RA2 Ch4 - Host OS, Kubernetes, Container Runtime and Storage content #874
Conversation
Host OS description
Updates to Host OS, Kubernetes, Runtimes sections
Storage updates, added OCI and changed status.
tomkivlin
requested review from
CsatariGergely,
TamasZsiros,
rabi-abdel and
yangxu-hw
4-1 --> 3-1
Typos and added note about etcd not running on worker nodes.
kubeadm driving Host OS versions
| |---|---|---| | ||
| |Ubuntu|16.04+|| | ||
| |Debian|9+|| | ||
| |CentOS|7|| |
There was a problem hiding this comment.
At present, RHEL8 isn't compatible with kubeadm. As we progress we can add more based on other LCM tools, but I've started with just kubeadm as the "native" tool from the Kubernetes project. i.e. I'd rather get this published as-is and add more post-Snezka. Is that ok?
There was a problem hiding this comment.
well, K8s also doesn't officially support e.g. multi-tenancy, Docker versions after 17. something etc., but still we state requirements :)
but I understand your reasoning, no strong feelings one way or the other
however if we state CentOS/RHEL 7 is okay, then we need discuss kernel versions too IMO
Archived by CNCF
added content to row60
| @@ -30,10 +52,48 @@ | |||
| > * Which optional features are used and which optional API-s are available | |||
| > * Which [alfa or beta features](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) are used | |||
|
|
|||
| The distribution and version of Kubernetes used must be listed in the [Kubernetes Distributions and Platforms document](https://docs.google.com/spreadsheets/d/1LxSqBzjOxfGx3cmtZ4EbB_BGCxT_wlxW_xgHVVa23es/edit#gid=0) which lists all those that are Certified as being conformant with the CNCF Kubernetes specification. In order to align with the [Kubernetes version support policy](https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions), a Reference Implementation must use one of three latest minor versions (`n-2`) - e.g. if the latest version is 1.17 then the RI must use either 1.17, 1.16 or 1.15. | |||
There was a problem hiding this comment.
"The distribution and version of Kubernetes used must be listed in the Kubernetes Distributions and Platforms document which lists all those that are Certified as being conformant with the CNCF Kubernetes specification."
Suggest changes. Possibly:
CNTT will use one of the Kubernetes distributions listed in the Kubernetes Distributions and Platforms document; the document lists distributions certified as being conformant with the CNCF Kubernetes specification.
There was a problem hiding this comment.
How about:
In alignment with the Kubernetes version support policy, a Reference Implementation must use one of three latest minor versions (n-2) - e.g. if the latest version is 1.17 then the RI must use either 1.17, 1.16 or 1.15. The Kubernetes distribution or product that is used in the RI must be listed in the Kubernetes Distributions and Platforms document and marked (X) as conformant for the Kubernetes version that is being used.
There was a problem hiding this comment.
@tomkivlin That is great.
| - In order to support `req.gen.rsl.01`, `req.gen.rsl.02` and `req.gen.avl.01` a Reference Implementation must: | ||
| - Consist of either three, five or seven nodes running the etcd service (can be colocated on the master nodes, or can run on separate nodes, but not on worker nodes) | ||
| - At least one master node per availability zone or fault domain to ensure the high availability and resilience of Kubernetes control plane services | ||
| - At least one worker node per availability zone or fault domain to ensure the high availability and resilience of workloads managed by Kubernetes |
There was a problem hiding this comment.
"At least one worker node per availability zone or fault domain to ensure the high availability and resilience of workloads managed by Kubernetes"
As stated it seems to imply that we only need at least one worker node in each AZ/fault domain for workload resiliency. This needs rewording for workload resiliency: "Workload resiliency requires the need to run them on at least one worker node per availability zone or fault domain."
There was a problem hiding this comment.
As stated it seems to imply that we only need at least one worker node in each AZ/fault domain for workload resiliency.
That is correct, and I'm not sure how your suggestion differs from the existing wording? If I was to move "Consist of" from the first bullet to the statement before the list, would that make more sense?
There was a problem hiding this comment.
@tomkivlin Maybe the sentence needs improving but I tried to state that the workload must be "run" on worker nodes in each AZ: "Workload ... need to run them on at least one worker node per availability zone" -- if not clear then does the following reword help: "Workload resiliency requires the need to run the workload on at least one worker node per availability zone or fault domain."
There was a problem hiding this comment.
Ah I see - I think that is outside the scope of this RA. The requirement is to support workload resilience (which having one worker node in each AZ does), not to specify how/where the workloads are run. Bit nit-picky I know, but I am keen to avoid too much specification that isn't about the platform. Is that ok?
-- Yes, ok! |
Yes it does, thank you. |
hmm, unfortunately no :) |
Can you reference some evidence for that - for example OpenShift uses RHEL7, are you suggesting it's not suitable for production use? There will be many customers concerned I'm sure :)
Sorry, there is a later commit where I added the correct link, which contains the following: I have no problem restricting further in future PRs, but we need to be complete about it - i.e. reference the system requirement from Kubernetes documentation that states it is required, and trace back to a requirement in chapter 2. e.g. which requirement is CFS needed for, and which Kubernetes doc states it is required? I would suggest that we add as a backlog item(s) to modify in later PRs. |
hmm. kernel release notes? :) Anyway some basic references related to the few examples I have used:
K8s CPU management itself is based CFS quotas. E.g. when you set a "CPU limit", you actually set a CFS quota.
I'm fine however you want to handle it, but if it is stated in one document that "you shall use this & that feature and CNI and plugin", and then it is stated in another that "an operating system flat-out not supporting some of the features, or only supporting them with known bugs is OK" -> that's a direct contradiction to me |
|
BTW my two cents, generally speaking: it is okay to use the upstream K8s project requirements as a starting point, however it is important to note Ra2 does not define a K8s deployment. Therefore requirements directly coming from the K8s project are essential, but not satisfactory in themselves. Our end requirements and restrictions must account for the non-K8s projects too, therefore probably end up much stricter than the base K8s criteria |
Totally agree - but those extra restrictions must be driven by and traceable back to requirements in chapter 2. |
It's a fair point. I have created Issue #920 to capture this for a future PR. |
|
@TamasZsiros can you approve please (still marked as you requested changes)? |
row34/35
|
In order to merge for Snezka, I can see in the comments that Tamas is ok with the changes, it's just the approval response that needs to change. As a result it is ready to merge @rabiabdel . |
tomkivlin
added
Force Merged
* RA2 Ch4 - Host OS, Kubernetes, Container Runtime and Storage content (#874) * RA2 Ch04 Initial Content * Update chapter04.md * RA2 Ch4 - HA notes * RA2 Ch4 move content to Ch3 Host OS description * RA2 Ch4 - updates to 4.2, 4.3, 4.4 Updates to Host OS, Kubernetes, Runtimes sections * RA2 Ch4 - add more detail * RA2 Ch4 storage updates Storage updates, added OCI and changed status. * RA2 Ch3 - typo correction 4-1 --> 3-1 * RA2 Ch4 - typos and updates Typos and added note about etcd not running on worker nodes. * RA2 Ch4 - added note about kubeadm kubeadm driving Host OS versions * RA2 Ch4 - remove rkt Archived by CNCF * RA2 Ch4 - remove note about Kata/gVisor * RA2 Ch4 - update kubernetes version statement added content to row60 * Update to 4.2 and Table 4-1 - remove specific operating systems and focus on kernel versions. * RA2 Ch3 - typo correction row54 * RA2 Ch4 - remove linux 4+ as redundant * RA2 Ch4 - update to k8s version spec row54 * RA2 Ch4 - 4.2 changes row34/35 * RA2 Ch4 - merge conflict * [RA2 Ch04]: Networking part of Ch4 in RA2 (#821) * Initial commmit of the networking part of Ch4 in RA2 * Adding references to requirements This change adds references to the different requirements from Ch01. * Comparision between DANM and Multus added Due to requests in comments this change adds a comparision table of the relevant requirements and additional features of DANM and Multus. * Adding MACVLAN and User Space CNI backend options Addressing incoming comments this change adds the option to use MACVLAN CNI, lists the backend options for the User Space CNi and adds the SR-IOV Device Plugin to the SR-IOV related note. * Add an eitors note about the list of CNI plugins As we were not able to agree on the set of CNI plugins this change adds a note that the list can be changed in the future. * Must -> may for CNI-s This change switches the "must" statements regarding to CNI-s to "may" statements and adds a cladification text to the related editors note how this will be fixed in the next releases. * [RA-1 Ch02] update to handle multiple issues (#558) * [RA-1 Ch02] update to handle multiple issues PR covers Issues #266, #314, #339 and #435 * [RA-1 Ch02] Updated [RA-1 Ch02] Updated to resolve valuable feedback from multiple folks and @collivier suggested changes to Block storage and networking. Resolves Issues #266, #314, #339 and #435 * [RA-1 Ch02] Resolve Issues [RA-1 Ch02] Resolve Issues Changes to 'req.inf.com.08' and add 'req.inf.com.09' * [RA-1 Ch02] Resolve "remote Block Storage" Changed: | `req.inf.stg.01` | Storage | The Architecture **must** provide remote (not directly attached to the host) Block storage for VM Instances. | |--------|-------|------------------------| * [RA-1 Ch02} Resolve 2.3 Architecture introduction [RA-1 Ch02} Resolve 2.3 Architecture introduction as per @CsatariGergely * [RA-1 Ch02] Commented out req.sec.ntw.01/02 [RA-1 Ch02] Commented out req.sec.ntw.01 and req.sec.ntw.02 Co-authored-by: Rabi Abdel <45387599+rabiabdel@users.noreply.github.com> * [RA1 Ch08] Add gaps in openstack release ocata, pike and stein (#843) * [RI1 Ch08] Add gaps in openstack release ocata, pike and stein * Add API versions * Add features of pike and stein * Add upgrade check for Stein Fixes #842 * Add nova features * Fix JWT short form and remaining services * Update table of content * Move into RA-8 from RI-8 * Delete Deprecated Annex (#933) * [RI Ch07] Sridhar ch7 sec5and6 (#931) * Chapter-7: Section 5 and 6. Adding contents from Sections 5 and 6 of Chapter-7 Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com> * Fixed Typos and removed wrong special chars. Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com> Co-authored-by: Rabi Abdel <51988225+rabi-abdel@users.noreply.github.com> * [RC1] Fill all gaps already tracked as issues in CNTT (#918) * Fill all gaps already tracked as issues in CNTT Port VTP test cases to Xtesting [1] is key because the TC doesn't conform to the principles and requirements defined. #917 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * Precise the gaps to avoid confusion Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * Add tab for the new TC Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * [RA-1 Ch04] Update Figure 4-1 (#927) * [RA-1 Ch04] Update Figure 4-1 [RA-1 Ch04] @iangardner22 Updated Figure 4-1 and added network descriptions (I am making the changes on behalf of @iangardner22) * [RA-1 Ch04] Upload latest version of Figure 4-1 [RA-1 Ch04] Upload latest version of Figure 4-1 * [RA-1 Ch04] Re upload of new Figure 4-1 [RA-1 Ch04] Re upload of new Figure 4-1 * [RA-1 Ch04] Delete Figure_4_1_OpenStack_Network_Layout_20200110 [RA-1 Ch04] Delete Figure_4_1_OpenStack_Network_Layout_20200110 -- will be updated with modified version * [RA-1 Ch04] Upload corrected version of Figure 4-1 * [WIP] [RI Ch07] Update Deployment Cookbook (#817) * Topology Diagram Description of lab topology, aligning with OPNFV Pharos. Signed-off-by: beierl <mbeierl@vmware.com> #406 * [RI1 Ch06]i Topology Diagram Description of lab topology, aligning with OPNFV Pharos. Signed-off-by: beierl <mbeierl@vmware.com> * [WIP] [RI Ch07] Update Deployment Cookbook #797 * Create path for Airship vs. future installers * Adds requirements Added section on hardware used and information about how to get VPN access and what routes are available. * Adds requirements Added section on hardware used and information about how to get VPN access and what routes are available. * Revert "Adds requirements" This reverts commit b25e762. * Changes to Ch 07 only Cleanup of chapter 6 in this PR so that it does not interfere with any other PR. * Changes to Ch 07 only Cleanup of chapter 6 in this PR so that it does not interfere with any other PR. Co-authored-by: Rabi Abdel <45387599+rabiabdel@users.noreply.github.com> * [RC] One missing word (nit) (#934) Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> Co-authored-by: Tom Kivlin <52716470+tomkivlin@users.noreply.github.com> Co-authored-by: Gergely Csatari <gergely.csatari@nokia.com> Co-authored-by: Pankaj Goyal <52107136+pgoyal01@users.noreply.github.com> Co-authored-by: Deepanshu Bhatia <deep23bhatia@gmail.com> Co-authored-by: Mark Shostak (AT&T) <49962775+markshostak@users.noreply.github.com> Co-authored-by: Sridhar K N Rao <ngignir@gmail.com> Co-authored-by: Rabi Abdel <51988225+rabi-abdel@users.noreply.github.com> Co-authored-by: collivier <ollivier.cedric@gmail.com> Co-authored-by: Mark Beierl <mbeierl@vmware.com>
* Preperatin for Snezka release * sync (#935) * RA2 Ch4 - Host OS, Kubernetes, Container Runtime and Storage content (#874) * RA2 Ch04 Initial Content * Update chapter04.md * RA2 Ch4 - HA notes * RA2 Ch4 move content to Ch3 Host OS description * RA2 Ch4 - updates to 4.2, 4.3, 4.4 Updates to Host OS, Kubernetes, Runtimes sections * RA2 Ch4 - add more detail * RA2 Ch4 storage updates Storage updates, added OCI and changed status. * RA2 Ch3 - typo correction 4-1 --> 3-1 * RA2 Ch4 - typos and updates Typos and added note about etcd not running on worker nodes. * RA2 Ch4 - added note about kubeadm kubeadm driving Host OS versions * RA2 Ch4 - remove rkt Archived by CNCF * RA2 Ch4 - remove note about Kata/gVisor * RA2 Ch4 - update kubernetes version statement added content to row60 * Update to 4.2 and Table 4-1 - remove specific operating systems and focus on kernel versions. * RA2 Ch3 - typo correction row54 * RA2 Ch4 - remove linux 4+ as redundant * RA2 Ch4 - update to k8s version spec row54 * RA2 Ch4 - 4.2 changes row34/35 * RA2 Ch4 - merge conflict * [RA2 Ch04]: Networking part of Ch4 in RA2 (#821) * Initial commmit of the networking part of Ch4 in RA2 * Adding references to requirements This change adds references to the different requirements from Ch01. * Comparision between DANM and Multus added Due to requests in comments this change adds a comparision table of the relevant requirements and additional features of DANM and Multus. * Adding MACVLAN and User Space CNI backend options Addressing incoming comments this change adds the option to use MACVLAN CNI, lists the backend options for the User Space CNi and adds the SR-IOV Device Plugin to the SR-IOV related note. * Add an eitors note about the list of CNI plugins As we were not able to agree on the set of CNI plugins this change adds a note that the list can be changed in the future. * Must -> may for CNI-s This change switches the "must" statements regarding to CNI-s to "may" statements and adds a cladification text to the related editors note how this will be fixed in the next releases. * [RA-1 Ch02] update to handle multiple issues (#558) * [RA-1 Ch02] update to handle multiple issues PR covers Issues #266, #314, #339 and #435 * [RA-1 Ch02] Updated [RA-1 Ch02] Updated to resolve valuable feedback from multiple folks and @collivier suggested changes to Block storage and networking. Resolves Issues #266, #314, #339 and #435 * [RA-1 Ch02] Resolve Issues [RA-1 Ch02] Resolve Issues Changes to 'req.inf.com.08' and add 'req.inf.com.09' * [RA-1 Ch02] Resolve "remote Block Storage" Changed: | `req.inf.stg.01` | Storage | The Architecture **must** provide remote (not directly attached to the host) Block storage for VM Instances. | |--------|-------|------------------------| * [RA-1 Ch02} Resolve 2.3 Architecture introduction [RA-1 Ch02} Resolve 2.3 Architecture introduction as per @CsatariGergely * [RA-1 Ch02] Commented out req.sec.ntw.01/02 [RA-1 Ch02] Commented out req.sec.ntw.01 and req.sec.ntw.02 Co-authored-by: Rabi Abdel <45387599+rabiabdel@users.noreply.github.com> * [RA1 Ch08] Add gaps in openstack release ocata, pike and stein (#843) * [RI1 Ch08] Add gaps in openstack release ocata, pike and stein * Add API versions * Add features of pike and stein * Add upgrade check for Stein Fixes #842 * Add nova features * Fix JWT short form and remaining services * Update table of content * Move into RA-8 from RI-8 * Delete Deprecated Annex (#933) * [RI Ch07] Sridhar ch7 sec5and6 (#931) * Chapter-7: Section 5 and 6. Adding contents from Sections 5 and 6 of Chapter-7 Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com> * Fixed Typos and removed wrong special chars. Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com> Co-authored-by: Rabi Abdel <51988225+rabi-abdel@users.noreply.github.com> * [RC1] Fill all gaps already tracked as issues in CNTT (#918) * Fill all gaps already tracked as issues in CNTT Port VTP test cases to Xtesting [1] is key because the TC doesn't conform to the principles and requirements defined. #917 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * Precise the gaps to avoid confusion Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * Add tab for the new TC Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> * [RA-1 Ch04] Update Figure 4-1 (#927) * [RA-1 Ch04] Update Figure 4-1 [RA-1 Ch04] @iangardner22 Updated Figure 4-1 and added network descriptions (I am making the changes on behalf of @iangardner22) * [RA-1 Ch04] Upload latest version of Figure 4-1 [RA-1 Ch04] Upload latest version of Figure 4-1 * [RA-1 Ch04] Re upload of new Figure 4-1 [RA-1 Ch04] Re upload of new Figure 4-1 * [RA-1 Ch04] Delete Figure_4_1_OpenStack_Network_Layout_20200110 [RA-1 Ch04] Delete Figure_4_1_OpenStack_Network_Layout_20200110 -- will be updated with modified version * [RA-1 Ch04] Upload corrected version of Figure 4-1 * [WIP] [RI Ch07] Update Deployment Cookbook (#817) * Topology Diagram Description of lab topology, aligning with OPNFV Pharos. Signed-off-by: beierl <mbeierl@vmware.com> #406 * [RI1 Ch06]i Topology Diagram Description of lab topology, aligning with OPNFV Pharos. Signed-off-by: beierl <mbeierl@vmware.com> * [WIP] [RI Ch07] Update Deployment Cookbook #797 * Create path for Airship vs. future installers * Adds requirements Added section on hardware used and information about how to get VPN access and what routes are available. * Adds requirements Added section on hardware used and information about how to get VPN access and what routes are available. * Revert "Adds requirements" This reverts commit b25e762. * Changes to Ch 07 only Cleanup of chapter 6 in this PR so that it does not interfere with any other PR. * Changes to Ch 07 only Cleanup of chapter 6 in this PR so that it does not interfere with any other PR. Co-authored-by: Rabi Abdel <45387599+rabiabdel@users.noreply.github.com> * [RC] One missing word (nit) (#934) Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> Co-authored-by: Tom Kivlin <52716470+tomkivlin@users.noreply.github.com> Co-authored-by: Gergely Csatari <gergely.csatari@nokia.com> Co-authored-by: Pankaj Goyal <52107136+pgoyal01@users.noreply.github.com> Co-authored-by: Deepanshu Bhatia <deep23bhatia@gmail.com> Co-authored-by: Mark Shostak (AT&T) <49962775+markshostak@users.noreply.github.com> Co-authored-by: Sridhar K N Rao <ngignir@gmail.com> Co-authored-by: Rabi Abdel <51988225+rabi-abdel@users.noreply.github.com> Co-authored-by: collivier <ollivier.cedric@gmail.com> Co-authored-by: Mark Beierl <mbeierl@vmware.com> * resolve conflicts in Ch07 * Update README.md * erevert * update version number Co-authored-by: Rabi Abdel <45387599+rabiabdel@users.noreply.github.com> Co-authored-by: Tom Kivlin <52716470+tomkivlin@users.noreply.github.com> Co-authored-by: Gergely Csatari <gergely.csatari@nokia.com> Co-authored-by: Pankaj Goyal <52107136+pgoyal01@users.noreply.github.com> Co-authored-by: Deepanshu Bhatia <deep23bhatia@gmail.com> Co-authored-by: Mark Shostak (AT&T) <49962775+markshostak@users.noreply.github.com> Co-authored-by: Sridhar K N Rao <ngignir@gmail.com> Co-authored-by: collivier <ollivier.cedric@gmail.com> Co-authored-by: Mark Beierl <mbeierl@vmware.com>
Fixes #642