Skip to content

Latest commit

 

History

History
164 lines (119 loc) · 7.17 KB

README.md

File metadata and controls

164 lines (119 loc) · 7.17 KB

pks-jump-azure

pks-jump-azure creates an ubuntu based jumpbox to auto-deploy Pivotal PKS (1.3 and above) on azure.
it is based on an azure rm deployment template.

Cloning or downloading the repo is not required, as the arm automation takes care for all scripts It will pave the infrastructure using Pivotal terraforming-azure.
Pivotal Operations Manager will be installed and configured using Pivotal om cli.
PKS and Harbor Tiles will be deployed using om cli.
For that, the Tiles and required Stemcell(s) are downloaded automatically.

Supported Versions

  • OpsManager 2.5x and 2.6x
  • Pivotal PKS 1.4.x
  • Harbor >=1.7.3
  • Greenplum for Kubernetes >= 0.8.x

features

  • automated opsman deployment and configuration
  • jumphost with additional datadisk for tiles and sw uploads, pks, k8s, uaac, bbr and other cli´s
  • secure deployment bey using system managed identities and keyvault
  • pks infrastructure paving using terraform
  • autopilot for deploying pks + harbor
  • certificate generation using selfsigned or let´s encrypt certificates
  • dns registration of api loadbalancer ip
  • network peering from jumphost to pks networks
  • dns configuration and check
  • creation of public lb and dns a records for k8s clusters
  • script for additional k8s clusters
  • load balancer rules for uaa and api access
  • example templates for psp´s and nginx
  • deployment of greenplum
  • drafted pas on k8s

requirements

  • a Azure Key Vault hosting all credentials / secrets required
  • service principal, needs to have owner rights on subscription in order to create custom roles and Managed Identities
  • a pivotal network account ( pivnet ) and a UAA access token

usage

there are are multiple ways to deploy the ARM template. we will describe Azure Portal Template based and az cli based Method

create a ssh keypair for the admin user ( if not already done )

both methods require an SSH Keypair

JUMPBOX_NAME=<you jumpbox name, must be unique>
ADMIN_USERNAME=ubuntu
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}

Create and Populate an Azure Key Vault

## Set temporary Variables
PIVNET_UAA_TOKEN=<your pivnet refresh token>
SERVICE_PRINCIPAL=$(az ad sp create-for-rbac --name ServicePrincipalforPKS --output json)
## SET the Following Secrets from the temporary Variables
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURECLIENTID" --value $(echo $SERVICE_PRINCIPAL | jq -r .appId) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURETENANTID" --value $(echo $SERVICE_PRINCIPAL | jq -r .tenant) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "AZURECLIENTSECRET" --value $(echo $SERVICE_PRINCIPAL | jq -r .password) --output none
az keyvault secret set --vault-name ${AZURE_VAULT} \
--name "PIVNETUAATOKEN" --value ${PIVNET_UAA_TOKEN} --output none
## unset the temporary variables
unset SERVICE_PRINCIPAL

installation using Template Deployment (Preferred for First Time Users)

  1. use the "deploy to Azure Button" to start a Template Deployment
  1. fill in all required Parameters ( marked with a red Star ) image
  2. when done, click Purchase.

Installation using az cli ( for Advanced Users)

see this Document for installation using AZ CLI

What´s next

Monitoring the deployment

When the ARM Deployment is finished, the Post Deployment jobs start

Monitor your Deployment using debugging section

after the deployment

When the Deployment has finished, continue to getting started after deployment

the deployment might pause after opsmanager deployment, if your opsmanager fqdn is not resolvable
the log file will, at this stage, show the Azure Name Servers that need to be added to your DNS NS Record

image
once fixed, the deployment will continue.

Updating the deployment

a helper script is available to update the deployment this can be

  • script updates
  • template updates for new versions

Simply run

wget -O - https://raw.githubusercontent.com/bottkars/pks-jump-azure/master/scripts/update.sh | bash

debugging-monitoring

ssh into the Jumpbox

 ssh -i ~/${JUMPBOX_NAME} ${ADMIN_USERNAME}@${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com

tail the installation log

tail -f ~/install.log

cleanup

Simply delete the Resource Groups if using the Advances method, you may use:

az group delete --name ${JUMPBOX_RG} --yes
az group delete --name ${ENV_NAME} --yes
ssh-keygen -R "${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com"
az role definition delete --name ${AZURE_SUBSCRIPTION_ID}-${ENV_NAME}-pks-worker-role
az role definition delete --name ${AZURE_SUBSCRIPTION_ID}-${ENV_NAME}-pks-master-role

Advanced tasks

see advanced tasks that can make your life easy