-
Notifications
You must be signed in to change notification settings - Fork 4
Alpha Cluster Deployment
The alpha cluster is deployed under the same architecture described for the test cluster
The alpha cluster deploys the following instances of each class
1 master/control plane server:
- kubmaster01
2 node/worker servers:
- kubnode01
- kubnode02
1 NFS Storage server:
- kubvol01
All of the deployed alpha nodes are one of two type of instances:
- 1GB instance: (kubmaster01, kubvol01)
- 2GB instance: (kubnode01, kubnode02)
All instances were deployed in the same datacenter of the same provider in order to enable private network communication
- 1GB RAM
- 1 vCPU
- 20GB Storage
- 2GB RAM
- 1 vCPU
- 30GB Storage
All three of these machines are deployed as Fedora 25 instances
- Set the system hostname
- Disable password logins for the root user
- Apply shared cluster configurations
- hosts file
- Install netdata for node monitoring
- Open firewall port for netdata
- Secure public ports
- Allow private network traffic
- Disable SELinux
These steps assume you are connected to the server being configured using SSH
agent forwarding,(ssh -A $host) and that the SSH key being forwarded is associated with a
GitHub account. They further assume that a host variable has been set to the
desired hostname of the machine being configured.
(
set -e
hostnamectl set-hostname ${host?}
sed -i 's/^PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
systemctl restart sshd
dnf -y install git-core
git clone [email protected]:CodeForPhilly/ops.git /opt/ops
rm -f /etc/hosts && ln -s /opt/ops/kubernetes/alpha-cluster/hosts /etc/hosts
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh -i netdata-all && rm -f /tmp/kickstart.sh
git clone https://github.com/firehol/netdata.git --depth=1
( cd netdata && ./netdata-installer.sh --install /opt )
firewallctl zone '' -p add port 19999/tcp
firewallctl zone '' -p remove service cockpit
firewallctl zone internal -p add source 192.168.0.0/16
firewall-cmd --permanent --zone=internal --set-target=ACCEPT # for some inexplicable reason, this version of firewallctl does not provide a way to do this
firewallctl reload
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
setenforce 0
)