Kubo/CFCR on Bosh Lite
This is a guide to install Kubo on BOSH Lite
Requirements
- Virtualbox
Bosh Lite Installation
-
First checkout the
bosh-deployment
andkubo-bosh-lite
reposgit clone https://github.com/cloudfoundry/bosh-deployment git clone https://github.com/bstick12/kubo-bosh-lite.git
-
Create a directory to store the our state and credentials
mkdir kubo
-
Create BOSH deployment. Kubo has some additional requirements to the standard BOSH lite installation.
- uaa
- credhub
bosh create-env bosh-deployment/bosh.yml \ --state kubo/state.json \ -o bosh-deployment/virtualbox/cpi.yml \ -o bosh-deployment/virtualbox/outbound-network.yml \ -o bosh-deployment/bosh-lite.yml \ -o bosh-deployment/bosh-lite-runc.yml \ -o bosh-deployment/jumpbox-user.yml \ -o bosh-deployment/local-dns.yml \ -o kubo-bosh-lite/ops/dns-addresses.yml \ -o bosh-deployment/uaa.yml \ -o bosh-deployment/credhub.yml \ --vars-store kubo/creds.yml \ -v director_name="kubo-bosh-lite" \ -v internal_ip=192.168.50.6 \ -v internal_gw=192.168.50.1 \ -v internal_cidr=192.168.50.0/24 \ -v dns_recursor_ip=192.168.50.6 \ -v outbound_network_name=NatNetwork
-
Get the admin password from the
kubo/creds.yml
and then login to your BOSH environmentexport BOSH_CLIENT=admin export BOSH_CLIENT_SECRET=$(bosh int kubo/creds.yml --path /admin_password) bosh -e 192.168.50.6 login --ca-cert <(bosh int kubo/creds.yml --path /director_ssl/ca)
-
Create a alias
kubo
for the BOSH environmentbosh -e 192.168.50.6 alias-env kubo --ca-cert <(bosh int kubo/creds.yml --path /director_ssl/ca)
-
Update runtime config for bosh-dns
bosh -e kubo update-runtime-config -n bosh-deployment/runtime-configs/dns.yml
-
Upload the stemcell for usage with KUBO. Use the same stemcell version as used by the bosh deployment.
bosh -e kubo upload-stemcell "https://s3.amazonaws.com/bosh-core-stemcells/warden/bosh-stemcell-3468.21-warden-boshlite-ubuntu-trusty-go_agent.tgz"
-
Update the `cloud-config' for the kubo environment
bosh -e kubo update-cloud-config kubo-bosh-lite/cloud-config.yml
-
Deploy Kubo
This deployment of Kubo consists of only a single master/etcd node and three workers
bosh -e kubo deploy -d kubo-bosh-lite kubo-bosh-lite/kubo.yml -v kubernetes_master_host=10.240.0.2
-
Add a route to allow access to the deployment of kubo
sudo ip route add 10.240.0.0/16 via 192.168.50.6 # Linux sudo route add -net 10.240.0.0/16 192.168.50.6 # OS X
-
Set-up 'kubectl' to access the newly created cluster
export CREDHUB_CLIENT=credhub-admin export CREDHUB_SECRET=$(bosh int --path /credhub_admin_client_secret kubo/creds.yml) export CREDHUB_CA_CERT=$(bosh int --path /credhub_tls/ca kubo/creds.yml) credhub login -s https://192.168.50.6:8844 --skip-tls-validation bosh int <(credhub get -n "/kubo-bosh-lite/kubo-bosh-lite/tls-kubernetes" --output-json) --path=/value/ca > kubo/kubernetes.crt kubectl config set-cluster kubo-bosh-lite --server https://10.240.0.2:8443 --embed-certs=true --certificate-authority=kubo/kubernetes.crt KUBERNETES_PWD=$(bosh int <(credhub get -n "/kubo-bosh-lite/kubo-bosh-lite/kubo-admin-password" --output-json) --path=/value) kubectl config set-credentials "kubo-bosh-lite-admin" --token=${KUBERNETES_PWD} kubectl config set-context "kubo-bosh-lite" --cluster="kubo-bosh-lite" --user="kubo-bosh-lite-admin" kubectl config use-context "kubo-bosh-lite" kubectl get all
Troubleshooting
Use this command to connect to the internal BOSH machine
bosh int kubo/creds.yml --path /jumpbox_ssh/private_key > kubo/jumpbox.key
chmod 600 kubo/jumpbox.key
ssh jumpbox@192.168.50.6 -i kubo/jumpbox.key