We use Earthly instead of a Makefile
earthly +testearthly +lintIn the following instruction the yawollet is running within an OpenStack VM that's booted from an OpenStack yawollet image.
If you want to run/test the yawollet locally see local-yawollet
If you only want the yawol-cloud-controller (To test creation of
LoadBalancer from Service):
- Any kind of Kubernetes cluster (remote or local with
kind)
If you want to develop end-to-end (yawol-cloud-controller and
yawol-controller locally, yawollet on VM):
- Access to a K8s cluster that is publicly reachable
- Access to OpenStack project via OpenStack API
-
Generate and install yawol CRDs
earthly +generate kubectl apply -f charts/yawol-controller/crds/
-
Edit environment variables in
run-ycc.shThese variables are required for yawol-cloud-controller and are later used by yawol-controller. For a local cluster the variables can be left as is, for a remote cluster set the variables to match the OpenStack resources:
-
FLOATING_NET_ID: ID offloating-net -
NETWORK_ID: ID of the network -
To use a different yawollet OpenStack image set
IMAGE_ID. If testing in a different OpenStack project, make sure that the image can be accessed by the project. Setvisibilityto not beprivate, e.g.openstack image set --shared <ID> openstack image add project <image> <project>
-
-
Edit environment variables in
run-yc.shThese variables are required for yawol-controller:
API_ENDPOINT=https://+ IP/URL for Kubernetes API server (used by yawollet)
-
Create
cloud-provider-configsecret (required for yawol-controller and later used by yawollet)Use
example-setup/yawol-controller/provider-config.yamlas template. The namespace needs to matchCLUSTER_NAMESPACEinrun-ycc.shandrun-yc.sh
The controllers are using the default kubeconfig ($KUBECONFIG, InCluster or $HOME/.kube/config). To use a different kubeconfig see the instructions below.
-
Run
yawol-cloud-controller. To use a different kubeconfig set the--control-kubeconfigand--target-kubeconfigflags inrun-ycc.sh../run-ycc.sh
-
Run
yawol-controller. To use a different kubeconfig set the--kubeconfigflag in./run-yc.sh../run-yc.sh
yawol-cloud-controller
-
Create deployment and service:
kubectl apply -f example-setup/yawol-cloud-controller # or kubectl create deployment --image nginx:latest nginx --replicas 1 kubectl expose deployment --port 80 --type LoadBalancer nginx --name loadbalancer -
Check if the yawol-cloud-controller created a new
LoadBalancerobject
yawol-controller
-
Reuse created
LoadBalancerfrom yawol-cloud-controller or create a new one (useexample-setup/yawol-controller/loadbalancer.yamlas template) -
Check if the yawol-controller (loadbalancer-controller) created OpenStack resources (FloatingIP, Port, SecurityGroup) for the
LoadBalancer -
Check if the yawol-controller (loadbalancer-controller) created a
LoadbalancerSetfrom theLoadBalancer -
Check if the yawol-controller (loadbalancerset-controller) created a
LoadbalancerMachinesfrom theLoadbalancerSet -
Check if the yawol-controller (loadbalancermachine-controller) created and configured an OpenStack VM for the
LoadbalancerMachine -
Once the VM (
LBM) is ready check if the yawol-cloud-controller wrote the IP to theService
- Any kind of Kubernetes cluster (remote or local with
kind) - Envoy locally installed
earthly +get-envoy-local(downloaded from envoy docker image)
-
Generate and install yawol CRDs:
earthly +generate kubectl apply -f charts/yawol-controller/crds/
-
Create
LoadBalancerandLoadBalancerMachineobject (use examples inexample-setup/yawollet/):kubectl apply -f example-setup/yawollet/lb.yaml kubectl apply -f example-setup/yawollet/lbm.yamlThis example adds an TCP LoadBalancer to forward port 8085 to localhost:9000 which is the Envoy admin port.
-
Start Envoy:
envoy -c image/envoy-config.yaml
-
Run yawollet. To use a different kubeconfig set the
--kubeconfigflag.go run ./cmd/yawollet/main.go --namespace=yawol-test \ --loadbalancer-name=loadbalancer-sample \ --loadbalancer-machine-name=loadbalancermachine-sample
UDP testing with netcat:
netcat -u -l -p 9001- Open a new terminal
netcat -u 127.0.0.1 8086- Type something, hit enter and check if the message gets displayed in the first terminal
TCP testing using the admin port of Envoy:
- Open http://localhost:8085 in your browser
- You should get forwarded to the admin port of Envoy which is listening to localhost:9000
There are currently 2 debug options to access the LoadBalancerMachine VM via SSH:
This will add the SSH key via OpenStack KeyPair. A change will recreate the LoadBalancerMachines, because OpenStack
KeyPairs are only possible while VM creation.
- Upload ssh key-pair to OpenStack
openstack keypair create <name> # create new keypair
# or
openstack keypair create --public-key <path> <name> # add existing pubkey-
Add the following to
LoadBalancer:... spec: debugSettings: enabled: true sshkeyName: <name> ...
This can be also enabled with the service annotations: yawol.stackit.cloud/debug and yawol.stackit.cloud/debugsshkey
You can login with the user:
alpine
To troubleshoot a running LoadBalancerMachine we added a function into the yawollet to be able to add a SSH key
and enable/start sshd on the fly.
This can only be enabled with annotations on the LoadBalancer: yawol.stackit.cloud/adHocDebug and yawol.stackit.cloud/adHocDebugSSHKey
This will not recreate the LoadBalancerMachine. Be aware that the yawol.stackit.cloud/adHocDebugSSHKey has to contain the complete
SSH public key.
You can login with the user:
yawoldebug
After you are done please remove the VMs, because yawol will not disable SSH again.
For the image build ansible is used. To develop on ansible you can run in locally.
Therefore, you need to get/build all needed binaries and change to the image directory:
earthly +get-envoy-local
earthly +get-envoy-libs-local
earthly +get-promtail-local
earthly +build-local
Now you can run ansible:
ansible-playbook -i <IP-Address>, --private-key=~/.ssh/ske-key --user alpine install-alpine.yaml