This is a technical guide to running Gardener on Equinix Metal.
Gardener is a Kubernetes multi-cluster, multi-cloud, multi-region orchestration system. it allows you to deploy and manage large numbers of Kubernetes clusters in many regions across the world, covering your own managed on-premise clusters and multiple clouds, all from a single control pane.
This guide assumes familiarity with Gardener, and assists in setting up and running Gardener-managed clusters on Equinix Metal.
Gardener has three tiers of clusters, each of which serves a different purpose.
- Garden cluster
- Seed cluster
- Shoot cluster
We explain them in the reverse order.
A shoot cluster is the cluster where you deploy your normal workloads: web servers, databases, machine learning, whatever workloads you are trying to deploy. You will have many shoot clusters deployed all over the world across many providers and locations.
A seed cluster is responsible for managing one or more shoot clusters. It is a "middle tier" management cluster. Because of the latency issues between cloud providers, and between regions within a single cloud provider, you generally have one seed cluster per cloud provider per region. For example, if you have 15 shoot clusters, five deployed in each of three Equinix Metal metros
- ny, da, fr - then you would deploy one seed cluster in each facility to manage its local shoot clusters. If you also have 3 shoot clusters deployed in AWS us-east-1 and 4 deployed in your data centre in Sydney, Australia, then you would deploy one additional seed cluster in each of those locations.
Seed clusters come in one of two forms:
- Seed - the Kubernetes cluster already is deployed, externally to Gardener, and the "seed" is deployed to the target cluster to turn it into a seed cluster
- Shooted Seed - Gardener deploys the actual Kubernetes cluster, and then the seed functionality to it
The garden cluster is the single, top-level management cluster. It is responsible for:
- managing the seed clusters and, through them, the shoot clusters
- interacting with end-users, allowing them to deploy seeds and shoots
Equinix Metal supports the following:
- Shoots on Equinix Metal
- Seeds on Equinix Metal
- Shooted Seeds on Equinix Metal
Garden cluster on Equinix Metal is not yet supported. It is on the roadmap, but if this is a priority for you, please contact your account executive.
You can use a Garden cluster anywhere that Gardener is supported, and, from there, deploy seeds and/or shoots onto Equinix Metal. We have tested and approved Garden cluster on several public clouds, and have written simplified guides. These guides are not materially different than the official Gardener docs, but are simplified and will help you get started. The following are the supported clouds and guides.
Once you have deployed a garden cluster - via one of the above guides or on your own - you should deploy a seed and a shoot. There are several ways to get a Seed cluster:
- Depending on how you deployed your garden cluster, you might already have a seed deployed, as part of garden-setup
- You can deploy a cluster outside of Gardener, and then convert it into a Seed, see the official guide
- You can deploy a "shooted seed", i.e. Gardener will deploy a managed Shoot cluster directly from the garden cluster, and then convert it into a Seed, see the official guide
Deploying a Seed is beyond the scope of this document, please see the official guides referenced above.
Finally, you are ready to deploy Shoot clusters on Equinix Metal.
The steps are as follows:
- Create and deploy a Project
- From the Equinix Metal console or API, get your Project UUID and an API key
- Create and deploy a
Secret
and aSecretBinding
including the Project UUID and API key - Create and deploy a
CloudProfile
- Create and deploy a
Shoot
We go through each step in turn.
A Project
groups together shoots and infrastructure secrets in a namespace.
A sample Project
is available at
23-project.yaml.
Copy it over to a temporary workspace, modify it as needed, and then apply it.
kubectl apply -f 23-project.yaml
Unless you actually will be using the Gardener UI, most of the RBAC entries in the file do not matter for development. The only really important elements are:
name
: pick a unique one for theProject
namespace
: you will need to be consistent in using the same namespace for multiple elements
Each project in Equinix Metal has a unique UUID. You need to get that UUID in order to tell Gardener into which Equinix Metal project it should deploy nodes.
When on the Equinix Metal Console, and you select your project, you can see the UUID in the address bar,
for example, https://console.equinix.com/projects/2331a81e-39f8-4a0f-8f82-2530d33e9b91
has the project UUID
2331a81e-39f8-4a0f-8f82-2530d33e9b91
.
In addition, you need your API key. You can create new API keys, or find your existing ones, by clicking on your name in the upper-right corner of the console, and then selecting "Personal API Keys" from the drop-down menu.
In order to give Gardener access to your API key and Project UUID, you save them to a Secret
and deploy them to the Seed cluster.
You also need a SecretBinding
, which enables Shoot
clusters to connect to the Secret
.
A sample Secret
and SecretBinding
are available in
25-secret.yaml.
Copy it over to a temporary workspace, modify the following:
apiToken
- the base64-encoded value of your Equinix Metal API keyprojectID
- the base64-encoded value of your Equinix Metal Project UUIDnamespace
- the namespace you provided in the Gardener Project in the previous step; this must be set for theSecret
and theSecretBinding
name
- the name of theSecret
should be unique in thenamespace
, and thesecretRef.name
should match it in theSecretBinding
Then apply them:
kubectl -f 25-secret.yaml
The CloudProfile
is a resource that contains the list of acceptable machine types, OS images, regions, and other information. When you deploy
actualy Shoot resources, they will match up to a CloudProfile
.
A sample CloudProfile
is available at
26-cloudprofile.yaml.
Copy it over to a temporary working directory, modify the following:
name
- a unique name for this cloud profile.kubernetes.versions
- versions that will be supported.machineImages
- OS images that will be supported. Thename
andversion
must match supported ones from Gardener, and must be in theproviderConfig
, further down.machineTypes
- types of hardware servers that will be supported. Thename
must match the reference name from Equinix Metal.regions
- supported Equinix Metal metros. You also can have a list ofzones
in eachmetro
, which must match Equinix Metal facilities in that metro, but they are not required.providerConfig.machineImages
- this is the list that maps Gardener-supported OS names and versions to Equinix Metal Operating Systems. Thename
andversion
must be supported by Gardener, and theid
must be the Operating System ID supported by Equinix Metal.
Then apply it:
kubectl apply -f 26-cloudprofile.yaml
Finally, you are ready to deploy as many Shoot clusters as you want.
A sample Shoot cluster definition is available at 90-shoot.yaml. Copy it over to a temporary working directory, and modify the following:
namespace
- must match the namespace of the Gardener project you deployed earliername
- must be a unique name for this ShootseedName
- this is optional, however, if your Seed is deployed in a different provider than your Shoot, e.g. your Seed is in GCP and your Shoot will be on Equinix Metal, then you must specify theseedName
explicitlysecretBindingName
- must match the name of theSecretBinding
you deployed earliercloudProfileName
- must match the name of theCloudProfile
you deployed earlierregion
- must be one of the regions in the referencedCloudProfile
workers
- a list of worker pools. Themachine.type
andimage
must match those available in the referencedCloudProfile
kubernetes.version
- version of Kubernetes to deploy, which must match one of the versions in the referencedCloudProfile
networking
- adjust to your desired type and CIDR ranges
Then deploy it, make a nice drink, and await:
kubectl apply -f 90-shoot.yaml