mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
kubernetes-the-hard-way/docs/01-infrastructure-os.md

196 lines
6.5 KiB
Markdown
Raw Blame History

# Cloud Infrastructure Provisioning - OpenStack
This lab will walk you through provisioning the compute instances required for running a H/A Kubernetes cluster. A total of 6 virtual machines will be created.
After completing this guide you should have the following compute instances:
```
openstack server list
```
````
+--------------------------------------+-----------------+-----------+----------------------------------------+---------------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+-----------------+-----------+----------------------------------------+---------------------+
| 17da9ba7-a0c3-415a-9fe2-b2729d4ba3da | worker2 | ACTIVE | kubernetes=10.240.0.22 | ubuntu-16.04 |
| d52281ba-0a76-4abf-addb-cd56c79d3f1d | worker1 | ACTIVE | kubernetes=10.240.0.21 | ubuntu-16.04 |
| f44c0c77-9810-4cf4-977e-45dafbe87074 | worker0 | ACTIVE | kubernetes=10.240.0.20 | ubuntu-16.04 |
| 96e690b4-e8cb-4733-aa1d-5262106181a2 | controller2 | ACTIVE | kubernetes=10.240.0.12 | ubuntu-16.04 |
| d69f09c1-00e5-465a-831c-446206461d28 | controller1 | ACTIVE | kubernetes=10.240.0.11 | ubuntu-16.04 |
| 80fc744c-d20e-4f24-9b10-c8a26ffbade3 | controller0 | ACTIVE | kubernetes=10.240.0.10, 169.45.x.x | ubuntu-16.04 |
+--------------------------------------+-----------------+-----------+----------------------------------------+---------------------+
````
> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
To make our Kubernetes control plane remotely accessible, a Floating IP address will be assigned to one of the Kubernetes controllers. You can also assign floating IPs to all the nodes. In this example we're going to assign an IP to controller0 and use that to access the remailing nodes.
## Networking
Create a Kubernetes network:
```
openstack network create kubernetes
```
Create a subnet for the Kubernetes cluster:
```
openstack subnet create --network kubernetes \
--subnet-range 10.240.0.0/24 kubernetes
```
Create a router for the network:
```
openstack router create kubernetes
```
Attach the network to the router:
```
openstack router add subnet kubernetes kubernetes
```
Attack the router to the external network:
```
neutron router-gateway-set kubernetes external
```
### Firewall Rules
First, create a security group:
```
openstack security group create kubernetes
```
```
openstack security group rule create \
--ingress \
--protocol icmp \
--src-ip 0.0.0.0/0 \
kubernetes
```
```
openstack security group rule create \
--ingress --src-group kubernetes --protocol udp kubernetes
```
```
openstack security group rule create \
--ingress --src-group kubernetes --protocol tcp kubernetes
```
```
openstack security group rule create \
--ingress \
--protocol tcp \
--dst-port 3389 \
--src-ip 0.0.0.0/0 \
kubernetes
```
```
openstack security group rule create \
--ingress \
--protocol tcp \
--dst-port 22 \
--src-ip 0.0.0.0/0 \
kubernetes
```
```
openstack security group rule create \
--ingress \
--protocol tcp \
--dst-port 6443 \
--src-ip 0.0.0.0/0 \
kubernetes
```
```
openstack security group rule list kubernetes
```
```
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| 110fc25a-6cc7-409f-9b8f-40be05884203 | None | None | | None |
| 2327d33b-e497-4006-87e3-7991810b1686 | udp | None | | 6f6399ef-b69b-49cb-9f97-8fcad96715bf |
| 2dfe89ce-c167-4f75-89df-a7bc3007336d | icmp | 0.0.0.0/0 | | None |
| 2e175bd1-f885-41de-97af-0787be7fba9e | tcp | 0.0.0.0/0 | 3389:3389 | None |
| 39eaea13-92f5-438b-929c-d7585c84e4b2 | tcp | 0.0.0.0/0 | 22:22 | None |
| 5acea256-84b0-420d-923f-f257fe4e7319 | tcp | 0.0.0.0/0 | 6443:6443 | None |
| b6bc42d0-9f3f-4dcf-a5b1-7196968320d3 | tcp | None | | 6f6399ef-b69b-49cb-9f97-8fcad96715bf |
| d1038338-bf4b-4f25-8c29-a104d74c2803 | None | None | | None |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
```
## Provision Virtual Machines
All the VMs in this lab will be provisioned using Ubuntu 16.04 mainly because it runs a newish Linux Kernel that has good support for Docker.
### Virtual Machines
#### Kubernetes Controllers
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.10 \
controller0
```
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.11 \
controller1
```
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.12 \
controller2
```
#### Kubernetes Workers
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.20 \
worker0
```
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.21 \
worker1
```
```
openstack server create --image ubuntu-16.04 --flavor m1.small \
--security-group kubernetes --key-name tbritten \
--nic net-id=1f9ce4ba-2203-4dc2-b411-c0b35ac588c8,v4-fixed-ip=10.240.0.22 \
worker2
```
### Kubernetes Public Address
Attached a floating IP to the controller0 to allow for remote access:
```
openstack server add floating ip controller0 169.45.x.x
```
Reference in New Issue View Git Blame Copy Permalink