doc review + updates

pull/79/head
khenidak 2016-10-01 16:09:16 -07:00
parent c31b40de8b
commit 51235f4234
5 changed files with 37 additions and 28 deletions

View File

@ -6,6 +6,8 @@ This tutorial is optimized for learning, which means taking the long route to he
* [Google Compute Engine](https://cloud.google.com/compute)
* [Amazon EC2](https://aws.amazon.com/ec2)
* [Microsoft Azure](https://azure.microsoft.com)
> The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning!
@ -46,16 +48,21 @@ AWS
* The us-west-2 region will be used
AWS
* The "west us" region will be used
## Platforms
This tutorial assumes you have access to one of the following:
* [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+)
* [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+)
* [Microsoft Azure](https://azure.microsoft.com), the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) (0.10.1+), and [jq](https://stedolan.github.io/jq) (1.5+)
## Labs
While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
* [Cloud Infrastructure Provisioning](docs/01-infrastructure.md)
* [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md)

View File

@ -3,35 +3,39 @@ This lab will walk you through provisioning the compute instances required for r
The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group.
After completing this guide you should have the following compute instances:
##### add screen shot ####
> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
> All machines and load balancers will be provisioned with fixed private IP addresses to simplify the bootstrap process.
The control plane machines are only accessible via a jump box (a VM with publically accessable ssh). The workers machines are exposed via external load balancer that carries both an public IP and public addressable dns FQDN.
The cluster VNs are only accessible via a jump box (a VM with publicly accessible ssh endpoint). The workers machines are exposed via external load balancer that carries both an public IP and public FQDN.
## Variables
```
#change the following values as needed.
Change the following values as needed.
```
# dns for jumpbox is <jumpboxDnsLabel>.westus.cloudapp.azure.com
jumpboxDnsLabel="the-hard-way-jumpbox"
```
```
# dns for workers is <workersDnsLabel>.westus.cloudapp.azure.com
workersDnsLabel="the-hard-way"
```
```
#storage account used by jumpbox + controllers + Etcd VMs
controlPlaneStorageAccount="thehardwaycsa"
```
```
#storage account used by workers VMs
workersStorageAccount="thehardwaywsa"
```
```
# all vms are using ubunut 16.4 LTS
imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest"
```
## Create Resource Group
@ -63,7 +67,7 @@ azure network nsg create \
```
Create NSG Rule Allowing SSH to Our Jump Box
Create NSG rule allowing SSH to the jumpbox
```
azure network nsg rule create \
@ -90,12 +94,11 @@ azure network vnet create \
--location "West Us"
```
Create Subnets
Create subnets
```
# Azure UDR routes traffic going outside
# the subnet
# workers have to be on their own subnet
# Azure UDR routes traffic subnet's eggress
# workers & pod ips have to be 2 separate subnets
azure network vnet subnet create \
--resource-group the-hard-way \
@ -146,7 +149,7 @@ azure network public-ip create \
## Virtual Machines
Create SSH Key (Used by All VMs)
Create SSH keys (Used by All VMs)
```
mkdir keys
@ -165,7 +168,7 @@ azure storage account create $controlPlaneStorageAccount \
--location "West Us"
```
Create storage account for works VMs
Create storage account for workers VMs
```
azure storage account create $workersStorageAccount \
@ -179,7 +182,7 @@ azure storage account create $workersStorageAccount \
### Jump Box
#### Create Nic (Private IP + Public IP)
#### Create Nic (Private IP + Public IP + FQDN)
```
azure network nic create \
@ -320,8 +323,7 @@ azure vm create \
#### Controllers Internal Load Balancer
Create controllers internal load balancer
Create load balancer
```
azure network lb create \
@ -495,7 +497,7 @@ azure network lb create \
--location "West Us"
```
Assign the front-end public IP to the load balancer
Assign the front-end public IP + FQDN to the load balancer
```
azure network lb frontend-ip create \
@ -670,7 +672,7 @@ ssh -i ./keys/cluster \
thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com
```
### Copy the cluster private key to Jumpbox
### Copy the cluster private key to jumpbox
```
scp -i ./keys/cluster \

View File

@ -270,14 +270,15 @@ If you used a different machine
```
#Get jumpbox address
# Get jumpbox address
KUBERNETES_JUMPBOX_ADDRESS=$(azure network public-ip show \
--resource-group the-hard-way \
--name the-hard-way-jumpbox \
--json | jq -r '.dnsSettings.fqdn')
#Copy files to jumpbox
# Copy files to jumpbox
scp -i ./keys/cluster \
ca.pem \
kubernetes-key.pem \
@ -295,5 +296,4 @@ ssh -i ./keys/cluster \
done
EOF
```

View File

@ -40,10 +40,10 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
### Azure
```
# for this work, we are configuring kubectl on jumpbox
# we are configuring kubectl on jumpbox
# The controllers are exposed via internal load balancer
# access is only allowed within the VNET
# (or ssh -L ... port 6443 .. from jumpbox to internal lb)
# (outside the vnet ssh -L ... port 6443 .. from jumpbox to internal lb)
KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \
--resource-group the-hard-way \
--name the-hard-way-clb \

View File

@ -89,7 +89,7 @@ NODE_PUBLIC_IP=$(azure network public-ip show \
--name the-hard-way-workers \
--json | jq -r '.dnsSettings.fqdn')
# Add NSG rule to enable traffic to node ports
# Add NSG rule to enable traffic to workers' node ports
azure network nsg rule create \
--resource-group the-hard-way \
@ -103,7 +103,7 @@ azure network nsg rule create \
--priority 110 \
--direction inbound
# Create balancing rules NODE_PORT:NODE_PORT on the load balancer
# Create load balancer rule NODE_PORT:NODE_PORT on the load balancer
azure network lb probe create \
--resource-group the-hard-way \