This is a Terraform project for deploying Kubernetes on Packet with node pools of mixed architecture--x86 and ARM- devices, and pools of GPU devices, via the node_pool and gpu_node_pool modules for managing Kubernetes nodes.
This project configures your cluster with:
- MetalLB using Packet elastic IPs.
- Packet CSI storage driver.
The only required variables are auth_token (your Packet API key), count_x86 (the number of x86 devices), and count_arm (ARM devices).
Other options include secrets_encryption ("yes" configures your controller with encryption for secrets--this is disabled by default), and fields like facility (the Packet location to deploy to) and plan_x86 or plan_arm (to determine the server type of these architectures) can be specified as well. Refer to vars.tf for a complete catalog of tunable options.
Tokens for cluster authentication for your node pools to your control plane must be created before instantiating the other modules:
module "kube_token_1" {
source = "./modules/kube-token"
}
This is not enabled by default, however, setting control_plane_node_count to any non-0 value will provision a stacked control plane node and join the cluster as a master. This requires ssh_private_key_path be set in order to complete setup; this is used only locally to distribute certificates.
Instantiating a new controller pool just requires a new instance of the controller_pool module:
module "controller_pool_primary" {
source = "./modules/controller_pool"
kube_token = module.kube_token_1.token
kubernetes_version = var.kubernetes_version
count_x86 = var.count_x86
count_gpu = var.count_gpu
plan_primary = var.plan_primary
facility = var.facility
cluster_name = var.cluster_name
kubernetes_lb_block = packet_reserved_ip_block.kubernetes.cidr_notation
project_id = var.project_id
auth_token = var.auth_token
secrets_encryption = var.secrets_encryption
configure_ingress = var.configure_ingress
ceph = var.ceph
configure_network = var.configure_network
skip_workloads = var.skip_workloads
network = var.network
control_plane_node_count = var.control_plane_node_count
ssh_private_key_path = var.ssh_private_key_path
}
To instantiate a new node pool after initial spinup, in 3-kube-node.tf1, define a pool using the node pool module like this:
module "node_pool_green" {
source = "modules/node_pool"
kube_token = module.kube_token_2.token
kubernetes_version = var.kubernetes_version
pool_label = "green"
count_x86 = var.count_x86
count_arm = var.count_arm
plan_x86 = var.plan_x86
plan_arm = var.plan_arm
facility = var.facility
cluster_name = var.cluster_name
controller_address = packet_device.k8s_primary.network.0.address
project_id = packet_project.kubernetes_multiarch.id
}where the label is green (rather than the initial pool, blue) and then, generate a new kube_token (ensure the module name matches the kube_token field in the spec above, i.e. kube_token_2) by defining this in 1-provider.tf (or anywhere before the node_pool instantiation):
module "kube_token_2" {
source = "modules/kube-token"
}Generate your new token:
terraform apply -target=module.kube_token_2
On your controller, add your new token, and then apply the new node pool:
terraform apply -target=module.node_pool_green
At which point, you can either destroy the old pool, or taint/evict pods, etc. once this new pool connects.
The gpu_node_pool module provisions and configures GPU nodes for use with your Kubernetes cluster. The module definition requires count_gpu (defaults to "0"), and plan_gpu (defaults to g2.large):
module "node_pool_gpu_green" {
source = "./modules/gpu_node_pool"
kube_token = module.kube_token_1.token
kubernetes_version = var.kubernetes_version
pool_label = "gpu_green"
count_gpu = var.count_gpu
plan_gpu = var.plan_gpu
facility = var.facility
cluster_name = var.cluster_name
controller_address = packet_device.k8s_primary.network.0.address
project_id = var.project_id
}and upon applying your GPU pool:
terraform apply -target=module.node_pool_gpu_greenyou can manage this pool discretely from your mixed-architecture pools created with the node_pool module above.