unikorn-cloud / kubernetes

Cluster API driven PaaS Orchestrator
Apache License 2.0
3 stars 7 forks source link

Unikorn Kubernetes Service

Unikorn Logo Unikorn Logo

Overview

Resources

Unikorn Kubernetes service abstracts away installation of Cluster API.

There are two resource types:

Cluster managers are actually contained themselves in virtual clusters, this allows horizontal scaling and multi-tenant separation.

Services

Unikorn is split up into domain specific micro-services:

Installation

Unikorn Prerequisites

The use the Kubernetes service you first need to install:

Installing the Service

Is all done via Helm, which means we can also deploy using ArgoCD. As this is a private repository, we're keeping the charts private for now also, so you'll need to either checkout the correct branch for a local Helm installation, or imbue Argo with an access token to get access to the repository.

Installing ArgoCD

ArgoCD is a required to use Unikorn.

Deploy Argo using Helm (the release name is hard coded, don't change it yet please):

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm install argocd argo/argo-cd -n argocd --create-namespace

Installing Prerequisites

The Unikorn server component has a couple prerequisites that are required for correct functionality. If not installing server you can skip to the next section.

You'll need to install:

Helm ```shell helm repo add jetstack https://charts.jetstack.io helm repo add nginx https://helm.nginx.com/stable helm repo update helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace helm install nginx-ingress nginx/nginx-ingress -n nginx-ingress --create-namespace --set controller.ingressClassResource.default=true ```
ArgoCD ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: cert-manager namespace: argocd spec: project: default source: chart: cert-manager helm: parameters: - name: installCRDs value: "true" releaseName: cert-manager repoURL: https://charts.jetstack.io targetRevision: v1.10.1 destination: name: in-cluster namespace: cert-manager syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: nginx-ingress namespace: argocd spec: project: default source: chart: nginx-ingress helm: parameters: - name: controller.service.httpPort.enable value: "false" releaseName: nginx-ingress repoURL: https://helm.nginx.com/stable targetRevision: 0.16.1 destination: name: in-cluster namespace: nginx-ingress syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true ```

Installing the Kubernetes Service

Helm Create a `values.yaml` for the server component: A typical `values.yaml` that uses cert-manager and ACME, and external DNS could look like: ```yaml server: ingress: host: unikorn.unikorn-cloud.org clusterIssuer: letsencrypt-production externalDns: true oidc: issuer: https://identity.unikorn-cloud.org ``` ```shell helm install unikorn-kubernetes charts/kubernetes --namespace unikorn-kubernetes --create-namespace --values values.yaml ```
ArgoCD ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: unikorn namespace: argocd spec: project: default source: repoURL: https://unikorn-cloud.github.io/kubernetes chart: kubernetes targetRevision: v0.1.8 destination: namespace: unikorn server: https://kubernetes.default.svc syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true ```

Configuring Service Authentication and Authorization

The Unikorn Identity Service describes how to configure a service organization, groups and role mappings for services that require them.

This service requires asynchronous access to the Unikorn Region API in order to poll cloud identity and physical network status during cluster creation, and delete those resources on cluster deletion.

This service defines the unikorn-kubernetes user that will need to be added to a group in the service organization. It will need the built in role infra-manager-service that allows:

Monitoring & Logging

See the monitoring & logging documentation from more information on configuring those services in the first instance..

Documentation

API (Unikorn Server)

Consult the server API documentation to get started.

Development

Consult the developer documentation for local development instructions.

The architecture documentation details how it all works, and the design considerations.