search

dwmkerr / terraform-aws-openshift

Create infrastructure with Terraform and AWS, install OpenShift. Party!
http://www.dwmkerr.com/get-up-and-running-with-openshift-on-aws
MIT License
170 stars 174 forks source link

Add a router #14

Closed jayunit100 closed 7 years ago

jayunit100 commented 7 years ago

It Looks like no routers are being configured in these installations ?

dwmkerr commented 7 years ago

The default haproxy ingress should be set up by standard, but it would be great to document this in more detail, as well as how to customise the router!

jayunit100 commented 7 years ago

Yes not sure what the default admin login is so I can't see kube-system / default namespaces .

jayunit100 commented 7 years ago

I guess follow up ==> How do we admin the cluster ...

jayunit100 commented 7 years ago

Oh, one other thing, I guess the HAproxy router node will need opened ports in AWS....

dwmkerr commented 7 years ago

Yeah let me take a look in to this, am spending some time on the repo at the moment

dwmkerr commented 7 years ago

Hi @jayunit100 hopefully this should help!

I've added more explicit documentation on how to manage and administer the cluster - including how to get on the master node so that you can run the commands needed to handle the router:

https://github.com/dwmkerr/terraform-aws-openshift#accessing-and-managing-openshift

In short:

  1. The router is actually created by default, if you want to see it running use:
$ ssh -t -A ec2-user@$(terraform output bastion-public_dns) ssh master.openshift.local
$ oc get pods
NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-d9734    1/1       Running   0          2h
registry-console-1-cm8zw   1/1       Running   0          2h
router-1-stq3d             1/1       Running   0          2h

You'll see the router and can mess around with it (or use oadm add router etc if you want to, as long as you are on the master)

  1. The ingress is enabled: https://github.com/dwmkerr/terraform-aws-openshift/blob/master/modules/openshift/02-security-groups.tf#L30 The security group for each node allows HTTP and HTTPS so pods will serve requests fine :)

I think this handles the issues on this ticket, but let me know if you need it to be re-opened and any thoughts on the updated docs would be great!

jayunit100 commented 7 years ago

Awesome thanks dwm. Do you need help running this in continuous deployment ?

Am happy to collaborate and have resources for ec2 to make this a "de facto" origin from zero recipe for the community.

Just reach out - happy to collaborate.

dwmkerr commented 7 years ago

Running in a continuous fashion would be great, what did you have in mind? One challenge I've seen (at least for members of the community) is that the size of the instance needed to run the master node is quite large, which makes the running costs reasonably high. It's not a problem so much for me as I have a certain amount of AWS credit to work with and just run the project for a short while, but it might make spinning things up in a continuous fashion quite expensive