To connect to your Kubernetes cluster from outside your DC/OS cluster, you will now need to set up and configure the Edge-LB service for inbound load-balancing to your private Kubernetes cluster.
To set up Edge-LB for DC/OS Kubernetes you will need to:
- Configure Edge-LB on your cluster and deploy the configured pool for Kubernetes including:
- setting up a service account for Edge-LB
- installing Edge-LB, including the CLI plugin
Set up and Install Edge-LB with service account
-
First, add the Edge-LB repositories, replacing the download links with the latest available binaries:
dcos package repo add --index=0 edgelb https://<insert download link>/stub-universe-edgelb.json dcos package repo add --index=0 edgelb-pool https://<insert download link>/stub-universe-edgelb-pool.json
-
Next, create an Edge-LB service account:
dcos security org service-accounts keypair edge-lb-private-key.pem edge-lb-public-key.pem dcos security org service-accounts create -p edge-lb-public-key.pem -d "Edge-LB service account" edge-lb-principal dcos security org service-accounts show edge-lb-principal dcos security secrets create-sa-secret --strict edge-lb-private-key.pem edge-lb-principal dcos-edgelb/edge-lb-secret dcos security org groups add_user superusers edge-lb-principal
-
Then, create an options JSON file to install Edge-LB with its service account.
Here we create
edge-lb-options.json
and add the following configuration snippet:{ "service": { "secretName": "dcos-edgelb/edge-lb-secret", "principal": "edge-lb-principal", "mesosProtocol": "https" } }
Save the file.
-
Lastly, install the
edgelb
package on your DC/OS Enterprise cluster.In your CLI, enter:
dcos package install --options=edge-lb-options.json edgelb --yes
Expose API with Edge-LB Auto Pools
- If you have not disabled the
default
Edge-LB Auto Pool, the MKE cluster will be exposed out automatically and you can skip the pool creation and proceed with finding the IP.
Create and launch an Edge-LB configured pool deployment for your Kubernetes services
-
Next, save the following Kubernetes/Edge-LB Service configuration as
edgelb.json
.Copy for your convenience:
{ "apiVersion": "V2", "name": "edgelb-kubernetes-cluster-proxy-basic", "count": 1, "autoCertificate": true, "haproxy": { "frontends": [{ "bindPort": 6443, "protocol": "HTTPS", "certificates": [ "$AUTOCERT" ], "linkBackend": { "defaultBackend": "kubernetes-cluster1" } }, { "bindPort": 6444, "protocol": "HTTPS", "certificates": [ "$AUTOCERT" ], "linkBackend": { "defaultBackend": "kubernetes-cluster2" } } ], "backends": [{ "name": "kubernetes-cluster1", "protocol": "HTTPS", "services": [{ "mesos": { "frameworkName": "kubernetes-cluster1", "taskNamePattern": "kube-control-plane" }, "endpoint": { "portName": "apiserver" } }] }, { "name": "kubernetes-cluster2", "protocol": "HTTPS", "services": [{ "mesos": { "frameworkName": "kubernetes-cluster2", "taskNamePattern": "kube-control-plane" }, "endpoint": { "portName": "apiserver" } }] } ], "stats": { "bindPort": 6090 } } }
and paste in the file using your text editor.
-
Next, deploy the Edge-LB configured pool for your Kubernetes service:
In your CLI, enter:
dcos edgelb create edgelb.json
-
List your Edge-LB configured pools.
dcos edgelb list
and confirm your output looks similar to the following:
$ dcos edgelb list NAME APIVERSION COUNT ROLE PORTS edgelb-kubernetes-cluster-proxy-basic V2 1 slave_public 6090, 6443, 6444
-
Check that the status of your Edge-LB deployment is in
TASK_RUNNING
state (underSTATE
):dcos edgelb status edgelb-kubernetes-cluster-proxy-basic
The responding output should look like the following:
$ dcos edgelb status edgelb-kubernetes-cluster-proxy-basic NAME TASK ID STATE edgelb-pool-0-server edgelb-pool-0-server__a6e4b1a1-e63c-4579-a27e-a54328f31321 TASK_RUNNING
Find the IP
-
Find the public IP of the deployment (substitute
edgelb-kubernetes-cluster-proxy-basic
if not using Auto Pool Exposure):dcos edgelb endpoints auto-default NAME PORT INTERNAL IPS EXTERNAL IPS frontend_0.0.0.0_6443 6443 172.16.7.60 54.184.41.74 stats 9090 172.16.7.60 54.184.41.74 Public/private IPs metadata is inaccurate in case of pools that use virtual networks.
-
Save the IP as a variable:
export EDGELB_PUBLIC_AGENT_IP=<external IP of port 6443 from above>
Next Step: Test Kubernetes connections and view the Kubernetes dashboard
Now you have configured Edge-LB to connect to your Kubernetes clusters. In the last section, you will test connections and view the Kubernetes Dashboard via a web proxy on your browser.