openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/doc/source/reference/compute/qinling-guide.rst
Gaetan Trellu edb3489820 Adds Qinling Ansible role 
Qinling is an OpenStack project to provide "Function as a Service".
This project aims to provide a platform to support serverless functions.

Change-Id: I239a0130f8c8b061b531dab530d65172b0914d7c
Implements: blueprint ansible-qinling-support
Story: 2005760
Task: 33468
2019-05-31 10:25:28 -04:00

3.0 KiB
Raw Blame History

Qinling - Function Engine

Overview

Qinling aims to provide a platform to support serverless functions (like AWS Lambda). Qinling supports different container orchestration platforms (Kubernetes/Swarm, etc...) and different function package storage backends (local/Swift/S3) by nature using plugin mechanism.

Kolla deploys Qinling API and Qinling Engine containers which are the main Qinling components but it needs to be connected to an existing container orchestration platforms.

Apply custom policies to Qinling API

Custom policies could be apply by creating policy.json file under /etc/kolla/config/qinling directory.

Connect to an existing Kubernetes cluster

Certificates

qinling-engine authenticates to Kubernetes by using certificates.

Note

If the cluster has not been created with OpenStack Magnum then certificates need to be gathered using different methods that will not be mentioned here.

If the Kubernetes cluster has been deployed with OpenStack Magnum then the OpenStack client should be used to retrieve the certificates.

openstack coe cluster config --dir . 687f7476-5604-4b44-8b09-b7a4f3fdbd64 --output-certs

Where 687f7476-5604-4b44-8b09-b7a4f3fdbd64 is the Kubernetes cluster ID created with Magnum.

Four files should have been generated:

  • ca.pem
  • cert.pem
  • key.pem
  • config

Only ca.pem, cert.pem and key.pem will be used, these files have to be stored in /etc/kolla/config/qinling/qinling-engine directory under these file name:

  • ca.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes_ca.crt
  • cert.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes.crt
  • key.pem: /etc/kolla/config/qinling/qinling-engine/kubernetes.key

Declare qinling_kubernetes_certificates variable in /etc/kolla/globals.yml:

qinling_kubernetes_certificates: "yes"

Kubernetes cluster

qinling-engine needs to know where to connect, the information is provided by options under [kubernetes] section inside qinling.conf configuration file.

As mentioned above, these settings are only required by qinling-engine, put the content in /etc/kolla/config/qinling/qinling-engine.conf.

[kubernetes]
kube_host = https://192.168.1.168:6443
use_api_certificate = True
ssl_ca_cert = /etc/qinling/pki/kubernetes/ca.crt
cert_file = /etc/qinling/pki/kubernetes/qinling.crt
key_file = /etc/qinling/pki/kubernetes/qinling.key
trusted_cidrs = 192.168.1.0/24,10.0.0.53/32

kube_host is the the Kubernetes cluster API address, https protocol have to be defined.

trusted_cidrs is a list of CIDR trusted by the Kubernetes cluster defined by a network policy under the qinling namespace.