...
Airship too uses the approach of openstack on Kubernetes (OOK). For deployment/configuration of services/applications/pods (in this case Openstack, monitoring, etc.) on Kubernetes, users have two options (a) Kolla-Kubernetes (b) Openstack Helm. Both the options uses helm for packaging the Kubernetes definitions for each service. However, openstack helm uses helm charts, whereas kolla-kubernetes uses uses ansible for deployment/orchestration. Airship uses the former option - helm charts. Accordingly, under software, user configurations will fall under two important categories - Charts and Configurations.
Charts
Kubernetes
For Kubernetes system (Namespace: kube-system), user just has to do some substitutions for the control nodes. In this definition, list of control plane nodes (i.e. genesis node + master node list) on which calico etcd will run and will need certs is created. It is assumed that Airship sites will have 3 control plane nodes, so this should not need to change for a new site. User only has to perform some substitutions..
First he has to create a mapping: The mapping would be:
Source (as mentioned in commonaddress.yaml) | Destination |
|---|---|
| .genesis.hostname | .values.nodes[0].name |
| .masters[0].hostname | .values.nodes[1].name |
| .masters[1].hostname | .values.nodes[2].name |
Source | Destination |
|---|---|
| certificate of calico-etcd-<podname>-node1 | .values.nodes[0].tls.client.cert |
| certificate-key calico-etcd-<podname>-node1 | .values.nodes[0].tls.client.key |
| certificate of calico-etcd-<podname>-node1-peer | .values.nodes[0].tls.peer.cert |
| certificate-key of calico-etcd-<podname>-node1-peer | .values.nodes[0].tls.peer.key |
| certificate of calico-etcd-<podname>-node2 | .values.nodes[1].tls.client.cert |
| certificate-key calico-etcd-<podname>-node2 | .values.nodes[1].tls.client.key |
| certificate of calico-etcd-<podname>-node2-peer | .values.nodes[1].tls.peer.cert |
| certificate-key of calico-etcd-<podname>-node2-peer | .values.nodes[1].tls.peer.key |
| certificate of calico-etcd-<podname>-node3 | .values.nodes[2].tls.client.cert |
| certificate-key calico-etcd-<podname>-node3 | .values.nodes[2].tls.client.key |
| certificate of calico-etcd-<podname>-node3-peer | .values.nodes[2].tls.peer.cert |
| certificate-key of calico-etcd-<podname>-node3-peer | .values.nodes[2].tls.peer.key |
Undercloud Platform
Ceph
Openstack helm Infra
...
Under this configuration, user can only set the region name for openstack helm.
| Parameter | sub-category | Description | Example-Value |
|---|---|---|---|
| osh | |||
| region_name | The region name to use. Typically Site name is provided. | intel-pod10 |
PKI-Catalog
| Parameter | sub-category-1 | sub-category-2 | Description | Example Value |
| certificate_authorities | ||||
| description | ||||
| certificates | ||||
| document_name | ||||
| description | ||||
| common_name | ||||
| hosts | ||||
| groups | ||||
| keypairs | ||||
| name | ||||
| description |
...