Skip to content

Latest commit

 

History

History
77 lines (52 loc) · 2.88 KB

README.md

File metadata and controls

77 lines (52 loc) · 2.88 KB
Raw

Tsuru Helm Chart

Prerequisites Details

  • Kubernetes 1.6+

Chart Details

This chart will do the following:

  • Implemented a scalable Tsuru cluster using Kubernetes

Installing the Chart

Install dependecies:

To install cert-manager follow this steps first:

then:

$ helm dep up tsuru-helm-chart

To install the chart with the release name my-release:

$ helm install --name my-release tsuru-helm-chart

Minikube

Install the ingress addon on minikube.

$ minikube addons enable ingress
$ helm install --name my-release tsuru-helm-chart --set nginx-ingress.controller.service.type=NodePort \
                                                  --set ingress.domain=local.$(minikube ip).nip.io \
                                                  --set ingress.tls[0].hosts[0]=tsuru.local.$(minikube ip).nip.io \
                                                  --set docker-registry.ingress.hosts[0]=registry.local.$(minikube ip).nip.io \
                                                  --set docker-registry.ingress.tls[0].hosts[0]=registry.local.$(minikube ip).nip.io \
                                                  --set ingress.tls[0].secretName=tsuru-api \
                                                  --set docker-registry.ingress.tls[0].secretName=registry-tls
$ tsuru target-add default http://tsuru.local.$(minikube ip).nip.io/
$ tsuru cluster-add default kubernetes --addr https://kubernetes --default --cacert ~/.minikube/ca.crt --clientkey /root/.minikube/client.key --clientcert  /root/.minikube/client.crt
$ tsuru node-list

ACME/Kube-lego (Automatic Certificate Management Environment)

By default values will keep using the testing api endpoint for Let's encrypt, that means the certificates will not be valid.

helm install --name my-release --set ingress.domain=prod.us.cloud.domain.com,kube-lego.config.LEGO_EMAIL=admin@domain.com,kube-lego.config.LEGO_URL=https://acme-v01.api.letsencrypt.org/directory tsuru-helm-chart

Then while creating the apps add the --router-opts tls-acme=true. This will enable ACME with Let's Encrypt.

tsuru app-create tsuru-dashboard python --router-opts tls-acme=true

You can still create the chart with ACME support but use own certificates on the application.

Disable RBAC

By default Tsuru.io will be deployed with serviceaccounts with the necessary access. That can be disabled by the value rbac.create=false.

helm install --name my-release --set rbac.create=false tsuru-helm-chart

Updating Chart to use latest CertManager

helm upgrade tsuru ./  --reuse-values    --set cert-manager.webhook.enabled=false --set cert-manager.cainjector.enabled=false --set ingressShim.defaultIssuerKind=ClusterIssuer --set ingressShim.defaultIssuerName=letsencrypt-prod --set cert-manager.image.tag=v0.8.0