Skip to content
/ multizone-iks-on-vpc-cluster Public

Provision of a Kubernetes cluster on an existing VPC network, with private application load balancers.

0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cloud-Schematics/multizone-iks-on-vpc-cluster

BranchesTags

Repository files navigation

Kubernetes cluster on VPC

This module creates an IKS Cluster on an existing VPC network and enables Private ALBs (Application Load Balancers). Optionally, it can also enable public ALBs.

Currently IBM Schematics only supports terraform version 0.11, but modules are included for 0.12.0.

Cluster

Additional Assets:

  1. This can create a Cluster ALB Cert

ALB Cert

Table of Contents

  1. IKS on VPC Cluster
  2. Application Load Balancers
  3. Module Variables
  4. Outputs
  5. As a Module in a Larger Architecture
  6. Additional Assets

IKS on VPC Cluster

This module creates a multizone IKS on VPC cluster. Optionally, you can disable the public service endpoint on creation.

More Info

ALBs

This module enables either private ALBs or both public and Private ALBs on a cluster

The application load balancer (ALB) is an external load balancer that listens for incoming HTTP, HTTPS, or TCP service requests. The ALB then forwards requests to the appropriate app pod according to the rules defined in the Ingress resource.1

Module Variables

Variable Type Description Default
ibmcloud_apikey String IBM Cloud IAM API Key
ibm_region String IBM Cloud region where all resources will be deployed eu-gb
resource_group String Name of resource group to provision resources asset-development
generation Number Generation of VPC architecture. Currently IKS is only available in gen 1 1
vpc_name String Name of VPC where cluster is to be created
subnet_ids List List of subnet IDs [zone 1, zone 2, zone 3]
cluster_name String Name for the cluster to be created
machine_type String Machine type for the IKS Cluster b2.4x16
worker_count Number Number of workers per zone 2
disable_pse Boolean Disable public service endpoint for cluster false
only_private_albs Boolean Enable only private albs false

Outputs

  • cluster_name: Name of the IKS on VPC Cluster
  • cluster_id: ID of the IKS on VPC Cluster

As a Module in a Larger Architecture

Use the ./module folder to include this in a larger architecture

Declaring this Module:

Using Default Variables

data ibm_resource_group resource_group {
    name = "<your resource group name>"
}

resource ibm_is_vpc vpc {
    name           = "${var.unique_id}-vpc"
    resource_group = "${data.ibm_resource_group.resource_group.id}"
    classic_access = "${var.classic_access}"
}


resource ibm_is_vpc_address_prefix subnet_prefix {
  count = 3

  name  = "${var.unique_id}-prefix-zone-${count.index + 1}"
  zone  = "${var.ibm_region}-${(count.index % 3) + 1}"
  vpc   = "${ibm_is_vpc.vpc.id}"
  cidr  = "${element(var.cidr_blocks, count.index)}"
}

resource ibm_is_subnet subnet {
  count           = 3

  name            = "${var.unique_id}-subnet-${count.index + 1}"
  vpc             = "${ibm_is_vpc.vpc.id}"
  zone            = "${var.ibm_region}-${count.index + 1}"
  ipv4_cidr_block = "${element(ibm_is_vpc_address_prefix.subnet_prefix.*.cidr, count.index)}"
  network_acl     = "${ibm_is_network_acl.multizone_acl.id}"
  public_gateway  = "${var.enable_public_gateway ? element(ibm_is_public_gateway.public_gateway.*.id, count.index) : null}"
}


module vpc_cluster {
    source             = "./<path to your code>"
    ibm_region         = "${var.ibm_region}"
    resource_group_id  = "${data.ibm_resource_group.resource_group.id}"
    vpc_id             = "${ibm_is_vpc.vpc.id}"
    subnet_ids         = "${ibm_is_subnet.subnet.*.id}"
    cluster_name       = "${var.unique_id}-cluster"
}

Using Custom Variables

data ibm_resource_group resource_group {
  name = "<your resource group name>"
}

module vpc_cluster {
    source             = "./<path to your code>"
    ibm_region         = "<your value or reference>"
    resource_group_id  = "<your value or reference>"
    vpc_id             = "<your value or reference>"
    subnet_ids         = "<your value or reference>"
    cluster_name       = "<your value or reference>"
    machine_type       = "<your value or reference>"
    worker_count       = "<your value or reference>"
    disable_pse        = "<your value or reference>"
    only_private_albs  = "<your value or reference>"
}

Additional Assets

  1. ALB Cert

ALB Cert

This module uploads a certificate to CMS and uses that certificate to create an ALB Certificate for your IKS cluster. This asset requires an IBM Cloud Certificate Manager Instance, a Certificate, and a Certificate Private Key

ALB Cert

Adding this file to your module

  1. Create a config directory into your root module directory
  2. Add you certificates to this directory
  3. Move alb_cert.tf into your root module directory
  4. Replace the file names in ibm_certificate_manager_import block in alb_cert.tf with your certificate file names
    • content = "${file("${path.module}/config/YOUR_CERT_NAME.pem")}"
    • priv_key = "${file("${path.module}/config/YOUR_PRIVATE_KEY.key")}"
  5. Add the variables from variables.tf into the variables.tf file of your root module directory

About

Provision of a Kubernetes cluster on an existing VPC network, with private application load balancers.

Topics

network terraform kubernetes-cluster vpc load-balancers

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

5 forks
Report repository

Releases 2

v1.0.1 Latest
Dec 14, 2021
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages