Page MenuHomePhabricator
Create Task
Maniphest T215679

Sort out and test deploying the worker nodes in a sane fashion
Closed, ResolvedPublic
Actions

Description

Whether this is accomplished via the newer cert services, some buried part of kubeadm, puppet + packages, etc. Ensure that we are ideally not manually slinging around a join token. If we actually are doing that, find a way to distribute that or run it via puppet or similar.

Related Objects
Search...

Event Timeline

Bstorm triaged this task as High priority.Feb 8 2019, 11:44 PM
Bstorm created this task.
bd808 removed a project: Goal.Feb 10 2019, 8:47 PM
GTirloni unsubscribed.Mar 21 2019, 9:06 PM
aborrero subscribed.Jul 4 2019, 5:06 PM

According to the last status updates on T215531: Deploy upgraded Kubernetes to toolsbeta, we are bootstrapping worker nodes by using kubeadm with a pre-shared token. This token is stored in hiera (private repo).

When a new cluster is being built, kubeadm generates a cmdline that we should copy-paste into the joining worker node.
Or alternatively, we can just use our pre-configured config file which contains also the required bits to join the cluster.

root@newworker:~# kubeadm join --config /etc/kubernetes/kubeadm-join.cfg`  <--- this file is maintained by puppet
-o-
root@newworker:~# kubeadm join <FQDN>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash> <--- this is generated by kubeadm init
aborrero closed this task as Resolved.Nov 20 2019, 1:49 PM
aborrero claimed this task.

The final workflow is documented here: https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Admin/Deploying_k8s#worker_nodes

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits