## Create Kubernetes Cluster on Azure or GKE

This notebook can be used to launch a Kubernetes Cluster on [Azure](https://portal.azure.com) or the Google Container Engine (GKE) for Kubernetes.  It is designed to be run via the included Docker container, but it can be run locally if the appropriate tools are installed.  

**If you are just getting started, review the config.yaml file and update it to include your information and naming conventions for your cluster.  Variables starting with a "g" are relevant to GKE while Azure starts with an "a" and Jupyterhub starts with a "jup".


In [1]:
!cat  ../config/config.yaml

#Where are you running notebooks? This is used for path.
docker: true     #True if executing on the Kuberlytics Docker Stack.
docker_path: /home/jovyan/work/admin-tools      #This should not change.
local_path: /Users/jasonkuruzovich/githubdesktop/0_class/admin-tools #This is the local path
cloud_provider: azure   #google or azure
#Start of Google Specific Configuration
g_project: kuberlytics             #Google project name
g_cluster_name: kuberlytics        #Name of your Google Cluster
g_region: us-east1                 #Selection from gcloud compute regions list.
g_zone: us-east1-b                  #Selection from gcloud compute regions list.
g_machine_type: n1-highmem-4        #Type of Server
g_account: jkuruzovich@gmail.com    #Email Associated with the account.
g_authorization_file: auth.json     #Service account authorization file.
g_service_account_name: kuberlytics2  #Service account name.
g_fixedip_namespace: jupyterhub-dojo
g_num_nodes: 1                      

## EDIT THE FILE NOW.


### Load the Config File and Helpers 
Set the `config` file and the `path` and then run the code below.  This will load some helper files. 

In [2]:
import sys 
import importlib
import ruamel.yaml
config_file='config/config.yaml'  #The configuration value set above.
path='/home/jovyan/admin-tools/' #Update this value if running locally.
sys.path.append(path+"lib/kuberutils") #Adds a local library path.
import kuberutils as ku   #This imports some utilities.
importlib.reload(ku)      #This just reloads the utilities.
cf=ku.initialize(path,config_file)  #This initializes a configuration object.

### Print Configuration
Optionally you can print the configuration and common commands for your desired cluster. You can use this as a reference and copy and paste into the terminal.

In [3]:
#This will print common commands for your clustl
print(ruamel.yaml.dump(cf, sys.stdout, Dumper=ruamel.yaml.RoundTripDumper))

#Where are you running notebooks? This is used for path.
docker: true     #True if executing on the Kuberlytics Docker Stack.
docker_path: /home/jovyan/work/admin-tools      #This should not change.
local_path: /Users/jasonkuruzovich/githubdesktop/0_class/admin-tools #This is the local path
cloud_provider: azure   #google or azure
#Start of Google Specific Configuration
g_project: kuberlytics             #Google project name
g_cluster_name: kuberlytics        #Name of your Google Cluster
g_region: us-east1                 #Selection from gcloud compute regions list.
g_zone: us-east1-b                  #Selection from gcloud compute regions list.
g_machine_type: n1-highmem-4        #Type of Server
g_account: jkuruzovich@gmail.com    #Email Associated with the account.
g_authorization_file: auth.json     #Service account authorization file.
g_service_account_name: kuberlytics2  #Service account name.
g_fixedip_namespace: jupyterhub-dojo
g_num_nodes: 1                      #The default nu

### Web Login

In order to use the web login, you need to run the command below and then enter the code in the generated web link.  Careful not to commit this code to github repository. 

TBD: Need someone to research loging in with service account. The way google works you can download a json file that can be used for authentication.  This is better for eventual automation. 


In [None]:
#For Azure: Use this. 
!az login


In [None]:
#!az account set --subscription 652b3848-14d2-4276-af14-fbcd7db53805


### Google - Service Account Login

This requires a authentication file for a service account to be placed in /config/gcloud.  


In [None]:
#Login 
#ku.bash_command('login',cf) #tbd

### Create Project 
Google calls them projects.  Azure calles them resource groups. Either way you need one. This useful to track spending and also ensure you delete all resources at the end. 


In [None]:
#This will set the create the project. 
result= ku.bash_command('create_project',cf)

#TBD, write a test to see if State= "Succeeded"

In [None]:
#This will set the project (Google Only). 
ku.bash_command('set_project',cf)

In [None]:
#This will set the zone (Google Only). 
ku.bash_command('set_zone',cf)


### Create the Cluster
This will create your Kubernetes Cluster. You have to wait for about 5 minutes before this finishes creating.

#TBD, write a test to see if State= "Succeeded"


In [None]:
ku.bash_command('create_cluster',cf)

### Backup SSH Keys
This will backup the SSH Keys.

In [4]:
print(ku.bash_command('mv ~/.ssh/id_rsa ~/.ssh/id_rsa_'+cf['cluster_name']))
print(ku.bash_command('mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa_'+cf['cluster_name']+'.pub'))


Executing mv ~/.ssh/id_rsa ~/.ssh/id_rsa_kubeastus2rpi:
 mv ~/.ssh/id_rsa ~/.ssh/id_rsa_kubeastus2rpi

Executing mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa_kubeastus2rpi.pub:
 mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa_kubeastus2rpi.pub



In [5]:
#This will create the cluseter and can be very long running. 
print(ku.bash_command('create_keyvault', cf))

Executing create_keyvault:
 az keyvault create --name=kubeastus2rpi --resource-group=kubeastus2rpi --location=eastus2 --enabled-for-template-deployment true
{
  "id": "/subscriptions/652b3848-14d2-4276-af14-fbcd7db53805/resourceGroups/kubeastus2rpi/providers/Microsoft.KeyVault/vaults/kubeastus2rpi",
  "location": "eastus2",
  "name": "kubeastus2rpi",
  "properties": {
    "accessPolicies": [
      {
        "applicationId": null,
        "objectId": "ff641e6b-6042-4327-9aff-d83b00f1f2ce",
        "permissions": {
          "certificates": [
            "get",
            "list",
            "delete",
            "create",
            "import",
            "update",
            "managecontacts",
            "getissuers",
            "listissuers",
            "setissuers",
            "deleteissuers",
            "manageissuers",
            "recover"
          ],
          "keys": [
            "get",
            "create",
            "delete",
            "list",
            "update",

In [6]:
dp=print(ku.bash_command('backup_public_key', cf))

Executing backup_public_key:
 az keyvault secret set --vault-name=kubeastus2rpi --name=id-rsakubeastus2rpi-pub --file=~/.ssh/id_rsa_kubeastus2rpi.pub
{
  "attributes": {
    "created": "2017-11-16T22:43:25+00:00",
    "enabled": true,
    "expires": null,
    "notBefore": null,
    "recoveryLevel": "Purgeable",
    "updated": "2017-11-16T22:43:25+00:00"
  },
  "contentType": null,
  "id": "https://kubeastus2rpi.vault.azure.net/secrets/id-rsakubeastus2rpi-pub/7b6dda9c6e4b41a889372b15159d5606",
  "kid": null,
  "managed": null,
  "tags": {
    "file-encoding": "utf-8"
  },
  "value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD27XRXl0lCF9F58vwxLyl6VVVoGP2+D4pEcyLwdAY75r2gLY1AWuPAXop5hcN+IabZABrPeHRfAEY8jOk1gJ8E8vlXoorN9kiKuU8knFRWMC1WXYUZw3qowbXVmDUMWXwinOicX2FIILL4zDJMG8cjhIksF0qVPDDse5z6mPTc62Bonu7PVZpJmgeZuX40wdGwaqHKIJtiLljpgD7XJq5BAUVWKpy4yw2TmfWWOReCCwO5+M9cxtW/BsRMeE9dNZe625UZMjDn0awf18+VECxXLWzoxZAHCAgpsyi2HUJVyFEyDGkVdDyFhPFN+67HGwn5+oxC9a0Kzh7aFGucF/bR"
}



In [7]:
dp=print(ku.bash_command('backup_private_key', cf))

Executing backup_private_key:
 az keyvault secret set --vault-name=kubeastus2rpi --name=id-rsa-kubeastus2rpi --file=~/.ssh/id_rsa_kubeastus2rpi
{
  "attributes": {
    "created": "2017-11-16T22:43:33+00:00",
    "enabled": true,
    "expires": null,
    "notBefore": null,
    "recoveryLevel": "Purgeable",
    "updated": "2017-11-16T22:43:33+00:00"
  },
  "contentType": null,
  "id": "https://kubeastus2rpi.vault.azure.net/secrets/id-rsa-kubeastus2rpi/578100dfa10f437a81b616ed88ad87b0",
  "kid": null,
  "managed": null,
  "tags": {
    "file-encoding": "utf-8"
  },
  "value": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA9u10V5dJQhfRefL8MS8pelVVaBj9vg+KRHMi8HQGO+a9oC2N\nQFrjwF6KeYXDfiGm2QAaz3h0XwBGPIzpNYCfBPL5V6KKzfZIirlPJJxUVjAtVl2F\nGcN6qMG11Zg1DFl8IpzonF9hSCCy+MwyTBvHI4SJLBdKlTww7Huc+pj03OtgaJ7u\nz1WaSZoHmbl+NMHRsGqhyiCbYi5Y6YA+1yauQQFFViqcuMsNk5n1ljkXggsDufjP\nXMbVvwbETHhPXTWXutuVGTIw59GsH9fPlRAsVy1s6MWQBwgIKbMoth1CVchRMgxp\nFXQ8hYTxTfuuxxsJ+fqMQvWtCs4e2hRrnBf20QIDAQABAoIBAQDDQ5lZ

### Get Credentials for Kubectl
We need to add the credentials for Kubectl to work. You need a bit of time for your Kubernetes to launch.

In [9]:
#gcloud container clusters get-credentials kuberlytics
print(ku.bash_command('get_credentials',cf))


Executing get_credentials:
 az acs kubernetes get-credentials --resource-group=kubeastus2rpi --name=kubeastus2rpi --ssh-key-file=~/.ssh/id_rsa_kubeastus2rpi
Merged "kubeastus2rpimgmt" as current context in /home/jovyan/.kube/config



In [10]:
#Check to see if we have Kubectl working. 
print(ku.bash_command("kubectl cluster-info"))


Executing kubectl cluster-info:
 kubectl cluster-info
[0;32mKubernetes master[0m is running at [0;33mhttps://kubeastus2rpimgmt.eastus2.cloudapp.azure.com[0m
[0;32mHeapster[0m is running at [0;33mhttps://kubeastus2rpimgmt.eastus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/heapster/proxy[0m
[0;32mKubeDNS[0m is running at [0;33mhttps://kubeastus2rpimgmt.eastus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/kube-dns/proxy[0m
[0;32mkubernetes-dashboard[0m is running at [0;33mhttps://kubeastus2rpimgmt.eastus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy[0m
[0;32mtiller-deploy[0m is running at [0;33mhttps://kubeastus2rpimgmt.eastus2.cloudapp.azure.com/api/v1/namespaces/kube-system/services/tiller-deploy/proxy[0m

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.



In [11]:
#Check notes with Kubectl
print(ku.bash_command("kubectl get node"))


Executing kubectl get node:
 kubectl get node
NAME                   STATUS    ROLES     AGE       VERSION
k8s-agent-7edcd35-0    Ready     agent     20h       v1.7.7
k8s-master-7edcd35-0   Ready     master    20h       v1.7.7



### Helm Installation.  
We are going to be utilizing Helm for  installations of a variety of analytics tools.  This command will install Tiller on your cluster.  As they say, "Happy Helming!" 

A critical factor for Helm is that you have the same version running locally and via your machine.  If you run helm version and you have the right version, then you should be fine.

```
Client: &version.Version{SemVer:"v2.6.2", GitCommit:"be3ae4ea91b2960be98c07e8f73754e67e87963c", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.6.2", GitCommit:"be3ae4ea91b2960be98c07e8f73754e67e87963c", GitTreeState:"clean"}
```

To install the appropriate version: 

```
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
RUN get_helm.sh --version v2.6.2

```


In [12]:
#This may need to be run more than once if you get a "cannot connect to server."
result=ku.bash_command("helm version")
result

Executing helm version:
 helm version


'Client: &version.Version{SemVer:"v2.6.2", GitCommit:"be3ae4ea91b2960be98c07e8f73754e67e87963c", GitTreeState:"clean"}\nServer: &version.Version{SemVer:"v2.6.1", GitCommit:"bbc1f71dc03afc5f00c6ac84b9308f8ecb4f39ac", GitTreeState:"clean"}\n'

In [13]:
# Both ACS and GKE install tiller on the server.
print(ku.bash_command('install_helm',cf))

Executing install_helm:
 helm init --client-only
Creating /home/jovyan/.helm 
Creating /home/jovyan/.helm/repository 
Creating /home/jovyan/.helm/repository/cache 
Creating /home/jovyan/.helm/repository/local 
Creating /home/jovyan/.helm/plugins 
Creating /home/jovyan/.helm/starters 
Creating /home/jovyan/.helm/cache/archive 
Creating /home/jovyan/.helm/repository/repositories.yaml 
$HELM_HOME has been configured at /home/jovyan/.helm.
Not installing Tiller due to 'client-only' flag having been set
Happy Helming!



In [14]:
#Run this command if the Client > Server version
print(ku.bash_command("helm init --upgrade"))

Executing helm init --upgrade:
 helm init --upgrade
$HELM_HOME has been configured at /home/jovyan/.helm.

Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!



In [None]:
#Verify 
result=ku.bash_command("helm version")
result

### Enabling Autoscaling (optional)

This should launch a pod within your kubernetes cluster that will handle autoscaling of the cluster. Note that this seems to take a while and may even timeout. Consider opening and running in a terminal session. 

In [None]:
#Google only. Currently Not possible with azure
ku.bash_command(cf['autoscale'])

#### That is it! You now have your own Kubernetes cluster that is ready to go. 

### Resize a Cluster
To stop a cluster without deleting it you just resize it to 0.

In [None]:
#TBD
ku.bash_command(cf['class_size_cluster'])

In [None]:
#TBD
#ku.bash_command(cf_g['stop_cluster'])

In [None]:
#TBD
ku.bash_command(cf['normal_size_cluster'])

### Deleting a Kubernetes Cluster

This will delete the Kubernetes cluster by deleting the entire project. This will prefent any future charges. 

In [None]:
#Always delete the namespace first. 
print(ku.bash_command('delete_project',cf))