google

package
v0.0.0-...-86ffc8e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 6, 2018 License: Apache-2.0 Imports: 36 Imported by: 0

README

Cluster API GCP Cloud Provider

Cluster Deletion

This guide explains how to delete all resources that were created as part of your Cluster API Kubernetes cluster.

If your cluster was created using the gcp-deployer tool, see the gcp-deployer docs.

  1. Remember the service accounts that were created for your cluster

    export MASTER_SERVICE_ACCOUNT=$(kubectl get cluster -o=jsonpath='{.items[0].metadata.annotations.gce\.clusterapi\.k8s\.io\/service-account-k8s-master}')
export WORKER_SERVICE_ACCOUNT=$(kubectl get cluster -o=jsonpath='{.items[0].metadata.annotations.gce\.clusterapi\.k8s\.io\/service-account-k8s-worker}')
export INGRESS_CONTROLLER_SERVICE_ACCOUNT=$(kubectl get cluster -o=jsonpath='{.items[0].metadata.annotations.gce\.clusterapi\.k8s\.io\/service-account-k8s-ingress-controller}')
export MACHINE_CONTROLLER_SERVICE_ACCOUNT=$(kubectl get cluster -o=jsonpath='{.items[0].metadata.annotations.gce\.clusterapi\.k8s\.io\/service-account-k8s-machine-controller}')

  2. Remember the name and zone of the master VM

    export MASTER_VM_NAME=$(kubectl get machines -l set=master | awk '{print $1}' | tail -n +2)
export MASTER_VM_ZONE=$(kubectl get machines -l set=master -o=jsonpath='{.items[0].metadata.annotations.gcp-zone}')

  3. Delete all of the node Machines in the cluster. Make sure to wait for the corresponding Nodes to be deleted before moving onto the next step. After this step, the master node will be the only remaining node.

    kubectl delete machines -l set=node
kubectl get nodes

  4. Delete any Kubernetes objects that may have created GCE resources on your behalf, make sure to run these commands for each namespace that you created:

    # See ingress controller docs for information about resources created for
# ingress objects: https://github.com/kubernetes/ingress-gce
kubectl delete ingress --all

# Services can create a GCE load balancer if the type of the service is
# LoadBalancer. Additionally, both types LoadBalancer and NodePort will
# create a firewall rule in your project.
kubectl delete svc --all

# Persistent volume claims can create a GCE disk if the type of the pvc
# is gcePersistentDisk.
kubectl delete pvc --all

  5. Delete the VM that is running your cluster's control plane

    gcloud compute instances delete --zone=$MASTER_VM_ZONE $MASTER_VM_NAME

  6. Delete the roles and service accounts that were created for your cluster

    ./delete-service-accounts.sh

Documentation

Index

Constants

View Source 
const (
	ProjectAnnotationKey = "gcp-project"
	ZoneAnnotationKey    = "gcp-zone"
	NameAnnotationKey    = "gcp-name"

	BootstrapLabelKey = "boostrap"

	// This file is a yaml that will be used to create the machine-setup configmap on the machine controller.
	// It contains the supported machine configurations along with the startup scripts and OS image paths that correspond to each supported configuration.
	MachineSetupConfigsFilename = "machine_setup_configs.yaml"
)
View Source 
const (
	MasterNodeServiceAccountPrefix        = "k8s-master"
	WorkerNodeServiceAccountPrefix        = "k8s-worker"
	IngressControllerServiceAccountPrefix = "k8s-ingress-controller"
	MachineControllerServiceAccountPrefix = "k8s-machine-controller"

	IngressControllerSecret = "glbc-gcp-key"
	MachineControllerSecret = "machine-controller-credential"

	ClusterAnnotationPrefix = "gce.clusterapi.k8s.io/service-account-"
)
View Source 
const (
	MachineControllerSshKeySecret = "machine-controller-sshkeys"
	// Arbitrary name used for SSH.
	SshUser                = "clusterapi"
	SshKeyFile             = "clusterapi-key"
	SshKeyFilePublic       = SshKeyFile + ".pub"
	SshKeyFilePublicGcloud = SshKeyFilePublic + ".gcloud"
)
View Source 
const InstanceStatusAnnotationKey = "instance-status"

Variables

View Source 
var (
	MasterNodeRoles = []string{
		"compute.instanceAdmin",
		"compute.networkAdmin",
		"compute.securityAdmin",
		"compute.viewer",
		"iam.serviceAccountUser",
		"storage.admin",
		"storage.objectViewer",
	}
	WorkerNodeRoles        = []string{}
	IngressControllerRoles = []string{
		"compute.instanceAdmin.v1",
		"compute.networkAdmin",
		"compute.securityAdmin",
		"iam.serviceAccountActor",
	}
	MachineControllerRoles = []string{
		"compute.instanceAdmin.v1",
		"iam.serviceAccountActor",
	}
)

Functions

func CreateApiServerAndController 

func CreateApiServerAndController() error

func CreateDefaultStorageClass 

func CreateDefaultStorageClass() error

func CreateExtApiServerRoleBinding 

func CreateExtApiServerRoleBinding() error

TODO: We need to change this when we create dedicated service account for apiserver/controller pod.

func CreateIngressController 

func CreateIngressController(project string, clusterName string) error

Types

type GCEClient 

type GCEClient struct {
	// contains filtered or unexported fields
}

func NewMachineActuator 

func NewMachineActuator(params MachineActuatorParams) (*GCEClient, error)

func (*GCEClient) Create 

func (gce *GCEClient) Create(cluster *clusterv1.Cluster, machine *clusterv1.Machine) error

func (*GCEClient) CreateIngressControllerServiceAccount 

func (gce *GCEClient) CreateIngressControllerServiceAccount(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine) error

Creates a GCP service account for the ingress controller

func (*GCEClient) CreateMachineController 

func (gce *GCEClient) CreateMachineController(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine, clientSet kubernetes.Clientset) error

func (*GCEClient) CreateMachineControllerServiceAccount 

func (gce *GCEClient) CreateMachineControllerServiceAccount(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine) error

Creates a GCP service account for the machine controller, granted the permissions to manage compute instances, and stores its credentials as a Kubernetes secret.

func (*GCEClient) CreateMasterNodeServiceAccount 

func (gce *GCEClient) CreateMasterNodeServiceAccount(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine) error

Creates a GCP service account for the master node, granted permissions that allow the control plane to provision disks and networking resources

func (*GCEClient) CreateWorkerNodeServiceAccount 

func (gce *GCEClient) CreateWorkerNodeServiceAccount(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine) error

Creates a GCP service account for the worker node

func (*GCEClient) Delete 

func (gce *GCEClient) Delete(cluster *clusterv1.Cluster, machine *clusterv1.Machine) error

func (*GCEClient) DeleteIngressControllerServiceAccount 

func (gce *GCEClient) DeleteIngressControllerServiceAccount(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) DeleteMachineControllerServiceAccount 

func (gce *GCEClient) DeleteMachineControllerServiceAccount(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) DeleteMasterNodeServiceAccount 

func (gce *GCEClient) DeleteMasterNodeServiceAccount(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) DeleteWorkerNodeServiceAccount 

func (gce *GCEClient) DeleteWorkerNodeServiceAccount(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) Exists 

func (gce *GCEClient) Exists(cluster *clusterv1.Cluster, machine *clusterv1.Machine) (bool, error)

func (*GCEClient) GetDefaultServiceAccountForMachine 

func (gce *GCEClient) GetDefaultServiceAccountForMachine(cluster *clusterv1.Cluster, machine *clusterv1.Machine) string

Returns the email address of the service account that should be used as the default service account for this machine

func (*GCEClient) GetIP 

func (gce *GCEClient) GetIP(cluster *clusterv1.Cluster, machine *clusterv1.Machine) (string, error)

func (*GCEClient) GetKubeConfig 

func (gce *GCEClient) GetKubeConfig(cluster *clusterv1.Cluster, master *clusterv1.Machine) (string, error)

func (*GCEClient) PostCreate 

func (gce *GCEClient) PostCreate(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) PostDelete 

func (gce *GCEClient) PostDelete(cluster *clusterv1.Cluster, machines []*clusterv1.Machine) error

func (*GCEClient) ProvisionClusterDependencies 

func (gce *GCEClient) ProvisionClusterDependencies(cluster *clusterv1.Cluster, initialMachines []*clusterv1.Machine) error

func (*GCEClient) Update 

func (gce *GCEClient) Update(cluster *clusterv1.Cluster, goalMachine *clusterv1.Machine) error

type GCEClientComputeService 

type GCEClientComputeService interface {
	ImagesGet(project string, image string) (*compute.Image, error)
	ImagesGetFromFamily(project string, family string) (*compute.Image, error)
	InstancesDelete(project string, zone string, targetInstance string) (*compute.Operation, error)
	InstancesGet(project string, zone string, instance string) (*compute.Instance, error)
	InstancesInsert(project string, zone string, instance *compute.Instance) (*compute.Operation, error)
	ZoneOperationsGet(project string, zone string, operation string) (*compute.Operation, error)
}

type GCEClientKubeadm 

type GCEClientKubeadm interface {
	TokenCreate(params kubeadm.TokenCreateParams) (string, error)
}

type GCEClientMachineSetupConfigGetter 

type GCEClientMachineSetupConfigGetter interface {
	GetMachineSetupConfig() (machinesetup.MachineSetupConfig, error)
}

type MachineActuatorParams 

type MachineActuatorParams struct {
	CertificateAuthority     *cert.CertificateAuthority
	ComputeService           GCEClientComputeService
	Kubeadm                  GCEClientKubeadm
	V1Alpha1Client           client.ClusterV1alpha1Interface
	MachineSetupConfigGetter GCEClientMachineSetupConfigGetter
}

type SshCreds 

type SshCreds struct {
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis
cmd
gce-machine-controller
gce-machine-controller/app
gce-machine-controller/app/options
generate-image
v1alpha1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.