Merge "devstack: optionally run kuryr containerized"

devstack/lib/kuryr_kubernetes

@@ -246,8 +246,6 @@ function create_k8s_subnet {
               "Failed to enable routing for K8s ${subnet_name} subnet"
 }
 
-
-
 # create_k8s_router_fake_service
 #   Description: Creates an endpoint-less kubernetes service to keep Kubernetes
 #                API server from allocating the service subnet router IP for
@@ -282,6 +280,24 @@ EOF
     fi
 }
 
+# build_kuryr_containers
+#   Description: Generates a Kuryr controller and Kuryr CNI docker images in
+#       the local docker registry as kuryr/controller:latest and
+#       kuryr/cni:latest respectively
+function build_kuryr_containers() {
+    local build_dir
+
+    build_dir="${DEST}/kuryr-kubernetes"
+    pushd "$build_dir"
+
+    # Build controller image
+    sudo docker build -t kuryr/controller -f "controller.Dockerfile" .
+
+    # Build CNI image
+    sudo ./tools/build_cni_daemonset_image
+    popd
+}
+
 function indent() {
     sed 's/^/    /';
 }

devstack/local.conf.sample

@@ -173,6 +173,14 @@ enable_service kubelet
 # resource events and convert them to Neutron actions
 enable_service kuryr-kubernetes
 
+# Containerized Kuryr
+# ===================
+#
+# Kuryr can be installed on Kubernetes as a pair of Deployment
+# (kuryr-controller) and DaemonSet (kuryr-cni). If you want DevStack to deploy
+# Kuryr services as pods on Kubernetes uncomment next line.
+# KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True
+
 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
 if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then

devstack/plugin.sh

@@ -69,6 +69,43 @@ function configure_kuryr {
     fi
 }
 
+function generate_containerized_kuryr_resources {
+    # Containerized deployment will use tokens provided by k8s itself.
+    inicomment "$KURYR_CONFIG" kubernetes ssl_client_crt_file
+    inicomment "$KURYR_CONFIG" kubernetes ssl_client_key_file
+
+    # kuryr-controller and kuryr-cni will have tokens in different dirs.
+    KURYR_CNI_CONFIG=${KURYR_CONFIG}-cni
+    cp $KURYR_CONFIG $KURYR_CNI_CONFIG
+    iniset "$KURYR_CONFIG" kubernetes token_file /var/run/secrets/kubernetes.io/serviceaccount/token
+    iniset "$KURYR_CONFIG" kubernetes ssl_ca_crt_file /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    iniset "$KURYR_CNI_CONFIG" kubernetes token_file /etc/kuryr/token
+    iniset "$KURYR_CNI_CONFIG" kubernetes ssl_ca_crt_file /etc/kuryr/ca.crt
+
+    # Generate kuryr resources in k8s formats.
+    local output_dir="${DATA_DIR}/kuryr-kubernetes"
+    generate_kuryr_configmap $output_dir $KURYR_CONFIG $KURYR_CNI_CONFIG
+    generate_kuryr_service_account $output_dir
+    generate_controller_deployment $output_dir
+    generate_cni_daemon_set $output_dir
+}
+
+function run_containerized_kuryr_resources {
+    local k8s_data_dir="${DATA_DIR}/kuryr-kubernetes"
+    /usr/local/bin/kubectl create -f \
+        "${k8s_data_dir}/config_map.yml" \
+        || die $LINENO "Failed to create kuryr-kubernetes ConfigMap."
+    /usr/local/bin/kubectl create -f \
+        "${k8s_data_dir}/service_account.yml" \
+        || die $LINENO "Failed to create kuryr-kubernetes ServiceAccount."
+    /usr/local/bin/kubectl create -f \
+        "${k8s_data_dir}/controller_deployment.yml" \
+        || die $LINENO "Failed to create kuryr-kubernetes Deployment."
+    /usr/local/bin/kubectl create -f \
+        "${k8s_data_dir}/cni_ds.yml" \
+        || die $LINENO "Failed to create kuryr-kubernetes CNI DaemonSet."
+}
+
 function install_kuryr_cni {
     local kuryr_cni_bin=$(which kuryr-cni)
     sudo install -o "$STACK_USER" -m 0555 -D \
@@ -426,7 +463,10 @@ source $DEST/kuryr-kubernetes/devstack/lib/kuryr_kubernetes
 if [[ "$1" == "stack" && "$2" == "install" ]]; then
     setup_develop "$KURYR_HOME"
     if is_service_enabled kubelet; then
-        install_kuryr_cni
+        KURYR_K8S_CONTAINERIZED_DEPLOYMENT=$(trueorfalse False KURYR_K8S_CONTAINERIZED_DEPLOYMENT)
+        if [ "$KURYR_K8S_CONTAINERIZED_DEPLOYMENT" == "False" ]; then
+            install_kuryr_cni
+        fi
     fi
 
 elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
@@ -495,7 +535,14 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
     fi
 
     if is_service_enabled kuryr-kubernetes; then
-        run_kuryr_kubernetes
+        KURYR_K8S_CONTAINERIZED_DEPLOYMENT=$(trueorfalse False KURYR_K8S_CONTAINERIZED_DEPLOYMENT)
+        if [ "$KURYR_K8S_CONTAINERIZED_DEPLOYMENT" == "False" ]; then
+            run_kuryr_kubernetes
+        else
+            build_kuryr_containers
+            generate_containerized_kuryr_resources
+            run_containerized_kuryr_resources
+        fi
     fi
 
 elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then

devstack/settings

@@ -47,3 +47,6 @@ KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3}
 
 # Kuryr_ovs_baremetal
 KURYR_CONFIGURE_BAREMETAL_KUBELET_IFACE=${KURYR_CONFIGURE_BAREMETAL_KUBELET_IFACE:-True}
+
+# Kubernetes containerized deployment
+KURYR_K8S_CONTAINERIZED_DEPLOYMENT=${KURYR_K8S_CONTAINERIZED_DEPLOYMENT:-False}

doc/source/installation/devstack/containerized.rst

@@ -0,0 +1,71 @@
+Containerized installation
+==========================
+
+It is possible to configure DevStack to install kuryr-controller and kuryr-cni
+on Kubernetes as pods. Details can be found on :doc:`../containerized` page,
+this page will explain DevStack aspects of running containerized.
+
+Installation
+------------
+
+To configure DevStack to install Kuryr services as containerized Kubernetes
+resources, you need to switch ``KURYR_K8S_CONTAINERIZED_DEPLOYMENT``. Add this
+line to your ``local.conf``: ::
+
+    KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True
+
+This will trigger building the kuryr-controller and kuryr-cni containers during
+installation, as well as will deploy those on Kubernetes cluster it installed.
+
+Rebuilding container images
+---------------------------
+
+Instructions on how to manually rebuild both kuryr-controller and kuryr-cni
+container images are presented on :doc:`../containerized` page. In case you want
+to test any code changes, you need to rebuild the images first.
+
+Changing configuration
+----------------------
+
+To change kuryr.conf files that are put into containers you need to edit the
+associated ConfigMap. On DevStack deployment this can be done using: ::
+
+    $ kubectl -n kube-system edit cm kuryr-config
+
+Then the editor will appear that will let you edit the config map. Make sure to
+keep correct indentation when doing changes. Also note that there are two files
+present in the ConfigMap: kuryr.conf and kuryr-cni.conf. First one is attached
+to kuryr-controller and second to kuryr-cni. Make sure to modify both when doing
+changes important for both services.
+
+Restarting services
+-------------------
+
+Once any changes are made to docker images or the configuration, it is crucial
+to restart pod you've modified.
+
+kuryr-controller
+~~~~~~~~~~~~~~~~
+
+To restart kuryr-controller and let it load new image and configuration, simply
+kill existing pod: ::
+
+    $ kubectl -n kube-system get pods
+    <find kuryr-controller pod you want to restart>
+    $ kubectl -n kube-system delete pod <pod-name>
+
+Deployment controller will make sure to restart the pod with new configuration.
+
+kuryr-cni
+~~~~~~~~~
+
+It's important to understand that kuryr-cni is only a storage pod i.e. it is
+actually idling with ``sleep infinity`` once all the files are copied into
+correct locations on k8s host.
+
+You can force it to redeploy new files by killing it. DaemonSet controller
+should make sure to restart it with new image and configuration files. ::
+
+    $ kubectl -n kube-system get pods
+    <find kuryr-cni pods you want to restart>
+    $ kubectl -n kube-system delete pod <pod-name1> <pod-name2> <...>

doc/source/installation/devstack/index.rst

@@ -34,3 +34,4 @@ ML2 drivers.
     nested-macvlan
     odl_support
     dragonflow_support
+    containerized