Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Kube-Platform

Create production ready Development Platform for Kubernetes. It contains tools for:

  • Monitoring, Alerting, Logging
  • Ingress based adding of DNS entries and TLS Certificates
  • Oauth based authentication
  • CI/CD tool

In detail - installed tools are:

  • Ingress Controller
  • Prometheus mit node-exporter, Grafana, Alert Manager, kube-state-metrics etc.
  • EFK Stack
  • External DNS
  • cert-manager
  • oauth2-proxy
  • keycloak
  • argo Workflow, argo-events

Precondition

  • Installed kustomize 2.0.1
  • Running GKE Kubernetes Cluster with at least n1-standard-2 machines

Configuration

What you need to know now:

  • An Email Adress for HTTPS-Certificate issues
  • Your new DNS zone name (e.g. kubeplatform.my.domain.io)
  • A GCP project ID (e.g. my-google-project-223304)

Own OAUTH provider

KubePlatform comes with a preconfigured KeyCloak used for user management and oauth2 authentication. If you plan to use your own oauth provider, collect these parameters:

  • An Issuer URL for OpenID Connect
  • Client ID and its client secret
  • Cookie Secret

Add these paramteres to:

  • oauth2-proxy.properties
  • patches/oauth2-proxy-patch.yaml

Installation

The installation consists basically of these parts

  1. GCE configuration
  2. Overlay Configuration
  3. Installing yamls on Kubernetes

GCE configuration

GCE Preparation and DNS Configuration

  1. Create a new DNS Zone and a ServiceAccount to be used by external-dns to add hosts to:
export PROJECT_ID=my-google-project-223304
export DOMAIN=kubeplatform.my.domain.io

gcloud dns managed-zones create "${DOMAIN//./-}" \
    --dns-name "$DOMAIN." \
    --description "Automatically managed zone by kubernetes.io/external-dns"

gcloud iam service-accounts create ${DOMAIN//./-} \
    --display-name "${DOMAIN//./-} service account for external-dns"

gcloud iam service-accounts keys create ./google-credentials.json \
  --iam-account ${DOMAIN//./-}@$PROJECT_ID.iam.gserviceaccount.com

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:${DOMAIN//./-}@$PROJECT_ID.iam.gserviceaccount.com --role roles/dns.admin
  1. Ensure that the downloaded credential file google-credentails.json is the google-overlay folder
  2. Make a note of the nameservers that were assigned to your new DNS zone (and enter them as NS entries in your providers DNS):
gcloud dns record-sets list \
    --zone "${DOMAIN//./-}" \
    --name "$DOMAIN." \
    --type NS

Overlay Configuration

Configuration is made in these three files:

  • kubeplatform.properties
    • Enter the desired domain (e.g. DOMAIN=kubeplatform.my.domain.io)
    • Enter the GCE project (e.g. PROJECT=my-google-project-223304)
  • cluster-issuer-patch.yaml
    • Enter two email adresses for Letsencrypt certificate. One for staging and one (or the same) for prod.
  • kustomization.yaml
    • Choose namePrefix, nameSuffix and namespace
    • If you plan to use letencrypt prod environment instead of staging, change var CLUSTER_ISSUER_NAME accordingly

Installing yamls

  1. create Kubernetes cluster and retrieve kubectl credentials
  2. kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=my@google.account.com
  3. create namespace you have chosen above
  4. execute kustomize build google-overlay | kubectl apply -f -

Finalize

Wait until your PODs are running

Setup a User in Keycloak:

  1. A call to https://keycloak.$(DOMAIN)/auth/admin/ should point you to your Keycloak instance (usename is keycloak password refer to your kustomization.yaml)
  2. Add a user of your choice in Manage/Users (must have an email adress). Please refer to the respective keycloak documentation

You should then be able to use this user to go to:


using ARGO

For running basic workflows refer to the demos page.

For using it for CI refer to this example