f106bf5bc4
Squashed commits: [f9355ea
] Swap order in which we reload docker/socket [2ca6819
] Reload docker.socket after installing flannel on coreos Workaround for #569 [9f976e5
] Vagrantfile: setup proxy inside virtual machines In corporate networks, it is good to pre-configure proxy variables. [9d7142f
] Vagrantfile: use Ubuntu 16.04 LTS Use recent supported version of Ubuntu for local development setup with Vagrant. [50f77cc
] Add CI test layouts * Drop Wily from test matrix * Replace the Wily cases dropped with extra cases to test separate roles deployment Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> [03e162b
] Update OWNERS [c7b00ca
] Use tar+register instead of copy/slurp for distributing tokens and certs Related bug: https://github.com/ansible/ansible/issues/15405 Uses tar and register because synchronize module cannot sudo on the remote side correctly and copy is too slow. This patch dramatically cuts down the number of tasks to process for cert synchronization. [2778ac6
] Add new var skip_dnsmasq_k8s If skip_dnsmasq is set, it will still not set up dnsmasq k8s pod. This enables independent setup of resolvconf section before kubelet is up.
156 lines
5.7 KiB
Markdown
156 lines
5.7 KiB
Markdown
# Kubernetes on Openstack with Terraform
|
|
|
|
Provision a Kubernetes cluster with [Terraform](https://www.terraform.io) on
|
|
Openstack.
|
|
|
|
## Status
|
|
|
|
This will install a Kubernetes cluster on an Openstack Cloud. It has been tested on a
|
|
OpenStack Cloud provided by [BlueBox](https://www.blueboxcloud.com/) and on OpenStack at [EMBL-EBI's](http://www.ebi.ac.uk/) [EMBASSY Cloud](http://www.embassycloud.org/). This should work on most modern installs of OpenStack that support the basic
|
|
services.
|
|
|
|
There are some assumptions made to try and ensure it will work on your openstack cluster.
|
|
|
|
* floating-ips are used for access, but you can have masters and nodes that don't use floating-ips if needed. You need currently at least 1 floating ip, which we would suggest is used on a master.
|
|
* you already have a suitable OS image in glance
|
|
* you already have both an internal network and a floating-ip pool created
|
|
* you have security-groups enabled
|
|
|
|
|
|
## Requirements
|
|
|
|
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
|
|
|
|
## Terraform
|
|
|
|
Terraform will be used to provision all of the OpenStack resources. It is also used to deploy and provision the software
|
|
requirements.
|
|
|
|
### Prep
|
|
|
|
#### OpenStack
|
|
|
|
Ensure your OpenStack credentials are loaded in environment variables. This can be done by downloading a credentials .rc file from your OpenStack dashboard and sourcing it:
|
|
|
|
```
|
|
$ source ~/.stackrc
|
|
```
|
|
|
|
You will need two networks before installing, an internal network and
|
|
an external (floating IP Pool) network. The internet network can be shared as
|
|
we use security groups to provide network segregation. Due to the many
|
|
differences between OpenStack installs the Terraform does not attempt to create
|
|
these for you.
|
|
|
|
By default Terraform will expect that your networks are called `internal` and
|
|
`external`. You can change this by altering the Terraform variables `network_name` and `floatingip_pool`. This can be done on a new variables file or through environment variables.
|
|
|
|
A full list of variables you can change can be found at [variables.tf](variables.tf).
|
|
|
|
All OpenStack resources will use the Terraform variable `cluster_name` (
|
|
default `example`) in their name to make it easier to track. For example the
|
|
first compute resource will be named `example-kubernetes-1`.
|
|
|
|
#### Terraform
|
|
|
|
Ensure your local ssh-agent is running and your ssh key has been added. This
|
|
step is required by the terraform provisioner:
|
|
|
|
```
|
|
$ eval $(ssh-agent -s)
|
|
$ ssh-add ~/.ssh/id_rsa
|
|
```
|
|
|
|
|
|
Ensure that you have your Openstack credentials loaded into Terraform
|
|
environment variables. Likely via a command similar to:
|
|
|
|
```
|
|
$ echo Setting up Terraform creds && \
|
|
export TF_VAR_username=${OS_USERNAME} && \
|
|
export TF_VAR_password=${OS_PASSWORD} && \
|
|
export TF_VAR_tenant=${OS_TENANT_NAME} && \
|
|
export TF_VAR_auth_url=${OS_AUTH_URL}
|
|
```
|
|
|
|
If you want to provision master or node VMs that don't use floating ips, write on a `my-terraform-vars.tfvars` file, for example:
|
|
|
|
```
|
|
number_of_k8s_masters = "1"
|
|
number_of_k8s_masters_no_floating_ip = "2"
|
|
number_of_k8s_nodes_no_floating_ip = "1"
|
|
number_of_k8s_nodes = "0"
|
|
```
|
|
This will provision one VM as master using a floating ip, two additional masters using no floating ips (these will only have private ips inside your tenancy) and one VM as node, again without a floating ip.
|
|
|
|
|
|
|
|
# Provision a Kubernetes Cluster on OpenStack
|
|
|
|
If not using a tfvars file for your setup, then execute:
|
|
```
|
|
terraform apply -state=contrib/terraform/openstack/terraform.tfstate contrib/terraform/openstack
|
|
openstack_compute_secgroup_v2.k8s_master: Creating...
|
|
description: "" => "example - Kubernetes Master"
|
|
name: "" => "example-k8s-master"
|
|
rule.#: "" => "<computed>"
|
|
...
|
|
...
|
|
Apply complete! Resources: 9 added, 0 changed, 0 destroyed.
|
|
|
|
The state of your infrastructure has been saved to the path
|
|
below. This state is required to modify and destroy your
|
|
infrastructure, so keep it safe. To inspect the complete state
|
|
use the `terraform show` command.
|
|
|
|
State path: contrib/terraform/openstack/terraform.tfstate
|
|
```
|
|
|
|
Alternatively, if you wrote your terraform variables on a file `my-terraform-vars.tfvars`, your command would look like:
|
|
```
|
|
terraform apply -state=contrib/terraform/openstack/terraform.tfstate -var-file=my-terraform-vars.tfvars contrib/terraform/openstack
|
|
```
|
|
|
|
if you choose to add masters or nodes without floating ips (only internal ips on your OpenStack tenancy), this script will create as well a file `contrib/terraform/openstack/k8s-cluster.yml` with an ssh command for ansible to be able to access your machines tunneling through the first floating ip used. If you want to manually handling the ssh tunneling to these machines, please delete or move that file. If you want to use this, just leave it there, as ansible will pick it up automatically.
|
|
|
|
Make sure you can connect to the hosts:
|
|
|
|
```
|
|
$ ansible -i contrib/terraform/openstack/hosts -m ping all
|
|
example-k8s_node-1 | SUCCESS => {
|
|
"changed": false,
|
|
"ping": "pong"
|
|
}
|
|
example-etcd-1 | SUCCESS => {
|
|
"changed": false,
|
|
"ping": "pong"
|
|
}
|
|
example-k8s-master-1 | SUCCESS => {
|
|
"changed": false,
|
|
"ping": "pong"
|
|
}
|
|
```
|
|
|
|
if you are deploying a system that needs bootstrapping, like CoreOS, these might have a state `FAILED` due to CoreOS not having python. As long as the state is not `UNREACHABLE`, this is fine.
|
|
|
|
if it fails try to connect manually via SSH ... it could be somthing as simple as a stale host key.
|
|
|
|
Deploy kubernetes:
|
|
|
|
```
|
|
$ ansible-playbook --become -i contrib/terraform/openstack/hosts cluster.yml
|
|
```
|
|
|
|
# clean up:
|
|
|
|
```
|
|
$ terraform destroy
|
|
Do you really want to destroy?
|
|
Terraform will delete all your managed infrastructure.
|
|
There is no undo. Only 'yes' will be accepted to confirm.
|
|
|
|
Enter a value: yes
|
|
...
|
|
...
|
|
Apply complete! Resources: 0 added, 0 changed, 12 destroyed.
|
|
```
|