Initial commit: k8s on Scaleway

README.md

@@ -0,0 +1,42 @@
+# Kubernetes on Scaleway
+
+**warning**  
+this is just an example on how to setup a K8s cluster on @Scaleway via terraform.
+It's not secured in any way and shouldn't been used in production! 
+
+**inspiration**  
+Joe Beda outlined this approach in a [PR](https://github.com/upmc-enterprises/kubeadm-aws/issues/1).
+I stumbled over this on twitter by a tweet from [Steve Sloka](https://twitter.com/stevesloka/status/780936473725972481)
+
+## Setup
+
+Setting up the K8s cluster requires a recent version of terraform (0.7.7 +)
+Besides terraform you need a Scaleway account and export `SCALEWAY_ACCESS_KEY` and `SCALEWAY_ORGANIZATION` to your ENV.
+
+```
+$ k8stoken=$(python -c 'import random; print "%0x.%0x" % (random.SystemRandom().getrandbits(3*8), random.SystemRandom().getrandbits(8*8))')
+$ terraform plan -var 'k8stoken=$k8stoken'
+$ terraform apply -var 'k8stoken=$k8stoken'
+```
+
+Terraform will take ~10 minutes to finish. The setup includes the kubernetes-dashboard.
+You can access it like this:
+
+```
+$ ssh -L 8080:localhost:8080 root@<master_ip>
+$ kubectl proxy
+```
+
+Now open `http://localhost:8001/ui` inside your browser.
+
+## Details
+
+Terraform will setup a three node kubernetes cluster, consisting of one master and
+two workers. All nodes will be `VC1S` instance types, without additional storage.
+
+## TODOs
+
+- [ ] firewall rules to somehow secure this setup
+- [ ] mixed setup of public & private nodes
+- [ ] logging
+- [ ] metric aggregation

main.tf

@@ -0,0 +1,93 @@
+provider "scaleway" {}
+
+variable "k8stoken" {}
+
+# https://github.com/docker/docker/issues/22305
+# kernel 4.5.0 - 4.5.1 don't work well with docker
+data "scaleway_bootscript" "docker" {
+  architecture = "x86_64"
+  name_filter = "4.8.3 docker #1"
+}
+
+data "scaleway_image" "xenial" {
+  architecture = "x86_64"
+  name         = "Ubuntu Xenial"
+}
+
+data "template_file" "master-userdata" {
+  template = "${file("templates/master.sh")}"
+
+  vars {
+    k8stoken = "${var.k8stoken}"
+  }
+}
+
+resource "scaleway_server" "k8s-master" {
+  type                = "VC1S"
+  name                = "k8s-master"
+  dynamic_ip_required = true
+  bootscript          = "${data.scaleway_bootscript.docker.id}"
+  image               = "${data.scaleway_image.xenial.id}"
+
+  connection {
+    type         = "ssh"
+    user         = "root"
+    host         = "${self.public_ip}"
+  }
+
+  provisioner "file" {
+    content     = "${data.template_file.master-userdata.rendered}"
+    destination = "/tmp/master.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo chmod +x /tmp/master.sh",
+      "sudo /tmp/master.sh",
+    ]
+  }
+
+  tags = ["k8s-master"]
+}
+
+data "template_file" "worker-userdata" {
+  template = "${file("templates/worker.sh")}"
+
+  vars {
+    k8stoken = "${var.k8stoken}"
+    masterIP = "${scaleway_server.k8s-master.private_ip}"
+  }
+}
+
+resource "scaleway_server" "k8s-worker" {
+  type                = "VC1S"
+  name                = "k8s-worker-${count.index+1}"
+  dynamic_ip_required = true
+  bootscript          = "${data.scaleway_bootscript.docker.id}"
+  image               = "${data.scaleway_image.xenial.id}"
+  count               = 2
+
+  connection {
+    type         = "ssh"
+    user         = "root"
+    host         = "${self.public_ip}"
+  }
+
+  provisioner "file" {
+    content     = "${data.template_file.worker-userdata.rendered}"
+    destination = "/tmp/worker.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo chmod +x /tmp/worker.sh",
+      "sudo /tmp/worker.sh",
+    ]
+  }
+
+  tags = ["k8s-worker-${count.index}"]
+}
+
+output "master_ip" {
+  value = "${scaleway_server.k8s-master.public_ip}"
+}

templates/master.sh

@@ -0,0 +1,19 @@
+#!/bin/bash -v
+
+apt-get install -y apt-transport-https
+
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+apt-get update
+apt-get install -y kubelet kubeadm kubectl kubernetes-cni
+curl -sSL https://get.docker.com/ | sh
+systemctl start docker
+
+kubeadm init --token=${k8stoken}
+
+kubectl apply -f https://git.io/weave-kube
+
+# see http://kubernetes.io/docs/user-guide/ui/
+kubectl create -f https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml

templates/worker.sh

@@ -0,0 +1,14 @@
+#!/bin/bash -v
+
+apt-get install -y apt-transport-https
+
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+apt-get update
+apt-get install -y kubelet kubeadm kubectl kubernetes-cni
+curl -sSL https://get.docker.com/ | sh
+systemctl start docker
+
+for i in {1..50}; do kubeadm join --token=${k8stoken} ${masterIP} && break || sleep 15; done