What?
Openstack Magnum is the Container Infrastructure service, which gives you the possibility to create kubernetes clusters as native resources in Openstack. For more information about the service, and offical documentaions, read the user guide and the Magnum Wiki page
How?
First...
If you want to use the openstack CLI on your local system, install python3-openstackclient and python3-magnumclient from the repositories suiting your Operating System. Make sure you install the version corresponding to the Openstack version we are running in production (listed on this Wikis frontpage). On NTNUs logon servers, you should not worry. We've made sure we have the correct version
Cluster Templates
To get you started, there is a few public Cluster Templates available in our cloud. These are verified working by us.
Name | OS | Master flavor | Node flavor |
---|---|---|---|
kubernetes-vX.X.X | Fedora CoreOS 35 | gxN.2c4r | gxN.2c4r |
kubernetes-vX.X.X-ha | Fedora CoreOS 35 | gxN.2c4r | gxN.2c4r |
For more information, all templates can be listed with
$ openstack coe cluster template list # And then $ openstack coe cluster template show <id|name> # To view details
Private templates can be created by users. Please consult the documentation to find which parameters is needed for different Container Orchestration Engines.
Create a cluster
For an extensive and complete list of parameters, check the documentation.
Examples
For each template, you can override a few parameters when you create your cluster:
Do NOT select flavors with less resources than the default in our templates. The k8s masters will need a certain amount of RAM to function.
Parameter | Comment |
---|---|
--docker-volume-size | Size of cinder volume housing docker images and volumes. Defaults to 20GB for our public templates |
--master-flavor | Instance flavor of VMs running the master node. Defaults to gxN.2c4r for public templates |
--flavor | Instance flavor of VMs runnin worker nodes. Defaults to gxN.2c4r for public templates |
--labels | Override default labels for the give COE. Consult documentation for valid labels for each COE. Note the labels set in the public templates are there for a reason Also note that --labels does not merge by default, so if you want to add labels, please add --merge-labels as well |
Kubernetes
This will create a kubernetes cluster with one master node, and one worker
$ openstack coe cluster create <clustername> --cluster-template kubernetes-v1.xx.xx --master-count 1 --node-count 1 --keypair <your keypair>
Use a cluster
Kubernetes
You can interact with your kubernetes cluster with kubectl.
Install it first, if you don't already have it. Install-guide
Or you can use the NTNU login-servers (login.stud.ntnu.no for students or login.ansatt.ntnu.no for employees).
Source your cluster config:
$ mkdir -p ~/clusters/kubernetes-cluster $ $(openstack coe cluster config <your-cluster> --dir ~/clusters/kubernetes-cluster)
That should just work, and you can run kubectl commands as you please.
Example, to check if services are running
$ kubectl get nodes NAME STATUS ROLES AGE VERSION mycluster-o56ashbsrqqa-master-0 Ready master 131m v1.15.12 mycluster-o56ashbsrqqa-minion-0 Ready <none> 131m v1.15.12 mycluster-o56ashbsrqqa-minion-1 Ready <none> 131m v1.15.12
Our public kubernetes template does not have the keystone auth module enabled by default. But if you choose to enable it via label overrides, that makes it possible to interact with your newly created cluster via the environment variables from your opencrc file. If you want that, configure kubectl to use openstack auth as follows:
$ kubectl config set-credentials openstackuser --auth-provider=openstack $ kubectl config set-context --cluster=<yourclustername> --user=openstackuser openstackuser@<yourclustername> $ kubectl config use-context openstackuser@<yourclustername>
The defaults doesn't really allow you to do much, and you will have to setup RBAC policies yourself, to your liking.
Scaling cluster nodes
To change the number of nodes in your cluster, you can do the following:
$ openstack coe cluster update <your-cluster> replace node_count=<N>
Increasing the node_count will (obviously) add a worker node to your cluster. This is nice if your are running out of resources.
If you want to decrease the number of nodes, what happens depends on your chosen COE. If you're running k8s, magnum will try to find a node with no running containers and delete them. If no empty nodes are found, magnum will warn you, and delete a node at random.
Troubleshooting
What have been working
- Check cluster for what is wrong, usually quota
- Scale down with resize
- Fix quota
- Scale up
Debugging an uhealthy cluster
To check status of a cluster
$ heat stack-list -n # Get the id of the cluster $ openstack stack failure list <id of the cluster> # OR $ openstack coe cluster list # Get the id of the cluster, NB, it's shorter than the heat ID $ openstack coe cluster show <cluster ID>
Debugging a part of the cluster
Use heat to find the id's of the cluster
$ heat stack-list -n <snip output> $ heat resource-list <id from list above> <snip output>
Run a check of the cluster
$ openstack stack check <ID from heat stack-list -n>
Scaling down cluster when status is unhealthy
When scaling up the cluster beyond quota limit, the openstack coe cluster update command doesn't work. But resize does
$ openstack coe cluster resize <your-cluster> <N>
Upgrading
TBA