Use Terraform to stand up etcd and Portworx on CoreOS on Packet. Here is the Terraporx Repository Use these scripts to quickly/easily get a 5-node cluster up in 10 minutes
Reference this Kubernetes on CoreOS Guide
Since this cluster is based on CoreOS, the etcd cluster comes pre-configured.
Follow the CoreOS Guide
for generating Cluster Root CA, API Server Keypair, and Cluster Administrator Keypair
For generating worker keyparis, here's a script to help with the iteration
#!/usr/bin/env python
import os
worker_fqdn = [ "kube-worker-1","kube-worker-2","kube-worker-3","kube-worker-4"]
worker_ip = [ "10.100.48.5","10.100.48.1","10.100.48.9","10.100.48.3"]
for (fqdn,ip) in zip(worker_fqdn, worker_ip):
os.system ("openssl genrsa -out ${WORKER_FQDN}-worker-key.pem 2048")
os.system ("WORKER_IP=%s openssl req -new -key %s-worker-key.pem -out %s-worker.csr -subj \"/CN=%s\" -config worker-openssl.cnf" %
(ip, fqdn, fqdn, fqdn))```Before doing this, make sure your .pub key is in the master root/.ssh/authorized_keys
#!/bin/bash
MASTER_IP=X.X.X.X
ssh root@${MASTER_IP} "sudo mkdir -p /etc/kubernetes/ssl"
scp ca.pem root@${MASTER_IP}:/etc/kubernetes/ssl/ca.pem
scp apiserver.pem root@${MASTER_IP}:/etc/kubernetes/ssl/apiserver.pem
scp apiserver-key.pem root@${MASTER_IP}:/etc/kubernetes/ssl/apiserver-key.pem
ssh root@${MASTER_IP} "chmod 600 /etc/kubernetes/ssl/*-key.pem"
ssh root@${MASTER_IP} "chown root:root /etc/kubernetes/ssl/*-key.pem"(TODO: Finish, or find Ansible/CoreOS)