Versions Compared

Old Version 12

changes.mady.by.user Kuralamudhan Ramakrishnan

Saved on

compared with

New Version 13

changes.mady.by.user Kuralamudhan Ramakrishnan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Pre-installation Requirements

There are two main components in ICN Infra local controller - Local controller and Compute K8s cluster

Local controller:

Local controller will reside in the jump server to run the Metal3 operator, Binary provisioning agent operator and Binary provisioning agent restapi controller.

Compute k8s cluster:

Compute K8s cluster will actually run the workloads

Hardware Requirements

Minimum Hardware Requirement:


Jump server Hardware Requirements

...

    ICN R2 release support Ubuntu 18.04 - ICN BP install all required software during "make install"

Compute k8s cluster:

Compute server Hardware Requirements:

...

Please sure you have 3 distinguished networks net A, Net B and Net C as mentioned in figure 1. Local controller uses the Net B and Net C to provision the Baremetal servers to do the OS provisioning.

Installation

...

Overview

Installation is two-step process and everything starts with one command "make install"

  • Installation of the local controller in the edge location
  • Installation of Compute cluster to run the workload invoked by the local controller in the edge location

Baremetal Deployment Guide

Preconfiguration for the local controller.

...

Code Block
languagejs
titleuser_config.sh
linenumberstrue
#!/bin/bash

#Local controller - Bootstrap cluster DHCP connection
#BS_DHCP_INTERFACE defines the interfaces, to which ICN DHCP deployment will bind
#e.g. BS_DHCP_INTERFACE=${BS_DHCP_INTERFACE:-"ens513f0"}
BS_DHCP_INTERFACE=${BS_DHCP_INTERFACE:-}

#BS_DHCP_INTERFACE_IP defines the IPAM for the ICN DHCP to be managed.
#e.g. BS_DHCP_INTERFACE_IP=${BS_DHCP_INTERFACE_IP:-"172.31.1.1/24"}
BS_DHCP_INTERFACE_IP=${BS_DHCP_INTERFACE_IP:-}

#Ironic Metal3 settings for provisioning network
#Interface to which Ironic provision network to be connected
#e.g. IRONIC_INTERFACE=${IRONIC_INTERFACE:-"enp4s0f1"}
IRONIC_INTERFACE=${IRONIC_INTERFACE:-}

#Ironic Metal3 setting for IPMI LAN Network
#Interface to which Ironic IPMI LAN should bind
#e.g. IRONIC_IPMI_INTERFACE=${IRONIC_IPMI_INTERFACE:-"enp4s0f0"}
IRONIC_IPMI_INTERFACE=${IRONIC_IPMI_INTERFACE:-}

#Interface IP for the IPMI LAN, ICN verfiy the LAN Connection
#e.g. IRONIC_IPMI_INTERFACE_IP=${IRONIC_IPMI_INTERFACE_IP:-"10.10.110.20"}
IRONIC_IPMI_INTERFACE_IP=${IRONIC_IPMI_INTERFACE_IP:-}

Kubernetes Dashboard

Kubernetes Dashboard runs on the Local Controller. It is accessed via a web browser. kubectl proxy should be running. The Dashboard is brought up by with the dashboard-deployment yaml file. This file must refer to the images in the local Docker repository (see "spec: container: image:"). There should also be a K8S service account created for an admin-user. The token for Dashboard login is created from the admin-user secrets.

To re-create a token for Dashboard authentication:

Authentication/authorization is provided through the admin-user ServiceAccount permissions, which has a ClusterRoleBinding to cluster-admin. The token can be extracted from the admin-user secret with the kubectl command, i.e., find the admin-user secret and describe it:

    kubectl describe secret -n kube-system $(kubectl get secrets -n kube-system | grep admin-user | cut -d " " -f1)

Then copy the string following "token: " into the login input on the Dashboard.

Logging in to Dashboard: 

Copy the token from the Dashboard directory into the logon screen to log in. Once logged in, all resources can be viewed by clicking on the links on the left-hand panel.

In order to create resources, for example, click the '+' in the top panel, select 'create from file', and navigate to the location of the yaml of the resource to create. BareMetalHosts can be provisioned in this way.

...

:

...

If accessing the Dashboard from a location other than the Local Controller, the pkcs12 certificate must be imported into the browser. The Dashboard is accessed via the following URL (note–if the namespace or name of the dashboard is changed, the URL must match):

https://<controller IP>:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

To re-create a certificate for browser remote access:

The pkcs12 certificate is created from the certificate and key data in the kubeadm config file on the Local Controller (/root/.kube/config). To create a certificate, run:

...

-

...

}

...

    openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

The kubecfg.p12 file is then imported into the browser on the remote machine.

Local Access:

On the Local Controller, the Dashboard is available at localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

...