Update documentation, related to additional services #255
Conversation
naumvd95
commented
Mar 22, 2018
•
naumvd95
commented
- mail service attach
- ldap service attach
- prometheus service attach
- cloud providers settings
- Nginx-service default configuration
|
Can you add someone who can check english grammar as reviewer? |
naumvd95
requested review from
mikezuniga,
katyafervent,
tomkukral and
atengler
|
@atengler @mzlatkova should check this |
|
@mzlatkova good idea, and what do u think, maybe its better to post it only on readthedocs.io? |
|
@atengler @tomkukral what do u think about it? |
|
@naumvd95 Yes, I think that would be better. |
RATIONALE.md
Outdated
| @@ -65,4 +65,102 @@ KQueen supplies the backend API for provider-agnostic cluster management. It ena | |||
| * **Update** - install newer version of Kubernetes | |||
| * **Autoscale** - watch Kubernetes scheduler or pods and start new minions when all existing minions are fully utilized | |||
| * **Manage addons** - enable or disable cluster addons | |||
|
|
|||
| * **Members managing** - Its possible to define own mail server or use default to provide user registering into Kqueen. | |||
There was a problem hiding this comment.
what is own and default mail servers are not really clear. Need to add some clarification as:
--> To provide user registration by invitations from other users by emails, mail server should be set up. it is possible to use already existing mail service or to run new one.
RATIONALE.md
Outdated
| KQUEENUI_MAIL_PORT: 10025 | ||
| ``` | ||
| Pay attention that volume-mapping for mail containers is additional feature. It used for store mailing history and forward additional postfix mail configuration (it should configured properly on local machine), | ||
| otherwise its possible to run mail server without volume-mapping. After all configuration steps, user should invite members using email notification. Member should receive mail with activation link to Kqueen service and possibility of password-setting. |
There was a problem hiding this comment.
I suggest to move last to sentences to the top of this section, to clarify to the user why mail server is needed at all
RATIONALE.md
Outdated
| ``` | ||
| Pay attention that volume-mapping for mail containers is additional feature. It used for store mailing history and forward additional postfix mail configuration (it should configured properly on local machine), | ||
| otherwise its possible to run mail server without volume-mapping. After all configuration steps, user should invite members using email notification. Member should receive mail with activation link to Kqueen service and possibility of password-setting. | ||
| Superadmin also can manage member roles. |
There was a problem hiding this comment.
Do we need to add here, that superadmin can invite admins also?
RATIONALE.md
Outdated
| # Download it | ||
| # On Kqueen UI choose ```Create Provisioner``` | ||
| # Choose ```Google Kubernetes Engine``` | ||
| # Insert your project ID (```Project info``` tab on the main page of GCE Dashboard https://console.cloud.google.com ) |
There was a problem hiding this comment.
In the last code version project ID is not required anymore, only ssh key
RATIONALE.md
Outdated
|
|
||
| * **Google Kubernetes Engine** | ||
|
|
||
| # Register account on GCE (https://console.cloud.google.com) |
There was a problem hiding this comment.
All your # is a first-level headers, did you want to * instead?
Also I suggest to remove * from * Google Kubernetes Engine and add to the list of provided steps, smth like:
Provisioner configuration settings ## -2d level section
Google Kubernetes Engine ### -3d level section
- Register
naumvd95
force-pushed
the
kqueen-docs
branch
2 times, most recently
from
c981eb2
to
53b5c71
Compare
docs/kqueen.rst
Outdated
| curl <<prometheus_host>>:<<prometheus_port>>/metrics | ||
|
|
||
|
|
||
| Provisioner configuration settings |
There was a problem hiding this comment.
Provision a Kubernetes cluster?
Please add an intro, for example:
You can provision a Kubernetes cluster using various community installers or provisioners, such as ...
Provision a Kubernetes cluster using the Google Kubernetes Engine:
1.
2.
3.
Provision a Kubernetes cluster using the Azure Kubernetes Service:
1.
2.
3.
...
docs/kqueen.rst
Outdated
| @@ -153,6 +153,110 @@ in the configuration file, set the environment variable matching the KQUEEN_<con | |||
| - Addresses allowed to access metrics endpoint without token | |||
|
|
|||
|
|
|||
| External services deployment | |||
| ------- | |||
There was a problem hiding this comment.
An intro needed. For example:
Before you provision a Kubernetes cluster, you may need to deploy and configure the following external services:
- Members management (describe the details)
- Metrics collecting (describe the details)
To set up members management:
To set up metrics collecting:
docs/kqueen.rst
Outdated
| @@ -153,6 +153,110 @@ in the configuration file, set the environment variable matching the KQUEEN_<con | |||
| - Addresses allowed to access metrics endpoint without token | |||
|
|
|||
|
|
|||
| External services deployment | |||
There was a problem hiding this comment.
Deploy external services
docs/kqueen.rst
Outdated
|
|
||
| External services deployment | ||
| ------- | ||
| * **Members managing** - To provide user registration by invitations from other users by emails, mail server should be set up. |
There was a problem hiding this comment.
To provide user registration by invitations from other users by emails --> To provide user registration by emails invitations from other users.
docs/kqueen.rst
Outdated
| * **Members managing** - To provide user registration by invitations from other users by emails, mail server should be set up. | ||
| It is possible to use kqueen predefined mail service or to run new one. | ||
|
|
||
| * **Metrics collecting** - Its possible to add external Prometheus serveri to extend monitoring in Kqueen. In case of using external server, need to include rules from kqueen/prod/prometheus into existing Prometheus service. Otherwise, its possible to use predefined Prometheus, defined in docker-compose.production.yml. |
There was a problem hiding this comment.
in docker-compose.production.yml <https://github.com/Mirantis/kqueen/blob/master/docker-compose.production.yml>_
docs/kqueen.rst
Outdated
| .. code-block:: yaml | ||
| KQUEEN_PROMETHEUS_WHITELIST: '172.16.238.0/24' | ||
|
|
||
| There two ways to get metrics: |
There was a problem hiding this comment.
There two -> there are two
docs/kqueen.rst
Outdated
|
|
||
| **Azure Kubernetes Service** | ||
| 1. Login into https://portal.azure.com with your azure account | ||
| 2. Follow official Microsoft guide https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-azure-active-directory-application |
There was a problem hiding this comment.
Follow official Microsoft guide --> need to add aim of following that guide, user should understand why this guide is needed at all in this instruction. I suggest to combine p2 and p3, smth like:
To be able to connect kqueen and Azure Application ID, Application Secret, Tenant ID (Directory ID), Subscription ID are required. Please, follow ... to find those entities.
docs/kqueen.rst
Outdated
| 3. Get Application ID, Application Secret, Tenant ID (Directory ID), Subscription ID | ||
| 4. Pay attention to set ‘Owner’ role to your Application in Subscription settings to provide possibility of creating k8s clusters. (see latest steps in p.2). Save Application secret manually, because it will be unavailable from Azure Web UI after generating. | ||
| 5. Create Resource group from ‘Resource groups’ tab and get ‘Resource group name’ | ||
| 6. Check that Application had ‘Owner’ role in Resource group. (go to ‘Resource groups’ -> your_group -> Access Control(IAM)) |
There was a problem hiding this comment.
check -> if there are no owner role in your resource group, please add it at ‘Resource groups’ -> your_group -> Access Control(IAM) or smth like that
docs/kqueen.rst
Outdated
| 5. Create Resource group from ‘Resource groups’ tab and get ‘Resource group name’ | ||
| 6. Check that Application had ‘Owner’ role in Resource group. (go to ‘Resource groups’ -> your_group -> Access Control(IAM)) | ||
| 7. Go to Kqueen ‘Create provisioner’ tab and choose AKS engine | ||
| 8. Set ‘Client ID’ as Application ID from p.3 |
There was a problem hiding this comment.
Set ‘Client ID’ as Application ID --> set application id as 'Client ID', since before in the instruction we deal only with app id
docker-compose.demo.yml
Outdated
| @@ -1,7 +1,8 @@ | |||
| version: '2' | |||
| services: | |||
| api: | |||
| image: kqueen/api:v0.18 | |||
| # image: kqueen/api:v0.18 | |||
| image: vnaumov/kqueen-api:mk1 | |||
| ports: | |||
There was a problem hiding this comment.
Is this intentional? This looks like local image
docs/kqueen.rst
Outdated
|
|
||
|
|
||
| Backup | ||
| **To set up the mail server** | ||
| ------- |
There was a problem hiding this comment.
Remove ** from header and set ------- length equal to the text length so all formatting will be done automatically.
And for all headers below do the same, please.
docs/kqueen.rst
Outdated
|
|
||
| .. note:: | ||
|
|
||
| The Admin Console in the Azure portal is supported only in Internet Explorer and Microsoft Edge and may fail to operate in other browsers due to Microsoft issues such as |
There was a problem hiding this comment.
to Microsoft issues <https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/18602776-admin-console-support-on-mac-osx/>_.
docs/kqueen.rst
Outdated
|
|
||
|
|
||
|
|
||
| ** To manually add an existing Kubernetes cluster:** |
There was a problem hiding this comment.
remove ** and make it sub header with
To manually add an existing Kubernetes cluster
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
and add empty line
naumvd95
force-pushed
the
kqueen-docs
branch
4 times, most recently
from
5307d4d
to
5240636
Compare
naumvd95
force-pushed
the
kqueen-docs
branch
2 times, most recently
from
204606f
to
4edcc8b
Compare
docs/kqueen.rst
Outdated
|
|
||
| The only one statefull component of Kqueen is the etcd and users should follow https://coreos.com/etcd/docs/latest/v2/admin_guide.html#disaster-recovery. We are using `v2` etcd keys so example backup workflow can be: | ||
| * Nginx proxy server, to configure ssl support, domain naming and define certificates. |
There was a problem hiding this comment.
NGINX proxy server, to configure SSL support, domain naming, and to define certificates.
docs/kqueen.rst
Outdated
|
|
||
| Recovery | ||
| To set up the nginx server |
There was a problem hiding this comment.
To set up the NGINX server:
docs/kqueen.rst
Outdated
| To set up the nginx server | ||
| -------------------------- | ||
|
|
||
| 1. Configure variables in '.env' file from Nginx section: |
There was a problem hiding this comment.
- Open the '.env' file for editing.
- Configure the variables the Nginx section:
docs/kqueen.rst
Outdated
| NGINX_SSL_CERTIFICATE_DIR=/mnt/letsencrypt | ||
|
|
||
| 2. Open the docker-compose.production.yml file for editing. | ||
| 3. Check proxy service configuration in docker-compose.production.yml. Pay attention on following variables: |
There was a problem hiding this comment.
Verify the proxy service configuration. Pay attention to the following variables:
docs/kqueen.rst
Outdated
| 2. Open the docker-compose.production.yml file for editing. | ||
| 3. Check proxy service configuration in docker-compose.production.yml. Pay attention on following variables: | ||
|
|
||
| 1. ``VHOSTNAME`` - domain name for Kqueen service. Should be equal with domain name in generated certificates. Default: Using variable from .env file, named NGINX_VHOSTNAME |
There was a problem hiding this comment.
-
VHOSTNAME, the domain name for the KQueen service. Should be the same as the domain name in the generated certificates. By default, the NGINX_VHOSTNAME from the .env file is used.
-
SSL_CERTIFICATE_DIR, the mapped directory for certificates forwarding into a docker container. By default. the NGINX_SSL_CERTIFICATE_DIR/NGINX_VHOSTNAME variable from the .env fil is used.
-
SSL_CERTIFICATE_PATH, the path for the cert+key certificate. The default is$SSL_CERTIFICATE_DIR/fullchain.cer.
-
SSL_CERTIFICATE_KEY_PATH, the path for the certificate key. The default is$SSL_CERTIFICATE_DIR/$VHOSTNAME.key.
-
SSL_TRUSTED_CERTIFICATE_PATH, the path for the certificate. The default is$SSL_CERTIFICATE_DIR/ca.cer
docs/kqueen.rst
Outdated
| 6. From the to ``Resource groups`` -> your_group -> Access Control (IAM) tab, verify that the Application has the ``Owner`` role in Resource group. | ||
| 7. Log in to the KQueen web UI. | ||
| 8. From the ``Create provisioner`` tab, select the AKS engine and set the following: | ||
| 1. Set the ``Client ID`` as Application ID from p.3. |
There was a problem hiding this comment.
p.3 --> step 3.
(please change below as well)
docs/kqueen.rst
Outdated
|
|
||
| The Admin Console in the Azure portal is supported only in Internet Explorer and Microsoft Edge and may fail to operate in other browsers due to Microsoft `issues <https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/18602776-admin-console-support-on-mac-osx>`_. | ||
|
|
||
| **Pay attention** that AKS created separate resource during kubernetes cluster creating (it used defined Resource Group as prefix ). It may affect your billing. For ex.: |
There was a problem hiding this comment.
.. note::
The AKS creates a separate resource during the creation of a Kubernetes cluster and uses the defined Resource Group as a prefix. This may affect your billing. For example:
.. code-block:: text
Your Resource Group : Kqueen
Additional cluster-generated Resource Group: MC_Kqueen_44a37a65-1dff-4ef8-97ca-87fa3b8aee62_eastus
For more information, see Azure/AKS#3 and https://docs.microsoft.com/en-us/azure/aks/faq#why-are-two-resource-groups-created-with-aks.
docs/kqueen.rst
Outdated
| As a result, the Kubernetes cluster will be attached in a read-only mode. | ||
|
|
||
|
|
||
| ETCD Backup |
There was a problem hiding this comment.
Etcd backup and recovery
docs/kqueen.rst
Outdated
|
|
||
| The ``v2`` etcd keys are used in deployment. | ||
|
|
||
| Example of a backup and recovery workflow: |
There was a problem hiding this comment.
Example of etcd backup workflow:
docs/kqueen.rst
Outdated
| etcdctl backup --data-dir /var/lib/etcd/default --backup-dir /root/backup/ | ||
|
|
||
|
|
||
| Recovery |
There was a problem hiding this comment.
Example of etcd recovery workflow:
naumvd95
force-pushed
the
kqueen-docs
branch
2 times, most recently
from
722248f
to
80b0075
Compare
|
@mzlatkova @katyafervent Can you re-review? It seems that change requests were addressed |
docs/kqueen.rst
Outdated
|
|
||
| Volume-mapping for mail containers is an additional feature that enables storing the mailing history and forwards an additional postfix mail configuration. You must properly configure it on the local machine. Otherwise, you can run the mail server without volume-mapping. | ||
|
|
||
| To set up metrics collecting |
There was a problem hiding this comment.
Either make it:
To set up metrics collecting:
Or:
Set up metrics collecting
--------------------------------
docs/kqueen.rst
Outdated
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| 1. Log in to the KQueen web UI. | ||
| 1. Create ``Manual Provisioner``. |
docs/kqueen.rst
Outdated
|
|
||
| Volume-mapping for mail containers is an additional feature that enables storing the mailing history and forwards an additional postfix mail configuration. You must properly configure it on the local machine. Otherwise, you can run the mail server without volume-mapping. | ||
|
|
||
| To set up metrics collecting |
There was a problem hiding this comment.
The same for lines 210 and 164.
docs/kqueen.rst
Outdated
| As a result, the Kubernetes cluster will be attached in a read-only mode. | ||
|
|
||
|
|
||
| ETCD Backup and recovery |
There was a problem hiding this comment.
Back up and recover etcd
docs/kqueen.rst
Outdated
|
|
||
| :: | ||
| Example of a backup workflow: |
There was a problem hiding this comment.
Example of etcd backup workflow:
docs/kqueen.rst
Outdated
| 9. In the KQueen web UI, click ``Deploy Cluster``. | ||
| 10. Select the AKS provisioner. | ||
| 11. Specify the cluster requirements. | ||
| 12. Specify the public SSH key to connect to AKS VM’s. For ssh access into created VM’s, need to assign the public IP address to the VM (follow example `guide <https://gist.github.com/naumvd95/576d6e48200597ca89b26de15e8d3675>`_). Then it is possible to ``ssh azureuser@<<public_ip>> -i .ssh/your_defined_id_rsa`` |
There was a problem hiding this comment.
Make this a note or a separate step. Should this be done before step 12?
For SSH access to the created VM’s, assign the public IP address to the VM as described in guide <https://gist.github.com/naumvd95/576d6e48200597ca89b26de15e8d3675>_). Once done, use the following command: ssh azureuser@<<public_ip>> -i .ssh/your_defined_id_rsa.
naumvd95
force-pushed
the
kqueen-docs
branch
2 times, most recently
from
ccc9df8
to
8f89879
Compare
katyafervent
changed the title
- mail service attach - ldap service attach - proxy service attach - prometheus service attach - cloud providers settings Pay attention, than there is no Nginx-service default configuration, it depends on #246
