⚠️ This is depreciated. the project url now is: /~https://github.com/ethz-hpc/k8s-OpenNebula
and is not only control plane, we are running everithing on pods! even the node's libvirt
To install the chart with the release name my-release
:
# Not ready in stable/helm $ helm install stable/opennebula --name my-release
$ helm install ./ --name my-release
Or you can run it with helmfile :
$ helmfile sync
The command deploys envoy on the Kubernetes cluster with the default configuration. The configuration section lists the parameters that can be configured during installation.
To uninstall/delete the my-release
deployment:
$ helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.
All user-configurable settings, default values and some commentary about them can be found in values.yaml.
This chart will create 2 secrets if you enable this on the values file. This secrets are not being tracked by helm, so if you want to reinstall the chart you will need to delete them, see the [garbage collector](#garbage collector) topic above.
https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys
This can be done by:
- enabling auto_ssh in values.yaml
- running ./createSshkeys.ch
- running this:
kubectl create namespace opennebula
mkdir opennebula-ssh-keys
ssh-keygen -f opennebula-ssh-keys/id_rsa -C oneadmin -P ''
cat opennebula-ssh-keys/id_rsa.pub > opennebula-ssh-keys/authorized_keys
cat > opennebula-ssh-keys/config <<EOT
Host *
LogLevel ERROR
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
GSSAPIAuthentication no
User oneadmin
EOT
kubectl create secret generic -n opennebula opennebula-ssh-keys --from-file=opennebula-ssh-keys
The serveradmin
user is a special username only used for sunstone and other services. It's not for final users.
This username is created on bootstrap by onedeamon and its not possible at the moment to pre mount a secret.
Enable auto_serveradmin_secret
in values file to make this chart automate the creation of the secret for serveradmin
from the onedeamon's /var/lib/one/.one/sunstone_auth
To restart sunstone after creating the secret: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#delete-58 https://docs.openshift.com/container-platform/3.7/rest_api/api/v1.Pod.html#curl-request-11
as this chart is creating some resources automatically, helm is not tracking them. we are talking about:
- opennebula-ssh-keys (secret)
- opennebula-server (secret)
- opennebula-api (role)
For delete evertihing related with opennebula helm deploy please delete it manually, or if you installed it in opennebula namespace (default in helmfile) you can use the secript ./deleteall.sh
1 - Edit dockerfiles/makedocker.sh export the commit ref name and the user to tag the image. 2 - run ./makedockler.sh
- Minikikube have some problems exposing TCP with services. It may not work on minikube if you access the ui using proxy port. Sunstone prints bad password in the UI and 401 status is returned in the logfiles with debug_level = 3 It may be related with kubernetes/minikube#2840
- ./delete as preuninstall hook. (pre-delete issue helm/helm#6149 )
- randpassword for oneadmin
- rndpassword for mysql (include in configmap?) - maybenot.
- HA onedeamon. http://docs.opennebula.org/5.8/advanced_components/ha/frontend_ha_setup.html#opennebula-ha-setup
It is loosely based upon the work of @kvaps and has borrowed some wisdom from other similar projects e.g. consul-chart (pr for tls certificates).