Self-managed Kubernetes in DigitalOcean (DO)
Big picture
This tutorial creates a self-managed Kubernetes cluster (1 Master, 2 Worker nodes) using Calico networking in DigitalOcean.
Value
Managing your own Kubernetes cluster (as opposed to using a managed-Kubernetes service like EKS), gives you the most flexibility in configuring Calico and Kubernetes. Calico combines flexible networking capabilities with "run-anywhere" security enforcement to provide a solution with native Linux kernel performance and true cloud-native scalability.
Concepts
Kubernetes Operations (kops) is a cluster management tool that handles provisioning cluster VMs and installing Kubernetes. It has built-in support for using Calico as the Kubernetes networking provider.
Kops support for DigitalOcean is currently in the early stages of development and subject to change. More information can be viewed at this link.
Before you begin...
How to
There are many ways to install and manage Kubernetes in DO. Using Kubernetes Operations (kops) is a good default choice for most people, as it gives you access to all of Calico’s flexible and powerful networking features. However, there are other options that may work better for your environment.
The geeky details of what you get:
| Policy | IPAM | CNI | Overlay | Routing | Datastore |
|---|---|---|---|---|---|
Generate your DigitalOcean API token
An API token is needed by kops for the CRUD (Create, Read, Update and Delete) operations necessary for resources in your DigitalOcean account. Use this link to generate your API token and then export it as an environment variable.
export DIGITALOCEAN_ACCESS_TOKEN=<API_ACCESS_TOKEN>
Create an object storage
DigitalOcean provides an S3 compatible storage API that Kops uses object storage to save your cluster status. You should create a Space using this link and export it.
export KOPS_STATE_STORE=do://<your-space-name>
export S3_ENDPOINT=<ENDPOINT>
Using FQDN for S3_ENDPOINT causes an error.
If your Space FQDN is my-test-space.nyc3.digitaloceanspaces.com just export my-test-space as <your-space-name> .
Generate an API key for object storage
Access to object storage requires an API key. Follow this tutorial and generate your keys then export them as environment variables.
export S3_ACCESS_KEY_ID=<ACCESS_KEY_ID>
export S3_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
Enable kops alpha feature
Enable alpha feature support using KOPS_FEATURE_FLAGS environment variable.
export KOPS_FEATURE_FLAGS="AlphaAllowDO"
Create your cluster
Kops supports various options that enables you to customize your cluster the way you like.
- Add Calico to your cluster using
--networking=calico. - Kops requires an external DNS server to create a cluster, by adding
.k8s.localsuffix to--name=option you generate a gossip DNS to bypass this requirement.
You can view a complete list of options supported by kops in this link.
kops create cluster --cloud=digitalocean --name=calico-demo.k8s.local \
--networking=calico --master-zones=nyc1 --zones=nyc1 \
--master-count=1 --api-loadbalancer-type=public \
--node-size=s-1vcpu-2gb --image=ubuntu-20-04-x64 --yes
You can further customize the Calico install with options listed in the kops documentation.
Cleanup
If you wish to remove resources created by this tutorial
kops delete cluster calico-demo.k8s.local --yes
Use the DigitalOcean web UI to remove the API tokens and Space you created.
Next steps
Required
Recommended