-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #64 from aws/v0.4.2_release_artifacts
v0.4.2 release artifacts
- Loading branch information
Showing
5 changed files
with
235 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,184 @@ | ||
| # CloudStack Cluster API Provider (CAPC) Release v.0.4.2 Evaluation Deployment Guide | ||
|
|
||
| This document defines a manual deployment process suitable for evaluating this CAPC release. | ||
|
|
||
| ## Evaluation Environment Pre-Requisites: | ||
|
|
||
| ### - A running Kubernetes cluster for hosting CAPC | ||
|
|
||
| This should be an easily disposable/re-creatable cluster, such as a locally-running kind (Kuberetes in Docker) cluster. | ||
|
|
||
| Your KUBECONFIG file's *current-context* must be set to the cluster you want to use. | ||
|
|
||
| ### - CAPI clusterctl v1.0.1 (https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.0.1) | ||
|
|
||
| This process has been tested with this version of clusterctl. Subsequent 1.0.x versions should work as well. | ||
|
|
||
| ### - A CloudStack Environment with the following resources defined | ||
| - Zone | ||
| - Network | ||
| - CAPI-compatible QEMU template (i.e., created with https://github.com/kubernetes-sigs/image-builder) | ||
| - Machine Offerings (suitable for running Kubernetes nodes) | ||
| - apikey and secretkey for a CloudStack user having domain administrative privileges | ||
| - Available ACS IP Address for the k8s Control Plane endpoint (Shared network: available IP address in the network range; isolated network: public IP address) | ||
|
|
||
| ## Deployment Steps | ||
| ### Define Identity Environment Variable | ||
|
|
||
| An environment variable named CLOUDSTACK_B64ENCODED_SECRET must be defined, containing the base64 encoding of a | ||
| cloud-config properties file. This file is of the form: | ||
|
|
||
| ``` | ||
| [Global] | ||
| api-url = <urlOfCloudStackAPI> | ||
| api-key = <cloudstackUserApiKey> | ||
| secret-key = <cloudstackUserSecretKey> | ||
| ``` | ||
| After defining this in a file named cloud-config, create the environment variable with: | ||
|
|
||
| ``` | ||
| export CLOUDSTACK_B64ENCODED_SECRET=$(base64 -w0 -i cloud-config 2>/dev/null || base64 -b 0 -i cloud-config) | ||
| ``` | ||
|
|
||
| For security, delete this cloud-config file after creating this environment variable. | ||
|
|
||
| ### Deploy the supplied container image archive (.tar.gz) to a suitable image registry. | ||
|
|
||
| *We use https://github.com/kubernetes-sigs/cluster-api/blob/main/hack/kind-install-for-capd.sh to launch a local | ||
| docker registry integrated into a kind cluster for lightweight development and testing.* | ||
|
|
||
| - On a computer with docker, load the provided cluster-api-provider-capc.tar.gz to docker: | ||
| ``` | ||
| docker load --input cluster-api-provider-capc_v0.4.2.tar.gz | ||
| ``` | ||
|
|
||
| This will create image *localhost:5000/cluster-api-provider-cloudstack:v0.4.2* in your local docker. This is suitable | ||
| for pushing to a local registry. | ||
|
|
||
| - (Optional) Tag this image for your registry. | ||
| ``` | ||
| docker tag localhost:5000/cluster-api-provider-cloudstack:v0.4.2 <yourRepoFqdn>/cluster-api-provider-cloudstack:v0.4.2 | ||
| ``` | ||
|
|
||
| Push it to your registry (localhost:5000 if using local registry) | ||
| ``` | ||
| docker push <yourRepoFqdn>/cluster-api-provider-cloudstack:v0.4.2 | ||
| ``` | ||
|
|
||
| ### Create clusterctl configuration files | ||
| A cluster-api.zip file has been provided, containing the files and directory structure suitable for configuring | ||
| clusterctl to work with this interim release of CAPC. It should be restored under $HOME/.cluster-api. It contains: | ||
|
|
||
| ``` | ||
| Archive: /Users/jweite/Dev/cluster-api-cloudstack-v0.4.2-assets/cluster-api.zip | ||
| * clusterctl.yaml | ||
| * dev-repository/ | ||
| * dev-repository/infrastructure-cloudstack/ | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/ | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/cluster-template.yaml | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/cluster-template-managed-ssh.yaml | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/cluster-template-ssh-material.yaml | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/infrastructure-components.yaml | ||
| * dev-repository/infrastructure-cloudstack/v0.4.2/metadata.yaml | ||
| ``` | ||
|
|
||
| *Note: If you already have a $HOME/.cluster-api we strongly suggest you delete or stash it.* | ||
|
|
||
| ``` | ||
| cd ~ | ||
| mkdir .cluster-api | ||
| cd .cluster-api | ||
| unzip cluster-api.zip | ||
| ``` | ||
|
|
||
| ### Edit the clusterctl configuration files | ||
| - **clusterctl.yaml:** in the *url* attribute replace \<USERID\> with your OS user id to form a valid absolute path to infrastructure-components.yaml. | ||
|
|
||
| - **dev-repository/infrastructure-cloudstack/v0.4.2/infrastructure-components.yaml:** if you're not using a local registry modify the capc-controller-manager deployment, changing the spec.template.spec.containers[0].image (line 617) to correctly reflect your container registry. | ||
|
|
||
| ### Deploy CAPI and CAPC to your bootstrap Kubernetes cluster | ||
| ``` | ||
| clusterctl init --infrastructure cloudstack | ||
| ``` | ||
|
|
||
| ### Generate a manifest for the CAPI custom resources needed to allocate a workload cluster. | ||
|
|
||
| *Set the below environment variables as appropriate for your CloudStack environment.* | ||
|
|
||
| ``` | ||
| CLOUDSTACK_ZONE_NAME=<MyZoneName> \ | ||
| CLOUDSTACK_NETWORK_NAME=<MyNetworkName> \ | ||
| CLOUDSTACK_TEMPLATE_NAME=<MyTemplateName> \ | ||
| CLOUDSTACK_CONTROL_PLANE_MACHINE_OFFERING=<MyServiceOfferingName> \ | ||
| CONTROL_PLANE_MACHINE_COUNT=1 \ | ||
| CLOUDSTACK_WORKER_MACHINE_OFFERING=<MyServiceOfferingName> \ | ||
| WORKER_MACHINE_COUNT=1 \ | ||
| CLUSTER_ENDPOINT_IP=<AvailableSharedOrPublicIP> \ | ||
| CLUSTER_ENDPOINT_PORT=6443 \ | ||
| KUBERNETES_VERSION=<KubernetesVersionOnTheImage> \ | ||
| CLUSTER_NAME=<MyClusterName> \ | ||
| clusterctl generate cluster $CLUSTER_NAME --from ~/.cluster-api/dev-repository/infrastructure-cloudstack/v0.4.2/cluster-template.yaml > clusterTemplate.yaml | ||
| ``` | ||
|
|
||
| ### Review the generated clusterTemplate.yaml and adjust as necessary | ||
|
|
||
|
|
||
| ### Provision your workload cluster | ||
|
|
||
| ``` | ||
| kubectl apply -f clusterTemplate.yaml | ||
| ``` | ||
|
|
||
| Provisioning can take several minutes to complete. You will see a control plane VM created in CloudStack pretty quickly, | ||
| but it takes a while for it to complete its cloud-init to install Kubernetes and become a functioning control plane. | ||
| Allocation of the worker node(s) (with *md* in their VM names) won't occur until the control plane is operational. | ||
|
|
||
| You can monitor the CAPC controller as it conducts the provisioning process with: | ||
| ``` | ||
| # Get the full name of the CAPC controller pod | ||
| kubectl -n capc-system get pods | ||
| # Tail its logs | ||
| kubectl -n capc-system log -f <CAPCcontrollerPodFullName> | ||
| ``` | ||
|
|
||
| ### Fetch a kubeconfig to access your cluster | ||
| ``` | ||
| clusterctl get kubeconfig <clusterName> > <clusterName>_kubeconfig | ||
| ``` | ||
|
|
||
| You can then either export a KUBECONFIG environment variable pointing to this file, or use kubectl's --kubeconfig=<filePath> | ||
| flag. | ||
| ``` | ||
| export KUBECONFIG=<clusterName>_kubeconfig | ||
| ``` | ||
|
|
||
| ### Examine the provisioned Kubernetes Cluster's nodes | ||
| ``` | ||
| kubectl get nodes | ||
| ``` | ||
| Expect to see a control plane and a worker node reported by Kubernetes. Neither will report that they are ready | ||
| because no CNI is installed yet. | ||
|
|
||
| ### Install Cilium CNI | ||
| ``` | ||
| cilium install | ||
| ``` | ||
| The above command presumes that the cilium installer is present on the local workstation. | ||
|
|
||
| It will take a minute while it waits for cilium to become active. | ||
|
|
||
| ### Confirm that Cluster is Ready for Work | ||
| ``` | ||
| kubectl get nodes | ||
| ``` | ||
| Expect now to see both nodes list as ready. | ||
|
|
||
| ### Conclusion | ||
| At this point the workload cluster is ready to accept workloads. Use it in the usual way via the kubeconfig generated | ||
| earlier | ||
|
|
||
| ### Cluster Deletion | ||
| As mentioned in the preface, CAPC is not yet able to delete workload cluster. To do so manually we recommend | ||
| simply tearing-down the kind bootstrap cluster, and then manually deleting the CloudStack VMs created for it | ||
| using the CloudStack UI, API or similar facilities. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| # Cluster API Provider for Cloudstack (CAPC) Release Notes | ||
|
|
||
| ## Version v0.4.2 | ||
|
|
||
| These Release Notes are for the customer downloading and deploying CAPC private Version 0.4.2 released on 04/6/2022. | ||
|
|
||
| ### This release extends the v0.4.1 release of CAPC with: | ||
|
|
||
| * Sub-domain support | ||
| * Bug fix: failure to clean-up during CS Machine provisioning if VM provisioned to error state. | ||
| * Discontinued assigning endpoint IP address to VMs in Shared Network deployments. | ||
| * E2E Testing Sub-Project | ||
|
|
||
|
|
||
| ### TLS Certificates | ||
| The default mode of operation for the deployed Kubernetes cluster components is to use self-signed certificates. Options exist for use of an enterprise certificate authority via cert-manager (https://cert-manager.io/docs/configuration/). Detailed configuration of this component is outside the scope of this release. | ||
|
|
||
| ### Pre-conditions | ||
|
|
||
| * The following pre-conditions must be met for CAPC to operate as designed. | ||
| * A functional CloudStack 4.14 or 4.16 deployment | ||
| * The CloudStack account used by CAPC must have domain administrator privileges or be otherwise appropriately privileged to execute the API calls specified in the below CAPC CloudStack API Calls document link. | ||
| * Zone(s) and Network(s) must be pre-created and available to CAPC prior to CreateCluster API call. | ||
| * A VM template suitable for implementing a Kubernetes node with kubeadm must be available in CloudStack. | ||
| * The software has been tested with RHEL-8 images created with CAPI Image-builder. | ||
| * Machine offerings suitable for running Kubernetes nodes must be available in CloudStack | ||
| * When using CloudStack Shared Networks, an unused IP address in the shared network’s address range must be available for the Kubernetes Control Plane for each cluster, upon which it will be exposed. | ||
|
|
||
| ### Release Assets : | ||
|
|
||
| * cluster-api-provider-cloudstack-v0.4.2.tar.gz: container image of the CAPC controller | ||
| * shasum.txt containing checksum for the released cluster-api-provider-cloudstack-v0.4.2.tar.gz | ||
| * cluster-api.zip: configuration files for clusterctl | ||
| * infrastructure-components.yaml | ||
| * metadata.yaml | ||
| * cluster-template.yaml | ||
| * cluster-template-ssh.yaml | ||
| * EVALUATION_DEPLOYMENT.md: instructions for manual deployment of this interim release for evaluation via clusterctl. | ||
| * security_findings.csv: results of package security scan | ||
|
|
||
|
|
||
| ### Known Issues : | ||
|
|
||
| * Cluster upgrade is not supported when the controlPlaneEndpoint is defined to be an IP address in a shared network. | ||
|
|
||
| ### Future Scope/Features | ||
|
|
||
| * Accelerated remediation of VM state drift |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| No changes to go.mod since v0.4.1. Please refer to security_findings.csv for release v0.4.1 for details. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 4a61d056085cf929377ff56fe1ceeeb189d43a7d cluster-api-provider-cloudstack-v0.4.2.tar.gz |