From 567dd4d0961132cf6b7429f0328031b0d1efca5f Mon Sep 17 00:00:00 2001 From: dineshb-jnpr Date: Wed, 20 Jun 2018 17:00:16 -0700 Subject: [PATCH] Rename K8s templates and add image repo secret env These changes are for the following: 1. Add the ability to specify K8s secret for secured image repositories, in Kubernetes single yaml generation templates. Secrets can be specified with follwoing var in common.env file: KUBERNETES_SECRET_CONTRAIL_REPO="" User is resposible to make sure that this secret exists. 2. Renamed Contrail single-yaml generation templates with appropriate names. 3. Added detailed README to introduce these templates. Change-Id: Ieae0d51bb5aa2f883a6ba9d5c59275682c14e55c Closes-Bug: #1773269 --- kubernetes/manifests/README.md | 67 +++++++++++++++++-- kubernetes/manifests/apply.sh | 3 +- ...> contrail-dpdk-standalone-kubernetes.yml} | 21 +++++- ...d.yaml => contrail-nested-kubernetes.yaml} | 4 ++ ...aml => contrail-non-nested-kubernetes.yml} | 6 +- ...ml => contrail-standalone-kubernetes.yaml} | 24 +++++++ kubernetes/manifests/delete.sh | 3 +- .../contrail-template.yaml | 0 8 files changed, 119 insertions(+), 9 deletions(-) rename kubernetes/manifests/{contrail-template-dpdk.yaml => contrail-dpdk-standalone-kubernetes.yml} (97%) rename kubernetes/manifests/{contrail-kubernetes-nested.yaml => contrail-nested-kubernetes.yaml} (97%) rename kubernetes/manifests/{contrail-template-openstack-k8s-non-nested.yaml => contrail-non-nested-kubernetes.yml} (98%) rename kubernetes/manifests/{contrail-kubernetes.yaml => contrail-standalone-kubernetes.yaml} (97%) rename kubernetes/manifests/{ => reference-templates}/contrail-template.yaml (100%) diff --git a/kubernetes/manifests/README.md b/kubernetes/manifests/README.md index 2daadfd96..0f8f65591 100644 --- a/kubernetes/manifests/README.md +++ b/kubernetes/manifests/README.md @@ -1,8 +1,67 @@ # Kubernetes manifests -Just approache can be used to employ third-party software in Contrail setup. -Details can be found in https://github.com/Juniper/contrail-container-builder/tree/master/containers/external README +This directory hosts a series of templates that allow installation of Contrail +on an existing Kubernetes cluster, using single yaml mode of installation. +Each template caters to a specific deployment model of Contrail. +These templates can be used to generate a single yaml file, that can inturn be +used provision Contrail on a Kubernetes cluster. -* contrail-template.yml +# Provision + +Provisioning of Contrail on Kubernetes cluster is a 3 step process: + +Step 1. Clone this repository + +Step 2. Populate common.env file in the top directory of this repo. + + Some samples are made available in /kubernetes/sample_config_files for + standard deployment scenarios. + +Step 3. Install Contrail +``` + cd /kubernetes/manifests + + ./resolve-manifest.sh | kubectl apply -f - +``` + +# Templates + +The following is the brief description of each of those templates. +You should choose the right template for your desired Contrail deployement model. + +* contrail-standalone-kubernetes.yaml + +To deploy standalone and all-in-one Contrail cluster. All Contrail components will be deployed. + +* contrail-dpdk-standalone-kubernetes.yml + +To deploy standalone and all-in-one Contrail cluster with DPDK for forwarding. +All Contrail components will be deployed. + +* contrail-nested-kubernetes.yaml + +To deploy Contrail in a Nested deployment mode. This model is intended for scenarios where +Contrail is providing networking function for an Openstack cluster and user would like to +provision a Kubernetes cluster on Virtual Machines spawned on this Openstack cluster. + +In this model, only contrail control plane agent (i.e Contrail Kube-Manager) and data plane +agent (i.e Contrail CNI) will be deployed in the overlay Kubernetes cluster. +These agents will in-turn interface with Contrail Control and Data plane processes +managing networking in the underlay Openstack cluster. + +* contrail-non-nested-kubernetes.yml + +To deploy Contrail in a non-nested non-standalone deployment model. In this mode, the Contrail control +plane agent (i.e Contrail Kube-Manager) will be delployed to interface with Kubernetes control plane. +For the data plane, this mode will install data plane agent(i.e Contrail CNI), data plane control +module(contrail vrouter agent) and data plane forwarding module(contrail vrouter kernel module). + +These deployed components will interface with Contrail Control and Data plane processes that have been +independently installed someplace else and are reachable by ip routing. + + +* reference-templates/contrail-template.yaml + +A reference template file, capturing all possible and relevant config environments for Kubernetes +deployment. This is strictly for reference and is not intended for yaml file generation. - Uses custom containers based on stock ones for third-party software diff --git a/kubernetes/manifests/apply.sh b/kubernetes/manifests/apply.sh index 5e0d6826a..d09ba0a28 100755 --- a/kubernetes/manifests/apply.sh +++ b/kubernetes/manifests/apply.sh @@ -1,10 +1,11 @@ #!/bin/bash # Applies specified or default template to kubernetes, resolving it on the fly. +# Default template will be the one for standalone deployment model. # Usage example: apply.sh contrail-tempate.yaml manifest_dir="${BASH_SOURCE%/*}" if [[ ! -d "$manifest_dir" ]]; then manifest_dir="$PWD"; fi -template_file=${1:-$manifest_dir"/contrail-template.yaml"} +template_file=${1:-$manifest_dir"/contrail-standalone-kubernetes.yaml"} $manifest_dir/resolve-manifest.sh "$template_file" | kubectl apply -f - diff --git a/kubernetes/manifests/contrail-template-dpdk.yaml b/kubernetes/manifests/contrail-dpdk-standalone-kubernetes.yml similarity index 97% rename from kubernetes/manifests/contrail-template-dpdk.yaml rename to kubernetes/manifests/contrail-dpdk-standalone-kubernetes.yml index bf8974ca3..c5d44f5b2 100644 --- a/kubernetes/manifests/contrail-template-dpdk.yaml +++ b/kubernetes/manifests/contrail-dpdk-standalone-kubernetes.yml @@ -175,6 +175,8 @@ spec: name: zookeeper-data - mountPath: /var/log/zookeeper name: zookeeper-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: zookeeper-data hostPath: @@ -220,6 +222,8 @@ spec: name: analyticsdb-data - mountPath: /var/log/cassandra name: analyticsdb-log + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: analyticsdb-data hostPath: @@ -265,6 +269,8 @@ spec: name: configdb-data - mountPath: /var/log/cassandra name: configdb-log + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: configdb-data hostPath: @@ -342,6 +348,8 @@ spec: name: analytics-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: analytics-logs hostPath: @@ -425,6 +433,8 @@ spec: name: control-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: control-logs hostPath: @@ -517,6 +527,8 @@ spec: name: config-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: config-logs hostPath: @@ -569,6 +581,8 @@ spec: volumeMounts: - mountPath: /var/log/contrail name: webui-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: webui-logs hostPath: @@ -658,6 +672,8 @@ spec: name: rabbitmq-data - mountPath: /var/log/rabbitmq name: rabbitmq-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: rabbitmq-data hostPath: @@ -706,6 +722,8 @@ spec: name: kube-manager-logs - mountPath: /tmp/serviceaccount name: pod-secret + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: kube-manager-logs hostPath: @@ -856,6 +874,8 @@ spec: name: agent-logs - mountPath: /mnt name: var-run + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: dev hostPath: @@ -936,4 +956,3 @@ metadata: annotations: kubernetes.io/service-account.name: contrail-kube-manager type: kubernetes.io/service-account-token - diff --git a/kubernetes/manifests/contrail-kubernetes-nested.yaml b/kubernetes/manifests/contrail-nested-kubernetes.yaml similarity index 97% rename from kubernetes/manifests/contrail-kubernetes-nested.yaml rename to kubernetes/manifests/contrail-nested-kubernetes.yaml index be7308270..ad4274231 100644 --- a/kubernetes/manifests/contrail-kubernetes-nested.yaml +++ b/kubernetes/manifests/contrail-nested-kubernetes.yaml @@ -87,6 +87,8 @@ spec: name: kube-manager-logs - mountPath: /tmp/serviceaccount name: pod-secret + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: kube-manager-logs hostPath: @@ -136,6 +138,8 @@ spec: name: opt-cni-bin - mountPath: /var/lib/contrail name: var-lib-contrail + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: etc-cni hostPath: diff --git a/kubernetes/manifests/contrail-template-openstack-k8s-non-nested.yaml b/kubernetes/manifests/contrail-non-nested-kubernetes.yml similarity index 98% rename from kubernetes/manifests/contrail-template-openstack-k8s-non-nested.yaml rename to kubernetes/manifests/contrail-non-nested-kubernetes.yml index 0bfaefa4d..5188ec0e0 100644 --- a/kubernetes/manifests/contrail-template-openstack-k8s-non-nested.yaml +++ b/kubernetes/manifests/contrail-non-nested-kubernetes.yml @@ -116,6 +116,8 @@ spec: name: kube-manager-logs - mountPath: /tmp/serviceaccount name: pod-secret + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: kube-manager-logs hostPath: @@ -266,6 +268,8 @@ spec: name: agent-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: dev hostPath: @@ -355,5 +359,3 @@ metadata: annotations: kubernetes.io/service-account.name: contrail-kube-manager type: kubernetes.io/service-account-token - - diff --git a/kubernetes/manifests/contrail-kubernetes.yaml b/kubernetes/manifests/contrail-standalone-kubernetes.yaml similarity index 97% rename from kubernetes/manifests/contrail-kubernetes.yaml rename to kubernetes/manifests/contrail-standalone-kubernetes.yaml index b0837811e..87b169a6c 100644 --- a/kubernetes/manifests/contrail-kubernetes.yaml +++ b/kubernetes/manifests/contrail-standalone-kubernetes.yaml @@ -148,6 +148,8 @@ spec: name: zookeeper-data - mountPath: /var/log/zookeeper name: zookeeper-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: zookeeper-data hostPath: @@ -195,6 +197,8 @@ spec: name: zookeeper-data - mountPath: /var/log/zookeeper name: zookeeper-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: zookeeper-data hostPath: @@ -243,6 +247,8 @@ spec: name: analyticsdb-data - mountPath: /var/log/cassandra name: analyticsdb-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: analyticsdb-data hostPath: @@ -291,6 +297,8 @@ spec: name: configdb-data - mountPath: /var/log/cassandra name: configdb-log + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: configdb-data hostPath: @@ -367,6 +375,8 @@ spec: name: analyticsdb-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: analyticsdb-logs hostPath: @@ -482,6 +492,8 @@ spec: name: analytics-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: analytics-logs hostPath: @@ -598,6 +610,8 @@ spec: name: control-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: control-logs hostPath: @@ -727,6 +741,8 @@ spec: name: config-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: config-logs hostPath: @@ -803,6 +819,8 @@ spec: volumeMounts: - mountPath: /var/log/contrail name: webui-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: webui-logs hostPath: @@ -900,6 +918,8 @@ spec: name: rabbitmq-data - mountPath: /var/log/rabbitmq name: rabbitmq-logs + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: rabbitmq-data hostPath: @@ -967,6 +987,8 @@ spec: name: kube-manager-logs - mountPath: /tmp/serviceaccount name: pod-secret + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: kube-manager-logs hostPath: @@ -1120,6 +1142,8 @@ spec: name: agent-logs - mountPath: /mnt name: docker-unix-socket + imagePullSecrets: + - name: {{ KUBERNETES_SECRET_CONTRAIL_REPO }} volumes: - name: dev hostPath: diff --git a/kubernetes/manifests/delete.sh b/kubernetes/manifests/delete.sh index 8cd4ad673..f89fa31ea 100755 --- a/kubernetes/manifests/delete.sh +++ b/kubernetes/manifests/delete.sh @@ -1,11 +1,12 @@ #!/bin/bash # Deletes kubernetes contrail deployment specified by the temlate yaml, resolving it on the fly. +# If no template is specified, will default to standalone deployment template. # Usage example: delete.sh contrail-tempate.yaml manifest_dir="${BASH_SOURCE%/*}" if [[ ! -d "$manifest_dir" ]]; then manifest_dir="$PWD"; fi -template_file=${1:-$manifest_dir"/contrail-template.yaml"} +template_file=${1:-$manifest_dir"/contrail-standalone-kubernetes.yaml"} $manifest_dir/resolve-manifest.sh "$template_file" | kubectl delete -f - diff --git a/kubernetes/manifests/contrail-template.yaml b/kubernetes/manifests/reference-templates/contrail-template.yaml similarity index 100% rename from kubernetes/manifests/contrail-template.yaml rename to kubernetes/manifests/reference-templates/contrail-template.yaml