FAQ

How does this compare to...?

Terraform with kubeadm run in a remote-exec?

The kubeadm provider does some things for you:

• Automatic distribution of certificates among masters.

  With kubeadm, before adding a new master to the cluster you have to

  1. ssh to one of the master machines where certificates are found
  2. upload the certificates to the API server (with a key)
  3. create the new master before the key expires (usually one hour) You have to repeat the process if you try to add another master when the key has expired.

  But all of that is managed automatically by the kubeadm provider. You just increment the count of your masters and you are done.

• Automatic management of tokens.

  So if you want to add a new node to the cluster you don't have to worry about the token you created before, when you ran kubeadm init: the provider will automatically generate a new token when the old one has expired or has been removed.

• Automatic draining of nodes, removal from etcd cluster... on node destruction. (see this issue)

  You can install a destroy-time provisioner that will drain the node from the etcd cluster. In case of masters running etcd, it will also remove the etcd instance from the etcd cluster.

In addition, having kubeadm integrated in Terraform means you can use some attributes generated by the provider in other parts of your code (ie, the certificates), and in the other direction: you can inject in the kubeadm configuration things that you created on other Terraform resources (ie, certificates, IPs, etc)