doc review + updates

pull/79/head
khenidak 2016-10-01 16:09:16 -07:00
parent c31b40de8b
commit 51235f4234
5 changed files with 37 additions and 28 deletions

View File

@ -6,6 +6,8 @@ This tutorial is optimized for learning, which means taking the long route to he
* [Google Compute Engine](https://cloud.google.com/compute) * [Google Compute Engine](https://cloud.google.com/compute)
* [Amazon EC2](https://aws.amazon.com/ec2) * [Amazon EC2](https://aws.amazon.com/ec2)
* [Microsoft Azure](https://azure.microsoft.com)
> The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning! > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning!
@ -46,16 +48,21 @@ AWS
* The us-west-2 region will be used * The us-west-2 region will be used
AWS
* The "west us" region will be used
## Platforms ## Platforms
This tutorial assumes you have access to one of the following: This tutorial assumes you have access to one of the following:
* [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+) * [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+)
* [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+) * [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+)
* [Microsoft Azure](https://azure.microsoft.com), the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) (0.10.1+), and [jq](https://stedolan.github.io/jq) (1.5+)
## Labs ## Labs
While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform. While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
* [Cloud Infrastructure Provisioning](docs/01-infrastructure.md) * [Cloud Infrastructure Provisioning](docs/01-infrastructure.md)
* [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md) * [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md)

View File

@ -3,35 +3,39 @@ This lab will walk you through provisioning the compute instances required for r
The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group. The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group.
After completing this guide you should have the following compute instances:
##### add screen shot #### > All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
> All machines and load balancers will be provisioned with fixed private IP addresses to simplify the bootstrap process. The cluster VNs are only accessible via a jump box (a VM with publicly accessible ssh endpoint). The workers machines are exposed via external load balancer that carries both an public IP and public FQDN.
The control plane machines are only accessible via a jump box (a VM with publically accessable ssh). The workers machines are exposed via external load balancer that carries both an public IP and public addressable dns FQDN.
## Variables ## Variables
``` Change the following values as needed.
#change the following values as needed.
```
# dns for jumpbox is <jumpboxDnsLabel>.westus.cloudapp.azure.com # dns for jumpbox is <jumpboxDnsLabel>.westus.cloudapp.azure.com
jumpboxDnsLabel="the-hard-way-jumpbox" jumpboxDnsLabel="the-hard-way-jumpbox"
```
```
# dns for workers is <workersDnsLabel>.westus.cloudapp.azure.com # dns for workers is <workersDnsLabel>.westus.cloudapp.azure.com
workersDnsLabel="the-hard-way" workersDnsLabel="the-hard-way"
```
```
#storage account used by jumpbox + controllers + Etcd VMs #storage account used by jumpbox + controllers + Etcd VMs
controlPlaneStorageAccount="thehardwaycsa" controlPlaneStorageAccount="thehardwaycsa"
```
```
#storage account used by workers VMs #storage account used by workers VMs
workersStorageAccount="thehardwaywsa" workersStorageAccount="thehardwaywsa"
```
```
# all vms are using ubunut 16.4 LTS # all vms are using ubunut 16.4 LTS
imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest" imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest"
``` ```
## Create Resource Group ## Create Resource Group
@ -63,7 +67,7 @@ azure network nsg create \
``` ```
Create NSG Rule Allowing SSH to Our Jump Box Create NSG rule allowing SSH to the jumpbox
``` ```
azure network nsg rule create \ azure network nsg rule create \
@ -90,12 +94,11 @@ azure network vnet create \
--location "West Us" --location "West Us"
``` ```
Create Subnets Create subnets
``` ```
# Azure UDR routes traffic going outside # Azure UDR routes traffic subnet's eggress
# the subnet # workers & pod ips have to be 2 separate subnets
# workers have to be on their own subnet
azure network vnet subnet create \ azure network vnet subnet create \
--resource-group the-hard-way \ --resource-group the-hard-way \
@ -146,7 +149,7 @@ azure network public-ip create \
## Virtual Machines ## Virtual Machines
Create SSH Key (Used by All VMs) Create SSH keys (Used by All VMs)
``` ```
mkdir keys mkdir keys
@ -165,7 +168,7 @@ azure storage account create $controlPlaneStorageAccount \
--location "West Us" --location "West Us"
``` ```
Create storage account for works VMs Create storage account for workers VMs
``` ```
azure storage account create $workersStorageAccount \ azure storage account create $workersStorageAccount \
@ -179,7 +182,7 @@ azure storage account create $workersStorageAccount \
### Jump Box ### Jump Box
#### Create Nic (Private IP + Public IP) #### Create Nic (Private IP + Public IP + FQDN)
``` ```
azure network nic create \ azure network nic create \
@ -320,8 +323,7 @@ azure vm create \
#### Controllers Internal Load Balancer #### Controllers Internal Load Balancer
Create load balancer
Create controllers internal load balancer
``` ```
azure network lb create \ azure network lb create \
@ -495,7 +497,7 @@ azure network lb create \
--location "West Us" --location "West Us"
``` ```
Assign the front-end public IP to the load balancer Assign the front-end public IP + FQDN to the load balancer
``` ```
azure network lb frontend-ip create \ azure network lb frontend-ip create \
@ -670,7 +672,7 @@ ssh -i ./keys/cluster \
thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com
``` ```
### Copy the cluster private key to Jumpbox ### Copy the cluster private key to jumpbox
``` ```
scp -i ./keys/cluster \ scp -i ./keys/cluster \

View File

@ -278,6 +278,7 @@ KUBERNETES_JUMPBOX_ADDRESS=$(azure network public-ip show \
--json | jq -r '.dnsSettings.fqdn') --json | jq -r '.dnsSettings.fqdn')
# Copy files to jumpbox # Copy files to jumpbox
scp -i ./keys/cluster \ scp -i ./keys/cluster \
ca.pem \ ca.pem \
kubernetes-key.pem \ kubernetes-key.pem \
@ -295,5 +296,4 @@ ssh -i ./keys/cluster \
done done
EOF EOF
``` ```

View File

@ -40,10 +40,10 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
### Azure ### Azure
``` ```
# for this work, we are configuring kubectl on jumpbox # we are configuring kubectl on jumpbox
# The controllers are exposed via internal load balancer # The controllers are exposed via internal load balancer
# access is only allowed within the VNET # access is only allowed within the VNET
# (or ssh -L ... port 6443 .. from jumpbox to internal lb) # (outside the vnet ssh -L ... port 6443 .. from jumpbox to internal lb)
KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \ KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \
--resource-group the-hard-way \ --resource-group the-hard-way \
--name the-hard-way-clb \ --name the-hard-way-clb \

View File

@ -89,7 +89,7 @@ NODE_PUBLIC_IP=$(azure network public-ip show \
--name the-hard-way-workers \ --name the-hard-way-workers \
--json | jq -r '.dnsSettings.fqdn') --json | jq -r '.dnsSettings.fqdn')
# Add NSG rule to enable traffic to node ports # Add NSG rule to enable traffic to workers' node ports
azure network nsg rule create \ azure network nsg rule create \
--resource-group the-hard-way \ --resource-group the-hard-way \
@ -103,7 +103,7 @@ azure network nsg rule create \
--priority 110 \ --priority 110 \
--direction inbound --direction inbound
# Create balancing rules NODE_PORT:NODE_PORT on the load balancer # Create load balancer rule NODE_PORT:NODE_PORT on the load balancer
azure network lb probe create \ azure network lb probe create \
--resource-group the-hard-way \ --resource-group the-hard-way \