- OpenTofu
- Yandex Cloud CLI
- jq
- MacOS:
- Quick:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash - Brew:
brew install yandex-cloud-cli
- Quick:
- Linux:
- Quick:
curl -sSL https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash - Other: Seek your distro repos!
- Quick:
See: https://yandex.cloud/en-ru/docs/cli/quickstart#install
- Init yc profile with your account:
yc init
-
Now, Inside Yandex Cloud Console go ahead and find service account
terraform-deploywith following permissions:vpc.admin,compute.admin,load-balancer.admin. -
Create authorized key for your service account.
yc iam key create \
--service-account-id <service_account_ID> \
--description "<nickname>" \
--output key.json
-
Create CLI profile to run operations on behalf of the service account:
yc config profile create <profile_name> -
Set the profile configuration:
yc config set service-account-key key.json
yc config set cloud-id <cloud_ID>
yc config set folder-id <folder_ID>
- Export credentials to your environment:
source ./env_prepare.sh
Warning
Tokens are alive for only 12 Hours!
- Clone current repo
- Run
tofu initto initialize yandex provider
Warning
VPN Needed, otherwise use Yandex Mirror
Create .tofurc file with following code:
provider_installation {
network_mirror {
url = "https://terraform-mirror.yandexcloud.net/"
include = ["registry.opentofu.org/*/*"]
}
direct {
exclude = ["registry.opentofu.org/*/*"]
}
}- Test your terraform configuration with
tofu plan - Apply your configuration to yandex cloud:
tofu apply - Destroy everything in the cloud:
tofu destroy
- switch in terraform configuration
yandex_compute_placement_grouptoyandex_compute_instance_group - write ansible playbooks to deploy kubernetes cluster via kubespray
- switch port in healthchecks to k8s cluster's port
- add alerts? monitoring?