Slim down the step-by-step instructions for the dev setup

33b11eb0 · Frank Berghaus · 4304ec3f · 33b11eb0
Commit 33b11eb0 authored 2 years ago by Frank Berghaus
--- a/step-by-step/README.md
+++ b/step-by-step/README.md
@@ -15,12 +15,13 @@ The resulting cluster is intended to be functionally equivalent to the
 Set the following variables to your preferences:
 ```bash
 EXTERNAL_NETWORK="cloud-public"
-CONTROL_PLANE_FLAVOR="mpcdf.medium.ha"
+CONTROL_PLANE_FLAVOR="mpcdf.medium"
 KEYNAME="___"
 CLUSTER_NAME="________" \
 WORKER_FLAVOR="mpcdf.large"
-NUM_WORKERS=3
+NUM_WORKERS=2
 KUBERNETES_VERSION=1.26
+CLIENT_CIDR="e.g. 130.183.0.0/16"
 ```
 This is meant to ease the use of the instructions below. You can, of course,
 enter values in place of using the variables below.
@@ -56,136 +57,19 @@ the load balancer and (optionally) the SSH  gateway.
 ```sh
 openstack security group create k8s-secgroup
 openstack security group rule create k8s-secgroup \
-    --remote-ip 0.0.0.0/0 \
+    --remote-group k8s-secgroup \
-    --protocol icmp \
+    --description "Allow all internal traffic"
-    --description "Allow all internal ICMP traffic"
+openstack security group create k8s-control-secgroup
-openstack security group rule create k8s-secgroup \
+openstack security group rule create k8s-control-secgroup \
-    --remote-ip 0.0.0.0/0 \
+    --remote-ip $CLIENT_CIDR \
    --protocol tcp \
-    --description "Allow all internal TCP traffic"
+    --dst-port 22 \
-```
+    --description "Allow client SSH traffic"
+openstack security group rule create k8s-control-secgroup \
+    --remote-ip $CLIENT_CIDR \
-### Create control-plane network ports
+    --protocol tcp \
+    --dst-port 6443 \
-These network ports will be attached to the load balancer and the control plane
+    --description "Allow client k8s API traffic"
-nodes. We select the IP addresses to make the rest of the steps easier to
-follow:
-```bash
-openstack port create k8s-control-plane \
-    --network k8s-net \
-    --fixed-ip subnet=k8s-subnet,ip-address=192.168.0.3 \
-    --security-group k8s-secgroup
-openstack port create k8s-control-plane-0 \
-    --network k8s-net \
-    --fixed-ip subnet=k8s-subnet,ip-address=192.168.0.4 \
-    --security-group k8s-secgroup
-openstack port create k8s-control-plane-1 \
-    --network k8s-net \
-    --fixed-ip subnet=k8s-subnet,ip-address=192.168.0.5 \
-    --security-group k8s-secgroup
-openstack port create k8s-control-plane-2 \
-    --network k8s-net \
-    --fixed-ip subnet=k8s-subnet,ip-address=192.168.0.6 \
-    --security-group k8s-secgroup
-```
-### Load balancer and netowrk ports for the control plane
-Start by creating a load balancer:
-```bash
-openstack loadbalancer create \
-    --name k8s-control-plane \
-    --vip-port-id k8s-control-plane
-```
-We have to wait a minute for the load balancer to be provisioned: behind the
-scenes there is a VM hosting an HA proxy being created for you. In the
-meantime, we can assign a floating IP to the load balance, which will make the
-kubernetes API reachable from the outside:
-```bash
-openstack floating ip create "${EXTERNAL_NETWORK}" \
-    --description "${CLUSTER_NAME}" \
-    --port k8s-control-plane
-```
-Remeber this IP addess of the DNS entry for the control plane configuration
-later. *Note* that the description in the floating IP is optional. If you
-provide it you get a DNS entry for your floating IP as:
-`$CLUSTER_NAME.PROJECT_NAME.hpccloud.mpg.de`
-Once the load balancer is up we can continue:
-```bash
-openstack loadbalancer listener create k8s-control-plane \
-    --name k8s-control-plane-listener \
-    --protocol TCP \
-    --protocol-port 6443 \
-    --allowed-cidr 192.168.0.0/24 \
-    --allowed-cidr 130.183.0.0/16 \
-    --allowed-cidr 10.0.0.0/8
-openstack loadbalancer pool create \
-    --name k8s-control-plane-pool \
-    --lb-algorithm ROUND_ROBIN \
-    --listener k8s-control-plane-listener \
-    --protocol TCP
-openstack loadbalancer healthmonitor create k8s-control-plane-pool \
-    --name k8s-control-plane-healthmonitor \
-    --delay 5 \
-    --max-retries 4 \
-    --timeout 10 \
-    --type TCP
-openstack loadbalancer member create k8s-control-plane-pool \
-    --name k8s-control-plane-0 \
-    --address 192.168.0.4 \
-    --protocol-port 6443 
-openstack loadbalancer member create k8s-control-plane-pool \
-    --name k8s-control-plane-1 \
-    --address 192.168.0.5 \
-    --protocol-port 6443 
-openstack loadbalancer member create k8s-control-plane-pool \
-    --name k8s-control-plane-2 \
-    --address 192.168.0.6 \
-    --protocol-port 6443 
-```
-### Get SSH access to your cluster
-#### Using the loadbalancer
-This sets up the loadbalancer to distribute ssh traffic to the control plane
-nodes. Once you are on a control plane node you can reach the rest of the
-kubernetes cluster.
-```bash
-openstack loadbalancer listener create k8s-control-plane \
-    --name ssh-control-plane-listener \
-    --protocol TCP \
-    --protocol-port 22 \
-    --timeout-client-data 0 \
-    --timeout-member-data 0 
-openstack loadbalancer pool create \
-    --name ssh-control-plane-pool \
-    --lb-algorithm ROUND_ROBIN \
-    --listener ssh-control-plane-listener \
-    --protocol TCP \
-    --session-persistence type=SOURCE_IP
-openstack loadbalancer healthmonitor create ssh-control-plane-pool \
-    --name ssh-control-plane-healthmonitor \
-    --delay 5 \
-    --max-retries 4 \
-    --timeout 10 \
-    --type TCP
-openstack loadbalancer member create ssh-control-plane-pool \
-    --name ssh-control-plane-0 \
-    --address 192.168.0.4 \
-    --protocol-port 22
-openstack loadbalancer member create ssh-control-plane-pool \
-    --name ssh-control-plane-1 \
-    --address 192.168.0.5 \
-    --protocol-port 22
-openstack loadbalancer member create ssh-control-plane-pool \
-    --name ssh-control-plane-2 \
-    --address 192.168.0.6 \
-    --protocol-port 22
 ```
@@ -202,16 +86,21 @@ Edit the script `../common-config.sh`. You will need to set the two variables
 using the template method. Then use the script as user data for the controller
 and worker nodes you create:
 ```bash
-openstack server create k8s-control-plane-0 \
+openstack server create k8s-control-plane \
    --image "Debian 11" \
    --flavor $CONTROL_PLANE_FLAVOR \
-    --port k8s-control-plane-0 \
+    --network k8s-net \
    --security-group k8s-secgroup \
+    --security-group k8s-control-secgroup \
    --key-name $KEYNAME \
    --user-data ../common-config.sh
+openstack floating ip create cloud-public
+openstack server add floating ip k8s-control-plane FLOATING_IP_ADDRESS
 ```
 Wait a moment for the node to come up and run the base configuration script.
+Once the control plane node is up you can connect to it using the floating IP
+and use it as an SSH gateway to the workers.
 #### Configuration
@@ -247,44 +136,8 @@ You can now also grab the kubectl admin configuration file from
 the [kubernetes docs](https://kubernetes.io/docs/tasks/tools/).
-### The rest of the control plane
-Make a copy of the `../common-config.sh`, calling it, for example,
-`control-plane-config.sh`. Add the command to join the control plane at the
-bottom. Use this new file as the configuration for the new control plae nodes:
-```bash
-openstack server create k8s-control-plane-1 \
-    --image "Debian 11" \
-    --flavor $CONTROL_PLANE_FLAVOR \
-    --port k8s-control-plane-1 \
-    --security-group k8s-secgroup \
-    --key-name $KEYNAME \
-    --user-data control-plane-config.sh
-openstack server create k8s-control-plane-2 \
-    --image "Debian 11" \
-    --flavor $CONTROL_PLANE_FLAVOR \
-    --port k8s-control-plane-2 \
-    --security-group k8s-secgroup \
-    --key-name $KEYNAME \
-    --user-data control-plane-config.sh
-```
-It will take a few minutes for the machines to become available. You will see
-them come up with:
-```bash
-kubectl get nodes
-```
-The output should look something like this:
-```
-NAME                  STATUS   ROLES           AGE     VERSION
-k8s-control-plane-0   Ready    control-plane   14m     v1.26.6
-k8s-control-plane-1   Ready    control-plane   4m9s    v1.26.6
-k8s-control-plane-2   Ready    control-plane   3m17s   v1.26.6
-```
 ### Adding worker nodes
 Now it is time to add some worker nodes. Make a second copy of
 `../common-config.sh`, calling it, for example, `worker-config.sh`. Add the
 command to join worker nodes to the cluster at the bottom. Use this new file
@@ -311,12 +164,9 @@ kubectl get nodes
 The output should look something like this:
 ```
 NAME                  STATUS   ROLES           AGE     VERSION
-k8s-control-plane-0   Ready    control-plane   32m   v1.26.6
+k8s-control-plane   Ready    control-plane   32m   v1.26.6
-k8s-control-plane-1   Ready    control-plane   21m   v1.26.6
+k8s-worker-1        Ready    <none>          22s   v1.26.6
-k8s-control-plane-2   Ready    control-plane   20m   v1.26.6
+k8s-worker-2        Ready    <none>          23s   v1.26.6
-k8s-worker-1          Ready    <none>          22s   v1.26.6
-k8s-worker-2          Ready    <none>          23s   v1.26.6
-k8s-worker-3          Ready    <none>          19s   v1.26.6
 ```
 # Configuring the kubernetes