-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: closes issue #47 #48
Open
hyder
wants to merge
1
commit into
oracle-devrel:main
Choose a base branch
from
hyder:issue-47
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,161 @@ | ||
| --- | ||
| title: One does not simply deploy Kubernetes to the cloud | ||
| parent: tutorials | ||
| tags: | ||
| - open-source | ||
| - oke | ||
| - kubernetes | ||
| - terraform | ||
| - devops | ||
| categories: | ||
| - cloudapps | ||
| - opensource | ||
| thumbnail: | ||
| date: 2021-09-22 15:30 | ||
| description: How to create an OKE cluster with Terraform | ||
| toc: true | ||
| author: | ||
| name: Ali Mukadam | ||
| home: https://lmukadam.medium.com | ||
| bio: |- | ||
| Technical Director, Asia Pacific Center of Excellence. | ||
|
|
||
| For the past 16 years, Ali has held technical presales, architect and industry consulting roles in BEA Systems and Oracle across Asia Pacific, focusing on middleware and application development. Although he pretends to be Thor, his real areas of expertise are Application Development, Integration, SOA (Service Oriented Architecture) and BPM (Business Process Management). An early and worthy Docker and Kubernetes adopter, Ali also leads a few open source projects (namely [terraform-oci-oke](https://github.com/oracle-terraform-modules/terraform-oci-oke)) aimed at facilitating the adoption of Kubernetes and other cloud native technologies on Oracle Cloud Infrastructure. | ||
| linkedin: https://www.linkedin.com/in/alimukadam/ | ||
| redirect_from: "/collections/tutorials/deploying-the-argo-project-on-oke/" | ||
| --- | ||
| {% imgx alignright assets/create-oke-1.png 400 400 "Boromir" %} | ||
|
|
||
|
|
||
| Creating an Oracle Container Engine (OKE) cluster manually can be a time consuming task. At a minimum, you need to create the following: | ||
|
|
||
| - A VCN, an Internet Gateway, a NAT gateway if you want to a private worker node deployment | ||
| - Worker subnets with security list and a set of security rules or NSGs (Network Security Groups). These rules will vary depending on whether your worker nodes are public or private. | ||
| - Load balancer subnets with security list and a set of security rules or NSGs (Network Security Groups). Similar to the worker nodes, these rules will vary depending on whether your load balancers are public or private. | ||
|
|
||
| All of this is very well documented [here](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengnetworkconfigexample.htm). | ||
|
|
||
| Assuming you have done everything correctly, you can now create a cluster and node pools. | ||
|
|
||
| If you need a cluster quickly, say for an experiment or a demo, you can also use the Quick Create option in the OCI console. But for real implementation, it is better to use Infrastructure as Code and Terraform (or similar) to provision the clusters. For a more in-depth tutorial on Terraform with OCI, please refer to the [Terraform series] (https://cool.devo.build/tutorials/tf-101/). | ||
|
|
||
| ## Introducing terraform-oci-oke | ||
| We recently released v4.0 of the [terraform-oci-oke](https://github.com/oracle-terraform-modules/terraform-oci-oke) project. The project is a reusable Terraform module that you can use to provision an entire cluster. It will create the following: | ||
|
|
||
| - Basic networking requirements such as VCN, gateways, route tables, subnets, security lists, NSGs | ||
| - An optional bastion host that you can use to access private computes | ||
| - An optional operator host that you can use to perform deployment or other admin duties | ||
| - Support for mixed workloads variable and configurable number and shapes of worker node pools | ||
| - Quite a few extras such as ServiceAccount for the purpose of CI/CD, Secrets for using OCIR, encryption of the etcd and enforcement of signed images among many others | ||
|
|
||
| Let’s take it for a spin. Below is an example of what you can create with the terraform-oci-oke scripts. | ||
|
|
||
| {% imgx alignright assets/create-oke-2.png 400 400 "OKE Cluster with Bastion, Operator and 1 node pool" %} | ||
|
|
||
| I’ll be assuming that you have | ||
|
|
||
| - already configured your OCI account to use Terraform such as creating private keys etc. | ||
| - created the necessary policy and access rights to create an OKE cluster. If not, follow [these instructions](https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/prerequisites.adoc) first. | ||
|
|
||
| 1. First, clone the repo: | ||
|
|
||
| ``` | ||
| git clone https://github.com/oracle-terraform-modules/terraform-oci-oke.git tfoke | ||
| cd tfoke | ||
| `` | ||
|
|
||
| 2. Copy the terraform.tfvars.example to terraform.tfvars and edit the terraform.tfvars: | ||
|
|
||
| ``` | ||
| cp terraform.tfvars.example terraform.tfvars | ||
| ``` | ||
|
|
||
| 3. Enter the following information in the terraform.tfvars file: | ||
|
|
||
| - api_fingerprint | ||
| - api_private_key_path | ||
| - home_region (this is your tenancy's home region) | ||
| - region (this is the OCI region where you want to create the OKE cluster) | ||
| - tenancy_id | ||
| - user_id | ||
| - compartment_id | ||
| - ssh_private_key_path | ||
| - ssh_public_key_path | ||
|
|
||
| 4. Create 2 providers: | ||
|
|
||
| ``` | ||
| provider "oci" { | ||
| fingerprint = var.api_fingerprint | ||
| private_key_path = var.api_private_key_path | ||
| region = var.region | ||
| tenancy_ocid = var.tenancy_id | ||
| user_ocid = var.user_id | ||
| } | ||
|
|
||
| provider "oci" { | ||
| fingerprint = var.api_fingerprint | ||
| private_key_path = var.api_private_key_path | ||
| region = var.home_region | ||
| tenancy_ocid = var.tenancy_id | ||
| user_ocid = var.user_id | ||
| alias = "home" | ||
| } | ||
| ``` | ||
|
|
||
| Note that all the terraform options are fully documented [here](https://github.com/oracle-terraform-modules/terraform-oci-oke/blob/main/docs/terraformoptions.adoc). | ||
|
|
||
| 5. You can now run terraform plan and apply: | ||
|
|
||
| ``` | ||
| terraform plan | ||
| terraform apply -auto-approve | ||
| ``` | ||
|
|
||
| 6. By default, a cluster of with 2 nodepools consisting of 1 worker node each will be created for you unless you changed the ```node_pools``` parameter. | ||
|
|
||
| 7. When Terraform has completed, it will print the following for you: | ||
|
|
||
| ``` | ||
| bastion_public_ips = xyz.xyz.xyz.xyz | ||
| kubeconfig = export KUBECONFIG=generated/kubeconfig | ||
| ocirtoken = sensitive | ||
| ssh_to_bastion = "ssh -i ~/.ssh/id_rsa opc@xyz.xyz.xyz.xyz" | ||
| ssh_to_operator = "ssh -i ~/.ssh/id_rsa -J opc@xyz.xyz.xyz.xyz opc@abc.abc.abc.abc" | ||
| ``` | ||
|
|
||
| The kubeconfig file will also be created under the generated directory so you can just set your KUBECONFIG environment variable and start using kubectl: | ||
|
|
||
| ``` | ||
| export KUBECONFIG=generated/kubeconfig | ||
| ``` | ||
| And verify that you can interact with the cluster: | ||
|
|
||
| ``` | ||
| kubectl get nodes | ||
| NAME STATUS ROLES AGE VERSION | ||
| 10.0.13.2 Ready node 20h v1.20.11 | ||
| 10.0.23.2 Ready node 20h v1.20.11 | ||
| ``` | ||
|
|
||
| ## Using the operator host | ||
| The operator host is pre-installed with oci-cli, kubectl and helm as well as helpful aliases ('k' and 'h' for kubectl and helm respectively). Just login and start interacting with your cluster: | ||
|
|
||
| ``` | ||
| ssh -i ~/.ssh/id_rsa -J opc@xyz.xyz.xyz.xyz opc@abc.abc.abc.abc | ||
| ``` | ||
|
|
||
| Use kubectl: | ||
|
|
||
| ``` | ||
| kubectl get nodes | ||
| NAME STATUS ROLES AGE VERSION | ||
| 10.0.13.2 Ready node 20h v1.20.11 | ||
| 10.0.23.2 Ready node 20h v1.20.11 | ||
| ``` | ||
|
|
||
| You can turn on/off the bastion and operator hosts anytime without any impact on the OKE cluster. | ||
|
|
||
| There are plenty of other features that we have added to the project to make the life of an OCI and Kubernetes administrator more enjoyable. Please take the time to explore them. | ||
|
|
||
| If you have an idea, we would love to hear from you. Send us an issue or a pull request. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code blocks within a list item should be indented 4 spaces.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This applies to all code blocks inside this list