diff --git a/README.md b/README.md index cbabade..8f7ccaa 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ This tutorial is optimized for learning, which means taking the long route to he * [Google Compute Engine](https://cloud.google.com/compute) * [Amazon EC2](https://aws.amazon.com/ec2) +* [Microsoft Azure](https://azure.microsoft.com) + > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning! @@ -46,16 +48,21 @@ AWS * The us-west-2 region will be used +AWS + +* The "west us" region will be used + ## Platforms This tutorial assumes you have access to one of the following: * [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+) * [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+) +* [Microsoft Azure](https://azure.microsoft.com), the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) (0.10.1+), and [jq](https://stedolan.github.io/jq) (1.5+) ## Labs -While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform. +While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform. * [Cloud Infrastructure Provisioning](docs/01-infrastructure.md) * [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md) diff --git a/docs/01-infrastructure-azure.md b/docs/01-infrastructure-azure.md index fee2b27..203849d 100644 --- a/docs/01-infrastructure-azure.md +++ b/docs/01-infrastructure-azure.md @@ -3,35 +3,39 @@ This lab will walk you through provisioning the compute instances required for r The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group. -After completing this guide you should have the following compute instances: -##### add screen shot #### +> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process. -> All machines and load balancers will be provisioned with fixed private IP addresses to simplify the bootstrap process. - -The control plane machines are only accessible via a jump box (a VM with publically accessable ssh). The workers machines are exposed via external load balancer that carries both an public IP and public addressable dns FQDN. +The cluster VNs are only accessible via a jump box (a VM with publicly accessible ssh endpoint). The workers machines are exposed via external load balancer that carries both an public IP and public FQDN. ## Variables -``` -#change the following values as needed. +Change the following values as needed. +``` # dns for jumpbox is .westus.cloudapp.azure.com jumpboxDnsLabel="the-hard-way-jumpbox" +``` +``` # dns for workers is .westus.cloudapp.azure.com workersDnsLabel="the-hard-way" +``` +``` #storage account used by jumpbox + controllers + Etcd VMs controlPlaneStorageAccount="thehardwaycsa" +``` +``` #storage account used by workers VMs workersStorageAccount="thehardwaywsa" +``` +``` # all vms are using ubunut 16.4 LTS imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest" - ``` ## Create Resource Group @@ -63,7 +67,7 @@ azure network nsg create \ ``` -Create NSG Rule Allowing SSH to Our Jump Box +Create NSG rule allowing SSH to the jumpbox ``` azure network nsg rule create \ @@ -90,12 +94,11 @@ azure network vnet create \ --location "West Us" ``` -Create Subnets +Create subnets ``` -# Azure UDR routes traffic going outside -# the subnet -# workers have to be on their own subnet +# Azure UDR routes traffic subnet's eggress +# workers & pod ips have to be 2 separate subnets azure network vnet subnet create \ --resource-group the-hard-way \ @@ -146,7 +149,7 @@ azure network public-ip create \ ## Virtual Machines -Create SSH Key (Used by All VMs) +Create SSH keys (Used by All VMs) ``` mkdir keys @@ -165,7 +168,7 @@ azure storage account create $controlPlaneStorageAccount \ --location "West Us" ``` -Create storage account for works VMs +Create storage account for workers VMs ``` azure storage account create $workersStorageAccount \ @@ -179,7 +182,7 @@ azure storage account create $workersStorageAccount \ ### Jump Box -#### Create Nic (Private IP + Public IP) +#### Create Nic (Private IP + Public IP + FQDN) ``` azure network nic create \ @@ -320,8 +323,7 @@ azure vm create \ #### Controllers Internal Load Balancer - -Create controllers internal load balancer +Create load balancer ``` azure network lb create \ @@ -495,7 +497,7 @@ azure network lb create \ --location "West Us" ``` -Assign the front-end public IP to the load balancer +Assign the front-end public IP + FQDN to the load balancer ``` azure network lb frontend-ip create \ @@ -670,7 +672,7 @@ ssh -i ./keys/cluster \ thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com ``` -### Copy the cluster private key to Jumpbox +### Copy the cluster private key to jumpbox ``` scp -i ./keys/cluster \ diff --git a/docs/02-certificate-authority.md b/docs/02-certificate-authority.md index 5eb8500..50b5884 100644 --- a/docs/02-certificate-authority.md +++ b/docs/02-certificate-authority.md @@ -270,14 +270,15 @@ If you used a different machine ``` -#Get jumpbox address +# Get jumpbox address KUBERNETES_JUMPBOX_ADDRESS=$(azure network public-ip show \ --resource-group the-hard-way \ --name the-hard-way-jumpbox \ --json | jq -r '.dnsSettings.fqdn') -#Copy files to jumpbox +# Copy files to jumpbox + scp -i ./keys/cluster \ ca.pem \ kubernetes-key.pem \ @@ -295,5 +296,4 @@ ssh -i ./keys/cluster \ done EOF - ``` \ No newline at end of file diff --git a/docs/06-kubectl.md b/docs/06-kubectl.md index c4a8b4e..f1e6a8a 100644 --- a/docs/06-kubectl.md +++ b/docs/06-kubectl.md @@ -40,10 +40,10 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \ ### Azure ``` -# for this work, we are configuring kubectl on jumpbox +# we are configuring kubectl on jumpbox # The controllers are exposed via internal load balancer # access is only allowed within the VNET -# (or ssh -L ... port 6443 .. from jumpbox to internal lb) +# (outside the vnet ssh -L ... port 6443 .. from jumpbox to internal lb) KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \ --resource-group the-hard-way \ --name the-hard-way-clb \ diff --git a/docs/09-smoke-test.md b/docs/09-smoke-test.md index 3d8af30..7d90d1f 100644 --- a/docs/09-smoke-test.md +++ b/docs/09-smoke-test.md @@ -89,7 +89,7 @@ NODE_PUBLIC_IP=$(azure network public-ip show \ --name the-hard-way-workers \ --json | jq -r '.dnsSettings.fqdn') -# Add NSG rule to enable traffic to node ports +# Add NSG rule to enable traffic to workers' node ports azure network nsg rule create \ --resource-group the-hard-way \ @@ -103,7 +103,7 @@ azure network nsg rule create \ --priority 110 \ --direction inbound -# Create balancing rules NODE_PORT:NODE_PORT on the load balancer +# Create load balancer rule NODE_PORT:NODE_PORT on the load balancer azure network lb probe create \ --resource-group the-hard-way \