Skip to content
Terraform to create Kubernetes clusters on multiple public cloud platforms (Aliyun, AWS, Azure, DO, GCP, OCI)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Exclude aws-iam-authenticator Jun 20, 2019
LICENSE Add link 🔗 emoji Aug 11, 2019 use latest version of terraform modules Aug 11, 2019 optimize formatting Aug 11, 2019 Initial commit of my work May 30, 2019

Terraform Kubernetes Multi-Cloud

Terraform code for creating a handful of simple managed Kubernetes clusters on multiple public cloud platforms.

Managed in this context means the master nodes (= control plane) are managed by the cloud platform provider. We only create the service, the worker nodes and the bare minimum of everything else to get a working K8s cluster.

ℹ️ This is for demonstration and/or learning purposes.

ℹ️ Please do not use this in production.

Link to my comprehensive blog post (beginner friendly):



Public Cloud Platforms

  • Alibaba Cloud "Managed Kubernetes Cluster Service" (ACK)
  • Amazon Web Services "Elastic Kubernetes Engine" (EKS)
  • Digital Ocean "Kubernetes" (DOK)
  • Google Cloud Platform "Google Kubernetes Engine" (GKE)
  • Microsoft Azure "Azure Kubernets Service" (AKS)
  • Oracle Cloud Infrastructure "Container Engine for Kubernetes" (OKE)
  • 🔜 IBM Cloud Kubernetes Service" (IKS) (when their Terraform provider is 0.12-ready)


  • Fully working K8s Clusters
  • Terraform 0.12 code
  • By default creates small node configurations (low costs!)
  • Outputs ready-to-use kubeconfig files at the end
  • 2-3 worker nodes


  • Terraform >= 0.12.x
  • You need to have an account on the cloud platforms (of course).

Terraform Inputs

Name Description Type Default Required
enable_alibaba Enable / Disable Alibaba bool false yes
enable_amazon Enable / Disable Amazon bool false yes
enable_digitalocean Enable / Disable DigitalOcean bool false yes
enable_google Enable / Disable Google bool false yes
enable_microsoft Enable / Disable Microsoft bool false yes
enable_oracle Enable / Disable Oracle bool false yes
nodes Kubernetes worker nodes (e.g. 2) number 2 no
ali_access_key Alibaba Cloud AccessKey ID string yes
ali_secret_key Alibaba Cloud Access Key Secret string yes
aws_profile AWS cli profile (e.g. default) string default yes
gcp_project GCP Project ID string yes
az_client_id Azure Service Principal appId string yes
az_client_secret Azure Service Principal password string yes
az_tenant_id Azure Service Principal tenant string yes
do_token Digital Ocean personal access (API) token string yes
oci_user_ocid OCI User OCID string yes
oci_tenancy_ocid OCI Tenancy OCID string yes
oci_fingerprint OCI SSH public key fingerprint string yes


  • Combine multiple kubeconfig files into one
  • (partly implemented): Allow K8s API access only from workstation IP
  • Fix OCI destroy dependencies
You can’t perform that action at this time.