...
Code Block |
---|
|
$ openstack server list -c Name -c Networks
+---------------------------------------------+---------------------------------------------------------------------------+
| Name | Networks |
+---------------------------------------------+---------------------------------------------------------------------------+
| swarm-cluster-aq5dpyxwpte5-node-1 | default=2605:fd00:4:1000:f816:3eff:feb5:293d, 10.1.2.187 |
| swarm-cluster-aq5dpyxwpte5-node-0 | default=2605:fd00:4:1000:f816:3eff:fe09:ca6a, 10.1.2.188 |
| swarm-cluster-aq5dpyxwpte5-node-2 | default=2605:fd00:4:1000:f816:3eff:fe15:8882, 10.1.2.185 |
| swarm-cluster-aq5dpyxwpte5-primary-master-0 | default=2605:fd00:4:1000:f816:3eff:fe2a:b323, 10.1.2.184, 162.246.156.5 | |
Note either the Floating IP (162.246.156.5 in the example above) or the IPv6 address of the Master node. Then do:
Code Block |
---|
|
$ export DOCKER_HOST=tcp://162.246.156.5:2375 |
After that, you now have access to a fully functional Docker Swarm cluster:
Code Block |
---|
|
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
jqm3pmupwxlcdy4bodp3ak7n2 swarm-cluster-aq5dpyxwpte5-node-0.novalocal Ready Active 1.13.1
qseo32fewgiprqqxmf9otg7mb swarm-cluster-aq5dpyxwpte5-node-1.novalocal Ready Active 1.13.1
vegmr4raoiyq4j5upkvy9o6pi swarm-cluster-aq5dpyxwpte5-node-2.novalocal Ready Active 1.13.1
zpgho4soqk3qk74dbrny3r4es * swarm-cluster-aq5dpyxwpte5-primary-master-0.novalocal Ready Active Leader 1.13.1
$ docker run hello-world
Unable to find image 'hello-world:latest' locally
Trying to pull repository docker.io/library/hello-world ...
sha256:3e1764d0f546ceac4565547df2ac4907fe46f007ea229fd7ef2718514bcec35d: Pulling from docker.io/library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:3e1764d0f546ceac4565547df2ac4907fe46f007ea229fd7ef2718514bcec35d
Status: Downloaded newer image for docker.io/hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a375d7b710d8 hello-world "/hello" 25 seconds ago Exited (0) 23 seconds ago confident_kirch |
Creating a Kubernetes Cluster
First, install kubectl if it isn't already installed.
On the Rapid Access Cloud Dashboard
Coming Soon.
On the Command-Line
Make sure you have the OpenStack command-line tools installed.
Next, install the python-magnumclient
package:
Code Block |
---|
|
# On Linux
$ sudo pip install python-magnumclient
# On Mac
$ pip install --user python-magnumclient |
Next, choose a Cluster Template. You can view the available templates by doing:
Code Block |
---|
|
$ source /path/to/your/rc/file
$ openstack coe cluster template list
+--------------------------------------+-----------------------+
| uuid | name |
+--------------------------------------+-----------------------+
| e27d8d86-b051-4a8d-98cf-b8cd6afa7df4 | k8s-ipv6-medium |
| 258b877b-8256-4612-ba2c-1cde512570c8 | k8s-ipv6-large |
| d397c572-b93b-47ed-8ea0-d824ea90cea9 | k8s-ipv6-xlarge |
| 6b1af9f0-c073-464b-9552-eb233ab993b2 | k8s-floating-medium |
| 1e1d58d7-e6b1-4922-a44b-790cc2cc5b66 | k8s-floating-large |
| fd52ee79-c7a7-43d9-b3a6-fe4080ad7143 | k8s-floating-xlarge |
+--------------------------------------+-----------------------+ |
Next, create a cluster:
Code Block |
---|
|
$ openstack coe cluster create kubernetes-cluster --cluster-template swarm-floating-medium --master-count 1 --node-count 3 --keypair mykey --docker-volume-size=10
Request to create cluster 54b4d4e5-1952-415b-b2ac-af0cfcdb9af2 accepted |
There are a few things to note about this command:
- The above command will create a cluster of 4 total nodes: 1 master and 3 workers. All will be
m1.medium
instances. - Clusters only support a single master at this time, so you always need to use
--master-count 1
. --keypair
must be an existing Key Pair.--docker-volume-size
is required. The example above will have 4 volumes of 10 gigabytes created. One volume will be attached to each node of your cluster.
Note |
---|
You must make sure you have the appropriate quota available to create a cluster. In the above example, you would need to be able to create the following: - 1 x Floating IP
- 4 x m1.medium instances
- 4 x volumes
- 40gb block storage
The above possible to do with the Rapid Access Cloud's default quota and no existing resources running. |
You can watch the status of the cluster creation by taking the printed UUID and doing:
Code Block |
---|
|
$ openstack coe cluster show 54b4d4e5-1952-415b-b2ac-af0cfcdb9af2
+---------------------+------------------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------------------+
| status | CREATE_IN_PROGRESS |
| cluster_template_id | 6b1af9f0-c073-464b-9552-eb233ab993b2 |
| node_addresses | [] |
| uuid | 54b4d4e5-1952-415b-b2ac-af0cfcdb9af2 |
| stack_id | dae1f0c4-6118-4ef2-9aab-80a5b6958ef6 |
| status_reason | None |
| created_at | 2018-07-11T05:56:38+00:00 |
| updated_at | 2018-07-11T05:56:54+00:00 |
| coe_version | None |
| labels | {u'cert_manager_api': u'true'} |
| faults | |
| keypair | cybera |
| api_address | None |
| master_addresses | [] |
| create_timeout | 60 |
| node_count | 2 |
| discovery_url | https://discovery.etcd.io/56688682e6f32db3f45bfc6b2b82d1a1 |
| master_count | 1 |
| container_version | None |
| name | kubernetes-cluster |
| master_flavor_id | m1.medium |
| flavor_id | m1.medium |
+---------------------+------------------------------------------------------------+ |
Note |
---|
Wait until the status reads CREATE_COMPLETE before proceeding to the next step. |
Next, download the COE authentication information:
Code Block |
---|
|
$ mkdir kubernetes-cluster
$ $(openstack coe cluster config kubernetes-cluster --dir kubernetes-cluster) |
The above command will generate a Kubernetes configuration file and install the SSL certificates for your cluster to the kubernetes-cluster
directory.
By default, the configuration file is set to communicate with the Kubernetes cluster by its private IP address. Private IPs are not accessible unless you use the RAC VPN. Alternatively, you can change the configuration file to use the Floating IP or IPv6 address of your master node. To do this, do the following:
Code Block |
---|
|
$ openstack server list -c Name -c Networks
+---------------------------------------------+---------------------------------------------------------------------------+
| Name | Networks |
+---------------------------------------------+---------------------------------------------------------------------------+
| kubernetes-cluster-brs4edkzdppp-minion-1 | default=2605:fd00:4:1000:f816:3eff:fe8f:a992, 10.1.2.251 |
| kubernetes-cluster-brs4edkzdppp-minion-0 | default=2605:fd00:4:1000:f816:3eff:fe2e:546d, 10.1.2.250 |
| kubernetes-cluster-brs4edkzdppp-master-0 | default=2605:fd00:4:1000:f816:3eff:fe46:f51c, 10.1.2.249, 162.246.156.70 | |
Note either the Floating IP (162.246.156.5 in the example above) or the IPv6 address of the Master node. Then edit the configuration file found under kubernetes-cluster/config
and find the line that starts with server
. Change this line to read:
Code Block |
---|
|
server: https://162.246.156.70:6443 |
After that, you now have access to a fully functional Kubernetes cluster:
Code Block |
---|
$ kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
coredns-5864cfd79d-86wgm 1/1 Running 0 12m
heapster-68b976dd7-fkckb 1/1 Running 0 12m
kubernetes-dashboard-846b8b6844-5p54j 1/1 Running 0 12m
$ kubectl run nginx --image=nginx --replicas=5
deployment.apps/nginx created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-8586cf59-2g4bp 1/1 Running 0 30s
nginx-8586cf59-cw4x2 1/1 Running 0 30s
nginx-8586cf59-gnz6m 1/1 Running 0 30s
nginx-8586cf59-hr7x4 1/1 Running 0 30s
nginx-8586cf59-mhcv5 1/1 Running 0 30s |
Security Groups
By default, your COE cluster has a very strict security group configured. This is to prevent security incident mishaps such as accidentally publishing ElasticSearch, MongoDB, or similar services. When you want to make a service publicly accessible, edit your cluster's security group. You can see the group by doing the following:
Code Block |
---|
$ openstack security group list | grep cluster
| c22cd9ba-6098-42b9-8a36-ff00b48924b4 | swarm-cluster-aq5dpyxwpte5-secgroup_swarm_manager-rzqnqkkw4mfd |
| ee5d6145-373e-42bf-9b5d-57372f8f20a3 | swarm-cluster-aq5dpyxwpte5-secgroup_swarm_node-iyghtvtxxg3l | |
And then adding a rule to the "manager" group using either the command-line or dashboard.
Using Swarm
General documentation on Docker Swarm can be found here: https://docs.docker.com/engine/swarm/
As a quick demo of Swarm's capabilities, let's deploy a Consul cluster.
Note |
---|
This is only for demo purposes and should not be used in any production capacity |
First, create a file called consul.yaml
with the following contents:
Code Block |
---|
|
version: "3"
networks:
consul:
driver: overlay
services:
seed:
image: consul:latest
networks:
- consul
deploy:
mode: global
placement:
constraints:
- node.role == manager
environment:
- "CONSUL_LOCAL_CONFIG={\"disable_update_check\": true}"
- "CONSUL_BIND_INTERFACE=eth0"
entrypoint:
- consul
- agent
- -server
- -bootstrap-expect=3
- -data-dir=/tmp/consuldata
- -bind={{ GetInterfaceIP "eth0" }}
consul-node:
image: consul:latest
networks:
- consul
depends_on:
- seed
deploy:
replicas: 3
placement:
constraints:
- node.role != manager
environment:
- "CONSUL_LOCAL_CONFIG={\"disable_update_check\": true}"
- "CONSUL_BIND_INTERFACE=eth0"
- "CONSUL_HTTP_ADDR=0.0.0.0"
entrypoint:
- consul
- agent
- -server
- -data-dir=/tmp/consuldata
- -bind={{ GetInterfaceIP "eth0" }}
- -client=0.0.0.0
- -retry-join=seed:8301
- -ui
ports:
- "8500:8500"
- "8600:8600" |
Next, deploy the cluster. This assumes you have set the appropriate environment variables described in the above "Creating a Swarm Cluster" instructions.
Code Block |
---|
$ docker stack deploy -c consul.yaml
Creating network consul_consul
Creating service consul_consul-node
Creating service consul_seed |
You can see the status of the cluster by doing:
Code Block |
---|
$ docker service list
ID NAME MODE REPLICAS IMAGE PORTS
1q2qkzitxqp6 consul_consul-node replicated 3/3 consul:latest *:8500->8500/tcp, *:8600->8600/tcp
oxuoch7c5nex consul_seed global 1/1 consul:latest |
Once all of the replicas are running, the cluster has finished building. Next, wait until the nodes have joined each other. You can view the status by reading the logs:
Code Block |
---|
$ docker service logs consul_seed
...
2018/07/23 16:23:29 [INFO] consul: member '7b8eee98fcaf' joined, marking health alive
2018/07/23 16:23:29 [INFO] consul: member '434de12113d3' joined, marking health alive
2018/07/23 16:23:29 [INFO] consul: member '70a8bf94d84a' joined, marking health alive
... |
Finally, try using the Consul cluster. You need to make sure you add Port 8500 to your security group as mentioned in the "Security Group" section above.
Code Block |
---|
$ curl -X PUT -d "Hello World!" http://<floating ip or ipv6>:8500/v1/kv/hello
true
$ curl http://<floating ip or ipv6>:8500/v1/kv/hello
[{"LockIndex":0,"Key":"hello","Flags":0,"Value":"SGVsbG8gV29ybGQh","CreateIndex":43,"ModifyIndex":43}]
$ curl http://<floating ip or ipv6>:8500/v1/kv/hello?raw
Hello World! |
When finished, you can easily tear down the cluster:
Code Block |
---|
$ docker stack rm consul
Removing service consul_consul-node
Removing service consul_seed
Removing network consul_consul |