juniper / contrail-kubernetes-docs Goto Github PK

License: Apache License 2.0

contrail-kubernetes-docs's Introduction

Contrail + ( Kubernetes / Openshift )

Kubernetes (K8s) is an open source container management platform. It provides a portable platform across public and private clouds. K8s supports deployment, scaling and auto-healing of applications. More details can be found at: http://kubernetes.io/docs/whatisk8s/.

There is a need to provide pod addressing, network isolation, policy based security, gateway, SNAT, loadalancer and service chaining capability in Kubernetes orchestratation. To this end K8s supports a framework for most of the basic network connectivity. This pluggable framework is called Container Network Interface (CNI). Opencontrail will support CNI for Kubernetes.

Currently K8s provides a flat networking model wherein all pods can talk to each other. Opencontrail will add additional networking functionality to the solution - multi-tenancy, network isolation, micro-segmentation with network policies, load-balancing etc.

Installation: Quick and Simple

Disclaimer: The one-step install is for those who are waiting with bated breath to get their hands on a Contrail Kubernetes cluster. This is meant as a quickstart install and is not as fequently validated to work as the standard mode of install. Though functionally identical to standard install, we dont recommend this for anything other than quick tryouts.

1-Step Standalone Kubernetes - Ubuntu

1-Step Standalone Kubernetes - Centos

Installation: Standard and Recommended

Deployment Modes - Kubernetes

Contrail provides more than one way of providing networking to a K8s cluster.

Standalone Kubernetes

Nested Kubernetes

Non-Nested Kubernetes

Deployment Modes - Openshift

Standalone Openshift 3.11

Nested Openshift 3.11

Standalone Openshift 3.9

Nested Openshift 3.9

Standalone Openshift 3.7

contrail-kubernetes-docs's People

Contributors

Stargazers

Watchers

contrail-kubernetes-docs's Issues

Tidy up of one click deployment for Centos

I have raised the following Pull request:

#19

This is to tidy up the once click deployment so it will work

~ Haji

pod contrail-analytics-* restarting

pod contrail-analytics-jlh7l restarted so many times. It seems an error "Failed to import package "sandesh"" in container contrail-analytics-alarm-gen, details:

[root@dce07 ~]# kubectl logs -f contrail-analytics-jlh7l -n kube-system contrail-analytics-alarm-gen
12/13/2018 01:30:41 PM [contrail-alarm-gen] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
12/13/2018 01:30:42 PM [contrail-alarm-gen] [ERROR]: Failed to import package "sandesh"
12/13/2018 01:30:42 PM [contrail-alarm-gen] [INFO]: SANDESH: INTROSPECT IS ON: 0.0.0.0:5995
12/13/2018 01:30:42 PM [contrail-alarm-gen] [ERROR]: Failed to import package "sandesh"
12/13/2018 01:30:42 PM [contrail-alarm-gen] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]
^C
[root@dce07 ~]# ss -ltnp | grep 5995
LISTEN     0      128          *:5995                     *:*                   users:(("python",pid=9360,fd=6))

Request to update quick start readme with minimum machine requirements

Following quick start readme, attempted to install contrail on an existing {1 master, 1 worker} k8s cluster.

Most of the pods on master node failed in container pull stage due to lack of space. My master was running on m3.medium AWS instance (1vCPU, 3.75GiB, 8GB root volume). By trial and error, figured out that pods scheduled on master node needed m3.large node (2 vCPUs, 7.5GiB) with 15GB root volume. It would be helpful to folks trying out quick start for the time to have these minimum requirements called out in the readme. Thanks!

Kubernetes quick start yaml needs update to docker repo location

Yaml file for Contrail single step CNI install on ubuntu attempts to pull images from ci-repo.englab.juniper.net:5010 repo which is inaccessible from outside of Juniper:

root@ip-172-20-51-40:~# docker -D pull ci-repo.englab.juniper.net:5010/contrail-external-zookeeper
Using default tag: latest
Pulling repository ci-repo.englab.juniper.net:5010/contrail-external-zookeeper
Error while pulling image: Get http://ci-repo.englab.juniper.net:5010/v1/repositories/contrail-external-zookeeper/images: dial tcp: lookup ci-repo.englab.juniper.net on 172.20.0.2:53: no such host
root@ip-172-20-51-40:~#

$ nslookup ci-repo.englab.juniper.net
Server:		2001:558:feed::1
Address:	2001:558:feed::1#53

** server can't find ci-repo.englab.juniper.net: NXDOMAIN

All of the container images listed in the yaml file are available from default docker hub under opencontrailnightly org. So, replaced ci-repo.englab.juniper.net:5010 with opencontrailnightly in yaml file:

K8S_MASTER_IP=x.x.x.x;CONTRAIL_REPO=opencontrailnightly; CONTRAIL_RELEASE="latest"; mkdir -pm 777 /var/lib/contrail/kafka-logs; curl https://raw.githubusercontent.com/Juniper/contrail-kubernetes-docs/master/install/kubernetes/templates/contrail-single-step-cni-install-ubuntu.yaml | sed "s/{{ K8S_MASTER_IP }}/$K8S_MASTER_IP/g; s/{{ CONTRAIL_REPO }}/$CONTRAIL_REPO/g; s/{{ CONTRAIL_RELEASE }}/$CONTRAIL_RELEASE/g" | kubectl apply -f -

After the update, k8s was able to pull images for all of the objects in the manifest successfully.

Happy to submit PR for README if granted access. Thanks!

If DaemonSet contrail-agent need toleration ?

Learning from contrail-standalone-kubernetes architecture, there is no need to deploy contrail-agent on the master node，so I delete the spec.template.spec.tolerations in DaemonSet contrail-agent. Because the vhost0 has a network failure after contrail-agent initialized on the master node，although there is a default route via vhost0 in host's route-table.

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: contrail-agent
  namespace: kube-system
  labels:
    app: contrail-agent
spec:
  template:
    metadata:
      labels:
        app: contrail-agent
    spec:
      #tolerations:
      #- key: node-role.kubernetes.io/master
        #operator: Exists
        #effect: NoSchedule
      automountServiceAccountToken: false
      hostNetwork: true
      initContainers:
      - name: contrail-node-init
        image: "docker.io/opencontrailnightly/contrail-node-init:latest"
        imagePullPolicy: ""
        securityContext:
          privileged: true

Don't expose internal repository

ci-repo.englab.juniper.net:5010 can be connected from Juniper internal network.
It must not expose internal repository to public. Please remove ci-repo.englab.juniper.net:5000 then replace opancongrailnightly.

Contrail-controller-config k8s pod on master node stuck in forever restart loop

Deployed Contrail on {1 master, 1 worker} k8s cluster on Ubuntu using this readme.

root@ip-172-20-44-42:~# kubectl get pods -n kube-system | grep contrail-controller-config
contrail-controller-config-w9f8n                       5/5       Running                  144        1h

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-api
No handlers could be found for logger "vnc_cfg_api_server.resources"
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: INTROSPECT IS ON: 0.0.0.0:8084
05/30/2019 08:14:05 PM [contrail-api] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-api
No handlers could be found for logger "vnc_cfg_api_server.resources"
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: INTROSPECT IS ON: 0.0.0.0:8084
05/30/2019 08:14:05 PM [contrail-api] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-api
No handlers could be found for logger "vnc_cfg_api_server.resources"
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:14:04 PM [contrail-api] [INFO]: SANDESH: INTROSPECT IS ON: 0.0.0.0:8084
05/30/2019 08:14:05 PM [contrail-api] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-devicemgr
05/30/2019 08:13:40 PM [contrail-device-manager] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:13:42 PM [contrail-device-manager] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-schema
05/30/2019 08:13:47 PM [contrail-schema] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:13:48 PM [contrail-schema] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-svcmonitor
05/30/2019 08:13:43 PM [contrail-svc-monitor] [INFO]: SANDESH: CONNECT TO COLLECTOR: True
05/30/2019 08:13:46 PM [contrail-svc-monitor] [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]

root@ip-172-20-44-42:~# kubectl logs contrail-controller-config-w9f8n -n kube-system -c contrail-controller-config-nodemgr
INFO: Provisioning cmdline: python /opt/contrail/utils/provision_config_node.py --oper add --host_name api.internal.root-lhiemikh.k8s.local --host_ip 172.20.44.42 --api_server_ip {for each node from the list: 172.20.44.42} --api_server_port 8082 
INFO: Provisioning attempt 1 of 10 (pause 3)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 2 of 10 (pause 4)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 3 of 10 (pause 5)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 4 of 10 (pause 6)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 5 of 10 (pause 7)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 6 of 10 (pause 8)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 7 of 10 (pause 9)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 8 of 10 (pause 10)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 9 of 10 (pause 11)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 10 of 10 (pause 12)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_config_node.py", line 172, in <module>
    main()
  File "/opt/contrail/utils/provision_config_node.py", line 168, in main
    ConfigNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_config_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
ERROR: Provisioning was failed
ERROR: provision.sh was failed. Exiting...

admin@ip-172-20-44-42:~$ kubectl get pods -n kube-system | grep contrail-controller-config
contrail-controller-config-w9f8n                       0/5       Error                       151        2h

This failure in API server brought down pods contrail-analytics-snmp, contrail-config-database-nodemgr, contrail-config-database-nodemgr:

root@ip-172-20-44-42:~# kubectl -n kube-system logs contrail-analytics-snmp-fb7g8 -c contrail-analytics-snmp-nodemgr
INFO: Provisioning cmdline: python /opt/contrail/utils/provision_analytics_snmp_node.py --oper add --host_name api.internal.root-lhiemikh.k8s.local --host_ip 172.20.44.42 --api_server_ip {for each node from the list: 172.20.44.42} --api_server_port 8082 
INFO: Provisioning attempt 1 of 10 (pause 3)
Traceback (most recent call last):
  File "/opt/contrail/utils/provision_analytics_snmp_node.py", line 176, in <module>
    main()
  File "/opt/contrail/utils/provision_analytics_snmp_node.py", line 172, in main
    AnalyticsSNMPNodeProvisioner(args_str)
  File "/opt/contrail/utils/provision_analytics_snmp_node.py", line 35, in __init__
    api_server_use_ssl=self._args.api_server_use_ssl)
  File "/opt/contrail/utils/vnc_admin_api.py", line 35, in __init__
    auth_host=self.auth_host)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 573, in __init__
    retry_on_error=False)
  File "/usr/lib/python2.7/site-packages/vnc_api/vnc_api.py", line 1075, in _request
    raise ConnectionError
requests.exceptions.ConnectionError
INFO: Provisioning attempt 2 of 10 (pause 4)
ERROR: Provisioning was failed

# kubectl cluster-info
Kubernetes master is running at https://api-root-lhiemikh-k8s-loc-a8s3ea-638721347.us-east-1.elb.amazonaws.com
KubeDNS is running at https://api-root-lhiemikh-k8s-loc-a8s3ea-638721347.us-east-1.elb.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

# kubectl get nodes
NAME                            STATUS    ROLES     AGE       VERSION
ip-172-20-41-224.ec2.internal   Ready     node      10d       v1.10.7
ip-172-20-44-42.ec2.internal    Ready     master    1d        v1.10.7

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.