9c8dd7240d
Currently just covers deployment of Magnum. Usage information may be added in future. Change-Id: I3c1594c73be8e6805f80d51aad2343c084650bc2
1.9 KiB
Magnum - Container cluster service
Magnum is an OpenStack service that provides support for deployment
and management of container clusters such as Kubernetes. See the Magnum documentation </> for information
on using Magnum.
Configuration
Enable Magnum, in globals.yml:
enable_magnum: trueOptional: enable cluster user trust
This allows the cluster to communicate with OpenStack on behalf of
the user that created it, and is necessary for the auto-scaler and
auto-healer to work. Note that this is disabled by default since it
exposes the cluster to CVE-2016-7404.
Ensure that you understand the consequences before enabling this option.
In globals.yml:
enable_cluster_user_trust: trueOptional: private CA
If using TLS with a private CA for OpenStack public APIs, the cluster
will need to add the CA certificate to its trust store in order to
communicate with OpenStack. The certificate must be available in the
magnum conductor container. It is copied to the cluster via user-data,
so it is better to include only the necessary certificates to avoid
exceeding the max Nova API request body size (this may be set via
[oslo_middleware] max_request_body_size in
nova.conf if necessary). In
/etc/kolla/config/magnum.conf:
[drivers]
openstack_ca_file = <path to CA file>If using Kolla Ansible to copy CA certificates into containers
<admin-tls-ca-in-containers>, the certificates are located
at
/etc/pki/ca-trust/source/anchors/kolla-customca-*.crt.
Deployment
To deploy magnum and its dashboard in an existing OpenStack cluster:
kolla-ansible -i <inventory> deploy --tags common,horizon,magnum