- A digitalocean account
terraform
version1.1.0
For terraform provider digitalocean
to get authorized to our account, it will
look for an environment variable by the name DIGITALOCEAN_TOKEN
. To get this
token, you can go to the API
section of navbar on digitalocean and click on
Generate New Token
.
Fill in a name and you will get a hash. Export that as follows:
export DIGITALOCEAN_TOKEN=abcfksjfjsfcfsdkfdsjfkdsjfkdjfdkfj
You can now process with the following steps.
Without going into further details, what we are trying to do here is using
digitalocean spaces as backend for the state store of terraform. Initialisation
can be found in main.tf
as follows:
# Remote state
terraform {
backend "s3" {
endpoint = "fra1.digitaloceanspaces.com"
region = "eu-central-1"
key = "terraform.tfstate"
bucket = "k8s-spaces"
skip_credentials_validation = true
skip_metadata_api_check = true
}
}
The thing is, this block is originally intended for aws s3
, but we are using
the same to instead work with digitalocean spaces
. To make the above code to
work, we have to do the following:
-
Create a space in digital ocean: I used the UI for this. I created a space in
Frankfurt
region with namek8s-spaces
. It will give you an endpoint to connect to in the resulting window. Mine wasfra1.digitaloceanspaces.com
which I have used in the above config. -
Get the spaces access keys: Go to the
API
section in the navbar ondigitalocean
console, where you will see a sectionSpaces access keys
. Click onGenerate New Key
, fill in a name and you will get anid
and ansecret
. Export both as environment variables as follows:export AWS_ACCESS_KEY_ID=<access id from digitalocean> export AWS_SECRET_ACCESS_KEY=<secret from digitalocean>
Note that we are using env vars for
AWS
only because we are reusing the sames3
block to connect to spaces.
All the configuration necessary to create a cluster are given in this directory.
The most interesting part for us, in the cluster creating bit which can be seen
in the file kubernetes.tf
as follows:
# Deploy the actual Kubernetes cluster
resource "digitalocean_kubernetes_cluster" "kubernetes_cluster" {
name = "do-challenge-cluster"
region = "fra1"
version = "1.21.5-do.0"
tags = ["gitops-k8s-challenge"]
node_pool {
name = "nodepool-k8s-challenge"
size = "s-2vcpu-2gb"
auto_scale = true
min_nodes = 1
max_nodes = 4
tags = ["default-node-pool"]
labels = {
"app" = "gitops"
"priority" = "high"
}
}
}
The above configure will create a cluster with kubernetes runtime version 1.21.5
.
We have a configuration written that uses terraform provider for digitalocean,
to create a cluster in the region fra1
with autoscaling nodes(that range in
number between 1 and 4), of type s-2vcpu-2gb
.
In the kuberentes.tf
, you can also
see that, we try to get an ouput
from the operation, which is the kubeconfig
data, which is the configuration we need to connect to the cluster.
Now that all the setup are done, we can go ahead and create the cluster, just run the following make target to initialize the backend and create the cluster:
$ make create-cluster
The above step may take a few minutes to complete. If everything went as
planned, you can now go ahead get the kubeconfig
to connect to the cluster, as
follows:
$ make get-kubeconfig
The kubeconfig should now be present in secrets/kubeconfig
, edit it to remove
the EOF
lines.
Now you can connect to the cluster by:
$ export KUBECONFIG=$(pwd)/secrets/kubeconfig
$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cilium-operator-5f65c47d7d-t2nd4 1/1 Running 0 9m51s
kube-system cilium-wskzs 1/1 Running 0 7m15s
kube-system coredns-85d9ccbb46-tjpkl 1/1 Running 0 9m50s
kube-system coredns-85d9ccbb46-z4pz5 1/1 Running 0 9m50s
kube-system csi-do-node-sc97h 2/2 Running 0 7m15s
kube-system do-node-agent-lx9t6 1/1 Running 0 7m15s
kube-system kube-proxy-85p9j 1/1 Running 0 7m15s
All is good! You should be able to see the running cluster on the digitalocean UI as follows: