kuberbs
K8 deployment automatic rollback system
Blog post
Deploy kuberbs (without building from source)
If you just want to use KubeRBS (instead of building it from source yourself), please follow instructions in this section. You need a Kubernetes 1.10 or newer cluster.
You can install Kuberbs on any Kubernetes cluster either on perm or in the cloud.
Kuberbs supports metrics from DataDog or Stackdriver
GKE Specific Setup
You'll also need the Google Cloud SDK.
You can install the Google Cloud SDK (which also installs kubectl) here.
Configure gcloud sdk by setting your default project:
gcloud config set project {your project_id}
Set the environment variables:
export GCP_REGION=us-central1
export GKE_CLUSTER_NAME=kuberbs-cluster
export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
Create IAM Service Account and obtain the Key in JSON format
Create Service Account with this command:
gcloud iam service-accounts create kuberbs-service-account --display-name "kuberbs"
Create and attach custom kuberbs role to the service account by running the following commands:
gcloud iam roles create kuberbs --project $PROJECT_ID --file roles.yaml
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:kuberbs-service-account@$PROJECT_ID.iam.gserviceaccount.com --role projects/$PROJECT_ID/roles/kuberbs
Generate the Key using the following command:
gcloud iam service-accounts keys create key.json \
--iam-account kuberbs-service-account@$PROJECT_ID.iam.gserviceaccount.com
Create Kubernetes Secret
Get your GKE cluster credentials with (replace cluster_name with your real GKE cluster name):
gcloud container clusters get-credentials $GKE_CLUSTER_NAME
--region $GCP_REGION
--project $PROJECT_ID
None GKE Specific Setup
Create a Kubernetes secret by running:
kubectl create secret generic kuberbs-key --from-file=key.json --namespace=kube-system
Deploy Kuberbs
kubectl apply -f deploy/.
Create Configuration file
Change the example in examples\kuberbs-example.yaml
to fit your needs
Here are the configuration options
watchperiod
int - for how long to watch a deployment
metricssource
string - currently we support stackdriver and datadog
for each namespace that you would like to watch you can have multiple deployments.
Each deployments must have a name, a metric and the threshold per second.
Deploy your configuration file.
Deploy & Build From Source
You need a Kubernetes 1.10 or newer cluster. You also need Docker and kubectl 1.10.x or newer installed on your machine, as well as the Google Cloud SDK. You can install the Google Cloud SDK (which also installs kubectl) here.
Clone Git Repository
Make sure your $GOPATH is configured. You'll need to clone this repository to your $GOPATH/src
folder.
git clone https://github.com/doitintl/kuberbs.git $GOPATH/src/kuberbs
cd $GOPATH/src/kuberbs
Build kubeRBS's container image
Install go/dep (Go dependency management tool) using these instructions and then run
dep ensure
You can now compile the kuberbs binary and run tests
make
Build kuberbs's container image
Compile the kuberbs binary and build the Docker image as following:
make image
Tag the image using:
docker tag kuberbs gcr.io/$PROJECT_ID/kuberbs
Finally, push the image to Container Registry with:
For example
docker push gcr.io/$PROJECT_ID/kuberbs
GKE Specific Setup
Set Environment Variables
Replace us-central1 with the region where your GKE cluster resides and kuberbs-cluster with your real GKE cluster name
export GCP_REGION=us-central1
export GKE_CLUSTER_NAME=kuberbs-cluster
export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
Create IAM Service Account and obtain the Key in JSON format
Create Service Account with this command:
gcloud iam service-accounts create kuberbs-service-account --display-name "kuberbs"
Create and attach custom kuberbs role to the service account by running the following commands:
gcloud iam roles create kuberbs --project $PROJECT_ID --file roles.yaml
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:kuberbs-service-account@$PROJECT_ID.iam.gserviceaccount.com --role projects/$PROJECT_ID/roles/kuberbs
Generate the Key using the following command:
gcloud iam service-accounts keys create key.json \
--iam-account kuberbs-service-account@$PROJECT_ID.iam.gserviceaccount.com
Create Kubernetes Secret
Get your GKE cluster credentials with (replace cluster_name with your real GKE cluster name):
gcloud container clusters get-credentials $GKE_CLUSTER_NAME
--region $GCP_REGION
--project $PROJECT_ID
None GKE Specific Setup
Create a Kubernetes secret by running:
kubectl create secret generic kuberbs-key --from-file=key.json --namespace=kube-system
Deploy kuberbs by running
kubectl apply -f deploy/.
Running kuberbs locally
Make sure you can access your cluster
APISERVER=$(kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " ")
TOKEN=$(kubectl describe secret $(kubectl get secrets | grep ^default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d " ")
curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
If you can access your cluster then you need to set up the credentials:
echo $TOKEN >token
tr -d '\n' <token >t
sudo cp t /var/run/secrets/kubernetes.io/serviceaccount/token
ssh into one of the containers in your cluster and get /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
. copy that file to your local /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
In the file pkg/clinetset/v1/rbs
replace const RbsNameSpace = "kube-system"
with const RbsNameSpace = "default"
References:
Event listening code was taken from kubewatch