Magnum - Container cluster service¶
Magnum is an OpenStack service that provides support for deployment and management of container clusters such as Kubernetes. See the Magnum documentation for information on using Magnum.
Configuration¶
Enable Magnum, in globals.yml
:
enable_magnum: true
Optional: enable cluster user trust¶
This allows the cluster to communicate with OpenStack on behalf of the user
that created it, and is necessary for the auto-scaler and auto-healer to work.
Note that this is disabled by default since it exposes the cluster to
CVE-2016-7404. Ensure that
you understand the consequences before enabling this option. In
globals.yml
:
enable_cluster_user_trust: true
Optional: private CA¶
If using TLS with a private CA for OpenStack public APIs, the cluster will need
to add the CA certificate to its trust store in order to communicate with
OpenStack. The certificate must be available in the magnum conductor container.
It is copied to the cluster via user-data, so it is better to include only the
necessary certificates to avoid exceeding the max Nova API request body size
(this may be set via [oslo_middleware] max_request_body_size
in
nova.conf
if necessary). In /etc/kolla/config/magnum.conf
:
[drivers]
openstack_ca_file = <path to CA file>
If using Kolla Ansible to copy CA certificates into containers, the certificates are located at
/etc/pki/ca-trust/source/anchors/kolla-customca-*.crt
.
Deployment¶
To deploy magnum and its dashboard in an existing OpenStack cluster:
kolla-ansible -i <inventory> deploy --tags common,horizon,magnum