Add supporting Kubernetes to devstack

This patch describes the way to install Kubernetes VIM via Devstack and
register Kubernetes VIM in Tacker.

Tacker reuses the efforts from Kuryr-Kubernetes project to create
Kubernetes cluster. This patch also sets up native Neutron-based networking
between Kubernetes and OpenStack VIMs to connect VM based and container based
VNFs together, that bring hybrid deployment SFC in the future.

Partially Implements: blueprint kubernetes-as-vim

Change-Id: Idf04f012c6daf93a33ad89a5a7c737f3668eb405
This commit is contained in:
Cong Phuoc Hoang 2017-09-30 01:17:39 +09:00 committed by hoangphuoc
parent 40ab3be2e9
commit be9e41e11f
6 changed files with 348 additions and 2 deletions

View File

@ -0,0 +1,41 @@
#!/bin/bash
#
# lib/kubernetes_vim
# functions - functions specific to kubernetes_vim
function configure_k8s_vim {
iniset "/$Q_PLUGIN_CONF_FILE" ml2_type_flat flat_networks $PUBLIC_PHYSICAL_NETWORK,$MGMT_PHYS_NET,$K8S_PHYS_NET
iniset "/$Q_PLUGIN_CONF_FILE" ovs bridge_mappings $PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE,$MGMT_PHYS_NET:$BR_MGMT,$K8S_PHYS_NET:$BR_K8S
echo "Creating Kubernetes bridge"
sudo ovs-vsctl --may-exist add-br ${BR_K8S}
iniset $TACKER_CONF k8s_vim use_barbican True
}
function tacker_create_initial_k8s_network {
SUBNETPOOL_V4_ID=$(openstack subnet pool create ${SUBNETPOOL_NAME_V4} --default-prefix-length ${SUBNETPOOL_SIZE_V4} --pool-prefix ${FIXED_RANGE_K8S} --share --default -f value -c id)
NET_K8S_ID=$(openstack network create --provider-network-type flat --provider-physical-network ${K8S_PHYS_NET} --share ${NET_K8S} | awk '/ id /{print $4}')
SUBNET_K8S_ID=$(openstack subnet create ${SUBNET_K8S} --ip-version 4 --gateway ${NETWORK_GATEWAY_K8S} --network ${NET_K8S_ID} --subnet-pool ${SUBNETPOOL_V4_ID} | awk '/ id /{print $4}')
SUBNET_K8S_CIDR=$(openstack subnet show ${SUBNET_K8S_ID} -c cidr -f value)
echo "Assign ip address to ${BR_K8S}"
sudo ip link set ${BR_K8S} up
sudo ip -4 address flush dev ${BR_K8S}
sudo ip address add ${NETWORK_GATEWAY_K8S_IP} dev ${BR_K8S}
echo "Create router to connect VM, Pod and Service networks"
openstack router create ${Q_ROUTER_NAME} | grep ' id ' | get_field 2
ROUTER_K8S_PORT_IP=$(_cidr_range "${SUBNET_K8S_CIDR}" | cut -f2)
ROUTER_K8S_PORT_ID=$(openstack port create --network ${NET_K8S_ID} --fixed-ip subnet=${SUBNET_K8S_ID},ip-address=${ROUTER_K8S_PORT_IP} port-router -f value -c id)
openstack router add port ${Q_ROUTER_NAME} ${ROUTER_K8S_PORT_ID}
openstack subnet set --host-route destination=${FIXED_RANGE_K8S},gateway=${ROUTER_K8S_PORT_IP} ${SUBNET_K8S_ID}
}
function _cidr_range {
python - <<EOF "$1"
import sys
from netaddr import IPAddress, IPNetwork
n = IPNetwork(sys.argv[1])
print("%s\\t%s" % (IPAddress(n.first + 1), IPAddress(n.last - 1)))
EOF
}

View File

@ -2,7 +2,7 @@
############################################################
# Customize the following HOST_IP based on your installation
############################################################
HOST_IP=10.18.161.164
HOST_IP=127.0.0.1
ADMIN_PASSWORD=devstack
MYSQL_PASSWORD=devstack
@ -32,6 +32,10 @@ ENABLE_VERBOSE_LOG_LEVEL=True
Q_PLUGIN=ml2
Q_AGENT=openvswitch
#Disable security groups
Q_USE_SECGROUP=False
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
#PUBLIC NETWORK CONFIGURATION
Q_USE_PROVIDERNET_FOR_PUBLIC=False
FLOATING_RANGE=10.12.161.0/24
@ -40,6 +44,11 @@ PUBLIC_NETWORK_NAME=external
PUBLIC_NETWORK_GATEWAY=10.12.161.1
PUBLIC_PHYSICAL_NETWORK=public
#NET K8S NETWORK CONFIGURATION
#FIXED_RANGE_K8S=${FIXED_RANGE_K8S:-192.168.72.0/22}
#NETWORK_GATEWAY_K8S=${NETWORK_GATEWAY_K8S:-192.168.72.1}
#NETWORK_GATEWAY_K8S_IP=${NETWORK_GATEWAY_K8S_IP:-192.168.72.1/24}
# Required for l3-agent to connect to external-network-bridge
PUBLIC_BRIDGE=br-ext
@ -50,7 +59,7 @@ FIXED_RANGE=${FIXED_RANGE:-15.0.0.0/24}
enable_plugin heat https://git.openstack.org/openstack/heat master
enable_plugin networking-sfc git://git.openstack.org/openstack/networking-sfc master
enable_plugin barbican https://git.openstack.org/openstack/barbican
enable_plugin barbican https://git.openstack.org/openstack/barbican master
enable_plugin tacker https://git.openstack.org/openstack/tacker master
enable_service n-novnc
@ -60,3 +69,11 @@ disable_service tempest
#TACKER CONFIGURATION
USE_BARBICAN=True
# Enable Kubernetes and kuryr-kubernetes
KUBERNETES_VIM=True
NEUTRON_CREATE_INITIAL_NETWORKS=False
enable_plugin kuryr-kubernetes https://git.openstack.org/openstack/kuryr-kubernetes master
enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas master
enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container master

View File

@ -6,6 +6,7 @@ set -o xtrace
echo_summary "tacker's plugin.sh was called with args $1 and $2 ..."
. $DEST/tacker/devstack/lib/tacker
. $DEST/tacker/devstack/lib/kubernetes_vim
(set -o posix; set)
# check for service enabled
@ -19,6 +20,9 @@ if is_service_enabled tacker; then
# Configure after the other layer 1 and 2 services have been configured
echo_summary "Configuring Tacker"
configure_tacker
if [ "${KUBERNETES_VIM}" == "True" ]; then
configure_k8s_vim
fi
create_tacker_accounts
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
@ -34,6 +38,9 @@ if is_service_enabled tacker; then
modify_heat_flavor_policy_rule
echo_summary "Setup initial tacker network"
tacker_create_initial_network
if [ "${KUBERNETES_VIM}" == "True" ]; then
tacker_create_initial_k8s_network
fi
echo_summary "Check and download images for tacker initial"
tacker_check_and_download_images
echo_summary "Registering default VIM"

View File

@ -1,5 +1,6 @@
TACKER_MODE=${TACKER_MODE:-all}
USE_BARBICAN=True
KUBERNETES_VIM=${KUBERNETES_VIM:-False}
if [ "${TACKER_MODE}" == "all" ]; then
# Nova
@ -43,6 +44,32 @@ if [ "${TACKER_MODE}" == "all" ]; then
SUBNET1=${SUBNET1:-subnet1}
FIXED_RANGE1=${FIXED_RANGE1:-10.10.1.0/24}
NETWORK_GATEWAY1=${NETWORK_GATEWAY1:-10.10.1.1}
if [ "${KUBERNETES_VIM}" == "True" ]; then
K8S_PHYS_NET=${K8S_PHYS_NET:-"k8s-physnet"}
BR_K8S=${BR_K8S:-"br-k8s0"}
NET_K8S=${NET_K8S:-"k8s-public-net"}
SUBNET_K8S=${SUBNET_K8S:-"public-subnet"}
FIXED_RANGE_K8S=${FIXED_RANGE_K8S:-192.168.28.0/22}
NETWORK_GATEWAY_K8S=${NETWORK_GATEWAY_K8S:-192.168.28.1}
NETWORK_GATEWAY_K8S_IP=${NETWORK_GATEWAY_K8S_IP:-192.168.28.1/24}
KURYR_NEUTRON_DEFAULT_PROJECT="admin"
Q_ROUTER_NAME="route-k8s"
KURYR_NEUTRON_DEFAULT_ROUTER=${KURYR_NEUTRON_DEFAULT_ROUTER:-$Q_ROUTER_NAME}
SUBNETPOOL_NAME_V4=${SUBNETPOOL_NAME:-"shared-default-subnetpool-v4"}
SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-26}
SUBNETPOOL_V4_ID=${SUBNETPOOL_V4_ID:-} #nqa
enable_service q-lbaasv2
enable_service etcd3
enable_service kubernetes-api
enable_service kubernetes-controller-manager
enable_service kubernetes-scheduler
enable_service kubelet
enable_service kuryr-kubernetes
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
fi
elif [ "${TACKER_MODE}" == "standalone" ]; then
# set the enabled services here. This will need tacker devstack plugin put as the last one in local.conf
ENABLED_SERVICES=key,horizon,tacker,tacker-conductor,mysql,dstat,barbican,mistral,mistral-api,mistral-engine,mistral-executor,mistral-event-engine

View File

@ -52,6 +52,7 @@ us how to prepare a target VIM for Tacker.
:maxdepth: 1
install/openstack_vim_installation.rst
install/kubernetes_vim_installation.rst
Getting Started

View File

@ -0,0 +1,253 @@
..
Copyright 2014-2017 OpenStack Foundation
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
===========================
Kubernetes VIM Installation
===========================
This document describes the way to install Kubernetes VIM via Devstack and
how to register Kubernetes VIM in Tacker.
To do that job, Tacker reuses the efforts from Kuryr-Kubernetes project in
creating Kubernetes cluster and setting up native Neutron-based networking
between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will
bring VMs and Pods (and other Kubernetes resources) on the same network.
1. Edit local.conf file by adding the following content
.. code-block:: console
KUBERNETES_VIM=True
NEUTRON_CREATE_INITIAL_NETWORKS=False
enable_plugin kuryr-kubernetes https://git.openstack.org/openstack/kuryr-kubernetes master
enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas master
enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devstack-plugin-container master
You can also see the same examples in [#first]_ and [#second]_.
2. Run stack.sh
.. code-block:: console
./stack.sh
3. Get Kubernetes VIM configuration
* After successful installation, user can get "Bearer Token":
.. code-block:: console
TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')
In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more
information for authenticating to Kubernetes cluster.
* Get ssl_ca_cert:
.. code-block:: console
$ cat /opt/stack/data/hyperkube/ca.crt
-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIJAI+laRsxtQQMMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
BAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzAeFw0xNzEwMDkxMzI5NDNaFw0yNzEw
MDcxMzI5NDNaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfJ+Lsq8VmXBfZC4OPm96Y1Ots2
Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB
AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq
MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI
YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+
+Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA
AaOBjzCBjDAdBgNVHQ4EFgQU1zZHXIHhmPDe+ajaNqsOdu5QfbswUAYDVR0jBEkw
R4AU1zZHXIHhmPDe+ajaNqsOdu5QfbuhJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
LjJAMTUwNzU1NTc4M4IJAI+laRsxtQQMMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAr8ARlYpIbeML8fbxdAARuZ/dJpbKvyNHC
GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt
FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9
y8BhzIOFQALYYL+K7nERKsTSDUnTwgpN7p7CkPnAGUj51zqVu2cOJe48SWoO/9DZ
AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6
V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6
-----END CERTIFICATE-----
* Get basic authentication username and password:
.. code-block:: console
$ sudo cat /opt/stack/data/hyperkube/basic_auth.csv
admin,admin,admin
The basic auth file is a csv file with a minimum of 3 columns: password,
user name, user id. If there are more than 3 columns, see the following
example:
.. code-block:: console
password,user,uid,"group1,group2,group3"
* Get Kubernetes server url
By default Kubernetes server listens on https://127.0.0.1:6443 and
https://{HOST_IP}:6443
.. code-block:: console
curl http://localhost:8080/api/
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "192.168.11.110:6443"
}
]
}
4. Check Kubernetes cluster installation
By default, after set KUBERNETES_VIM=True, Devstack creates a public network
called net-k8s, and two extra ones for the kubernetes services and pods under
the project k8s:
.. code-block:: console
openstack network list --project admin
+--------------------------------------+-----------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-----------------+--------------------------------------+
| 28361f77-1875-4070-b0dc-014e26c48aeb | k8s-public-net | 28c51d19-d437-46e8-9b0e-00bc392c57d6 |
| 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 |
| 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 |
| 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb |
| c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 |
| ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 |
+--------------------------------------+-----------------+--------------------------------------+
To check Kubernetes cluster works well, please see some tests in
kuryr-kubernetes to get more information [#third]_.
5. Register Kubernetes VIM
In vim_config.yaml, project_name is namespace in Kubernetes environment
where user will deploy Pod, Deployment or Horizontal Pod Autoscaling, etc.
* Create vim_config.yaml file for Kubernetes VIM as the following examples:
.. code-block:: console
auth_url: "https://192.168.11.110:6443"
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
ssl_ca_cert: None
project_name: "default"
type: "kubernetes"
* Or vim_config.yaml with ssl_ca_cert enabled:
.. code-block:: console
auth_url: "https://192.168.11.110:6443"
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw
MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw
R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
-----END CERTIFICATE-----"
project_name: "default"
type: "kubernetes"
* You can also specify username and password for Kubernetes VIM configuration:
.. code-block:: console
auth_url: "https://192.168.11.110:6443"
username: "admin"
password: "admin"
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV
BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw
MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw
R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w
LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
-----END CERTIFICATE-----"
project_name: "default"
type: "kubernetes"
User can change the authentication like username, password, etc. Please see
Kubernetes document [#fourth]_ to read more information about Kubernetes
authentication.
* Run Tacker command for register vim:
.. code-block:: console
tacker vim-register --config-file vim_config.yaml vim-kubernetes
* Other related commands to Kubernetes VIM
.. code-block:: console
$ cat kubernetes-VIM-update.yaml
username: "admin"
password: "admin"
project_name: "default"
type: "kubernetes"
tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml
tacker vim-show vim-kubernetes
tacker vim-delete vim-kubernetes
When update Kubernetes VIM, user can update VIM information (such as username,
password, bearer_token and ssl_ca_cert) except auth_url and type of VIM.
References
==========
.. [#first] https://github.com/openstack/tacker/blob/master/doc/source/install/devstack.rst
.. [#second] https://github.com/openstack/tacker/blob/master/devstack/local.conf.example
.. [#third] https://github.com/openstack/kuryr-kubernetes/blob/master/doc/source/installation/testing_connectivity.rst
.. [#fourth] https://kubernetes.io/docs/admin/authentication