pulumi-k8s-oracle

Provisioning of a Kubernetes cluster on Oracle Cloud FreeTier

Manage the cluster using: https://github.com/notdodo/pulumi-k8s

Usage

Requirements

Pulumi installed on your system
Pipenv installed on your system
An Oracle Cloud account with the correct permissions to create resources
1. Also configure Pulumi with the required secret for Oracle
A Cloudflare account with a DNS zone API token

Provisioning

The project will setup a single instance with the maximum of specs allowed by the Oracle FreeTier; if you have more accounts or want to create a multinode cluster configure the other Oracle accounts in your machine and edit accordingly the Pulumi.yaml file.

General

Edit the file Pulumi.yaml with the correct information about your instance specifications, network, and domain
Create at least 2 pair of Wireguard private and public key to setup the site-to-site tunnel between nodes (required since we are using at least two different Oracle account)
The cluster will not bind to the external/public IP address so another pair of Wireguard keys is required to access the API server from you machine.

To connect to the cluster using your device setup a Wireguard configuration:

[Interface]
Address = 10.0.10.100/32
PrivateKey = <yourMachineWireguardPrivateKey>

[Peer]
AllowedIPs = 10.0.10.0/24,10.0.100.0/24
Endpoint = <yourPublicDomainOrIp>:51000
PersistentKeepAlive = 25
PublicKey = <masterNodeWireguardPublicKey>

Master node

Select the stack and the configuration for the master pulumi stack select master
Edit the file Pulumi.master.yaml with the correct information about your Oracle tenant, names and paths
If you want to customize the Kubernetes setup edit the file cloud-init-master.yaml on the section about the Yaml file for kubeadm
Run pulumi up and wait for the deployment (N.B.: the network security group allows only ingress for SSH and Wireguard ports; if this is not ideal for you change it as you wish)
Now you can SSH into the machine to fetch the kubeconfig file from /etc/kubernetes/admin.conf using the SSH keys generate during the pulumi up command

Worker nodes

Select the stack and the configuration for the worker node pulumi stack select worker
Edit the file Pulumi.worker.yaml with the correct information about your Oracle tenant, names and paths
If you want to customize the instance setup editi the file cloud-init-worker.yaml
Run pulumi up and wait for the deployment

One-liner

pulumi stack select master; pulumi down -f; pulumi up -f; sleep 400; pulumi stack select worker; pulumi down -f; pulumi up -f; ssh -i ssh_priv.key ubuntu@<yourPublicDomainOrIp> 'sudo cat /etc/kubernetes/admin.conf'

Troubleshooting

You can SSH into the nodes using the ssh_priv.key generated during the provisioning
Check the status of the WireGuard VPN sites
Check the logs in /var/log/cloud-init-output.log
Use k9s to debug Kubernetes issues
Restart the Wireguard VPN
Check the network routes on all machines with ip route
Check the dmesg output

Name		Name	Last commit message	Last commit date
Latest commit History 244 Commits
.github		.github
resources		resources
.flake8		.flake8
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
Pulumi.k8s.production.yaml		Pulumi.k8s.production.yaml
Pulumi.yaml		Pulumi.yaml
README.md		README.md
__main__.py		__main__.py
cloud-init-bootstrap_node.yaml		cloud-init-bootstrap_node.yaml
cloud-init-master.yaml		cloud-init-master.yaml
cloud-init-worker.yaml		cloud-init-worker.yaml
schema.py		schema.py
wireguard.py		wireguard.py

notdodo/pulumi-k8s-oracle

Folders and files

Latest commit

History

Repository files navigation

pulumi-k8s-oracle

Usage

Requirements

Provisioning

General

Master node

Worker nodes

One-liner

Troubleshooting

About

Topics

Resources

Stars

Watchers

Forks

Languages