Bug 1503243

Summary: [RFE] OpenStack Kuryr support
Product: OpenShift Container Platform Reporter: Antoni Segura Puimedon <asegurap>
Component: RFEAssignee: Michał Dulko <mdulko>
Status: CLOSED CURRENTRELEASE QA Contact: Jon Uriarte <juriarte>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aos-bugs, asimonel, bschmaus, ealcaniz, erich, hgomes, jokerman, juriarte, lpeer, mdulko, mmccomas, myllynen, oblaut, sputhenp, tsedovic, tzumainn, wsun
Target Milestone: ---Keywords: Triaged
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-16 17:57:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1503708, 1503975, 1504017    

Description Antoni Segura Puimedon 2017-10-17 15:54:02 UTC 
Description of problem:

In OpenShift of OpenStack environments we should have the option to use OpenStack Kuryr as the Software Defined Networking solution that openshift-ansible deploys so that OpenShift Pods and services can consume the native OpenStack networking provided.

This integration should consist on roles that deploy the Kuryr-Controller as an OpenShift deployment and the CNI component as a DaemonSet. All the relevant kuryr options should be made available as options the user can place in the inventory and with sane defaults.

Steps to Reproduce:
1. place kuryr Neutron options in /etc/ansible/hosts alongside the rest of the BYO configuration
2. ansible-playbook playbooks/byo/config.yml -vvv


Actual results:
Not implemented

Expected results:
OpenShift successfully deploys and the kube-system namespace has the Kuryr controller Deployment and the Kuryr CNI daemonset

Additional info:
Comment 1 Scott Dodson 2017-11-06 16:37:15 UTC 
Changes have been merged into master but note that target release is 3.8.0.
Comment 2 Wei Sun 2018-01-23 02:33:38 UTC 
Hi Ofer,
Please verify this bug,thanks!
Comment 5 Michał Dulko 2018-03-13 17:13:01 UTC 
The feature is merged, though meanwhile we needed to make some more fixes as well. I'm not sure about QA status of that. As development team we've recently verified that this works.
Comment 6 Tomas Sedovic 2018-05-04 13:16:07 UTC 
This has been implemented. However, the namespace is openshift-infra not kube-system.

How to test:

1. Configure the Kuryr SDN in the openshift-ansible inventory all.yml:

    openshift_use_kuryr: True
    openshift_use_openshift_sdn: False
    openshift_master_open_ports:
    - service: dns tcp
      port: 53/tcp
    - service: dns udp
      port: 53/udp
    openshift_node_open_ports:
    - service: dns tcp
      port: 53/tcp
    - service: dns udp
      port: 53/udp
    use_trunk_ports: True
    os_sdn_network_plugin_name: cni
    openshift_node_proxy_mode: userspace
    openshift_hosted_manage_registry: false
    # # Kuryr needs to know the subnet you will be taking Floating IPs for the
    # loadbalancer services from.
    kuryr_openstack_public_subnet_id: cdbd1855-0b23-4ddc-8186-e10a963156b8
    openshift_kuryr_precreate_subports: 5
    openshift_kuryr_device_owner: compute:kuryr
    enable_kuryr_controller_probes: False
    enable_kuryr_cni_probes: False

2. Run the openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yml playbook

Verification:

1. The playbook must finish without errors.
2. Running `oc get pod -n openshift-infra` from a master node should list one CNI pod for every OpenShift node and a single kuryr-controller pod
Comment 7 Jon Uriarte 2018-05-31 08:08:59 UTC 
Verified in openshift-ansible-3.10.0-0.53.0.git.0.53fe016.el7.noarch and openshift-ansible-playbooks-3.10.0-0.53.0.git.0.53fe016.el7.noarch.

Verification steps:
1. Configure the Kuryr SDN in the openshift-ansible inventory all.yml:

    openshift_use_kuryr: True
    openshift_use_openshift_sdn: False
    openshift_master_open_ports:
    - service: dns tcp
      port: 53/tcp
    - service: dns udp
      port: 53/udp
    openshift_node_open_ports:
    - service: dns tcp
      port: 53/tcp
    - service: dns udp
      port: 53/udp
    use_trunk_ports: True
    os_sdn_network_plugin_name: cni
    openshift_node_proxy_mode: userspace
    openshift_hosted_manage_registry: false
    # # Kuryr needs to know the subnet you will be taking Floating IPs for the
    # loadbalancer services from.
    kuryr_openstack_public_net_id: dd5a700a-a0bf-4e18-b6db-a59f4063f7b4
    openshift_kuryr_precreate_subports: 5
    openshift_kuryr_device_owner: compute:kuryr
    enable_kuryr_controller_probes: False
    enable_kuryr_cni_probes: False

2. Run the openshift-ansible openstack playbook (deployed 1 master, 1 infra and 2 app nodes)
3. Verify kuryr-cni daemon set and kuryr controller deployment config:
  [openshift@master-0 ~]$ oc -n openshift-infra get ds
  NAME           DESIRED   CURRENT   READY     UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
  kuryr-cni-ds   4         4         4         4            4           <none>          16h
  [openshift@master-0 ~]$ oc -n openshift-infra get cm
  NAME           DATA      AGE
  kuryr-config   2         16h


4. Verify kuryr controller and cni pods are ready and running:
  [openshift@master-0 ~]$ oc get pod -n openshift-infra
  NAME                                READY     STATUS    RESTARTS   AGE
  bootstrap-autoapprover-0            1/1       Running   0          16h
  kuryr-cni-ds-bcvrp                  1/1       Running   0          16h
  kuryr-cni-ds-hnqw2                  1/1       Running   0          16h
  kuryr-cni-ds-jvn5x                  1/1       Running   0          16h
  kuryr-cni-ds-kjxnv                  1/1       Running   0          16h
  kuryr-controller-65c98f7444-vv5l8   1/1       Running   0          16h
Comment 9 Michał Dulko 2019-04-16 17:57:27 UTC 
It seems so, yes.