Kubernetes Setup :: Berlioz Documentation

Kubernetes Setup

Cluster

For every deployment and region a dedicated Kubernetes cluster should be created. Use <deployment>-<region-no-hyphens> format, for example: prod-uscentral1a.

Permissions

The service account create in the previous step should be allowed to access newly created kubernetes cluster. Apply following two configurations using kubectl:

$ kubectl apply -f config-1.yaml
$ kubectl apply -f config-2.yaml

config-1.yaml

Replace actual email of service account created in the previous step.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: berlioz:robot-cluster-admin-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: <email-of-service-account-berlioz-robot-user>

config-2.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: berlioz:controller-cluster-role
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - 'get'
  - 'list'
  - 'watch'
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - 'get'
  - 'list'
  - 'watch'
- apiGroups:
  - 'berlioz.cloud'
  resources:
  - 'services'
  verbs:
  - 'get'
  - 'list'
  - 'watch'