k8s_fedora: Add cloud_provider_enabled label
Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver. Defaults to true. For specific kubernetes versions if 'cinder' is selected as a 'volume_driver', it is implied that the cloud provider will be enabled since they are combined. The motivation for this change is that in environments with high load to the OpenStack APIs, users might want to disable the cloud provider. story: 1775358 task: 1775358 Change-Id: I2920f699654af1f4ba45644ab60a04a3f70918fe
This commit is contained in:
Spyros Trigazis
parent
2018ac26bf
commit
974399a912
|
|
@ -358,6 +358,8 @@ the table are linked to more details elsewhere in the user guide.
|
|||
+---------------------------------------+--------------------+---------------+
|
||||
| `cgroup_driver`_ | - systemd | "systemd" |
|
||||
| | - cgroupfs | |
|
||||
| `cloud_provider_enabled`_ | - true | true |
|
||||
| | - false | |
|
||||
+---------------------------------------+--------------------+---------------+
|
||||
|
||||
Cluster
|
||||
|
|
@ -1150,6 +1152,12 @@ _`cgroup_driver`
|
|||
should be identical to the Cgroup driver that Docker has been
|
||||
started with.
|
||||
|
||||
_`cloud_provider_enabled`
|
||||
Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver. Defaults
|
||||
to true. For specific kubernetes versions if 'cinder' is selected as a
|
||||
'volume_driver', it is implied that the cloud provider will be enabled since
|
||||
they are combined.
|
||||
|
||||
External load balancer for services
|
||||
-----------------------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
|||
KUBE_ADMISSION_CONTROL="--admission-control=NodeRestriction,${ADMISSION_CONTROL_LIST}"
|
||||
fi
|
||||
|
||||
if [ -n "$TRUST_ID" ]; then
|
||||
if [ -n "$TRUST_ID" && "$(echo $CLOUD_PROVIDER_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
||||
KUBE_API_ARGS="$KUBE_API_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
|
||||
fi
|
||||
|
||||
|
|
@ -71,7 +71,7 @@ if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
|
|||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --service-account-private-key-file=$CERT_DIR/service_account_private.key --root-ca-file=$CERT_DIR/ca.crt"
|
||||
fi
|
||||
|
||||
if [ -n "$TRUST_ID" ]; then
|
||||
if [ -n "$TRUST_ID" && "$(echo $CLOUD_PROVIDER_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
||||
KUBE_CONTROLLER_MANAGER_ARGS="$KUBE_CONTROLLER_MANAGER_ARGS --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ KUBELET_ARGS="${KUBELET_ARGS} --address=${KUBE_NODE_IP} --port=10250 --read-only
|
|||
KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
|
||||
KUBELET_ARGS="${KUBELET_ARGS} ${KUBELET_OPTIONS}"
|
||||
|
||||
if [ -n "$TRUST_ID" ]; then
|
||||
if [ -n "$TRUST_ID" && "$(echo $CLOUD_PROVIDER_ENABLED | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
||||
KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=openstack --cloud-config=/etc/kubernetes/kube_openstack_config"
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ write_files:
|
|||
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||
TRUST_ID="$TRUST_ID"
|
||||
AUTH_URL="$AUTH_URL"
|
||||
CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
|
||||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||
CONTAINER_INFRA_PREFIX="$CONTAINER_INFRA_PREFIX"
|
||||
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ write_files:
|
|||
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
||||
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||
TRUST_ID="$TRUST_ID"
|
||||
CLOUD_PROVIDER_ENABLED="$CLOUD_PROVIDER_ENABLED"
|
||||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||
CONTAINER_INFRA_PREFIX="$CONTAINER_INFRA_PREFIX"
|
||||
DNS_SERVICE_IP="$DNS_SERVICE_IP"
|
||||
|
|
|
|||
|
|
@ -13,10 +13,12 @@
|
|||
from oslo_log import log as logging
|
||||
from oslo_utils import strutils
|
||||
|
||||
from magnum.common import exception
|
||||
from magnum.common.x509 import operations as x509
|
||||
from magnum.conductor.handlers.common import cert_manager
|
||||
from magnum.drivers.heat import k8s_template_def
|
||||
from magnum.drivers.heat import template_def
|
||||
from magnum.i18n import _
|
||||
from oslo_config import cfg
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
|
@ -91,12 +93,24 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
|
|||
extra_params["pods_network_cidr"] = \
|
||||
cluster.labels.get('calico_ipv4pool', '192.168.0.0/16')
|
||||
|
||||
# check cloud provider and cinder options. If cinder is selected,
|
||||
# the cloud provider needs to be enabled.
|
||||
cloud_provider_enabled = cluster.labels.get(
|
||||
'cloud_provider_enabled', 'true').lower()
|
||||
if (cluster_template.volume_driver == 'cinder'
|
||||
and cloud_provider_enabled == 'false'):
|
||||
raise exception.InvalidParameterValue(_(
|
||||
'"cinder" volume driver needs "cloud_provider_enabled" label '
|
||||
'to be true or unset.'))
|
||||
|
||||
label_list = ['kube_tag', 'container_infra_prefix',
|
||||
'availability_zone',
|
||||
'cgroup_driver',
|
||||
'calico_tag', 'calico_cni_tag',
|
||||
'calico_kube_controllers_tag', 'calico_ipv4pool',
|
||||
'etcd_tag', 'flannel_tag']
|
||||
'etcd_tag', 'flannel_tag',
|
||||
'cloud_provider_enabled']
|
||||
|
||||
for label in label_list:
|
||||
label_value = cluster.labels.get(label)
|
||||
if label_value:
|
||||
|
|
|
|||
|
|
@ -489,6 +489,11 @@ parameters:
|
|||
The private key will be used to sign generated k8s service account
|
||||
tokens.
|
||||
|
||||
cloud_provider_enabled:
|
||||
type: boolean
|
||||
description: Enable or disable the openstack kubernetes cloud provider
|
||||
default: true
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
|
|
@ -687,6 +692,7 @@ resources:
|
|||
trustee_password: {get_param: trustee_password}
|
||||
trust_id: {get_param: trust_id}
|
||||
auth_url: {get_param: auth_url}
|
||||
cloud_provider_enabled: {get_param: cloud_provider_enabled}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
container_infra_prefix: {get_param: container_infra_prefix}
|
||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||
|
|
@ -779,6 +785,7 @@ resources:
|
|||
trustee_password: {get_param: trustee_password}
|
||||
trustee_domain_id: {get_param: trustee_domain_id}
|
||||
trust_id: {get_param: trust_id}
|
||||
cloud_provider_enabled: {get_param: cloud_provider_enabled}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
container_infra_prefix: {get_param: container_infra_prefix}
|
||||
dns_service_ip: {get_param: dns_service_ip}
|
||||
|
|
|
|||
|
|
@ -387,6 +387,10 @@ parameters:
|
|||
The private key will be used to sign generated k8s service account
|
||||
tokens.
|
||||
|
||||
cloud_provider_enabled:
|
||||
type: boolean
|
||||
description: Enable or disable the openstack kubernetes cloud provider
|
||||
|
||||
resources:
|
||||
|
||||
master_wait_handle:
|
||||
|
|
@ -475,6 +479,7 @@ resources:
|
|||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||
"$TRUST_ID": {get_param: trust_id}
|
||||
"$CLOUD_PROVIDER_ENABLED": {get_param: cloud_provider_enabled}
|
||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||
"$CONTAINER_INFRA_PREFIX": {get_param: container_infra_prefix}
|
||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||
|
|
|
|||
|
|
@ -272,6 +272,10 @@ parameters:
|
|||
whether or not to use Octavia for LoadBalancer type service.
|
||||
default: False
|
||||
|
||||
cloud_provider_enabled:
|
||||
type: boolean
|
||||
description: Enable or disable the openstack kubernetes cloud provider
|
||||
|
||||
resources:
|
||||
|
||||
minion_wait_handle:
|
||||
|
|
@ -335,6 +339,7 @@ resources:
|
|||
$TRUSTEE_PASSWORD: {get_param: trustee_password}
|
||||
$TRUST_ID: {get_param: trust_id}
|
||||
$AUTH_URL: {get_param: auth_url}
|
||||
$CLOUD_PROVIDER_ENABLED: {get_param: cloud_provider_enabled}
|
||||
$INSECURE_REGISTRY_URL: {get_param: insecure_registry_url}
|
||||
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
|
||||
$DNS_SERVICE_IP: {get_param: dns_service_ip}
|
||||
|
|
|
|||
|
|
@ -368,6 +368,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'kubescheduler_options')
|
||||
kubeproxy_options = mock_cluster.labels.get(
|
||||
'kubeproxy_options')
|
||||
cloud_provider_enabled = mock_cluster.labels.get(
|
||||
'cloud_provider_enabled')
|
||||
|
||||
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
|
||||
|
||||
|
|
@ -395,6 +397,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'kubecontroller_options': kubecontroller_options,
|
||||
'kubescheduler_options': kubescheduler_options,
|
||||
'kubeproxy_options': kubeproxy_options,
|
||||
'cloud_provider_enabled': cloud_provider_enabled,
|
||||
'username': 'fake_user',
|
||||
'magnum_url': mock_osc.magnum_url.return_value,
|
||||
'region_name': mock_osc.cinder_region_name.return_value,
|
||||
|
|
@ -422,6 +425,18 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
mock_cluster,
|
||||
**expected_kwargs)
|
||||
|
||||
mock_cluster_template.volume_driver = 'cinder'
|
||||
mock_cluster.labels = {'cloud_provider_enabled': 'false'}
|
||||
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
|
||||
self.assertRaises(
|
||||
exception.InvalidParameterValue,
|
||||
k8s_def.get_params,
|
||||
mock_context,
|
||||
mock_cluster_template,
|
||||
mock_cluster,
|
||||
scale_manager=mock_scale_manager
|
||||
)
|
||||
|
||||
@mock.patch('magnum.common.keystone.is_octavia_enabled')
|
||||
@mock.patch('magnum.common.clients.OpenStackClients')
|
||||
@mock.patch('magnum.drivers.heat.template_def'
|
||||
|
|
@ -522,6 +537,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'kubescheduler_options')
|
||||
kubeproxy_options = mock_cluster.labels.get(
|
||||
'kubeproxy_options')
|
||||
cloud_provider_enabled = mock_cluster.labels.get(
|
||||
'cloud_provider_enabled')
|
||||
|
||||
k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
|
||||
|
||||
|
|
@ -549,6 +566,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
|
|||
'kubecontroller_options': kubecontroller_options,
|
||||
'kubescheduler_options': kubescheduler_options,
|
||||
'kubeproxy_options': kubeproxy_options,
|
||||
'cloud_provider_enabled': cloud_provider_enabled,
|
||||
'username': 'fake_user',
|
||||
'magnum_url': mock_osc.magnum_url.return_value,
|
||||
'region_name': mock_osc.cinder_region_name.return_value,
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Add 'cloud_provider_enabled' label for the k8s_fedora_atomic driver.
|
||||
Defaults to true. For specific kubernetes versions if 'cinder' is
|
||||
selected as a 'volume_driver', it is implied that the cloud provider
|
||||
will be enabled since they are combined.
|
||||
Loading…
Reference in New Issue