Today we are introducing Kubeform: A tool for provisioning production ready Kubernetes clusters to any cloud with security, scalability and maintainability in mind. We’ve had this project open-source for a little while but have been a tad slow to get a blog post out!

As of today, Kubeform comes with support for AWS, DigitalOcean and local clusters via Docker Compose. We plan on adding support for Google Compute Engine and Microsoft Azure in the very near future.

Kubeform leverages Terraform, Ansible and CoreOS as the basic building blocks for your Kubernetes clusters. We’ve been using these technologies in combination successfully for a while and this builds on some work we’ve already done with our sister project Apollo around Apache Mesos.

Our approach (although we didn’t discover the community were looking at this until recently) falls in line with some of the thinking around a proposed v2 for kubernetes deployments.


Out of the box we configure Kubernetes in HA mode with 3 master API servers by default using Podmaster for leader election and a configurable number of worker nodes (which can be configured via a terraform variable). We also provide “edge router nodes” (again configurable) used for ingress load balancing.

The AWS setup closely follows the CoreOS guide for Kubernetes on AWS with all elements secured with TLS certificates using tf_tls.

We set up the edge router nodes with Traefik as an ingress controller by default. We are also looking to support Nginx and alternative solutions like Vamp for richer A-B testing/canary releasing.

SkyDNS is enabled by default and the Kubernetes Dashboard project is turned on as well, allowing an operator to view the state of the cluster through a nice web UI.

We have additional support for Helm which can be enabled to provide the Deis Workflow by default.

Please give it a spin and let us know if you have any feedback. We have documentation on Github which includes getting started guides for various providers.

Future plans

We plan on improving the cloud support and adding more features in the very near future. We’re looking at things such as increased integration with Deis and Helm, Authentication support via Dex, Storage support for Torus, integration with Kubernetes network policy APIs and multi-datacenter cluster federation through Ubernetes. Check out the issue queue and roadmap to see what’s coming and feel free to pitch in with any ideas.

For more information, and to get up and running please see our Github repository. Feel free to get in touch or open an issue if you run into trouble.

Join our team

If you like the sound of what you've read and would like to join our team, we're hiring!

Find out more about working with Capgemini