Skip to content

Commit

Permalink
Merge pull request #4591 from derekwaynecarr/origin_example
Browse files Browse the repository at this point in the history
WIP: Example running OpenShift Origin as pod on Kubernetes
  • Loading branch information
brendandburns committed Feb 26, 2015
2 parents 0d474bc + b8172f9 commit 16b97a4
Show file tree
Hide file tree
Showing 6 changed files with 399 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cluster/vagrant/config-default.sh
Original file line number Diff line number Diff line change
Expand Up @@ -71,5 +71,5 @@ DNS_DOMAIN="kubernetes.local"
DNS_REPLICAS=1

# Optional: Enable setting flags for kube-apiserver to turn on behavior in active-dev
RUNTIME_CONFIG=""
#RUNTIME_CONFIG="api/v1beta3"
#RUNTIME_CONFIG=""
RUNTIME_CONFIG="api/v1beta3"
110 changes: 110 additions & 0 deletions examples/openshift-origin/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
## OpenShift Origin example

This example shows how to run OpenShift Origin as a pod on an existing Kubernetes cluster.

This example demonstrates usage of a pod with a secret volume mount.

### Step 0: Prerequisites

This example assumes that you have a basic understanding of Kubernetes and that you have forked the repository and [turned up a Kubernetes cluster](https://github.com/GoogleCloudPlatform/kubernetes#contents):

This example has been tested against the **gce** and **vagrant** based KUBERNETES_PROVIDER.

```shell
$ cd kubernetes
$ export KUBERNETES_PROVIDER=gce
$ hack/dev-build-and-up.sh
```

### Step 1: Generate resources

The demonstration will require the following resources:

1. A Kubernetes Secret that contains information needed to securely communicate to your Kubernetes master as an administrator
2. A Kubernetes Pod that contains information for how to run OpenShift Origin that consumes this Secret securely
3. A Kubernetes Service that exposes OpenShift Origin API via an external load balancer
4. A Kubernetes Service that exposes OpenShift Origin UI via an external load balancer

To generate these resources, we will run a script that introspects your configured KUBERNETES_PROVIDER:

```shell
$ examples/openshift-origin/resource-generator.sh
```
A Kubernetes Secret was generated that contains the following data:

1. kubeconfig: a valid kubeconfig file that is used by OpenShift Origin to communicate to the master
2. kube-ca: a certificate authority for the Kubernetes master
3. kube-auth-path: a Kubernetes authorization file
4. kube-cert: a Kubernetes certificate
5. kube-key: a Kubernetes key file

As required by a Kubernetes secret, each piece of data is base64 encoded - with no line wraps.

You can view the file by doing:

```shell
$ cat examples/openshift-origin/secret.json
```

Caution: This file contains all of the required information to operate as a Kubernetes admin on your cluster, so only share this file with trusted parties.

A Kubernetes Pod file was generated that can run OpenShift Origin on your cluster.

The OpenShift Origin pod file has a volume mount that references the Kubernetes secret we created to know how to work with the underlying Kubernetes provider.

You can view the file by doing:

```shell
$ cat examples/openshift-origin/pod.json
```

Finally, a Kubernetes service was generated for the UI and the API and available via an external load balancer:

``shell
$ cat examples/openshift-origin

### Step 2: Create the secret in Kubernetes

To provision the secret on Kubernetes:

```shell
$ cluster/kubectl.sh create -f examples/openshift-origin/secret.json
```

You should see your secret resource was created by listing:
```shell
$ cluster/kubectl.sh get secrets
```

### Step 3: Provisioning OpenShift Origin

To create the OpenShift Origin pod:

```shell
$ cluster/kubectl.sh create -f examples/openshift-origin/pod.json
```

### Step 4: Provisioning OpenShift Origin Services

To create the OpenShift Origin Services that expose the API and UI:

```shell
$ cluster/kubectl.sh create -f examples/openshift-origin/ui-service.json
$ cluster/kubectl.sh create -f examples/openshift-origin/api-service.json
```

### Step 5: Open Firewall Ports

If you are running on GCE, you need to open the following ports:

```shell
$ gcloud compute instances list

FIND THE MINION NAME PREFIX

$ gcloud compute firewall-rules create openshift-origin-node-8444 --allow tcp:8444 --target-tags kubernetes-minion-prq8
$ gcloud compute firewall-rules create openshift-origin-node-8443 --allow tcp:8443 --target-tags kubernetes-minion-prq8
```
### Step 4: Try out OpenShift Origin

TODO add more detail here:
37 changes: 37 additions & 0 deletions examples/openshift-origin/create-all.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/bin/bash

# Copyright 2014 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Generates secret, creates secret on kube, creates pod on kube

set -o errexit
set -o nounset
set -o pipefail

ORIGIN=$(dirname "${BASH_SOURCE}")
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..

## Generate resources
${ORIGIN}/resource-generator.sh

## Create the secret
${KUBE_ROOT}/cluster/kubectl.sh create -f ${ORIGIN}/secret.json

## Create the pod
${KUBE_ROOT}/cluster/kubectl.sh create -f ${ORIGIN}/pod.json

## Create the services
${KUBE_ROOT}/cluster/kubectl.sh create -f ${ORIGIN}/api-service.json
${KUBE_ROOT}/cluster/kubectl.sh create -f ${ORIGIN}/ui-service.json
34 changes: 34 additions & 0 deletions examples/openshift-origin/delete-all.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/bin/bash

# Copyright 2014 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Deletes pod, deletes secret

set -o errexit
set -o nounset
set -o pipefail

ORIGIN=$(dirname "${BASH_SOURCE}")
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..

## Delete the services
${KUBE_ROOT}/cluster/kubectl.sh delete services origin-api
${KUBE_ROOT}/cluster/kubectl.sh delete services origin-ui

## Delete the pod
${KUBE_ROOT}/cluster/kubectl.sh delete pods openshift

## Delete the secret
${KUBE_ROOT}/cluster/kubectl.sh delete secrets kubernetes-secret
18 changes: 18 additions & 0 deletions examples/openshift-origin/origin-kubeconfig.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority: /etc/secret-volume/kube-ca
server: https://146.148.35.28
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
auth-path: /etc/secret-volume/kube-auth-path
Loading

0 comments on commit 16b97a4

Please sign in to comment.