Skip to content

Alpha Cluster Deployment

Jump to bottom
James Lott edited this page Feb 22, 2017 · 27 revisions

Architecture

The alpha cluster is deployed under the same architecture described for the test cluster

Deployed servers

The alpha cluster deploys the following instances of each class

1 master/control plane server:

  • kubmaster01

2 node/worker servers:

  • kubnode01
  • kubnode02

1 NFS Storage server:

  • kubvol01

Instance information

All of the deployed alpha nodes are one of two type of instances:

  • 1GB instance: (kubmaster01, kubvol01)
  • 2GB instance: (kubnode01, kubnode02)

All instances were deployed in the same datacenter of the same provider in order to enable private network communication

1GB Instance

  • 1GB RAM
  • 1 vCPU
  • 20GB Storage

2GB Instance

  • 2GB RAM
  • 1 vCPU
  • 30GB Storage

Base system deployment

kubmaster01, kubnode01, kubnode02

All three of these machines are deployed as Fedora 25 instances

Post-deployment configuration

These steps assume you are connected to the server being configured using SSH agent forwarding,(ssh -A $host) and that the SSH key being forwarded is associated with a GitHub account.

  1. Set the system hostname
  2. Disable password logins for the root user
  3. Apply shared cluster configurations
    • hosts file
  4. Install netdata for node monitoring
  5. Open firewall port for netdata
  6. Secure public ports
  7. Allow private network traffic
  8. Disable SELinux
(
  set -e
  hostnamectl set-hostname $host
  sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
  systemctl restart sshd
  dnf -y install git-core
  git clone [email protected]:CodeForPhilly/ops.git /opt/ops
  rm -f /etc/hosts && ln -s /opt/ops/kubernetes/alpha-cluster/hosts /etc/hosts
  curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata-all && rm -f /tmp/kickstart.sh
  git clone https://github.com/firehol/netdata.git --depth=1
  ( cd netdata && ./netdata-installer.sh --install /opt )
  firewallctl zone '' -p add port 19999/tcp
  firewallctl zone '' -p remove service cockpit
  firewallctl zone internal -p add source 192.168.0.0/16
  firewall-cmd --permanent --zone=internal --set-target=ACCEPT  # for some inexplicable reason, this version of firewallctl does not provide a way to do this
  firewallctl reload
  sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
  setenforce 0
)

CivCloud

System Architecture

Operations

Development

Clone this wiki locally