How to deploy a Linode instance with Kubernetes using Terraform Part 3 [Final]
Greetings and welcome to the concluding segment of our Kubernetes configuration guide on Linode! In this third and final part, we'll be covering the remaining aspects of the configuration, which should be relatively quick since the code is largely identical to what we covered in Parts 1 and 2. That being said, there are some minor alterations to the name that we'll go over.
Previous Posts:
To begin, we will duplicate the main.tf file and name the copy workernode.tf. While it's possible to keep both configurations in the same file, doing so can make it difficult to read and maintain, so we'll use separate files for each configuration.
I will briefly go over each resource that has been changed. We cannot use the same name for resources so I've added a "2" at the end for simplicity.
Modify the workernode.tf file
- resource "tls_private_key" "ssh" - renamed to ssh2
- resource "local_file" "private_key" - renamed to private_key2
- resource "linode_instance" "master" - renamed to worker
- Amend command "sudo hostnamectl set-hostname kubernetes-master" to kubernetes-worker
- Add command "sudo sysctl net.bridge.bridge-nf-call-iptables=1" - This enables packet filtering and manipulation for network bridging. This allows nodes to see each other and I believe it is required in flannel for it to communicate.
Apply the configuration using the below command to create the second Linode instance.
terraform apply -var-file="terraform.tfvars"
Connect worker node to Control Pane
For the next part, we'll need to connect the worker node to the control plane(master). I have created a variable for the token but for some reason, it didn't want to connect so I used the below command to create another one within the master node. It'll do for now until I figure it out.
- Log into the master node
- Type in the below command. It should print out a token and the command. Copy it.
sudo kubeadm token create --print-join-command
3. Now SSH into the worker node instance and enter the command you just copied.
It should look like the output below:
4. Now log back into the master node and verify the node has been added. It may take a minute or so for the status to update
Congratulations, we now have a fully working Kubernetes cluster. This consists of:
- 1 Control Pane
- 1 Worker Node
- Network config
To improve performance, you should use more than one worker node/master node. You can create nodes by either making a new file or using a loop that avoids code repetition.
The full code for the worker node is as follows:
resource "tls_private_key" "ssh2" {
algorithm = "RSA"
rsa_bits = "4096"
}
resource "local_file" "private_key2" {
content = tls_private_key.ssh.private_key_pem
filename = "linode.pem"
file_permission = "0600"
}
resource "linode_instance" "worker" {
image = "linode/ubuntu20.04"
label = "k8s-worker"
region = var.region
type = var.linode_type
root_pass = var.root_password
authorized_keys = [chomp(tls_private_key.ssh.public_key_openssh)]
provisioner "remote-exec" {
connection {
type = "ssh"
user = "root"
host = linode_instance.worker.ip_address
private_key = tls_private_key.ssh.private_key_pem
}
inline = [
"sudo apt-get update",
"sudo apt-get install -y docker.io", # Install Docker
"sudo apt-get update && apt-get install -y apt-transport-https curl",
"sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add",
"echo \"deb https://apt.kubernetes.io/ kubernetes-xenial main\" >> ~/kubernetes.list",
"sudo mv ~/kubernetes.list /etc/apt/sources.list.d",
"sudo apt-get install ca-certificates gnupg lsb-release -y", #Set up Repository. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
"sudo mkdir -m 0755 -p /etc/apt/keyrings", #1. Add Docker’s official GPG key:
"sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg", #2. Add Docker’s official GPG key:
"echo deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
"sudo apt remove containerd -y", # Remove the old containerd
"sudo apt update",
"sudo apt install containerd.io -y", #install new containerd
"sudo rm /etc/containerd/config.toml", #Remove the installed config file
"sudo systemctl restart containerd", #restart container
"sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg", #Fix issue with public key
"sudo add-apt-repository -s 'deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable'",
"sudo apt-get install docker-ce docker-ce-cli containerd.io -y",
"sudo apt-get update",
"sudo apt-get install -y kubelet kubeadm kubectl",
"sudo swapoff -a", #Kubernetes does not like swap https://www.edureka.co/blog/install-kubernetes-on-ubuntu
#Post Config
"sudo hostnamectl set-hostname kubernetes-worker",
#Firewall Rules
"sudo ufw allow 6443",
"sudo ufw allow 6443/tcp",
#Ip Tables
"sudo sysctl net.bridge.bridge-nf-call-iptables=1",
# #Container Network installation
# "kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml",
]
}
}
output "kubeadm_join_command2" {
value = join("\n", [
"sudo kubeadm join",
linode_instance.worker.ip_address,
"--token ${var.kubeadm_token}",
"--discovery-token-unsafe-skip-ca-verification",
])
}
output "nanode_ip2" {
value = linode_instance.worker.ip_address
}
Now again, once you have finished or no longer need the Linode instances, use the below command to destroy it. This will destroy all Linode instances that you have applied.
terraform destroy -var-file="terraform.tfvars"
Your feedback, thoughts, and opinions are highly appreciated and valued. I always welcome any comments or suggestions that you think can be improved.
Found this article useful? Why not buy Phi a coffee to show your appreciation.