These instructions will get you up and running with Deis and CoreOS in a AWS VPC. There already exists a CloudFormation script to get up and running in AWS. But if you want to get down and dirty, this document will help walk you through the steps. Some of the AWS steps have the equivilent AWS CLI commands to get up and running without need for the AWS web interface.
Since we will be running CoreOS and Deis inside a VPC we need some AWS setup first. We need a single subnet VPC, some security groups, and instances of CoreOS.
Use the VPC wizard to create a VPC with single subnet. You can also use the AWS CLI to get a VPC and subnet up (be sure to replace the example VPC ID vpc-a01106c2
with the one output from the previous create-vpc
command):
$ aws ec2 create-vpc --cidr-block 172.16.0.0/16
VPC 172.16.0.0/16 dopt-674f8b0e default pending vpc-a01106c2
$ aws ec2 create-subnet --vpc-id vpc-a01106c2 --cidr-block 172.16.48.0/24
SUBNET us-west-2a 251 172.8.96.0/24 pending subnet-8e8c97fa vpc-a01106c2
Create security groups for remote SSH access, etcd, fleet, and Deis remote access
- Inbound port 22 for your remote SSH management (this can be limited by IP address)
- Inbound port 2222, 80, and 443 TCP for your remote git push SSH and Deis router
- Inbound all traffic for the current security group (the default group is fine, this allows each CoreOS instance to talk to each other on all ports)
You need to start up at least 3 insances of the current alpha CoreOS image.
- Image: Search for CoreOS-alpha-324.1.0 (shoul be
ami-a1c6b791
). - Instance Type: This should be at least
m3.medium
so there is enough memory per node. - Instance Details:
- Start an odd number of instances between 3 and 13.
- Check to automatically assign public IP addresses.
- Be sure to set the network to your newly created VPN.
- Expand the
Advanced
section and fill out theuser-data
(replacing<token>
with your own generated from http://discovery.etcd.io/new):
#cloud-config
coreos:
etcd:
discovery: https://discovery.etcd.io/<token>
addr: $private_ipv4:4001
peer-addr: $private_ipv4:7001
units:
- name: etcd.service
command: start
- name: fleet.service
command: start
- Storage: Your main EBS root can be default 8 GB. But you will need to mount another EBS volume at
/var/lib/docker
that gives you plenty of space for image storage (16 GB is a good start). - Security Groups: Assign the 3 previously created security groups the the new instances.
We can create these instances using the AWS CLI. First save your cloud config file from above as cloudinit
. Then using the AWS CLI (replacing VolumeSize
, security-group-ids
, subnet-id
, and other options with the correct ones for your environment):
$ aws ec2 run-instances --dry-run --image-id ami-a7d1a197 --block-device-mappings '[{"DeviceName": "/dev/sda1","Ebs": {"VolumeSize": 32}}]' --security-group-ids sg-b4d97dd1 sg-d9db7fbc sg-ffdb7f9a --associate-public-ip-address --count 5 --instance-type m3.large --subnet-id subnet-de170faa --key-name deis --user-data file://cloudinit
Create two load balancers.
This load balancer should be TCP 80 to TCP 8000 and TCP 2222 to TCP 2222 with all instances. This is used for Deis control and git push to the deis-builder
. We will later add DNS to this load balancer for the deis.mydomain.com
A record.
This load balancer should be HTTP 80 to HTTP 80 and HTTPS 443 to HTTP 80 with all instances. This is what balances applications running in Deis and will have wilcard DNS *.deis.mydomain.com
mapped.
Create two new DNS records. If you are using AWS Route53, these should be aliases to the load balancer instances instead of CNAMEs.
deis.mydomain.com
which will point to the Deis Control load balancer*.deis.mydomain.com
which will point to the Deis Applications load balancer
Clone the lastest version of Deis:
git clone https://github.com/deis/deis.git deis`
Then install the CLI:
cd deis/client
sudo python setup.py install
cd ..
The FLEETCTL_TUNNEL
environment variable provides a gateway to use in the datacenter to one of the CoreOS hosts:
export FLEETCTL_TUNNEL=ec2-55-55-55-55.us-west-2.compute.amazonaws.com
Now we can bootstrap the Deis containers. DEIS_NUM_INSTANCES
should match the number of EC2 instances launched. DEIS_NUM_ROUTERS
should be 3 or more Deis application load balancer routers to run:
DEIS_NUM_INSTANCES=5
DEIS_NUM_ROUTERS=3
make run
Then register the admin user (the first user registered is an admin):
deis register http://deis.mydomain.com
You can now login to Deis:
deis login http://deis.mydomain.com
Create a new cluster named deis
to run applications under:
deis clusters:create deis deis.mydomain.com --hosts deis.mydomain.com --auth ~/.ssh/id_rsa
Creating an application requires that application be housed under git already. Navigate to the application root and then:
deis create myapp --cluster deis
git push deis master
Your application will now be built and run inside the Deis cluster! After the application is pushed it should be running at http://myapp.deis.mydomain.com:
deis apps:info