simplify rke creation

f9deb7d8 · Tim Kreuzer · 926fefc9 · f9deb7d8 · f9deb7d8 · f9deb7d8
Commit f9deb7d8 authored Sep 6, 2023 by Tim Kreuzer
--- a/.gitignore
+++ b/.gitignore
+managed_clusters/*_credentials.sh
+**/keypair.key
--- a/README.md
+++ b/README.md
 # Kubernetes as a Service administration
 This repo is used to create clusters on [JSC-Cloud](https://cloud.jsc.fz-juelich.de) and deploy software on them.

+## Supported Labels
+ - kured: "true"  -> Install [Kured](https://github.com/kubereboot/kured), this will reboot your nodes if necessary on a sunday between 2am and 5am (Timezone: Europe/Berlin). [more](https://gitlab.jsc.fz-juelich.de/kaas/fleet-deployments/-/tree/kured)
+ - cinder-csi: "true"  -> Install [Cinder-CSI Plugin](https://github.com/kubernetes/cloud-provider-openstack/tree/release-1.26/docs/cinder-csi-plugin), this will create a storage class on the cluster, which uses OpenStack Cinder Volumes as persistent storage. [more](https://gitlab.jsc.fz-juelich.de/kaas/fleet-deployments/-/tree/openstack-cinder-csi)
+

 ## Create Cluster
 Requirements:
@@ -13,7 +17,7 @@ Create OpenStack environment in users project:
 - `cd fleet_deployments/managed_clusters`
 - Store `jsc-cloud-team` credentials in `managed_clusters/management_credentials.sh`
 - Store `<user>` credentials in `managed_clusters/<NAME>_credentials.sh` (<NAME> must be equal to the Name given in create.sh)
- - # UPDATE create.sh , fill in name, project id and subnet cidr
+ - **update create.sh , fill in name, project id and subnet cidr**
 - `/bin/bash create.sh`

 Create NodeTemplate / RKETemplate
@@ -25,8 +29,7 @@ Create NodeTemplate / RKETemplate
 - **IMPORTANT: At the end of the node template creation, `Engine Options` -> `Docker Install URL` must be "None"!**
 - RKE1 Configuration (sidebar) -> RKE Templates
 - Add template (top right), name should be equal to cluster name, revision can be v1
- - Click "Edit as YAML" on the right side, copy the rke.yaml file from this repo into it.
- - Replace the secrets and subnet ID from the output given by create.sh earlier
+ - Click "Edit as YAML" on the right side, copy the ${NAME}/rke.yaml file from into it.

 Create Cluster:
 - Browse to https://zam12142.zam.kfa-juelich.de , log in
@@ -35,7 +38,7 @@ Create Cluster:
 - Cluster Name: as before in create.sh, create two nodepools (one for main nodes [check: drain before delete, etcd, control-plane], one for worker nodes [check: drain before delete, worker]). Set "Auto Replace" to 5 minutes. Use the previously created node templates.
 - Cluster Options: "Use an existing RKE Template and revision" -> Choose the previously created one.
 - Member roles (above Cluster Options) -> Add member as owner to this cluster. If user does not exists yet, it can be done later.
- - Labels: can be used to install default software. See List below for available labels
+ - Labels: can be used to install default software. See List above for available labels
 - Scroll down: Create -> Done.

 How to Manage Cluster (once it's created, may take up to 10 minutes):
@@ -49,10 +52,6 @@ How to increase/decrease number of nodes:
    - `kubectl drain --ignore-daemonsets --delete-emptydir-data <node>` (or in UI, same as above)
    - In Cluster Management select node and click on `Scale Down`. (Deleted nodes would be replaced otherwise)

-## Supported Labels
- - kured: "true"  -> Install [Kured](https://github.com/kubereboot/kured), this will reboot your nodes if necessary on a sunday between 2am and 5am (Timezone: Europe/Berlin). [more](https://gitlab.jsc.fz-juelich.de/kaas/fleet-deployments/-/tree/kured)
- - cinder-csi: "true"  -> Install [Cinder-CSI Plugin](https://github.com/kubernetes/cloud-provider-openstack/tree/release-1.26/docs/cinder-csi-plugin), this will create a storage class on the cluster, which uses OpenStack Cinder Volumes as persistent storage. [more](https://gitlab.jsc.fz-juelich.de/kaas/fleet-deployments/-/tree/openstack-cinder-csi)
-

 ## Delete cluster
 - Delete Cluster in Rancher UI

--- a/managed_clusters/create.sh
+++ b/managed_clusters/create.sh
@@ -2,16 +2,21 @@

 ### Customization

-NAME="" # Enter a (ideally) unique name for the cluster
-PROJECT_ID="" # project id from the users project, where the k8s cluster should be created
-SUBNET_CIDR="" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.
+NAME="jupyterjsc-production" # Enter a (ideally) unique name for the cluster
+PROJECT_ID="800dd44618eb4fe08f874109d6a54417" # project id from the users project, where the k8s cluster should be created
+SUBNET_CIDR="10.0.101.0/24" # Unique CIDR (10.0.x.0/24) , each cluster needs a different subnet CIDR.

+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+if [[ ! -f ${DIR}/${NAME}_credentials.sh ]] || [[ ! -f ${DIR}/management_credentials.sh ]]; then
+  echo "Missing credentials. Stop script"
+  exit 1
+fi

 ###
 # set to false, to get the output at the end without creating anything
 CREATE="true"

-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 mkdir -p ${DIR}/${NAME}

 # Some variables for our `jsc-cloud-team` management project
@@ -114,24 +119,8 @@ sed -e "s@<name>@${NAME}@g" ${DIR}/userdata_worker.yaml > ${DIR}/${NAME}/userdat
 echo "engineInstallUrl:            None"
 echo "----------------------------------"

-# You can use the rke.yaml file and create a RKE Template in Rancher 
-echo "----------------------------------"
-echo "--- RkeTemplate (replace in rke.yaml line 16,17,22) ---"
-echo "        [Global]"
-echo "        auth-url=https://cloud.jsc.fz-juelich.de:5000/v3"
-echo "        application-credential-id=$OS_APPLICATION_CREDENTIAL_ID"
-echo "        application-credential-secret=$OS_APPLICATION_CREDENTIAL_SECRET"
-echo "        region=JSCCloud"
-echo "        tls-insecure=true"
-echo "        [LoadBalancer]"
-echo "        use-octavia=true"
-echo "        subnet-id=$USER_SUBNET_ID"
-echo "        floating-network-id=c2ce19a1-ad08-41fb-8dd2-4b97d78815fc"
-echo "        manage-security-groups=false"
-echo "        [BlockStorage]"
-echo "        bs-version=v2"
-echo "        ignore-volume-az=true"
-echo "----------------------------------"
+
+sed -e "s@<credential_id>@${OS_APPLICATION_CREDENTIAL_ID}@g" -e "s@<credential_secret>@${OS_APPLICATION_CREDENTIAL_SECRET}@g" -e "s@<subnet_id>@${USER_SUBNET_ID}@g" ${DIR}/rke.yaml > ${DIR}/${NAME}/rke.yaml

 # ssh into the rancher-1 vm.
 # Create a NFS folder for the cluster-backups

--- a/managed_clusters/credentials_unset.sh
+++ b/managed_clusters/credentials_unset.sh
+#!/usr/bin/env bash
+
+unset OS_AUTH_TYPE
+unset OS_AUTH_URL
+unset OS_IDENTITY_API_VERSION
+unset OS_REGION_NAME
+unset OS_INTERFACE
+unset OS_APPLICATION_CREDENTIAL_ID
+unset OS_APPLICATION_CREDENTIAL_SECRET
+
--- a/managed_clusters/rke.yaml
+++ b/managed_clusters/rke.yaml
@@ -13,13 +13,13 @@ rancher_kubernetes_engine_config:
      cloud-config: |-
        [Global]
        auth-url=https://cloud.jsc.fz-juelich.de:5000/v3
-        application-credential-id=...
-        application-credential-secret=...
+        application-credential-id=<credential_id>
+        application-credential-secret=<credential_secret>
        region=JSCCloud
        tls-insecure=true
        [LoadBalancer]
        use-octavia=true
-        subnet-id=...
+        subnet-id=<subnet_id>
        floating-network-id=c2ce19a1-ad08-41fb-8dd2-4b97d78815fc
        manage-security-groups=false
        [BlockStorage]