From bbc7e7d751c02ebcd4523922a9b53dba54a22d85 Mon Sep 17 00:00:00 2001 From: Mykhailo Kuznietsov Date: Wed, 14 Nov 2018 10:00:05 +0200 Subject: [PATCH] Remove pure kubectl deployment (#11894) --- deploy/kubernetes/README.md | 2 +- deploy/kubernetes/helm/che/readme.md | 102 ------ deploy/kubernetes/kubectl/Deploy Che.md | 35 --- deploy/kubernetes/kubectl/che-kubernetes.yaml | 297 ------------------ 4 files changed, 1 insertion(+), 435 deletions(-) delete mode 100644 deploy/kubernetes/helm/che/readme.md delete mode 100644 deploy/kubernetes/kubectl/Deploy Che.md delete mode 100644 deploy/kubernetes/kubectl/che-kubernetes.yaml diff --git a/deploy/kubernetes/README.md b/deploy/kubernetes/README.md index ddc5851de2..8aa47e3f49 100644 --- a/deploy/kubernetes/README.md +++ b/deploy/kubernetes/README.md @@ -1 +1 @@ -Docs are located at [https://www.eclipse.org/che/docs/kubernetes-single-user.html](https://www.eclipse.org/che/docs/kubernetes-single-user.html). +Deployment instructions for [Single User](https://www.eclipse.org/che/docs/kubernetes-single-user.html) and [Multi User](https://www.eclipse.org/che/docs/kubernetes-single-user.html) Che. diff --git a/deploy/kubernetes/helm/che/readme.md b/deploy/kubernetes/helm/che/readme.md deleted file mode 100644 index fc9ab3398c..0000000000 --- a/deploy/kubernetes/helm/che/readme.md +++ /dev/null @@ -1,102 +0,0 @@ -# Deploy single user Che to Kubernetes using Helm - -## Prerequisites -- Start minikube with sufficient resources and RBAC enabled - - for minikube 0.26.0 and greater `minikube start --cpus 2 --memory 4096 --extra-config=apiserver.authorization-mode=RBAC` - - for minikube 0.25.2 and lower `minikube start --cpus 2 --memory 4096 --extra-config=apiserver.Authorization.Mode=RBAC` -- Add cluster-admin role for `kube-system:default` account - - `kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default` -- Install the [Helm](https://github.com/kubernetes/helm/blob/master/docs/install.md) CLI -- Set your default Kubernetes context (this is required to use helm): - - In Minikube this is set for you automatically - - Otherwise, you may have to modify the KUBECONFIG environment variable and then type `kubectl config use-context ` -- Install tiller on your cluster: - - Create a [tiller serviceAccount](https://github.com/kubernetes/helm/blob/master/docs/rbac.md): `kubectl create serviceaccount tiller --namespace kube-system` - - Bind it to the almighty cluster-admin role: `kubectl apply -f ./tiller-rbac.yaml` - - Install tiller itself: `helm init --service-account tiller` -- Ensure that you have an NGINX-based ingress controller. Note: This is the default ingress controller on Minikube. You can start it with `minikube addons enable ingress` -- DNS discovery should be enabled. Note: It is enabled by default in minikube. - -## Deployment Process -### Obtain the Address of your Kubernetes Cluster -- If your cluster is running on Minikube, simply type `minikube ip` at your terminal -- If your cluster is in the cloud, obtain the hostname or ip address from your cloud provider - -### Routing Strategies -In production, you should specify an ingress domain and use the `multi-host` routing strategy, where agents and servers are served from a unique subdomain of the ingress domain (see [here](https://github.com/eclipse/che/issues/8694) why). To set an ingress domain, pass the value of the `global.ingressDomain` parameter below. - -In case you don't have an ingress domain (e.g. during local development), and would still want to use a host-based configuration, you can use services such as nip.io or xip.io, in conjunction with `multi-host` routing. If you must use an ip address (e.g. your corporate policy prevents you from using nip.io), you should use the `default-host` routing strategy, that provides limited path-based routing to workspace agents and servers. - -In some cases, you may be limited to a single host name (for example, when using the default cert-manager integration, that issues only a single, non-wildcard, certificate). You can utilize the `single-host` routing strategy, which relies on path based routing. - - -### Deploying with Helm -The context of the commands below is the directory in which this readme file resides - -- Override default values by changing the values.yaml file and then typing: - - ```bash - helm upgrade --install --namespace ./ - ``` -- Or, you can override default values during installation, using the `--set` flag: - - ```bash - helm upgrade --install --namespace --set global.ingressDomain= --set cheImage= ./ - ``` - -#### Deployment Options - -##### Single User -Only Che will be deployed. - - ```bash - helm upgrade --install --namespace --set global.ingressDomain= ./ - ``` -* Master: `https://che-.domain` -* Workspaces servers: `https://server-host.domain` - -##### Multi User -Che, KeyCloak and Postgres will be deployed. - - ```bash - helm upgrade --install --namespace -f ./values/multi-user.yaml --set global.ingressDomain= ./ - ``` - -* Master: `https://che-.domain` -* Keycloak: `https://keycloak-.domain` -* Workspaces servers: `https://server-host.domain` - -##### Default Host -All Ingress specs are created without a host attribute (defaults to *). -Path based routing to all components. -Multi User configuration is enabled. - - ```bash - helm upgrade --install --namespace -f ./values/default-host.yaml --set global.ingressDomain= ./ - ``` - -* Master: `http:///` -* Keycloak: `http:///auth/` -* Workspaces servers: `http:///` - -##### TLS-enabled -Cert-Manager is used to issue LetsEncrypt certificates. -To avoid rate-limit issues, we use a single hostname for all ingresses. -Path based routing to all components. -Multi User configuration is enabled. - - ```bash - helm install --name stable/cert-manager - helm upgrade --install --namespace -f ./values/tls.yaml --set global.ingressDomain= ./ - ``` - -* Master: `https://che-.domain/` -* Keycloak: `https://che-.domain/auth/` -* Workspaces servers: `https://che-.domain/` - -## Deleting a Deployment -You can delete a deployment using the following command: - -``` bash -helm delete -``` diff --git a/deploy/kubernetes/kubectl/Deploy Che.md b/deploy/kubernetes/kubectl/Deploy Che.md deleted file mode 100644 index 09aea24543..0000000000 --- a/deploy/kubernetes/kubectl/Deploy Che.md +++ /dev/null @@ -1,35 +0,0 @@ -# Deploy single user Che to k8s -Tested on minikube with vm providers Virtualbox and kvm2. Note that Che with workspaces requires quite a lot -of RAM. Initial tests were done with 10GB, but it is definitely more than it is needed to start Che -and couple of workspaces. - -IP of VM is supposed to be `192.168.99.100`. `nip.io` is also used for handling hosts resolution. -If you have another IP or DNS replace these values in k8s.yml file. - -Services are exposed using ingress controller approach. -We added ingress annotations to customize ingress controller behavior - -not to break websocket connections. -In particular testing environment was setup with NginX ingress controller 0.9.0. -So we added annotations specific to this implementation and version: -- nginx.ingress.kubernetes.io/rewrite-target: / -- nginx.ingress.kubernetes.io/ssl-redirect": "false" -- nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" -- nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600" - -If you use another ingress controller implementation or version you need to customize -Che master ingress and value of environment variable `CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON` stored in ConfigMap. -Value of the map should be expressed as a stringified JSON. - -And environment variable would be: `'{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'` - -###Prerequisites: -- Ingress controller is running. Note: you can start it on minikube with `minikube addons enable ingress`. -- Currently Che workspaces work with NginX ingress controller only. Note: it is default ingress controller on minikube. -- DNS discovery should be enabled. Note: enabled by default in minikube. -### Deployment process: -Note: despite the fact that it is not necessary to use a separate namespace for Che -we use it to simplify development operations such as cleaning of spoiled environment -and clean redeploy of Che. -- Create namespace `che`: `kubectl create namespace che` -- Deploy Che: `kubectl --namespace=che apply -f che-kubernetes.yaml` -- Check Che pod status until it become `Running`: `kubectl get --namespace=che pods` diff --git a/deploy/kubernetes/kubectl/che-kubernetes.yaml b/deploy/kubernetes/kubectl/che-kubernetes.yaml deleted file mode 100644 index 1147a7b7c2..0000000000 --- a/deploy/kubernetes/kubectl/che-kubernetes.yaml +++ /dev/null @@ -1,297 +0,0 @@ ---- -apiVersion: v1 -kind: List -items: -- apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - app: che - name: che -- apiVersion: v1 - kind: Service - metadata: - labels: - app: che - name: che-host - spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - app: che -- apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - labels: - app: che - name: che-data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -- apiVersion: v1 - kind: ConfigMap - metadata: - labels: - app: che - name: che - data: - CHE_HOST: "192.168.99.100.nip.io" - CHE_PORT: "8080" - CHE_API: "http://192.168.99.100.nip.io/api" - CHE_WEBSOCKET_ENDPOINT: ws://192.168.99.100.nip.io/api/websocket - CHE_DEBUG_SERVER: "true" - CHE_INFRASTRUCTURE_ACTIVE: kubernetes - CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: http://192.168.99.100.nip.io/agent-binaries/linux_amd64/bootstrapper/bootstrapper - CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN: "5" - CHE_INFRA_KUBERNETES_MASTER__URL: "" - CHE_INFRA_KUBERNETES_NAMESPACE: "" - CHE_INFRA_KUBERNETES_TRUST__CERTS: "false" - CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common" - CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "false" - CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: "0" - CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: "0" - CHE_LOCAL_CONF_DIR: /etc/conf - CHE_LOGS_DIR: /data/logs - CHE_LOG_LEVEL: "INFO" - CHE_MULTIUSER: "false" - CHE_OAUTH_GITHUB_CLIENTID: "" - CHE_OAUTH_GITHUB_CLIENTSECRET: "" - CHE_PREDEFINED_STACKS_RELOAD__ON__START: "false" - JAVA_OPTS: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m " - CHE_WORKSPACE_AUTO_START: "false" - CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}' - CHE_LOGS_APPENDERS_IMPL: "plaintext" - CHE_INFRA_KUBERNETES_INGRESS_DOMAIN: "192.168.99.100.nip.io" - CHE_INFRA_KUBERNETES_SERVER__STRATEGY: "default-host" - CHE_WORKSPACE_PLUGIN__REGISTRY__URL: "https://che-plugin-registry.openshift.io" -- apiVersion: extensions/v1beta1 - kind: Ingress - metadata: - name: che-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" - nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600" - spec: - rules: - - host: 192.168.99.100.nip.io - http: - paths: - - backend: - serviceName: che-host - servicePort: 8080 -- apiVersion: extensions/v1beta1 - kind: Deployment - metadata: - labels: - app: che - name: che - spec: - replicas: 1 - revisionHistoryLimit: 2 - selector: - matchLabels: - app: che - strategy: - type: Recreate - template: - metadata: - annotations: - pod.alpha.kubernetes.io/init-containers: '[{"image":"busybox","imagePullPolicy":"IfNotPresent","name":"fmp-volume-permission","command":["chmod","777","/data"],"volumeMounts":[{"mountPath":"/data","name":"che-data-volume"}]}]' - labels: - app: che - spec: - containers: - - env: - - name: CHE_HOST - valueFrom: - configMapKeyRef: - key: CHE_HOST - name: che - - name: CHE_PORT - valueFrom: - configMapKeyRef: - key: CHE_PORT - name: che - - name: CHE_API - valueFrom: - configMapKeyRef: - key: CHE_API - name: che - - name: CHE_WEBSOCKET_ENDPOINT - valueFrom: - configMapKeyRef: - key: CHE_WEBSOCKET_ENDPOINT - name: che - - name: CHE_DEBUG_SERVER - valueFrom: - configMapKeyRef: - key: CHE_DEBUG_SERVER - name: che - - name: CHE_INFRASTRUCTURE_ACTIVE - valueFrom: - configMapKeyRef: - key: CHE_INFRASTRUCTURE_ACTIVE - name: che - - name: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL - name: che - - name: CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN - name: che - - name: CHE_INFRA_KUBERNETES_MASTER__URL - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_MASTER__URL - name: che - - name: CHE_INFRA_KUBERNETES_PVC_STRATEGY - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_PVC_STRATEGY - name: che - - name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS - name: che - - name: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER - name: che - - name: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP - name: che - - name: JAVA_OPTS - valueFrom: - configMapKeyRef: - key: JAVA_OPTS - name: che - - name: CHE_INFRA_KUBERNETES_TRUST__CERTS - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_TRUST__CERTS - name: che - - name: CHE_INFRA_KUBERNETES_NAMESPACE - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_NAMESPACE - name: che - - name: CHE_LOCAL_CONF_DIR - valueFrom: - configMapKeyRef: - key: CHE_LOCAL_CONF_DIR - name: che - - name: CHE_LOGS_DIR - valueFrom: - configMapKeyRef: - key: CHE_LOGS_DIR - name: che - - name: CHE_LOG_LEVEL - valueFrom: - configMapKeyRef: - key: CHE_LOG_LEVEL - name: che - - name: CHE_MULTIUSER - valueFrom: - configMapKeyRef: - key: CHE_MULTIUSER - name: che - - name: CHE_OAUTH_GITHUB_CLIENTID - valueFrom: - configMapKeyRef: - key: CHE_OAUTH_GITHUB_CLIENTID - name: che - - name: CHE_OAUTH_GITHUB_CLIENTSECRET - valueFrom: - configMapKeyRef: - key: CHE_OAUTH_GITHUB_CLIENTSECRET - name: che - - name: CHE_PREDEFINED_STACKS_RELOAD__ON__START - valueFrom: - configMapKeyRef: - key: CHE_PREDEFINED_STACKS_RELOAD__ON__START - name: che - - name: CHE_WORKSPACE_AUTO_START - valueFrom: - configMapKeyRef: - key: CHE_WORKSPACE_AUTO_START - name: che - - name: CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON - name: che - - name: OPENSHIFT_KUBE_PING_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CHE_LOGS_APPENDERS_IMPL - valueFrom: - configMapKeyRef: - key: CHE_LOGS_APPENDERS_IMPL - name: che - - name: CHE_INFRA_KUBERNETES_INGRESS_DOMAIN - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_INGRESS_DOMAIN - name: che - - name: CHE_INFRA_KUBERNETES_SERVER__STRATEGY - valueFrom: - configMapKeyRef: - key: CHE_INFRA_KUBERNETES_SERVER__STRATEGY - name: che - - name: CHE_WORKSPACE_PLUGIN__REGISTRY__URL - valueFrom: - configMapKeyRef: - key: CHE_WORKSPACE_PLUGIN__REGISTRY__URL - name: che - image: eclipse/che-server:nightly - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /api/system/state - port: 8080 - scheme: HTTP - initialDelaySeconds: 120 - timeoutSeconds: 10 - name: che - ports: - - containerPort: 8080 - name: http - - containerPort: 8000 - name: http-debug - - containerPort: 8888 - name: jgroups-ping - readinessProbe: - httpGet: - path: /api/system/state - port: 8080 - scheme: HTTP - initialDelaySeconds: 15 - timeoutSeconds: 60 - resources: - limits: - memory: 600Mi - requests: - memory: 256Mi - volumeMounts: - - mountPath: /data - name: che-data-volume - serviceAccountName: che - volumes: - - name: che-data-volume - persistentVolumeClaim: - claimName: che-data-volume