Tungsten Fabric: 10 minute deployment with k8s on AWS
This document contains instructions to deploy a Tungsten Fabric cluster that interconnects PODs orchestrated by Kubernetes. The Tungsten Fabric cluster is composed of one controller and two compute nodes that run as EC2 VMs.
New AWS individual users only have root access and they may optionally set up IAM. If you are connected as a root user, you only need to subscribe to the Centos 7 image.
- Once you have signed into the AWS console, go to the following URL: https://aws.amazon.com/marketplace/
- Search for Centos and click on the "CentOS 7 (x86_64) - with Updates HVM" image. Continue to Subscribe. Accept Terms.
If you are connected as an IAM user, check the Appendix at the end of the document.
Just click on this button to create the stack:
- Click Next. Give a name to the stack.
- Leave AnsibleDeployerCommit to this to the default value (master).
- Leave the AnsibleDeployerConfigURL to the default value, unless you want to change things like the topology, role distribution, container version, etc.
- Leave the AnsibleOrchestrator at its default value (kubernetes).
- Set InstallTungstenFabric to Yes.
- Remember - or - change the InstallPassword.
- Leave other fields at their default value. Click Next. Again, Click Next.
- Check "I acknowledge that AWS CloudFormation might create IAM resources". Click Create.
This will trigger the creation, among other things, of one instance that runs the Ansible host. In turn, the Ansible host will create the cluster:
IMPORTANT: If you don’t want to spend a fortune, when you are done with the lab make sure you manually delete the 3 cluster VMs, then delete the stack, and verify no instances run and no volumes are left either.
First, you need to SSH the Ansible host with user root and password tungsten123 (or whatever password you set).
After you have connected to the Ansible host, you can connect from there to the controller or compute nodes:
ssh centos@<ip> # <ip> can be the public IP or the private IP of the controller/compute VM, both work
sudo -s
Accessing the Contrail webUI:
https://<controller-public-ip>:8143 admin / contrail123
Accessing the Kubernetes dashboard:
On the controller:
kubectl get pods -n kube-system -o wide | grep dashboard
Check the IP column. It tells you the private IP address of the compute node where the dashboard POD is running. You need to find out the associated public IP address (it is left to you as an exercise). Once you know it, you can connect to the URL:
https://<public-ip>:8443
Select the token option. Where can you get the token from? There is one on the controller’s file /root/k8s_dashboard_token.txt , but it only allows to visualize. If you want read-write access do the following:
kubectl get secret -n contrail | grep kubemanager
kubectl describe secret <name> -n contrail | grep "token:" | awk '{print $2}'
Take your time to browse the dashboard. During the next exercises, you can choose to do some tasks on the web instead of (or in addition to) the CLI.
If, instead of using a root account, you are signing with an IAM user, you need to grant additional privileges for the user.
- Log on to the AWS console.
- In the AWS services search at the top left of the console, look for IAM and select it.
- On the left navigation bar, click on the user whose privileges you need to change.
- At the right bottom, click Add inline policy.
- Go to the JSON tab, and replace the content with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:*",
"aws-marketplace:*",
"sns:*",
"s3:*",
"ec2:*",
"elasticloadbalancing:*",
"cloudwatch:*",
"autoscaling:*",
"iam:*"
],
"Resource": "*"
}
]
}
- Review policy. Add policy name. Create policy.