This is an automated email from the ASF dual-hosted git repository.
sureshanaparti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
The following commit(s) were added to refs/heads/main by this push:
new b02ec91 CKS Enhancements docs (#458)
b02ec91 is described below
commit b02ec91f99f1504b2edf90794f8753e877d8b347
Author: Nicolas Vazquez <[email protected]>
AuthorDate: Thu Jun 19 02:32:22 2025 -0300
CKS Enhancements docs (#458)
* Add note about node templtes
* Add API params for Advanced Settings
* Extend documentation
* Apply suggestions from code review
Co-authored-by: dahn <[email protected]>
Co-authored-by: Pearl Dsilva <[email protected]>
* Address review comments
* Fix images and typo
* Fix CNI config sample
* Apply suggestions from code review for user data
Co-authored-by: Suresh Kumar Anaparti <[email protected]>
---------
Co-authored-by: dahn <[email protected]>
Co-authored-by: Pearl Dsilva <[email protected]>
Co-authored-by: Suresh Kumar Anaparti <[email protected]>
---
.../cks-cni-configuration-cluster-creation.png | Bin 0 -> 193362 bytes
.../cks-cni-configuration-registration-sample.png | Bin 0 -> 115523 bytes
.../cks-create-cluster-additional-settings.png | Bin 0 -> 188298 bytes
.../images/cks-custom-template-registration.png | Bin 0 -> 62081 bytes
source/plugins/cloudstack-kubernetes-service.rst | 318 ++++++++++++++++++++-
5 files changed, 316 insertions(+), 2 deletions(-)
diff --git a/source/_static/images/cks-cni-configuration-cluster-creation.png
b/source/_static/images/cks-cni-configuration-cluster-creation.png
new file mode 100644
index 0000000..c445c79
Binary files /dev/null and
b/source/_static/images/cks-cni-configuration-cluster-creation.png differ
diff --git
a/source/_static/images/cks-cni-configuration-registration-sample.png
b/source/_static/images/cks-cni-configuration-registration-sample.png
new file mode 100644
index 0000000..0ce8a61
Binary files /dev/null and
b/source/_static/images/cks-cni-configuration-registration-sample.png differ
diff --git a/source/_static/images/cks-create-cluster-additional-settings.png
b/source/_static/images/cks-create-cluster-additional-settings.png
new file mode 100644
index 0000000..5136abd
Binary files /dev/null and
b/source/_static/images/cks-create-cluster-additional-settings.png differ
diff --git a/source/_static/images/cks-custom-template-registration.png
b/source/_static/images/cks-custom-template-registration.png
new file mode 100644
index 0000000..72ff75f
Binary files /dev/null and
b/source/_static/images/cks-custom-template-registration.png differ
diff --git a/source/plugins/cloudstack-kubernetes-service.rst
b/source/plugins/cloudstack-kubernetes-service.rst
index 23b6f08..b8b156a 100644
--- a/source/plugins/cloudstack-kubernetes-service.rst
+++ b/source/plugins/cloudstack-kubernetes-service.rst
@@ -15,7 +15,16 @@ CloudStack Kubernetes Service
The Kubernetes Service plugin adds Kubernetes integration to CloudStack. The
plugin is disabled by default and an admin can enable it using a Global
Setting. It enables users to run containerized services using Kubernetes
clusters.
-With CoreOS having reached EOL, from 4.16 the Kubernetes Service Plugin will
use the existing SystemVM Template for deploying kubernetes clusters. For
installation of Kubernetes binaries on the cluster nodes, a binaries ISO is
used for each Kubernetes version to be made available via CloudStack. This
allows faster, offline installation of Kubernetes binaries and docker images
along with support for adding multiple versions of Kubernetes for upgrades and
running different clusters.
+With CoreOS having reached EOL, from 4.16 on the Kubernetes Service Plugin
will use
+the existing SystemVM Template by default for deploying kubernetes clusters.
For
+installation of Kubernetes binaries on the cluster nodes, a binaries ISO is
used for each
+Kubernetes version to be made available via CloudStack. This allows faster,
offline
+installation of Kubernetes binaries and docker images along with support for
adding
+multiple versions of Kubernetes for upgrades and running different clusters.
+
+.. note::
+ From version 4.21.0, users can choose different templates and service
offerings for different types of nodes (worker, control, etcd nodes) for
deploying Kubernetes clusters. The templates must be previously registered
selecting the 'For CKS' option.
+ See :ref:`flexible-kubernetes-clusters`.
For deployment and setup of Kubernetes on cluster nodes, the plugin uses the
Kubernetes tool, 'kubeadm'. kubeadm is the command-line tool for easily
provisioning a secure Kubernetes cluster on top of physical or cloud servers or
Instances. Under the hood, control node(s) of the cluster starts a Kubernetes
cluster using kubeadm init command with a custom token, and worker nodes join
this Kubernetes cluster using kubeadm join command with the same token. More
about kubeadm here: https://ku [...]
@@ -45,6 +54,8 @@ Once the Kubernetes service is running the new APIs will
become accessible and t
**NOTE:**
From ACS 4.16 onwards, if a CKS cluster is to be deployed on VMware, the
'vmware.create.full.clone' configuration parameter will need to be set to true,
so as to allow resizing of root volumes of the cluster nodes.
+.. _kubernetes-supported-versions:
+
Kubernetes Supported Versions
------------------------------
@@ -71,7 +82,7 @@ Usage:
.. parsed-literal::
- # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION
CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG
[OPTIONAL_OUTPUT_FILENAME]
+ # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION
CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG
[OPTIONAL_OUTPUT_FILENAME] [OPTIONAL_ETCD_VERSION]
Eg:
@@ -82,6 +93,18 @@ Eg:
**NOTE:**
From ACS 4.16 onwards, Kubernetes versions >= 1.20.x are only supported
(https://endoflife.date/kubernetes).
+**NOTE:**
+From ACS 4.21 onwards, it is possible to specify the version for etcd binaries
in the create-kubernetes-binaries-iso.sh script as an optional parameter -
ETCD_VERSION. When the ETCD_VERSION parameter is set, the specified etcd
version binaries are downloaded and stored in the Kubernetes ISO.
+
+Example for etcd version 3.5.1:
+
+.. parsed-literal::
+
+ # ./create-kubernetes-binaries-iso.sh ./ 1.27.2 1.3.0 1.27.0
https://raw.githubusercontent.com/weaveworks/weave/master/prog/weave-kube/weave-daemonset-k8s-1.11.yaml
https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
setup-v1.27.2 3.5.1
+
+To deploy Kubernetes clusters with
+Kubernetes ISOs built with a specified etcd version are necessary for creating
Kubernetes clusters with separate etcd nodes. See
:ref:`flexible-kubernetes-clusters`.
+
Working with Kubernetes supported version
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -92,6 +115,10 @@ Once the ISO has been built for a desired Kubernetes
version, it can be added by
|cks-add-version-form.png|
+.. note::
+ From 4.21.0, it is possible to deploy separate dedicated etcd nodes. This
requires
+ the Kubernetes ISO contains the etcd binaries.
+
addKubernetesSupportedVersion API can be used by an admin to add a new
supported version for the service. It takes following input parameters:
- **name** (the name of the Kubernetes supported version) · semanticversion
(the semantic version of the Kubernetes release in MAJOR.MINOR.PATCH format.
More about semantic versioning here: https://semver.org/ Required)
@@ -194,6 +221,17 @@ New Kubernetes clusters can be created using the API or
via the UI. User will be
|cks-create-cluster-form.png|
+From 4.21.0, you can select the hypervisor type for Kubernetes cluster nodes.
By default, no hypervisor is selected.
+
+From 4.21.0, users will be provided with an optional section displayed on
toggling the 'Show Advanced Settings' button. In this section, users can select
templates and service offerings for:
+- Worker nodes
+- Control nodes
+- Etcd nodes (if etcd node count >= 1; By default etcd node count is 0)
+
+For more information about the Advanced Settings see
:ref:`flexible-kubernetes-clusters`.
+
+|cks-create-cluster-additional-settings.png|
+
createKubernetesCluster API can be used to create new Kubernetes cluster. It
takes following parameters as input,
- **name** (name for the Kubernetes cluster; Required)
@@ -214,6 +252,14 @@ createKubernetesCluster API can be used to create new
Kubernetes cluster. It tak
- **dockerregistryusername** (username for the docker image private registry;
Experimental)
- **dockerregistrypassword** (password for the docker image private registry;
Experimental)
- **dockerregistryurl** (URL for the docker image private registry;
Experimental)
+- **dockerregistryemail** (email of the docker image private registry user;
Experimental)
+- **hypervisor** (an optional parameter to specify the hypervisor on which the
Kubernetes cluster will be deployed)
+- **nodeofferings** (an optional map parameter to set the service offerings
for worker, control or etcd nodes. If this parameter is not set, then every VM
in the cluster will be deployed using the default service offering set on the
serviceofferingid parameter)
+- **etcdnodes** (An optional integer parameter that specifies the number of
etcd nodes in the cluster. The default value is 0. If set to a value greater
than 0, dedicated etcd nodes are created separately from the master nodes.)
+- **nodetemplates**: (an optional map parameter to set the template to be used
by worker, control or etcd nodes. If not set, then every VM in the cluster will
be deployed using the System VM template)
+- **asnumber** (an optional parameter to set the AS Number of the Kubernetes
cluster network)
+- **cniconfigurationid** (an optional parameter to set the UUID of a
registered CNI configuration)
+- **cniconfigdetails** (an optional parameter to specify the parameters values
for the variables defined in the CNI configuration)
For example:
@@ -404,6 +450,266 @@ To remove an Instance from an ExternalManaged Kubernetes
cluster:
These operations are only supported for an ExternalManaged Kubernetes
Cluster
+.. _flexible-kubernetes-clusters:
+
+Flexible Kubernetes Clusters
+----------------------------
+
+From 4.21.0, many enhancements have been added to CloudStack Kubernetes
Service that allows users to:
+
+- Select the Hypervisor type for the Kubernetes Cluster nodes
+- Specify different templates and/or service offerings for different types of
Kubernetes Clusters nodes
+- Use CKS-ready custom templates for Kubernetes cluster nodes marked as 'For
CKS'
+- Separate etcd nodes from control nodes of the Kubernetes clusters
+- Add and remove a pre-created instance as a worker node to an existing
Kubernetes cluster
+- Mark Kubernetes cluster nodes for manual-only upgrade
+- Dedicate specific hosts/clusters to a specific domain for CKS cluster
deployment
+- Use diverse CNI plugins (Calico, Cilium, etc)
+
+Build a custom template to use for Kubernetes clusters nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+CloudStack provides a custom CKS-ready template based on Ubuntu 22.04 to be
used for Kubernetes clusters nodes:
https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/.
+
+This template contains all the required packages to be used as a Kubernetes
cluster node. The default login credentials are: cloud:cloud.
+
+A user may decide not to use the provided CKS-ready template and build their
own template. The following needs to be made sure is present on the template:
+
+- The following packages or the equivalent ones for the specific OS need to be
installed:
+
+ .. code-block:: bash
+
+ cloud-init cloud-guest-utils conntrack apt-transport-https
ca-certificates curl gnupg gnupg-agent software-properties-common gnupg
lsb-release python3-json-pointer python3-jsonschema containerd.io
+
+- A user named `cloud` needs to be created and added to the sudoers list:
+
+ .. code-block:: bash
+
+ sudo useradd -m -s /bin/bash cloud
+ echo "cloud:<password>" | sudo chpasswd
+
+ # Edit /etc/sudoers file with:
+ cloud ALL=(ALL) NOPASSWD:ALL
+
+- Create the necessary directory /opt/bin:
+
+ .. code-block:: bash
+
+ sudo mkdir -p /opt/bin
+
+- Once the VM is deployed, place the Management Server’s SSH Public key at the
cloud user’s authorized_keys file at ~/.ssh/authorized_keys
+
+
+Registering a custom template for Kubernetes cluster nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, the Kubernetes clusters nodes are deployed from the System VM
template. On the Advanced Settings for Kubernetes clusters creation, CloudStack
allows selecting templates for different types of nodes.
+
+To register a template that will be listed as an option for Kubernetes cluster
nodes:
+
+- Set URL to the provided CKS-ready template at:
https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/ or a
custom template built from the section above.
+
+- Set the template specific values as usual for template registration.
+
+- Mark the option 'For CKS'. This ensures the template is considered as an
option for Kubernetes cluster nodes on the Advanced Settings section for
clusters creation.
+
+|cks-custom-template-registration.png|
+
+Separate etcd nodes from control nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, a CKS cluster has 0 dedicated etcd nodes, and the etcd service
runs on the control nodes. If etcd node count is set to a value greater than or
equal to 1 during cluster creation, CloudStack will provision separate nodes
exclusively for the etcd service, isolating them from the control nodes with
the desired template and service offering if specified.
+
+To use separate etcd nodes, it is required to build and register a CKS ISO
version containing the etcd binaries as explained in:
:ref:`kubernetes-supported-versions`
+
+For convenience, some CKS ISOs are uploaded to:
https://download.cloudstack.org/testing/cks/custom_templates/iso-etcd/
+
+Add an external VM Instance as a worker node to a Kubernetes cluster
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Requirements for a VM Instance to be added as worker node to a Kubernetes
cluster:
+
+- At least 8GB ROOT disk size, 2 CPU cores and 2GB RAM
+
+- The VM Instance must have a NIC on the Kubernetes cluster network
+
+- **The Management Server’s SSH Public key must be added at the cloud user’s
authorized_keys file at `~/.ssh/authorized_keys`**.
+
+The VM Instances meeting the requirements above can be added to the Kubernetes
cluster by the `addNodesToKubernetesCluster` API specifying:
+
+- **id** (UUID of the Kubernetes cluster. Required)
+- **nodeids** (comma separated list of (external) node (physical or virtual
machines) IDs that need to be added as worker nodes to an existing managed
Kubernetes cluster (CKS). Required)
+- **mountcksisoonvr** (optional parameter for Vmware only, uses the CKS
cluster network VR to mount the CKS ISO)
+- **manualupgrade** (optional parameter that indicates if the node is marked
for manual upgrade and excluded from the Kubernetes cluster upgrade operation)
+
+.. note::
+ Users will have the ability to add nodes to the Kubernetes cluster and mark
them for manual upgrade. Once the nodes are marked for manual upgrade, the
future cluster upgrade operations will exclude these nodes i.e., the Kubernetes
version won't be upgraded.
+
+The following course of actions are taken:
+
+- Validation: The external node(s) are validated to ensure that all the
above-mentioned prerequisites are present
+
+- Addition of port-forwarding rules and firewall rules (for isolated networks)
+
+- VM is rebooted with the Kubernetes configuration passed as user data
+
+- The ISO is attached either to the node or to the VR based on the value of
`mountcksisoonvr` that is passed as a parameter to the
addNodesToKubernetesCluster API (Vmware only).
+
+- The cluster enters Importing state until all the nodes are successfully
added, and the number of Ready nodes is equal to the expected number of nodes
to be added.
+
+- The process timeout is set by the setting:
`cloud.kubernetes.cluster.add.node.timeout`.
+
+Removing an external worker node from a Kubernetes cluster
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+External worker nodes can be removed from a Kubernetes cluster by the
`removeNodesFromKubernetesCluster` API specifying:
+
+- **id** (UUID of the Kubernetes cluster. Required)
+- **nodeids** (comma separated list of (external) node (physical or virtual
machines) IDs that need to be removed from an existing managed Kubernetes
cluster (CKS). Required)
+
+When node(s) are being removed from a Kubernetes cluster, the following
happens:
+
+- On the control node, drain the specific node before it can be removed
+
+- Reset the corresponding worker node
+
+- Delete the worker node from the cluster on the control node
+
+- Remove the port-forwarding and firewall rules (for isolated networks) for
the nodes being removed
+
+- The cluster enters RemovingNodes state until all the nodes are successfully
removed, and the number of Ready nodes is equal to the expected number of nodes
+
+- The process timeout is set by the setting:
`cloud.kubernetes.cluster.remove.node.timeout`.
+
+Dedicate specific hosts/clusters to a specific domain for CKS cluster
deployment
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Administrators are able to dedicate hosts to a domain or account. CloudStack
will take the host dedication into consideration when deploying Kubernetes
clusters.
+
+- When there are no hosts dedicated to the domain/account the user belongs,
then the nodes will be deployed on any host.
+
+- When there are hosts dedicated to the domain/account the user belongs, then
the nodes will be deployed on the dedicated hosts.
+
+ .. note::
+ By design the hosts dedication does not consider the deployment of
system VMs on the dedicated hosts (SSVM, CPVM and Virtual Routers). In case the
Kubernetes cluster is created on an unimplemented network then the Virtual
Router of the network will not be deployed on the dedicated hosts.
+
+Use diverse CNI plugins (Calico, Cilium, etc)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A CNI framework has also been added which provides end users the flexibility
to use the CNI plugin of their choice. The CNI framework internally leverages
the managed User data feature provided by CloudStack.
+
+Sample Calico CNI configuration data used which is appended to the existing
Kubernetes control node user data is:
+
+.. code-block:: bash
+
+ #cloud-config
+ - for i in {1..3}; do curl
https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml
-o /home/cloud/calico.yaml && break || sleep 5; done
+ - until [ -f /home/cloud/success ]; do sleep 5; done
+ - echo "Kubectl apply file"
+ - for i in {1..3}; do sudo /opt/bin/kubectl create -f
/home/cloud/calico.yaml && break || sleep 5; done
+ - export PATH=$PATH:/home/cloud
+ - |
+ cat << 'EOF' > /home/cloud/create-configs.sh
+ #!/bin/bash
+ cat << 'EOL' > /home/cloud/bgp-config.yaml
+ apiVersion: crd.projectcalico.org/v1
+ kind: BGPConfiguration
+ metadata:
+ name: default
+ spec:
+ logSeverityScreen: Debug
+ asNumber: {{ AS_NUMBER }}
+ EOL
+ cat << 'EOL' > /home/cloud/bgp-peer.yaml
+ apiVersion: crd.projectcalico.org/v1
+ kind: BGPPeer
+ metadata:
+ name: bgp-peer-example
+ spec:
+ peerIP: {{ ds.meta_data.peer_ip_address }}
+ asNumber: {{ ds.meta_data.peer_as_number }}
+ EOL
+ EOF
+ - chmod +x /home/cloud/create-configs.sh
+ - /home/cloud/create-configs.sh
+ - for i in {1..3}; do sudo /opt/bin/kubectl apply -f
/home/cloud/bgp-config.yaml && break || sleep 5; done
+ - for i in {1..3}; do sudo /opt/bin/kubectl apply -f
/home/cloud/bgp-peer.yaml && break || sleep 5; done
+
+
+The CNI Configuration creation allows specifying the parameters to be set as a
comma separated list:
+
+|cks-cni-configuration-registration-sample.png|
+
+After a CNI Configuration is created, it can be appended to Kubernetes cluster
nodes as part of 'Advanced Settings':
+
+|cks-cni-configuration-cluster-creation.png|
+
+For verification of the applied CNI Configuration, the following commands can
be used:
+
+.. code-block:: bash
+
+ root@cksclusteradditon-control-190ca0ce253:~# kubectl get pods -A
+
+ NAMESPACE NAME
READY STATUS RESTARTS AGE
+
+ kube-system calico-kube-controllers-8d76c5f9b-pkhcv
1/1 Running 6 (44m ago) 2d21h
+
+ kube-system calico-node-n4msg
1/1 Running 0 2d21h
+
+ kube-system calico-node-pdz2w
1/1 Running 0 2d18h
+
+ kube-system calico-node-slmg2
1/1 Running 0 2d21h
+
+
+
+ root@cksclusteradditon-control-190ca0ce253:~# kubectl get bgppeer
+
+ NAME AGE
+
+ bgp-peer-1 2d22h
+
+
+
+ root@cksclusteradditon-control-190ca0ce253:~# kubectl get bgpconfiguration
+
+ NAME AGE
+
+ default 2d22h
+
+
+ root@cksclusteradditon-control-190ca0ce253:~# kubectl describe
bgpconfiguration
+
+ Name: default
+
+ Namespace:
+
+ Labels: <none>
+
+ Annotations: <none>
+
+ API Version: crd.projectcalico.org/v1
+
+ Kind: BGPConfiguration
+
+ Metadata:
+
+ Creation Timestamp: 2024-07-19T08:25:14Z
+
+ Generation: 1
+
+ Resource Version: 580
+
+ UID: 2b927b4e-82d3-4200-a3c1-9bf0cd5f5824
+
+ Spec:
+
+ As Number: 65145
+
+ Log Severity Screen: Debug
+
+ Events: <none>
+
+
.. |cks-add-version-form.png| image:: /_static/images/cks-add-version-form.png
:alt: Add Kubernetes Supported Version form.
.. |cks-cluster-access-tab.png| image::
/_static/images/cks-cluster-access-tab.png
@@ -416,6 +722,8 @@ To remove an Instance from an ExternalManaged Kubernetes
cluster:
:alt: Kubernetes clusters list.
.. |cks-create-cluster-form.png| image::
/_static/images/cks-create-cluster-form.png
:alt: Create Kubernetes Cluster form.
+.. |cks-create-cluster-additional-settings.png| image::
/_static/images/cks-create-cluster-additional-settings.png
+ :alt: Create Kubernetes Cluster form with Advanced Settings.
.. |cks-delete-action.png| image:: /_static/images/cks-delete-action.png
:alt: Delete action icon.
.. |cks-kube-config-action.png| image::
/_static/images/cks-kube-config-action.png
@@ -434,3 +742,9 @@ To remove an Instance from an ExternalManaged Kubernetes
cluster:
:alt: Upgrade Kubernetes Cluster form.
.. |cks-versions.png| image:: /_static/images/cks-versions.png
:alt: Supported Kubernetes versions list.
+.. |cks-custom-template-registration.png| image::
/_static/images/cks-custom-template-registration.png
+ :alt: Custom Template Registration for Kubernetes cluster nodes.
+.. |cks-cni-configuration-cluster-creation.png| image::
/_static/images/cks-cni-configuration-cluster-creation.png
+ :alt: Kubernetes cluster creation setting a CNI configuration.
+.. |cks-cni-configuration-registration-sample.png| image::
/_static/images/cks-cni-configuration-registration-sample.png
+ :alt: CNI Configuration registration sample.
