openstack/kolla-ansible
Code Issues Proposed changes
4b31fdcf35
kolla-ansible/doc/source/reference/compute/qinling-guide.rst
Gaetan Trellu 557193a7ec Improve Qinling documentation 
- Remove trusted_cidrs that has just been removed from
Qinling code.
- Remove use_api_certificate because it's true by default
- Improve list syntax
- Add etcd section

Change-Id: I0426a9d61fbeaa23a1affbc7e981a78283e88263
2019-06-05 07:56:57 -04:00

3.0 KiB
Raw Blame History

Qinling - Function Engine

Overview

Qinling aims to provide a platform to support serverless functions (like AWS Lambda). Qinling supports different container orchestration platforms (Kubernetes/Swarm, etc...) and different function package storage backends (local/Swift/S3) by nature using plugin mechanism.

Kolla deploys Qinling API and Qinling Engine containers which are the main Qinling components but it needs to be connected to an existing container orchestration platforms.

Apply custom policies to Qinling API

Custom policies could be apply by creating policy.json file under /etc/kolla/config/qinling directory.

Enable etcd role

Qinling requires etcd for function mapping and concurrency. The etcd role should be enabled to configure the etcd address and port within qinling.conf.

Look for enable_etcd: "no" and change it in /etc/kolla/globals.yml:

enable_etcd: "yes"

Connect to an existing Kubernetes cluster

Certificates

qinling-engine authenticates to Kubernetes by using certificates.

Note

If the cluster has not been created with OpenStack Magnum then certificates need to be gathered using different methods that will not be mentioned here.

If the Kubernetes cluster has been deployed with OpenStack Magnum then the OpenStack client should be used to retrieve the certificates.

openstack coe cluster config --dir . 687f7476-5604-4b44-8b09-b7a4f3fdbd64 --output-certs

Where 687f7476-5604-4b44-8b09-b7a4f3fdbd64 is the Kubernetes cluster ID created with Magnum.

Four files should have been generated:

  • ca.pem
  • cert.pem
  • key.pem
  • config

Only ca.pem, cert.pem and key.pem will be used, these files have to be stored in /etc/kolla/config/qinling/qinling-engine directory under these file name:

  • ca.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt
  • cert.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes.crt
  • key.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes.key

Declare qinling_kubernetes_certificates variable in /etc/kolla/globals.yml:

qinling_kubernetes_certificates: "yes"

Kubernetes cluster

qinling-engine needs to know where to connect, the information is provided by options under [kubernetes] section inside qinling.conf configuration file.

As mentioned above, these settings are only required by qinling-engine, put the content in /etc/kolla/config/qinling/qinling-engine.conf.

[kubernetes]
kube_host = https://192.168.1.168:6443
ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt
cert_file = /etc/qinling/pki/kubernetes/qinling.crt
key_file = /etc/qinling/pki/kubernetes/qinling.key

kube_host is the the Kubernetes cluster API address, https protocol has to be defined.