[WIP] Azure IPAM topic (#545)

* First draft of Azure IPAM topic * Add Azure install topic to TOC * Incorporate feedback * Incorporate more feedback * Add more feedback
2018-03-16 15:14:53 -07:00 · 2018-03-16 15:14:53 -07:00 · 09b7f882e2
parent 67d068a2c3
commit 09b7f882e2
2 changed files with 216 additions and 0 deletions
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -1574,6 +1574,8 @@ manuals:
          title: Install
        - path: /ee/ucp/admin/install/install-offline/
          title: Install offline
        - path: /ee/ucp/admin/install/install-on-azure/
          title: Install on Azure
        - path: /ee/ucp/admin/install/upgrade/
          title: Upgrade
        - path: /ee/ucp/admin/install/upgrade-offline/
--- a/ee/ucp/admin/install/install-on-azure.md
+++ b/ee/ucp/admin/install/install-on-azure.md
@ -0,0 +1,214 @@
 ---
 title: Install UCP on Azure
 description: Learn how to install Docker Universal Control Plane in a Microsoft Azure environment.
 keywords: Universal Control Plane, UCP, install, Docker EE, Azure, Kubernetes
 ---
 Docker UCP configures the Azure IPAM module for Kubernetes to allocate
 IP addresses to Kubernetes pods. The Azure IPAM module requires each Azure
 VM that's part of the Kubernetes cluster to be configured with a pool of
 IP addresses.
 You have two options for deploying the VMs for the Kubernetes cluster on Azure:
 - Install the cluster on Azure stand-alone virtual machines. Docker UCP provides
  an [automated mechanism](#configure-ip-pools-for-azure-stand-alone-vms)
  to configure and maintain IP pools for stand-alone Azure VMs.
 - Install the cluster on an Azure virtual machine scale set. Configure the
  IP pools by using an ARM template like [this one](#set-up-ip-configurations-on-an-azure-virtual-machine-scale-set).
 The steps for setting up IP address management are different in the two
 environments. If you're using a scale set, you set up `ipConfigurations`
 in an ARM template. If you're using stand-alone VMs, you set up IP pools
 for each VM by using a utility container that's configured to run as a
 global Swarm service, which Docker provides.
 ## Considerations for size of IP pools
 The subnet and the virtual network associated with the primary interface of
 the Azure VMs need to be configured with a large enough address prefix/range. 
 The number of required IP addresses depends on the number of pods running
 on each node and the number of nodes in the cluster.
 For example, in a cluster of 256 nodes, to run a maximum of 128 pods
 concurrently on a node, make sure that the address space of the subnet and the
 virtual network can allocate at least 128 * 256 IP addresses, _in addition to_
 initial IP allocations to VM NICs during Azure resource creation.
 Accounting for IP addresses that are allocated to NICs during VM bring-up, set
 the address space of the subnet and virtual network to 10.0.0.0/16. This
 ensures that the network can dynamically allocate at least 32768 addresses,
 plus a buffer for initial allocations for primary IP addresses.
 > Azure IPAM, UCP, and Kubernetes
 > 
 > The Azure IPAM module queries an Azure virtual machine's metadata to obtain
 > a list of IP addresses that are assigned to the virtual machine's NICs. The
 > IPAM module allocates these IP addresses to Kubernetes pods. You configure the
 > IP addresses as `ipConfigurations` in the NICs associated with a virtual machine
 > or scale set member, so that Azure IPAM can provide them to Kubernetes when
 > requested.
 {: .important}
 ## Configure IP pools for Azure stand-alone VMs
 Follow these steps when the cluster is deployed using stand-alone Azure VMs.
 ### Create an Azure resource group
 Create an Azure resource group with VMs representing the nodes of the cluster
 by using the Azure Portal, CLI, or ARM template.
 ### Configure multiple IP addresses per VM NIC
 Follow the steps below to configure multiple IP addresses per VM NIC.
 1.  Create a Service Principal with “contributor” level access to the above
    resource group you just created. You can do this by using the Azure Portal
    or CLI. Also, you can also use a utility container from Docker to create a
    Service Principal. If you have the Docker Engine installed, run the
    `docker4x/create-sp-azure`. image. The output of `create-sp-azure` contains
    the following fields near the end.
    ```
    AD App ID:       <...>
    AD App Secret:   <...>
    AD Tenant ID:    <...>
    ```
    You'll use these field values in a later step, so make a note of them.
    Also, make note of your Azure subscription ID.
 2.  Initialize a swarm cluster comprising the virtual machines you created
    earlier. On one of the nodes of the cluster, run:
    ```bash
    docker swarm init
    ```
 3.  Note the tokens for managers and workers.
 4.  Join two other nodes on the cluster as manager (recommended for HA) by running:
    ```bash
    docker swarm join --token <manager-token>
    ```
 5.  Join remaining nodes on the cluster as workers: 
    ```bash
    docker swarm join --token <worker-token>
    ```
 6.  Create a file named "azure_ucp_admin.toml" that contains contents from
    creating the Service Principal.
    ```
    AZURE_CLIENT_ID = "<AD App ID field from Step 1>"
    AZURE_TENANT_ID = "<AD Tenant ID field from Step 1>"
    AZURE_SUBSCRIPTION_ID = "<Azure subscription ID>"
    AZURE_CLIENT_SECRET = "<AD App Secret field from Step 1>"
    ```
 7.  Create a Docker Swarm secret based on the "azure_ucp_admin.toml" file. 
    ```bash
    docker secret create azure_ucp_admin.toml azure_ucp_admin.toml
    ```
 8.  Create a global swarm service using the [ddebroy/azip](https://hub.docker.com/r/ddebroy/azip/)
    image on Docker Hub. Use the Swarm secret to prepopulate the virtual machines
    with the desired number of IP addresses per VM from the VNET pool. Set the
    number of IPs to allocate to each VM through the IPCOUNT environment variable.
    For example, to configure 128 IP addresses per VM, run the following command: 
    ```bash
    docker service create \
      -mode=global \
      --secret=azure_ucp_admin.toml \
      --log-driver json-file \
      --log-opt max-size=1m \
      --env IPCOUNT=128 \
      --name ipallocator \
      ddebroy/azip
    ```
 [Install UCP on the cluster](#install-ucp-on-the-cluster).
 ## Set up IP configurations on an Azure virtual machine scale set
 Configure IP Pools for each member of the VM scale set during provisioning by
 associating multiple `ipConfigurations` with the scale set’s
 `networkInterfaceConfigurations`. Here's an example `networkProfile`
 configuration for an ARM template that configures pools of 32 IP addresses
 for each VM in the VM scale set.
 ```json
 "networkProfile": {
  "networkInterfaceConfigurations": [
    {
      "name": "[variables('nicName')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "[variables('ipConfigName1')]",
            "properties": {
              "primary": "true",
              "subnet": {
                "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
              },
              "loadBalancerBackendAddressPools": [
                {
                  "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/backendAddressPools/', variables('bePoolName'))]"
                }
              ],
              "loadBalancerInboundNatPools": [
                {
                  "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/inboundNatPools/', variables('natPoolName'))]"
                }
              ]
            }
          },
          {
            "name": "[variables('ipConfigName2')]",
            "properties": {
              "subnet": {
                "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
              }
            }
          }
          .
          .
          .
          {
            "name": "[variables('ipConfigName32')]",
            "properties": {
              "subnet": {
                "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'), '/subnets/', variables('subnetName'))]"
              }
            }
          }
        ],
        "primary": "true"
      }
    }
  ]
 }
 ```
 ## Install UCP on the cluster
 Use the following command to install UCP on the manager node.
 The `--pod-cidr` option maps to the IP address range that you configured for
 the subnets in the previous sections, and the `--host-address` maps to the
 IP address of the master node.
 ```bash
 docker container run --rm -it \
  --name ucp \
  -v /var/run/docker.sock:/var/run/docker.sock \
  {{ page.ucp_org }}/{{ page.ucp_repo }}:{{ page.ucp_version }} install \
  --host-address <ucp-ip> \
  --interactive \
  --swarm-port 3376 \
  --pod-cidr <ip-address-range> \
  --cloud-provider Azure
 ```