Deploying Verrazzano on OKE
Oracle recently released Verrazzano, an “end-to-end container platform to deploy cloud native and traditional applications in multi-cloud and hybrid environments.” If that’s a lot to take in, it’s because Verrazzano, (v8o for short) packs a lot. In this post, we will explore deploying Verrazzano on OKE.
The single cluster deployment model is easy:
- Create a Kubernetes cluster
- Install the Verrazzano platform operator
- Install Verrazzano
After this, you can deploy your application of choice.
Creating the OKE cluster
We will start by creating the OKE cluster using https://github.com/oracle-terraform-modules/terraform-oci-oke. Since we are only taking Verrazzano for a spin, we only need the bare minimum features. Follow the quickstart guide, create the providers and create a copy of the terraform.tfvars.example and rename the copy to terraform.tfvars. Ensure the following features/resources are enabled/created:
create_bastion_host = true
bastion_access = ["anywhere"]create_operator = true
enable_operator_instance_principal = true
node_pools = {
np1 = { shape = "VM.Standard.E4.Flex", ocpus = 2, memory = 32, node_pool_size = 2, boot_volume_size = 150}
}
Follow the rest of the quickstart to run terraform init and apply.
Once the cluster is created, use the convenient output to copy the command to ssh to the operator host:
ssh_to_operator = "ssh -i ~/.ssh/id_rsa -J opc@xyz.xyz.xyz.xyz opc@10.0.0.12"From here onwards, all kubectl commands are executed on the operator host.
Installing the Verrazzano operator
Let’s install the Verrazzano operator:
$ kubectl apply -f https://github.com/verrazzano/verrazzano/releases/download/v1.0.1/operator.yamland wait for the deployment to complete:
$ kubectl -n verrazzano-install rollout status deployment/verrazzano-platform-operatorWaiting for deployment “verrazzano-platform-operator” rollout to finish: 0 of 1 updated replicas are available…
Give it a couple of minutes and the operator should have deployed by then. Verify that the operator is running:
$ kubectl -n verrazzano-install get podsNAME READY STATUS RESTARTS AGEverrazzano-platform-operator-5f788568fd-w8cz7 1/1 Running 0 80s
Installing Verrazzano
We can now install Verrazzano. We will use the dev profile for this exercise:
kubectl apply -f - <<EOF
apiVersion: install.verrazzano.io/v1alpha1
kind: Verrazzano
metadata:
name: hello-verrazzano
spec:
profile: dev
EOFNow we need to wait for Verrazzano to install:
kubectl wait \
--timeout=20m \
--for=condition=InstallComplete \
verrazzano/Accessing Verrazzano
In order to access Verrazzano, you need to get the console URL: https://verrazzano.io/docs/operations/
$ kubectl get vz -o yamlYou’ll get a list of URLs printed. For example, my Verrazzano console URL is https://verrazzano.default.168.138.102.88.nip.io
Access this url in your browser and you will be prompted to login:
The username is verrazzano and you can obtain the password by issuing the following command:
kubectl get secret \
--namespace verrazzano-system verrazzano \
-o jsonpath={.data.password} | base64 \
--decode; echoYou should now be able to access the Verrazzano console:
Deploy an application to Verrazzano
We will deploy hello-helidon application. Create a namespace:
kubectl create namespace hello-helidonand add labels to identify the namespace as managed by Verrazzano and enabled for Istio:
kubectl label namespace hello-helidon verrazzano-managed=true istio-injection=enabledNext, deploy the Verrazzano component:
kubectl apply -f https://raw.githubusercontent.com/verrazzano/verrazzano/master/examples/hello-helidon/hello-helidon-comp.yamlThen create the Application Configuration:
kubectl apply -f https://raw.githubusercontent.com/verrazzano/verrazzano/master/examples/hello-helidon/hello-helidon-app.yamlNow get the name of your pod:
$ kubectl get pods -n hello-helidonNAME READY STATUS RESTARTS AGEhello-helidon-deployment-54979d7d74-6c9nw 1/1 Running 0 2m18s
And check if the application is ready:
$ kubectl wait — timeout=300s — for=condition=Ready -n hello-helidon pod/hello-helidon-deployment-54979d7d74–6c9nwpod/hello-helidon-deployment-54979d7d74-6c9nw condition met
Lookup the hostname of the load balancer:
HOST=$(kubectl get gateway hello-helidon-hello-helidon-appconf-gw \
-n hello-helidon \
-o jsonpath='{.spec.servers[0].hosts[0]}')You can then test the application:
$ curl -sk \
-X GET \
"https://${HOST}/greet"This should return you:
{"message":"Hello World!"}Observability
Now, that we’ve got our application running and accessible, we want to also look at its logs and metrics. Verrazzano has got you covered in the form of the ELK stack for logging and the combination of Prometheus and Grafana for metrics and performance monitoring.
Let’s look at Grafana first. On the main page of the Verrazzano console, you will see a link to Grafana. You can use the same combination of username and password you used to log into Grafana. Once logged in, click on “Home” and select the “Helidon Monitoring Dashboard”:
Similarly, access the Kibana dashboard and click on Visualize icon in the left menu. You will be prompted to create an index pattern. Select the verrazzano* and follow the wizard to add the index pattern. Search for hello-helidon and you should be able to see the following:
From here, you can create your own visualizations and dashboards.
What if we want to peek at the Kubernetes cluster itself? Again, Verrazzano has got you covered. From the Verrazzano console, locate the link to Rancher and click on it. The username is “admin” and you can retrieve the password as follows:
kubectl get secret \
--namespace cattle-system rancher-admin-secret \
-o jsonpath={.data.password} | base64 \
--decode; echoOnce logged in, you will land on the cluster page and you will see an Explorer button. Click on it and you will be able to view your Kubernetes cluster:
Summary
Verrazzano packs a nice set of capabilities that helps you with the operational side of of Kubernetes. From monitoring to logging and security, there is a lot productivity that a Kubernetes or an application administrator can gain.
I hope you find this article helpful. In future, we will explore other features of Verrazzano, including multi-cluster deployment and network security among others.
