[ English | Indonesia | 한국어 (대한민국) | Deutsch | English (United Kingdom) ]

Kubernetes and Common Setup

Install Basic Utilities

To get started with OSH, we will need both git and curl.

sudo apt install git curl

Clone the OpenStack-Helm Repos

Once the host has been configured the repos containing the OpenStack-Helm charts should be cloned:

#!/bin/bash
set -xe

git clone https://opendev.org/openstack/openstack-helm-infra.git
git clone https://opendev.org/openstack/openstack-helm.git

OSH Proxy & DNS Configuration

Catatan

If you are not deploying OSH behind a proxy, skip this step and continue with "Deploy Kubernetes & Helm".

In order to deploy OSH behind a proxy, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml:

proxy:
  http: http://PROXY_URL:PORT
  https: https://PROXY_URL:PORT
  noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local

Catatan

Depending on your specific proxy, https_proxy may be the same as http_proxy. Refer to your specific proxy documentation.

By default OSH will use Google DNS Server IPs (8.8.8.8, 8.8.4.4) and will update resolv.conf as a result. If those IPs are blocked by your proxy, running the OSH scripts will result in the inability to connect to anything on the network. These DNS nameserver entries can be changed by updating the external_dns_nameservers entry in the file openstack-helm-infra/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml.

external_dns_nameservers:
  - YOUR_PROXY_DNS_IP
  - ALT_PROXY_DNS_IP

These values can be retrieved by running:

systemd-resolve --status

Deploy Kubernetes & Helm

You may now deploy kubernetes, and helm onto your machine, first move into the openstack-helm directory and then run the following:

#!/bin/bash
CURRENT_DIR="$(pwd)"
: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
cd ${OSH_INFRA_PATH}
make dev-deploy setup-host
make dev-deploy k8s
cd ${CURRENT_DIR}

Alternatively, this step can be performed by running the script directly:

./tools/deployment/developer/common/010-deploy-k8s.sh

This command will deploy a single node KubeADM administered cluster. This will use the parameters in ${OSH_INFRA_PATH}/playbooks/vars.yaml to control the deployment, which can be over-ridden by adding entries to ${OSH_INFRA_PATH}/tools/gate/devel/local-vars.yaml.

Helm Chart Installation

Using the Helm packages previously pushed to the local Helm repository, run the following commands to instruct tiller to create an instance of the given chart. During installation, the helm client will print useful information about resources created, the state of the Helm releases, and whether any additional configuration steps are necessary.

Install OpenStack-Helm

Catatan

The following commands all assume that they are run from the openstack-helm directory and the repos have been cloned as above.

Setup Clients on the host and assemble the charts

The OpenStack clients and Kubernetes RBAC rules, along with assembly of the charts can be performed by running the following commands:

#!/bin/bash
sudo -H -E pip3 install \
  -c${UPPER_CONSTRAINTS_FILE:=https://releases.openstack.org/constraints/upper/${OPENSTACK_RELEASE:-stein}} \
  cmd2 python-openstackclient python-heatclient --ignore-installed

sudo -H mkdir -p /etc/openstack
sudo -H chown -R $(id -un): /etc/openstack
FEATURE_GATE="tls"; if [[ ${FEATURE_GATES//,/ } =~ (^|[[:space:]])${FEATURE_GATE}($|[[:space:]]) ]]; then
  tee /etc/openstack/clouds.yaml << EOF
  clouds:
    openstack_helm:
      region_name: RegionOne
      identity_api_version: 3
      cacert: /etc/openstack-helm/certs/ca/ca.pem
      auth:
        username: 'admin'
        password: 'password'
        project_name: 'admin'
        project_domain_name: 'default'
        user_domain_name: 'default'
        auth_url: 'https://keystone.openstack.svc.cluster.local/v3'
EOF
else
  tee /etc/openstack/clouds.yaml << EOF
  clouds:
    openstack_helm:
      region_name: RegionOne
      identity_api_version: 3
      auth:
        username: 'admin'
        password: 'password'
        project_name: 'admin'
        project_domain_name: 'default'
        user_domain_name: 'default'
        auth_url: 'http://keystone.openstack.svc.cluster.local/v3'
EOF
fi

#NOTE: Build helm-toolkit, most charts depend on helm-toolkit
make helm-toolkit

Alternatively, this step can be performed by running the script directly:

./tools/deployment/developer/common/020-setup-client.sh

Deploy the ingress controller

#!/bin/bash
#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_INGRESS:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}

#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} ingress

#NOTE: Deploy command
: ${OSH_EXTRA_HELM_ARGS:=""}
tee /tmp/ingress-kube-system.yaml << EOF
deployment:
  mode: cluster
  type: DaemonSet
network:
  host_namespace: true
EOF

touch /tmp/ingress-component.yaml

if [ -n "${OSH_DEPLOY_MULTINODE}" ]; then
  tee --append /tmp/ingress-kube-system.yaml << EOF
pod:
  replicas:
    error_page: 2
EOF

  tee /tmp/ingress-component.yaml << EOF
pod:
  replicas:
    ingress: 2
    error_page: 2
EOF
fi

helm upgrade --install ingress-kube-system ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=kube-system \
  --values=/tmp/ingress-kube-system.yaml \
  ${OSH_EXTRA_HELM_ARGS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS_KUBE_SYSTEM}

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system

#NOTE: Display info
helm status ingress-kube-system

#NOTE: Deploy namespace ingress
helm upgrade --install ingress-openstack ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=openstack \
  --values=/tmp/ingress-component.yaml \
  ${OSH_EXTRA_HELM_ARGS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS_OPENSTACK}

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

#NOTE: Display info
helm status ingress-openstack

helm upgrade --install ingress-ceph ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=ceph \
  --values=/tmp/ingress-component.yaml \
  ${OSH_EXTRA_HELM_ARGS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS} \
  ${OSH_EXTRA_HELM_ARGS_INGRESS_CEPH}

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph

#NOTE: Display info
helm status ingress-ceph

Alternatively, this step can be performed by running the script directly:

./tools/deployment/component/common/ingress.sh

To continue to deploy OpenStack on Kubernetes via OSH, see Deploy NFS or Deploy Ceph.