doc: Fix manual installation neutron resource
With the addition of the services documentation, the creation of the pod and services resources is much better explained there and the part in manual only adds confusion. This patch refers users to the new documentation Change-Id: I1bd83011742d77b026c746253c543839eb05a4f0 Closes-Bug: #1711074 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
This commit is contained in:
parent
d00b09ce05
commit
faa913565b
|
@ -15,10 +15,9 @@ Install ``kuryr-k8s-controller`` in a virtualenv::
|
|||
|
||||
|
||||
In neutron or in horizon create subnet for pods, subnet for services and a
|
||||
security-group for pods. You may use existing if you like.
|
||||
|
||||
.. todo::
|
||||
Add reference neutron cli commands
|
||||
security-group for pods. You may use existing if you like. In case that you
|
||||
decide to create new networks and subnets with the cli, you can follow the
|
||||
services guide, specifically its :ref:`k8s_default_configuration` section.
|
||||
|
||||
Create ``/etc/kuryr/kuryr.conf``::
|
||||
|
||||
|
|
|
@ -99,6 +99,8 @@ would help avoiding extra hops if the amphorae were scheduled in the worker
|
|||
nodes, but how much significant that is, depends on your latency and throughput
|
||||
requirements.
|
||||
|
||||
.. _k8s_default_configuration:
|
||||
|
||||
Default configuration
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
@ -681,3 +683,59 @@ Kubernetes service to be accessible to Pods.
|
|||
| updated_at | 2017-08-10T16:46:55 |
|
||||
+---------------------------+--------------------------------------+
|
||||
|
||||
.. _services_troubleshooting:
|
||||
|
||||
Troubleshooting
|
||||
---------------
|
||||
|
||||
* **Pods can talk to each other with IPv6 but they can't talk to services.**
|
||||
|
||||
This means that most likely you forgot to create a security group or rule
|
||||
for the pods to be accessible by the service CIDR. You can find an example
|
||||
here::
|
||||
|
||||
$ openstack security group create service_pod_access
|
||||
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| Field | Value |
|
||||
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
| created_at | 2017-08-16T10:01:45Z |
|
||||
| description | service_pod_access |
|
||||
| id | f0b6f0bd-40f7-4ab6-a77b-3cf9f7cc28ac |
|
||||
| name | service_pod_access |
|
||||
| project_id | 90baf12877ba49a786419b2cacc2c954 |
|
||||
| revision_number | 2 |
|
||||
| rules | created_at='2017-08-16T10:01:45Z', direction='egress', ethertype='IPv4', id='bd759b4f-c0f5-4cff-a30a-3cd8544d2822', updated_at='2017-08-16T10:01:45Z' |
|
||||
| | created_at='2017-08-16T10:01:45Z', direction='egress', ethertype='IPv6', id='c89c3f3e-a326-4902-ba26-5315e2d95320', updated_at='2017-08-16T10:01:45Z' |
|
||||
| updated_at | 2017-08-16T10:01:45Z |
|
||||
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
$ openstack security group rule create --remote-ip 10.2.0.0/16 \
|
||||
--ethertype IPv4 f0b6f0bd-40f7-4ab6-a77b-3cf9f7cc28ac
|
||||
+-------------------+--------------------------------------+
|
||||
| Field | Value |
|
||||
+-------------------+--------------------------------------+
|
||||
| created_at | 2017-08-16T10:04:57Z |
|
||||
| description | |
|
||||
| direction | ingress |
|
||||
| ether_type | IPv4 |
|
||||
| id | cface77f-666f-4a4c-8a15-a9c6953acf08 |
|
||||
| name | None |
|
||||
| port_range_max | None |
|
||||
| port_range_min | None |
|
||||
| project_id | 90baf12877ba49a786419b2cacc2c954 |
|
||||
| protocol | tcp |
|
||||
| remote_group_id | None |
|
||||
| remote_ip_prefix | 10.2.0.0/16 |
|
||||
| revision_number | 0 |
|
||||
| security_group_id | f0b6f0bd-40f7-4ab6-a77b-3cf9f7cc28ac |
|
||||
| updated_at | 2017-08-16T10:04:57Z |
|
||||
+-------------------+--------------------------------------+
|
||||
|
||||
Then remember to add the new security groups to the comma-separated
|
||||
*pod_security_groups* setting in the section *[neutron_defaults]* of
|
||||
/etc/kuryr/kuryr.conf. After making the kuryr.conf edits, you need to
|
||||
restart the kuryr controller for the changes to take effect.
|
||||
|
||||
If you want your current pods to get this change applied, the most
|
||||
comfortable way to do that is to delete them and let the Kubernetes
|
||||
Deployment create them automatically for you.
|
||||
|
|
Loading…
Reference in New Issue