Kaptain - Production Grade Kubernetes Cluster Deployment
TL;DR;
Dependencies
$ kaptain create --name=dev.my-project.aws
$ kaptain list
$ sailor provision --name=dev.my-project.aws --role=etcd
$ sailor provision --name=dev.my-project.aws --role=master
$ sailor provision --name=dev.my-project.aws --role=worker
$ ls /tmp/kaptain
$ kaptain export --name=dev.my-project.aws
$ # Deploy the cluster with Terraform
$ kaptain bootstrap --name=dev.my-project.aws
Storage backend
Currently Kaptain support S3
and Vault
as storage backend. Storage backend
can be specified via command line flag --store=<uri>
. The URI has the following
format.
<scheme>://<path>?<key1>=<value1>&<key2>=<value2>
Where
<scheme>
is the name of the storage backend
<path>
is the resource path to the storage, this is storage specific
<key>
and <value>
are configs for the storage backend, also storage specific
The current default value is s3://aws.all.kaptain?region=eu-west-1
if not specified.
S3
Although AWSCLI is not required. AWS credentials must be set. See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html for details.
- Scheme:
s3
- Path: name of the bucket (e.g.
aws.all.kaptain
)
- Keys:
region
: S3 region (e.g. eu-west-1
)
Example s3://aws.all.kaptain?region=eu-west-1
Vault
Environment variable VAULT_ADDR
must be set to the Vault server.
(e.g. https://vault.service.consul:8200
)
- Scheme:
vault
- Path: vault generic secret path without the
secret/
prefix (e.g. project/kaptain
)
- Keys:
role_id
: Vault role ID
role_secret
: Vault role secret
Example vault://project/kaptain?role_id=1234&secret_id=abcd
Usage
Kaptain is a commandline tool to streamline management of various config files and
x509 certificates needed by a Kubernetes Deployment. The tool is split into two components:
Kaptain
An admin tool that is run by a cluster admin (Support Linux, OSX and Windows), which
- Allows the admin to define a cluster with given a unique
cluster name
- Generates all x509 certificates and secrets needed for bootstrapping a new cluster
- Persists all state on remote storage backend
- Allows the admin to export kubeconfig to the current machine (default to
~/.kube/config
)
Sailor
An agent that runs by the CloudInit script on provisioned cluster nodes
(etcd, master or worker). Given cluster name
and role
(etcd, master or worker), it can
- Fetch cluster definition from remote storage backend
- Provision all necessary config files and x509 certificates depending on node type
Development
Pre-requisites
Build
The run the build to compile and install kaptain
and sailor
locally.
$ make
You should be able to test the binaries now
$ kaptain version
$ sailor version
Release
Tag current commit on the master branch.
$ git tag <version>
$ git push --tags
Cross-compile for all platforms. This will generate compiled binaries at ./build
$ make release
Dockerised Build
You can build the project completely in Docker, without the need to have Go toolchain installed.
$ make docker-build
Cleanup
This will delete all compiled binaries at ./build
$ make clean