Kubernetes Cluster with Kubeadm, Terraform, and Ansible

A project to understand the internal workings of Kubernetes by building a cluster from scratch using Kubeadm, with infrastructure provisioned by Terraform and configuration managed by Ansible.

Prerequisites

• AWS Account
• AWS CLI configured
• Terraform installed (v1.0.0+)
• Ansible installed (v2.9+)
• kubectl installed
• Domain registered in Route53
• SSH key pair named "testing" in AWS

Infrastructure Details

• VPC with public subnets
• 1 Master Node (t2.medium)
• 2 Worker Nodes (t2.small)
• CRI-O as container runtime
• Calico for networking
• Route53 A record for accessing NodePort services

Quick Start

1. Clone the repository:

git clone https://github.com/yourusername/kubernetes-cluster.git
cd kubernetes-cluster

2. Create terraform.tfvars:

aws_region = "us-east-1"
environment = "production"
ubuntu_ami = "ami-0e86e20dae9224db8"

vpc_cidr = "10.0.0.0/16"
public_subnet_cidrs = ["10.0.3.0/24", "10.0.4.0/24"]
availability_zones = ["us-east-1a", "us-east-1b"]

key_name = "testing"
master_instance_type = "t2.medium"
worker_instance_type = "t2.small"
worker_count = 2

cluster_name = "production-k8s"
dns_domain = "cluster.local"

3. Initialize and apply Terraform:

cd terraform
terraform init
terraform apply

Automation Components

Infrastructure (Terraform)

• VPC with 2 public subnets
• Security groups for Kubernetes ports
• EC2 instances
• Route53 A record (k8.yourdomain.com)

Configuration (Ansible)

Roles:

• common: Base setup for all nodes
• master: Control plane setup
• worker: Node joining
• utils: Metrics server and node labeling

Key Scripts:

• k8-setup.sh: Run on all nodes
• master-setup.sh: Run on master only

Verification Steps

1. Check nodes:

kubectl get nodes

2. Check DNS setup:

dig k8.yourdomain.com

3. Deploy test service:

kubectl create deploy nginx --image=nginx
kubectl expose deploy nginx --type=NodePort --port=80

Directory Structure

kubernetes-cluster/
├── terraform/
│   ├── main.tf
│   ├── variables.tf
│   ├── outputs.tf
│   ├── terraform.tfvars
│   └── modules/
│       ├── vpc/
│       ├── security/
│       └── instances/
└── ansible/
    ├── site.yml
    └── roles/
        ├── common/
        │   └── files/
        │       └── k8-setup.sh
        ├── master/
        │   └── files/
        │       └── master-setup.sh
        └── utils/

CRI-O and Kubernetes Versions

• CRI-O: Latest stable version
• Kubernetes: v1.31
• Calico: v3.26.0

Networking

• Pod CIDR: 192.168.0.0/16
• Service CIDR: 10.96.0.0/12
• NodePort range: 30000-32767

Common Issues

DNS Resolution

If pods can't resolve services:

# Check CoreDNS
kubectl get pods -n kube-system -l k8s-app=kube-dns

Node Join Issues

If workers can't join:

# On master
kubeadm token create --print-join-command

Cleanup

terraform destroy

Security Notes

• Nodes are in public subnets for demo purposes
• Security groups restrict access to necessary ports
• Consider bastion host for production setups

Contributing

1. Fork repository
2. Create feature branch
3. Submit pull request

Support

Open an issue if you need help!