It is undeniable that OpenStack is still a viable cloud operating system and is used by many Internet service providers around the world. Rancher is the most widely used Kubernetes management platform in the industry, and manages multiple Kubernetes clusters in enterprise IT through a simple and intuitive GUI. Rancher also provides integrated tools for application development and powerful enterprise-level features for security and governance. Rancher currently has 300 million core image downloads. This article will use Rancher to create a Kubernetes cluster on Openstack.
The setup in this article was performed in Bielefeld's teutoStack public cloud environment operated by teuto.net, so the installation process may be slightly different.
Kubernetes itself has been integrated with OpenStack for some time, and a good foundation has been established. It consists of two components: OpenStack cloud provider and OpenStack node driver. In Rancher, the cloud provider can be obtained by default, and there are node drivers in Rancher, but this is not provided by default.
There are two ways to build a Rancher Kubernetes cluster on OpenStack: using the OpenStack node driver or through custom node settings ( https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters / custom-nodes /).
For easy access, all configuration examples in this article are available on Github:
https://github.com/chfrank-cgn/Rancher/tree/master/openstack
Start the OpenStack cloud provider
To allow Kubernetes to access the OpenStack API to create a load balancer or volume, you need to enable the OpenStack cloud provider. To do this, select the "Custom" option when creating a cluster for the cloud provider in the Rancher GUI, and then insert the following information into the cluster configuration (via "Edit YAML")-you can replace the actual values as needed:
rancher_kubernetes_engine_config:
...
cloud_provider:
name: "openstack"
openstackCloudProvider:
block_storage:
ignore-volume-az: true
trust-device-path: false
bs-version: "v2"
global:
auth-url: "https://api.openstack.net:5000/v3" # Keystone Auth URL
domain-name: "Default" # Identity v3 Domain Name
tenant-id: "616a8b01b5f94f99acd00a844f8f46c3" # Project ID
username: "user" # OpenStack Username
password: "pass" # OpenStack Password
load_balancer:
lb-version: "v2"
subnet-id: "f339e543-a67f-45fa-8157-4a58b0940e0b"
floating-network-id: "ca27ca05-2870-47b3-ad2f-535d04c9e736"
create-monitor: false
manage-security-groups: true
monitor-max-retries: 0
use-octavia: true
metadata:
request-timeout: 0
ignore_docker_version: false
...
With this information, Kubernetes will be able to access the OpenStack API, create and delete resources, and access Cinder volume and Octavia load balancers. Without this configuration, the Kubernetes cluster can also run well, but can not access Cinder or Octavia, or other OpenStack resources.
Method 1: Create cluster using OpenStack node driver
The node driver needs to be enabled in the Rancher configuration to create a Kubernetes cluster on OpenStack using the built-in node driver. Then you need to create a node template using the following information (actual values can be replaced as needed):
"authUrl": "https://api.openstack.net:5000/v3",
"availabilityZone": "Zone1",
"domainName": "Default",
"flavorName": "standard.2.1905",
"floatingipPool": "extern",
"imageName": "ubuntu-18.04-bionic-amd64",
"keypairName": "rancher",
"netName": "intern",
"sshPort": "22",
"sshUser": "ubuntu",
"tenantId": "616a8b01b5f94f99acd00a844f8f46c3",
"username": "user"
After that, like all other cloud providers, cluster creation is very simple.
Security Options
The following firewall rules need to be defined between Rancher and OpenStack tenants to enable automatic cluster settings:
-
Two-way ssh, http and https
-
2376 (docker) from Rancher to tenant node
-
2376, 2379, 2380, 6443, and 10250 between tenant nodes
Method 2: Use a custom node to create a cluster
You can build a cluster from a separately created instance with the help of a startup script to install and enable docker (on Ubuntu 18.04 TLS):
#!/bin/sh
apt-get update
apt-get -y install apt-transport-https jq software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get -y install docker-ce=18.06.3~ce~3-0~ubuntu
usermod -G docker -a ubuntu
exit 0
Safety Precautions
The following firewall rules need to be defined for OpenStack tenants to allow cluster creation from existing nodes:
-
SSH from Workstation
-
To Rancher http and https
Access Cinder block storage
In order to access the Cinder block storage, the following storage class definitions need to be applied:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cinder
provisioner: kubernetes.io/cinder
reclaimPolicy: Delete
parameters:
availability: nova
No further operations are required to enable the OpenStack load balancer.
Troubleshoot
There will be some errors during the initial setup, which requires continuous trial and error. Rancher itself is a good source of debug information, and its logs are output in the form of standard files. Seizing this clue will be of great help to debugging, especially during the process of creating nodes.