Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Eirini

Jump to bottom
Jaime Gomes edited this page Sep 18, 2019 · 22 revisions

Experimental SCF Installation With Eirini Enabled

IMPORTANT: There are some cloud specific settings for Azure Kubernetes Cluster and Amazon Kubernetes Cluster, we strongly recommend to read them first.

General Considerations

  • eirini namespace should be available in kubernetes before deploying scf
  • Deploy Eirini using the cflinuxfs3 as the default stack for now
  • cf ssh to apps doesn't work (yet, but it's possible to ssh via kubectl into the apps pods)
  • Restarting a cluster might cause losing of your apps logs
  • Heapster needs to be installed (in some cases manually, e.g. AWS): is required to display apps metrics (CPU/RAM/DISK usage)
  • Air gapped environments or usage of manual certificates are not supported with Eirini
  • SCF from develop branch ships eirini-extensions and eirini-persi-broker. See Persistence with Eirini in SCF
  • Eirini won't work on Kubernetes environments running cri-o at this time; please use Docker Runtime instead for now.

scf-config-values

To enable Eirini, we need to disable Diego, and enable Eirini explictly in the scf-config-values.yaml file:

enable:
  eirini: true
[...]
kube:
  auth: rbac

(You need kube.auth: rbac otherwise some components needed for Eirini will not be deployed correctly)

Deploying SCF

$> kubectl create -f - <<< '{"kind": "Namespace","apiVersion": "v1","metadata": {"name": "eirini","labels": {"name": "eirini"}}}' # create eirini namespace

$> helm repo add suse https://kubernetes-charts.suse.com/

$> helm repo update

$> helm install suse/uaa --name susecf-uaa --namespace uaa --values scf-config-values.yaml

$> watch -c "kubectl get pods --namespace uaa" # wait for uaa to come up

$> SECRET=$(kubectl get pods --namespace uaa \
-o jsonpath='{.items[?(.metadata.name=="uaa-0")].spec.containers[?(.name=="uaa")].env[?(.name=="INTERNAL_CA_CERT")].valueFrom.secretKeyRef.name}')

$> CA_CERT="$(kubectl get secret $SECRET --namespace uaa \
-o jsonpath="{.data['internal-ca-cert']}" | base64 --decode -)" && echo $CA_CERT

$> helm install suse/cf --name susecf-scf --namespace scf --values scf-config-values.yaml --set "secrets.UAA_CA_CERT=${CA_CERT}"

$> watch -c "kubectl get pods --namespace scf" # wait for scf to come up

Note: Some pods will go not go into ready state when DNS has not been set up. DNS setup can be done in paralell.

DNS Setup

To setup the dns you need to get all active loadbalancers using kubectl get services --all-namespaces|grep public Set the DNS according to the following table:

Entry Service Type Comment
example.domain.tld router-gorouter-public A Use IP of LB
*.example.domain.tld router-gorouter-public A Use IP of LB
tcp.example.domain.tld tcp-router-public CNAME
uaa.example.domain.tld uaa-public CNAME
*.uaa.example.domain.tld uaa-public CNAME

Installing Metrics Server

Depending on your cluster configuration, you might need to deploy Metrics Server if not already present. You can install the latest stable Metrics Server via helm:

Note: --kubelet-insecure-tls is not recommended for production usage, but can be useful in test clusters with self-signed Kubelet serving certificates. For production use --tls-private-key-file.

$> helm install stable/metrics-server --name=metrics-server --set args[0]="--kubelet-preferred-address-types=InternalIP" --set args[1]="--kubelet-insecure-tls"
Clone this wiki locally