upcloudltd / uks-instructions Goto Github PK

Documentation and examples for using UpCloud Kubernetes Service

HCL 95.68% Makefile 4.32%

uks-instructions's Introduction

UpCloud Kubernetes Service examples

This repository contains sample configurations for Terraform and Kubernetes manifests to get started with our UpCloud Kubernetes Service (UKS).

Note that this repository is still evolving. Please check back once in a while and also familiarise yourself with the known issues. This repository will continue to exist while we are building better documentation with examples.

Creating your first cluster

UI

The simplest way to create a cluster is to use our Control Panel. You can do so by following these steps:

Log in to the UpCloud Control Panel.
Go to Kubernetes page using the left-hand side menu.
Click Create new cluster.
Select a Private Network for your Worker Nodes. This network should be in the same zone as the cluster you are creating. The network can not be connected to an existing cluster, can not have an attached router, and should have DHCP enabled with default route from DHCP disabled. For IP network of your SDN network, you can use for example 172.24.1.0/24.
Create a node group or use the default node-group; node group is a group of workers with identical image templates.
Name your cluster.
Click Create button.
Cluster creation will take a few minutes as worker nodes are being provisioned and a DNS record is prepared.
When the cluster is running, you can download your cluster's kubeconfig file; it allows you to access your cluster easily via command line with kubectl. See Exposing Services for example on deploying an Hello UKS application to your newly created cluster.

Alternatives

You can also create a cluster using the following ways:

Terraform - see terraform/README.md for more precise instructions
Direct API access - see UpCloud API Documentation for UKS API documentation; authentication can be achieved with these instructions

Kubeconfig

You can get your kubeconfig by going to your cluster details page in Control Panel. Alternatively, if you use Terraform you can leverage local_file provider to create kubeconfig file after the cluster is deleted (see terraform example)

Exposing Services

UpCloud Managed Load Balancer

See ccm/README.md.

Ingress NGINX controller

See ingress-nginx/README.md.

Persistent storage

See storage/README.md.

Autoscaling

See autoscaling/README.md.

Migration

See migration/README.md.

Troubleshooting

See KNOWN_ISSUES.md

uks-instructions's People

Contributors

Stargazers

Watchers

Forkers

minhtruongfns ewanyonyi

uks-instructions's Issues

Example of using nginx ingress controller with TLS termination on Load balancer

Hey there!

We've been testing out UpCloud Managed Kubernetes and it's pretty great. Everything has worked well for the most part, but some examples of configuring TLS with ingress-nginx could be useful!

graph LR
        A[Clients] -- HTTPS 443 --> LB{*.upcloudlb.com}
        LB -- TLS terminated on Load Balancer --> nginx([ingress-nginx])
        nginx -- HTTP 80 --> serviceA
       nginx -- HTTP 80 --> serviceB

This is the setup we're trying to accomplish. Here's an example Ingress configuration of ours:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: application-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: application-svc
            port:
              number: 80

apiVersion: v1
kind: Service
metadata: 
  labels:
    app: application
  name: application
  annotations: {}
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      targetPort: 80
    - name: https
      port: 443
      targetPort: 80
  selector:
    app: application

This routes HTTP traffic properly, but our application needs HTTPS to function. Using this configuration gives us The plain HTTP request was sent to HTTPS port.

Detaching cluster nodes from the utility network?

Hi! Is it possible to detach the cluster nodes from the utility network using Terraform? We'll have multiple clusters in the future and they're not allowed to intercommunicate on the network level due to regulatory compliance.

Annotation or label for PersistentVolumeClaim encryption?

Hello! As per this documentation, UpCloud now supports encryption at rest for block storage.

Is it on your roadmap to add a label or an annotation to encrypt PVCs on creation, for example like this:

apiVersion: v1  
kind: PersistentVolumeClaim  
metadata:  
  name: example-pvc
  labels:
    upcloud.com/encrypt: "true"   
spec:  
  accessModes:  
    - ReadWriteOnce  
  resources:  
    requests:  
      storage: 10Gi

Need to attach private network through annotations

Why?

We have a private DNS which connects to the private Loadbalancer DNS(Private hostnames)
The frontend is attached to the private network. This is to send communication entirely over internal network(10.x.x.x) and not to expose our traffic over private internet.

Issue:

The setup we have is working good until we try to scale up/down the Kubernetes node group. Whenever the node count is updated, underlying LB reconfigure itself to include/update the backed nodes. This is an expected action, however the LB reconfiguration also removes the attached private network from the frontend, causing entire traffic to be halted. This is an unexpected behavior and we would like to have the private network remains attached.

Expectation:

This is our current annotation to configure our LB to work in TCP mode.

service.beta.kubernetes.io/upcloud-load-balancer-config: |
      {
          "plan": "development",
          "frontends": [
              {
                  "name": "http",
                  "mode": "tcp",
                  "port": 80
              },
              {
                  "name": "https",
                  "mode": "tcp",
                  "port": 443
              }
          ]
      }

We would like to include private network attachment as part of the annotation, to avoid network detachment behavior during loadbalancer reconfiguration.

   service.beta.kubernetes.io/upcloud-load-balancer-config: |
      {
          "plan": "development",
          "frontends": [
              {
                  "name": "http",
                  "mode": "tcp",
                  "port": 80
              },
              {
                  "name": "https",
                  "mode": "tcp",
                  "port": 443,
                  "networks": [
                    {
                      "name": "public-IPv4"
                    },
                    {
                      "name": "private-IPv4"
                    }
                    ]
              }
          ]
      }