init k8s guide

2023-08-19 19:48:27 +02:00
parent 5c84f86626
commit d8eb25aaa3
2 changed files with 55 additions and 9 deletions
--- a/content/posts/11-build-your-own-kubernetes-cluster-part-2/index.md
+++ b/content/posts/11-build-your-own-kubernetes-cluster-part-2/index.md
@ -117,9 +117,7 @@ terraform {
    }
  }

-  backend "local" {
-    path = "terraform.tfstate"
-  }
+  backend "local" {}
 }

 variable "hcloud_token" {
@ -228,9 +226,7 @@ Get a complete description of the above file [here](https://github.com/okami101/
 {{< tab tabName="State" >}}

 ```tf
-backend "local" {
-  path = "terraform.tfstate"
-}
+backend "local" {}
 ```

 I'm using a local backend for simplicity, but for teams sharing, you may use more appropriate backend, like S3 or Terraform Cloud (the most secured with encryption at REST, versioning and centralized locking).
--- a/content/posts/12-build-your-own-kubernetes-cluster-part-3/index.md
+++ b/content/posts/12-build-your-own-kubernetes-cluster-part-3/index.md
@ -12,10 +12,60 @@ Be free from AWS/Azure/GCP by building a production grade On-Premise Kubernetes

 This is the **Part III** of more global topic tutorial. [Back to first part]({{< ref "/posts/10-build-your-own-kubernetes-cluster" >}}) for intro.

-## Automatic upgrades
+## Kubernetes cluster initialization with Terraform

-* OS reboot
-* K3s upgrade
+For this part let's create a new Terraform project that will be dedicated to Kubernetes infrastructure provisioning. Start from scratch with a new empty folder and the following `main.tf` file then `terraform init`.
+
+{{< highlight file="main.tf" >}}
+
+```tf
+terraform {
+  backend "local" {}
+}
+```
+
+{{</ highlight >}}
+
+Let's begin with automatic upgrades management.
+
+### Automatic reboot
+
+When OS kernel is upgraded, the system needs to be rebooted to apply it. This is a critical operation for a Kubernetes cluster as can cause downtime. To avoid this, we'll use [kured](https://github.com/kubereboot/kured) that will take care of cordon & drains before rebooting nodes one by one.
+
+{{< highlight file="reboot.tf" >}}
+
+```tf
+resource "helm_release" "kubereboot" {
+  chart      = "kured"
+  version    = "5.1.0"
+  repository = "https://kubereboot.github.io/charts"
+
+  name = "kured"
+
+  set {
+    name  = "configuration.period"
+    value = "1m"
+  }
+
+  set {
+    name  = "tolerations[0].effect"
+    value = "NoSchedule"
+  }
+
+  set {
+    name  = "tolerations[0].operator"
+    value = "Exists"
+  }
+}
+```
+
+{{</ highlight >}}
+
+After applying this, you can check that the daemonset is running on all nodes with `kg ds`.
+
+### Automatic K3s upgrade
+
+kubectl apply -k github.com/rancher/system-upgrade-controller

 ## HTTP access