Using this Terraform module, you can launch your own DCOS cluster.
See variables.tf
for a list of configurable parameters.
To include this module in your Terraform code-base, use the following snippet:
module "dcos" {
source = "github.com/zutherb/terraform-dcos"
aws_access_key = "..."
aws_secret_key = "..."
aws_region = "eu-central-1"
ssh_public_key = "ssh-rsa ..."
...
}
Then run terraform get
to retrieve this module.
Any Terraform module can also be used on its own. To do so, follow these instructions:
- clone the repository
- create a
terraform.tfvars
file with all the (required) variables
aws_access_key="*****"
aws_secret_key="*****"
aws_region="eu-west-1"
ssh_public_key="ssh-rsa ***** bernd.zuther@codecentric.de"
- optionally run
terraform plan -out terraform.plan
- run
terraform apply [terraform.plan]
DCOS is based on Mesos and includes a distributed systems kernel. It also includes a set of core system services, such as a native Marathon instance to manage processes and installable services, and Mesos-DNS for service discovery.
DCOS is comprised of Mesos master and agent nodes, a native DCOS Marathon instance, Mesos-DNS for service discovery, Admin Router for central authentication and proxy to DCOS services, and Zookeeper to coordinate and manage the installed DCOS services.
DCOS provides the admin, private, and public security zones. The admin zone is accessible via HTTP/HTTPS and SSH connections, and provides access to your master nodes. The private zone is a non-routable network that is only accessible from the admin zone or through the edgerouter from the public zone. The optional public zone is where publicly accessible applications are run.
- The DCOS Community Edition does not provide authentication. Authentication is available in the DCOS Enterprise Edition.
- The DCOS CLI and web interface do not currently use an encrypted channel for communication. However, you can upload your own SSL certificate to the masters and change your CLI and web interface configuration to use HTTPS instead of HTTP.
- You must secure your cluster by using security rules. It is strongly recommended that you only allow internal traffic.
- If there is sensitive data in your cluster, follow standard cloud policies for accessing that data. Either set up a point to point VPN between your secure networks or run a VPN server inside your DCOS cluster.