Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to install? #13

Open
lmakarov opened this issue Jun 21, 2021 · 6 comments
Open

How to install? #13

lmakarov opened this issue Jun 21, 2021 · 6 comments
Assignees
@diamonwiggins

Comments

@lmakarov
Copy link

First off, very excited that this project exists!
I'm looking for a solution to manage our Cloudflare configuration alongside other K8s resources.

Unfortunately, I'm not able to try this project as as the installation docs seem to be outdated.

Kubeflare requires Kubernetes 1.16 or later to install.

To install the current version of Kubeflare:

kubectl apply -f https://git.io/kubeflare

https://git.io/kubeflare leads nowhere:

❯ curl -i https://git.io/kubeflare
HTTP/1.1 404 Not Found
@lmakarov
Copy link
Author

ping @diamonwiggins

@diamonwiggins
Copy link
Member

@lmakarov sorry for the late reply. I will get the README updated this week as well. there is much to be done here, and we're just as excited about this project as you 😄

@diamonwiggins
Copy link
Member

diamonwiggins commented Jun 28, 2021
edited
Loading

@lmakarov A quick and dirty to get you started should be:

clone repo
kubectl apply -f config/crds/v1

Apply the following

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubeflare
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kubeflare
  template:
    metadata:
      labels:
        app: kubeflare
    spec:
      containers:
      - env:
        - name: CF_API_EMAIL
          value: [email protected]
        - name: CF_ZONE_ID
          value: your-zone-id
        - name: CF_ZONE_NAME
          value: your-zone-name
        - name: CF_API_KEY
          valueFrom:
            secretKeyRef:
              key: api-key
              name: your-cf-secret
        image: replicated/kubeflare-manager:0.1.0
        imagePullPolicy: IfNotPresent
        name: kubeflare

@lmakarov
Copy link
Author

lmakarov commented Jul 2, 2021

@diamonwiggins thanks, that gave me a starting point.

The final working solution ended up being way more complicated and took some time to figure out.

  1. Apply the crds from the repo:
clone repo
kubectl apply -f config/crds/v1
  1. Deploy kubeflare using the manifest below (namespace, RBAC, deployment)
---
apiVersion: v1
kind: Namespace
metadata:
  name: kubeflare-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubeflare
rules:
- apiGroups: ['']
  resources:
  - namespaces
  - secrets
  verbs: [get, list, watch]
- apiGroups: [crds.kubeflare.io]
  resources: ['*']
  verbs: [get, list, watch, update, patch, create, delete]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubeflare
  namespace: kubeflare-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubeflare
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubeflare
subjects:
- name: kubeflare
  namespace: kubeflare-system
  kind: ServiceAccount

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubeflare
  namespace: kubeflare-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kubeflare
  template:
    metadata:
      labels:
        app: kubeflare
    spec:
      serviceAccountName: kubeflare
      containers:
      - 
        name: kubeflare
        image: replicated/kubeflare-manager:0.1.0
        imagePullPolicy: IfNotPresent
        env:
          - name: CF_API_EMAIL
            value: <CF_API_EMAIL>
          - name: CF_ZONE_ID
            value: <CF_ZONE_ID>
          - name: CF_ZONE_NAME
            value: <CF_ZONE_NAME>
          - name: CF_API_KEY
            #value: <CF_API_KEY>
            valueFrom:
              secretKeyRef:
                key: api-key
                name: cf-api-secret
        resources:
          limits:
            cpu: 50m
            memory: 64Mi
          requests:
            cpu: 10m
            memory: 32Mi
  1. Create the secret with the Cloudflare Global API Key in the kubeflare-system namespace:
kubectl -n kubeflare-system create secret generic cf-api-secret --from-literal api-key=<CF_API_KEY>
  1. Create a kubeflare APIToken using the manifest below
apiVersion: crds.kubeflare.io/v1alpha1
kind: APIToken
metadata:
  name: cf-api-token
  namespace: kubeflare-system
spec:
  email: <CF_API_EMAIL>
  name: "Global API Key"
  #value: <CF_API_KEY>
  valueFrom:
    secretKeyRef:
      key: api-key
      name: cf-api-secret

The use case for these APITokens is unclear to me.
Cloudflare API creds are already set in the Deployment. Why would you need to set it again at the zone level via an APIToken?

Also, the name APIToken leads to a confusion with Cloudflare API Tokens, which is an alternative (newer) authentication mechanism and which you DO NOT use here. Instead, it's again that Cloudflare Global API Key that goes here.

  1. Next, load your zone definition with the manifest below:
---
apiVersion: crds.kubeflare.io/v1alpha1
kind: Zone
metadata:
  name: example.com
  namespace: kubeflare-system
spec:
  apiToken: cf-api-token
  settings:
    alwaysOnline: true
    # Zone setting mapping can be found here:
    # https://kubeflare.com/api/zone/#settings
  1. Finally, you can manage some DNS entries
apiVersion: crds.kubeflare.io/v1alpha1
kind: DNSRecord
metadata:
  name: www.example.com
  namespace: kubeflare-system
spec:
  record:
    content: 1.1.1.1
    name: www.example.com
    priority: 0
    proxied: false
    ttl: 1
    type: A
  zone: example.com

@diamonwiggins
Copy link
Member

@lmakarov thanks for working through this and awesome to see you were able to get it running despite the lack of documentation at the moment :).

The use case for these APITokens is unclear to me. Cloudflare API creds are already set in the Deployment. Why would you need to set it again at the zone level via an APIToken?

Your confusion is warranted. First, you don't need any of the environment variables in the deployment example I gave you, so you can remove those and rely solely on the APIToken/Zone CRDs for auth. Second, the Manager should just be relying on an APIToken everywhere. Looks like I corrected that in master, but its not released yet. 93ec3d9#diff-efa17ace5b45857940b854055d06a11b52ddc018acd36ab0a04e9e3072c27e87R40

I got sidetracked with a few things this week, but still planning on working on this late tomorrow/this weekend. Please feel free to create additional issues for any other problems you run into/suggest any improvements!

@lmakarov lmakarov mentioned this issue Jul 2, 2021
Open
@diamonwiggins diamonwiggins self-assigned this Jul 26, 2021
@diamonwiggins
Copy link
Member

Will document helm in the future when a chart is created, but for now the instructions for kubectl have been updated #16

@diamonwiggins diamonwiggins reopened this Jul 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diamonwiggins diamonwiggins

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmakarov @diamonwiggins