github.com/greenboxal/deis@v1.12.1/docs/managing_deis/isolating-planes.rst

github.com/greenboxal/deis@v1.12.1/docs/managing_deis/isolating-planes.rst (about)

     1  :title: Isolating the Planes
     2  :description: Configuring the cluster to isolate the control plane, data plane, and router mesh.
     3  
     4  .. _isolating-planes:
     5  
     6  Isolating the Planes
     7  ====================
     8  
     9  .. include:: ../_includes/_isolating-planes-description.rst
    10  
    11  Understanding Fleet metadata
    12  ----------------------------
    13  
    14  The key to isolating the Control Plane, Data Plane, and Router Mesh is Fleet
    15  metadata.  Although Deis supports alternate schedulers, Deis components
    16  themselves are all scheduled via Fleet.
    17  
    18  Deis configures the Fleet daemon executing on each node at the time of
    19  provisioning via cloud-config.  Within that configuration, it is possible to tag
    20  nodes with metadata in the form of key/value pairs to arbitrarily describe
    21  attributes of the node.  For instance, an operator may tag a node with
    22  ``ssd=true`` to indicate that a node's volumes use solid state disk.
    23  
    24  .. code-block:: yaml
    25  
    26      #cloud-config
    27      ---
    28      coreos:
    29        fleet:
    30          metadata: ssd=true
    31      # ...
    32  
    33  When scheduling a unit of work via Fleet, it is also possible to annotate that
    34  unit with metadata that is required to be present on any node in order to be
    35  considered eligible to host that work.  In keeping with our previous example,
    36  to restrict a unit of work to only those nodes equipped with SSD, the unit may
    37  be annotated thusly:
    38  
    39  .. code-block:: yaml
    40  
    41      # ...
    42      [X-Fleet]
    43      MachineMetadata="ssd=true"
    44  
    45  Deis takes advantage of this very mechanism to establish which nodes are
    46  eligible to host each of the Control Plane, Data Plane, and Router Mesh.
    47  
    48  `More details on Fleet metadata`_
    49  
    50  cloud-config
    51  ------------
    52  
    53  To configure a Fleet node as eligible to host Control Plane components, the
    54  following cloud-config may be used:
    55  
    56  .. code-block:: yaml
    57  
    58      #cloud-config
    59      ---
    60      coreos:
    61        fleet:
    62          metadata: controlPlane=true
    63  
    64  Similarly, ``dataPlane=true`` and ``routerMesh=true`` may be used to establish
    65  eligibility to host components of the Data Plane (including applications) and
    66  Router Mesh, respectively.
    67  
    68  It is also possible to configure nodes as eligible to host two or even all
    69  three of the Control Plane, Data Plane, and Router Mesh.  In fact, this is
    70  the default behavior described by Deis' included cloud-config.
    71  
    72  .. code-block:: yaml
    73  
    74      #cloud-config
    75      ---
    76      coreos:
    77        fleet:
    78          metadata: controlPlane=true,dataPlane=true,routerMesh=true
    79  
    80  It should be obvious that isolating the planes as described here requires
    81  subsets of a cluster's nodes to be configured differently from one another (with
    82  different metadata). Deis provisioning scripts do not currently account for
    83  this, so managing separate cloud-config for each subset of nodes in the cluster
    84  is left as an exercise for the advanced operator.
    85  
    86  Decorating units
    87  ----------------
    88  
    89  To complement the cloud-config described above, Deis 1.10.0 and later are capable
    90  of seamlessly "decorating" the Fleet units for each Deis platform component with
    91  the metadata that describes where each unit may be hosted.
    92  
    93  .. note::
    94  
    95      For the purposes of backwards compatibility with Deis clusters provisioned
    96      using versions of Deis older than 1.10.0, decorating the platform's units
    97      with metadata is an opt-in.  Nodes in older clusters are guaranteed to be
    98      lacking the metadata that indicates what components they are eligible to
    99      host.  As such, decorated units would be ineligible to run anywhere within
   100      such a cluster.
   101  
   102      To opt in, use the following:
   103  
   104      .. code-block:: console
   105  
   106          $ deisctl config platform set enablePlacementOptions=true
   107  
   108  Alternate schedulers
   109  --------------------
   110  
   111  Recent versions of Deis ship with
   112  :ref:`technology previews <choosing_a_scheduler>` that permit the use of
   113  alternate schedulers such as Swarm or Mesos with Marathon.
   114  
   115  If opting into both isolated planes and an alternate scheduler, units for the
   116  alternate scheduler's agents (a Mesos slave process, for instance) will be
   117  decorated appropriately to isolate them to the Data Plane.
   118  
   119  .. _`More details on Fleet metadata`: https://coreos.com/fleet/docs/latest/unit-files-and-scheduling.html#fleet-specific-options