sureshanaparti commented on code in PR #458:
URL:
https://github.com/apache/cloudstack-documentation/pull/458#discussion_r2137439436
##########
source/plugins/cloudstack-kubernetes-service.rst:
##########
@@ -405,6 +450,266 @@ To remove an Instance from an ExternalManaged Kubernetes
cluster:
These operations are only supported for an ExternalManaged Kubernetes
Cluster
+.. _flexible-kubernetes-clusters:
+
+Flexible Kubernetes Clusters
+----------------------------
+
+From 4.21.0, many enhancements have been added to CloudStack Kubernetes
Service that allows users to:
+
+- Select the Hypervisor type for the Kubernetes Cluster nodes
+- Specify different templates and/or service offerings for different types of
Kubernetes Clusters nodes
+- Use CKS-ready custom templates for Kubernetes cluster nodes marked as 'For
CKS'
+- Separate etcd nodes from control nodes of the Kubernetes clusters
+- Add and remove a pre-created instance as a worker node to an existing
Kubernetes cluster
+- Mark Kubernetes cluster nodes for manual-only upgrade
+- Dedicate specific hosts/clusters to a specific domain for CKS cluster
deployment
+- Use diverse CNI plugins (Calico, Cilium, etc)
+
+Build a custom template to use for Kubernetes clusters nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+CloudStack provides a custom CKS-ready template based on Ubuntu 22.04 to be
used for Kubernetes clusters nodes:
https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/.
+
+This template contains all the required packages to be used as a Kubernetes
cluster node. The default login credentials are: cloud:cloud.
+
+A user may decide not to use the provided CKS-ready template and build their
own template. The following needs to be made sure is present on the template:
+
+- The following packages or the equivalent ones for the specific OS need to be
installed:
+
+ .. code-block:: bash
+
+ cloud-init cloud-guest-utils conntrack apt-transport-https
ca-certificates curl gnupg gnupg-agent software-properties-common gnupg
lsb-release python3-json-pointer python3-jsonschema containerd.io
+
+- A user named `cloud` needs to be created and added to the sudoers list:
+
+ .. code-block:: bash
+
+ sudo useradd -m -s /bin/bash cloud
+ echo "cloud:<password>" | sudo chpasswd
+
+ # Edit /etc/sudoers file with:
+ cloud ALL=(ALL) NOPASSWD:ALL
+
+- Create the necessary directory /opt/bin:
+
+ .. code-block:: bash
+
+ sudo mkdir -p /opt/bin
+
+- Once the VM is deployed, place the Management Server’s SSH Public key at the
cloud user’s authorized_keys file at ~/.ssh/authorized_keys
+
+
+Registering a custom template for Kubernetes cluster nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, the Kubernetes clusters nodes are deployed from the System VM
template. On the Advanced Settings for Kubernetes clusters creation, CloudStack
allows selecting templates for different types of nodes.
+
+To register a template that will be listed as an option for Kubernetes cluster
nodes:
+
+- Set URL to the provided CKS-ready template at:
https://download.cloudstack.org/testing/custom_templates/ubuntu/22.04/ or a
custom template built from the section above.
+
+- Set the template specific values as usual for template registration.
+
+- Mark the option 'For CKS'. This ensures the template is considered as an
option for Kubernetes cluster nodes on the Advanced Settings section for
clusters creation.
+
+|cks-custom-template-registration.png|
+
+Separate etcd nodes from control nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+By default, a CKS cluster has 0 dedicated etcd nodes, and the etcd service
runs on the control nodes. If etcd node count is set to a value greater than or
equal to 1 during cluster creation, CloudStack will provision separate nodes
exclusively for the etcd service, isolating them from the control nodes with
the desired template and service offering if specified.
+
+To use separate etcd nodes, it is required to build and register a CKS ISO
version containing the etcd binaries as explained in:
:ref:`kubernetes-supported-versions`
+
+For convenience, some CKS ISOs are uploaded to:
https://download.cloudstack.org/testing/cks/custom_templates/iso-etcd/
+
+Add an external VM Instance as a worker node to a Kubernetes cluster
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Requirements for a VM Instance to be added as worker node to a Kubernetes
cluster:
+
+- At least 8GB ROOT disk size, 2 CPU cores and 2GB RAM
+
+- The VM Instance must have a NIC on the Kubernetes cluster network
+
+- **The Management Server’s SSH Public key must be added at the cloud user’s
authorized_keys file at `~/.ssh/authorized_keys`**.
+
+The VM Instances meeting the requirements above can be added to the Kubernetes
cluster by the `addNodesToKubernetesCluster` API specifying:
+
+- **id** (UUID of the Kubernetes cluster. Required)
+- **nodeids** (comma separated list of (external) node (physical or virtual
machines) IDs that need to be added as worker nodes to an existing managed
Kubernetes cluster (CKS). Required)
+- **mountcksisoonvr** (optional parameter for Vmware only, uses the CKS
cluster network VR to mount the CKS ISO)
+- **manualupgrade** (optional parameter that indicates if the node is marked
for manual upgrade and excluded from the Kubernetes cluster upgrade operation)
+
+.. note::
+ Users will have the ability to add nodes to the Kubernetes cluster and mark
them for manual upgrade. Once the nodes are marked for manual upgrade, the
future cluster upgrade operations will exclude these nodes i.e., the Kubernetes
version won't be upgraded.
+
+The following course of actions are taken:
+
+- Validation: The external node(s) are validated to ensure that all the
above-mentioned prerequisites are present
+
+- Addition of port-forwarding rules and firewall rules (for isolated networks)
+
+- VM is rebooted with the Kubernetes configuration passed as userdata
+
+- The ISO is attached either to the node or to the VR based on the value of
`mountcksisoonvr` that is passed as a parameter to the
addNodesToKubernetesCluster API (Vmware only).
+
+- The cluster enters Importing state until all the nodes are successfully
added, and the number of Ready nodes is equal to the expected number of nodes
to be added.
+
+- The process timeout is set by the setting:
`cloud.kubernetes.cluster.add.node.timeout`.
+
+Removing an external worker node from a Kubernetes cluster
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+External worker nodes can be removed from a Kubernetes cluster by the
`removeNodesFromKubernetesCluster` API specifying:
+
+- **id** (UUID of the Kubernetes cluster. Required)
+- **nodeids** (comma separated list of (external) node (physical or virtual
machines) IDs that need to be removed from an existing managed Kubernetes
cluster (CKS). Required)
+
+When node(s) are being removed from a Kubernetes cluster, the following
happens:
+
+- On the control node, drain the specific node before it can be removed
+
+- Reset the corresponding worker node
+
+- Delete the worker node from the cluster on the control node
+
+- Remove the port-forwarding and firewall rules (for isolated networks) for
the nodes being removed
+
+- The cluster enters RemovingNodes state until all the nodes are successfully
removed, and the number of Ready nodes is equal to the expected number of nodes
+
+- The process timeout is set by the setting:
`cloud.kubernetes.cluster.remove.node.timeout`.
+
+Dedicate specific hosts/clusters to a specific domain for CKS cluster
deployment
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Administrators are able to dedicate hosts to a domain or account. CloudStack
will take the host dedication into consideration when deploying Kubernetes
clusters.
+
+- When there are no hosts dedicated to the domain/account the user belongs,
then the nodes will be deployed on any host.
+
+- When there are hosts dedicated to the domain/account the user belongs, then
the nodes will be deployed on the dedicated hosts.
+
+ .. note::
+ By design the hosts dedication does not consider the deployment of
system VMs on the dedicated hosts (SSVM, CPVM and Virtual Routers). In case the
Kubernetes cluster is created on an unimplemented network then the Virtual
Router of the network will not be deployed on the dedicated hosts.
+
+Use diverse CNI plugins (Calico, Cilium, etc)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A CNI framework has also been added which provides end users the flexibility
to use the CNI plugin of their choice. The CNI framework internally leverages
the managed Userdata feature provided by CloudStack.
+
+Sample Calico CNI configuration data used which is appended to the existing
Kubernetes control node userdata is:
Review Comment:
```suggestion
Sample Calico CNI configuration data used which is appended to the existing
Kubernetes control node user data is:
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
