contrail kubernetes master #6

Supports: xenial bionic
Add to new model

Description

Contral kube-manager component within docker container.


Overview

OpenContrail (www.opencontrail.org) is a fully featured Software Defined
Networking (SDN) solution for private clouds. It supports high performance
isolated tenant networks without requiring external hardware support. It
provides a Contrail CNI plugin to integrate with Kubernetes.

This charm is designed to be used in conjunction with the rest of
the Kubernetes related charms in the charm store
to create and configure network interfaces for a kubernetes pods.

This charm provides connectivity of Contrail to the Kubernetes Master charm to obtain a Kubernetes API configuration.

The Charmed Distribution Of Kubernetes is supported.
Only for Contrail 5.0 for now.
Juju 2.0 is required.

Usage

Contrail Controller and Kubernetes Master are prerequisite service to deploy.

Once ready, deploy and relate as follows:

juju deploy contrail-kubernetes-master
juju add-relation contrail-controller contrail-kubernetes-master
juju add-relation kubernetes-master contrail-kubernetes-master

Nested mode installation

Example of bundle.yaml file to install charm in nested mode.

Prerequisite:

  • Virtual machines in an Openstack cluster must be created with connectivity to the Internet and a underlay network with Contrail components.
  • The link-local services for vRouter Agent should be created in Contrail (Service IP: 10.10.10.5, Service Port: 9091, Fabric IP: 127.0.0.1, Fabric Port: 9091). Note: Here 10.10.10.5 is the Service IP that was chosen by user. This can be any unused IP in the cluster.

Notes:

  • The Project name and the network name of charm config should be the same as Openstack project name and Openstack network name (parameters cluster_project and cluster_network)
  • The service_subnets config variable is same as the service-cidr kubererntes-master config variable
  • KUBERNESTES_NESTED_VROUTER_VIP in the nested_mode_config variable is same as Service IP of link-local services
  • It is not recommended to deploy charm in nested-mode in the AWS cloud since AWS uses slow qemu virtualization

External Docker repository

Istead of attaching resource with docker image charm can accept image from remote docker repository.
docker-registry should be specified if the registry is only accessible via http protocol (insecure registry).
docker-user / docker-password can be specified if registry requires authentification.
And image-name / image-tag are the parameters for the image itself.

SSL

This charm supports relation to easyrsa charm to obtain certificates for XMPP and Sandesh connections:

juju add-relation contrail-kubernetes-master easyrsa

Please note that in this case all charms must be related to easyrsa. Components require CA certificate for communication.


Configuration

cluster_name
(string)
k8s
cluster_network
(string) Kubernetes cluster network
{}
cluster_project
(string) Kubernetes cluster project
{}
control-network
(string) The IP address and netmask of the control network (e.g. 192.168.0.0/24). This network will be used for Contrail endpoints. If not specified, default network will be used.
docker-password
(string) Password to the docker registry.
docker-registry
(string) URL of docker-registry
opencontrailnightly
docker-registry-insecure
(boolean) Is it docker-registry insecure and should docker be configured for it
docker-user
(string) Login to the docker registry.
docker_runtime
(string) Docker runtime to install valid values are "upstream" (Docker PPA), "apt" (Ubuntu archive), "auto" (Ubuntu archive), or "custom" (must have set `docker_runtime_repo` URL, `docker_runtime_key_url` URL and `docker_runtime_package` name).
upstream
docker_runtime_key_url
(string) Custom Docker repository validation key URL.
docker_runtime_package
(string) Custom Docker repository package name.
docker_runtime_repo
(string) Custom Docker repository, given in deb format. Use `{ARCH}` to determine architecture at runtime. Use `{CODE}` to set release codename. E.g. `deb [arch={ARCH}] https://download.docker.com/linux/ubuntu {CODE} stable`.
host_network_service
(boolean) Kubernetes host network service
http_proxy
(string) URL to use for HTTP_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
https_proxy
(string) URL to use for HTTPS_PROXY to be used by Docker. Only useful in closed environments where a proxy is the only option for routing to the registry to pull images
image-tag
(string) Tag of docker image.
latest
ip_fabric_forwarding
(boolean) Kubernetes IP fabric forwarding
ip_fabric_snat
(boolean) Kubernetes IP fabric snat
ip_fabric_subnets
(string) Kubernetes IP fabric subnets
10.64.0.0/12
kubernetes_api_hostname
(string) Virtual IP or hostname to access to Kubernetes Cluster API. This parameter is optinal. If it's not specified then local kubernetes address will be used.
kubernetes_api_secure_port
(string) Secure port to access a Kubernetes Cluster API. This parameter is optinal. If it's not specified then local kubernetes address will be used.
log-level
(string) Log level for contrail services. Valid values are: SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
SYS_NOTICE
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
nested_mode
(boolean) Nested mode flag. Kubernetes cluster inside an OpenStack cluster
nested_mode_config
(string) Configuration of OpenStack and Contrail underlay cluster. This is a dictionary of configuration variables in JSON format. E.g. { "CONTROLLER_NODES": "10.0.12.20", "AUTH_MODE": "keystone", "KEYSTONE_AUTH_ADMIN_TENANT": "admin", "KEYSTONE_AUTH_ADMIN_USER": "admin", "KEYSTONE_AUTH_ADMIN_PASSWORD": "password", "KEYSTONE_AUTH_URL_VERSION": "/v2.0", "KEYSTONE_AUTH_HOST": "10.0.12.122", "KEYSTONE_AUTH_PROTO": "http", "KEYSTONE_AUTH_PUBLIC_PORT":"5000", "KEYSTONE_AUTH_REGION_NAME": "RegionOne", "KEYSTONE_AUTH_INSECURE": "True", "KUBERNESTES_NESTED_VROUTER_VIP": "10.10.10.5" }
{}
no_proxy
(string) Comma-separated list of destinations (either domain names or IP addresses) that should be directly accessed, by opposition of going through the proxy defined above. Must be less than 2023 characters long
pod_subnets
(string) Kubernetes pod subnets
10.32.0.0/12
public_fip_pool
(string) Kubernetes public floating IP pool
{}
service_subnets
(string) Kubernetes service subnets
10.96.0.0/12