From c31b40de8b990c4b547530d5f6a853440a498e86 Mon Sep 17 00:00:00 2001 From: khenidak Date: Sat, 1 Oct 2016 15:40:07 -0700 Subject: [PATCH] split subnets to allow UDR to work + completed all configs --- docs/01-infrastructure-azure.md | 49 ++++++++++++++++++++++---------- docs/02-certificate-authority.md | 7 +++++ docs/03-etcd.md | 2 ++ docs/04-kubernetes-controller.md | 3 +- docs/07-network.md | 28 ++++++++++++++++++ docs/09-smoke-test.md | 46 ++++++++++++++++++++++++++++++ docs/10-cleanup.md | 8 ++++++ 7 files changed, 127 insertions(+), 16 deletions(-) diff --git a/docs/01-infrastructure-azure.md b/docs/01-infrastructure-azure.md index 4de5138..fee2b27 100644 --- a/docs/01-infrastructure-azure.md +++ b/docs/01-infrastructure-azure.md @@ -90,19 +90,40 @@ azure network vnet create \ --location "West Us" ``` -Create Kubernetes Subnet +Create Subnets ``` +# Azure UDR routes traffic going outside +# the subnet +# workers have to be on their own subnet + +azure network vnet subnet create \ + --resource-group the-hard-way \ + --vnet-name the-hard-way-net \ + --name kubernetes-mgmt \ + --address-prefix 10.0.0.0/16 + + azure network vnet subnet create \ --resource-group the-hard-way \ --vnet-name the-hard-way-net \ --name kubernetes \ - --address-prefix 10.0.0.0/8 -``` + --address-prefix 10.239.0.0/11 -Link Routing Table and NSG to Kubernetes Subnet ``` + +Link routing table and NSG to Kubernetes/-mgmt subnets + +``` +azure network vnet subnet set \ + --resource-group the-hard-way \ + --vnet-name the-hard-way-net \ + --name kubernetes-mgmt \ + --network-security-group-name the-hard-way-nsg \ + --route-table-name the-hard-way-rtable + + azure network vnet subnet set \ --resource-group the-hard-way \ --vnet-name the-hard-way-net \ @@ -112,13 +133,13 @@ azure network vnet subnet set \ ``` -Create Public IP + DNS label for JumpBox +Create public IP + DNS label for the jumpbox ``` azure network public-ip create \ --resource-group the-hard-way \ --name the-hard-way-jumpbox \ - --allocation-method Static \ + --allocation-method Dynamic \ --domain-name-label $jumpboxDnsLabel \ --location "West Us" ``` @@ -166,7 +187,7 @@ azure network nic create \ --name jumpbox-nic \ --private-ip-address "10.0.0.5" \ --subnet-vnet-name the-hard-way-net \ - --subnet-name kubernetes \ + --subnet-name kubernetes-mgmt \ --public-ip-name the-hard-way-jumpbox \ --location "West Us" ``` @@ -180,7 +201,7 @@ azure vm create \ --vm-size Standard_A1 \ --nic-name jumpbox-nic \ --vnet-name the-hard-way-net \ - --vnet-subnet-name kubernetes \ + --vnet-subnet-name kubernetes-mgmt \ --os-type linux \ --image-urn $imageUrn \ --storage-account-name $controlPlaneStorageAccount \ @@ -300,7 +321,7 @@ azure vm create \ #### Controllers Internal Load Balancer -Create controllers load balancer +Create controllers internal load balancer ``` azure network lb create \ @@ -316,7 +337,7 @@ azure network lb frontend-ip create \ --resource-group the-hard-way \ --name the-hard-way-cfe \ --lb-name the-hard-way-clb \ - --private-ip-address "10.0.0.4" \ + --private-ip-address "10.240.0.4" \ --subnet-vnet-name the-hard-way-net \ --subnet-name kubernetes ``` @@ -454,13 +475,13 @@ azure vm create \ #### Workers External Load Balancer -Create public IP + DNS label for workers ingestion load balancer +Create public IP + DNS label for workers ingestion external load balancer ``` azure network public-ip create \ --resource-group the-hard-way \ --name the-hard-way-workers \ - --allocation-method Static \ + --allocation-method Dynamic \ --domain-name-label $workersDnsLabel \ --location "West Us" ``` @@ -481,9 +502,7 @@ azure network lb frontend-ip create \ --resource-group the-hard-way \ --name the-hard-way-fe \ --lb-name the-hard-way-lb \ - --public-ip-name the-hard-way-workers \ - --subnet-vnet-name the-hard-way-net \ - --subnet-name kubernetes + --public-ip-name the-hard-way-workers ``` Create a backend address pool for the load balancer diff --git a/docs/02-certificate-authority.md b/docs/02-certificate-authority.md index dde628e..5eb8500 100644 --- a/docs/02-certificate-authority.md +++ b/docs/02-certificate-authority.md @@ -138,6 +138,9 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \ ``` #### Azure + +this gets the address of the internal controllers load balancer + ``` KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \ --resource-group the-hard-way \ @@ -253,14 +256,18 @@ done ``` ### Azure + If you are using the jumpbox to create the certificates + ``` for host in ${KUBERNETES_HOSTS[*]}; do scp -i ./cluster ca.pem kubernetes-key.pem kubernetes.pem \ thehardway@${host}:~/ done ``` + If you used a different machine + ``` #Get jumpbox address diff --git a/docs/03-etcd.md b/docs/03-etcd.md index f2eae9d..3fa1586 100644 --- a/docs/03-etcd.md +++ b/docs/03-etcd.md @@ -96,9 +96,11 @@ INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) ``` #### Azure + ``` INTERNAL_IP=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{print $1}') ``` + --- Set the etcd name: diff --git a/docs/04-kubernetes-controller.md b/docs/04-kubernetes-controller.md index 489d57b..24aeda1 100644 --- a/docs/04-kubernetes-controller.md +++ b/docs/04-kubernetes-controller.md @@ -126,6 +126,7 @@ INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) ``` #### Azure + ``` INTERNAL_IP=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{print $1}') ``` @@ -336,6 +337,7 @@ aws elb register-instances-with-load-balancer \ ### Azure + ``` azure network lb probe create \ --resource-group the-hard-way \ @@ -355,5 +357,4 @@ azure network lb rule create \ --frontend-ip-name the-hard-way-cfe \ --backend-address-pool-name backend-pool\ --probe-name controller-api-server-health - ``` \ No newline at end of file diff --git a/docs/07-network.md b/docs/07-network.md index 0d66381..3e6fe5c 100644 --- a/docs/07-network.md +++ b/docs/07-network.md @@ -118,3 +118,31 @@ aws ec2 create-route \ --destination-cidr-block 10.200.2.0/24 \ --instance-id ${WORKER_2_INSTANCE_ID} ``` + +### Azure + +``` +azure network route-table route create \ + --resource-group the-hard-way \ + --name worker0-route \ + --route-table-name the-hard-way-rtable \ + --address-prefix 10.200.0.0/24 \ + --next-hop-ip-address 10.240.0.30 \ + --next-hop-type VirtualAppliance + +azure network route-table route create \ + --resource-group the-hard-way \ + --name worker1-route \ + --route-table-name the-hard-way-rtable \ + --address-prefix 10.200.1.0/24 \ + --next-hop-ip-address 10.240.0.31 \ + --next-hop-type VirtualAppliance + +azure network route-table route create \ + --resource-group the-hard-way \ + --name worker2-route \ + --route-table-name the-hard-way-rtable \ + --address-prefix 10.200.2.0/24 \ + --next-hop-ip-address 10.240.0.32 \ + --next-hop-type VirtualAppliance +``` \ No newline at end of file diff --git a/docs/09-smoke-test.md b/docs/09-smoke-test.md index a812108..3d8af30 100644 --- a/docs/09-smoke-test.md +++ b/docs/09-smoke-test.md @@ -79,6 +79,52 @@ NODE_PUBLIC_IP=$(aws ec2 describe-instances \ jq -j '.Reservations[].Instances[].PublicIpAddress') ``` +#### Azure + +``` +# Get the fqdn for the public worker ingestion load balancer + +NODE_PUBLIC_IP=$(azure network public-ip show \ + --resource-group the-hard-way \ + --name the-hard-way-workers \ + --json | jq -r '.dnsSettings.fqdn') + +# Add NSG rule to enable traffic to node ports + +azure network nsg rule create \ + --resource-group the-hard-way \ + --nsg-name the-hard-way-nsg \ + --name allow-internet-$NODE_PORT \ + --protocol tcp \ + --access allow \ + --source-address-prefix Internet \ + --destination-address-prefix 10.240.0.0/16 \ + --destination-port-range $NODE_PORT \ + --priority 110 \ + --direction inbound + +# Create balancing rules NODE_PORT:NODE_PORT on the load balancer + +azure network lb probe create \ + --resource-group the-hard-way \ + --lb-name the-hard-way-lb \ + --name nginx-app-health \ + --interval 5 \ + --port $NODE_PORT \ + --protocol tcp + + +azure network lb rule create \ + --resource-group the-hard-way \ + --lb-name the-hard-way-lb \ + --name nginx-app \ + --frontend-port $NODE_PORT \ + --backend-port $NODE_PORT \ + --frontend-ip-name the-hard-way-fe \ + --backend-address-pool-name backend-pool\ + --probe-name nginx-app-health +``` + --- Test the nginx service using cURL: diff --git a/docs/10-cleanup.md b/docs/10-cleanup.md index d59006a..977641a 100644 --- a/docs/10-cleanup.md +++ b/docs/10-cleanup.md @@ -206,3 +206,11 @@ DHCP_OPTION_SET_ID=$(aws ec2 describe-dhcp-options \ aws ec2 delete-dhcp-options \ --dhcp-options-id ${DHCP_OPTION_SET_ID} ``` + +## Azure + +The following deletes all resources created. + +``` +azure group delete the-hard-way +``` \ No newline at end of file