doc review + updates
parent
c31b40de8b
commit
51235f4234
|
@ -6,6 +6,8 @@ This tutorial is optimized for learning, which means taking the long route to he
|
|||
|
||||
* [Google Compute Engine](https://cloud.google.com/compute)
|
||||
* [Amazon EC2](https://aws.amazon.com/ec2)
|
||||
* [Microsoft Azure](https://azure.microsoft.com)
|
||||
|
||||
|
||||
> The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning!
|
||||
|
||||
|
@ -46,16 +48,21 @@ AWS
|
|||
|
||||
* The us-west-2 region will be used
|
||||
|
||||
AWS
|
||||
|
||||
* The "west us" region will be used
|
||||
|
||||
## Platforms
|
||||
|
||||
This tutorial assumes you have access to one of the following:
|
||||
|
||||
* [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/) (125.0.0+)
|
||||
* [Amazon Web Services](https://aws.amazon.com), the [AWS CLI](https://aws.amazon.com/cli) (1.10.63+), and [jq](https://stedolan.github.io/jq) (1.5+)
|
||||
* [Microsoft Azure](https://azure.microsoft.com), the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) (0.10.1+), and [jq](https://stedolan.github.io/jq) (1.5+)
|
||||
|
||||
## Labs
|
||||
|
||||
While GCP or AWS will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
|
||||
While GCP, AWS or Azure will be used for basic infrastructure needs, the things learned in this tutorial apply to every platform.
|
||||
|
||||
* [Cloud Infrastructure Provisioning](docs/01-infrastructure.md)
|
||||
* [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md)
|
||||
|
|
|
@ -3,35 +3,39 @@ This lab will walk you through provisioning the compute instances required for r
|
|||
|
||||
The guide assumes you'll be creating resources in the `West Us` region as a single Azure Resource Manager resource group.
|
||||
|
||||
After completing this guide you should have the following compute instances:
|
||||
|
||||
##### add screen shot ####
|
||||
> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
|
||||
|
||||
> All machines and load balancers will be provisioned with fixed private IP addresses to simplify the bootstrap process.
|
||||
|
||||
The control plane machines are only accessible via a jump box (a VM with publically accessable ssh). The workers machines are exposed via external load balancer that carries both an public IP and public addressable dns FQDN.
|
||||
The cluster VNs are only accessible via a jump box (a VM with publicly accessible ssh endpoint). The workers machines are exposed via external load balancer that carries both an public IP and public FQDN.
|
||||
|
||||
|
||||
## Variables
|
||||
|
||||
```
|
||||
#change the following values as needed.
|
||||
Change the following values as needed.
|
||||
|
||||
```
|
||||
# dns for jumpbox is <jumpboxDnsLabel>.westus.cloudapp.azure.com
|
||||
jumpboxDnsLabel="the-hard-way-jumpbox"
|
||||
```
|
||||
|
||||
```
|
||||
# dns for workers is <workersDnsLabel>.westus.cloudapp.azure.com
|
||||
workersDnsLabel="the-hard-way"
|
||||
```
|
||||
|
||||
```
|
||||
#storage account used by jumpbox + controllers + Etcd VMs
|
||||
controlPlaneStorageAccount="thehardwaycsa"
|
||||
```
|
||||
|
||||
```
|
||||
#storage account used by workers VMs
|
||||
workersStorageAccount="thehardwaywsa"
|
||||
```
|
||||
|
||||
```
|
||||
# all vms are using ubunut 16.4 LTS
|
||||
imageUrn="Canonical:UbuntuServer:16.04.0-LTS:latest"
|
||||
|
||||
```
|
||||
|
||||
## Create Resource Group
|
||||
|
@ -63,7 +67,7 @@ azure network nsg create \
|
|||
```
|
||||
|
||||
|
||||
Create NSG Rule Allowing SSH to Our Jump Box
|
||||
Create NSG rule allowing SSH to the jumpbox
|
||||
|
||||
```
|
||||
azure network nsg rule create \
|
||||
|
@ -90,12 +94,11 @@ azure network vnet create \
|
|||
--location "West Us"
|
||||
```
|
||||
|
||||
Create Subnets
|
||||
Create subnets
|
||||
|
||||
```
|
||||
# Azure UDR routes traffic going outside
|
||||
# the subnet
|
||||
# workers have to be on their own subnet
|
||||
# Azure UDR routes traffic subnet's eggress
|
||||
# workers & pod ips have to be 2 separate subnets
|
||||
|
||||
azure network vnet subnet create \
|
||||
--resource-group the-hard-way \
|
||||
|
@ -146,7 +149,7 @@ azure network public-ip create \
|
|||
|
||||
## Virtual Machines
|
||||
|
||||
Create SSH Key (Used by All VMs)
|
||||
Create SSH keys (Used by All VMs)
|
||||
|
||||
```
|
||||
mkdir keys
|
||||
|
@ -165,7 +168,7 @@ azure storage account create $controlPlaneStorageAccount \
|
|||
--location "West Us"
|
||||
```
|
||||
|
||||
Create storage account for works VMs
|
||||
Create storage account for workers VMs
|
||||
|
||||
```
|
||||
azure storage account create $workersStorageAccount \
|
||||
|
@ -179,7 +182,7 @@ azure storage account create $workersStorageAccount \
|
|||
|
||||
### Jump Box
|
||||
|
||||
#### Create Nic (Private IP + Public IP)
|
||||
#### Create Nic (Private IP + Public IP + FQDN)
|
||||
|
||||
```
|
||||
azure network nic create \
|
||||
|
@ -320,8 +323,7 @@ azure vm create \
|
|||
|
||||
#### Controllers Internal Load Balancer
|
||||
|
||||
|
||||
Create controllers internal load balancer
|
||||
Create load balancer
|
||||
|
||||
```
|
||||
azure network lb create \
|
||||
|
@ -495,7 +497,7 @@ azure network lb create \
|
|||
--location "West Us"
|
||||
```
|
||||
|
||||
Assign the front-end public IP to the load balancer
|
||||
Assign the front-end public IP + FQDN to the load balancer
|
||||
|
||||
```
|
||||
azure network lb frontend-ip create \
|
||||
|
@ -670,7 +672,7 @@ ssh -i ./keys/cluster \
|
|||
thehardway@$jumpboxDnsLabel.westus.cloudapp.azure.com
|
||||
```
|
||||
|
||||
### Copy the cluster private key to Jumpbox
|
||||
### Copy the cluster private key to jumpbox
|
||||
|
||||
```
|
||||
scp -i ./keys/cluster \
|
||||
|
|
|
@ -270,14 +270,15 @@ If you used a different machine
|
|||
|
||||
```
|
||||
|
||||
#Get jumpbox address
|
||||
# Get jumpbox address
|
||||
|
||||
KUBERNETES_JUMPBOX_ADDRESS=$(azure network public-ip show \
|
||||
--resource-group the-hard-way \
|
||||
--name the-hard-way-jumpbox \
|
||||
--json | jq -r '.dnsSettings.fqdn')
|
||||
|
||||
#Copy files to jumpbox
|
||||
# Copy files to jumpbox
|
||||
|
||||
scp -i ./keys/cluster \
|
||||
ca.pem \
|
||||
kubernetes-key.pem \
|
||||
|
@ -295,5 +296,4 @@ ssh -i ./keys/cluster \
|
|||
done
|
||||
|
||||
EOF
|
||||
|
||||
```
|
|
@ -40,10 +40,10 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
|
|||
### Azure
|
||||
|
||||
```
|
||||
# for this work, we are configuring kubectl on jumpbox
|
||||
# we are configuring kubectl on jumpbox
|
||||
# The controllers are exposed via internal load balancer
|
||||
# access is only allowed within the VNET
|
||||
# (or ssh -L ... port 6443 .. from jumpbox to internal lb)
|
||||
# (outside the vnet ssh -L ... port 6443 .. from jumpbox to internal lb)
|
||||
KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \
|
||||
--resource-group the-hard-way \
|
||||
--name the-hard-way-clb \
|
||||
|
|
|
@ -89,7 +89,7 @@ NODE_PUBLIC_IP=$(azure network public-ip show \
|
|||
--name the-hard-way-workers \
|
||||
--json | jq -r '.dnsSettings.fqdn')
|
||||
|
||||
# Add NSG rule to enable traffic to node ports
|
||||
# Add NSG rule to enable traffic to workers' node ports
|
||||
|
||||
azure network nsg rule create \
|
||||
--resource-group the-hard-way \
|
||||
|
@ -103,7 +103,7 @@ azure network nsg rule create \
|
|||
--priority 110 \
|
||||
--direction inbound
|
||||
|
||||
# Create balancing rules NODE_PORT:NODE_PORT on the load balancer
|
||||
# Create load balancer rule NODE_PORT:NODE_PORT on the load balancer
|
||||
|
||||
azure network lb probe create \
|
||||
--resource-group the-hard-way \
|
||||
|
|
Loading…
Reference in New Issue