Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Terraform Kubernetes Multi-Cloud

Terraform code for creating a handful of simple managed Kubernetes clusters on multiple public cloud platforms.

Managed in this context means the master nodes (= control plane) are managed by the cloud platform provider. We only create the service, the worker nodes and the bare minimum of everything else to get a working K8s cluster.

ℹ️ This is for demonstration and/or learning purposes.

ℹ️ Please do not use this in production.

Link to my comprehensive blog post (beginner friendly):



Public Cloud Platforms

  • Alibaba Cloud "Managed Kubernetes Cluster Service" (ACK)
  • Amazon Web Services "Elastic Kubernetes Engine" (EKS)
  • Digital Ocean "Kubernetes" (DOK)
  • Google Cloud Platform "Google Kubernetes Engine" (GKE)
  • Microsoft Azure "Azure Kubernets Service" (AKS)
  • Oracle Cloud Infrastructure "Container Engine for Kubernetes" (OKE)
  • 🔜 IBM Cloud Kubernetes Service" (IKS) (when their Terraform provider is 0.12-ready)


  • Fully working K8s Clusters
  • Terraform 0.12 code
  • By default creates small node configurations (low costs!)
  • Outputs ready-to-use kubeconfig files at the end
  • 2-3 worker nodes


  • Terraform >= 0.12.x
  • You need to have an account on the cloud platforms (of course).

Terraform Inputs

Name Description Type Default Required
enable_alibaba Enable / Disable Alibaba bool false yes
enable_amazon Enable / Disable Amazon bool false yes
enable_digitalocean Enable / Disable DigitalOcean bool false yes
enable_google Enable / Disable Google bool false yes
enable_microsoft Enable / Disable Microsoft bool false yes
enable_oracle Enable / Disable Oracle bool false yes
nodes Kubernetes worker nodes (e.g. 2) number 2 no
ali_access_key Alibaba Cloud AccessKey ID string yes
ali_secret_key Alibaba Cloud Access Key Secret string yes
aws_profile AWS cli profile (e.g. default) string default yes
gcp_project GCP Project ID string yes
az_client_id Azure Service Principal appId string yes
az_client_secret Azure Service Principal password string yes
az_tenant_id Azure Service Principal tenant string yes
do_token Digital Ocean personal access (API) token string yes
oci_user_ocid OCI User OCID string yes
oci_tenancy_ocid OCI Tenancy OCID string yes
oci_fingerprint OCI SSH public key fingerprint string yes


  • Combine multiple kubeconfig files into one
  • (partly implemented): Allow K8s API access only from workstation IP
  • Fix OCI destroy dependencies