...
Airship too uses the approach of openstack on Kubernetes (OOK). For deployment/configuration of services/applications/pods (in this case Openstack, monitoring, etc.) on Kubernetes, users have two options (a) Kolla-Kubernetes (b) Openstack Helm. Both the options uses helm for packaging the Kubernetes definitions for each service. However, openstack helm uses helm charts, whereas kolla-kubernetes uses uses ansible for deployment/orchestration. Airship uses the former option - helm charts. Accordingly, under software, user configurations will fall under two important categories - Charts and Configurations.
Charts
Kubernetes
For Kubernetes system (Namespace: kube-system), user just has to do some substitutions for the control nodes. In this definition, list of control plane nodes (i.e. genesis node + master node list) on which calico etcd will run and will need certs is created. It is assumed that Airship sites will have 3 control plane nodes, so this should not need to change for a new site. User only has to perform some substitutions..
First he has to create a mapping: The mapping would be:
Source (as mentioned in commonaddress.yaml) | Destination |
---|---|
.genesis.hostname | .values.nodes[0].name |
.masters[0].hostname | .values.nodes[1].name |
.masters[1].hostname | .values.nodes[2].name |
Source | Destination |
---|---|
certificate of calico-etcd-<podname>-node1 | .values.nodes[0].tls.client.cert |
certificate-key calico-etcd-<podname>-node1 | .values.nodes[0].tls.client.key |
certificate of calico-etcd-<podname>-node1-peer | .values.nodes[0].tls.peer.cert |
certificate-key of calico-etcd-<podname>-node1-peer | .values.nodes[0].tls.peer.key |
certificate of calico-etcd-<podname>-node2 | .values.nodes[1].tls.client.cert |
certificate-key calico-etcd-<podname>-node2 | .values.nodes[1].tls.client.key |
certificate of calico-etcd-<podname>-node2-peer | .values.nodes[1].tls.peer.cert |
certificate-key of calico-etcd-<podname>-node2-peer | .values.nodes[1].tls.peer.key |
certificate of calico-etcd-<podname>-node3 | .values.nodes[2].tls.client.cert |
certificate-key calico-etcd-<podname>-node3 | .values.nodes[2].tls.client.key |
certificate of calico-etcd-<podname>-node3-peer | .values.nodes[2].tls.peer.cert |
certificate-key of calico-etcd-<podname>-node3-peer | .values.nodes[2].tls.peer.key |
Undercloud Platform
Ceph
Openstack helm Infra
...
Under this configuration, user can only set the region name for openstack helm.
Parameter | sub-category | Description | Example-Value |
---|---|---|---|
osh | |||
region_name | The region name to use. Typically Site name is provided. | intel-pod10 |
PKI-Catalog
Parameter | sub-category-1 | sub-category-2 | Description | Example Value |
certificate_authorities | ||||
description | ||||
certificates | ||||
document_name | ||||
description | ||||
common_name | ||||
hosts | ||||
groups | ||||
keypairs | ||||
name | ||||
description |
...