-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation for production admiral deployment #147
Conversation
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #147 +/- ##
==========================================
- Coverage 74.06% 72.25% -1.82%
==========================================
Files 25 25
Lines 2175 1932 -243
==========================================
- Hits 1611 1396 -215
+ Misses 442 418 -24
+ Partials 122 118 -4
Continue to review full report at Codecov.
|
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
docs/Examples.md
Outdated
``` | ||
|
||
At this point, admiral is watching `remote cluster` | ||
Repeat step 4 and 5 to add another remote cluster to watch by admiral |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Repeat step 4 and 5 to add another remote cluster to watch by admiral | |
`Repeat steps 4 and 5 to add another remote cluster to be watched by Admiral.` |
@@ -18,6 +18,71 @@ Delete Istio's envoy filter for translating `global` to `svc.cluster.local` at i | |||
|
|||
## Example Installations & Demos | |||
|
|||
### Production Deployment | |||
|
|||
![](Admiral_Diagram.png) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the diagram:
i) remove secrets and dependency records boxes in remote cluster.
ii) In the main cluster rename secrets to admiral cluster secrets
iii) Add another remote cluster box to illustrate 1 to many relation between admiral and remote clusters.
docs/Examples.md
Outdated
|
||
|
||
In order to run admiral in production environment, we will have two types of clusters: | ||
- one main cluster where admiral lives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- one main cluster where admiral lives | |
- cluster where admiral runs called the `main` cluster |
docs/Examples.md
Outdated
|
||
In order to run admiral in production environment, we will have two types of clusters: | ||
- one main cluster where admiral lives | ||
- other remote clusters where admiral watches and monitors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- other remote clusters where admiral watches and monitors. | |
- clusters which admiral watches, monitors and creates Istio CRs called the `remote` clusters |
docs/Examples.md
Outdated
![](Admiral_Diagram.png) | ||
|
||
|
||
In order to run admiral in production environment, we will have two types of clusters: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In order to run admiral in production environment, we will have two types of clusters: | |
An admiral production set up would have two types of clusters: |
docs/Examples.md
Outdated
- other remote clusters where admiral watches and monitors. | ||
|
||
The requirements are different for the two types: | ||
- admiral namespace will exist in main cluster |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- admiral namespace will exist in main cluster | |
- admiral namespace will exist in the main cluster |
- admiral namespace will exist in main cluster | ||
- admiral-sync namespace will exist in remote clusters that admiral watches and monitors. | ||
|
||
1\. Set necessary environment variables |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1\. Set necessary environment variables | |
The following steps show how you can install admiral in the main cluster and then provision secrets for it to watch the remote clusters. | |
```While the process shown below using shell scripts is manual, automation can be built for i) installing admiral and its necessary resources (using a CD pipeline) ii) Provisioning secret for every new cluster created or upgraded as a post cluster create step``` | |
1\. Set the necessary environment variables |
docs/Examples.md
Outdated
|
||
3\. Add main cluster to Admiral's watcher | ||
|
||
Since there are most likely other contents living in the same cluster where admiral lives, admiral need to watch the cluster it's currently living in as well. This step can be skipped if Admiral has a dedicated cluster for Admiral only. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since there are most likely other contents living in the same cluster where admiral lives, admiral need to watch the cluster it's currently living in as well. This step can be skipped if Admiral has a dedicated cluster for Admiral only. | |
Since there are most likely other workloads running in the same cluster where admiral lives, admiral needs to watch the cluster it's currently living in as well. This step can be skipped if Admiral runs in a dedicated cluster. |
docs/Examples.md
Outdated
|
||
Since there are most likely other contents living in the same cluster where admiral lives, admiral need to watch the cluster it's currently living in as well. This step can be skipped if Admiral has a dedicated cluster for Admiral only. | ||
|
||
Let admiral monitor the cluster it lives in by exchanging secret with itself. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let admiral monitor the cluster it lives in by exchanging secret with itself. | |
Let admiral monitor the cluster it lives in by using the secret to talk to the API server of the cluster where it runs. |
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
Signed-off-by: Mengying <mengyinglimandy@gmail.com>
…io-ecosystem#147) * Make remote controller access thread safe. * Lint issue * Code review comments * More initializations fixed Co-authored-by: aattuluri <44482891+aattuluri@users.noreply.github.com>
Signed-off-by: Mengying mengyinglimandy@gmail.com