From 0f9f77517b467ff93fa4926bee4ef67ab5cd3328 Mon Sep 17 00:00:00 2001 From: Sowmya Nethi Date: Thu, 29 Aug 2024 21:52:47 +0530 Subject: [PATCH] Add HPA for Magnum Conductor, Update Documentation, Remove --wait Flag from Helm Upgrade (#424) * Updated magnum helm overrides and added magnum doc * Updated magnum helm overrides and added documentation * Added hpa for magnum-conductor and modified doc * Remove the --wait flag from the Helm upgrade command for Octavia and Magnum. --- .../magnum/magnum-helm-overrides.yaml | 1 + .../magnum/base/hpa-magnum-conductor.yaml | 25 ++++++++++ base-kustomize/magnum/base/kustomization.yaml | 1 + docs/magnum-kubernetes-cluster-setup-guide.md | 50 ++++++++++++------- docs/openstack-glance-images.md | 35 +++++++++++++ docs/openstack-magnum.md | 1 - docs/openstack-octavia.md | 1 - 7 files changed, 94 insertions(+), 20 deletions(-) create mode 100644 base-kustomize/magnum/base/hpa-magnum-conductor.yaml diff --git a/base-helm-configs/magnum/magnum-helm-overrides.yaml b/base-helm-configs/magnum/magnum-helm-overrides.yaml index cfe80c02..95ec50f4 100644 --- a/base-helm-configs/magnum/magnum-helm-overrides.yaml +++ b/base-helm-configs/magnum/magnum-helm-overrides.yaml @@ -111,6 +111,7 @@ conf: database: max_retries: -1 trust: + cluster_user_trust: true trustee_domain_name: magnum keystone_auth: auth_section: keystone_authtoken diff --git a/base-kustomize/magnum/base/hpa-magnum-conductor.yaml b/base-kustomize/magnum/base/hpa-magnum-conductor.yaml new file mode 100644 index 00000000..d0d61f75 --- /dev/null +++ b/base-kustomize/magnum/base/hpa-magnum-conductor.yaml @@ -0,0 +1,25 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: magnum-conductor + namespace: openstack +spec: + maxReplicas: 9 + minReplicas: 3 + metrics: + - resource: + name: cpu + target: + averageUtilization: 50 + type: Utilization + type: Resource + - resource: + name: memory + target: + averageUtilization: 60 + type: Utilization + type: Resource + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: magnum-conductor diff --git a/base-kustomize/magnum/base/kustomization.yaml b/base-kustomize/magnum/base/kustomization.yaml index 9e5b56b7..1c21a8dc 100644 --- a/base-kustomize/magnum/base/kustomization.yaml +++ b/base-kustomize/magnum/base/kustomization.yaml @@ -3,3 +3,4 @@ resources: - magnum-rabbitmq-queue.yaml - all.yaml - hpa-magnum-api.yaml + - hpa-magnum-conductor.yaml diff --git a/docs/magnum-kubernetes-cluster-setup-guide.md b/docs/magnum-kubernetes-cluster-setup-guide.md index 7e6afee8..299b6601 100644 --- a/docs/magnum-kubernetes-cluster-setup-guide.md +++ b/docs/magnum-kubernetes-cluster-setup-guide.md @@ -1,21 +1,19 @@ # Magnum Kubernetes Cluster Setup Guide -You can provision kubernetes clusters made up of virtual machines or baremetal servers. Magnum service uses Cluster Templates to describe how a Cluster is constructed. In below example you will create a Cluster Template for a specific COE and then you will provision a Cluster using the corresponding Cluster Template. Then, you can use the appropriate COE client or endpoint to create containers. For more detailed information on creating clusters, refer to the [upstream magnum documentation](https://docs.openstack.org/magnum/latest/user/index.html). +!!! note + + Octavia and Barbican are mandatory components for OpenStack Magnum. Octavia provides advanced load balancing capabilities, which can enhance the availability and distribution of network traffic across your containerized applications. Barbican offers secure management of encryption keys and secrets, which is valuable for maintaining the security of your applications and data. Ensuring these services are integrated into your OpenStack environment is necessary for optimizing the functionality and security of your Magnum-based deployments. + +This document is intended for users who use Magnum to deploy and manage clusters of hosts for a Container Orchestration Engine. It describes the infrastructure that Magnum creates and how to work with them. You can provision clusters made up of virtual machines or baremetal servers. Magnum service uses Cluster Templates to describe how a Cluster is constructed. The process involves creating a Cluster Template for a specific COE and then you will provision a Cluster using the corresponding Cluster Template. Once the cluster is provisioned, you can use the appropriate COE client or endpoint to manage and deploy containers. For more detailed information on cluster creation and management, please refer to the [Magnum User Documentation](https://docs.openstack.org/magnum/latest/user/index.html). ## Create an image -``` shell -wget https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/40.20240728.3.0/x86_64/fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2.xz -apt-get update -apt-get install wget xz-utils -unxz fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2.xz -``` -``` shell -openstack image create --disk-format=qcow2 --container-format=bare --file=fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2 --property os_distro='fedora-coreos' fedora-coreos-latest -``` +To create an image required by Magnum, please refer to the [Glance Image Creation Guide](https://docs.rackspacecloud.com/openstack-glance-images/#fedora-coreos-image-required-by-magnum) for detailed instructions on how to set up a Fedora CoreOS image. ## Create an external network (optional) -To create a magnum cluster, you need an external network. If there are no external networks, create one with an appropriate provider based on your cloud provider support for your case: + +To create a Magnum cluster, you need an external network. If there are no external networks, create one with an appropriate provider based on your cloud provider support for your case: Below is the example command: + ``` shell openstack network create public --provider-network-type vlan --external --project service ``` @@ -25,30 +23,46 @@ openstack subnet create public-subnet --network public --subnet-range 192.168.1. ``` ## Create a keypair (Optional) + To create a magnum cluster, you need a keypair which will be passed in all compute instances of the cluster. If you don’t have a keypair in your project, create one. + ``` shell openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey ``` -## Provision a Kubernetes cluster -Following this example, you will provision a Kubernetes cluster with one master and one node. +## ClusterTemplate + +A ClusterTemplate is a collection of parameters to describe how a cluster can be constructed. Some parameters are relevant to the infrastructure of the cluster, while others are for the particular COE. In a typical workflow, a user would create a ClusterTemplate, then create one or more clusters using the ClusterTemplate. A ClusterTemplate cannot be updated or deleted if a cluster using this ClusterTemplate still exists. + +### Create a ClusterTemplate + +Create a cluster template for a Kubernetes cluster using the fedora-coreos-latest image, m1.large as the flavor for the master and the node, public as the external network and 8.8.8.8 for the DNS nameserver. Below is the example command to create the clustertemplate. For more detailed information about the parameters and labels used in the ClusterTemplate, please refer to the [ClusterTemplate]https://docs.openstack.org/magnum/latest/user/index.html#clustertemplate documentation. -Create a cluster template for a Kubernetes cluster using the fedora-coreos-latest image, m1.large as the flavor for the master and the node, public as the external network and 8.8.8.8 for the DNS nameserver, using the following command: ``` shell openstack coe cluster template create new-cluster-template \ - --image fedora-coreos-latest \ + --image magnum-fedora-coreos-40 \ --external-network public \ --dns-nameserver 8.8.8.8 \ --master-flavor m1.large \ --flavor m1.large \ + --network-driver calico \ + --volume-driver cinder \ + --docker-volume-size 3 \ --coe "kubernetes" ``` -Create a cluster with one node and one master using mykey as the keypair, using the following command: +## Cluster + +A cluster is an instance of the ClusterTemplate of a COE. Magnum deploys a cluster by referring to the attributes defined in the particular ClusterTemplate as well as a few additional parameters for the cluster. Magnum deploys the orchestration templates provided by the cluster driver to create and configure all the necessary infrastructure. When ready, the cluster is a fully operational COE that can host containers. + +### Provision a Kubernetes cluster + +Create a cluster with 4 nodes and 3 masters using mykey as the keypair, using the following command: + ``` shell openstack coe cluster create new-k8s-cluster \ --cluster-template new-cluster-template \ - --master-count 1 \ - --node-count 1 \ + --master-count 3 \ + --node-count 4 \ --keypair mykey ``` diff --git a/docs/openstack-glance-images.md b/docs/openstack-glance-images.md index 8792bd5b..b1ca482a 100644 --- a/docs/openstack-glance-images.md +++ b/docs/openstack-glance-images.md @@ -211,6 +211,10 @@ openstack --os-cloud default image create \ CentOS-Stream-8 ``` +## Get Fedora CoreOS + +### CoreOS 40 + !!! note Make sure you get the most up to date image URL from the [upstream documentation](https://fedoraproject.org/coreos/download). @@ -241,6 +245,37 @@ openstack --os-cloud default image create \ fedora-coreos-40 ``` +### Fedora CoreOS Image Required by Magnum + +!!! note + + When configuring the ClusterTemplate, you must specify the image used to boot the servers. To do this, register the image with OpenStack Glance and ensure that the os_distro property is set to fedora-coreos. The os_distro attribute must be defined and accurately reflect the distribution used by the cluster driver. This parameter is mandatory and does not have a default value, so it must be specified explicitly. Note that the os_distro attribute is case-sensitive. Currently, only Fedora CoreOS is supported. For more detailed information, refer to the [upstream magnum documentation](https://docs.openstack.org/magnum/latest/user/index.html). + +``` shell +wget https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/40.20240728.3.0/x86_64/fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2.xz +xz -d fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2.xz +openstack --os-cloud default image create \ + --progress \ + --disk-format qcow2 \ + --container-format bare \ + --public \ + --file fedora-coreos-40.20240728.3.0-openstack.x86_64.qcow2 \ + --property hw_scsi_model=virtio-scsi \ + --property hw_disk_bus=scsi \ + --property hw_vif_multiqueue_enabled=true \ + --property hw_qemu_guest_agent=yes \ + --property hypervisor_type=kvm \ + --property img_config_drive=optional \ + --property hw_machine_type=q35 \ + --property hw_firmware_type=uefi \ + --property os_require_quiesce=yes \ + --property os_type=linux \ + --property os_admin_user=coreos \ + --property os_distro=fedora-coreos \ + --property os_version=40 \ + magnum-fedora-coreos-40 +``` + ## Get openSUSE Leap ### Leap 15 diff --git a/docs/openstack-magnum.md b/docs/openstack-magnum.md index 196f4f0d..1d63a44c 100644 --- a/docs/openstack-magnum.md +++ b/docs/openstack-magnum.md @@ -37,7 +37,6 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install magnum ./magnum \ --namespace=openstack \ - --wait \ --timeout 120m \ -f /opt/genestack/base-helm-configs/magnum/magnum-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/openstack-octavia.md b/docs/openstack-octavia.md index 6e2af2f9..1a307a4e 100644 --- a/docs/openstack-octavia.md +++ b/docs/openstack-octavia.md @@ -37,7 +37,6 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install octavia ./octavia \ --namespace=openstack \ - --wait \ --timeout 120m \ -f /opt/genestack/base-helm-configs/octavia/octavia-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \