Kubernetes is now available as a DC/OS package to quickly, and reliably run Kubernetes clusters on Mesosphere DC/OS.
NOTE: The latest dcos-kubernetes-quickstart
doesn't support any Kubernetes framework version before
1.2.0-1.10.5
due the changes how the Kubernetes API is exposed.
Before proceeding, please check the current package limitations.
First, make sure your cluster fulfils the Kubernetes package default requirements.
Then, check the requirements for running this quickstart:
- Linux or MacOS
- Terraform 0.11.x. On MacOS, you can install with brew:
$ brew install terraform
- Google Cloud, AWS or Azure account with enough permissions to provide the needed infrastructure
Once the pre-requisites are met, clone this repo:
$ git clone [email protected]:mesosphere/dcos-kubernetes-quickstart.git && cd dcos-kubernetes-quickstart
This quickstart defaults to Google Cloud
First, make sure you have have followed the Google Cloud setup instructions.
Then, start by generating the default infrastructure configuration:
$ make gcp
This will output sane defaults to .deploy/desired_cluster_profile
.
Now, edit said file and set your project-id
and the gce_ssh_pub_key_file
(the SSH public key you will use to log-in into your new VMs later).
WARNING: Please, do not set a smaller instance (VM) type on the risk of failing to install Kubernetes.
custom_dcos_download_path = "https://downloads.dcos.io/dcos/stable/1.11.3/dcos_generate_config.sh"
num_of_masters = "1"
num_of_private_agents = "3"
num_of_public_agents = "1"
#
gcp_project = "YOUR_GCP_PROJECT"
gcp_region = "us-central1"
gce_ssh_pub_key_file = "/PATH/YOUR_GCP_SSH_PUBLIC_KEY.pub"
#
gcp_bootstrap_instance_type = "n1-standard-1"
gcp_master_instance_type = "n1-standard-8"
gcp_agent_instance_type = "n1-standard-8"
gcp_public_agent_instance_type = "n1-standard-8"
# Inbound Master Access
admin_cidr = "0.0.0.0/0"
For more advanced scenarios, please check the terraform-dcos documentation for Google Cloud.
NOTE: This quickstart
will provision a Kubernetes cluster without RBAC
support.
To deploy a cluster with enabled RBAC update .deploy/options.json
:
{
"kubernetes": {
"authorization_mode": "RBAC",
"public_node_count": 1
}
}
If you want to give users access to the Kubernetes API check documentation.
NOTE: The authorization mode for a cluster must be chosen when installing the package. Changing the authorization mode after installing the package is not supported.
NOTE: By default, it will provision a Kubernetes cluster with one (1) worker node, and a single instance of every control plane component.
To deploy a highly-available cluster with three (3) private and one (1) public workers node update .deploy/options.json
:
{
"kubernetes": {
"high_availability": true,
"node_count": 3,
"public_node_count": 1
}
}
If you haven't already, please download DC/OS client, dcos
and Kubernetes
client, kubectl
:
$ make get-cli
The dcos
and kubectl
binaries will be downloaded to the current workdir.
It's up to you to decided whether or not to copy or move them to another path,
e.g. a path included in PATH
.
You are now ready to provision the DC/OS cluster and install the Kubernetes package:
$ make deploy
Terraform will now try and provision the infrastructure on your chosen cloud provider, and then proceed to install DC/OS.
When DC/OS is up and running, the Kubernetes package installation will take place.
Wait until all tasks are running before trying to access the Kubernetes API.
You can watch the progress what was deployed so far with:
$ watch dcos kubernetes plan show deploy
Below is an example of how it looks like when the install ran successfully:
deploy (serial strategy) (COMPLETE)
etcd (serial strategy) (COMPLETE)
etcd-0:[peer] (COMPLETE)
apiserver (dependency strategy) (COMPLETE)
kube-apiserver-0:[instance] (COMPLETE)
mandatory-addons (serial strategy) (COMPLETE)
mandatory-addons-0:[additional-cluster-role-bindings] (COMPLETE)
mandatory-addons-0:[kubelet-tls-bootstrapping] (COMPLETE)
mandatory-addons-0:[kube-dns] (COMPLETE)
mandatory-addons-0:[metrics-server] (COMPLETE)
mandatory-addons-0:[dashboard] (COMPLETE)
mandatory-addons-0:[ark] (COMPLETE)
kubernetes-api-proxy (dependency strategy) (COMPLETE)
kubernetes-api-proxy-0:[install] (COMPLETE)
controller-manager (dependency strategy) (COMPLETE)
kube-controller-manager-0:[instance] (COMPLETE)
scheduler (dependency strategy) (COMPLETE)
kube-scheduler-0:[instance] (COMPLETE)
node (dependency strategy) (COMPLETE)
kube-node-0:[kube-proxy, coredns, kubelet] (COMPLETE)
public-node (dependency strategy) (COMPLETE)
kube-node-public-0:[kube-proxy, coredns, kubelet] (COMPLETE)
You can access DC/OS Dashboard and check Kubernetes package tasks under Services:
$ make ui
Check the exposing Kubernetes API doc to understand how the Kubernetes API gets exposed.
NOTE: If you have changed in .deploy/desired_cluster_profile
file the number of
num_of_public_agents
to more than 1
, please scale marathon-lb
service to the same number,
so you can access Kubernetes API from any DC/OS public agent.
In order to access the Kubernetes API from outside the DC/OS cluster, one needs
to configure kubectl
, the Kubernetes CLI tool:
$ make kubeconfig
Let's test accessing the Kubernetes API and list the Kubernetes cluster nodes:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
kube-node-0-kubelet.kubernetes.mesos Ready <none> 3m v1.10.5
kube-node-public-0-kubelet.kubernetes.mesos Ready <none> 2m v1.10.5
You will be able to access the Kubernetes Dashboard by running:
$ kubectl proxy
Then pointing your browser at:
http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/
To uninstall the DC/OS Kubernetes package while leaving your DC/OS cluster up, run:
$ make uninstall
NOTE: This will only uninstall Kubernetes. Make sure you destroy your DC/OS cluster using the instructions below when you finish testing, or otherwise you will need to delete all cloud resources manually!
To destroy the whole deployment:
$ make destroy
Last, clean generated resources:
$ make clean
For more details, please see the docs folder and as well check the official service docs
Get help and connect with other users on the mailing list or on DC/OS community Slack in the #kubernetes channel.
- Automatic, and secure exposure of the Kubernetes API
- Allow multiple Kubernetes nodes per DC/OS agent
- Manage multiple Kubernetes clusters
- DC/OS as the cloud provider - fully integrated with DC/OS authentication, storage (CSI), and load-balancing (Service and Ingress)
- Node Pools - each pool has its own configuration, including placement constraints, taints and tolerations, etc.
- Support network policies