From 938b3f99299fa9285a9531439433f988b1089622 Mon Sep 17 00:00:00 2001 From: hwchen Date: Fri, 12 Feb 2021 08:33:06 -0800 Subject: [PATCH] Deploy mizar as standalone plugin to Kubernetes cluster where there is no kube-proxy (#434) * operator deployed using k8s api server data * corrected mizar plugin yaml file names * added instruction of mizar cni plugin installation --- docs/user/getting_started.md | 18 + ...oy.mizar.components.direct-api-access.yaml | 502 ++++++++++++++++++ ...nens.yaml => deploy.mizar.components.yaml} | 0 3 files changed, 520 insertions(+) create mode 100644 etc/deploy/deploy.mizar.components.direct-api-access.yaml rename etc/deploy/{deploy.mizar.componens.yaml => deploy.mizar.components.yaml} (100%) diff --git a/docs/user/getting_started.md b/docs/user/getting_started.md index 73ae74b9..c5d12077 100644 --- a/docs/user/getting_started.md +++ b/docs/user/getting_started.md @@ -80,6 +80,24 @@ This script does the following: * Deploy the Mizar Daemon * Install the Mizar CNI Plugin +### Install Mizar as Kubernetes CNI plugin +Mizar can be installed as network plugin to any Kubernetes cluster. Below has been verified to work for Ubuntu 20.04.1 LTS (on AWS EC2 VM). + +If a Kuberneetes cluster has kube-proxy daemonSet running, the simple one line would have Mizar installed: +```bash +kubectl apply -f https://raw.githubusercontent.com/CentaurusInfra/mizar/dev-next/etc/deploy/deploy.mizar.components.yaml +``` + +If the cluster has no kube-proxy (e.g. cluster being started using kubeadm init --skip-phases=addon/kube-proxy), you need to run below first: +```bash +kubectl create configmap mizar-k8s-config --from-literal=k8sapihost="" --from-literal=k8sapiport="" +``` +where the kube-api-server-ip and kube-api-server-port can be identified by ```kubectl get endpoint kubernetes```, +then run following command to have Mizar plugin installed +```bash +kubectl apply -f https://raw.githubusercontent.com/CentaurusInfra/mizar/dev-next/etc/deploy/deploy.mizar.components.direct-api-access.yaml +``` + ### Linux Kernel Update For TCP to function properly, you will need to update your Kernel version to at least 5.6-rc2 on every node. A script, ```kernel_update.sh``` is provided in the Mizar repo to download and update your machine's kernel if you do not wish to build the kernel source code yourself. diff --git a/etc/deploy/deploy.mizar.components.direct-api-access.yaml b/etc/deploy/deploy.mizar.components.direct-api-access.yaml new file mode 100644 index 00000000..ebcc5dcc --- /dev/null +++ b/etc/deploy/deploy.mizar.components.direct-api-access.yaml @@ -0,0 +1,502 @@ +--- +# mizar CRD bouncers.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bouncers.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Bouncer + plural: bouncers + singular: bouncer + shortNames: + - bncr + - bncrs + additionalPrinterColumns: + - name: vpc + type: string + priority: 0 + JSONPath: .spec.vpc + description: The VPC of the divider + - name: net + type: string + priority: 0 + JSONPath: .spec.net + description: The Network of the bouncer + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the droplet + - name: Mac + type: string + priority: 0 + JSONPath: .spec.mac + description: The mac address of the divider's droplet + - name: Droplet + type: string + priority: 0 + JSONPath: .spec.droplet + description: The name of the droplet resource + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Status of the divider + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation +--- +# mizar CRD dividers.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: dividers.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Divider + plural: dividers + singular: divider + shortNames: + - divd + - divds + additionalPrinterColumns: + - name: vpc + type: string + priority: 0 + JSONPath: .spec.vpc + description: The VPC of the divider + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the divider's droplet + - name: Mac + type: string + priority: 0 + JSONPath: .spec.mac + description: The mac address of the divider's droplet + - name: Droplet + type: string + priority: 0 + JSONPath: .spec.droplet + description: The name of the droplet resource + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Status of the divider + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation +--- +# mizar CRD droplets.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: droplets.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Droplet + plural: droplets + singular: droplet + shortNames: + - drp + - drps + additionalPrinterColumns: + - name: Mac + type: string + priority: 0 + JSONPath: .spec.mac + description: The mac address of the endpoint + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the endpoint + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Status of the droplet + - name: Interface + type: string + priority: 0 + JSONPath: .spec.itf + description: The main interface of the droplet + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation +--- +# mizar CRD endpoints.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: endpoints.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Endpoint + plural: endpoints + singular: endpoint + shortNames: + - ep + - eps + additionalPrinterColumns: + - name: Type + type: string + priority: 0 + JSONPath: .spec.type + description: The type of the endpoint + - name: Mac + type: string + priority: 0 + JSONPath: .spec.mac + description: The mac address of the endpoint + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the endpoint + - name: Gw + type: string + priority: 0 + JSONPath: .spec.gw + description: The GW of the endpoint + - name: Prefix + type: string + priority: 0 + JSONPath: .spec.prefix + description: The network prefix of the endpoint + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Provisioning Status of the endpoint + - name: Network + type: string + priority: 0 + JSONPath: .spec.net + description: The network of the endpoint + - name: Vpc + type: string + priority: 0 + JSONPath: .spec.vpc + description: The vpc of the endpoint + - name: Vni + type: string + priority: 0 + JSONPath: .spec.vni + description: The VNI of the VPC + - name: Droplet + type: string + priority: 0 + JSONPath: .spec.droplet + description: The droplet hosting the endpoint + - name: Interface + type: string + priority: 0 + JSONPath: .spec.itf + description: The interface name of the endpoint + - name: Veth + type: string + priority: 0 + JSONPath: .spec.veth + description: The veth peer interface name of the endpoint + - name: Netns + type: string + priority: 0 + JSONPath: .spec.netns + description: The netns of the endpoint + - name: HostIp + type: string + priority: 0 + JSONPath: .spec.hostip + description: The Host IP of the endpoint + - name: HostMac + type: string + priority: 0 + JSONPath: .spec.hostmac + description: The Host MAC of the endpoint + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation + - name: CniDelay + type: string + priority: 0 + JSONPath: .spec.cnidelay + description: Time to setup endpoint on droplet + - name: Pod + type: string + priority: 0 + JSONPath: .spec.pod + description: The pod associated with the endpoint +--- +# mizar CRD subnets.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: subnets.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Subnet + plural: subnets + singular: subnet + shortNames: + - subnet + - subnets + additionalPrinterColumns: + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the NET CIDR block + - name: Prefix + type: string + priority: 0 + JSONPath: .spec.prefix + description: The prefix of the NET CIDR block + - name: Vni + type: string + priority: 0 + JSONPath: .spec.vni + description: The VNI of the VPC + - name: Vpc + type: string + priority: 0 + JSONPath: .spec.vpc + description: The name of the VPC + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Provisioning Status of the net + - name: Bouncers + type: integer + priority: 0 + JSONPath: .spec.bouncers + description: The number of bouncers of the Net + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation +--- +# mizar CRD vpcs.mizar.com +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: vpcs.mizar.com +spec: + scope: Namespaced + group: mizar.com + versions: + - name: v1 + served: true + storage: true + names: + kind: Vpc + plural: vpcs + singular: vpc + shortNames: + - vpc + - vpcs + additionalPrinterColumns: + - name: Ip + type: string + priority: 0 + JSONPath: .spec.ip + description: The IP of the VPC CIDR block + - name: Prefix + type: string + priority: 0 + JSONPath: .spec.prefix + description: The prefix of the VPC CIDR block + - name: Vni + type: string + priority: 0 + JSONPath: .spec.vni + description: The VNI of the VPC + - name: Dividers + type: integer + priority: 0 + JSONPath: .spec.dividers + description: The number of dividers of the VPC + - name: Status + type: string + priority: 0 + JSONPath: .spec.status + description: The Current Provisioning Status of the net + - name: CreateTime + type: string + priority: 0 + JSONPath: .spec.createtime + description: Time the object is created + - name: ProvisionDelay + type: string + priority: 0 + JSONPath: .spec.provisiondelay + description: Time to provision an object from creation +--- +# mizar service account +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mizar-operator +--- +# mizar cluster role binding +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: mizar-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: mizar-operator + namespace: default +--- +# mizar daemon set of node agents +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: mizar-daemon + namespace: default +spec: + selector: + matchLabels: + job: mizar-daemon + template: + metadata: + labels: + job: mizar-daemon + spec: + tolerations: + # The daemon shall run on the master node + - effect: NoSchedule + operator: Exists + serviceAccountName: mizar-operator + terminationGracePeriodSeconds: 0 + hostNetwork: true + hostPID: true + initContainers: + - name: mizar-cni + image: mizarnet/mizarcni:0.7 + volumeMounts: + - name: var + mountPath: /install/var + securityContext: + privileged: true + containers: + - image: mizarnet/dropletd:0.7 + name: mizar-daemon + securityContext: + privileged: true + volumes: + - name: var + hostPath: + path: /var +--- +# mizar deployment of operator +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mizar-operator +spec: + replicas: 1 + selector: + matchLabels: + app: mizar-operator + template: + metadata: + labels: + app: mizar-operator + mizar: operator + spec: + tolerations: + - effect: NoSchedule + operator: Exists + serviceAccountName: mizar-operator + terminationGracePeriodSeconds: 0 + hostNetwork: true + containers: + - image: mizarnet/endpointopr:0.7 + name: mizar-operator + securityContext: + privileged: true + env: + - name: KUBERNETES_SERVICE_HOST + valueFrom: + configMapKeyRef: + name: mizar-k8s-config + key: k8sapihost + - name: KUBERNETES_SERVICE_PORT + valueFrom: + configMapKeyRef: + name: mizar-k8s-config + key: k8sapiport + diff --git a/etc/deploy/deploy.mizar.componens.yaml b/etc/deploy/deploy.mizar.components.yaml similarity index 100% rename from etc/deploy/deploy.mizar.componens.yaml rename to etc/deploy/deploy.mizar.components.yaml