{"id":1515,"date":"2019-03-21T11:30:22","date_gmt":"2019-03-21T11:30:22","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw93\/?p=1515"},"modified":"2019-04-06T01:04:51","modified_gmt":"2019-04-06T01:04:51","slug":"tarmak-0-6-released","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw93\/index.php\/2019\/03\/21\/tarmak-0-6-released\/","title":{"rendered":"Tarmak 0.6 released"},"content":{"rendered":"<p>We are excited to announce the release of Tarmak, 0.6! If unfamiliar,<br \/>\n<a href=\"http:\/\/docs.tarmak.io\/\">Tarmak<\/a> is a CLI toolkit to provision and manage<br \/>\nKubernetes clusters on AWS with security-first principles. This new release<br \/>\ngives a host of great new features and improvements which I\u2019ll describe below.<\/p>\n<ul>\n<li>Worker node AMI images<\/li>\n<li>Pre-Built Default AMI Image<\/li>\n<li>Calico Kubernetes Backend<\/li>\n<li>New CLI commands &#8211; cluster logs and environment destroy<\/li>\n<li>Using Kubernetes Addon-manager<\/li>\n<li>Using an in package solution to SSH with a secure approach to public key<br \/>\nadvertising<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/blog.jetstack.io\/blog\/tarmak-0-5\/runway.jpg\" alt=\"Runway\" \/><\/p>\n<h2><strong>Worker Node AMI Images and Default Image<\/strong><\/h2>\n<p>In this release we have a new image type that can be assigned to your worker<br \/>\ninstance pools &#8211; centos-puppet-agent-k8s-worker. This image type causes<br \/>\nTarmak to pre-install all the node components when building the AMI image,<br \/>\nrather than installing them at boot time. This means that time from boot to<br \/>\nnode status Ready is greatly reduced, giving more resources to your triggered<br \/>\nscaling groups faster.<\/p>\n<p>We have also created a public AMI image. If no privately built images are<br \/>\navailable for your cluster, Tarmak will use the Jetstack\u2019s published image<br \/>\ninstead. This change is great for new users as they can get a new cluster up and<br \/>\nrunning faster, without having to wait for long build times.<\/p>\n<h2><strong>Calico Kubernetes Backend<\/strong><\/h2>\n<p>We\u2019ve added new options for how you deploy Calico into your clusters. Instead of<br \/>\nusing Etcd, the default Calico backend, we now give the option to use Kubernetes<br \/>\nwith a toggle in the Tarmak configuration. Deploying a huge cluster? With this<br \/>\noption you can also choose to deploy<br \/>\n<a href=\"https:\/\/github.com\/projectcalico\/typha\">Typha<\/a> which will help with the load of<br \/>\nCalico on the Kubernetes backend. This is also simply enabled and configured<br \/>\nthrough the Tarmak configuration which you can <a href=\"http:\/\/docs.tarmak.io\/user-guide.html#calico-backend\">read how<br \/>\nhere.<\/a><\/p>\n<h2><strong>New CLI Commands<\/strong><\/h2>\n<p>In the unfortunate event you\u2019re having issues with your cluster and seeking some<br \/>\nsupport, it is always a pain to copy and paste logs from your components running<br \/>\non multiple machines. This is very time consuming and always seems like the logs<br \/>\nyou missed are the most needed! To help with this, we\u2019ve created a new command<br \/>\ncluster logs that will go ahead and fetch all systemd logs from your targeted<br \/>\ninstance pools (vault, workers, control-plane etc.), bundle them up into a<br \/>\nreader friendly file structure and compressed into a tar ball. This is then<br \/>\nready to be shipped off to someone else over the net. This is really beneficial<br \/>\nin making the support feedback loop more efficient and a great quality of life<br \/>\nimprovement.<\/p>\n<p>Another CLI command change that we\u2019ve added is the addition of environment<br \/>\ndestroy. As it sounds, this is the big brother to cluster destory and will<br \/>\ndestroy all clusters in the environment, including the hub. This is a command<br \/>\nthat\u2019s helped us a lot internally, and is another nice quality of life<br \/>\n+improvement. Do be careful though that you\u2019re sure you want to run it!<\/p>\n<h2><strong>Kubernetes Addon-manager<\/strong><\/h2>\n<p>We are now using the Kubernetes<br \/>\n<a href=\"https:\/\/github.com\/kubernetes\/kubernetes\/tree\/master\/cluster\/addons\/addon-manager\">Addon-manager<\/a><br \/>\nwhich is a controller like service that runs on master nodes of Tarmak. The<br \/>\nservice is constantly watching for resources in Kubernetes with a label and<br \/>\ncomparing them with local manifests inside a directory. If resources are changed<br \/>\nor removed from the local manifest set, the Addon-manager will then update them<br \/>\nin Kubernetes to keep it in sync.<\/p>\n<p>This has been working really well for Tarmak deployments and has been handling<br \/>\nupdates and migrations well. For example when you upgrade your cluster to 1.10<br \/>\nor higher, we now install<br \/>\n<a href=\"https:\/\/kubernetes.io\/docs\/tasks\/administer-cluster\/coredns\">CoreDNS<\/a> over<br \/>\n<a href=\"https:\/\/kubernetes.io\/docs\/tasks\/administer-cluster\/dns-custom-nameservers\/#kube-dns\">Kube-dns<\/a><br \/>\nwhich Addon-manager will replace. Addon-manager also helps to seamlessly<br \/>\nreconfigure Calico if it\u2019s deployment has been changed in the Tarmak<br \/>\nconfiguration described earlier.<\/p>\n<h2><strong>SSH Overhaul and Instance Public Key Advertising<\/strong><\/h2>\n<p>With this release, we\u2019ve also made some huge changes to how we are creating and<br \/>\nmanaging our SSH connections. This is one of the core components of Tarmak as it<br \/>\nenables connections to components such as wing &#8211; a small binary sitting on all<br \/>\nnodes to report it\u2019s state and implement configuration updates &#8211; or creating<br \/>\ntunnels that allow initialisation and communication with vault as well as<br \/>\naccessing the Kubernetes API server when not using a public load balancer<br \/>\nendpoint. Previously, we had been using the OpenSSH client on your machine to<br \/>\ncreate and manage these connections however, has now been replaced with a custom<br \/>\nSSH client that uses the standard Go SSH library. What does this mean for<br \/>\nusers? Connections should now be much more reliable and we can now use these<br \/>\nconnections more efficiently. It has also enabled us to develop more<br \/>\nsophisticated features such as the log aggregation command mentioned earlier and<br \/>\nmitigate problems caused by inconsistencies between OpenSSH versions installed<br \/>\non different machines.<\/p>\n<p>With this change we have also updated the way we handle verifying instance\u2019s<br \/>\npublic keys that we SSH to along with managing the local SSH hosts file. Now<br \/>\nwhen an instance boots, wing will gather the public keys, sign its AWS identity<br \/>\ndocument with them and send them all to an Amazon Lambda function. Once the<br \/>\nfunction has verified these keys, it will tag that instance with them. Once an<br \/>\ninstance has been tagged, they will not be changed. Locally Tarmak can use<br \/>\nthese to populate the local hosts file and be used to verify SSH connections<br \/>\nto the instance. This change bolsters security for connecting to the<br \/>\ncluster.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.jetstack.io\/blog\/tarmak-0-5\/road.jpg\" alt=\"Runway\" \/><\/p>\n<p>Other features include improving the reliability of bootstrapping vault<br \/>\ninstances, updates to components and some bug fixes. You can read more in the\u00a0<a href=\"https:\/\/github.com\/jetstack\/tarmak\">CHANGELOG<\/a> or on the <a href=\"https:\/\/github.com\/jetstack\/tarmak\/releases\/tag\/0.6.2\">GitHub release page<\/a>.<\/p>\n<p><a href=\"https:\/\/github.com\/jetstack\/tarmak\/releases\/tag\/0.6.2\">Give the release a go<\/a>,<br \/>\nwe look forward to hearing your feedback!<\/p>\n<p><a href=\"https:\/\/blog.jetstack.io\/blog\/tarmak-0.6\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are excited to announce the release of Tarmak, 0.6! If unfamiliar, Tarmak is a CLI toolkit to provision and manage Kubernetes clusters on AWS with security-first principles. This new release gives a host of great new features and improvements which I\u2019ll describe below. Worker node AMI images Pre-Built Default AMI Image Calico Kubernetes Backend &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw93\/index.php\/2019\/03\/21\/tarmak-0-6-released\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Tarmak 0.6 released&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1515","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/posts\/1515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/comments?post=1515"}],"version-history":[{"count":2,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/posts\/1515\/revisions"}],"predecessor-version":[{"id":1575,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/posts\/1515\/revisions\/1575"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/media?parent=1515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/categories?post=1515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw93\/index.php\/wp-json\/wp\/v2\/tags?post=1515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}