Skip to content

Single-region insecure cluster on EKS tutorial #5047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 13, 2019
Merged

Single-region insecure cluster on EKS tutorial #5047

merged 1 commit into from
Jul 13, 2019

Conversation

jseldess
Copy link
Contributor

@jseldess jseldess commented Jul 12, 2019
edited
Loading

How to run insecure on EKS using configs and helm.

Running secure will be handled in a separate PR.

  • Secure with standard configs doesn't work due to some issue with Kubernetes-created CSRs on EKS. Will need to use different configs to use certs generated outside of Kubernetes.
  • Secure with helm won't work because it uses standard configs. We will probably need distinct helm charts to GKE and EKS. Opened this issue: Helm charts for secure CockroachDB on EKS cockroach#38847. Secure with helm on EKS is therefore out-of-scope for now.

Addresses #5042.

@cockroach-teamcity
Copy link
Member

This change is Reviewable

@jseldess jseldess changed the title [WIP] Starting EKS tutorial changes [WIP] Single-region EKS tutorial Jul 12, 2019
@cockroach-teamcity
Copy link
Member

Online preview: http://cockroach-docs-review.s3-website-us-east-1.amazonaws.com/83f22f6949bc846dd6f8a3fa80c1ef8e4389eb4a/

Edited pages:

@cockroach-teamcity
Copy link
Member

Online preview: http://cockroach-docs-review.s3-website-us-east-1.amazonaws.com/f8b183d45cb6a95cccf12d0b5dab7483eeb4815e/

Edited pages:

@jseldess jseldess changed the title [WIP] Single-region EKS tutorial Single-region insecure cluster on EKS tutorial Jul 12, 2019
@jseldess jseldess requested a review from DuskEagle July 12, 2019 18:00
@cockroach-teamcity
Copy link
Member

Online preview: http://cockroach-docs-review.s3-website-us-east-1.amazonaws.com/a893bf50c1e5c20a582e33f2c7aa726b296cb50b/

Edited pages:

@jseldess
Copy link
Contributor Author

A few issues found during testing that are probably independent of these instructions:

When I started a cluster via helm on EKs, the cockroach version was 2.1.1:

~$ kubectl run cockroachdb -it --image=cockroachdb/cockroach:v19.1.2 --rm --restart=Never -- node status --insecure --host=my-release-cockroachdb-public
  id |                                     address                                     | build  |            started_at            |            updated_at            | is_available | is_live
+----+---------------------------------------------------------------------------------+--------+----------------------------------+----------------------------------+--------------+---------+
   1 | my-release-cockroachdb-0.my-release-cockroachdb.default.svc.cluster.local:26257 | v2.1.1 | 2019-07-12 17:33:24.152488+00:00 | 2019-07-12 17:42:28.706545+00:00 | true         | true
   2 | my-release-cockroachdb-1.my-release-cockroachdb.default.svc.cluster.local:26257 | v2.1.1 | 2019-07-12 17:33:27.48001+00:00  | 2019-07-12 17:42:27.548286+00:00 | true         | true
   3 | my-release-cockroachdb-2.my-release-cockroachdb.default.svc.cluster.local:26257 | v2.1.1 | 2019-07-12 17:39:02.015971+00:00 | 2019-07-12 17:42:29.033669+00:00 | true         | true
(3 rows)

Don't understand why that would be given the chart says 19.1.2: https://github.com/helm/charts/blob/master/stable/cockroachdb/values.yaml#L8

Also, the helm config doesn't seem to have the app label, which we rely on to delete resources with one fell swoop (and maybe for other reasons). In the absence of that, I'll probably have to update the "Stop the cluster" section for helm.

@DuskEagle
Copy link
Member

I don't see a reason why we couldn't add an app label to our Helm charts. It seems a lot of other Helm charts either have an app or a app.kubernetes.io/name label.

@cockroach-teamcity
Copy link
Member

Online preview: http://cockroach-docs-review.s3-website-us-east-1.amazonaws.com/d702e9c706c7eff4537935c86ec66fc6ed7d5704/

Edited pages:

@DuskEagle
Copy link
Member

I think the v2.1.1 happened because you didn't run helm repo update before starting. Could you add that to the instructions?

DuskEagle
DuskEagle requested changes Jul 12, 2019
View reviewed changes
Copy link
Member

@DuskEagle DuskEagle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @DuskEagle and @jseldess)

v19.1/orchestrate-cockroachdb-with-kubernetes-insecure.md, line 144 at r1 (raw file):

    {% include copy-clipboard.html %}
    ~~~ shell
    $ helm delete my-release-cockroachdb

Adding a --purge flag here will free up the "cockroachdb" name in Helm in case a user wants to launch another CRDB cluster using Helm into the same Kubernetes cluster.

@jseldess
Running insecure on EKS with configs or helm
98e1b16 
Running secure will be covered in a separate PR.

Addresses #5042.
jseldess
jseldess commented Jul 12, 2019
View reviewed changes
Copy link
Contributor Author

@jseldess jseldess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a step for helm repo update as well.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @DuskEagle)

v19.1/orchestrate-cockroachdb-with-kubernetes-insecure.md, line 144 at r1 (raw file):

Previously, DuskEagle (Joel Kenny) wrote…

Adding a --purge flag here will free up the "cockroachdb" name in Helm in case a user wants to launch another CRDB cluster using Helm into the same Kubernetes cluster.

Done.

@cockroach-teamcity
Copy link
Member

Online preview: http://cockroach-docs-review.s3-website-us-east-1.amazonaws.com/98e1b1672ae873030bd2ab186628a61bb883cef9/

Edited pages:

DuskEagle
DuskEagle approved these changes Jul 12, 2019
View reviewed changes
Copy link
Member

@DuskEagle DuskEagle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 6 files at r1, 4 of 4 files at r2.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @DuskEagle)

@jseldess jseldess merged commit e7c5f29 into master Jul 13, 2019
@jseldess jseldess deleted the kubernetes-eks branch July 13, 2019 00:56
@jseldess jseldess mentioned this pull request Jul 16, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DuskEagle DuskEagle DuskEagle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jseldess @cockroach-teamcity @DuskEagle