Commit 53191858 authored by Dmytro Bogatov's avatar Dmytro Bogatov 💕

Fixed cluster setup.

parent af2e4200
# Setup Manager
* Follow [this](https://typhoon.psdn.io/digital-ocean/) to create a working Kubernetes cluster.
* [Create docker pull secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
```
kubectl create secret docker-registry regsecret --docker-server=registry.dbogatov.org --docker-username=dbogatov --docker-password=TOKEN --docker-email=dmytro@dbogatov.org
```
* Use [this](https://typhoon.psdn.io/addons/prometheus/) to set up Prometheus-Graphana.
* Use [this](https://github.com/kubernetes/dashboard/wiki/Creating-sample-user) to get dashboard token.
* Use [infra/script.sh](./infra/script.sh) to complete setup.
#!/usr/bin/env bash
set -e
shopt -s globstar
# Ensure that the CWD is set to script's location
cd "${0%/*}"
CWD=$(pwd)
# Initiate cluster
echo "Initializing cluster on DigitalOcean"
cd $CWD/terraform/clusters/
terraform destroy -auto-approve
terraform init
terraform apply -auto-approve
# Add SWAP to master
echo "Adding SWAP file to the master"
cd $CWD
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo mkdir -p /var/vm"
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo fallocate -l 2048m /var/vm/swapfile1"
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo chmod 600 /var/vm/swapfile1"
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo mkswap /var/vm/swapfile1"
cat >var-vm-swapfile1.swap <<EOL
[Unit]
Description=Turn on swapcd clu
[Swap]
What=/var/vm/swapfile1
[Install]
WantedBy=multi-user.target
EOL
scp var-vm-swapfile1.swap core@dolores.digital-ocean.dbogatov.org:/home/core
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo mv var-vm-swapfile1.swap /etc/systemd/system/"
ssh -o "StrictHostKeyChecking no" core@dolores.digital-ocean.dbogatov.org "sudo systemctl enable --now var-vm-swapfile1.swap"
rm var-vm-swapfile1.swap
# Deploy addons
echo "Deploying addons"
cd $CWD/terraform
echo "Deploying dashboard"
kubectl apply -R -f addons/dashboard/
sleep 5
echo "Deploying cluo"
kubectl apply -R -f addons/cluo/
sleep 5
echo "Deploying prometheus"
kubectl apply -R -f addons/prometheus/ || true
kubectl apply -R -f addons/prometheus/
sleep 5
echo "Deploying graphana"
kubectl apply -R -f addons/grafana/
sleep 5
echo "Deploying heapster"
kubectl apply -R -f addons/heapster/
sleep 5
echo "Deploying NGINX Ingress"
kubectl apply -R -f addons/nginx-ingress/digital-ocean/ || true
kubectl apply -R -f addons/nginx-ingress/digital-ocean/
sleep 5
echo "Done!"
# cd ..
# kubectl apply -f services/namespace.yaml
# kubectl apply -R -f services/
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Configuration to deploy release version of the Dashboard UI compatible with
# Kubernetes 1.8.
#
# Example usage: kubectl create -f <this_file>
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.2
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
name: kubernetes-dashboard
phase: prod
spec:
containers:
- name: kubernetes-dashboard
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.1
ports:
- name: http
containerPort: 9090
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
spec:
type: ClusterIP
selector:
name: kubernetes-dashboard
phase: prod
ports:
- name: http
protocol: TCP
port: 80
targetPort: 9090
......@@ -24,7 +24,6 @@ spec:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-backend
- --ingress-class=public
- --default-ssl-certificate=$(POD_NAMESPACE)/tls-certificate
# use downward API
env:
- name: POD_NAME
......
module "digital-ocean-nemo" {
module "digital-ocean-dolores" {
source = "git::https://github.com/poseidon/typhoon//digital-ocean/container-linux/kubernetes"
providers = {
......@@ -12,14 +12,14 @@ module "digital-ocean-nemo" {
region = "nyc3"
dns_zone = "digital-ocean.dbogatov.org"
cluster_name = "nemo"
cluster_name = "dolores"
image = "coreos-stable"
controller_count = 1
controller_type = "s-1vcpu-1gb"
worker_count = 1
worker_count = 2
worker_type = "s-1vcpu-2gb"
ssh_fingerprints = ["df:a9:7f:e1:e5:e8:c7:3e:2c:c3:a9:ac:7c:bd:e7:a6"]
# output assets dir
asset_dir = "/Users/dbogatov/.secrets/clusters/nemo"
asset_dir = "/Users/dbogatov/.secrets/clusters/dolores"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment