Kubernetes on Digital Ocean with encrypted VPN service mesh with kubicorn

Kubernetes on Digital Ocean with encrypted VPN service mesh with kubicorn

Follow @kris-nova

What are we creating?

  • Kubernetes v1.7.3
  • Private Networking in Digital Ocean
  • Encrypted VPN mesh for droplets
  • Ubuntu Droplets

So at Gophercon I released my latest project kubicorn.

As I go along I want to publish a set of use cases as examples. This helps me exercise kubicorn and understand my assumptions. It would be really cool if others could step in and use these cases to improve the system.

7 Node Cluster in Digital Ocean

Creating your cluster

So the deployment process is pretty straight forward. The first thing you need to do is grab a copy of `kubicorn v0.0.003`.

$ go get github.com/kris-nova/kubicorn

Verify kubicorn is working, and you are running the right version.

$ kubicorn --fab

Also you will need a Digital Ocean access key. You can use this guide to help you create one. Then just export the key as an environmental variable.

$ export DIGITALOCEAN_ACCESS_TOKEN=***************************************** 

The project offers a starting point for a digital ocean cluster called a profile. Go ahead and create one on your local filesystem.

$ kubicorn create dofuckyeah --profile do

Feel free to take a look at the newly created representation of the cluster and tweak it to your liking. Here is what mine looks like

For my cluster all I did was change the maxCount from 3 to 7 for my node serverPool.

When you are happy with your config, go ahead and apply the changes!

$ kubicorn apply dofuckyeah -v 4

Then check out your new cluster and wait for your nodes to come to life!

$ kubectl get no
kubectl get nodes

What we created

We created 8 droplets, all running Ubuntu 16.04

The master droplet uses a fantastic tool called meshbird to create an encrypted private VPN service mesh on Digital Ocean private networking.

Each of the droplets get a new virtual NIC called tun0 that allows each of the droplets to route on a private VPN.

The nodes register against the master via the newly created virtual NIC.

The master API is advertised on the public IP of the master droplet.

You can checkout the bootstrap script for the master here, and for the nodes here.

And thanks to kubeadm

Poof. Kubernetes.

Want to learn more?

Check out the kubicorn project on GitHub!

Follow @kubicornk8s on Twitter to get up to the second updates!

Join us in #kubicorn in the official Gopher’s slack!


Follow @kris-nova