1# Patch: cfcr-openstack
2
3## Known Issues
4
5- This patch does not support dns.
6- This patch is tied to `kubo-release v0.16.0` and will change with the next release
7- `kubo-deployment` is using keystone v2 and `bosh-deployment` is using keystone v3.
8We have to change the auth url (that we expect to be v3) provided to bbl to use the v2 endpoint.
9
10## Steps
11
12Steps to deploy cfcr with bbl:
13
141. Pick a valid floating IP that's available within your openstack account and export it so we can attach it to the k8s master.
15   ```
16   export kubernetes_master_host=some-ip
17   ```
18
191. Find and export the project ID guid associated with $BBL_OPENSTACK_PROJECT
20   ```
21   export OPENSTACK_RPOJECT_ID=some-uid
22   ```
23
241. Follow the normal steps to bbl up with a patch.
25    ```
26    mkdir banana-env && cd banana-env
27    bbl plan --name banana-env
28    cp -r bosh-bootloader/plan-patches/cfcr-openstack/. .
29    bbl up
30    eval "$(bbl print-env)"
31    ```
32
331. Export `KD` as your path to `kubo-deployment` so you can copy-paste from below if you so desire.
34   be careful to check out the manifest that matches the kubo-release you uploaded above.
35   ```
36   git clone git@github.com:cloudfoundry-incubator/kubo-deployment.git
37   export KD=$(pwd)/kubo-deployment
38   ```
39
401. `bosh upload-stemcell https://bosh.io/stemcells/bosh-openstack-esxi-ubuntu-trusty-go_agent?v=$(bosh int ${KD}/manifests/cfcr.yml --path=/stemcells/0/version)`
41
421. Deploy the cfcr manifest. Since openstack can't provision load balancers for
43us, we're going to deploy with a single master with a set static IP.
44
45   ```
46   bosh -d cfcr deploy ${KD}/manifests/cfcr.yml \
47   -o ${KD}/manifests/ops-files/iaas/openstack/cloud-provider.yml \
48   -o ${KD}/manifests/ops-files/iaas/openstack/master-static-ip.yml \
49   -v kubernetes_master_host=${kubernetes_master_host} \
50   -v openstack_username=${BBL_OPENSTACK_USERNAME} \
51   -v openstack_password=${BBL_OPENSTACK_PASSWORD} \
52   -v openstack_project_id=${OPENSTACK_PROJECT_ID} \
53   -l <(bbl outputs) \
54   -v auth_url=$(sed 's|v3|v2.0|' <(echo $BBL_OPENSTACK_AUTH_URL))
55   ```
56
57   > Note If you'd like a multi-master cfcr, you'll need to go back to step one,
58   > select a range of 3 valid IPs, re bbl-up, and remove the `single-master.yml` opsfile from the below invokation.
59   > The master-static-ip.yml opsfile in kubo-deployment might not play well with 3 static IPs.
60
611. Configure kubectl
62
63   Then run the following to mix them together into kubectl-appropriate forms:
64   ```
65   export director_name=$(bosh int <(bbl outputs) --path=/director_name)
66   export address="https://${kubernetes_master_host}:8443"
67   export cluster_name="kubo:${director_name}:cfcr"
68   export user_name="kubo:${director_name}:cfcr-admin"
69   export context_name="kubo:${director_name}:cfcr"
70
71   credhub login
72   export admin_password=$(bosh int <(credhub get -n "${director_name}/cfcr/kubo-admin-password" --output-json) --path=/value)
73   ```
74
75   If you want to have a tls-secured kubernetes api, you'll need to add credhub's generated CA to your trusted CAs. We'll leave that as an excercise for the operator.
76   ```
77   # export tmp_ca_file="$(mktemp)"
78   # bosh int <(credhub get -n "${director_name}/cfcr/tls-kubernetes" --output-json) --path=/value/ca > "${tmp_ca_file}"
79   ```
80
81   ```
82   kubectl config set-cluster "${cluster_name}" --server="${address}" --insecure-skip-tls-verify=true
83   kubectl config set-credentials "${user_name}" --token="${admin_password}"
84   kubectl config set-context "${context_name}" --cluster="${cluster_name}" --user="${user_name}"
85   kubectl config use-context "${context_name}"
86   ```
87
881. Create, scale, and expose apps with the kubernetes bootcamp docker image.
89Please note that the openstack cloud-provider, like openstack, does not have load balancer support built in, so you'll have to use nodeports.
90
91   ```
92   kubectl run kubernetes-bootcamp --image=docker.io/jocatalin/kubernetes-bootcamp:v1 --port=8080
93   kubectl get pods
94   kubectl expose deployment kubernetes-bootcamp --type NodePort --name k8s-bootcamp-service
95   ```
96
97   After you've completed this, other services within your openstack cluster should be able to reach kubernetes-bootcamp on any worker's NodePort.
98