You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/02 14:19:21 UTC
[incubator-dlab] branch DLAB-terraform updated: updated README;
added Helm installation
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new d95333c updated README; added Helm installation
d95333c is described below
commit d95333c977393527c23b7bd3021684d899c25435
Author: Oleh Martushevskyi <Ol...@epam.com>
AuthorDate: Tue Jul 2 17:19:11 2019 +0300
updated README;
added Helm installation
---
README.md | 22 +++++++++---------
.../aws/modules/ssn-k8s/files/masters-user-data.sh | 26 ++++++++++++++++++++++
2 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index 761c974..8bece93 100644
--- a/README.md
+++ b/README.md
@@ -162,27 +162,27 @@ That simplifies running big data frameworks, such as Apache Hadoop and Apache Sp
Prerequisites:
DLab can be deployed using the following two methods:
- - IAM user: DLab deployment script can be executed on local machine and will use IAM user permissions to create resources in AWS.
- - EC2 instance: DLab deployment script can be executed on previously prepared EC2 instance with attached IAM role. Deployment script will use the attached role to create resources in AWS.
+ - IAM user: DLab deployment script is executed on local machine and uses IAM user permissions to create resources in AWS.
+ - EC2 instance: DLab deployment script is executed on EC2 instance prepared in advance and with attached IAM role. Deployment script uses the attached IAM role to create resources in AWS.
**'IAM user' method prerequisites:**
- - IAM user with created AWS access key ID and secret access key. These keys will be provided as arguments for deployment script and will be used for getting permissions to create resources in AWS.
- - Amazon EC2 Key Pair. This key will be used for accessing all DLab instances.
- - All actions in this [policy](#AWS_SSN_policy) should be assigned to IAM user in order to deploy DLab:
+ - IAM user with created AWS access key ID and secret access key. These keys are provided as arguments for the deployment script and are used to create resources in AWS.
+ - Amazon EC2 Key Pair. This key is system and is used for configuring DLab instances.
+ - The following IAM [policy](#AWS_SSN_policy) should be attached to the IAM user in order to deploy DLab.
**'EC2 instance' method prerequisites:**
- - Amazon EC2 Key Pair. This key will be used for accessing all DLab instances.
- - EC2 instance where DLab deployment script will be executed.
- - IAM role with such [policy](#AWS_SSN_policy) attached should be assigned to the EC2 instance.
+ - Amazon EC2 Key Pair. This key is system and is used for configuring DLab instances.
+ - EC2 instance where DLab deployment script is executed.
+ - IAM role with the following IAM [policy](#AWS_SSN_policy) should be attached to the EC2 instance.
**Optional prerequisites for both methods:**
- - VPC ID. If you already have VPC created, you can provide VPC ID for deployment script and all DLab instances will be deployed in this VPC.
- - Subnet ID. DLab will deploy SSN node and user's Edge nodes in this subnet. This parameter also can be provided for deployment script.
+ - VPC ID. If VPC where DLab should be deployed is already in place, then "VPC ID" should be provided for deployment script. DLab instances are deployed in this VPC.
+ - Subnet ID. If Subnet where DLab should be deployed is already in place, then "Subnet ID" should be provided for deployment script. DLab SSN node and users' Edge nodes are deployed in this Subnet.
- DLab Policy
+ DLab IAM Policy
<a name="AWS_SSN_policy"></a>
```
{
diff --git a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
index 0dd15d1..850884e 100644
--- a/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
+++ b/infrastructure-provisioning/terraform/aws/modules/ssn-k8s/files/masters-user-data.sh
@@ -74,6 +74,29 @@ sudo kubeadm token create --print-join-command > /tmp/join_command
sudo kubeadm init phase upload-certs --upload-certs | grep -v "upload-certs" > /tmp/cert_key
sudo -i -u ${k8s-os-user} kubectl apply -f \
"https://cloud.weave.works/k8s/net?k8s-version=$(sudo -i -u ${k8s-os-user} kubectl version | base64 | tr -d '\n')"
+sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+cat <<EOF > /tmp/rbac-config.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tiller
+ namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tiller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: tiller
+ namespace: kube-system
+EOF
+sudo -i -u ${k8s-os-user} kubectl create -f /tmp/rbac-config.yaml
+sudo -i -u ${k8s-os-user} helm init --service-account tiller --history-max 200
sleep 60
aws s3 cp /tmp/join_command s3://${k8s-bucket-name}/k8s/masters/join_command
aws s3 cp /tmp/cert_key s3://${k8s-bucket-name}/k8s/masters/cert_key
@@ -98,6 +121,8 @@ sudo $join_command --control-plane --certificate-key $cert_key
sudo mkdir -p /home/${k8s-os-user}/.kube
sudo cp -i /etc/kubernetes/admin.conf /home/${k8s-os-user}/.kube/config
sudo chown -R ${k8s-os-user}:${k8s-os-user} /home/${k8s-os-user}/.kube
+sudo -i -u ${k8s-os-user} bash -c 'curl -L https://git.io/get_helm.sh | bash'
+sudo -i -u ${k8s-os-user} helm init --client-only --history-max 200
fi
cat <<EOF > /tmp/update_files.sh
#!/bin/bash
@@ -135,4 +160,5 @@ EOF
sudo mv /tmp/remove-etcd-member.sh /usr/local/bin/remove-etcd-member.sh
sudo chmod 755 /usr/local/bin/remove-etcd-member.sh
sleep 600
+sudo -i -u ${k8s-os-user} helm repo update
sudo bash -c 'echo "* * * * * root /usr/local/bin/remove-etcd-member.sh >> /var/log/cron_k8s.log 2>&1" >> /etc/crontab'
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org