Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[jjo] add DIND support to contrib/ #3468

Merged
merged 17 commits into from
Oct 15, 2018
Merged

[jjo] add DIND support to contrib/ #3468

merged 17 commits into from
Oct 15, 2018

Conversation

jjo
Copy link
Contributor

@jjo jjo commented Oct 7, 2018
edited
Loading

  • add contrib/dind with ansible playbook to create "node" containers,
    and setup them to mimic host nodes as much as possible see
    contrib/dind/README.md

  • supported node_distro's (docker images): debian, ubuntu, centos, fedora

  • kubespray core changes: nodes' /etc/hosts editing via blockinfile
    and lineinfile need unsafe_writes: yes because /etc/hosts
    is bind-mounted by docker, thus can't be handled atomically via
    copy + modify + rename

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Oct 7, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: ant31

If they are not already assigned, you can assign the PR to them by writing /assign @ant31 in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 7, 2018
@jjo jjo force-pushed the jjo-add-contrib-dind branch 2 times, most recently from af5ee24 to bd6942e Compare October 7, 2018 23:52
@ant31
Copy link
Contributor

ant31 commented Oct 8, 2018

That's awesome, Thank you !

How complex would be to do the same but on an existing kubernetes cluster instead of using docker directly?

Create 'node-pod' with the kubernetes API (statefullset?), deploy on kubespray on tthose node-pod via kubernetes job?

@jjo
Copy link
Contributor Author

jjo commented Oct 8, 2018
edited
Loading

@ant31 wrote:

How complex would be to do the same but on an existing kubernetes cluster instead of using docker directly?
Create 'node-pod' with the kubernetes API (statefullset?), deploy on kubespray on tthose node-pod via kubernetes job?

KINK via kubespray ?
hm it may get constrained by some CNI×CNI and/or CRI×CRI combos,
but feasible (and freakingCool to try) anyway :) !.
Will craft something, although not in this PR as I'd prefer to keep
this one concise and focused on DIND.

@ant31
Copy link
Contributor

ant31 commented Oct 8, 2018

yes, KINK, I like the name :)
Plus, it would benefit the kube-scheduler to balanced the node-containers across the main cluster!

, although not in this PR as I'd prefer to keep
this one concise and focused on DIND.

Yes, sure

mattymo
mattymo reviewed Oct 8, 2018
View reviewed changes
contrib/dind/roles/dind-cluster/tasks/main.yaml Outdated
- rsyslog
- ssh

- name: Create ubuntu user
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this user be configurable and then default to ubuntu?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto above(ish), IMO would also require adding variables to select docker "distro"
image for container nodes -- technically easy to add, practically would need better
care on the testing side, to be able to assert this distro "generalization".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW thanks for the suggestion, will give it a try w/Debian to see how it'd look

@jjo
Copy link
Contributor Author

jjo commented Oct 8, 2018

@mattymo: added selectable node_distro (debian, ubuntu), PTAL.

ant31
ant31 reviewed Oct 9, 2018
View reviewed changes
contrib/dind/README.md Outdated
(as set in `group_vars/all/all.yaml`), and docker settings.

~~~
cat > custom.yaml << EOF
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you just commit this file and eventually comment everything ?
It's better to reduce to the strict minimum actions required

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added as contrib/dind/kubespray-dind.yaml instead (don't
want to pollute kubespray repo root with such file), also added
fedora support (tested to the extent of kubespray deployment finishing ok), PTAL,

@jjo
Copy link
Contributor Author

jjo commented Oct 10, 2018

FYI latest update has all the changes I wanted in for this PR,
including netcheck 100% passing, tested with default node_distro (debian)
and kubespray-dind.yaml settings (weave in particular).

@jjo jjo force-pushed the jjo-add-contrib-dind branch 2 times, most recently from 819578b to eeff9ca Compare October 10, 2018 11:09
@jjo
Copy link
Contributor Author

jjo commented Oct 10, 2018
edited
Loading

@ant31 passing all tests as run from run-test-distros.sh (ansible-playbooks for
docker nodes and kubespray, api, and netcheck), essentially same
README.md steps run for each distro + some checks:

test-debian.out:PASS: [2018-10-10T16:07:05+00:00] debian: dind-nodes
test-debian.out:PASS: [2018-10-10T16:25:40+00:00] debian: kubespray
test-debian.out:PASS: [2018-10-10T16:25:41+00:00] debian: kube-api
test-debian.out:PASS: [2018-10-10T16:25:44+00:00] debian: netcheck
test-debian.out:real    22m45.417s
test-ubuntu.out:PASS: [2018-10-10T16:32:51+00:00] ubuntu: dind-nodes
test-ubuntu.out:PASS: [2018-10-10T16:50:48+00:00] ubuntu: kubespray
test-ubuntu.out:PASS: [2018-10-10T16:50:48+00:00] ubuntu: kube-api
test-ubuntu.out:PASS: [2018-10-10T16:50:49+00:00] ubuntu: netcheck
test-ubuntu.out:real    22m49.893s
test-centos.out:PASS: [2018-10-10T16:55:54+00:00] centos: dind-nodes
test-centos.out:PASS: [2018-10-10T17:18:12+00:00] centos: kubespray
test-centos.out:PASS: [2018-10-10T17:18:13+00:00] centos: kube-api
test-centos.out:PASS: [2018-10-10T17:18:14+00:00] centos: netcheck
test-centos.out:real    25m16.756s
test-fedora.out:PASS: [2018-10-10T17:27:55+00:00] fedora: dind-nodes
test-fedora.out:PASS: [2018-10-10T17:49:19+00:00] fedora: kubespray
test-fedora.out:PASS: [2018-10-10T17:49:20+00:00] fedora: kube-api
test-fedora.out:PASS: [2018-10-10T17:49:38+00:00] fedora: netcheck
test-fedora.out:real    29m20.304s

@jjo
[jjo] add DIND support to contrib/
69e307d 
- add contrib/dind with ansible playbook to
  create "node" containers, and setup them to mimic
  host nodes as much as possible (using Ubuntu images),
  see contrib/dind/README.md

- nodes' /etc/hosts editing via `blockinfile` and
  `lineinfile` need `unsafe_writes: yes` because /etc/hosts
  are mounted by docker, and thus can't be handled atomically
  (modify copy + rename)
@jjo
dind-host role: set node container hostname on creation
a04c4d0
@jjo
add "Resulting deployment" section with some CLI outputs
728b509
@jjo
typo
7276242
@jjo
selectable node_distro: debian, ubuntu
9ecee7e
@jjo
some fixes for node_distro: ubuntu
aa4a557
@jjo
cpu optimization: add early pkill -STOP agetty
3426919
@jjo
typo
6b4d0a8
@jjo
add centos dind support ;)
8c7be1c
@jjo
add kubespray-dind.yaml, support fedora
7db09ea 
- add kubespray-dind.yaml (former custom.yaml at README.md)
- rework README.md as per above
- use some YAML power to share distros' commonality
- add fedora support
@jjo
create unique /etc/machine-id and other updates
635981c 
- create unique /etc/machine-id in each docker node,
  used as seed for e.g. weave mac addresses

- with above, now netchecker 100% passes WoHooOO!
  🎉 🎉 🎉

- updated README.md output from (1.12.1, verified
  netcheck)
@jjo
minor typos
48cff6a
@jjo
fix centos node creation, needs earlier udevadm removal to avoid flak…
74f4e01 
…y facts, also verified netcheck Ok \o/
@jjo
add Q&D test-distros.sh, back to manual /etc/machine-id hack
e4d9d63
@jjo
run-test-distros.sh cosmetics and minor fixes
8952261
@jjo
run-test-distros.sh: $rc fix and minor formatting changes
03b6922
@jjo
run-test-distros.sh output cosmetics
cf05ea5
@chadswen
Copy link
Member

ci check this

@ant31 ant31 merged commit 4077934 into kubernetes-sigs:master Oct 15, 2018
@ant31
Copy link
Contributor

ant31 commented Oct 15, 2018

Thanks !

I think it would worth the mention it on the repo README, probably a Contrib section with the list of thing you can find inside (azure, terraform, dind...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattymo mattymo mattymo left review comments

@ant31 ant31 ant31 left review comments

@chapsuk chapsuk Awaiting requested review from chapsuk

@mirwan mirwan Awaiting requested review from mirwan

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jjo @k8s-ci-robot @ant31 @chadswen @mattymo