Skip to content

Latest commit

 

History

History
118 lines (87 loc) · 3.8 KB

README.md

File metadata and controls

118 lines (87 loc) · 3.8 KB

managed kubernetes @ionos-enterprise

About kubernetes@ionos: https://www.ionos.de/enterprise-cloud/managed-kubernetes

This is just a kickstart guideline how to setup a basic k8s-cluster with an ingress controller and cert-manager.

initial setup

1st: cluster setup at DCD

  • login with your account at https://dcd.ionos.com/
  • create a managed kubernetes
  • add a node pool to the cluster
  • create a static ip
    • if you don't create this ip and provide it for ingress, k8s will create it and will get lost if the cluster will change / deleted / recreated
  • download the kubeconfig.yaml
  • set the downlaoded config as your default (export KUBECONFIG=/path/to/downloaded/kubeconfig.yaml)

2nd: install basic tools

Manage request to the services.

ingress controller

cert-manager

Let's encrypt support for your http traffic.

  • install cert-manager via helm
    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml
    helm install cert-manager cert-manager --namespace cert-manager --create-namespace --repo https://charts.jetstack.io
  • create a cluster issuer for the cert-manager:
    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
      name: letsencrypt-prod
    spec:
      acme:
        # You must replace this email address with your own.
        # Let's Encrypt will use this to contact you about expiring
        # certificates, and issues related to your account.
        email: [email protected]
        server: https://acme-v02.api.letsencrypt.org/directory
        privateKeySecretRef:
          # Secret resource used to store the account's private key.
          name: letsencrypt-prod-key
        # Add a single challenge solver, HTTP01 using nginx
        solvers:
        - http01:
            ingress:
              class: nginx

demo cluster

Justs clone this repository and replace example.org with your domain and apply in this order:

# clone and enter the project folder
git clone [email protected]:Loumaris/kubernetes-ionos-example.git
cd kubernetes-ionos-example

# create a simple echo service
kubectl apply -f demo/001-echo-pod.yaml

# create a simple whoami-service
kubectl apply -f demo/002-whoami-deployment.yaml

# setup ingress to get the domain up and running (without tls)
kubectl apply -f demo/003-ingress-without-tls.yaml

# create a let's encrypt certificate
kubectl apply -f demo/004-certificate.yaml

# setup ingress with the new certificate
kubectl apply -f demo/005-ingress-with-tls.yaml

######
## next steps are only for graylog as central logging service
######

# create a config map for fluentd
kubectl apply -f demo/006-fluentd-setup-config.yaml

# setup fluentd daemonset - you need to change the ENV
kubectl apply -f demo/007-fluentd-setup.yaml

Now you can reach https://example.org and https://example.org/who :) Feel free to add new services ;-)

update a service inside the cluster

option 1: change the yaml

You can alway update the yaml and apply it via kubectl apply -f <service.deployment.yml>

option 2: patch via kubectl

For CI/CD you can change the image via kubectl directly: kubectl set image deployment/<service_name> <service_name>=$CONTAINER_RELEASE_IMAGE --record

Contributing

Contributions are most welcome!

This example is just getting started, please contribute to make it super awesome.