Update docs
This commit is contained in:
parent
b376544424
commit
1764d84ac5
@ -34,11 +34,18 @@ Cloudbender creates a kubezero config file, which incl. all outputs from the Clo
|
||||
## Deploy KubeZero Helm chart
|
||||
`./deploy.sh`
|
||||
|
||||
The deploy script will handle the initial bootstrap process up to point of installing advanced services like Istio or Prometheus.
|
||||
It will take about 10min to reach the point of being able to install these advanced services.
|
||||
The deploy script will handle the initial bootstrap process as well as the roll out of advanced components like Prometheus, Istio and ElasticSearch/Kibana in various phases.
|
||||
|
||||
It will take about 10 to 15 minutes for ArgoCD to roll out all the services...
|
||||
|
||||
|
||||
# Own apps
|
||||
- Add your own application to ArgoCD via the cli
|
||||
|
||||
# Troubleshooting
|
||||
|
||||
## Verify ArgoCD
|
||||
At this stage we there is no support for any kind of Ingress yet. To reach the Argo API port forward from localhost via:
|
||||
To reach the Argo API port forward from localhost via:
|
||||
`kubectl port-forward svc/kubezero-argocd-server -n argocd 8080:443`
|
||||
|
||||
Next download the argo-cd cli, details for different OS see https://argoproj.github.io/argo-cd/cli_installation/
|
||||
@ -46,37 +53,5 @@ Next download the argo-cd cli, details for different OS see https://argoproj.git
|
||||
Finally login into argo-cd via `argocd login localhost:8080` using the *admin* user and the password set in values.yaml earlier.
|
||||
|
||||
List all Argo applications via: `argocd app list`.
|
||||
Currently it is very likely that you need to manually trigger sync runs for `cert-manager`as well as `kiam`.
|
||||
eg. `argocd app cert-manager sync`
|
||||
|
||||
|
||||
# Only proceed any further if all Argo Applications show healthy !!
|
||||
|
||||
## WIP not yet integrated into KubeZero
|
||||
|
||||
### Istio
|
||||
Istio is currently pinned to version 1.4.X as this is the last version supporting installation via helm charts.
|
||||
|
||||
Until Istio is integrated into KubeZero as well as upgraded to 1.6 we have to install manually.
|
||||
|
||||
- adjust values.yaml
|
||||
- update domain in `ingress-certificate.yaml`
|
||||
- update.sh
|
||||
- deploy.sh
|
||||
|
||||
### Logging
|
||||
To deploy fluentbit only required adjustment is the `fluentd_host=<LOG_HOST>` in the kustomization.yaml.
|
||||
|
||||
- deploy namespace for logging via deploy.sh
|
||||
- deploy fluentbit via `kubectl apply -k fluentbit`
|
||||
|
||||
### Prometheus / Grafana
|
||||
Only adjustment required is the ingress routing config in istio-service.yaml. Adjust as needed before executing:
|
||||
`deploy.sh`
|
||||
|
||||
### EFS CSI
|
||||
- add the EFS fs-ID from the worker cloudformation output into values.yaml and the efs-pv.yaml
|
||||
- `./deploy.sh`
|
||||
|
||||
# Demo / own apps
|
||||
- Add your own application to ArgoCD via the cli
|
70
README.md
70
README.md
@ -14,44 +14,50 @@ All chosen components are 100% organic OpenSource.
|
||||
- Work within each community / give back
|
||||
|
||||
|
||||
# Components
|
||||
## General
|
||||
- Container runtime cri-o rather than Docker for improved security and performance
|
||||
|
||||
## Network / CNI
|
||||
- Calico using VxLAN as default backend
|
||||
|
||||
## Certificate management
|
||||
- cert-manager incl. a local self-signed cluster CA
|
||||
## Control plane
|
||||
- support for single node control plane for small clusters / test environments to reduce costs
|
||||
- access to control plane from within the VPC only by default ( VPN access required for Admin tasks )
|
||||
- controller nodes are used for various platform admin controllers / operators to reduce costs and noise on worker nodes
|
||||
- integrated ArgoCD Gitops controller
|
||||
|
||||
## Metrics / Alerting
|
||||
- Prometheus / Grafana
|
||||
## AWS IAM access control
|
||||
- Kiam allowing IAM roles per pod
|
||||
- IAM roles are assumed / requested and cached on controller nodes for improved security
|
||||
- blocking access to meta-data service on all nodes
|
||||
- IAM roles are maintained/ automated and tracked via CFN templates
|
||||
|
||||
## Logging
|
||||
- Fluent-bit
|
||||
- Fluentd
|
||||
- ElasticSearch
|
||||
- Kibana
|
||||
|
||||
## Dashboard
|
||||
- see ArgoCD
|
||||
## Network
|
||||
- Calico using VxLAN incl. increased MTU
|
||||
- allows way more containers per worker
|
||||
- isolates container traffic from VPC by using VxLAN overlay
|
||||
- no restrictions on IP space / sizing from the underlying VPC architecture
|
||||
|
||||
## Storage
|
||||
- EBS external CSI storage provider
|
||||
- EFS external CSI storage provider
|
||||
- LocalVolumes
|
||||
- LocalPath
|
||||
- flexible EBS support incl. zone awareness
|
||||
- EFS support via automated EFS provisioning for worker groups via CFN templates
|
||||
- local storage provider for latency sensitive high performance workloads
|
||||
|
||||
## Ingress
|
||||
- AWS Network Loadbalancer
|
||||
- Istio providing Public and Private Envoy proxies
|
||||
- HTTP(s) and TCP support
|
||||
- Real client source IPs available
|
||||
## Ingress
|
||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||
- No additional costs per exposed service
|
||||
- Automated SSL Certificate handling via cert-manager incl. renewal etc.
|
||||
- support for TCP services
|
||||
- Client source IP available to workloads via HTTP header
|
||||
- optional full service mesh
|
||||
|
||||
## Service Mesh ( optional )
|
||||
|
||||
|
||||
# KubeZero vs. EKS
|
||||
|
||||
## Controller nodes used for various admin controllers
|
||||
|
||||
## KIAM incl. blocked access to meta-data service
|
||||
## Metrics
|
||||
- Prometheus support for all components
|
||||
- automated service discovery allowing instant access to common workload metrics
|
||||
- Preconfigured community maintained Grafana dashboards for common services
|
||||
- Preconfigured community maintained Alerts
|
||||
|
||||
## Logging
|
||||
- all container logs are enhanced with Kubernetes metadata to provide context for each message
|
||||
- flexible ElasticSearch setup via ECK operator to ease maintenance and reduce required admin knowledge, incl automated backups to S3
|
||||
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management to reduce costs
|
||||
- fluentd central log ingress service allowing additional parsing and queuing to improved reliability
|
||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via SSL to fluentd
|
||||
|
Loading…
Reference in New Issue
Block a user