├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── docs ├── assets │ ├── os-detector.gif │ └── ui-install.gif ├── aws.md ├── cncf_conformance.md ├── existing_cluster.md ├── exposing_kubernetes_api.md └── gcp.md ├── examples ├── README.md └── os-detector │ ├── cassandra-cql.json │ ├── cassandra.json │ ├── os-detector.md │ └── os-detector.yaml ├── resources ├── desired_cluster_profile.aws.tfvars ├── desired_cluster_profile.gcp.tfvars ├── kubeapi-proxy.json ├── main.aws.tf ├── main.gcp.tf ├── options-ha.json ├── options.json ├── outputs.tf ├── variables.aws.tf └── variables.gcp.tf └── scripts ├── get_cli └── poll_api.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .id_key 3 | .master_ip 4 | .master_lb_ip 5 | 6 | # cli 7 | dcos 8 | kubectl 9 | 10 | # terraform 11 | .deploy 12 | .terraform 13 | /*.tf 14 | /*.tf.disabled 15 | *.tfstate 16 | *.tfstate.backup 17 | terraform.tfvars 18 | .terraform.tfstate.lock.info 19 | modules/ 20 | desired_cluster_profile.tfvars.example 21 | desired_cluster_profile 22 | 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright 2016 Mesosphere 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | RM := rm -f 3 | SSH_USER := core 4 | TERRAFORM_INSTALLER_URL := github.com/dcos/terraform-dcos 5 | DCOS_CLI_VERSION := 1.12 6 | CUSTOM_DCOS_DOWNLOAD_PATH := https://downloads.dcos.io/dcos/stable/1.12.3/dcos_generate_config.sh 7 | KUBERNETES_VERSION ?= 1.16.9 8 | KUBERNETES_FRAMEWORK_VERSION ?= 2.5.0-1.16.9 9 | KUBERNETES_STUB_URL ?= 10 | KUBERNETES_CLUSTER_STUB_URL ?= 11 | # PATH_TO_PACKAGE_OPTIONS holds the path to the package options file to be used 12 | # when installing DC/OS Kubernetes. 13 | PATH_TO_PACKAGE_OPTIONS ?= "$(PWD)/.deploy/options.json" 14 | 15 | # Set PATH (locally) to include local dir for locally downloaded binaries. 16 | FAKEPATH := "$(PWD):$(PATH)" 17 | 18 | # Get the path to relevant binaries. 19 | DCOS_CMD := $(shell PATH=$(FAKEPATH) command -v dcos 2> /dev/null) 20 | KUBECTL_CMD := $(shell PATH=$(FAKEPATH) command -v kubectl 2> /dev/null) 21 | TERRAFORM_CMD := $(shell PATH=$(FAKEPATH) command -v terraform 2> /dev/null) 22 | TERRAFORM_APPLY_ARGS ?= 23 | TERRAFORM_DESTROY_ARGS ?= 24 | 25 | UNAME := $(shell uname -s) 26 | ifeq ($(UNAME),Linux) 27 | OPEN := xdg-open 28 | else 29 | OPEN := open 30 | endif 31 | 32 | # Define a new line character to use in error strings. 33 | define n 34 | 35 | 36 | endef 37 | 38 | .PHONY: get-cli 39 | get-cli: 40 | $(eval export DCOS_CLI_VERSION) 41 | $(eval export KUBERNETES_VERSION) 42 | scripts/get_cli 43 | 44 | .PHONY: check-cli 45 | check-cli: check-terraform check-dcos check-kubectl 46 | 47 | .PHONY: check-terraform 48 | check-terraform: 49 | ifndef TERRAFORM_CMD 50 | $(error "$n$nNo terraform command in $(FAKEPATH).$n$nPlease install via 'brew install terraform' on MacOS, or download from https://www.terraform.io/downloads.html.$n$n") 51 | endif 52 | 53 | .PHONY: check-dcos 54 | check-dcos: 55 | ifndef DCOS_CMD 56 | $(error "$n$nNo dcos command in $(FAKEPATH).$n$nPlease run 'make get-cli' to download required binaries.$n$n") 57 | endif 58 | 59 | .PHONY: check-kubectl 60 | check-kubectl: 61 | ifndef KUBECTL_CMD 62 | $(error "$n$nNo kubectl command in $(FAKEPATH).$n$nPlease run 'make get-cli' to download required binaries.$n$n") 63 | endif 64 | 65 | .PHONY: gcp aws 66 | gcp aws: clean check-terraform 67 | mkdir -p .deploy && \ 68 | cd .deploy && \ 69 | cp ../resources/main.$@.tf main.tf && \ 70 | cp ../resources/variables.$@.tf variables.tf && \ 71 | $(TERRAFORM_CMD) init && \ 72 | cp ../resources/desired_cluster_profile.$@.tfvars terraform.tfvars && \ 73 | cp ../resources/options.json . && \ 74 | cp ../resources/outputs.tf . && \ 75 | cp ../resources/kubeapi-proxy.json . 76 | 77 | .PHONY: get-master-lb-ip 78 | get-master-lb-ip: check-terraform 79 | $(call get_master_lb_ip) 80 | @echo $(MASTER_LB_IP) 81 | 82 | define get_master_lb_ip 83 | $(eval MASTER_LB_IP := $(shell $(TERRAFORM_CMD) output -state=.deploy/terraform.tfstate "cluster-address")) 84 | endef 85 | 86 | .PHONY: get-public-agent-ip 87 | get-public-agent-ip: check-terraform 88 | $(call get_public_agent_ip) 89 | @echo $(PUBLIC_AGENT_IP) 90 | 91 | define get_public_agent_ip 92 | $(eval PUBLIC_AGENT_IP := $(shell $(TERRAFORM_CMD) output -state=.deploy/terraform.tfstate "public-agents-loadbalancer")) 93 | endef 94 | 95 | .PHONY: plan-dcos 96 | plan-dcos: check-terraform 97 | @cd .deploy; \ 98 | $(TERRAFORM_CMD) plan 99 | 100 | .PHONY: launch-dcos 101 | launch-dcos: check-terraform 102 | @cd .deploy; \ 103 | $(TERRAFORM_CMD) apply $(TERRAFORM_APPLY_ARGS) 104 | 105 | .PHONY: plan 106 | plan: plan-dcos 107 | 108 | .PHONY: deploy 109 | deploy: check-cli launch-dcos setup-cli install 110 | 111 | .PHONY: setup-cli 112 | setup-cli: check-dcos 113 | $(call get_master_lb_ip) 114 | for i in {1..20}; do $(DCOS_CMD) cluster setup https://$(MASTER_LB_IP) --insecure && break || (sleep 3) ; done 115 | @scripts/poll_api.sh "DC/OS Master" $(MASTER_LB_IP) 443 116 | 117 | .PHONY: ui 118 | ui: 119 | $(call get_master_lb_ip) 120 | $(OPEN) https://$(MASTER_LB_IP) 121 | 122 | .PHONY: install 123 | install: check-dcos add-stubs 124 | @echo "Installing Mesosphere Kubernetes Engine..." 125 | $(DCOS_CMD) package install --yes kubernetes --package-version="$(KUBERNETES_FRAMEWORK_VERSION)" 126 | @echo "Waiting for Mesosphere Kubernetes Engine to be up..." 127 | @while [[ ! $$($(DCOS_CMD) kubernetes manager plan show deploy 2> /dev/null | head -n1 | grep COMPLETE ) ]]; do \ 128 | sleep 1; \ 129 | done 130 | @echo "Creating a Kubernetes cluster..." 131 | $(DCOS_CMD) kubernetes cluster create --yes --options="$(PATH_TO_PACKAGE_OPTIONS)" --package-version="$(KUBERNETES_FRAMEWORK_VERSION)" 132 | 133 | .PHONY: add-stubs 134 | add-stubs: 135 | ifdef KUBERNETES_STUB_URL 136 | @echo "Adding 'kubernetes' stub" 137 | $(DCOS_CMD) package repo add --index=0 kubernetes-aws "$(KUBERNETES_STUB_URL)" 138 | endif 139 | ifdef KUBERNETES_CLUSTER_STUB_URL 140 | @echo "Adding 'kubernetes-cluster' stub" 141 | $(DCOS_CMD) package repo add --index=0 kubernetes-cluster-aws "$(KUBERNETES_CLUSTER_STUB_URL)" 142 | endif 143 | 144 | .PHONY: marathon-lb 145 | marathon-lb: 146 | $(DCOS_CMD) package install --yes marathon-lb 147 | @sleep 30 148 | $(DCOS_CMD) marathon app add "$(PWD)/.deploy/kubeapi-proxy.json" 149 | 150 | .PHONY: watch-kubernetes-cluster 151 | watch-kubernetes-cluster: 152 | watch dcos kubernetes cluster debug --cluster-name=dev/kubernetes01 plan show deploy 153 | 154 | .PHONY: watch-kubernetes 155 | watch-kubernetes: 156 | watch dcos kubernetes manager plan show deploy 157 | 158 | .PHONY: kubeconfig 159 | kubeconfig: 160 | $(call get_public_agent_ip) 161 | $(DCOS_CMD) kubernetes cluster kubeconfig --cluster-name dev/kubernetes01 --apiserver-url https://$(PUBLIC_AGENT_IP):6443 --context-name devkubernetes01 --insecure-skip-tls-verify 162 | @scripts/poll_api.sh "Kubernetes API" $(PUBLIC_AGENT_IP) 6443 163 | 164 | .PHONY: upgrade-infra 165 | upgrade-infra: launch-dcos 166 | 167 | .PHONY: uninstall 168 | uninstall: check-dcos 169 | $(DCOS_CMD) marathon app remove kubeapi-proxy 170 | $(DCOS_CMD) package uninstall marathon-lb --yes 171 | $(DCOS_CMD) kubernetes cluster delete --cluster-name dev/kubernetes01 --yes 172 | for i in {1..8}; do ! $(DCOS_CMD) marathon app list --json | jq '.[].id' | grep '/dev/kubernetes01' >/dev/null && break || (echo "Kubernetes Cluster is still uninstalling. Retrying in 15 seconds..." && sleep 15) ; done 173 | $(DCOS_CMD) package uninstall kubernetes --yes 174 | for i in {1..8}; do ! $(DCOS_CMD) marathon app list --json | jq '.[].id' | grep '/kubernetes' >/dev/null && break || (echo "Mesosphere Kubernetes Engine is still uninstalling. Retrying in 15 seconds..." && sleep 15) ; done 175 | ifdef KUBERNETES_STUB_URL 176 | @echo "Removing 'kubernetes' stub" 177 | $(DCOS_CMD) package repo remove kubernetes-aws 178 | endif 179 | ifdef KUBERNETES_CLUSTER_STUB_URL 180 | @echo "Removing 'kubernetes-cluster' stub" 181 | $(DCOS_CMD) package repo remove kubernetes-cluster-aws 182 | endif 183 | 184 | .PHONY: destroy 185 | destroy: check-terraform 186 | cd .deploy; \ 187 | $(TERRAFORM_CMD) destroy $(TERRAFORM_DESTROY_ARGS) 188 | 189 | .PHONY: clean 190 | clean: 191 | $(RM) -r .deploy dcos kubectl 192 | 193 | .PHONY: kubectl-tunnel 194 | kubectl-tunnel: 195 | $(KUBECTL_CMD) config set-cluster dcos-k8s --server=http://localhost:9000 196 | $(KUBECTL_CMD) config set-context dcos-k8s --cluster=dcos-k8s --namespace=default 197 | $(KUBECTL_CMD) config use-context dcos-k8s 198 | $(call get_public_agent_ip) 199 | ssh -4 -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -o "ServerAliveInterval=120" \ 200 | -N -L 9000:apiserver-insecure.devkubernetes01.l4lb.thisdcos.directory:9000 \ 201 | $(SSH_USER)@$(PUBLIC_AGENT_IP) 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes on DC/OS 2 | 3 | Kubernetes is now available as a DC/OS package to quickly, and reliably run Kubernetes clusters on Mesosphere DC/OS. 4 | 5 | ![](docs/assets/ui-install.gif) 6 | 7 | **NOTE:** The latest `dcos-kubernetes-quickstart` doesn't support any Kubernetes framework version before `2.0.0-1.12.1`. The reason is that now creating Kubernetes clusters requires the installation of the [Mesosphere Kubernetes Engine](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/overview/#cluster-manager). 8 | 9 | ## Known limitations 10 | 11 | Before proceeding, please check the [current package limitations](https://docs.mesosphere.com/service-docs/kubernetes/2.5.0-1.16.9/limitations/). 12 | 13 | ## Pre-Requisites 14 | 15 | Check the requirements for running this quickstart: 16 | 17 | * Linux or MacOS 18 | * [Terraform 0.11.x](https://www.terraform.io/downloads.html). On MacOS, you can install with [brew](https://brew.sh/): 19 | ```bash 20 | $ brew install terraform 21 | ``` 22 | * [Google Cloud](docs/gcp.md) or [AWS](docs/aws.md) account with enough permissions to provide the 23 | needed infrastructure 24 | 25 | ## Quickstart 26 | 27 | Once the pre-requisites are met, clone this repo: 28 | 29 | ```bash 30 | $ git clone git@github.com:mesosphere/dcos-kubernetes-quickstart.git && cd dcos-kubernetes-quickstart 31 | ``` 32 | 33 | ### Prepare infrastructure configuration 34 | 35 | **This quickstart defaults to Google Cloud** 36 | 37 | First, make sure you have have followed the [Google Cloud setup instructions](docs/gcp.md). 38 | 39 | Then, start by generating the default infrastructure configuration: 40 | 41 | ```bash 42 | $ make gcp 43 | ``` 44 | 45 | This will output sane defaults to `.deploy/terraform.tfvars`. 46 | Now, edit said file and set your `gcp_project` and the `ssh_public_key_file` 47 | (the SSH public key you will use to log-in into your new VMs later). 48 | 49 | **WARNING:** Please, do not set a smaller instance (VM) type on the risk of failing to 50 | install Kubernetes. 51 | 52 | ``` 53 | cluster_name = "dcos-kubernetes" 54 | cluster_name_random_string = true 55 | 56 | dcos_version = "1.12.3" 57 | 58 | num_of_masters = "1" 59 | num_of_private_agents = "4" 60 | num_of_public_agents = "1" 61 | 62 | bootstrap_instance_type = "n1-standard-1" 63 | master_instance_type = "n1-standard-8" 64 | private_agent_instance_type = "n1-standard-8" 65 | public_agent_instance_type = "n1-standard-8" 66 | 67 | # admin_ips = "0.0.0.0/0" # uncomment to access master from any IP 68 | 69 | gcp_project = "YOUR_GCP_PROJECT" 70 | gcp_region = "us-central1" 71 | ssh_public_key_file = "/PATH/YOUR_GCP_SSH_PUBLIC_KEY.pub" 72 | # 73 | # If you want to use GCP service account key instead of GCP SDK 74 | # uncomment the line below and update it with the path to the key file 75 | # gcp_credentials = "/PATH/YOUR_GCP_SERVICE_ACCOUNT_KEY.json" 76 | # 77 | ``` 78 | 79 | **NOTE:** The current release of the DC/OS GCP Terraform module also requires the `GOOGLE_PROJECT` 80 | and `GOOGLE_REGION` environment variables to be set. Please set them with appropriates values for 81 | your deployment: 82 | 83 | ``` 84 | $ export GOOGLE_PROJECT="YOUR_GCP_PROJECT" 85 | $ export GOOGLE_REGION="us-central1" 86 | ``` 87 | 88 | ### Kubernetes configuration 89 | 90 | #### RBAC 91 | 92 | **NOTE:** This `quickstart` will provision a Kubernetes cluster with `RBAC` support. 93 | 94 | To deploy a cluster with RBAC disabled [RBAC](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/operations/authn-and-authz/#rbac) update `.deploy/options.json`: 95 | 96 | ``` 97 | { 98 | "service": { 99 | "name": "dev/kubernetes01" 100 | }, 101 | "kubernetes": { 102 | "authorization_mode": "AlwaysAllow" 103 | } 104 | } 105 | ``` 106 | 107 | If you want to give users access to the Kubernetes API check [documentation](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/operations/authn-and-authz/#giving-users-access-to-the-kubernetes-api). 108 | 109 | **NOTE:** The authorization mode for a cluster must be chosen when installing the package. Changing the authorization mode after installing the package is not supported. 110 | 111 | #### HA Cluster 112 | 113 | **NOTE:** By default, it will provision a Kubernetes cluster with one (1) worker node, and 114 | a single instance of every control plane component. 115 | 116 | To deploy a **highly-available** cluster with three (3) private Kubernetes nodes update `.deploy/options.json`: 117 | 118 | ``` 119 | { 120 | "service": { 121 | "name": "dev/kubernetes01" 122 | }, 123 | "kubernetes": { 124 | "high_availability": true, 125 | "private_node_count": 3 126 | } 127 | } 128 | ``` 129 | 130 | ### Download command-line tools 131 | 132 | If you haven't already, please download DC/OS client, `dcos` and Kubernetes 133 | client, `kubectl`: 134 | 135 | ```bash 136 | $ make get-cli 137 | ``` 138 | 139 | The `dcos` and `kubectl` binaries will be downloaded to the current workdir. 140 | It's up to you to decided whether or not to copy or move them to another path, 141 | e.g. a path included in `PATH`. 142 | 143 | ### Install 144 | 145 | You are now ready to provision the DC/OS cluster and install the Kubernetes package: 146 | 147 | ```bash 148 | $ make deploy 149 | ``` 150 | 151 | Terraform will now try and provision the infrastructure on your chosen cloud 152 | provider, and then proceed to install DC/OS. 153 | 154 | When DC/OS is up and running, the Kubernetes package installation will take place. 155 | 156 | Wait until all tasks are running before trying to access the Kubernetes API. 157 | 158 | You can watch the progress what was deployed so far with: 159 | 160 | ```bash 161 | $ make watch-kubernetes-cluster 162 | ``` 163 | 164 | Below is an example of how it looks like when the install ran successfully: 165 | 166 | ``` 167 | Using Kubernetes cluster: dev/kubernetes01 168 | deploy (serial strategy) (COMPLETE) 169 | etcd (serial strategy) (COMPLETE) 170 | etcd-0:[peer] (COMPLETE) 171 | control-plane (dependency strategy) (COMPLETE) 172 | kube-control-plane-0:[instance] (COMPLETE) 173 | mandatory-addons (serial strategy) (COMPLETE) 174 | mandatory-addons-0:[instance] (COMPLETE) 175 | node (dependency strategy) (COMPLETE) 176 | kube-node-0:[kubelet] (COMPLETE) 177 | public-node (dependency strategy) (COMPLETE) 178 | ``` 179 | 180 | You can access DC/OS Dashboard and check Kubernetes package tasks under Services: 181 | 182 | ```bash 183 | $ make ui 184 | ``` 185 | 186 | ### Exposing the Kubernetes API 187 | 188 | Check the [exposing Kubernetes API doc](docs/exposing_kubernetes_api.md) to understand how 189 | the Kubernetes API gets exposed. 190 | To actually expose the Kubernetes API for the new Kubernetes cluster using Marathon-LB, run: 191 | 192 | ```bash 193 | $ make marathon-lb 194 | ``` 195 | 196 | **NOTE:** If you have changed in `.deploy/terraform.tfvars` file the number of 197 | `num_of_public_agents` to more than `1`, please scale `marathon-lb` service to the same number, 198 | so you can access Kubernetes API from any DC/OS public agent. 199 | 200 | ### Accessing the Kubernetes API 201 | 202 | In order to access the Kubernetes API from outside the DC/OS cluster, one needs 203 | to configure `kubectl`, the Kubernetes CLI tool: 204 | 205 | ```bash 206 | $ make kubeconfig 207 | ``` 208 | 209 | Let's test accessing the Kubernetes API and list the Kubernetes cluster nodes: 210 | 211 | ```bash 212 | $ ./kubectl --context devkubernetes01 get nodes 213 | NAME STATUS ROLES AGE VERSION 214 | kube-control-plane-0-instance.devkubernetes01.mesos Ready master 5m18s v1.16.9 215 | kube-node-0-kubelet.devkubernetes01.mesos Ready 2m58s v1.16.9 216 | ``` 217 | 218 | And now, let's check how the system Kubernetes pods are doing: 219 | 220 | ```bash 221 | $ ./kubectl --context devkubernetes01 -n kube-system get pods 222 | NAME READY STATUS RESTARTS AGE 223 | calico-node-s9828 2/2 Running 0 3m21s 224 | calico-node-zc8qw 2/2 Running 0 3m38s 225 | coredns-6c7669957f-rvz85 1/1 Running 0 3m38s 226 | kube-apiserver-kube-control-plane-0-instance.devkubernetes01.mesos 1/1 Running 0 4m43s 227 | kube-controller-manager-kube-control-plane-0-instance.devkubernetes01.mesos 1/1 Running 0 4m42s 228 | kube-proxy-kube-control-plane-0-instance.devkubernetes01.mesos 1/1 Running 0 4m48s 229 | kube-proxy-kube-node-0-kubelet.devkubernetes01.mesos 1/1 Running 0 3m21s 230 | kube-scheduler-kube-control-plane-0-instance.devkubernetes01.mesos 1/1 Running 0 4m26s 231 | kubernetes-dashboard-5cbf45898-nkjsm 1/1 Running 0 3m37s 232 | local-dns-dispatcher-kube-node-0-kubelet.devkubernetes01.mesos 1/1 Running 0 3m21s 233 | metrics-server-594576c7d8-cb4pj 1/1 Running 0 3m35s 234 | ``` 235 | 236 | ### Accessing the Kubernetes Dashboard 237 | 238 | You will be able to access the Kubernetes Dashboard by running: 239 | 240 | ```bash 241 | $ kubectl --context devkubernetes01 proxy 242 | ``` 243 | 244 | Then pointing your browser at: 245 | 246 | ``` 247 | http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 248 | ``` 249 | 250 | Please note that you will have to sign-in into the [Kubernetes Dashboard](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/operations/kubernetes-dashboard/#login-view-and-authorization) before being able to perform any action. 251 | 252 | ## Uninstall Kubernetes 253 | 254 | To uninstall the DC/OS Kubernetes package while leaving your DC/OS cluster up, 255 | run: 256 | 257 | ```bash 258 | $ make uninstall 259 | ``` 260 | 261 | **NOTE:** This will only uninstall Kubernetes. Make sure you destroy your DC/OS 262 | cluster using the instructions below when you finish testing, or otherwise you 263 | will need to delete all cloud resources manually! 264 | 265 | ## Destroy cluster 266 | 267 | To destroy the whole deployment: 268 | 269 | ```bash 270 | $ make destroy 271 | ``` 272 | 273 | Last, clean generated resources: 274 | ```bash 275 | $ make clean 276 | ``` 277 | 278 | ## Documentation 279 | 280 | For more details, please see the [docs folder](docs) and as well check the official [service docs](https://docs.mesosphere.com/service-docs/kubernetes/2.5.0-1.16.9) 281 | 282 | ## Community 283 | Get help and connect with other users on the [mailing list](https://groups.google.com/a/dcos.io/forum/#!forum/kubernetes) or on DC/OS community [Slack](http://chat.dcos.io/) in the #kubernetes channel. 284 | -------------------------------------------------------------------------------- /docs/assets/os-detector.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d2iq-archive/dcos-kubernetes-quickstart/cc5d592c2a9d941f5feaa3220e0b4f23338c113f/docs/assets/os-detector.gif -------------------------------------------------------------------------------- /docs/assets/ui-install.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/d2iq-archive/dcos-kubernetes-quickstart/cc5d592c2a9d941f5feaa3220e0b4f23338c113f/docs/assets/ui-install.gif -------------------------------------------------------------------------------- /docs/aws.md: -------------------------------------------------------------------------------- 1 | # AWS 2 | 3 | **WARNING:** When running this quickstart, you might experience some issues 4 | with cloud resource limits. Please, verify your [quotas](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) 5 | before proceeding. 6 | 7 | ## Install AWS CLI 8 | 9 | Make sure to have previously installed [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/installing.html). 10 | 11 | ## Setup access 12 | 13 | First, you will need to [retrieve your AWS credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). 14 | The default location is `$HOME/.aws/credentials` on Linux and OS X, or `"%USERPROFILE%\.aws\credentials"` for Windows users. 15 | 16 | Before proceeding, we recommend you create a file with your AWS credentials, 17 | exposed as (the commonly) recognized environment variables, so you can [`source`](http://tldp.org/HOWTO/Bash-Prompt-HOWTO/x237.html) 18 | it later, in between shell sessions: 19 | 20 | ```bash 21 | $ cat << EOF > ~/.aws/my_credentials 22 | export AWS_ACCESS_KEY_ID= 23 | export AWS_SECRET_ACCESS_KEY= 24 | EOF 25 | ``` 26 | 27 | Last, set-up SSH keys as detailed in [the official documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws). 28 | 29 | Don't forget to add your new SSH private key to your session: 30 | 31 | ```bash 32 | $ ssh-add ~/.ssh/path_to_your_new_key.pem 33 | ``` 34 | 35 | ## Prepare infrastructure configuration 36 | 37 | Make sure Terraform knows where to find your AWS credentials: 38 | 39 | ```bash 40 | $ source ~/.aws/my_credentials 41 | ``` 42 | 43 | Now, let's generate the default infrastructure configuration: 44 | 45 | ```bash 46 | $ make aws 47 | ``` 48 | 49 | This will output sane defaults to `.deploy/terraform.tfvars`. 50 | Now, edit said file and set `ssh_public_key_file`, the public SSH key you will use to 51 | log-in into your new VMs later. 52 | 53 | **WARNING:** Please, do not set a smaller instance (VM) type on the risk of 54 | failing to install Kubernetes. 55 | 56 | ``` 57 | cluster_name = "dcos-kubernetes" 58 | cluster_name_random_string = true 59 | 60 | dcos_version = "1.12.3" 61 | dcos_security = "strict" # valid values are strict, permissive, disabled 62 | 63 | num_of_masters = "1" 64 | num_of_private_agents = "4" 65 | num_of_public_agents = "1" 66 | 67 | instance_os = "centos_7.5" 68 | bootstrap_instance_type = "m5.large" 69 | master_instance_type = "m5.2xlarge" 70 | private_agent_instance_type = "m5.2xlarge" 71 | public_agent_instance_type = "m5.2xlarge" 72 | 73 | aws_region = "us-west-2" 74 | # ssh_public_key_file = "" 75 | # aws_key_name = "default" # uncomment to use an already defined AWS key 76 | # admin_ips = "0.0.0.0/0" # uncomment to access master from any IP 77 | 78 | ``` 79 | 80 | ### Kubernetes configuration 81 | 82 | #### Highly Available cluster 83 | 84 | **NOTE:** By default, it will provision a Kubernetes cluster with one (1) worker node, and 85 | a single instance of every control plane component. 86 | 87 | To deploy a **highly-available** cluster with three (3) private Kubernetes nodes update `.deploy/options.json`: 88 | 89 | ``` 90 | { 91 | "service": { 92 | "name": "dev/kubernetes01" 93 | }, 94 | "kubernetes": { 95 | "high_availability": true, 96 | "private_node_count": 3 97 | } 98 | } 99 | ``` 100 | 101 | Let's continue with [Kubernetes cluster configuration](../README.md#kubernetes-configuration). 102 | -------------------------------------------------------------------------------- /docs/cncf_conformance.md: -------------------------------------------------------------------------------- 1 | # CNCF Conformance 2 | 3 | ## Prerequisites 4 | 5 | The following prerequisites apply to follow these instructions. You will need: 6 | 7 | * A Linux or MacOS machine with 8 | [Terraform 0.11.x](https://www.terraform.io/downloads.html) installed. 9 | * A [Google Cloud](gcp.md), or [AWS](aws.md) account with enough permissions to provide the needed 10 | infrastructure 11 | 12 | ## Preparation 13 | 14 | **NOTE:** These instructions are targeted at a 15 | [Google Cloud Platform](gcp.md) deployment. To deploy in [AWS](aws.md), 16 | please run `make aws` instead of 17 | `make gcp` in the step below, and edit the resulting file accordingly. 18 | 19 | **NOTE:** To install `dcos-kubernetes` in an existing cluster, please follow 20 | [these instructions](existing_cluster.md). 21 | 22 | First, clone this repository: 23 | 24 | ```shell 25 | $ git clone git@github.com:mesosphere/dcos-kubernetes-quickstart.git 26 | $ cd dcos-kubernetes-quickstart 27 | ``` 28 | 29 | Then generate the default infrastructure configuration: 30 | 31 | ```shell 32 | $ make gcp 33 | ``` 34 | 35 | This will output sane defaults to `.deploy/terraform.tfvars`. Now, edit 36 | said file and set the `gcp_project` and the `ssh_public_key_file` variables. 37 | Please, do not set a smaller instance (VM) type on the risk of failing to 38 | install Kubernetes. In the end, the `.deploy/terraform.tfvars` file 39 | should look something like this: 40 | 41 | ``` 42 | cluster_name = "dcos-kubernetes" 43 | cluster_name_random_string = true 44 | 45 | dcos_version = "1.12.3" 46 | 47 | num_of_masters = "1" 48 | num_of_private_agents = "4" 49 | num_of_public_agents = "1" 50 | 51 | bootstrap_instance_type = "n1-standard-1" 52 | master_instance_type = "n1-standard-8" 53 | private_agent_instance_type = "n1-standard-8" 54 | public_agent_instance_type = "n1-standard-8" 55 | 56 | # admin_ips = "0.0.0.0/0" # uncomment to access master from any IP 57 | 58 | gcp_project = "YOUR_GCP_PROJECT" 59 | gcp_region = "us-central1" 60 | ssh_public_key_file = "/PATH/YOUR_GCP_SSH_PUBLIC_KEY.pub" 61 | # 62 | # If you want to use GCP service account key instead of GCP SDK 63 | # uncomment the line below and update it with the path to the key file 64 | # gcp_credentials = "/PATH/YOUR_GCP_SERVICE_ACCOUNT_KEY.json" 65 | # 66 | ``` 67 | 68 | Now, launch the DC/OS cluster by running: 69 | 70 | ```shell 71 | $ KUBERNETES_VERSION=1.16.9 make get-cli launch-dcos setup-cli 72 | ``` 73 | 74 | This command will: 75 | 76 | 1. Download the `dcos` CLI and `kubectl` to your machine. 77 | 1. Provision the necessary infrastructure in GCP and install DC/OS. 78 | 1. Setup the `dcos` CLI to access the newly created DC/OS cluster. 79 | 80 | As part of the last step, your browser will open and ask you to login with 81 | a Google, GitHub or Microsoft account. Choose an option and copy the resulting 82 | OpenID token to the shell where you ran the above mentioned command. 83 | 84 | ## Installing Mesosphere Kubernetes Engine 85 | 86 | To install Mesosphere Kuberentes Engine and create a Kubernetes cluster in the newly created DC/OS cluster run: 87 | 88 | ```shell 89 | $ KUBERNETES_FRAMEWORK_VERSION=2.5.0-1.16.9 \ 90 | PATH_TO_PACKAGE_OPTIONS=./resources/options-ha.json make install 91 | ``` 92 | 93 | Wait until all tasks are running before proceeding. 94 | You can track installation progress as follows: 95 | 96 | ```shell 97 | $ make watch-kubernetes-cluster 98 | ``` 99 | 100 | When installation is successful you will see the following output: 101 | 102 | ``` 103 | Using Kubernetes cluster: dev/kubernetes01 104 | deploy (serial strategy) (COMPLETE) 105 | etcd (serial strategy) (COMPLETE) 106 | etcd-0:[peer] (COMPLETE) 107 | etcd-1:[peer] (COMPLETE) 108 | etcd-2:[peer] (COMPLETE) 109 | control-plane (dependency strategy) (COMPLETE) 110 | kube-control-plane-0:[instance] (COMPLETE) 111 | kube-control-plane-1:[instance] (COMPLETE) 112 | kube-control-plane-2:[instance] (COMPLETE) 113 | mandatory-addons (serial strategy) (COMPLETE) 114 | mandatory-addons-0:[instance] (COMPLETE) 115 | node (dependency strategy) (COMPLETE) 116 | kube-node-0:[kubelet] (COMPLETE) 117 | kube-node-1:[kubelet] (COMPLETE) 118 | kube-node-2:[kubelet] (COMPLETE) 119 | public-node (dependency strategy) (COMPLETE) 120 | ``` 121 | 122 | When all tasks are in state `COMPLETE`, press `Ctrl-C` to terminate the `watch` 123 | process and proceed to access your Kubernetes cluster. 124 | 125 | ## Accessing the Kubernetes API 126 | 127 | In order to access the Kubernetes API from outside the DC/OS cluster, we must 128 | first be able to access it. This can be achieved by running the following 129 | command: 130 | 131 | ```shell 132 | $ make marathon-lb kubeconfig 133 | ``` 134 | 135 | This command will expose the Kubernetes API for our newly created Kubernetes cluster, and configure `kubectl` to access said Kubernetes cluster. 136 | Let's try and list this cluster's nodes: 137 | 138 | ```shell 139 | $ ./kubectl --context devkubernetes01 get nodes 140 | NAME STATUS ROLES AGE VERSION 141 | kube-control-plane-0-instance.devkubernetes01.mesos Ready master 5m18s v1.16.9 142 | kube-control-plane-1-instance.devkubernetes01.mesos Ready master 5m12s v1.16.9 143 | kube-control-plane-2-instance.devkubernetes01.mesos Ready master 5m11s v1.16.9 144 | kube-node-0-kubelet.devkubernetes01.mesos Ready 2m58s v1.16.9 145 | kube-node-1-kubelet.devkubernetes01.mesos Ready 2m42s v1.16.9 146 | kube-node-2-kubelet.devkubernetes01.mesos Ready 2m39s v1.16.9 147 | ``` 148 | 149 | If the output is similar to what is shown above, you're good to go and run the 150 | conformance test suite. 151 | 152 | ## Running the test suite 153 | 154 | To run the test suite and grab the results, follow the 155 | [official instructions](https://github.com/cncf/k8s-conformance/blob/master/instructions.md). 156 | 157 | ## Destroy the infrastructure 158 | 159 | In order to delete the DC/OS cluster created above, run: 160 | 161 | ```shell 162 | $ make destroy 163 | ``` 164 | -------------------------------------------------------------------------------- /docs/existing_cluster.md: -------------------------------------------------------------------------------- 1 | # Existing Cluster 2 | 3 | If you already have a DC/OS 1.11+ cluster, Kubernetes is publicly available in the Catalog. 4 | 5 | Before proceeding, make sure your cluster fulfils the [Kubernetes package default requirements](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/getting-started/install-basic/#prerequisites). 6 | 7 | Then, install is as easy as: 8 | 9 | ```shell 10 | $ dcos package install kubernetes 11 | ``` 12 | 13 | ## Kubernetes configuration 14 | 15 | **NOTE:** By default, it will provision a Kubernetes cluster with one (1) private worker node, and 16 | a single instance of every control plane component. 17 | 18 | To deploy a **highly-available** cluster with three (3) private and one (1) public workers node update, run: 19 | 20 | ```shell 21 | $ dcos package install --options=./resources/options-ha.json kubernetes 22 | ``` 23 | -------------------------------------------------------------------------------- /docs/exposing_kubernetes_api.md: -------------------------------------------------------------------------------- 1 | # Exposing the Kubernetes API 2 | 3 | DC/OS Kubernetes doesn’t automatically expose the Kubernetes API outside of the DC/OS cluster. 4 | It can be achieved using Marathon-LB and dummy marathon application. 5 | 6 | ## Using Marathon-LB instance 7 | 8 | Marathon-LB instance and dummy `kubeapi-proxy` marathon application get installed as part of Kubernetes 9 | framework install. This allows to expose Kubernetes API via DC/OS public agent IP. 10 | 11 | The dummy Marathon application `kubeapi-proxy` definition: 12 | 13 | ```json 14 | { 15 | "id": "/kubeapi-proxy", 16 | "instances": 1, 17 | "cpus": 0.001, 18 | "mem": 16, 19 | "cmd": "tail -F /dev/null", 20 | "container": { 21 | "type": "MESOS" 22 | }, 23 | "portDefinitions": [ 24 | { 25 | "protocol": "tcp", 26 | "port": 0 27 | } 28 | ], 29 | "labels": { 30 | "HAPROXY_GROUP": "external", 31 | "HAPROXY_0_MODE": "http", 32 | "HAPROXY_0_PORT": "6443", 33 | "HAPROXY_0_SSL_CERT": "/etc/ssl/cert.pem", 34 | "HAPROXY_0_BACKEND_SERVER_OPTIONS": " timeout connect 10s\n timeout client 86400s\n timeout server 86400s\n timeout tunnel 86400s\n server kube-apiserver apiserver.devkubernetes01.l4lb.thisdcos.directory:6443 ssl verify none\n" 35 | } 36 | } 37 | ``` 38 | 39 | Here is how this works: 40 | 1. Marathon-LB identifies that the application `kubeapi-proxy` has the `HAPROXY_GROUP` label set to `external` (change this if you're using a different `HAPROXY_GROUP` for your Marathon-LB configuration). 41 | 1. The `instances`, `cpus`, `mem`, `cmd`, and `container` fields basically create a dummy container that takes up minimal space and performs no operation. 42 | 1. The single port indicates that this application has one "port" (this information is used by Marathon-LB) 43 | 1. `"HAPROXY_0_MODE": "http"` indicates to Marathon-LB that the frontend and backend configuration for this particular service should be configured with `http`. 44 | 1. `"HAPROXY_0_PORT": "6443"` tells Marathon-LB to expose the service on port 6443 (rather than the randomly-generated service port, which is ignored) 45 | 1. `"HAPROXY_0_SSL_CERT": "/etc/ssl/cert.pem"` tells Marathon-LB to expose the service with the self-signed Marathon-LB certificate (which has **no CN**) 46 | 1. The last label `HAPROXY_0_BACKEND_SERVER_OPTIONS` indicates that Marathon-LB should forward traffic to the endpoint `apiserver.kubernetes.l4lb.thisdcos.directory:6443` rather than to the dummy application, and that the connection should be made using TLS without verification. 47 | 48 | For more options of exposing Kubernetes API, please check the [documentation](https://docs.mesosphere.com/services/kubernetes/2.5.0-1.16.9/operations/exposing-the-kubernetes-api/). 49 | -------------------------------------------------------------------------------- /docs/gcp.md: -------------------------------------------------------------------------------- 1 | # Google Cloud 2 | 3 | **WARNING**: When running this quickstart, you might experience some issues 4 | with cloud resource limits. Please, verify your [quotas](https://cloud.google.com/compute/quotas) 5 | before proceeding. 6 | 7 | ## Install Google Cloud SDK 8 | 9 | Make sure to have previously installed [Google Cloud SDK](https://cloud.google.com/sdk/downloads). 10 | 11 | ### Setup access 12 | 13 | First, you need to retrieve the credentials needed for Terraform to manage your 14 | Google Cloud resources: 15 | 16 | ```bash 17 | $ gcloud auth login 18 | $ gcloud auth application-default login 19 | ``` 20 | 21 | ## Google Cloud Service Account 22 | 23 | If you want to use GCP Service Account key instead of GCP SDK, uncomment the line as shown below in `desired_cluster_profile` and update it with the path to the ssh key file: 24 | 25 | ``` 26 | ... 27 | gcp_credentials_key_file = "/PATH/YOUR_GCP_SERVICE_ACCOUNT_KEY.json" 28 | ... 29 | 30 | ``` 31 | 32 | ## Setup SSH key 33 | 34 | Next, you need to setup SSH as per [official GCP documentation](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys) if you setup Google Cloud SDK or Google Cloud Service Account. 35 | 36 | Add the SSH private key: 37 | 38 | ```bash 39 | $ ssh-add ~/.ssh/google_compute_engine 40 | ``` 41 | 42 | Later, you will be asked to add the SSH public key to the Terraform cluster profile. 43 | 44 | ## Infrastructure configuration 45 | 46 | Let's move on to [infrastructure configuration](../README.md#prepare-infrastructure-configuration). 47 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | 3 | A collection of examples to run Kubernetes workloads on DC/OS. 4 | 5 | * [OS Detector](os-detector/os-detector.md) -------------------------------------------------------------------------------- /examples/os-detector/cassandra-cql.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "/cassandra-cql", 3 | "instances": 1, 4 | "portDefinitions": [], 5 | "container": { 6 | "type": "MESOS", 7 | "volumes": [], 8 | "docker": { 9 | "image": "cassandra:3.0.13" 10 | } 11 | }, 12 | "cpus": 0.1, 13 | "mem": 256, 14 | "requirePorts": false, 15 | "networks": [], 16 | "healthChecks": [], 17 | "fetch": [], 18 | "constraints": [], 19 | "cmd": "while true; do sleep 1000000; done" 20 | } 21 | -------------------------------------------------------------------------------- /examples/os-detector/cassandra.json: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "count": 3, 4 | "seeds": 2 5 | } 6 | } -------------------------------------------------------------------------------- /examples/os-detector/os-detector.md: -------------------------------------------------------------------------------- 1 | # Kubernetes + Cassandra 2 | 3 | This sample application will walk through 4 | 5 | * Deploying a Cassandra cluster on DC/OS 6 | * Deploying a web application on Kubernetes, that reads/writes data in Cassandra, over the DC/OS network 7 | 8 | ## Pre-Requisites 9 | 10 | * A DC/OS 1.11+ cluster, with at least 4 private nodes 11 | * Kubernetes running on DC/OS 12 | * [Configured kubectl](https://github.com/mesosphere/dcos-kubernetes-quickstart#installing-kubectl) 13 | 14 | ## OS Detector 15 | 16 | We are going to deploy a web application that counts the number of operating systems that visit the site. First, deploy a 3 node Cassandra cluster onto DC/OS. 17 | 18 | ``` 19 | # TODO: CHANGE THE NAME ONCE THE NEW SDK PACKAGE GOES LIVE 20 | dcos package install cassandra 21 | ``` 22 | 23 | We need to set up the Cassandra keyspace and table so let's start the `csql` terminal. 24 | Deploy the following marathon app definition (e.g., using `dcos marathon app add https://raw.githubusercontent.com/mesosphere/dcos-kubernetes-quickstart/master/examples/os-detector/cassandra-cql.json`). 25 | 26 | ```json 27 | { 28 | "id": "/cassandra-cql", 29 | "instances": 1, 30 | "portDefinitions": [], 31 | "container": { 32 | "type": "MESOS", 33 | "volumes": [], 34 | "docker": { 35 | "image": "cassandra:3.0.13" 36 | } 37 | }, 38 | "cpus": 0.1, 39 | "mem": 256, 40 | "requirePorts": false, 41 | "networks": [], 42 | "healthChecks": [], 43 | "fetch": [], 44 | "constraints": [], 45 | "cmd": "while true; do sleep 1000000; done" 46 | } 47 | ``` 48 | 49 | Next, let us connect to that container using the DC/OS CLI and connect to Cassandra: 50 | 51 | ```bash 52 | dcos task exec -it cassandra-cql bash 53 | 54 | cqlsh node-0-server.cassandra.autoip.dcos.thisdcos.directory 55 | ``` 56 | 57 | Once connected to Cassandra, create the keyspace and table 58 | 59 | ``` 60 | CREATE KEYSPACE browsers WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; 61 | 62 | CREATE TABLE browsers.browser_counts ( 63 | counter counter, 64 | os varchar, 65 | PRIMARY KEY (os) 66 | ); 67 | ``` 68 | 69 | Now we are ready to deploy our application via Kubernetes. The example manifest will create a deployment, as well as a `NodePort` service so we can access the application from outside the cluster. 70 | 71 | ``` 72 | kubectl apply -f https://raw.githubusercontent.com/mesosphere/dcos-kubernetes-quickstart/master/examples/os-detector/os-detector.yaml 73 | ``` 74 | 75 | From here, the application is deployed, and available at port `31000` on the nodes which Kubernetes is running. Ensure your firewall is allowing traffic on that port, and you can navigate to your browser to interact with the app. 76 | 77 | ![](../../docs/assets/os-detector.gif) 78 | -------------------------------------------------------------------------------- /examples/os-detector/os-detector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: osdetect 5 | spec: 6 | replicas: 10 7 | template: 8 | metadata: 9 | name: osdetector 10 | labels: 11 | app: osdetector 12 | spec: 13 | containers: 14 | - name: osdetector 15 | image: smugcloud/osdetector:blue 16 | imagePullPolicy: Always 17 | args: ["--cassandra-host", "node.cassandra.l4lb.thisdcos.directory:9042"] 18 | ports: 19 | - containerPort: 8080 20 | --- 21 | 22 | kind: Service 23 | apiVersion: v1 24 | metadata: 25 | name: osdetect 26 | spec: 27 | selector: 28 | app: osdetector 29 | ports: 30 | - protocol: TCP 31 | port: 80 32 | targetPort: 8080 33 | nodePort: 31000 34 | type: NodePort -------------------------------------------------------------------------------- /resources/desired_cluster_profile.aws.tfvars: -------------------------------------------------------------------------------- 1 | cluster_name = "dcos-kubernetes" 2 | cluster_name_random_string = true 3 | 4 | dcos_version = "1.12.3" 5 | dcos_security = "strict" # valid values are strict, permissive, disabled 6 | 7 | num_of_masters = "1" 8 | num_of_private_agents = "4" 9 | num_of_public_agents = "1" 10 | 11 | bootstrap_instance_type = "m5.large" 12 | master_instance_type = "m5.2xlarge" 13 | private_agent_instance_type = "m5.2xlarge" 14 | public_agent_instance_type = "m5.2xlarge" 15 | 16 | aws_region = "us-west-2" 17 | # ssh_public_key_file = "" 18 | # aws_key_name = "default" # uncomment to use an already defined AWS key 19 | # admin_ips = "0.0.0.0/0" # uncomment to access master from any IP 20 | -------------------------------------------------------------------------------- /resources/desired_cluster_profile.gcp.tfvars: -------------------------------------------------------------------------------- 1 | cluster_name = "dcos-kubernetes" 2 | cluster_name_random_string = true 3 | 4 | dcos_version = "1.12.3" 5 | dcos_security = "strict" # valid values are strict, permissive, disabled 6 | 7 | num_of_masters = "1" 8 | num_of_private_agents = "4" 9 | num_of_public_agents = "1" 10 | 11 | bootstrap_instance_type = "n1-standard-1" 12 | master_instance_type = "n1-standard-8" 13 | private_agent_instance_type = "n1-standard-8" 14 | public_agent_instance_type = "n1-standard-8" 15 | 16 | # admin_ips = "0.0.0.0/0" # uncomment to access master from any IP 17 | 18 | gcp_project = "YOUR_GCP_PROJECT" 19 | gcp_region = "us-central1" 20 | ssh_public_key_file = "/PATH/YOUR_GCP_SSH_PUBLIC_KEY.pub" 21 | # 22 | # If you want to use GCP service account key instead of GCP SDK 23 | # uncomment the line below and update it with the path to the key file 24 | # gcp_credentials = "/PATH/YOUR_GCP_SERVICE_ACCOUNT_KEY.json" 25 | # 26 | -------------------------------------------------------------------------------- /resources/kubeapi-proxy.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "/kubeapi-proxy", 3 | "instances": 1, 4 | "cpus": 0.001, 5 | "mem": 16, 6 | "cmd": "tail -F /dev/null", 7 | "container": { 8 | "type": "MESOS" 9 | }, 10 | "portDefinitions": [ 11 | { 12 | "protocol": "tcp", 13 | "port": 0 14 | } 15 | ], 16 | "labels": { 17 | "HAPROXY_0_MODE": "http", 18 | "HAPROXY_GROUP": "external", 19 | "HAPROXY_0_SSL_CERT": "/etc/ssl/cert.pem", 20 | "HAPROXY_0_PORT": "6443", 21 | "HAPROXY_0_BACKEND_SERVER_OPTIONS": " timeout connect 10s\n timeout client 86400s\n timeout server 86400s\n timeout tunnel 86400s\n server kube-apiserver apiserver.devkubernetes01.l4lb.thisdcos.directory:6443 ssl verify none\n" 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /resources/main.aws.tf: -------------------------------------------------------------------------------- 1 | data "http" "whatismyip" { 2 | url = "http://whatismyip.akamai.com/" 3 | } 4 | 5 | locals { 6 | dcos_admin_ips = "${split(" ", var.admin_ips == "" ? "${data.http.whatismyip.body}/32" : var.admin_ips)}" 7 | } 8 | 9 | provider "aws" { 10 | region = "${var.aws_region}" 11 | } 12 | 13 | module "dcos" { 14 | source = "dcos-terraform/dcos/aws" 15 | version = "~> 0.2.0" 16 | 17 | providers = { 18 | aws = "aws" 19 | } 20 | 21 | cluster_name = "${var.cluster_name}" 22 | cluster_name_random_string = "${var.cluster_name_random_string}" 23 | 24 | num_masters = "${var.num_of_masters}" 25 | num_private_agents = "${var.num_of_private_agents}" 26 | num_public_agents = "${var.num_of_public_agents}" 27 | 28 | dcos_version = "${var.dcos_version}" 29 | dcos_variant = "open" 30 | dcos_security = "${var.dcos_security}" 31 | dcos_instance_os = "${var.instance_os}" 32 | 33 | bootstrap_instance_type = "${var.bootstrap_instance_type}" 34 | masters_instance_type = "${var.master_instance_type}" 35 | private_agents_instance_type = "${var.private_agent_instance_type}" 36 | public_agents_instance_type = "${var.public_agent_instance_type}" 37 | 38 | admin_ips = "${local.dcos_admin_ips}" 39 | aws_key_name = "${var.aws_key_name}" 40 | ssh_public_key_file = "${var.ssh_public_key_file}" 41 | 42 | public_agents_additional_ports = ["6443"] 43 | } -------------------------------------------------------------------------------- /resources/main.gcp.tf: -------------------------------------------------------------------------------- 1 | data "http" "whatismyip" { 2 | url = "http://whatismyip.akamai.com/" 3 | } 4 | 5 | locals { 6 | dcos_admin_ips = "${split(" ", var.admin_ips == "" ? "${data.http.whatismyip.body}/32" : var.admin_ips)}" 7 | } 8 | 9 | provider "google" { 10 | version = "~> 1.18.0" 11 | 12 | credentials = "${var.gcp_credentials}" 13 | project = "${var.gcp_project}" 14 | region = "${var.gcp_region}" 15 | zone = "${var.gcp_zone}" 16 | } 17 | 18 | module "dcos" { 19 | source = "dcos-terraform/dcos/gcp" 20 | version = "~> 0.1.0" 21 | 22 | providers = { 23 | google = "google" 24 | } 25 | 26 | cluster_name = "${var.cluster_name}" 27 | cluster_name_random_string = "${var.cluster_name_random_string}" 28 | 29 | num_masters = "${var.num_of_masters}" 30 | num_private_agents = "${var.num_of_private_agents}" 31 | num_public_agents = "${var.num_of_public_agents}" 32 | 33 | dcos_version = "${var.dcos_version}" 34 | dcos_variant = "open" 35 | dcos_security = "${var.dcos_security}" 36 | dcos_instance_os = "${var.instance_os}" 37 | 38 | bootstrap_machine_type = "${var.bootstrap_machine_type}" 39 | masters_machine_type = "${var.master_machine_type}" 40 | private_agents_machine_type = "${var.private_agent_machine_type}" 41 | public_agents_machine_type = "${var.public_agent_machine_type}" 42 | 43 | admin_ips = "${local.dcos_admin_ips}" 44 | ssh_public_key_file = "${var.ssh_public_key_file}" 45 | 46 | public_agents_additional_ports = ["6443"] 47 | 48 | dcos_resolvers = </dev/null 2>&1; do sleep 1; done 12 | else 13 | until curl -o /dev/null -skIf https://${API_IP}:${API_PORT}; do sleep 1; done 14 | fi 15 | echo 16 | --------------------------------------------------------------------------------