will make. - Run:
terraform apply
to create your Kubernetes cluster. NOTE: The firstterraform apply
might fail because theCompute Engine API has not been used in project
before. Follow the link provided in the error message (should be something likehttps://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=0123456789
) and clickENABLE
. After the API is enabled, rerunterraform apply
. - Configure
kubectl
to use the new cluster by running theconfigure-kubectl
script. - Run
kubectl get cs
(or another related command) to test the cluster's component statuses.
Make a PR and we'll go from there!
This cluster was designed for the purpose of enabling effective study for the Certified Kubernetes Administrator (CKA) exam. The vision was to define a custom, from-scratch Kubernetes cluster in Terraform (using Kelsey Hightower's kubernetes-the-hard-way tutorial as a reference point--thanks Kelsey), so that you could spin up a Kubernetes cluster with access to all of its internal components--including the Control Plane--on-demand, and destroy it if the cluster became unusable, or you just want to start over. This code enabled the majority of the Cloud Engineers at Nebulaworks to effectively study for, and get their CKA through hands-on practice in a CKA-exam-like environment (see below).
How we would practice creating/using Kubernetes objects and completing tasks for the CKA:
- Run
terraform apply
to create your Kubernetes cluster. - Scour the Kubernetes reference docs and try to create the objects/complete the tasks that you see.
How we would practice for things breaking in the CKA:
- Edit
scripts/add-ssh-keys.sh
to give trusted colleagues/friends access to the machines in your Kubernetes cluster. - Run
terraform apply
to create your Kubernetes cluster. - Have your trusted colleagues/friends
ssh
into your cluster and break things [you'll need to give them the username for your machines (runwhoami
), and the IP addresses of your machines (runterraform output
)]. - Fix the things that are broken.