docs: Add Kubernetes deploy HOWTO #508
Conversation
kkuehlz
force-pushed
the
kubernetes_howto
branch
from
d3c5bfd
to
7b5f2c1
Compare
kkuehlz
force-pushed
the
kubernetes_howto
branch
from
7b5f2c1
to
50085bd
Compare
| For Kubernetes to access the file system we need two objects: a | ||
| `PersistentVolume` and a `PersistentVolumeClaim`. The former maps a filesystem | ||
| to the cluster, and the latter is how a service asks to access that filesystem. | ||
| You will need to create the `PersistentVolume` in [Puppet][puppet] as |
There was a problem hiding this comment.
I would update this section to use the NFS provisioner (https://github.com/ocf/nfs-provisioner). We shouldn't need to have puppet changes in order to create PVs.
There was a problem hiding this comment.
Basically users can skip this PV part and just make a PVC with the same class as in the README for nfs-provisioner.
There was a problem hiding this comment.
It's important that new services do this, as it'll be more difficult for us to migrate existing services using custom puppet-defined PVs to using nfs-provisioner PVs.
| name: <myapp>-nfs-pv | ||
| spec: | ||
| capacity: | ||
| storage: 30Gi |
There was a problem hiding this comment.
This storage capacity isn't enforceable in Kubernetes + NFS to my knowledge. Might be worth mentioning
There was a problem hiding this comment.
One potential way I can think of to enforce it is if you use a specific user for your service and all of its files, it might be subject to NFS quotas (if the user is in LDAP?)
|
|
||
| [mastodon][mastodon-deploy] (Advanced): Applies custom patches, uses `ldap`, mounts `nfs`, has pods for `redis`, `sidekiq`, and `http-streaming`. | ||
|
|
||
| [kafka][kafka-deploy] (Advanced): Runs a `kafka` cluster inside of Kubernetes. |
There was a problem hiding this comment.
zookeeper is another one to add here as an example. We can add a section for StatefulSets at a later time.
| - containerPort: 8000 | ||
| ``` | ||
|
|
||
| The last object we need to create for the Templates service is `Ingress`. We |
There was a problem hiding this comment.
When I was working on this with @abizer there was some extra crap I had to do that I don't remember exactly, we should include it here
There was a problem hiding this comment.
You need to mention adding the domain to https://github.com/ocf/puppet/blob/master/modules/ocf_kubernetes/manifests/master/loadbalancer.pp
Also talk about version templating for comitting to prod
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: <myapp>-service |
There was a problem hiding this comment.
Since applications are namespaced, it's not actually necessary to include the app name in the service name. I haven't been including them for recent services
|
|
||
| Now we have all the necessary configuration to deploy our service. To see if | ||
| everything works, we will deploy the service manually. On `supernova`, first | ||
| run `kinit`. This will obtain a [[kerberos|doc staff/backend/kerberos]] ticket |
There was a problem hiding this comment.
I don't think it's necessary to run kinit? If you don't have a ticket it'll show the usual password prompt
|
Is this still useful? Should it be merged? |
|
On Sat, 16 May 2020 12:36:36 -0700 kpengboy ***@***.***> wrote:
Is this still useful? Should it be merged?
You can go ahead and just close this pull request because I have no
plans to update it.
|
|
A shame. Maybe we can leave it here in case anyone wants to build off it? |
|
i would like to leave it open for now, because although this is out of date, we do still need these docs |
|
Thanks Bernie for picking this up in #631 |
No description provided.