Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Cloud Application Platform 1.5.2

12 Eirini

Eirini, an alternative to Diego, is a scheduler for the Cloud Foundry Application Runtime (CFAR) that runs Cloud Foundry user applications in Kubernetes. For details about Eirini, see https://www.cloudfoundry.org/project-eirini/ and http://eirini.cf

Warning: Technology Preview

Eirini is currently included in SUSE Cloud Application Platform as a technology preview to allow users to evaluate. It is not supported for use in production deployments.

As a technology preview, Eirini contains certain limitations to its functionality. These are outlined below:

  • Air gapped environments or usage of manual certificates are currently not supported.

12.1 Enabling Eirini

  1. To enable Eirini, and disable Diego, add the following to your scf-config-values.yaml file.

      eirini: true
      auth: rbac
      DEFAULT_STACK: cflinuxfs3
  2. To enable persistence, refer to the instructions at https://github.com/SUSE/scf/wiki/Persistence-with-Eirini-in-SCF.

  3. Deploy uaa and scf.

    Refer to the following for platform-specific instructions:

  4. After initiating the helm install command to deploy scf, The secret generator will create a certificate signing request that must be approved by an administrator before deployment will continue. To do so, run the command below where scf should be replaced with your namespace of your scf deployment.

    tux > kubectl certificate approve scf-bits-service-ssl-cert

    Note that manual approval of CSRs is recommended.

    An alternative to manual approval of the CSR is to pass --set env.KUBE_CSR_AUTO_APPROVAL=true as part of the helm install command. This flag will allow the CSR to be automatically approved. Operators should take caution with this approach as it will provide the secrets genrator with a cluster role binding that allows it to approve all CSRs made to the Kubernetes signer.

  5. Depending on your cluster configuration, Metrics Server may need to be deployed. Use Helm to install the latest stable Metrics Server.

    Note that --kubelet-insecure-tls is not recommended for production usage, but can be useful in test clusters with self-signed Kubelet serving certificates. For production, use --tls-private-key-file.

    tux > helm install stable/metrics-server --name=metrics-server --set args[0]="--kubelet-preferred-address-types=InternalIP" --set args[1]="--kubelet-insecure-tls"