Using Helm to Provision Contrail with Kubernetes

Requirements

• 32 GB RAM
• Eight vCPUs
• 150 GB disk space

• Kubernetes 1.6
• Docker Engine versions 1.11.0 to 1.13.0
• Helm 2.4 and greater
• Contrail Release 4.0.1

Preparing for Installation

1. Stop the firewall service and delete all the iptable rules.
   • For Ubuntu 16.04 host OS, use the following commands:
     sudo service ufw stop

     sudo iptables -F
   • For CentOS 7 host OS, use the following commands:
     sudo service firewalld stop

     sudo iptables -F
2. Ensure that the Kubernetes cluster is running. You can choose any method to install Kubernetes. For quick installation steps, use the following commands:
   • Commands for Ubuntu 16.04 host OS:

     sudo apt-get install \
           apt-transport-https \
           ca-certificates \
           curl -y 
     
     curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
     sudo bash -c 'cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
     deb http://apt.kubernetes.io/ kubernetes-xenial main
     EOF'
     sudo apt-get update -y
     sudo apt-get install -y kubectl
     sudo apt-get install -y kubelet
     sudo apt-get install -y kubeadm
     sudo apt-get install -y docker-engine
     
     sudo kubeadm init 
     
     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
     sudo chown $(id -u):$(id -g) $HOME/.kube/config
     
     # If you have multi-node cluster then please copy paste the kubeadm join line 
     # on all the slave nodes from the stdout of sudo kubeadm init command. 
     # It looks like below
     sudo kubeadm join --token fd554a.97d239c2234d0de352 192.0.2.0:6443

   • Commands for CentOS7 host OS:

     sudo bash -c 'cat <<EOF > /etc/yum.repos.d/kubernetes.repo
     [kubernetes]
     name=Kubernetes
     baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
     enabled=1
     gpgcheck=1
     repo_gpgcheck=1
     gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
          https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
     EOF'
     
     sudo setenforce 0 || true
     
     yum install -y kubelet kubeadm kubectl docker
     systemctl enable docker && systemctl start docker
     systemctl enable kubelet && systemctl start kubelet
     
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
     
     sudo kubeadm init --kubernetes-version v1.7.4
     
     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
     sudo chown $(id -u):$(id -g) $HOME/.kube/config
     
     # If you have multi-node cluster then please copy paste the kubeadm join line 
     # on all the slave nodes from the stdout of sudo kubeadm init command. 
     # It looks like below
     sudo kubeadm join --token fd554a.97d239c2234d0de352 192.0.2.0:6443

3. Patch LivenessProbe and ReadinessProbe of kube-dns deployment using the following commands:
   kubectl patch deploy/kube-dns --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/readinessProbe", "value": {"exec": {"command": ["wget", "-O", "-", "http://192.0.2.1:8081/readiness"]}}}]' -n kube-system

   kubectl patch deploy/kube-dns --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/livenessProbe", "value": {"exec": {"command": ["wget", "-O", "-", "http://192.0.2.1:10054/healthcheck/kubedns"]}}}]' -n kube-system && kubectl patch deploy/kube-dns --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/1/livenessProbe", "value": {"exec": {"command": ["wget", "-O", "-", "http://192.0.2.1:10054/healthcheck/dnsmasq"]}}}]' -n kube-system && kubectl patch deploy/kube-dns --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/2/livenessProbe", "value": {"exec": {"command": ["wget", "-O", "-", "http://192.0.2.1:10054/metrics"]}}}]' -n kube-system
4. (Optional) If you are re-provisioning Contrail on the same Kubernetes cluster, ensure the following:
   • Delete the configdb and analyticsdb data from the previous installation.
     sudo rm -rf /var/lib/contrail*

     sudo rm -rf /var/lib/configdb*

     sudo rm -rf /var/lib/analyticsdb*
   • Remove the vhost0 interface from all the nodes. Reboot the cluster to remove the vhost0 interface.

Overview

Helm is a tool that helps package, install, and manage Kubernetes applications. Starting with Contrail 4.0.1, you can use Helm to provision Contrail with Kubernetes.

Configuration

Step-by-Step Procedure

1. Download and install Helm.

   export HELM_VERSION=v2.5.1
    export TMP_DIR=$(mktemp -d)
    curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
    sudo mv ${TMP_DIR}/helm /usr/local/bin/helm
    rm -rf ${TMP_DIR}

2. Download Contrail-related charts and manifests. Ensure that the correct version of contrail-docker tag is checked out.
   git clone https://github.com/Juniper/contrail-docker.git -b R4.0
3. Install Helm's tiller pods with the correct tiller version.

   cd contrail-docker/kubernetes/manifests
    kubectl create -f tiller.yaml
    kubectl patch ds/tiller-ds --type json   -p='[{"op": "replace", "path": "/spec/updateStrategy/type", "value": "RollingUpdate"}]' -n kube-system && kubectl set image ds/tiller-ds tiller=gcr.io/kubernetes-helm/tiller:${HELM_VERSION} -n kube-system

4. Initialize the Helm client by using the following command
   helm init --client-only
5. Edit the values.yaml file. Refer to Definable Input Variables While Provisioning Contrail for Kubernetes for more information.

   cd ../helm
    vi contrail/values.yaml

6. Install Contrail charts using the following command.

   helm install --name <deployment name> <path to chart>

7. Verify Contrail status on all Contrail containers. Look-up Contrail pod names using the following command.

   kubectl get pods -n kube-system
   contrail-analytics-9m545         1/1       Running   1          23h
   contrail-analyticsdb-cpdjn       1/1       Running   1          23h
   contrail-controller-gd5vl        1/1       Running   1          23h
   contrail-kube-manager-82fcq      1/1       Running   1          23h
   contrail-vrouter-agent-vwmbk     1/1       Running   1          23h

8. Check the contrail-status for all the pods, using the following command.
   kubectl exec -it <contrail-pod-name> -n kube-system -- contrail-status

Troubleshooting

Problem

To check if Contrail pods are running.

Solution

Use the following command to list the Contrail pods:

Problem

To bring up Contrail control plane pods on nodes other than the Kubernetes master.

Solution

Label the node as opencontrail.org/controller=true using the following command:

Problem

To install Helm on locally loaded Contrail containers.

Solution

1. Look-up the Contrail-image name and tags using the following command:

   sudo docker images | grep contrail-controller
   contrail-controller-ubuntu16.04                          4.0.1.0-31          1cbed50707a7        3 days ago          1.614 GB

2. Edit the contrail/values.yaml file and change the respective image name under images using the image-name:tag format. For example:

   images:
     controller: "docker.io/opencontrail/contrail-controller-ubuntu16.04:4.0.1."

   Edit the file before installing Helm.

Problem

To delete the Contrail stack.

Solution

Use the following command to delete the Contrail stack: