Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Installing and Provisioning Containerized Contrail Controller for Kubernetes

    This section describes the steps required to install and provision containerized Contrail Controller for Kubernetes.

    Ensure the following prerequisites are met for successful provisioning of a Contrail Kubernetes cluster.

    • An installed and running Kubernetes cluster is available.

      You can choose the installation method for Kubernetes.

    • Kubernetes cluster must have at least one worker node.

      The Kubernetes cluster consists of one master node and at least one worker node. Kubernetes “tainted” master, a mode in which worker pods are scheduled on Kubernetes master node, is not supported.

    • Ensure that Kubelet running on the Kubernetes master node does not have network plugin options.

      If Kubelet is configured with a network plugin option:

      1. Disable or comment out the KUBELET_NETWORK_ARGS option in the configuration file.

        /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

      2. Restart the Kubelet service.

        systemctl daemon-reload; systemctl restart kubelet.service

    • Get a service account token that has a cluster-admin cluster role.

      You can configure this token in contrail-ansible during provisioning of the Contrail Kubernetes cluster.

      For more information, refer to the kubernetes_access_token variable in the all.yml in contrail-ansible.

      1. Create a service account and bind it to the cluster-admin cluster role.

        kubectl create clusterrolebinding <role-binding-name> --clusterrole=cluster-admin --serviceaccount=<service-account-name>

        Alternatively, you can bind the cluster-admin role to an existing service account.

        Example: Bind a cluster-admin role to a service account named default.

        kubectl create clusterrolebinding contrail-kube-manager --clusterrole=cluster-admin --serviceaccount=default:default

      2. Get the secret associated with the service account.

        kubectl describe sa <service-account-name>

        Example:

         > kubectl describe sa default
         Name:		default
         Namespace:	default
         Labels:	<none>
         Annotations:	<none>
         Tokens:            	default-token-r353k  <-----
         Image pull secrets:	<none>
         Mountable secrets: 	default-token-r353k
      3. Get the token associated with the secret.

        kubectl describe secret <name>

        Example:

        > kubectl describe secret default-token-r353k
        Name:		default-token-r353k
        Namespace:	default
        Labels:		<none>
        Annotations:	kubernetes.io/service-account.name=default
         		kubernetes.io/service-account.uid=4fbcc5cf-3fed-11e7-acf4-0271c93f63d6
        Type:	kubernetes.io/service-account-token
        Data
        ====
        ca.crt:		1025 bytes
        namespace:	7 bytes
        token:		 $123ABC

    Installing and Provisioning Containerized Contrail Controller for Kubernetes

    Perform the following steps to install containerized Contrail controller for Kubernetes:

    1. Set up password-free access to all hosts from Ansible host.
      ssh-keygen -t rsa 
ssh <user>@<host-ip> mkdir -p .ssh 
ssh <user>@<host-ip> chmod 700 .ssh 
cat .ssh/id_rsa.pub | ssh <user>@<host-ip> 'cat >> .ssh/authorized_keys'

      Ensure ssh <user>@<host-ip> works fine.

    2. Install Ansible on your Mac OS X or any other machine. Version must be = 2.2.0.
      sudo easy_install pip 
sudo pip install ansible==2.2.0
    3. Download contrail-kubernetes-docker_<release>_<os-name>.tgz package and extract it. The extracted package contains contrail-networking-tools_<release>.tgz and contrail-kubernetes-docker-images_<release>.tgz packages.

      The contrail-networking-tools_<release>.tgz contains the contrail-ansible package while the contrail-kubernetes-docker-images_<release>.tgz contains Contrail container images.

    4. Extract the contrail-ansible package from the contrail-networking-tools_<release>.tgz package.

      contrail-ansible is used to provision a Contrail Kubernetes cluster. The contrail-ansible repo contains a site.yml playbook that has the requisite roles and tasks to provision a fully-functional Contrail Kubernetes cluster. The inventory files in the repo expose all the parameters required by the playbook to provision the cluster. The contrail-ansible directory-based inventory file mechanism is recommended for provisioning.

      Note: The scope of contrail-ansible is to provision only the Contrail part of the Kubernetes solution. The Kubernetes cluster should be provisioned independently using recommended Kubernetes guidelines.

      Contrail Kubernetes clusters can be provisioned in the following modes:

      • Stand-alone Contrail Kubernetes cluster

        In this mode, Contrail provides networking to a stand-alone Kubernetes cluster. Contrail components are provisioned and dedicated to the management of this cluster.

      • Nested Contrail Kubernetes cluster

        In this mode, Contrail provides networking for a Kubernetes cluster that is provisioned on a Contrail OpenStack cluster. Contrail components are shared between the two clusters. Ansible provisions only the Contrail components that directly interface with the Kubernetes API server. All other Contrail components are shared between OpenStack and Kubernetes clusters.

    5. Create a folder called container_images inside contrail-ansible/playbook. Copy container images to this folder by extracting contrail-kubernetes-docker-images_<release>.tgz.
    6. Update the inventory file.

      The inventory files in directory-based provisioning are as following:

    7. Run the Ansible playbook from contrail-ansible/playbook.
      ansible-playbook -i inventory/my-inventory site.yml

    inventory/my-inventory/hosts Inventory File

    This section describes the parameters and provides examples of the inventory/my-inventory/hosts inventory file in stand-alone and nested Contrail Kubernetes clusters.

    Table 1 lists the parameters used in the inventory/my-inventory/hosts inventory file.

    In Table 1, Cluster Mode is one of the following:

    • Stand-alone —Applicable only to a stand-alone cluster.
    • Nested —Applicable only to nested cluster.
    • Both—Applicable to both stand-alone and nested clusters.

    Table 1: Parameters in inventory/my-inventory/hosts

    Parameter

    Cluster Mode

    Description

    contrail-repo

    Nested

    List of hosts where contrail apt or yum repo container will be started. This repo will be used by other nodes on installing any packages in the node. Setting up contrail-cni needs this repo enabled

    contrail-controllers

    Stand-alone

    List of hosts where contrail-controller container or processes are to be provisioned. .

    contrail-analyticsdb

    Stand-alone

    List of hosts where contrail-analyticsdb container or process is to be provisioned.

    contrail-analytics

    Stand-alone

    List of hosts where contrail-analytics container or process is to be provisioned.

    contrail-kubernetes

    Both

    Node where contrail-kube-manager container or process is to be run.

    contrail-compute

    Both

    List of hosts which are to be provisioned as kubernetes compute/minion nodes. Contrail vRouter or vrouter-agent or CNI will be provisioned on these nodes.

    kubernetes-contrail-controllers

    Nested

    List of nodes with pre-existing contrail-controller container or processes to which contrail-kube-manager should connect to.

    kubernetes-contrail-analytics

    Nested

    List of nodes with pre-existing contrail-analytics container or processes to which contrail-kube-manager should connect to.

    Example: inventory/my-inventory/hosts File in a Stand-alone Contrail Kubernetes Cluster

    The following is an example of the inventory/my-inventory/hosts file in a stand-alone Contrail Kubernetes cluster:

    [contrail-controllers]
10.xx.27.16

[contrail-analyticsdb]
10.xx.27.16

[contrail-analytics]
10.xx.27.16

[contrail-kubernetes]
10.xx.27.16

[contrail-compute]
10.xx.23.37

    Example: Nested inventory/my-inventory/hosts File in a Nested Contrail Kubernetes Cluster

    The following is an example of the inventory/my-inventory/hosts file in a nested Contrail Kubernetes cluster:

    [contrail-repo]
10.xx.31.71

[contrail-kubernetes]
10.xx.31.71

[contrail-compute]
10.xx.31.72

[kubernetes-contrail-controllers]
10.xx.29.27

[kubernetes-contrail-analytics]
10.xx.29.27

    inventory/my-inventory/group_vars/all.yml Inventory File

    This section describes the parameters and provides examples of the inventory/my-inventory/group_vars/all.yml inventory file in stand-alone and nested Contrail Kubernetes clusters.

    Table 2 describes the configuration parameters used in the inventory/my-inventory/group_vars/all.yml inventory file.

    In Table 2, Cluster Mode is one of the following:

    • Stand-alone —Applicable only to a stand-alone cluster.
    • Nested —Applicable only to nested cluster.
    • Both—Applicable to both stand-alone and nested clusters.

    Table 2: Parameters in inventory/my-inventory/group_vars/all.yml

    ParameterValueDefaultCluster ModeDescription

    cloud_orchestrator

    Kubernetes

    None

    Both

    Specifies orchestrator type.

    contrail_compute_mode

    container

    bare_metal

    Both

    Specifies if the Contrail components must be run as containers or as processes on a stand-alone server.

    keystone_config

    {ip: <ip>, admin_password: <passwd>, admin_user: <username>, admin_tenant: <tenant-name>}

    None

    Nested

    Keystone authentication information.

    nested_cluster_private_network

    "<cluster-private-CIDR>"

    None

    Nested

    The IP subnet reserved for use by Kubernetes for internal cluster management and housekeeping. The Ansible user is responsible to make sure this CIDR does not collide with existing CIDRs in the virtual-network.

    kubernetes_cluster_name

    <cluster-name>

    k8s-default

    Both

    Name of the Kubernetes cluster being provisioned.

    nested_cluster_network

    {domain: <name>, project: <name>, name: <name>}

    None

    Nested

    Virtual Network in which the Kubernetes cluster must be provisioned. This network must be the same network to which the virtual machines that host the Kubernetes cluster belong.

    kubernetes_access_token

    < token >

    None

    Both

    RBAC token to connect to Kubernetes API server.

    nested_mode

    true

    None

    Nested

    Parameter to enable nested provisioning of a Kubernetes cluster.

    kubernetes_public_fip_pool

    {domain: <id>, project: <id>, network: <id>, name: <id>}

    None

    Both

    Kubernetes FloatingIpPool to be used for service or ingress.

    kubernetes_cluster_project

    {domain: <id>, project: <id>}

    {domain: default-domain, project: default}

    Both

    Fq-name of Contrail project within which Kubernetes cluster must be provisioned.

    kubernetes_pod_subnet

    <CIDR>

    10.32.0.0/12

    Both

    Pod subnet used by Kubernetes cluster.

    kubernetes_service_subnet

    <CIDR>

    10.96.0.0/12

    Both

    Service subnet used by Kubernetes cluster.

    kubernetes_api_server

    <IP>

    Contrail Control Node IP

    Both

    Node on which kubernetes-api server is running.

    Example: inventory/my-inventory/group_vars/all.yml File in a Stand-alone Contrail Kubernetes Cluster

    The following is an example of the inventory/my-inventory/group_vars/all.yml file in a stand-alone Contrail Kubernetes cluster:

    docker_install_method: package
docker_py_pkg_install_method: pip

# ansible connection details
ansible_user: root
ansible_become: true
ansible_ssh_private_key_file: ~/.ssh/id_rsa

contrail_compute_mode: container

os_release: ubuntu14.04

# contrail version
contrail_version: 4.0.0.0-16

cloud_orchestrator: kubernetes

# vrouter physical interface
vrouter_physical_interface: enp6s0f0

# global_config:

analytics_api_config: {aaa_mode: no-auth}

# To configure custom webui http port
webui_config: {http_listen_port: 8085}

# Name of the kubernetes cluster being provisioned.
kubernetes_cluster_name: k8s5

# Access token to connect to Kuberenetes API server.
kubernetes_access_token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc
3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9
zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRl
cy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG
9rZW4tcTUzYmYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3Nlcn
ZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc
2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVhNzE1YjJkLT
JhYWUtMTFlNy1iZmJmLTAyMWQwOTNhMzRkMSIsInN1YiI6InN5c3RlbTpzZ
XJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.Kj0-NYBopRc8rMsX
4NnKpJa570k2iamPOgCTdj3d93MW20girt4IgdAmR4v4kifQO-h5eYGVlfA3
ftkPuWb5GbHDz9x7BoYc7b759i2cuX3AmtbCl5kNcbGY7_7JPIDkMHwwRj
7FK7Y57eEFTstCxcpR4itqxzsRi7jc0nrrcbDkvlOkDhA93ID4ChPwE2PcsAf_
LV9ds-gSzuyPIQt0qdxnQvI262AjgeNowbQhkYguoqZWJIE--AwpgSE0NiNpjc
xiUx1HC2uaRSP3g9mMr2g4YQHRjxJwuz3fUkaSRNZyQEpyE5G5WKXTefc
7h52R5Kphn2nT9gg6x175mrrnNQ

# Kubernetes API server IP.
kubernetes_api_server: 10.14.27.16

    Example: inventory/my-inventory/group_vars/all.yml File in a Nested Contrail Kubernetes Cluster

    The following is an example of the inventory/my-inventory/group_vars/all.yml file in a nested Contrail Kubernetes cluster

    docker_install_method: package
docker_py_pkg_install_method: pip

# ansible connection details
ansible_user: root
ansible_become: true
ansible_ssh_private_key_file: ~/.ssh/id_rsa

contrail_compute_mode: container

os_release: ubuntu14.04

# contrail version
contrail_version: 4.0.0.0-16

cloud_orchestrator: kubernetes

# vrouter physical interface
vrouter_physical_interface: enp6s0f0

# global_config:

# To configure custom webui http port
webui_config: {http_listen_port: 8085}

keystone_config: {ip: 10.14.29.27, admin_password: c0ntrail123, admin_user: admin, admin_tenant: admin}

###################################################
# Kubernetes cluster configuration
##

# The IP subnet reserved for use by kubernetes for internal cluster management
# and housekeeping.
nested_cluster_private_network: "10.10.10.0/24"

# Name of the kubernetes cluster being provisioned.
kubernetes_cluster_name: k8s5

# Virtual Network in which the Kubernetes cluster should be provisioned.
nested_cluster_network: {domain: default-domain, project: admin, name: 5-k8s-VM-network}

# Access token to connect to Kuberenetes API server.
kubernetes_access_token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc
3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9z
ZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlc
y5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9
rZW4tcTUzYmYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZp
Y2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2V
ydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVhNzE1YjJkLTJhY
WUtMTFlNy1iZmJmLTAyMWQwOTNhMzRkMSIsInN1YiI6InN5c3RlbTpzZXJ2
aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.Kj0-NYBopRc8rMsX4Nn
KpJa570k2iamPOgCTdj3d93MW20girt4IgdAmR4v4kifQO-h5eYGVlfA3ftkPu
Wb5GbHDz9x7BoYc7b759i2cuX3AmtbCl5kNcbGY7_7JPIDkMHwwRj7FK7Y
57eEFTstCxcpR4itqxzsRi7jc0nrrcbDkvlOkDhA93ID4ChPwE2PcsAf_LV9ds-g
SzuyPIQt0qdxnQvI262AjgeNowbQhkYguoqZWJIE--AwpgSE0NiNpjcxiUx1HC2
uaRSP3g9mMr2g4YQHRjxJwuz3fUkaSRNZyQEpyE5G5WKXTefc7h52R5Kph
n2nT9gg6x175mrrnNQ

# Kubernetes cluster is nested within an Openstack cluster.
nested_mode: true

# Kubernetes API server IP.
kubernetes_api_server: 10.14.27.16
     

    Related Documentation

     

    Modified: 2017-06-09

    Previous Page Next Page