OpenStack magnum Kubernetes cluster config issues

1.6k views Asked by At

has anyone recently deployed a k8s application after standing up a cluster via devstack / Magnum?

Using devstack (latest) I've successfully deployed a K8s cluster on OpenStack. This is on a single bare metal server running Ubuntu 18.04.

openstack coe cluster template create k8s-cluster-template \
                           --image fedora-atomic-27 \
                           --keypair testkey \
                           --external-network public \
                           --dns-nameserver 8.8.8.8 \
                           --flavor m1.small \
                           --docker-volume-size 5 \
                           --network-driver flannel \
                           --coe kubernetes \
                           --volume-driver cinder

openstack coe cluster create k8s-cluster \
                      --cluster-template k8s-cluster-template \
                      --master-count 1 \
                      --node-count 1

in trying out the cluster I ran into configuration issues. I'm trying to determine where I went wrong and am wondering if anyone else is seeing issues with magnum k8s clusters and dynamic provisioning of cinder volumes?

K8s version:

Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.3", GitCommit:"a4529464e4629c21224b3d52edfe0ea91b072862", GitTreeState:"clean", BuildDate:"2018-09-09T18:02:47Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.1", GitCommit:"b1b29978270dc22fecc592ac55d903350454310a", GitTreeState:"clean", BuildDate:"2018-07-17T18:43:26Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}

the config issues: first, no default storage class was created in Kubernetes. when I used helm to deploy something simple (stable/mariadb) the persistent volume claims were never bound. it turns out this is a known issue with magnum with a pending fix.

I used kubectl to create a default:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: standard
  annotations:
    storageclass.beta.kubernetes.io/is-default-class: "true"
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: EnsureExists
provisioner: kubernetes.io/cinder

After that, the PVCs were still pending, but when I ran describe on one I could see an error:

  Type     Reason              Age                From                         Message
  ----     ------              ----               ----                         -------
  Warning  ProvisioningFailed  55s (x26 over 6m)  persistentvolume-controller  Failed to provision volume with StorageClass "standard": OpenStack cloud provider was not initialized properly : stat /etc/kubernetes/cloud-config: no such file or directory

looking at the kube-controller-manager process it was not passed the cloud- provider or cloud-config command line args:

kube      3111  1.8  4.2 141340 86392 ?        Ssl  Sep19   1:18 /usr/local/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://127.0.0.1:8080 --leader-elect=true --service-account-private-key-file=/etc/kubernetes/certs/service_account_private.key --root-ca-file=/etc/kubernetes/certs/ca.crt

even though these arguments were written into /etc/kubernetes/controller-manager via magnum/heat/cloud-init:

###
# The following values are used to configure the kubernetes controller-manager

# defaults from config and apiserver should be adequate

# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true  --service-account-private-key-file=/etc/kubernetes/certs/service_account_private.key --root-ca-file=/etc/kubernetes/certs/ca.crt --cloud-config=/etc/kubernetes/kube_openstack_config --cloud-provider=openstack"

from the cloud-init output log and "atomic containers list" i can see the controller manager is started from a docker image. it turns out the image is run with /usr/bin/kube-controller-manager.sh script. looking into the image rootfs this script is removing the -cloud-config / -cloud-provider argumnents:

ARGS=$(echo $ARGS | sed s/--cloud-provider=openstack//)
ARGS=$(echo $ARGS | sed s#--cloud-config=/etc/kubernetes/kube_openstack_config##)

any idea why the image is doing this?

to make progress i commented out the two sed lines and restarted. i could then verify that the processes had the expected arguments. the log files showed they were picked up (and complained they are deprecated).

now when i attempt to install MariaDB via helm i get an error that the volume allocation call fails with a 400:

  Type     Reason              Age              From                         Message
  ----     ------              ----             ----                         -------
  Warning  ProvisioningFailed  9s (x7 over 1m)  persistentvolume-controller  Failed to provision volume with StorageClass "standard": failed to create a 8 GB volume: Invalid request due to incorrect syntax or missing required parameters.

from /var/log/syslog cinder is complaining, but doesn't provide any additional information:

Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;36mINFO cinder.api.openstack.wsgi [#033[01;36mNone req-7d95ad99-015b-4c59-8072-6e800abbf01f #033[00;36mdemo admin#033[00;36m] #033[01;35m#033[00;36mPOST http://192.168.7.172/volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;36mINFO cinder.api.openstack.wsgi [#033[01;36mNone req-cc10f012-a824-4f05-9aa4-d871603842dc #033[00;36mdemo admin#033[00;36m] #033[01;35m#033[00;36mPOST http://192.168.7.172/volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;32mDEBUG cinder.api.openstack.wsgi [#033[01;36mNone req-7d95ad99-015b-4c59-8072-6e800abbf01f #033[00;36mdemo admin#033[00;32m] #033[01;35m#033[00;32mAction: 'create', calling method: create, body: {"volume":{"availability_zone":"nova","metadata":{"kubernetes.io/created-for/pv/name":"pvc-687269c1-bcf6-11e8-bf16-fa163e3354e2","kubernetes.io/created-for/pvc/name":"data-fantastic-yak-mariadb-master-0","kubernetes.io/created-for/pvc/namespace":"default"},"name":"kubernetes-dynamic-pvc-687269c1-bcf6-11e8-bf16-fa163e3354e2","size":8}}#033[00m #033[00;33m{{(pid=32491) _process_stack /opt/stack/cinder/cinder/api/openstack/wsgi.py:870}}#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;32mDEBUG cinder.api.openstack.wsgi [#033[01;36mNone req-cc10f012-a824-4f05-9aa4-d871603842dc #033[00;36mdemo admin#033[00;32m] #033[01;35m#033[00;32mAction: 'create', calling method: create, body: {"volume":{"availability_zone":"nova","metadata":{"kubernetes.io/created-for/pv/name":"pvc-68e9c7c9-bcf6-11e8-bf16-fa163e3354e2","kubernetes.io/created-for/pvc/name":"data-fantastic-yak-mariadb-slave-0","kubernetes.io/created-for/pvc/namespace":"default"},"name":"kubernetes-dynamic-pvc-68e9c7c9-bcf6-11e8-bf16-fa163e3354e2","size":8}}#033[00m #033[00;33m{{(pid=32490) _process_stack /opt/stack/cinder/cinder/api/openstack/wsgi.py:870}}#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;36mINFO cinder.api.openstack.wsgi [#033[01;36mNone req-cc10f012-a824-4f05-9aa4-d871603842dc #033[00;36mdemo admin#033[00;36m] #033[01;35m#033[00;36mhttp://192.168.7.172/volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes returned with HTTP 400#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: [pid: 32490|app: 0|req: 205/414] 172.24.4.10 () {64 vars in 1329 bytes} [Thu Sep 20 10:31:36 2018] POST /volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes => generated 494 bytes in 7 msecs (HTTP/1.1 400) 5 headers in 230 bytes (2 switches on core 0)
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: #033[00;36mINFO cinder.api.openstack.wsgi [#033[01;36mNone req-7d95ad99-015b-4c59-8072-6e800abbf01f #033[00;36mdemo admin#033[00;36m] #033[01;35m#033[00;36mhttp://192.168.7.172/volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes returned with HTTP 400#033[00m#033[00m
Sep 20 10:31:36 vantiq-dell-02 [email protected][32488]: [pid: 32491|app: 0|req: 210/415] 172.24.4.10 () {64 vars in 1329 bytes} [Thu Sep 20 10:31:36 2018] POST /volume/v2/9b400f82c32b43068779637a00d3ea5e/volumes => generated 495 bytes in 7 msecs (HTTP/1.1 400) 5 headers in 230 bytes (2 switches on core 0)

for reference here is the volume configuration for the master MariaDB pod:

      volumes:
        - name: config
          configMap:
            name: joking-opossum-mariadb-master
        - name: custom-init-scripts
          configMap:
            name: joking-opossum-mariadb-master-init-scripts
  volumeClaimTemplates:
    - metadata:
        name: data
        labels:
          app: "mariadb"
          chart: mariadb-4.4.2
          component: "master"
          release: "joking-opossum"
          heritage: "Tiller"
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "8Gi"

Any insight into what is wrong would greatly appreciated.

1

There are 1 answers

0
jmer On

The issue appears to be a bug in the interaction between Kubenetes and Cinder in the latest devstack code (as of 19-Sep-2018). I backed off and deployed using the stable/queens branch and both the issues (cmd line args missing / PVC unbound) have gone away. I can successfully deploy MariaDB to a 2 - node cluster created via Magnum.