Conclusión Kuernetes y OpenStack

Después de desplegar un cluster a mano de Kubernetes en completo HA sobre OpenStack e investigar el futuro de como planean se relacionaran estas dos tecnologías, se establecen dos formas de utilización:

Los componentes a utilizar podrían ser:


Por ultimo, muestro el componente que pienso que es el que pienso que marcara la utilización de Kubernetes en un entorno para producción sobre OpenStack.


Magnum OpenStack

Despliege de Magnum sobre RDO en CentOS

Cargamos la variables del sistema:

source /root/keystonerc_admin; source /root/virtualenv/v-magnum/bin/activate; cd /root/virtualenv/v-magnum/git/magnum/

source /root/keystonerc_admin

Instalamos lo siguiente

yum install -y gcc python-setuptools python-devel git libffi-devel openssl-devel wget python-pip python-docker-py python-virtualenv

Realizamos un upgrade de pip

pip install --upgrade pip

Clonamos el repositorio de Magnum

git clone https://git.openstack.org/openstack/magnum -b stable/liberty

Instalamos magnum

cd magnum
sudo pip install -e .

Creamos la base de datos de Magnum y su usuario

mysql -u root
CREATE DATABASE IF NOT EXISTS magnum DEFAULT CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON magnum.* TO'magnum'@'localhost' IDENTIFIED BY 'temporal';
GRANT ALL PRIVILEGES ON magnum.* TO'magnum'@'%' IDENTIFIED BY 'temporal';
exit

Copiamos la configuración de Magnum

mkdir /etc/magnum
sudo cp etc/magnum/magnum.conf.sample /etc/magnum/magnum.conf
sudo cp etc/magnum/policy.json /etc/magnum/policy.json

Configuración de Magnum

sed -i -e 's$#host = 127.0.0.1$host = 0.0.0.0$g' \
        -e 's$#rpc_backend = rabbit$rpc_backend = rabbit$g' \
        -e 's$#notification_driver =$notification_driver = messaging$g' \
        -e 's$#rabbit_host = localhost$rabbit_host = 192.168.122.212$g' \
        -e 's$#rabbit_userid = guest$rabbit_userid = guest$g' \
        -e 's$#rabbit_password = guest$rabbit_password = guest$g' \
        -e 's$#rabbit_virtual_host = /$rabbit_virtual_host = /$g' \
        -e 's$#connection = <None>$connection = mysql://magnum:temporal@192.168.122.212/magnum$g' \
        -e 's$#cert_manager_type = barbican$cert_manager_type = local$g' \
        /etc/magnum/magnum.conf
nano /etc/magnum/magnum.conf
[keystone_authtoken]
auth_uri=http://192.168.122.212:5000/v2.0
identity_uri=http://192.168.122.212:35357
auth_strategy=keystone
admin_user=magnum
admin_password=temporal
admin_tenant_name=services

El fichero deberá quedar de la siguiente forma:

nano /etc/magnum/magnum.conf
[DEFAULT]
notification_driver = messaging
rpc_backend = rabbit

[api]
host = 0.0.0.0

[barbican_client]
[bay]
[bay_heat]

[certificates]
cert_manager_type = local


[conductor]
[database]
connection = mysql://magnum:temporal@192.168.122.212/magnum


[docker]
[glance_client]
[heat_client]

[keystone_authtoken]
auth_uri=http://192.168.122.212:5000/v2.0
identity_uri=http://192.168.122.212:35357
auth_strategy=keystone
admin_user=magnum
admin_password=temporal
admin_tenant_name=services

[magnum_client]
[matchmaker_redis]
[matchmaker_ring]
[nova_client]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]

[oslo_messaging_rabbit]
rabbit_host = 192.168.122.212
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /

[oslo_policy]
[x509]

Creamos la siguiente carpeta para los certificados

mkdir -p /var/lib/magnum/certificates/

Instalamos python-magnumclient

git clone https://git.openstack.org/openstack/python-magnumclient -b stable/liberty
cd python-magnumclient
sudo pip install -e .

Creamos el servicio

(v-magnum)[root@localhost python-magnumclient(keystone_admin)]# openstack user create --password temporal magnum
+----------+----------------------------------+
| Field    | Value                            |
+----------+----------------------------------+
| email    | None                             |
| enabled  | True                             |
| id       | 48123575864f4dd299bec1701a619e83 |
| name     | magnum                           |
| username | magnum                           |
+----------+----------------------------------+
(v-magnum)[root@localhost python-magnumclient(keystone_admin)]# openstack role add --project services --user magnum admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 421f5809823e4ea99bee48cd944712d4 |
| name      | admin                            |
+-----------+----------------------------------+
(v-magnum)[root@localhost python-magnumclient(keystone_admin)]# openstack service create --name magnum --description "Magnum Container Service" container
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Magnum Container Service         |
| enabled     | True                             |
| id          | 33d77d45bc9c43f28cd1fec9a4e7243d |
| name        | magnum                           |
| type        | container                        |
+-------------+----------------------------------+

Creamos el endpoint para Magnum

(v-magnum)[root@localhost python-magnumclient(keystone_admin)]# openstack endpoint create --region RegionOne --publicurl 'http://192.168.122.212:9511/v1' --adminurl 'http://192.168.122.212:9511/v1' --internalurl 'http://192.168.122.212:9511/v1' magnum
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| adminurl     | http://192.168.122.212:9511/v1   |
| id           | 32f56bf311914a30ad3434f4bbd7bfb6 |
| internalurl  | http://192.168.122.212:9511/v1   |
| publicurl    | http://192.168.122.212:9511/v1   |
| region       | RegionOne                        |
| service_id   | 33d77d45bc9c43f28cd1fec9a4e7243d |
| service_name | magnum                           |
| service_type | container                        |
+--------------+----------------------------------+

Sincronizamos la base de datos de magnum

magnum-db-manage --config-file /etc/magnum/magnum.conf upgrade

Abrimos dos terminales ejecutando un comando en cada terminal, para realizar un test:

magnum-api --config-file /etc/magnum/magnum.conf
magnum-conductor --config-file /etc/magnum/magnum.conf

Ya que estamos en un entorno de pruebas podemos borrar la siguiente linea de /etc/magnum/policy.json

"admin_api": "rule:context_is_admin",

Realizamos un test con

(v-magnum)[root@localhost magnum(keystone_admin)]# magnum service-list
+----+-----------------------+------------------+-------+
| id | host                  | binary           | state |
+----+-----------------------+------------------+-------+
| 1  | localhost.localdomain | magnum-conductor | up    |
+----+-----------------------+------------------+-------+

Podemos bajar la siguiente imagen de Fedora preparada para magnum

wget https://fedorapeople.org/groups/magnum/fedora-21-atomic-5.qcow2

Añadimos la imagen

glance image-create --name fedora-21-atomic-5 \
                    --visibility public \
                    --disk-format qcow2 \
                    --os-distro fedora-atomic \
                    --container-format bare < fedora-21-atomic-5.qcow2

Creamos un par de claves si no tenemos estas

test -f ~/.ssh/id_rsa.pub || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa

Añadimos la nueva clave

nova keypair-add --pub-key ~/.ssh/id_rsa.pub kube-test

Creamos una nueva baymodel

magnum baymodel-create --name k8sbaymodel \
                       --image-id fedora-21-atomic-5 \
                       --keypair-id kube-test \
                       --external-network-id public \
                       --dns-nameserver 8.8.8.8 \
                       --flavor-id m1.small \
                       --docker-volume-size 5 \
                       --network-driver flannel \
                       --coe kubernetes
+---------------------+--------------------------------------+
| Property            | Value                                |
+---------------------+--------------------------------------+
| http_proxy          | None                                 |
| updated_at          | None                                 |
| master_flavor_id    | None                                 |
| fixed_network       | None                                 |
| uuid                | dd0a910e-4553-4b51-b6a2-1d106811a869 |
| no_proxy            | None                                 |
| https_proxy         | None                                 |
| tls_disabled        | False                                |
| keypair_id          | kube-test                            |
| public              | False                                |
| labels              | {}                                   |
| docker_volume_size  | 5                                    |
| external_network_id | public                               |
| cluster_distro      | fedora-atomic                        |
| image_id            | fedora-21-atomic-5                   |
| registry_enabled    | False                                |
| apiserver_port      | None                                 |
| name                | k8sbaymodel                          |
| created_at          | 2016-06-15T11:19:51+00:00            |
| network_driver      | flannel                              |
| ssh_authorized_key  | None                                 |
| coe                 | kubernetes                           |
| flavor_id           | m1.small                             |
| dns_nameserver      | 8.8.8.8                              |
+---------------------+--------------------------------------+

Creamos una nueva bay para Kubernetes

magnum bay-create --name k8sbay --baymodel k8sbaymodel --master-count 1 --node-count 1