Quickstart Tutorial
This tutorial provides a walkthrough of the KubeStrap platform. It should take ~10 minutes to get your local repo set up, and about 15 minutes for AWS or GCP to provision your infrastructure.
Getting Started
- Fork the repo here
Note: you must fork for the bootstrap to work
- Clone your forked repo to local
- From the root of your cloned repo execute
./util/dep-check.shto check for existence of KubeStrap's dependenciesFor any missing dependencies see dependencies
Going to Production in minutes
Create the Terraform backend config
- Execute one of these:
- AWS:
./util/create-s3-bucket.sh - GCP:
./util/create-gcs-bucket.sh
- AWS:
- AWS Only: Update the
profileparam inaws/backend.tf
If you have a backend config already just update <provider>/backend.tf
Create a .tfvars file
Create a .tfvars file in the aws or gcp directory and deploy the podinfo app. Replace values as necessary.
domain = "podinfo.kubestrap.it"
admin_instance_enabled = false
sops_kms_enabled = false
enable_flux_bootstrap = true
github_repo_branch = "main"
github_repo = "kubestrap"
# Replace these
github_org = "YOUR_ORG"
github_token = "YOUR_TOKEN"
cert_admin_email = "YOUR_ADMIN_EMAIL"
Need help setting up a GitHub Token?
Append this for AWS
aws_profile = "YOUR_AWS_PROFILE"
Append this for GCP
billing_account = "******-******-******"
project_id = "YOUR_PROJECT_ID"
Have your own domain? Read this
Create your Cloud Infra using Terraform
For AWS: be sure to export AWS_PROFILE or set profile in backend.tf (recommended)
From the aws or gcp directory:
terraform init && terraform apply --var-file .tfvars -auto-approve
This step can take up to 15 minutes and has successfully created your cloud infra and bootstrapped the cluster with
FluxCD. It also created .kubeconfig and (optionally) .sops.yaml
To persist changes commit and push backend.tf. Note: .tfvars is git ignored.
At this point, some of your cluster apps are broken! Fix them:
- Pull Flux's changes from the remote repo
- Execute
./cluster/manifest-aws/init.shor./cluster/manifest-gcp/init.sh
- Commit and push the patched files to the remote branch specified in
.tfvarsparametergithub_repo_branch
This only needs to be done once
Test
It will take several minutes for your cluster to boot up for the first time. Use your favorite Kubernetes client to view LoadBalancer IP provisioning, node autoscaling, and pod readiness before beginning this step. Or wait, like 5 minutes.
-
Fetch your Context and Istio Ingress Hostname
AWS
# cd aws
export CONTEXT=$(kubectl --kubeconfig .kubeconfig config get-contexts -o name)
export INGRESS_HOST=$(kubectl --kubeconfig .kubeconfig --context $CONTEXT get svc -n istio-ingress -o json | jq -r '.items.[0].status.loadBalancer.ingress[0].hostname')GCP
# cd gcp
export CONTEXT=$(kubectl --kubeconfig .kubeconfig config get-contexts -o name)
export INGRESS_HOST=$(kubectl --kubeconfig .kubeconfig --context $CONTEXT get svc -n istio-ingress -o json | jq -r '.items.[0].status.loadBalancer.ingress[0].ip') -
Curl your website!
curl -H Host:test.podinfo.kubestrap.it http://$INGRESS_HOST
If you have a registered domain, see DNS docs to set it up
Cleanup
To destroy gracefully, follow these steps
- GCP only: The only way to delete KMS keys in GCP is to delete the project. Drop the key from state to avoid error on delete
terraform state rm 'module.sops_kms[0].google_kms_crypto_key.key[0]' - Terraform Destroy
terraform destroy -var-file .tfvars -auto-approve - Delete state bucket via console or cli
Congrats!
You have successfully created your production infrastructure in minutes with KubeStrap. What's next?
- This site is the official documentation, bookmark it!
- Get involved in the KubeStrap Community
- Anything unclear or buggy in this tutorial? Please report it!
Etc.
Generating a GitHub token for FluxCD
For accessing the GitHub API, the boostrap command requires a GitHub personal access token (PAT) with administration permissions.
- See: Flux Documentation
See: Guthub How-To