Splitting up the Walkthrough for 1.6 and 1.7 instructions#1163
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/XL
|
|
||
| This directory contains API resources for use with the [demo | ||
| walkthrough](../../../docs/walkthrough.md). | ||
| walkthrough](../../../docs/introduction.md). |
There was a problem hiding this comment.
I think linking to the introduction doc here is a bit misleading; the new structure of the docs has the core of the walkthrough separated to its own doc(s), with the intro being much larger in scope. I would instead link to the 1.7 walkthrough doc (since the 1.6 one is deprecated, it's unambiguous).
There was a problem hiding this comment.
@kibbles-n-bytes I updated the language around the link. I want people to go to the intro doc so they can choose whether they want to install or do the demo.
| ## Demo walkthrough | ||
|
|
||
| Check out the [walk-through](walkthrough.md) for a detailed guide of an example | ||
| Check out the [introduction](./introduction.md) for a detailed guide of an example |
There was a problem hiding this comment.
Similar to the comment from the walkthrough/README.md; I would link to the 1.7 walkthrough doc here, and then have a separate little sub-section above here for the intro.
There was a problem hiding this comment.
As with #1163 (comment), I updated the language around this link because I want to funnel people through the intro doc.
| @@ -0,0 +1,164 @@ | |||
| # Installing Service Catalog on Clusters Running Kubernetes 1.7 and Above | |||
There was a problem hiding this comment.
Kubernetes 1.7 and Above -> Kubernetes 1.6
| ``` | ||
|
|
||
| ## Get the appropriate tls ca/cert/key from kube | ||
| ## Get the Appropriate TLA CA, Certificate and Key from Kubernetes |
| maintained and we do not recommend using them to run a production installation | ||
| of Service Catalog. | ||
|
|
||
| ## Kubernetes 1.6 and Below (Deprecated) |
There was a problem hiding this comment.
Since this is deprecated, I'd put it below the 1.7 section.
| This document assumes that you've installed Service Catalog onto your cluster. | ||
| If you haven't, please see [install-1.7.md](./install-1.7.md). | ||
|
|
||
| TODO |
There was a problem hiding this comment.
I'd write here that they should be looking at the 1.6 walkthrough doc, and link to it.
There was a problem hiding this comment.
The 1.6 doc won't work for them, so they shouldn't look there.
There was a problem hiding this comment.
Does the walkthrough not work at all? Or is it just that the service catalog is behind the aggregator, so there is no "service-catalog" k8s context. If the latter, it seems misleading to basically send the reader to a dead end.
There was a problem hiding this comment.
Correct, there is no service-catalog k8s context. It doesn't work at all.
@jboyd01 and I are going to follow-up immediately after this PR to fill in this section.
| maintained and we do not recommend using them to run a production installation | ||
| of Service Catalog. | ||
|
|
||
| ## Kubernetes 1.6 and Below (Deprecated) |
There was a problem hiding this comment.
Same comment about "and Below"
| @@ -0,0 +1,164 @@ | |||
| # Installing Service Catalog on Clusters Running Kubernetes 1.7 and Above | |||
There was a problem hiding this comment.
Is the "1.6 and Below" aspect true? Does the service catalog currently work on versions below 1.6? I would call a hard line at 1.6 just to avoid any issues.
There was a problem hiding this comment.
I changed to just 1.6 - you're right that 1.5 is a no-go.
jboyd01
left a comment
jboyd01
left a comment
There was a problem hiding this comment.
This looks like the right direction to head in, we need to make additional passes in the walkthrough(s) to fix up some naming (Binding vs ServiceInstanceCredentials etc). I've got notes and will make a pass through at that once this is merged.
| @@ -0,0 +1,165 @@ | |||
| # Installing Service Catalog on Clusters Running Kubernetes 1.6 | |||
There was a problem hiding this comment.
I know the next paragraph states 1.6 is deprecated, I'd suggest adding (DEPRECATED) or something to the title above
| and go inside the cluster, and register themselves on demand to augment the | ||
| externally facing API that kubernetes offers. | ||
|
|
||
| Instead of running multiple API servers on different ports, API aggregation |
There was a problem hiding this comment.
"Instead of running multiple API servers on different ports" - - we still run multiple API servers on different ports, but aggregation enables a single point of entry for administration, right? ie might reword to indicate benefit is to admins with only needing to interact with the primary kube api server.
| please check [the auth doc](auth.md). | ||
| ```console | ||
| mkdir certs | ||
| ``` |
There was a problem hiding this comment.
do we want to change dir to there now? The original steps below don't cd and copy certs to the current directory (root of the SC source for me)
There was a problem hiding this comment.
Probably, but I haven't fully tested these instructions (I forked them and made changes there). I'd just like to get them into the right file for now and then improve in follow-ups. Cool with you?
There was a problem hiding this comment.
I ended up addressing this after all
| ```shell | ||
| source /contrib/svc-cat-apiserver-aggregation-tls-setup.sh | ||
| source ./contrib/svc-cat-apiserver-aggregation-tls-setup.sh | ||
| ``` |
There was a problem hiding this comment.
We don't really want to run this script as it would overwrite any custom certs the user copied from their cloud environment as detailed in the steps above. I believe all the steps above around the certs and TLS are executed with defaults by the svc-cat-apiserver-aggregation-tls-setup.sh script. I realize this content was not added by his PR, but at some point this summary should be removed or replaced with an accurate summary.
There was a problem hiding this comment.
I agree. I'd just like to get this content into the right place for now and then improve in follow-ups. Cool with you?
There was a problem hiding this comment.
You're in the docs, why not fix them now?
There was a problem hiding this comment.
I will fix them, I just want to keep this PR's scope down as much as possible (it's already big).
|
Thanks @jboyd01. Is it cool with you if I address your changes in an immediate follow-up? Follow-up: I ended up addressing these comments in this PR after all |
arschles
force-pushed
the
walkthrough-note
branch
from
cbb0726 to
933ea73
Compare
For 1.6 and 1.7 instructions
arschles
force-pushed
the
walkthrough-note
branch
from
933ea73 to
7b6b771
Compare
MHBauer
left a comment
MHBauer
left a comment
There was a problem hiding this comment.
Reading the commit log makes this all seem disconnected, but all the links I checked seem to work and I think I understand the flow of a user encounter.
| application configuration primitives in Kubernetes: Services, Secrets, and | ||
| ConfigMaps. | ||
|
|
||
| For more introduction, installation and self-guided demo instructions, please |
There was a problem hiding this comment.
remove 'more'. this is the first mention of instructions here.
There was a problem hiding this comment.
But this line is under the "Introduction" section of the readme.
There was a problem hiding this comment.
ah okay, "For more introduction, including installation and self-guided demo instructions, ..."
| `KUBE_ENABLE_CLUSTER_DNS` environment variable is set as follows: | ||
|
|
||
| ```console | ||
| hack/local-up-cluster.sh -O |
There was a problem hiding this comment.
What does -O do? Is it going to print something? Can we get example output included?
There was a problem hiding this comment.
I have no idea; I barely ever use local-up. I copied this from the 1.6 walkthrough
There was a problem hiding this comment.
Example 2: hack/local-up-cluster.sh -O (auto-guess the bin path for your platform). The alternative being to specify the path with -o or no args and have it rebuild. I doubt you want to include example output, it's quite long.
There was a problem hiding this comment.
Then that example makes even less sense.
How about :
KUBE_ENABLE_CLUSTER_DNS=true hack/local-up-cluster.sh -O
Is DNS enabled by default now? Maybe we can just remove the mention of it in the text above the console output, at which point we don't need that either.
There was a problem hiding this comment.
I'll add the env var into the command. Can we address the rest of this in a follow-up please?
| instructions here for enabling cluster DNS for all Kubernetes cluster | ||
| installations, but here are a few notes: | ||
| This document assumes that you've installed Service Catalog onto your cluster. | ||
| If you haven't, please see [install-1.6.md](./install-1.6.md). |
There was a problem hiding this comment.
clean up the link text here and above to be something like "the installation instructions for v1.X"
| The service catalog is packaged as a Helm chart located in the | ||
| [charts/catalog](../charts/catalog) directory in this repository, and supports a | ||
| wide variety of customizations which are detailed in that directory's | ||
| [README.md](https://github.com/kubernetes-incubator/service-catalog/blob/master/charts/catalog/README.md). |
There was a problem hiding this comment.
relative link vs whole link here? Should go to almost the same place as the link two lines above, right?
There was a problem hiding this comment.
yep. I'll change it to a relative link.
|
|
||
| 1. Etcd 3 | ||
| 2. Third Party Resources (also, known as TPRs) - this is an _alpha_ feature | ||
| right now. It has known issues and may be removed at any time |
There was a problem hiding this comment.
Add period at end of sentence.
| Certificate, and the Serving Private Key. | ||
|
|
||
| This is an example. It is written with zero understanding of the best | ||
| practices of secure certificate generation. |
| ``` | ||
|
|
||
| ## Get the appropriate tls ca/cert/key from kube | ||
| ## Get the Appropriate TLS CA, Certificate and Key from Kubernetes |
There was a problem hiding this comment.
The heading levels might need to be adjusted, this was supposed to be a peer with the "generate the Cert Bundle" part, as it is an alternative and both should not be done at the same time.
There was a problem hiding this comment.
I put the two options under the same heading
| @@ -1,17 +1,28 @@ | |||
| # Installing Service Catalog on Clusters Running Kubernetes 1.7 and Above | |||
There was a problem hiding this comment.
Overall this feels more like the api-aggregation doc than a 1.7 install doc. Maybe we can just have the final "helm command" and link to a separate place where the cert stuff is described.
There was a problem hiding this comment.
script run + helm command seems simplest to me.
| ```shell | ||
| source /contrib/svc-cat-apiserver-aggregation-tls-setup.sh | ||
| source ./contrib/svc-cat-apiserver-aggregation-tls-setup.sh | ||
| ``` |
There was a problem hiding this comment.
You're in the docs, why not fix them now?
| ## Kubernetes 1.7 and Above | ||
|
|
||
| - [Installation instructions](./install-1.7.md) | ||
| - [Demo instructions](./walkthrough-1.7.md) |
There was a problem hiding this comment.
Leave this link off as the document is a dead end. Or have that document link back here.
There was a problem hiding this comment.
I left a note that this doc is a WIP
The install instructions say that you should create this directory, so let’s ignore it
|
@MHBauer I've addressed your comments. Can you PTAL? |
vaikas
left a comment
vaikas
left a comment
There was a problem hiding this comment.
There's a few things that I'd consider nits, I like the breaking of the documents, it's an improvement and we can make smaller fixes after we merge this more easily.
| externally facing API that kubernetes offers. | ||
|
|
||
| Instead of requiring the end-user to access multiple API servers, the API | ||
| aggregation system allows many servers to run inside the cluster, and combines |
There was a problem hiding this comment.
nit:
s/many servers/many API servers/
MHBauer
left a comment
MHBauer
left a comment
There was a problem hiding this comment.
the hack local up thing, otherwise looking good.
| application configuration primitives in Kubernetes: Services, Secrets, and | ||
| ConfigMaps. | ||
|
|
||
| For more introduction, installation and self-guided demo instructions, please |
There was a problem hiding this comment.
ah okay, "For more introduction, including installation and self-guided demo instructions, ..."
| `KUBE_ENABLE_CLUSTER_DNS` environment variable is set as follows: | ||
|
|
||
| ```console | ||
| hack/local-up-cluster.sh -O |
There was a problem hiding this comment.
Then that example makes even less sense.
How about :
KUBE_ENABLE_CLUSTER_DNS=true hack/local-up-cluster.sh -O
Is DNS enabled by default now? Maybe we can just remove the mention of it in the text above the console output, at which point we don't need that either.
| ## Helm | ||
|
|
||
| You *must* use [Helm](http://helm.sh/) v2 or newer in the installation steps | ||
| below. |
There was a problem hiding this comment.
Anything in the minor releases of helm we need? I thought there was something in 2.3 or so that was needed. Cannot remember what.
There was a problem hiding this comment.
I recall that, yes. I'll try to find out and address it in a follow-up
| @@ -1,17 +1,28 @@ | |||
| # Installing Service Catalog on Clusters Running Kubernetes 1.7 and Above | |||
| ## Kubernetes 1.7 and Above | ||
|
|
||
| - [Installation instructions](./install-1.7.md) | ||
| - [Demo instructions](./walkthrough-1.7.md) (this is a work in progress) |
pmorie
left a comment
pmorie
left a comment
There was a problem hiding this comment.
Big medicine. I have a few suggestions/nits. The only big thing is that the 1.7 walkthrough needs to either have all the walkthrough content tailored for 1.7, or somehow give the correct commands to run.
| .pkg | ||
| .kube | ||
| .var | ||
| docs/certs |
There was a problem hiding this comment.
Path looks weird, but whatever
There was a problem hiding this comment.
yea, the install directions for 1.7 in this PR are tailored toward operating the install out of this directory. can change it in a follow-up if needed
|
|
||
| This is an example. It is written with zero understanding of the best | ||
| practices of secure certificate generation. | ||
| The certificate bundle is made up of Certificate Authority, a Serving |
There was a problem hiding this comment.
done
update: I made this change after the PR was merged. Addressed in #1169
| through a short demo. | ||
|
|
||
| ## Step 0 - Prerequisites | ||
| This document contains instructions for a self-guided demo of the Service |
There was a problem hiding this comment.
Might want to put a bold NOTE here or something.
There was a problem hiding this comment.
done
update: I made this change after the PR was merged. Addressed in #1169
| ``` | ||
|
|
||
| ## Step 9 - ServiceInstanceCredential to the ServiceInstance | ||
| # Step 5 - ServiceInstanceCredential to the ServiceInstance |
There was a problem hiding this comment.
This reads awkwardly - how about 'Requesting a ServiceInstanceCredential to use the ServiceInstance`? As-is, doesn't read quite right to me.
There was a problem hiding this comment.
Good catch - thanks @pmorie. Will do in a follow-up
| Notice that a new `Secret` named `ups-instance-credential` has been created. | ||
|
|
||
| ## Step 10 - Unbinding from the ServiceInstance | ||
| # Step 6 - Unbinding from the ServiceInstance |
There was a problem hiding this comment.
We should probably not call this unbinding anymore. How about 'delete the ServiceInstanceCredential', and update the language to be something like 'Imagine we're done using this service instance. We need to delete the credentials we requested earlier.'
There was a problem hiding this comment.
done
update: I made this change after the PR was merged. Addressed in #1169
| This document assumes that you've installed Service Catalog onto your cluster. | ||
| If you haven't, please see [install-1.7.md](./install-1.7.md). | ||
|
|
||
| This document is a work in progress. Instructions for the self-guided demo |
There was a problem hiding this comment.
I think we should either:
- duplicate the walkthrough content here, and only maintain both until the beta
- expand significantly on the commands to use
There was a problem hiding this comment.
I already wrote in the 1.6 walkthrough that it's deprecated and may be removed at any time. In a follow-up, I am going to duplicate the existing walkthrough and expand on it. Does that address your concern @pmorie?
|
I see that this already has LGTM2, and I won't block it merging, but I would like to have my comments addressed ASAP in a follow-up. |
This is a follow-up to kubernetes-retired#1163 (comment) sion_r135920291 Cc/ @MHBauer
| minikube start --extra-config=apiserver.Authorization.Mode=RBAC | ||
| ``` | ||
|
|
||
| AssumingBy default, `helm init` installs the Tiller pod into the `kube-system` |
* Specifying that you need Helm v2.5.0 for installation This is a follow-up to #1163 (comment) sion_r135920291 Cc/ @MHBauer * Reducing Helm version redundancy
9 participants
As discussed, we will provide installation and walkthrough documents for both 1.6 (and prior) and 1.7 (and later) clusters. However, we will deprecate the 1.6 documents. I've done that here.
I've also split the walkthrough documents apart. For each Kubernetes version, I've provided an installation document and a walkthrough document.
Finally, I've moved the
docs/api-aggregation-setup.mdfile into the installation guide for 1.7, and re-structured it to match the structure of the installation guide for 1.6.There is still work to follow-up on from this PR. This is a step in the right direction, and will improve on the current state of the world. @jboyd01 and I intend to move forward with follow-ups to further improve our install & walkthrough docs.
This patch replaces #1005 (which is now closed). I'd like to complete the 1.7 instructions (which are currently a TODO in this patch) in a follow-up.
cc/ @jboyd01, who is also interested in working on 1.7 install/walkthrough instructions.