seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove pure kubectl deployment (#11894)

6.19.x
Mykhailo Kuznietsov 2018-11-14 10:00:05 +02:00 committed by GitHub
parent c97cbe8814
commit bbc7e7d751
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 1 additions and 435 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/kubernetes/README.md
View File

@ -1 +1 @@
Docs are located at [https://www.eclipse.org/che/docs/kubernetes-single-user.html](https://www.eclipse.org/che/docs/kubernetes-single-user.html).
Deployment instructions for [Single User](https://www.eclipse.org/che/docs/kubernetes-single-user.html) and [Multi User](https://www.eclipse.org/che/docs/kubernetes-single-user.html) Che.

102
deploy/kubernetes/helm/che/readme.md
View File

@ -1,102 +0,0 @@
# Deploy single user Che to Kubernetes using Helm
## Prerequisites
- Start minikube with sufficient resources and RBAC enabled
- for minikube 0.26.0 and greater `minikube start --cpus 2 --memory 4096 --extra-config=apiserver.authorization-mode=RBAC`
- for minikube 0.25.2 and lower `minikube start --cpus 2 --memory 4096 --extra-config=apiserver.Authorization.Mode=RBAC`
- Add cluster-admin role for `kube-system:default` account
- `kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default`
- Install the [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md) CLI
- Set your default Kubernetes context (this is required to use helm):
- In Minikube this is set for you automatically
- Otherwise, you may have to modify the KUBECONFIG environment variable and then type `kubectl config use-context <my-context>`
- Install tiller on your cluster:
- Create a [tiller serviceAccount](https://github.com/kubernetes/helm/blob/master/docs/rbac.md): `kubectl create serviceaccount tiller --namespace kube-system`
- Bind it to the almighty cluster-admin role: `kubectl apply -f ./tiller-rbac.yaml`
- Install tiller itself: `helm init --service-account tiller`
- Ensure that you have an NGINX-based ingress controller. Note: This is the default ingress controller on Minikube. You can start it with `minikube addons enable ingress`
- DNS discovery should be enabled. Note: It is enabled by default in minikube.
## Deployment Process
### Obtain the Address of your Kubernetes Cluster
- If your cluster is running on Minikube, simply type `minikube ip` at your terminal
- If your cluster is in the cloud, obtain the hostname or ip address from your cloud provider
### Routing Strategies
In production, you should specify an ingress domain and use the `multi-host` routing strategy, where agents and servers are served from a unique subdomain of the ingress domain (see [here](https://github.com/eclipse/che/issues/8694) why). To set an ingress domain, pass the value of the `global.ingressDomain` parameter below.
In case you don't have an ingress domain (e.g. during local development), and would still want to use a host-based configuration, you can use services such as nip.io or xip.io, in conjunction with `multi-host` routing. If you must use an ip address (e.g. your corporate policy prevents you from using nip.io), you should use the `default-host` routing strategy, that provides limited path-based routing to workspace agents and servers.
In some cases, you may be limited to a single host name (for example, when using the default cert-manager integration, that issues only a single, non-wildcard, certificate). You can utilize the `single-host` routing strategy, which relies on path based routing.
### Deploying with Helm
The context of the commands below is the directory in which this readme file resides
- Override default values by changing the values.yaml file and then typing:
```bash
helm upgrade --install <my-che-installation> --namespace <my-che-namespace> ./
```
- Or, you can override default values during installation, using the `--set` flag:
```bash
helm upgrade --install <my-che-installation> --namespace <my-che-namespace> --set global.ingressDomain=<my-hostname> --set cheImage=<my-image> ./
```
#### Deployment Options
##### Single User
Only Che will be deployed.
```bash
helm upgrade --install <che-release-name> --namespace <che-namespace> --set global.ingressDomain=<domain> ./
```
* Master: `https://che-<che-namespace>.domain`
* Workspaces servers: `https://server-host.domain`
##### Multi User
Che, KeyCloak and Postgres will be deployed.
```bash
helm upgrade --install <che-release-name> --namespace <che-namespace> -f ./values/multi-user.yaml --set global.ingressDomain=<domain> ./
```
* Master: `https://che-<che-namespace>.domain`
* Keycloak: `https://keycloak-<che-namespace>.domain`
* Workspaces servers: `https://server-host.domain`
##### Default Host
All Ingress specs are created without a host attribute (defaults to *).
Path based routing to all components.
Multi User configuration is enabled.
```bash
helm upgrade --install <che-release-name> --namespace <che-namespace> -f ./values/default-host.yaml --set global.ingressDomain=<domain> ./
```
* Master: `http://<domain>/`
* Keycloak: `http://<domain>/auth/`
* Workspaces servers: `http://<domain>/<path-to-server>`
##### TLS-enabled
Cert-Manager is used to issue LetsEncrypt certificates.
To avoid rate-limit issues, we use a single hostname for all ingresses.
Path based routing to all components.
Multi User configuration is enabled.
```bash
helm install --name <cert-manager-release-name> stable/cert-manager
helm upgrade --install <che-release-name> --namespace <che-namespace> -f ./values/tls.yaml --set global.ingressDomain=<domain> ./
```
* Master: `https://che-<che-namespace>.domain/`
* Keycloak: `https://che-<che-namespace>.domain/auth/`
* Workspaces servers: `https://che-<che-namespace>.domain/<path-to-server>`
## Deleting a Deployment
You can delete a deployment using the following command:
``` bash
helm delete <che-release-name>
```

35
deploy/kubernetes/kubectl/Deploy Che.md
View File

@ -1,35 +0,0 @@
# Deploy single user Che to k8s
Tested on minikube with vm providers Virtualbox and kvm2. Note that Che with workspaces requires quite a lot
of RAM. Initial tests were done with 10GB, but it is definitely more than it is needed to start Che
and couple of workspaces.
IP of VM is supposed to be `192.168.99.100`. `nip.io` is also used for handling hosts resolution.
If you have another IP or DNS replace these values in k8s.yml file.
Services are exposed using ingress controller approach.
We added ingress annotations to customize ingress controller behavior -
not to break websocket connections.
In particular testing environment was setup with NginX ingress controller 0.9.0.
So we added annotations specific to this implementation and version:
- nginx.ingress.kubernetes.io/rewrite-target: /
- nginx.ingress.kubernetes.io/ssl-redirect": "false"
- nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
- nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
If you use another ingress controller implementation or version you need to customize
Che master ingress and value of environment variable `CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON` stored in ConfigMap.
Value of the map should be expressed as a stringified JSON.
And environment variable would be: `'{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'`
###Prerequisites:
- Ingress controller is running. Note: you can start it on minikube with `minikube addons enable ingress`.
- Currently Che workspaces work with NginX ingress controller only. Note: it is default ingress controller on minikube.
- DNS discovery should be enabled. Note: enabled by default in minikube.
### Deployment process:
Note: despite the fact that it is not necessary to use a separate namespace for Che
we use it to simplify development operations such as cleaning of spoiled environment
and clean redeploy of Che.
- Create namespace `che`: `kubectl create namespace che`
- Deploy Che: `kubectl --namespace=che apply -f che-kubernetes.yaml`
- Check Che pod status until it become `Running`: `kubectl get --namespace=che pods`

297
deploy/kubernetes/kubectl/che-kubernetes.yaml
View File

@ -1,297 +0,0 @@
---
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: che
name: che
- apiVersion: v1
kind: Service
metadata:
labels:
app: che
name: che-host
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: che
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: che
name: che-data-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
name: che
data:
CHE_HOST: "192.168.99.100.nip.io"
CHE_PORT: "8080"
CHE_API: "http://192.168.99.100.nip.io/api"
CHE_WEBSOCKET_ENDPOINT: ws://192.168.99.100.nip.io/api/websocket
CHE_DEBUG_SERVER: "true"
CHE_INFRASTRUCTURE_ACTIVE: kubernetes
CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: http://192.168.99.100.nip.io/agent-binaries/linux_amd64/bootstrapper/bootstrapper
CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN: "5"
CHE_INFRA_KUBERNETES_MASTER__URL: ""
CHE_INFRA_KUBERNETES_NAMESPACE: ""
CHE_INFRA_KUBERNETES_TRUST__CERTS: "false"
CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common"
CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "false"
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: "0"
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: "0"
CHE_LOCAL_CONF_DIR: /etc/conf
CHE_LOGS_DIR: /data/logs
CHE_LOG_LEVEL: "INFO"
CHE_MULTIUSER: "false"
CHE_OAUTH_GITHUB_CLIENTID: ""
CHE_OAUTH_GITHUB_CLIENTSECRET: ""
CHE_PREDEFINED_STACKS_RELOAD__ON__START: "false"
JAVA_OPTS: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m "
CHE_WORKSPACE_AUTO_START: "false"
CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
CHE_LOGS_APPENDERS_IMPL: "plaintext"
CHE_INFRA_KUBERNETES_INGRESS_DOMAIN: "192.168.99.100.nip.io"
CHE_INFRA_KUBERNETES_SERVER__STRATEGY: "default-host"
CHE_WORKSPACE_PLUGIN__REGISTRY__URL: "https://che-plugin-registry.openshift.io"
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: che-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
spec:
rules:
- host: 192.168.99.100.nip.io
http:
paths:
- backend:
serviceName: che-host
servicePort: 8080
- apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: che
name: che
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
strategy:
type: Recreate
template:
metadata:
annotations:
pod.alpha.kubernetes.io/init-containers: '[{"image":"busybox","imagePullPolicy":"IfNotPresent","name":"fmp-volume-permission","command":["chmod","777","/data"],"volumeMounts":[{"mountPath":"/data","name":"che-data-volume"}]}]'
labels:
app: che
spec:
containers:
- env:
- name: CHE_HOST
valueFrom:
configMapKeyRef:
key: CHE_HOST
name: che
- name: CHE_PORT
valueFrom:
configMapKeyRef:
key: CHE_PORT
name: che
- name: CHE_API
valueFrom:
configMapKeyRef:
key: CHE_API
name: che
- name: CHE_WEBSOCKET_ENDPOINT
valueFrom:
configMapKeyRef:
key: CHE_WEBSOCKET_ENDPOINT
name: che
- name: CHE_DEBUG_SERVER
valueFrom:
configMapKeyRef:
key: CHE_DEBUG_SERVER
name: che
- name: CHE_INFRASTRUCTURE_ACTIVE
valueFrom:
configMapKeyRef:
key: CHE_INFRASTRUCTURE_ACTIVE
name: che
- name: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL
name: che
- name: CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN
name: che
- name: CHE_INFRA_KUBERNETES_MASTER__URL
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_MASTER__URL
name: che
- name: CHE_INFRA_KUBERNETES_PVC_STRATEGY
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_PVC_STRATEGY
name: che
- name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
name: che
- name: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER
name: che
- name: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP
name: che
- name: JAVA_OPTS
valueFrom:
configMapKeyRef:
key: JAVA_OPTS
name: che
- name: CHE_INFRA_KUBERNETES_TRUST__CERTS
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_TRUST__CERTS
name: che
- name: CHE_INFRA_KUBERNETES_NAMESPACE
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_NAMESPACE
name: che
- name: CHE_LOCAL_CONF_DIR
valueFrom:
configMapKeyRef:
key: CHE_LOCAL_CONF_DIR
name: che
- name: CHE_LOGS_DIR
valueFrom:
configMapKeyRef:
key: CHE_LOGS_DIR
name: che
- name: CHE_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: CHE_LOG_LEVEL
name: che
- name: CHE_MULTIUSER
valueFrom:
configMapKeyRef:
key: CHE_MULTIUSER
name: che
- name: CHE_OAUTH_GITHUB_CLIENTID
valueFrom:
configMapKeyRef:
key: CHE_OAUTH_GITHUB_CLIENTID
name: che
- name: CHE_OAUTH_GITHUB_CLIENTSECRET
valueFrom:
configMapKeyRef:
key: CHE_OAUTH_GITHUB_CLIENTSECRET
name: che
- name: CHE_PREDEFINED_STACKS_RELOAD__ON__START
valueFrom:
configMapKeyRef:
key: CHE_PREDEFINED_STACKS_RELOAD__ON__START
name: che
- name: CHE_WORKSPACE_AUTO_START
valueFrom:
configMapKeyRef:
key: CHE_WORKSPACE_AUTO_START
name: che
- name: CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON
name: che
- name: OPENSHIFT_KUBE_PING_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CHE_LOGS_APPENDERS_IMPL
valueFrom:
configMapKeyRef:
key: CHE_LOGS_APPENDERS_IMPL
name: che
- name: CHE_INFRA_KUBERNETES_INGRESS_DOMAIN
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_INGRESS_DOMAIN
name: che
- name: CHE_INFRA_KUBERNETES_SERVER__STRATEGY
valueFrom:
configMapKeyRef:
key: CHE_INFRA_KUBERNETES_SERVER__STRATEGY
name: che
- name: CHE_WORKSPACE_PLUGIN__REGISTRY__URL
valueFrom:
configMapKeyRef:
key: CHE_WORKSPACE_PLUGIN__REGISTRY__URL
name: che
image: eclipse/che-server:nightly
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /api/system/state
port: 8080
scheme: HTTP
initialDelaySeconds: 120
timeoutSeconds: 10
name: che
ports:
- containerPort: 8080
name: http
- containerPort: 8000
name: http-debug
- containerPort: 8888
name: jgroups-ping
readinessProbe:
httpGet:
path: /api/system/state
port: 8080
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 60
resources:
limits:
memory: 600Mi
requests:
memory: 256Mi
volumeMounts:
- mountPath: /data
name: che-data-volume
serviceAccountName: che
volumes:
- name: che-data-volume
persistentVolumeClaim:
claimName: che-data-volume