b648edfe40
Image changes: * base image ubuntu:18.04 * MAAS version 2.8.6-8602-g.07cdffcaa-0ubuntu1~18.04.1 from ppa/2.8 * default contents of /var/lib/maas are archived in /opt/maas * updated patches: - 2.3_bios_grub_partition.patch, changed in maas [0] - 2.3_partitiontable_does_not_exist.patch, changed in maas [1] [2] - 2.3_secure_headers.patch, updated for twisted 17.9.0 [3] * removed patches: - 2.3_bios_grub_preseed.patch, changed in maas, now N/A [0] - 2.3_hostheader.patch, fixed in maas [4] - 2.3_maas_enlist.patch, fixed in maas [5] - 2.3_mac_address.patch, fixed in maas [6] * new patches: - 2.8_maas_ipmi_autodetect_tool.patch, enlistment reliability * reformatted patches due to blackening change [1]: - 2.3_configure_ipmi_user.patch - 2.3_ipmi_error.patch - 2.3_kernel_package.patch, custom req to specify kernel package - 2.3_nic_filter.patch, custom req to ignore cali* interfaces - 2.3_region_secret_rotate.patch - 2.3_route.patch Chart changes: * maas-region podport is 5240 * maas config option http_boot is no longer configurable [7] * start script restores some default files into /var/lib/maas * register-rack-controller script removes old files in /etc/maas * enlist userdata now matches commissioning/curtin userdata [8] * force_gpt option is removed [9], as GPT is now the default * update to configure remote_syslog in import resources job [10] * enlist_commissioning is disabled for backwards compatibility [11] 0: |
||
---|---|---|
.github | ||
charts/maas | ||
images | ||
tools | ||
.gitignore | ||
.gitreview | ||
.zuul.yaml | ||
LICENSE | ||
Makefile | ||
README.md |
MaaS Helm Artifacts
This repository holds artifacts supporting the deployment of Canonical MaaS in a Kubernetes cluster.
Images
The MaaS install is made up of two required imags and one optional image. The Dockerfiles in this repo can be used to build all three. These images are intended to be deployed via a Kubernetes Helm chart.
MaaS Region Controller
The regiond Dockerfile builds a systemD-based Docker image to run the MaaS Region API server and metadata server.
MaaS Rack Controller
The rackd Dockerfile builds a systemD-based Docker image to run the MaaS Rack controller and dependent services (DHCPd, TFTPd, etc...). This image needs to be run in privileged host networking mode to function.
MaaS Image Cache
The cache image Dockerfile simply provides a point-in-time mirror of the maas.io image repository so that if you are deploying MaaS somewhere without network connectivity, you have a local copy of Ubuntu. Currently this only mirrors Ubuntu 18.04 Bionic and does not update the mirror after image creation.
Charts
Also provided is a Kubernetes Helm chart to deploy the MaaS pieces and integrates them. This chart depends on a previous deployment of Postgres. The recommended avenue for this is the Openstack Helm Postgres chart but any Postgres instance should work.
Overrides
Chart overrides are likely required to deploy MaaS into your environment
- values.labels.rack.node_selector_key - This is the Kubernetes label key for selecting nodes to deploy the rack controller
- values.labels.rack.node_selector_value - This is the Kubernetges label value for selecting nodes to deploy the rack controller
- values.labels.region.node_selector_key - this is the Kubernetes label key for selecting nodes to deploy the region controller
- values.labels.region.node_selector_value - This is the Kubernetes label value for selecting nodes to deploy the region controller
- values.conf.cache.enabled - Boolean on whether to use the repo cache image in the deployment
- values.conf.maas.url.maas_url - The URL rack controllers and nodes should use for accessing the region API (e.g. http://10.10.10.10:8080/MAAS)
Deployment Flow
During deployment, the chart executes the below steps:
- Initializes the Postgres DB for MaaS
- Starts a Pod with the region controller and optionally the image cache sidecar container
- Once the region controller is running, deploy a Pod with the rack controller and join it to the region controller.
- Initialize the configuration of MaaS and start the image sync
- Export an API key into a Kubernetes secret so other Pods can access the API if needed