From f44ae0592e15c62bc5e6ac2dce2344b2d643bcee Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Wed, 19 Apr 2017 14:08:43 -0500 Subject: [PATCH] OpenStack-Helm: Kubernetes 1.6 Support This PS moves OpenStack-Helm to both support and require K8s 1.6 Change-Id: I2be2eb3a063f279d2544fc7d65fbfd8793821213 --- ceph/templates/storage.yaml | 2 +- docs/guides-install/developer/install-minikube.md | 7 +++++-- docs/guides-install/install-multinode.md | 13 ++++++++++--- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ceph/templates/storage.yaml b/ceph/templates/storage.yaml index 084a75e9e3..b104269e56 100644 --- a/ceph/templates/storage.yaml +++ b/ceph/templates/storage.yaml @@ -15,7 +15,7 @@ # note that these secrets are handled by the common chart, not the ceph # chart, as we likely want them "everywhere" --- -apiVersion: storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: {{ .Values.storageclass.name }} diff --git a/docs/guides-install/developer/install-minikube.md b/docs/guides-install/developer/install-minikube.md index 09fcccbfb7..9dc79d9945 100644 --- a/docs/guides-install/developer/install-minikube.md +++ b/docs/guides-install/developer/install-minikube.md @@ -43,7 +43,7 @@ helm repo add local http://localhost:8879/charts # You may need to change these params for your environment. Look up use of --iso-url if needed: minikube start \ --network-plugin=cni \ - --kubernetes-version v1.5.1 \ + --kubernetes-version v1.6.0 \ --disk-size 40g \ --memory 16384 \ --cpus 4 \ @@ -51,7 +51,7 @@ minikube start \ --iso-url=https://storage.googleapis.com/minikube/iso/minikube-v1.0.4.iso # Deploy a CNI/SDN: -kubectl create -f http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/calico.yaml +kubectl create -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml # Initialize Helm/Deploy Tiller: helm init @@ -59,6 +59,9 @@ helm init # Package the Openstack-Helm Charts, and push them to your local Helm repository: make +# Setup RBAC rules +kubectl update -f https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/kubeadm-aio/assets/opt/rbac/dev.yaml + # Label the Minikube as an Openstack Control Plane node: kubectl label nodes openstack-control-plane=enabled --all --namespace=openstack diff --git a/docs/guides-install/install-multinode.md b/docs/guides-install/install-multinode.md index b949446c76..58f1a9f8c2 100644 --- a/docs/guides-install/install-multinode.md +++ b/docs/guides-install/install-multinode.md @@ -6,8 +6,8 @@ In order to drive towards a production-ready Openstack solution, our goal is to | | Version | Notes | |--- |--- |--- | -| **Kubernetes** | [v1.5.5](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#v155) | [Custom Controller for RDB tools](https://quay.io/repository/attcomdev/kube-controller-manager?tab=tags) | -| **Helm** | [v2.2.3](https://github.com/kubernetes/helm/releases/tag/v2.2.3) | Planning for [v2.3.0](https://github.com/kubernetes/helm/milestone/30) | +| **Kubernetes** | [v1.6.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#v155) | [Custom Controller for RDB tools](https://quay.io/repository/attcomdev/kube-controller-manager?tab=tags) | +| **Helm** | [v2.3.0](https://github.com/kubernetes/helm/releases/tag/v2.3.0) | | | **Calico** | [v2.1](http://docs.projectcalico.org/v2.1/releases/) | [`calicoctl` v1.1](https://github.com/projectcalico/calicoctl/releases) | | **Docker** | [v1.12.6](https://github.com/docker/docker/releases/tag/v1.12.1) | [Per kubeadm Instructions](http://kubernetes.io/docs/getting-started-guides/kubeadm/) | | @@ -42,7 +42,7 @@ admin@kubenode01:~$ After an initial `kubeadmn` deployment has been scheduled, it is time to deploy a CNI-enabled SDN. We have selected **Calico**, but have also confirmed that this works for Weave, and Romana. For Calico version v2.0, you can apply the provided [Kubeadm Hosted Install](http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/) manifest: ``` -kubectl apply -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/calico.yaml +kubectl create -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml ``` **PLEASE NOTE:** For Calico deployments using v2.0, if you are using a 192.168.0.0/16 CIDR for your Kubernetes hosts, you will need to modify [line 42](https://gist.github.com/v1k0d3n/a152b1f5b8db5a8ae9c8c7da575a9694#file-calico-kubeadm-hosted-yml-L42) for the `cidr` declaration within the `ippool`. This must be a `/16` range or more, as the `kube-controller` will hand out `/24` ranges to each node. We have included a sample comparison of the changes [here](http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/calico.yaml) and [here](https://gist.githubusercontent.com/v1k0d3n/a152b1f5b8db5a8ae9c8c7da575a9694/raw/c950eef1123a7dcc4b0dedca1a202e0c06248e9e/calico-kubeadm-hosted.yml). This is not applicable for Calico v2.1. @@ -69,6 +69,13 @@ admin@kubenode01:~$ It is important to call out that the Self Hosted Calico manifest for v2.0 (above) supports `nodetonode` mesh, and `nat-outgoing` by default. This is a change from version 1.6. +## Setting Up RBAC +Kubernetes >=v1.6 makes RBAC the default admission controller, OpenStack Helm does not currently have RBAC roles and permissions for each component so we relax the access control rules: + +``` bash +kubectl update -f https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/kubeadm-aio/assets/opt/rbac/dev.yaml +``` + ## Preparing Persistent Storage Persistent storage is improving. Please check our current and/or resolved [issues](https://github.com/att-comdev/openstack-helm/issues?utf8=✓&q=ceph) to find out how we're working with the community to improve persistent storage for our project. For now, a few preparations need to be completed.