Video Thumbnail for Lesson
3.3: Remote Civo Cluster

Provisioning a Civo Kubernetes Cluster

In this section, you will set up a Kubernetes cluster using Civo, a cloud provider that offers a simple and fast way to create Kubernetes clusters.

0. Create an Account (if You Don't Have One)

If you don't already have an account with Civo, you can sign up here

New accounts receive a $250 credit for use during the first month, which should be more than enough to cover everything in this course during that first month!

🚨 NOTE: Sometimes account verification from Civo is required for new accounts (so sign up before you want to use it!)

1. Authenticating the Civo CLI

Before creating the cluster, you need to authenticate the Civo CLI. Follow these steps to obtain your API key and save it.

To get an API key you need to:

  1. Log in or create an account at
  2. Create a team at
  3. Add yourself to the team
  4. Navigate to to get the API key
# task civo:00-authenticate-cli
#  - Authenticate the Civo CLI.
civo apikey save
civo apikey ls

Make sure to set the current key as the default with civo apikey current <KEY_NAME> (if it is not already).

2. Creating the Network

While we could deploy the cluster into the default network, it is better practice to create a network first.

# task civo:01-create-network
#  - Create a Civo network.
civo network create ${CLUSTER_NAME} --region ${CIVO_REGION}

3. Setting Up the Firewall

Next, create a firewall and set up rules to allow necessary traffic.

When creating a firewall via the API, Civo creates a set of firewall rules that allow all traffic on all ports which is NOT what we want.

We will delete these rules and create a set of our own that allow traffic on ports 80 + 443 (for inbound traffic from the internet to our applications) and port 6443 for traffic to the Kubernetes API server.

🚨 Note: If you wanted to lock down access to the k8s API, you could instead only allow traffic on 6443 from your IP (or that of a bastion host)

# task civo:02-create-firewall
#  - Create a Civo firewall and set up rules.
civo firewall create ${CLUSTER_NAME} --network ${CLUSTER_NAME} --create-rules false --region ${CIVO_REGION}
ingress_rule_ids=$(civo firewall rule ls ${CLUSTER_NAME} -o json | jq -r '.[] | select(.direction == "ingress") | .id')
for rule_id in $ingress_rule_ids; do
  civo firewall rule remove ${CLUSTER_NAME} $rule_id -y --region ${CIVO_REGION}
civo firewall rule create ${CLUSTER_NAME} --startport 80 --endport 80 --cidr --protocol TCP --region ${CIVO_REGION}
civo firewall rule create ${CLUSTER_NAME} --startport 443 --endport 443 --cidr --protocol TCP --region ${CIVO_REGION}
civo firewall rule create ${CLUSTER_NAME} --startport 6443 --endport 6443 --cidr --protocol TCP --region ${CIVO_REGION}

4. Creating the Kubernetes Cluster

With the network and firewall created, we can now, create the Kubernetes cluster. This will take a couple of minutes.

# task civo:03-create-cluster
#  - Create a Civo Kubernetes cluster.
civo kubernetes create ${CLUSTER_NAME} --network ${CLUSTER_NAME} --existing-firewall ${CLUSTER_NAME} --nodes 2 --size g4s.kube.medium --remove-applications "traefik2-nodeport" --wait

5. Getting the Kubeconfig

Retrieve the kubeconfig file for your cluster to connect with kubectl.

# task civo:05-get-kubeconfig
#  - Get kubeconfig for the cluster.
civo kubernetes config ${CLUSTER_NAME} --save --switch

You should now have a fully functioning Civo Kubernetes cluster. Verify by running:

kubectl get nodes

6. Cleaning Up the Cluster

After completing your work with the cluster, you can clean up by deleting the cluster and associated resources.

Because Civo clusters create/destroy so quickly, if you are using it for experimentation/learning you can easily destroy when not in use and recreate the next time you want to start again!

# task civo:06-clean-up
#  - Clean up the Civo Kubernetes cluster and associated resources.
civo kubernetes delete ${CLUSTER_NAME} -y
sleep 10 # There is some delay on the Civo side from cluster being deleted to it being removed from the firewall rule usage
civo firewall delete ${CLUSTER_NAME} -y
civo network delete ${CLUSTER_NAME} -y