kubernetes-the-hard-way/docs/01-infrastructure-gcp.md

255 lines
7.0 KiB
Markdown

# Cloud Infrastructure Provisioning - Google Cloud Platform
This lab will walk you through provisioning the compute instances required for running a H/A Kubernetes cluster. A total of 9 virtual machines will be created.
If you are following this guide using the GCP free trial you may run into the following error:
```
ERROR: (gcloud.compute.instances.create) Some requests did not succeed:
- Quota 'CPUS' exceeded. Limit: 8.0
```
This means you'll only be able to create 8 machines until you upgrade your account. In that case skip the provisioning of the `worker2` node to avoid hitting the CPUS qouta.
After completing this guide you should have the following compute instances:
```
gcloud compute instances list
```
````
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
controller0 us-central1-f n1-standard-1 10.240.0.20 XXX.XXX.XXX.XXX RUNNING
controller1 us-central1-f n1-standard-1 10.240.0.21 XXX.XXX.XXX.XXX RUNNING
controller2 us-central1-f n1-standard-1 10.240.0.22 XXX.XXX.XXX.XXX RUNNING
etcd0 us-central1-f n1-standard-1 10.240.0.10 XXX.XXX.XXX.XXX RUNNING
etcd1 us-central1-f n1-standard-1 10.240.0.11 XXX.XXX.XXX.XXX RUNNING
etcd2 us-central1-f n1-standard-1 10.240.0.12 XXX.XXX.XXX.XXX RUNNING
worker0 us-central1-f n1-standard-1 10.240.0.30 XXX.XXX.XXX.XXX RUNNING
worker1 us-central1-f n1-standard-1 10.240.0.31 XXX.XXX.XXX.XXX RUNNING
worker2 us-central1-f n1-standard-1 10.240.0.32 XXX.XXX.XXX.XXX RUNNING
````
> All machines will be provisioned with fixed private IP addresses to simplify the bootstrap process.
To make our Kubernetes control plane remotely accessible, a public IP address will be provisioned and assigned to a Load Balancer that will sit in front of the 3 Kubernetes controllers.
## Networking
```
gcloud compute networks create kubernetes --mode custom
```
```
NAME MODE IPV4_RANGE GATEWAY_IPV4
kubernetes custom
```
Create a subnet for the Kubernetes cluster:
```
gcloud compute networks subnets create kubernetes \
--network kubernetes \
--range 10.240.0.0/24 \
--region us-central1
```
```
NAME REGION NETWORK RANGE
kubernetes us-central1 kubernetes 10.240.0.0/24
```
### Firewall Rules
```
gcloud compute firewall-rules create kubernetes-allow-icmp \
--allow icmp \
--network kubernetes \
--source-ranges 0.0.0.0/0
```
```
gcloud compute firewall-rules create kubernetes-allow-internal \
--allow tcp:0-65535,udp:0-65535,icmp \
--network kubernetes \
--source-ranges 10.240.0.0/24
```
```
gcloud compute firewall-rules create kubernetes-allow-rdp \
--allow tcp:3389 \
--network kubernetes \
--source-ranges 0.0.0.0/0
```
```
gcloud compute firewall-rules create kubernetes-allow-ssh \
--allow tcp:22 \
--network kubernetes \
--source-ranges 0.0.0.0/0
```
```
gcloud compute firewall-rules create kubernetes-allow-healthz \
--allow tcp:8080 \
--network kubernetes \
--source-ranges 130.211.0.0/22
```
```
gcloud compute firewall-rules create kubernetes-allow-api-server \
--allow tcp:6443 \
--network kubernetes \
--source-ranges 0.0.0.0/0
```
```
gcloud compute firewall-rules list --filter "network=kubernetes"
```
```
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
kubernetes-allow-api-server kubernetes 0.0.0.0/0 tcp:6443
kubernetes-allow-healthz kubernetes 130.211.0.0/22 tcp:8080
kubernetes-allow-icmp kubernetes 0.0.0.0/0 icmp
kubernetes-allow-internal kubernetes 10.240.0.0/24 tcp:0-65535,udp:0-65535,icmp
kubernetes-allow-rdp kubernetes 0.0.0.0/0 tcp:3389
kubernetes-allow-ssh kubernetes 0.0.0.0/0 tcp:22
```
### Kubernetes Public Address
Create a public IP address that will be used by remote clients to connect to the Kubernetes control plane:
```
gcloud compute addresses create kubernetes
```
```
gcloud compute addresses list kubernetes
```
```
NAME REGION ADDRESS STATUS
kubernetes us-central1 XXX.XXX.XXX.XXX RESERVED
```
## Provision Virtual Machines
All the VMs in this lab will be provisioned using Ubuntu 16.04 mainly because it runs a newish Linux Kernel that has good support for Docker.
### Virtual Machines
To avoid specifying the zone for each VM, you may wish to specify a default zone.
```
gcloud config set compute/zone us-central1-a
```
#### etcd
```
gcloud compute instances create etcd0 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.10 \
--subnet kubernetes
```
```
gcloud compute instances create etcd1 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.11 \
--subnet kubernetes
```
```
gcloud compute instances create etcd2 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.12 \
--subnet kubernetes
```
#### Kubernetes Controllers
```
gcloud compute instances create controller0 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.20 \
--subnet kubernetes
```
```
gcloud compute instances create controller1 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.21 \
--subnet kubernetes
```
```
gcloud compute instances create controller2 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.22 \
--subnet kubernetes
```
#### Kubernetes Workers
```
gcloud compute instances create worker0 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.30 \
--subnet kubernetes
```
```
gcloud compute instances create worker1 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.31 \
--subnet kubernetes
```
If you are using the GCP free trial which limits your account to 8 nodes, skip the creation of `worker2` to avoid hitting the CPUS qouta.
```
gcloud compute instances create worker2 \
--boot-disk-size 200GB \
--can-ip-forward \
--image ubuntu-1604-xenial-v20160627 \
--image-project ubuntu-os-cloud \
--machine-type n1-standard-1 \
--private-network-ip 10.240.0.32 \
--subnet kubernetes
```