Merge pull request #79 from ovh/mks-private-network-tf

Deploy a MKS inside a private network (vRack and attachment included)
ovh · Sep 20, 2024 · 7cbd31e · 7cbd31e
2 parents 4e6c258 + 71e795d
commit 7cbd31e
Show file tree

Hide file tree

Showing 4 changed files with 188 additions and 0 deletions.
diff --git a/...orchestration/managed-kubernetes/create-cluster-in-private-network-tf/README.md b/...orchestration/managed-kubernetes/create-cluster-in-private-network-tf/README.md
@@ -0,0 +1,74 @@
+## Create a MKS cluster with Terraform
+
+This OVHcloud Public Cloud examples deploys:
+
+- a vRack (if needed)
+- attach the vRack to your Public Cloud project (if needed)
+- a private network
+- a subnet
+- a MKS cluster
+- with a node pool
+
+Deploying a MKS cluster inside a private network allows you to use the new Public Cloud Load Balander.
+
+### General information
+ - 🔗 [Using Terraform with OVHcloud](https://help.ovhcloud.com/csm/fr-terraform-at-ovhcloud?id=kb_article_view&sysparm_article=KB0054776)
+ - 🔗 [Creating a cluster through Terraform](https://help.ovhcloud.com/csm/fr-public-cloud-kubernetes-create-cluster-with-terraform?id=kb_article_view&sysparm_article=KB0054966)
+ - 🔗 [How to use Terraform](https://help.ovhcloud.com/csm/en-gb-public-cloud-compute-terraform?id=kb_article_view&sysparm_article=KB0050787)
+ - 🔗 [ovh_cloud_project_kube](https://registry.terraform.io/providers/ovh/ovh/latest/docs/resources/cloud_project_kube)
+ - 🔗 [OVH token generation page](https://www.ovh.com/auth/api/createToken?GET=/*&POST=/*&PUT=/*&DELETE=/*)
+
+### Set up
+  - Install the [Terraform CLI](https://www.terraform.io/downloads.html)
+  - Get the credentials from the OVHCloud Public Cloud project:
+    - `application_key`
+    - `application_secret`
+    - `consumer_key`
+  - Get the `service_name` (Public Cloud project ID)
+  - Install the kubectl CLI
+
+### Demo
+  - set the environment variables `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` and `OVH_CLOUD_PROJECT_SERVICE`
+
+```bash
+# OVHcloud provider needed keys
+export OVH_ENDPOINT="ovh-eu"
+export OVH_APPLICATION_KEY="xxx"
+export OVH_APPLICATION_SECRET="xxx"
+export OVH_CONSUMER_KEY="xxx"
+export OVH_CLOUD_PROJECT_SERVICE="xxx"
+```
+  - use the [my-ovh_kube_cluster.tf](ovh_kube_cluster_private.tf) file to define the resources to create
+  - run the `terraform init` command
+  - run the `terraform plan` command
+  - run the `terraform apply` command (~ 10 mins)
+  - get the `kubeconfig` value:
+
+`terraform output -raw kubeconfig > /Users/<your-user>/.kube/my_kube_cluster_private.yml`
+
+  - save the path of kubeconfig in an environment variable (for later ^^)
+
+```bash
+export KUBE_CLUSTER=/Users/<your-user>/.kube/my_kube_cluster_private.yml
+```
+
+  - test the connexion to the Kubernetes:
+
+`kubectl --kubeconfig=$KUBE_CLUSTER cluster-info`
+
+  - list the node pool configuration:
+
+`kubectl --kubeconfig=$KUBE_CLUSTER get np`
+
+  - list the nodes:
+
+`kubectl --kubeconfig=$KUBE_CLUSTER get no`
+
+### Destroy
+
+  - destroy the cluster: `terraform destroy`
+
+
+### After the demo
+
+  - if needed delete the token with https://api.ovh.com/console-preview/?section=%2Fme&branch=v1#delete-/me/api/credential/-credentialId-
diff --git a/...ation/managed-kubernetes/create-cluster-in-private-network-tf/ovh_kube_cluster_private.tf b/...ation/managed-kubernetes/create-cluster-in-private-network-tf/ovh_kube_cluster_private.tf
@@ -0,0 +1,96 @@
+# Deploy a Kubernetes cluster that have all the needed requirements for new Public Cloud Load Balancer
+
+# 0. Create a vRack (comment this part if you have an existing one)
+
+# data "ovh_me" "myaccount" {}
+
+# data "ovh_order_cart" "mycart" {
+#   ovh_subsidiary = data.ovh_me.myaccount.ovh_subsidiary
+# }
+
+# data "ovh_order_cart_product_plan" "vrack" {
+#  cart_id        = data.ovh_order_cart.mycart.id
+#  price_capacity = "renew"
+#  product        = "vrack"
+#  plan_code      = "vrack"
+# }
+
+# resource "ovh_vrack" "vrack" {
+#  ovh_subsidiary = data.ovh_order_cart.mycart.ovh_subsidiary
+#  name          = "my-vrack"
+#  description   = "my vrack"
+
+#  plan {
+#    duration     = data.ovh_order_cart_product_plan.vrack.selected_price.0.duration
+#    plan_code    = data.ovh_order_cart_product_plan.vrack.plan_code
+#    pricing_mode = data.ovh_order_cart_product_plan.vrack.selected_price.0.pricing_mode
+#  }
+# }
+
+# 1. Attach your vRack to your Public Cloud project (comment this part if your vRack is already attached to your Public Cloud project)
+
+# resource "ovh_vrack_cloudproject" "attach" {
+#   service_name = ovh_vrack.vrack.id
+# 	project_id   = var.service_name
+# }
+
+# 2. Create a private network
+resource "ovh_cloud_project_network_private" "network" {
+  service_name = var.service_name
+  vlan_id    = 666 # the VLAN ID is unique
+  name       = "mks_gra11_private_network"
+  regions    = ["GRA11"]
+}
+
+# And a subnet
+resource "ovh_cloud_project_network_private_subnet" "networksubnet" {
+  service_name = ovh_cloud_project_network_private.network.service_name
+  network_id   = ovh_cloud_project_network_private.network.id
+
+  # whatever region, for test purpose
+  region     = "GRA11"
+  start      = "192.168.168.100"
+  end        = "192.168.168.200"
+  network    = "192.168.168.0/24"
+  dhcp       = true
+  no_gateway = false
+
+  depends_on   = [ovh_cloud_project_network_private.network]
+}
+
+output "openstackID" {
+  value = one(ovh_cloud_project_network_private.network.regions_attributes[*].openstackid)
+}
+
+# 3. Create a MKS in the private network attached to a vRack
+
+resource "ovh_cloud_project_kube" "mycluster" {
+  service_name  = var.service_name
+  name          = "my-kube-gra"
+  region        = "GRA11"
+
+  private_network_id = tolist(ovh_cloud_project_network_private.network.regions_attributes[*].openstackid)[0]
+
+  private_network_configuration {
+      default_vrack_gateway              = ""
+      private_network_routing_as_default = false
+  }
+
+  depends_on = [ovh_cloud_project_network_private_subnet.networksubnet]
+}
+
+output "kubeconfig" {
+  value = ovh_cloud_project_kube.mycluster.kubeconfig
+  sensitive = true
+}
+
+# 4. Create a node pool for the MKS cluster
+resource "ovh_cloud_project_kube_nodepool" "node_pool" {
+  service_name  = var.service_name
+  kube_id       = ovh_cloud_project_kube.mycluster.id
+  name          = "my-pool-1" //Warning: "_" char is not allowed!
+  flavor_name   = "b3-8" // Warning: B3 compute instances are not available in all the regions
+  desired_nodes = 1
+  max_nodes     = 1
+  min_nodes     = 1
+}
diff --git a/containers-orchestration/managed-kubernetes/create-cluster-in-private-network-tf/provider.tf b/containers-orchestration/managed-kubernetes/create-cluster-in-private-network-tf/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    ovh = {
+      source  = "ovh/ovh"
+    }
+  }
+}
+
+provider "ovh" {
+  endpoint           = "ovh-eu" # change the endpoint if you are not in europe: ovh-us, ovh-ca
+  application_key    = "<your_access_key>"
+  application_secret = "<your_application_secret>"
+  consumer_key       = "<your_consumer_key>"
+}
diff --git a/...ainers-orchestration/managed-kubernetes/create-cluster-in-private-network-tf/variables.tf b/...ainers-orchestration/managed-kubernetes/create-cluster-in-private-network-tf/variables.tf
@@ -0,0 +1,4 @@
+variable service_name {
+  type        = string
+  default     = "<your_service_name>"
+}