Skip to content

Deploying CaaSP CAP on ECP

Jump to bottom Edit New page
Carla Schroder edited this page Dec 27, 2018 · 24 revisions

I spent many days testing different deployment configurations on ECP, because ever since the introduction of manually configuring pod security policies (PSPs) I have not had a successful deployment, and we doc peeps are getting conflicting information. The basis for my testing is Setup CAP on CaaSP on ECP. (Refer to this page if you have any questions about the steps in this document.) Prabal's scripts automate creating an NFS storage class and applying PSPs. I forked SUSE/cf-ci to test two different PSP configurations. Which still do not make sense, as it seems the end result is akin to mode 0777.

I tried upgrading CaaSP 3.0 (transactional-update up), and my CAP deployments failed. I do not know why, and have not had time yet to test different PSP configurations.

This is all fragile, and fixing a damaged deployment is difficult, so the CAP Guides must present exact perfect steps for customers to get it right the first time.

  1. Create a CaaSP cluster on ECP:
$ git clone https://github.com/prabalsharma/automation.git
$ cd automation/caasp-openstack-heat

Edit heat-environment.yaml.example with your DNS server and desired internal Kube cluster network range. Do not overlap with the CaaSP defaults of 172.16.0.0/13 and 172.24.0.0/16. Current usable DNS servers are 10.84.2.20, 10.84.2.21, and 10.84.100.100.

This is my heat-environment.yaml.example file:

---
parameters:
  root_password: password
  admin_flavor: m1.large
  master_flavor: m1.xlarge
  worker_flavor: m1.xlarge
  external_net: floating
  internal_net_cidr: 172.24.8.0/24
  dns_nameserver: 10.84.100.100
  worker_num_volumes: 0
  worker_volume_size: 60

Create your cluster with this command:

./caasp-openstack --build -m 1 -w 3 --openrc <path to your ECP openrc.sh> --image CaaSP-3.0.0-GMC --name <your stack name>

  1. When you see Velum started!, open a Web browser to the floating IP address assigned to the admin node + omg.howdoi.website, e.g. https://10.86.2.234.omg.howdoi.website/. Use the internal IP address for the internal dashboard address, and check the box to install Tiller. On the screen for configuring the external Kubernetes and dashboard IP addresses, use the master and admin floating IP addresses + omg.howdoi.website. Continue through the screens to accept nodes and bootstrap the cluster.

  2. After the new CaaSP cluster has bootstrapped, apply the SUSE/cf-ci scripts to set up PSPs and create an NFS storage class:

Add a custom footer
Add a custom sidebar
Clone this wiki locally