richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4236 Commits
29 Branches
81 Tags
146 MiB
Tree: 9155339cf0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9155339cf0'
${ noResults }
kubespray/contrib/terraform/packet/README.md

231 lines
8.3 KiB
Raw Normal View History

Add support for Packet with Terraform (#4043) * Add support for Packet with Terraform Co-Author: johnstudarus <john@jhlconsulting.com> * removed advanced features to streamline * clarifying usage * Update README.md provide a better test to validate things are working OK * Update README.md clarifying what to set * minor wordsmithing * Fix admin cert path * clarifying how to configure keys * enabling kubeconfig_localhost pull over the configuration file via playbooks rather than the key files individually * Create output.tf * Add support for node specific plans
5 years ago
  1. # Kubernetes on Packet with Terraform
  3. Provision a Kubernetes cluster with [Terraform](https://www.terraform.io) on
  4. [Packet](https://www.packet.com).
  6. ## Status
  8. This will install a Kubernetes cluster on Packet bare metal. It should work in all locations and on most server types.
  10. ## Approach
  11. The terraform configuration inspects variables found in
  12. [variables.tf](variables.tf) to create resources in your Packet project.
  13. There is a [python script](../terraform.py) that reads the generated`.tfstate`
  14. file to generate a dynamic inventory that is consumed by [cluster.yml](../../..//cluster.yml)
  15. to actually install Kubernetes with Kubespray.
  17. ### Kubernetes Nodes
  18. You can create many different kubernetes topologies by setting the number of
  19. different classes of hosts.
  20. - Master nodes with etcd: `number_of_k8s_masters` variable
  21. - Master nodes without etcd: `number_of_k8s_masters_no_etcd` variable
  22. - Standalone etcd hosts: `number_of_etcd` variable
  23. - Kubernetes worker nodes: `number_of_k8s_nodes` variable
  25. Note that the Ansible script will report an invalid configuration if you wind up
  26. with an *even number* of etcd instances since that is not a valid configuration. This
  27. restriction includes standalone etcd nodes that are deployed in a cluster along with
  28. master nodes with etcd replicas. As an example, if you have three master nodes with
  29. etcd replicas and three standalone etcd nodes, the script will fail since there are
  30. now six total etcd replicas.
  32. ## Requirements
  34. - [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
  35. - Install dependencies: `sudo pip install -r requirements.txt`
  36. - Account with Packet Host
  37. - An SSH key pair
  39. ## SSH Key Setup
  41. An SSH keypair is required so Ansible can access the newly provisioned nodes (bare metal Packet hosts). By default, the public SSH key defined in cluster.tf will be installed in authorized_key on the newly provisioned nodes (~/.ssh/id_rsa.pub). Terraform will upload this public key and then it will be distributed out to all the nodes. If you have already set this public key in Packet (i.e. via the portal), then set the public keyfile name in cluster.tf to blank to prevent the duplicate key from being uploaded which will cause an error.
  43. If you don't already have a keypair generated (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub), then a new keypair can be generated with the command:
  45. ```ShellSession
  46. ssh-keygen -f ~/.ssh/id_rsa
  47. ```
  49. ## Terraform
  50. Terraform will be used to provision all of the Packet resources with base software as appropriate.
  52. ### Configuration
  54. #### Inventory files
  56. Create an inventory directory for your cluster by copying the existing sample and linking the `hosts` script (used to build the inventory based on Terraform state):
  58. ```ShellSession
  59. $ cp -LRp contrib/terraform/packet/sample-inventory inventory/$CLUSTER
  60. $ cd inventory/$CLUSTER
  61. $ ln -s ../../contrib/terraform/packet/hosts
  62. ```
  64. This will be the base for subsequent Terraform commands.
  66. #### Packet API access
  68. Your Packet API key must be available in the `PACKET_AUTH_TOKEN` environment variable.
  69. This key is typically stored outside of the code repo since it is considered secret.
  70. If someone gets this key, they can startup/shutdown hosts in your project!
  72. For more information on how to generate an API key or find your project ID, please see:
  73. https://support.packet.com/kb/articles/api-integrations
  75. The Packet Project ID associated with the key will be set later in cluster.tf.
  77. For more information about the API, please see:
  78. https://www.packet.com/developers/api/
  80. Example:
  81. ```ShellSession
  82. $ export PACKET_AUTH_TOKEN="Example-API-Token"
  83. ```
  85. Note that to deploy several clusters within the same project you need to use [terraform workspace](https://www.terraform.io/docs/state/workspaces.html#using-workspaces).
  87. #### Cluster variables
  88. The construction of the cluster is driven by values found in
  89. [variables.tf](variables.tf).
  91. For your cluster, edit `inventory/$CLUSTER/cluster.tf`.
  93. The `cluster_name` is used to set a tag on each server deployed as part of this cluster.
  94. This helps when identifying which hosts are associated with each cluster.
  96. While the defaults in variables.tf will successfully deploy a cluster, it is recommended to set the following values:
  98. * cluster_name = the name of the inventory directory created above as $CLUSTER
  99. * packet_project_id = the Packet Project ID associated with the Packet API token above
  101. #### Enable localhost access
  102. Kubespray will pull down a Kubernetes configuration file to access this cluster by enabling the
  103. `kubeconfig_localhost: true` in the Kubespray configuration.
  105. Edit `inventory/$CLUSTER/group_vars/k8s-cluster/k8s-cluster.yml` and comment back in the following line and change from `false` to `true`:
  106. `\# kubeconfig_localhost: false`
  107. becomes:
  108. `kubeconfig_localhost: true`
  110. Once the Kubespray playbooks are run, a Kubernetes configuration file will be written to the local host at `inventory/$CLUSTER/artifacts/admin.conf`
  112. #### Terraform state files
  114. In the cluster's inventory folder, the following files might be created (either by Terraform
  115. or manually), to prevent you from pushing them accidentally they are in a
  116. `.gitignore` file in the `terraform/packet` directory :
  118. * `.terraform`
  119. * `.tfvars`
  120. * `.tfstate`
  121. * `.tfstate.backup`
  123. You can still add them manually if you want to.
  125. ### Initialization
  127. Before Terraform can operate on your cluster you need to install the required
  128. plugins. This is accomplished as follows:
  130. ```ShellSession
  131. $ cd inventory/$CLUSTER
  132. $ terraform init ../../contrib/terraform/packet
  133. ```
  135. This should finish fairly quickly telling you Terraform has successfully initialized and loaded necessary modules.
  137. ### Provisioning cluster
  138. You can apply the Terraform configuration to your cluster with the following command
  139. issued from your cluster's inventory directory (`inventory/$CLUSTER`):
  140. ```ShellSession
  141. $ terraform apply -var-file=cluster.tf ../../contrib/terraform/packet
  142. $ export ANSIBLE_HOST_KEY_CHECKING=False
  143. $ ansible-playbook -i hosts ../../cluster.yml
  144. ```
  146. ### Destroying cluster
  147. You can destroy your new cluster with the following command issued from the cluster's inventory directory:
  149. ```ShellSession
  150. $ terraform destroy -var-file=cluster.tf ../../contrib/terraform/packet
  151. ```
  153. If you've started the Ansible run, it may also be a good idea to do some manual cleanup:
  155. * remove SSH keys from the destroyed cluster from your `~/.ssh/known_hosts` file
  156. * clean up any temporary cache files: `rm /tmp/$CLUSTER-*`
  158. ### Debugging
  159. You can enable debugging output from Terraform by setting `TF_LOG` to `DEBUG` before running the Terraform command.
  161. ## Ansible
  163. ### Node access
  165. #### SSH
  167. Ensure your local ssh-agent is running and your ssh key has been added. This
  168. step is required by the terraform provisioner:
  170. ```
  171. $ eval $(ssh-agent -s)
  172. $ ssh-add ~/.ssh/id_rsa
  173. ```
  175. If you have deployed and destroyed a previous iteration of your cluster, you will need to clear out any stale keys from your SSH "known hosts" file ( `~/.ssh/known_hosts`).
  177. #### Test access
  179. Make sure you can connect to the hosts. Note that Container Linux by CoreOS will have a state `FAILED` due to Python not being present. This is okay, because Python will be installed during bootstrapping, so long as the hosts are not `UNREACHABLE`.
  181. ```
  182. $ ansible -i inventory/$CLUSTER/hosts -m ping all
  183. example-k8s_node-1 | SUCCESS => {
  184. "changed": false,
  185. "ping": "pong"
  186. }
  187. example-etcd-1 | SUCCESS => {
  188. "changed": false,
  189. "ping": "pong"
  190. }
  191. example-k8s-master-1 | SUCCESS => {
  192. "changed": false,
  193. "ping": "pong"
  194. }
  195. ```
  197. If it fails try to connect manually via SSH. It could be something as simple as a stale host key.
  199. ### Deploy Kubernetes
  201. ```
  202. $ ansible-playbook --become -i inventory/$CLUSTER/hosts cluster.yml
  203. ```
  205. This will take some time as there are many tasks to run.
  207. ## Kubernetes
  209. ### Set up kubectl
  211. * [Install kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on the localhost.
  213. * Verify that Kubectl runs correctly
  214. ```
  215. kubectl version
  216. ```
  218. * Verify that the Kubernetes configuration file has been copied over
  219. ```
  220. cat inventory/alpha/$CLUSTER/admin.conf
  221. ```
  223. * Verify that all the nodes are running correctly.
  224. ```
  225. kubectl version
  226. kubectl --kubeconfig=inventory/$CLUSTER/artifacts/admin.conf get nodes
  227. ```
  229. ## What's next
  231. Try out your new Kubernetes cluster with the [Hello Kubernetes service](https://kubernetes.io/docs/tasks/access-application-cluster/service-access-application-cluster/).