lukaszo/Demo of federated kubernetes with externalipcontroller as a "LoadBalancer"

## Demo of federated kubernetes with externalipcontroller as a "LoadBalancer"
# Demo: https://asciinema.org/a/CEKNMeeG3ef7Mkg92uAS3MO7f


# REUIREMENTS:
# https://github.com/lukaszo/kubernetes-dind-federation
# kubefed, kubectl and hyperkube in path

# deploying two k8s clusters
CLUSTER_NAME=federation1 dind/dind-up-cluster.sh
CLUSTER_NAME=federation2 IP_RANGE=172.128.0.0/16 APISERVER_ADDRESS=172.128.0.1 dind/dind-up-cluster.sh
kubectl config use-context federation1

# starting externalipcontroller(https://github.com/Mirantis/k8s-externalipcontroller) in both clusters
kubectl create -f - <<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: system:serviceaccounts
subjects:
- kind: Group
  name: system:serviceaccounts
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF

kubectl create --context=federation2 -f - <<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: system:serviceaccounts
subjects:
- kind: Group
  name: system:serviceaccounts
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF

kubectl create -f - <<EOF
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: claimcontroller
spec:
  template:
    metadata:
      labels:
        app: externalipcontroller
    spec:
      hostNetwork: true
      containers:
      - name: externalipcontroller
        image: yashulyak/k8s-externalipcontroller
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
        command:
          - ipmanager
          - claimcontroller
          # iface is environment specific
          - --iface=docker0
          - --logtostderr
          - --v=5
          - --hb=500ms
EOF

kubectl create --context=federation2 -f - <<EOF
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: claimcontroller
spec:
  template:
    metadata:
      labels:
        app: externalipcontroller
    spec:
      hostNetwork: true
      containers:
      - name: externalipcontroller
        image: yashulyak/k8s-externalipcontroller
        imagePullPolicy: IfNotPresent
        securityContext:
          privileged: true
        command:
          - ipmanager
          - claimcontroller
          # iface is environment specific
          - --iface=docker0
          - --logtostderr
          - --v=5
          - --hb=500ms
EOF

kubectl create -f - <<EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: claimscheduler
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: claimscheduler
    spec:
      containers:
        - name: externalipcontroller
          image: yashulyak/k8s-externalipcontroller
          imagePullPolicy: IfNotPresent
          command:
            - ipmanager
            - scheduler
            - --mask=24
            - --logtostderr
            - --v=5
            - --leader-elect=true
            - --monitor=1s
            - --nodefilter=fair
EOF

kubectl create --context=federation2 -f - <<EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: claimscheduler
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: claimscheduler
    spec:
      containers:
        - name: externalipcontroller
          image: yashulyak/k8s-externalipcontroller
          imagePullPolicy: IfNotPresent
          command:
            - ipmanager
            - scheduler
            - --mask=24
            - --logtostderr
            - --v=5
            - --leader-elect=true
            - --monitor=1s
            - --nodefilter=fair
EOF

kubectl create -f -<< EOF
apiVersion: ipcontroller.ext/v1
kind: IpClaimPool
metadata:
    name: test-pool
spec:
    cidr: 192.168.0.248/29
    ranges:
        - - 192.168.0.249
          - 192.168.0.250
        - - 192.168.0.252
          - 192.168.0.253
EOF

kubectl create --context=federation2 -f - <<EOF
apiVersion: ipcontroller.ext/v1
kind: IpClaimPool
metadata:
    name: test-pool
spec:
    cidr: 192.168.10.248/29
    ranges:
        - - 192.168.10.249
          - 192.168.10.250
        - - 192.168.10.252
          - 192.168.10.253
EOF

# Adding routes to the IpClaimPool addresses
# this part is network specific, in my case I just need to add address from ClaimPool to the docker bridge
fed1_br=br-`docker network ls | grep federation1 | awk '{print $1}'`
sudo ip addr add 192.168.0.14/24 dev $fed1_br
fed2_br=br-`docker network ls | grep federation2 | awk '{print $1}'`
sudo ip addr add 192.168.10.14/24 dev $fed2_br


# deploying federation
FEDERATION_IMAGE=lukaszo/hyperkube:1.7 CLUSTER_NAME=federation1 dind/dind-deploy-federation.sh
kubefed join federation2 --host-cluster-context=federation1 --context=federation

# wait for clusters to be ready
kubectl get cluster --context=federation


# create ns
kubectl --context=federation create ns default

kbectl --context=federation run my-nginx --image=nginx --replicas=2 --port=80
kubectl --context=federation expose deployment my-nginx --port=80 --type=LoadBalancer
nslookup my-nginx.default.federation.svc.example.com 172.28.7.2
	# Demo: https://asciinema.org/a/CEKNMeeG3ef7Mkg92uAS3MO7f


	# REUIREMENTS:
	# https://github.com/lukaszo/kubernetes-dind-federation
	# kubefed, kubectl and hyperkube in path

	# deploying two k8s clusters
	CLUSTER_NAME=federation1 dind/dind-up-cluster.sh
	CLUSTER_NAME=federation2 IP_RANGE=172.128.0.0/16 APISERVER_ADDRESS=172.128.0.1 dind/dind-up-cluster.sh
	kubectl config use-context federation1

	# starting externalipcontroller(https://github.com/Mirantis/k8s-externalipcontroller) in both clusters
	kubectl create -f - <<EOF
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1alpha1
	metadata:
	name: system:serviceaccounts
	subjects:
	- kind: Group
	name: system:serviceaccounts
	roleRef:
	kind: ClusterRole
	name: cluster-admin
	apiGroup: rbac.authorization.k8s.io
	EOF

	kubectl create --context=federation2 -f - <<EOF
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1alpha1
	metadata:
	name: system:serviceaccounts
	subjects:
	- kind: Group
	name: system:serviceaccounts
	roleRef:
	kind: ClusterRole
	name: cluster-admin
	apiGroup: rbac.authorization.k8s.io
	EOF

	kubectl create -f - <<EOF
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: claimcontroller
	spec:
	template:
	metadata:
	labels:
	app: externalipcontroller
	spec:
	hostNetwork: true
	containers:
	- name: externalipcontroller
	image: yashulyak/k8s-externalipcontroller
	imagePullPolicy: IfNotPresent
	securityContext:
	privileged: true
	command:
	- ipmanager
	- claimcontroller
	# iface is environment specific
	- --iface=docker0
	- --logtostderr
	- --v=5
	- --hb=500ms
	EOF

	kubectl create --context=federation2 -f - <<EOF
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: claimcontroller
	spec:
	template:
	metadata:
	labels:
	app: externalipcontroller
	spec:
	hostNetwork: true
	containers:
	- name: externalipcontroller
	image: yashulyak/k8s-externalipcontroller
	imagePullPolicy: IfNotPresent
	securityContext:
	privileged: true
	command:
	- ipmanager
	- claimcontroller
	# iface is environment specific
	- --iface=docker0
	- --logtostderr
	- --v=5
	- --hb=500ms
	EOF

	kubectl create -f - <<EOF
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: claimscheduler
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: claimscheduler
	spec:
	containers:
	- name: externalipcontroller
	image: yashulyak/k8s-externalipcontroller
	imagePullPolicy: IfNotPresent
	command:
	- ipmanager
	- scheduler
	- --mask=24
	- --logtostderr
	- --v=5
	- --leader-elect=true
	- --monitor=1s
	- --nodefilter=fair
	EOF

	kubectl create --context=federation2 -f - <<EOF
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	name: claimscheduler
	spec:
	replicas: 1
	template:
	metadata:
	labels:
	app: claimscheduler
	spec:
	containers:
	- name: externalipcontroller
	image: yashulyak/k8s-externalipcontroller
	imagePullPolicy: IfNotPresent
	command:
	- ipmanager
	- scheduler
	- --mask=24
	- --logtostderr
	- --v=5
	- --leader-elect=true
	- --monitor=1s
	- --nodefilter=fair
	EOF

	kubectl create -f -<< EOF
	apiVersion: ipcontroller.ext/v1
	kind: IpClaimPool
	metadata:
	name: test-pool
	spec:
	cidr: 192.168.0.248/29
	ranges:
	- - 192.168.0.249
	- 192.168.0.250
	- - 192.168.0.252
	- 192.168.0.253
	EOF

	kubectl create --context=federation2 -f - <<EOF
	apiVersion: ipcontroller.ext/v1
	kind: IpClaimPool
	metadata:
	name: test-pool
	spec:
	cidr: 192.168.10.248/29
	ranges:
	- - 192.168.10.249
	- 192.168.10.250
	- - 192.168.10.252
	- 192.168.10.253
	EOF

	# Adding routes to the IpClaimPool addresses
	# this part is network specific, in my case I just need to add address from ClaimPool to the docker bridge
	fed1_br=br-`docker network ls \| grep federation1 \| awk '{print $1}'`
	sudo ip addr add 192.168.0.14/24 dev $fed1_br
	fed2_br=br-`docker network ls \| grep federation2 \| awk '{print $1}'`
	sudo ip addr add 192.168.10.14/24 dev $fed2_br


	# deploying federation
	FEDERATION_IMAGE=lukaszo/hyperkube:1.7 CLUSTER_NAME=federation1 dind/dind-deploy-federation.sh
	kubefed join federation2 --host-cluster-context=federation1 --context=federation

	# wait for clusters to be ready
	kubectl get cluster --context=federation


	# create ns
	kubectl --context=federation create ns default

	kbectl --context=federation run my-nginx --image=nginx --replicas=2 --port=80
	kubectl --context=federation expose deployment my-nginx --port=80 --type=LoadBalancer
	nslookup my-nginx.default.federation.svc.example.com 172.28.7.2