Add supporting Kubernetes to devstack
This patch describes the way to install Kubernetes VIM via Devstack and register Kubernetes VIM in Tacker. Tacker reuses the efforts from Kuryr-Kubernetes project to create Kubernetes cluster. This patch also sets up native Neutron-based networking between Kubernetes and OpenStack VIMs to connect VM based and container based VNFs together, that bring hybrid deployment SFC in the future. Partially Implements: blueprint kubernetes-as-vim Change-Id: Idf04f012c6daf93a33ad89a5a7c737f3668eb405
This commit is contained in:
Cong Phuoc Hoang
hoangphuoc
parent
40ab3be2e9
commit
be9e41e11f
41
devstack/lib/kubernetes_vim
Normal file
41
devstack/lib/kubernetes_vim
Normal file
@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# lib/kubernetes_vim
|
||||
# functions - functions specific to kubernetes_vim
|
||||
|
||||
function configure_k8s_vim {
|
||||
iniset "/$Q_PLUGIN_CONF_FILE" ml2_type_flat flat_networks $PUBLIC_PHYSICAL_NETWORK,$MGMT_PHYS_NET,$K8S_PHYS_NET
|
||||
iniset "/$Q_PLUGIN_CONF_FILE" ovs bridge_mappings $PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE,$MGMT_PHYS_NET:$BR_MGMT,$K8S_PHYS_NET:$BR_K8S
|
||||
|
||||
echo "Creating Kubernetes bridge"
|
||||
sudo ovs-vsctl --may-exist add-br ${BR_K8S}
|
||||
iniset $TACKER_CONF k8s_vim use_barbican True
|
||||
}
|
||||
|
||||
function tacker_create_initial_k8s_network {
|
||||
SUBNETPOOL_V4_ID=$(openstack subnet pool create ${SUBNETPOOL_NAME_V4} --default-prefix-length ${SUBNETPOOL_SIZE_V4} --pool-prefix ${FIXED_RANGE_K8S} --share --default -f value -c id)
|
||||
NET_K8S_ID=$(openstack network create --provider-network-type flat --provider-physical-network ${K8S_PHYS_NET} --share ${NET_K8S} | awk '/ id /{print $4}')
|
||||
SUBNET_K8S_ID=$(openstack subnet create ${SUBNET_K8S} --ip-version 4 --gateway ${NETWORK_GATEWAY_K8S} --network ${NET_K8S_ID} --subnet-pool ${SUBNETPOOL_V4_ID} | awk '/ id /{print $4}')
|
||||
SUBNET_K8S_CIDR=$(openstack subnet show ${SUBNET_K8S_ID} -c cidr -f value)
|
||||
|
||||
echo "Assign ip address to ${BR_K8S}"
|
||||
sudo ip link set ${BR_K8S} up
|
||||
sudo ip -4 address flush dev ${BR_K8S}
|
||||
sudo ip address add ${NETWORK_GATEWAY_K8S_IP} dev ${BR_K8S}
|
||||
|
||||
echo "Create router to connect VM, Pod and Service networks"
|
||||
openstack router create ${Q_ROUTER_NAME} | grep ' id ' | get_field 2
|
||||
ROUTER_K8S_PORT_IP=$(_cidr_range "${SUBNET_K8S_CIDR}" | cut -f2)
|
||||
ROUTER_K8S_PORT_ID=$(openstack port create --network ${NET_K8S_ID} --fixed-ip subnet=${SUBNET_K8S_ID},ip-address=${ROUTER_K8S_PORT_IP} port-router -f value -c id)
|
||||
openstack router add port ${Q_ROUTER_NAME} ${ROUTER_K8S_PORT_ID}
|
||||
openstack subnet set --host-route destination=${FIXED_RANGE_K8S},gateway=${ROUTER_K8S_PORT_IP} ${SUBNET_K8S_ID}
|
||||
}
|
||||
|
||||
function _cidr_range {
|
||||
python - <<EOF "$1"
|
||||
import sys
|
||||
from netaddr import IPAddress, IPNetwork
|
||||
n = IPNetwork(sys.argv[1])
|
||||
print("%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.last - 1)))
|
||||
EOF
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
############################################################
|
||||
# Customize the following HOST_IP based on your installation
|
||||
############################################################
|
||||
HOST_IP=10.18.161.164
|
||||
HOST_IP=127.0.0.1
|
||||
|
||||
ADMIN_PASSWORD=devstack
|
||||
MYSQL_PASSWORD=devstack
|
||||
@ -32,6 +32,10 @@ ENABLE_VERBOSE_LOG_LEVEL=True
|
||||
Q_PLUGIN=ml2
|
||||
Q_AGENT=openvswitch
|
||||
|
||||
#Disable security groups
|
||||
Q_USE_SECGROUP=False
|
||||
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
|
||||
|
||||
#PUBLIC NETWORK CONFIGURATION
|
||||
Q_USE_PROVIDERNET_FOR_PUBLIC=False
|
||||
FLOATING_RANGE=10.12.161.0/24
|
||||
@ -40,6 +44,11 @@ PUBLIC_NETWORK_NAME=external
|
||||
PUBLIC_NETWORK_GATEWAY=10.12.161.1
|
||||
PUBLIC_PHYSICAL_NETWORK=public
|
||||
|
||||
#NET K8S NETWORK CONFIGURATION
|
||||
#FIXED_RANGE_K8S=${FIXED_RANGE_K8S:-192.168.72.0/22}
|
||||
#NETWORK_GATEWAY_K8S=${NETWORK_GATEWAY_K8S:-192.168.72.1}
|
||||
#NETWORK_GATEWAY_K8S_IP=${NETWORK_GATEWAY_K8S_IP:-192.168.72.1/24}
|
||||
|
||||
# Required for l3-agent to connect to external-network-bridge
|
||||
PUBLIC_BRIDGE=br-ext
|
||||
|
||||
@ -50,7 +59,7 @@ FIXED_RANGE=${FIXED_RANGE:-15.0.0.0/24}
|
||||
|
||||
enable_plugin heat https://git.openstack.org/openstack/heat master
|
||||
enable_plugin networking-sfc git://git.openstack.org/openstack/networking-sfc master
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican master
|
||||
enable_plugin tacker https://git.openstack.org/openstack/tacker master
|
||||
|
||||
enable_service n-novnc
|
||||
@ -60,3 +69,11 @@ disable_service tempest
|
||||
|
||||
#TACKER CONFIGURATION
|
||||
USE_BARBICAN=True
|
||||
|
||||
# Enable Kubernetes and kuryr-kubernetes
|
||||
KUBERNETES_VIM=True
|
||||
NEUTRON_CREATE_INITIAL_NETWORKS=False
|
||||
enable_plugin kuryr-kubernetes https://git.openstack.org/openstack/kuryr-kubernetes master
|
||||
enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas master
|
||||
enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container master
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@ set -o xtrace
|
||||
|
||||
echo_summary "tacker's plugin.sh was called with args $1 and $2 ..."
|
||||
. $DEST/tacker/devstack/lib/tacker
|
||||
. $DEST/tacker/devstack/lib/kubernetes_vim
|
||||
(set -o posix; set)
|
||||
|
||||
# check for service enabled
|
||||
@ -19,6 +20,9 @@ if is_service_enabled tacker; then
|
||||
# Configure after the other layer 1 and 2 services have been configured
|
||||
echo_summary "Configuring Tacker"
|
||||
configure_tacker
|
||||
if [ "${KUBERNETES_VIM}" == "True" ]; then
|
||||
configure_k8s_vim
|
||||
fi
|
||||
create_tacker_accounts
|
||||
|
||||
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
||||
@ -34,6 +38,9 @@ if is_service_enabled tacker; then
|
||||
modify_heat_flavor_policy_rule
|
||||
echo_summary "Setup initial tacker network"
|
||||
tacker_create_initial_network
|
||||
if [ "${KUBERNETES_VIM}" == "True" ]; then
|
||||
tacker_create_initial_k8s_network
|
||||
fi
|
||||
echo_summary "Check and download images for tacker initial"
|
||||
tacker_check_and_download_images
|
||||
echo_summary "Registering default VIM"
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
TACKER_MODE=${TACKER_MODE:-all}
|
||||
USE_BARBICAN=True
|
||||
KUBERNETES_VIM=${KUBERNETES_VIM:-False}
|
||||
|
||||
if [ "${TACKER_MODE}" == "all" ]; then
|
||||
# Nova
|
||||
@ -43,6 +44,32 @@ if [ "${TACKER_MODE}" == "all" ]; then
|
||||
SUBNET1=${SUBNET1:-subnet1}
|
||||
FIXED_RANGE1=${FIXED_RANGE1:-10.10.1.0/24}
|
||||
NETWORK_GATEWAY1=${NETWORK_GATEWAY1:-10.10.1.1}
|
||||
|
||||
if [ "${KUBERNETES_VIM}" == "True" ]; then
|
||||
K8S_PHYS_NET=${K8S_PHYS_NET:-"k8s-physnet"}
|
||||
BR_K8S=${BR_K8S:-"br-k8s0"}
|
||||
NET_K8S=${NET_K8S:-"k8s-public-net"}
|
||||
SUBNET_K8S=${SUBNET_K8S:-"public-subnet"}
|
||||
FIXED_RANGE_K8S=${FIXED_RANGE_K8S:-192.168.28.0/22}
|
||||
NETWORK_GATEWAY_K8S=${NETWORK_GATEWAY_K8S:-192.168.28.1}
|
||||
NETWORK_GATEWAY_K8S_IP=${NETWORK_GATEWAY_K8S_IP:-192.168.28.1/24}
|
||||
|
||||
KURYR_NEUTRON_DEFAULT_PROJECT="admin"
|
||||
Q_ROUTER_NAME="route-k8s"
|
||||
KURYR_NEUTRON_DEFAULT_ROUTER=${KURYR_NEUTRON_DEFAULT_ROUTER:-$Q_ROUTER_NAME}
|
||||
SUBNETPOOL_NAME_V4=${SUBNETPOOL_NAME:-"shared-default-subnetpool-v4"}
|
||||
SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-26}
|
||||
SUBNETPOOL_V4_ID=${SUBNETPOOL_V4_ID:-} #nqa
|
||||
|
||||
enable_service q-lbaasv2
|
||||
enable_service etcd3
|
||||
enable_service kubernetes-api
|
||||
enable_service kubernetes-controller-manager
|
||||
enable_service kubernetes-scheduler
|
||||
enable_service kubelet
|
||||
enable_service kuryr-kubernetes
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
fi
|
||||
elif [ "${TACKER_MODE}" == "standalone" ]; then
|
||||
# set the enabled services here. This will need tacker devstack plugin put as the last one in local.conf
|
||||
ENABLED_SERVICES=key,horizon,tacker,tacker-conductor,mysql,dstat,barbican,mistral,mistral-api,mistral-engine,mistral-executor,mistral-event-engine
|
||||
|
||||
@ -52,6 +52,7 @@ us how to prepare a target VIM for Tacker.
|
||||
:maxdepth: 1
|
||||
|
||||
install/openstack_vim_installation.rst
|
||||
install/kubernetes_vim_installation.rst
|
||||
|
||||
|
||||
Getting Started
|
||||
|
||||
253
doc/source/install/kubernetes_vim_installation.rst
Normal file
253
doc/source/install/kubernetes_vim_installation.rst
Normal file
@ -0,0 +1,253 @@
|
||||
..
|
||||
Copyright 2014-2017 OpenStack Foundation
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
|
||||
===========================
|
||||
Kubernetes VIM Installation
|
||||
===========================
|
||||
|
||||
This document describes the way to install Kubernetes VIM via Devstack and
|
||||
how to register Kubernetes VIM in Tacker.
|
||||
|
||||
To do that job, Tacker reuses the efforts from Kuryr-Kubernetes project in
|
||||
creating Kubernetes cluster and setting up native Neutron-based networking
|
||||
between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will
|
||||
bring VMs and Pods (and other Kubernetes resources) on the same network.
|
||||
|
||||
1. Edit local.conf file by adding the following content
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
KUBERNETES_VIM=True
|
||||
NEUTRON_CREATE_INITIAL_NETWORKS=False
|
||||
enable_plugin kuryr-kubernetes https://git.openstack.org/openstack/kuryr-kubernetes master
|
||||
enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas master
|
||||
enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container master
|
||||
|
||||
You can also see the same examples in [#first]_ and [#second]_.
|
||||
|
||||
2. Run stack.sh
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
./stack.sh
|
||||
|
||||
3. Get Kubernetes VIM configuration
|
||||
|
||||
* After successful installation, user can get "Bearer Token":
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')
|
||||
|
||||
In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more
|
||||
information for authenticating to Kubernetes cluster.
|
||||
|
||||
* Get ssl_ca_cert:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ cat /opt/stack/data/hyperkube/ca.crt
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDUzCCAjugAwIBAgIJAI+laRsxtQQMMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
|
||||
BAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzAeFw0xNzEwMDkxMzI5NDNaFw0yNzEw
|
||||
MDcxMzI5NDNaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfJ+Lsq8VmXBfZC4OPm96Y1Ots2
|
||||
Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB
|
||||
AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq
|
||||
MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI
|
||||
YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+
|
||||
+Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA
|
||||
AaOBjzCBjDAdBgNVHQ4EFgQU1zZHXIHhmPDe+ajaNqsOdu5QfbswUAYDVR0jBEkw
|
||||
R4AU1zZHXIHhmPDe+ajaNqsOdu5QfbuhJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
|
||||
LjJAMTUwNzU1NTc4M4IJAI+laRsxtQQMMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
|
||||
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAr8ARlYpIbeML8fbxdAARuZ/dJpbKvyNHC
|
||||
GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt
|
||||
FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9
|
||||
y8BhzIOFQALYYL+K7nERKsTSDUnTwgpN7p7CkPnAGUj51zqVu2cOJe48SWoO/9DZ
|
||||
AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6
|
||||
V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
* Get basic authentication username and password:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ sudo cat /opt/stack/data/hyperkube/basic_auth.csv
|
||||
admin,admin,admin
|
||||
|
||||
The basic auth file is a csv file with a minimum of 3 columns: password,
|
||||
user name, user id. If there are more than 3 columns, see the following
|
||||
example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
password,user,uid,"group1,group2,group3"
|
||||
|
||||
* Get Kubernetes server url
|
||||
|
||||
By default Kubernetes server listens on https://127.0.0.1:6443 and
|
||||
https://{HOST_IP}:6443
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
curl http://localhost:8080/api/
|
||||
{
|
||||
"kind": "APIVersions",
|
||||
"versions": [
|
||||
"v1"
|
||||
],
|
||||
"serverAddressByClientCIDRs": [
|
||||
{
|
||||
"clientCIDR": "0.0.0.0/0",
|
||||
"serverAddress": "192.168.11.110:6443"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
4. Check Kubernetes cluster installation
|
||||
|
||||
By default, after set KUBERNETES_VIM=True, Devstack creates a public network
|
||||
called net-k8s, and two extra ones for the kubernetes services and pods under
|
||||
the project k8s:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
openstack network list --project admin
|
||||
+--------------------------------------+-----------------+--------------------------------------+
|
||||
| ID | Name | Subnets |
|
||||
+--------------------------------------+-----------------+--------------------------------------+
|
||||
| 28361f77-1875-4070-b0dc-014e26c48aeb | k8s-public-net | 28c51d19-d437-46e8-9b0e-00bc392c57d6 |
|
||||
| 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 |
|
||||
| 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 |
|
||||
| 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb |
|
||||
| c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 |
|
||||
| ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 |
|
||||
+--------------------------------------+-----------------+--------------------------------------+
|
||||
|
||||
To check Kubernetes cluster works well, please see some tests in
|
||||
kuryr-kubernetes to get more information [#third]_.
|
||||
|
||||
5. Register Kubernetes VIM
|
||||
|
||||
In vim_config.yaml, project_name is namespace in Kubernetes environment
|
||||
where user will deploy Pod, Deployment or Horizontal Pod Autoscaling, etc.
|
||||
|
||||
* Create vim_config.yaml file for Kubernetes VIM as the following examples:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
auth_url: "https://192.168.11.110:6443"
|
||||
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
|
||||
ssl_ca_cert: None
|
||||
project_name: "default"
|
||||
type: "kubernetes"
|
||||
|
||||
* Or vim_config.yaml with ssl_ca_cert enabled:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
auth_url: "https://192.168.11.110:6443"
|
||||
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
|
||||
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
|
||||
MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
|
||||
BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw
|
||||
MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s
|
||||
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
|
||||
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
|
||||
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
|
||||
IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/
|
||||
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
|
||||
AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw
|
||||
R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
|
||||
LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
|
||||
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM
|
||||
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
|
||||
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
|
||||
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
|
||||
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
|
||||
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
|
||||
-----END CERTIFICATE-----"
|
||||
project_name: "default"
|
||||
type: "kubernetes"
|
||||
|
||||
* You can also specify username and password for Kubernetes VIM configuration:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
auth_url: "https://192.168.11.110:6443"
|
||||
username: "admin"
|
||||
password: "admin"
|
||||
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
|
||||
MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
|
||||
BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw
|
||||
MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s
|
||||
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
|
||||
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
|
||||
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
|
||||
IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/
|
||||
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
|
||||
AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw
|
||||
R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
|
||||
LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
|
||||
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM
|
||||
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
|
||||
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
|
||||
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
|
||||
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
|
||||
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
|
||||
-----END CERTIFICATE-----"
|
||||
project_name: "default"
|
||||
type: "kubernetes"
|
||||
|
||||
User can change the authentication like username, password, etc. Please see
|
||||
Kubernetes document [#fourth]_ to read more information about Kubernetes
|
||||
authentication.
|
||||
|
||||
* Run Tacker command for register vim:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
tacker vim-register --config-file vim_config.yaml vim-kubernetes
|
||||
|
||||
* Other related commands to Kubernetes VIM
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ cat kubernetes-VIM-update.yaml
|
||||
username: "admin"
|
||||
password: "admin"
|
||||
project_name: "default"
|
||||
type: "kubernetes"
|
||||
|
||||
|
||||
tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml
|
||||
tacker vim-show vim-kubernetes
|
||||
tacker vim-delete vim-kubernetes
|
||||
|
||||
When update Kubernetes VIM, user can update VIM information (such as username,
|
||||
password, bearer_token and ssl_ca_cert) except auth_url and type of VIM.
|
||||
|
||||
|
||||
References
|
||||
==========
|
||||
.. [#first] https://github.com/openstack/tacker/blob/master/doc/source/install/devstack.rst
|
||||
.. [#second] https://github.com/openstack/tacker/blob/master/devstack/local.conf.example
|
||||
.. [#third] https://github.com/openstack/kuryr-kubernetes/blob/master/doc/source/installation/testing_connectivity.rst
|
||||
.. [#fourth] https://kubernetes.io/docs/admin/authentication
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user