Kubernetes the Hard Way 001

This part will show how to set up K8S tools on your local machine, set up the Google Console prerequisites and try out a simple Terraform deployment to make sure everything works.

Install tools

cfssljson and cfssl Why? To provision a PKI Infrastructure and generate TLS certificates

curl -o cfssljson https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssljson
curl -o cfssl https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/darwin/cfssl
chmod +x cfssljson cfssl
sudo mv cfssljson cfssl /usr/local/bin/

Set up a project

⒈ Create a new project in cloud console

⒉ Initialize the gcloud with this project

⒊ Set up terraform provider

⒊⒈ Find the current project name

gcloud projects list
 
image-20191029134116402.png
 

⒊⒉ Configure the provider with zone, project name and credentials file

provider "google" {
  credentials = "${file("account.json")}"
  project     = "hardcorek8s"
  region      = "us-west1"
}

⒊⒊ Add account.json to .gitignore

echo "*account.json*" >> .gitignore

⒊⒋ Go to Google cloud console and create a new service account key.

 
image-20191029134713072.png
 

a) Select New service account type
b) Give this key a descriptive name (here it matches the project name)
c) Set the account role. Here it's Owner because we will be using Terraform to manage the infrastructure
d) Key type » JSON
e) Click Create button to finish generating a new key
 
image-20191029134959179.png
 

f) Save the file to your project directory
 
image-20191029135511164.png
 

k) Click Finish to complete adding a service account key
 
image-20191029135558259.png
 

⒊⒌ Initialize Terraform by running terraform init inside the project directory

 
image-20191029135838334.png
 

Before you can create anything in a green field project in GCE, you need to enable the compute api.
Go to https://console.developers.google.com/apis/api/compute.googleapis.com/overview?project=xxxxxxxxx where xxxxxxxxx is the ID of your project.

 
image-20191029145542444.png
 

Wait untill you confirm that the Compute API is enabled.
 
image-20191029150147895.png
 

If this is the first project in a new account, you will need to create a billing account to proceed.

Create VPC Network, Subnet and Firewall

Resource creation sequence:

⒈ VPC Network ⒈⒈ Subnet ⒈⒉ Firewall

This tree shows which of the resources depends on which in the overall configuration

 
image-20191030171440305.png
 

Run terraform with prepared template files. This action will create a VPC Network, associate it with a /24 subnet ant attach a simple firewall ruleset to it.

 
image-20191029153058076.png
 

VPC Network and Subnet

 
image-20191029151331681.png
 

Firewall rules

 
image-20191029151547791.png
 

In the next part we will add an external IP address for load balancing and several instances for control/worker nodes.

November 11, 2019   (v.b6b8c00)