mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-08-14 02:27:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
c5fbe9957d
talos/docs/configuration/masters/index.html
Andrew Rynhard c5fbe9957d
docs: improve configuration documentation (#186)
2018-11-04 13:44:54 -08:00

413 lines
14 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<head>
<meta charset="utf-8">
<title>Autonomy</title>
<meta name="description" content="">
<meta name="author" content="andrew.rynhard@autonomy.io">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Raleway|Fira+Mono|Roboto:300" rel="stylesheet">
<link rel="icon" type="image/png" href="https://dianemo.autonomy.io/img/favicon.png">
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/fuse.js/3.2.0/fuse.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/mark.js/8.11.1/jquery.mark.min.js"></script>
<script src="https://dianemo.autonomy.io/js/search.js"></script>
<link rel="stylesheet" href="https://dianemo.autonomy.io//css/milligram.min.css">
<link rel="stylesheet" href="https://dianemo.autonomy.io/css/main.css">
</head>
<nav class="navbar">
<div class="container">
<div class="row">
<div class="column column-50">
<ul class="navbar-list navbar-left">
<li class="navbar-item">
<a class="navbar-link logo" href="/">
<img src="https://dianemo.autonomy.io//img/logo.svg" class="logo">
</a>
</li>
</ul>
</div>
<div class="column column-50">
<ul class="navbar-list navbar-right">
<li class="navbar-item">
<a class="navbar-link navbar-logo" rel="noopener noreferrer" href="https://github.com/autonomy/dianemo" target="_blank">
<span class="octicon octicon-mark-github"></span>
</a>
</li>
<li class="navbar-item">
<a class="navbar-link navbar-logo" rel="noopener noreferrer" href="https://hub.docker.com/u/autonomy" target="_blank">
<span class="fab fa-docker"></span>
</a>
</li>
</ul>
</div>
</div>
</div>
</nav>
<script id="search-result-template" type="text/x-js-template">
<li class="sidebar-item">
<div id="summary-${key}">
<a class="sidebar-link" href="${link}">${title}</a>
<p class="search-result-item">${preview}</p>
</div>
</li>
</script>
<nav class="sidebar">
<div class="row">
<div class="column">
<span>
<a class="logo" href="https://dianemo.autonomy.io/">
<img src="https://dianemo.autonomy.io//img/logo.svg" class="logo">
</a>
</span>
</div>
</div>
<hr>
<div class="row">
<div class="column">
<div class="button-group button-group-center">
<a class="button" href="https://github.com/autonomy/dianemo/fork">
<span class="octicon octicon-repo-forked"></span>
Fork
</a>
<a class="button" href="https://github.com/autonomy/dianemo/stargazers">
<span class="octicon octicon-star"></span>
Star
</a>
</div>
</div>
</div>
<hr>
<div class="row search-area">
<form class="search-form" action="" onSubmit="return">
<input class="search-box" id="search-query" name="s" type="text" placeholder="search" />
</form>
<ul class="sidebar-list search-results" id="search-results">
</ul>
</div>
<div class="row">
<div class="column">
<ul class="sidebar-list parent">
<li class="sidebar-item">
<a class="sidebar-link sidebar-link-parent"
href="https://dianemo.autonomy.io/components/" >
Components
</a>
<ul class="sidebar-list">
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/kernel/" >
kernel
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/init/" >
init
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/kubeadm/" >
kubeadm
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/trustd/" >
trustd
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/proxyd/" >
proxyd
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/osd/" >
osd
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/osctl/" >
osctl
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/components/blockd/" >
blockd
</a>
</li>
</ul>
</li>
<li class="sidebar-item">
<a class="sidebar-link sidebar-link-parent active"
href="https://dianemo.autonomy.io/configuration/" >
Configuration
</a>
<ul class="sidebar-list active">
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/configuration/osd/" >
osd
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link active"
href="https://dianemo.autonomy.io/configuration/masters/" >
Masters
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/configuration/workers/" >
Workers
</a>
</li>
</ul>
</li>
<li class="sidebar-item">
<a class="sidebar-link sidebar-link-parent"
href="https://dianemo.autonomy.io/examples/" >
Examples
</a>
<ul class="sidebar-list">
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/examples/aws/" >
AWS
</a>
</li>
<li class="sidebar-item">
<a class="sidebar-link"
href="https://dianemo.autonomy.io/examples/kvm/" >
KVM
</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<body>
<div class="container">
<div class="content">
<div class="row ">
<div class="column column-10">
<a class="navigation navigation-previous" href="https://dianemo.autonomy.io/configuration/osd/">
<i class="fa fa-chevron-left"></i>
</a>
</div>
<div class="column document">
<section class="document">
<h1 class="title">Masters</h1>
<p>
<p>Configuring master nodes in a Dianemo Kubernetes cluster is a two part process:</p>
<ul>
<li>configuring the Dianemo specific options</li>
<li>and configuring the Kubernetes specific options</li>
</ul>
<p>To get started, create a YAML file we will use in the following steps:</p>
<pre><code class="language-bash">touch &lt;node-name&gt;.yaml
</code></pre>
<h2 id="configuring-dianemo">Configuring Dianemo</h2>
<h3 id="injecting-the-dianemo-pki">Injecting the Dianemo PKI</h3>
<p>Using <code>osctl</code>, and our output from the <a href="https://dianemo.autonomy.io/configuration/osd/">PKI</a> instructions, inject the generated PKI into the configuration file:</p>
<pre><code class="language-bash">osctl inject os --crt &lt;organization&gt;.crt --key &lt;organization&gt;.key &lt;node-name&gt;.yaml
osctl inject identity --crt &lt;node-name&gt;.crt --key &lt;node-name&gt;.key &lt;node-name&gt;.yaml
</code></pre>
<p>You should see the following fields populated:</p>
<pre><code class="language-yaml">security:
os:
ca:
crt: &lt;base 64 encoded root public certificate&gt;
key: &lt;base 64 encoded root private key&gt;
identity:
crt: &lt;base 64 encoded identity public certificate&gt;
key: &lt;base 64 encoded identity private key&gt;
...
</code></pre>
<h3 id="configuring-trustd">Configuring <code>trustd</code></h3>
<p>Each master node participates as a Root of Trust in the cluster.
The responsibilities of <code>trustd</code> include:</p>
<ul>
<li>certificate as a service</li>
<li>and Kubernetes PKI distribution amongst master nodes</li>
</ul>
<p>The auth done between <code>trustd</code> and a client is, for now, a simple username and password combination.
Having these credentials gives a client the power to request a certifcate that identifies itself.
In the <code>&lt;node-name&gt;.yaml</code>, add the follwing:</p>
<pre><code class="language-yaml">security:
...
services:
...
trustd:
username: &lt;username&gt;
password: &lt;password&gt;
...
</code></pre>
<h2 id="configuring-kubernetes">Configuring Kubernetes</h2>
<h3 id="generating-the-root-ca">Generating the Root CA</h3>
<p>To create the root CA for the Kubernetes cluster, run:</p>
<pre><code class="language-bash">osctl gen ca --rsa --hours &lt;hours&gt; --organization &lt;kubernetes-organization&gt;
</code></pre>
<blockquote class="note " >
<p>Note: The <code>--rsa</code> flag is required for the generation of the Kubernetes CA.</p>
</blockquote>
<h3 id="injecting-the-kubernetes-pki">Injecting the Kubernetes PKI</h3>
<p>Using <code>osctl</code>, inject the generated PKI into the configuration file:</p>
<pre><code class="language-bash">osctl inject kubernetes --crt &lt;kubernetes-organization&gt;.crt --key &lt;kubernetes-organization&gt;.key &lt;node-name&gt;.yaml
</code></pre>
<p>You should see the following fields populated:</p>
<pre><code class="language-yaml">security:
...
kubernetes:
ca:
crt: &lt;base 64 encoded root public certificate&gt;
key: &lt;base 64 encoded root private key&gt;
...
</code></pre>
<h3 id="configuring-kubeadm">Configuring Kubeadm</h3>
<p>The configuration of the <code>kubeadm</code> service is done in two parts:</p>
<ul>
<li>supplying the Dianemo specific options</li>
<li>supplying the <code>kubeadm</code> <code>InitConfiguration</code></li>
</ul>
<h4 id="dianemo-specific-options">Dianemo Specific Options</h4>
<pre><code class="language-yaml">services:
...
kubeadm:
init:
type: initial
etcdMemberName: &lt;member-name&gt;
...
</code></pre>
<h4 id="kubeadm-specific-options">Kubeadm Specific Options</h4>
<pre><code class="language-yaml">services:
...
kubeadm:
...
configuration: |
apiVersion: kubeadm.k8s.io/v1alpha3
kind: InitConfiguration
...
...
</code></pre>
<blockquote>
<p>See the official <a href="https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/">documentation</a> for the options available in <code>InitConfiguration</code>.</p>
</blockquote>
</p>
</section>
</div>
<div class="column column-10">
<a class="navigation navigation-next" href="https://dianemo.autonomy.io/configuration/workers/">
<i class="fa fa-chevron-right"></i>
</a>
</div>
</div>
</div>
</div>
</body>
<div class="footer">
<aside class="copyright">
&copy; 2018 Released under Mozilla Public License 2.0
</aside>
</div>
Reference in New Issue View Git Blame Copy Permalink