Configure Ironic for Kubernetes load balancer feature

Kubernetes service provides the LoadBalancer feature

This is supported through an OpenStack plugin in Kubernetes code.
Enabling this features require configuring the cluster properly for
Kubernetes to interface with Neutron.  Kubernetes backend will then
create the Neutron load balancer pool, members, VIP and monitor,
and manage the pool members as pods are added/removed from the
service.

This patch updates the Ironic heat templates to adjust the minion
name and private network name to match what Kubernetes expects.

Additional scripts are from the patch for Fedora Atomic which
this patch has a dependency on.

Partially-Implements: blueprint external-lb
Change-Id: I74eaffe280b8ed20fce432d92fa6fc29048de8a5
changes/26/192426/10
Ton Ngo 8 years ago
parent 3f4b8aaa53
commit 4a17de8c6a

@ -17,7 +17,11 @@ parameters:
fixed_network:
type: string
description: name of private network into which servers get deployed
description: >
name of private network into which servers get deployed
Important: the Load Balancer feature in Kubernetes requires that
the name for the fixed_network must be "private" for the
address lookup in Kubernetes to work properly
server_image:
type: string
@ -82,6 +86,29 @@ parameters:
timeout for the Wait Conditions
default: 6000
auth_url:
type: string
description: >
url for kubernetes to authenticate before sending request to neutron
username:
type: string
description: >
user account
password:
type: string
description: >
user password, not set in current implementation, only used to
fill in for Kubernetes config file
default:
ChangeMe
tenant_name:
type: string
description: >
tenant name
resources:
######################################################################
@ -110,6 +137,10 @@ resources:
flannel_use_vxlan: {get_param: flannel_use_vxlan}
portal_network_cidr: {get_param: portal_network_cidr}
fixed_network: {get_resource: fixed_network}
auth_url: {get_param: auth_url}
username: {get_param: username}
password: {get_param: password}
tenant_name: {get_param: tenant_name}
kube_minions:
type: OS::Heat::ResourceGroup

@ -68,6 +68,27 @@ parameters:
timeout for the Wait Conditions
default: 6000
auth_url:
type: string
description: >
url for kubernetes to authenticate before sending request to neutron
must be v2 since kubernetes backend only suppor v2 at this point
username:
type: string
description: >
user account
password:
type: string
description: >
user password
tenant_name:
type: string
description: >
tenant name
resources:
master_wait_handle:
@ -97,6 +118,7 @@ resources:
- config: {get_resource: disable_selinux}
- config: {get_resource: write_heat_params}
- config: {get_resource: enable_etcd}
- config: {get_resource: write_kube_os_config}
- config: {get_resource: configure_kubernetes}
- config: {get_resource: enable_services}
- config: {get_resource: configure_flannel}
@ -127,6 +149,11 @@ resources:
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
"$FLANNEL_USE_VXLAN": {get_param: flannel_use_vxlan}
"$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
"$AUTH_URL": {get_param: auth_url}
"$USERNAME": {get_param: username}
"$PASSWORD": {get_param: password}
"$TENANT_NAME": {get_param: tenant_name}
"$CLUSTER_SUBNET": {get_param: fixed_subnet}
configure_kubernetes:
type: OS::Heat::SoftwareConfig
@ -146,6 +173,12 @@ resources:
group: ungrouped
config: {get_file: fragments/configure-flannel.sh}
write_kube_os_config:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/write-kube-os-config.sh}
enable_services:
type: OS::Heat::SoftwareConfig
properties:

@ -53,7 +53,7 @@ resources:
minion_wait_condition:
type: OS::Heat::WaitCondition
depends_on: kube_minion
depends_on: kube-minion
properties:
handle: {get_resource: minion_wait_handle}
timeout: {get_param: wait_condition_timeout}
@ -144,7 +144,14 @@ resources:
- config: {get_resource: enable_services}
- config: {get_resource: minion_wc_notify}
kube_minion:
# Important: the name for the heat resource kube-minion below must
# not contain "_" (underscore) because it will be used in the
# hostname. Because DNS domain name does not allow "_", the "_"
# will be converted to a "-" and this will make the hostname different
# from the Nova instance name. This in turn will break the load
# balancer feature in Kubernetes.
kube-minion:
type: OS::Nova::Server
properties:
image: {get_param: server_image}
@ -160,15 +167,15 @@ resources:
properties:
floating_network: {get_param: external_network}
port_id:
get_attr: [kube_minion, addresses, {get_param: fixed_network}, 0, port]
get_attr: [kube-minion, addresses, {get_param: fixed_network}, 0, port]
outputs:
kube_minion_ip:
value: {get_attr: [kube_minion, networks, private, 0]}
value: {get_attr: [kube-minion, networks, private, 0]}
kube_minion_external_ip:
value: {get_attr: [kube_minion_floating, floating_ip_address]}
OS::stack_id:
value: {get_attr: [kube_minion, networks, private, 0]}
value: {get_attr: [kube-minion, networks, private, 0]}

Loading…
Cancel
Save