Table of Contents generated with DocToc
- Development Guide
This document explains how to develop Cluster API Provider OpenStack.
You need to create your own openstack-capi controller image for testing cluster creation or deletion by your code. The image is stored in the docker registry. You need to create an account of Docker registry in advance.
Log in to your registry account. Export the following environment variables which will be used by the Makefile.
Variable | Meaning | Mandatory | Example |
---|---|---|---|
REGISTRY | The registry name | Yes | docker.io/<username> |
IMAGE_NAME | The image name (default: capi-openstack-controller) | No | capi-openstack-controller |
TAG | The image version (default: dev) | No | latest |
Execute the command to build and upload the image to the Docker registry.
make docker-build docker-push
After generating infrastructure-components.yaml
, replace the us.gcr.io/k8s-artifacts-prod/capi-openstack/capi-openstack-controller:v0.3.4
with your image.
We have support for using Tilt for rapid iterative development. Please visit the Cluster API documentation on Tilt for information on how to set up your development environment.
You can run the E2E tests locally with:
make test-e2e OPENSTACK_CLOUD_YAML_FILE=/path/to/clouds.yaml OPENSTACK_CLOUD=mycloud
where mycloud
is an entry in clouds.yaml
.
The E2E tests:
- Build a CAPO image from the local working directory
- Create a kind cluster locally
- Deploy downloaded CAPI, and locally-build CAPO to kind
- Create an e2e namespace per-test on the kind cluster
- Deploy cluster templates to the test namespace
- Create test clusters on the target OpenStack
If your cloud requires a cacert you must also pass this to make via OPENSTACK_CLOUD_CACERT_B64
, i.e.:
make test-e2e OPENSTACK_CLOUD_YAML_FILE=/path/to/clouds.yaml OPENSTACK_CLOUD=my_cloud \
OPENSTACK_CLOUD_CACERT_B64=$(base64 -w0 /path/to/mycloud-ca.crt)
CAPO deployed in the local kind cluster will automatically pick up a cacert
defined in your clouds.yaml
so you will see servers created in OpenStack without specifying OPENSTACK_CLOUD_CACERT_B64
. However, the cacert won't be deployed to those servers, so kubelet will fail to start.
If your cloud contains only a single external network CAPO will automatically select that network for use by a deployed cluster. However, if there are multiple external networks CAPO will log an error and fail to create any machines. In this case you must pass the id of an external network to use explicitly with OPENSTACK_EXTERNAL_NETWORK_ID
, i.e.:
make test-e2e OPENSTACK_CLOUD_YAML_FILE=/path/to/clouds.yaml OPENSTACK_CLOUD=my_cloud \
OPENSTACK_EXTERNAL_NETWORK_ID=27635f93-583d-454e-9c6d-3d305e7f8a22
OPENSTACK_EXTERNAL_NETWORK_ID
must be specified as a uuid. Specifying by name is not supported.
You can list available external networks with:
$ openstack network list --external
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 27635f93-583d-454e-9c6d-3d305e7f8a22 | external | be64cd07-f8b7-4705-8446-26b19eab3914 |
| cf2e83dc-545d-490f-9f9c-4e90927546f2 | hostonly | ec95befe-72f4-4af6-a263-2aec081f47d3 |
+--------------------------------------+----------+--------------------------------------+
The test suite is executed in an existing OpenStack environment. You can create and manage this environment yourself or use the hacking CI scripts to provision an environment with DevStack similar to the one used for continuous integration.
The file test/e2e/data/e2e_conf.yaml
and the test templates under test/e2e/data/infrastructure-openstack
reference several OpenStack resources which must exist before running the test:
- System requirements
- Multiple nodes
controller
: 16 CPUs / 64 GB RAMworker
: 8 CPUs / 32 GB RAM
- Availability zones (for multi-AZ tests)
testaz1
: used by all test casestestaz2
: used by multi-az test case
- Services (Additional services to be enabled)
- Octavia
- Network trunking (neutron-trunk)
- see Configration for more details.
- Glance images
cirros-0.6.1-x86_64-disk
ubuntu-2004-kube-v1.23.10
- Download from https://storage.googleapis.com/artifacts.k8s-staging-capi-openstack.appspot.com/test/ubuntu/2022-12-05/ubuntu-2004-kube-v1.23.10.qcow2
- Or generate using the
images/capi
directory from https://github.com/kubernetes-sigs/image-builder- Boot volume size must be less than 15GB
- Flavors
m1.medium
: used by control planem1.small
: used by workersm1.tiny
: used by bastion
- clouds.yaml
capo-e2e
: for general user authorizationcapo-e2e-admin
: for administrator user authorization- i.e.:
clouds: capo-e2e: auth: auth_url: http://Node-Address/identity project_name: demo project_domain_name: Default user_domain_name: Default username: demo password: secret region_name: RegionOne capo-e2e-admin: auth: auth_url: http://Node-Address/identity project_name: demo project_domain_name: Default user_domain_name: Default username: admin password: secret region_name: RegionOne
You can easily create a test environment similar to the one used during continuous integration on OpenStack, AWS or GCE with the hacking CI scripts.
The entry point for the creation of the DevStack environment is the create_devstack.sh script, which executes specific scripts to create infrastructure on different clouds:
- AWS: aws-project.sh
- GCE: gce-project.sh
- OpenStack: openstack.sh
You can switch between these cloud providers, by setting the RESOURCE_TYPE
environment variable to aws-project
, gce-project
or openstack
respectively.
Configure the following environment variables for OpenStack:
export RESOURCE_TYPE="openstack"
export OS_CLOUD=<your cloud>
export OPENSTACK_FLAVOR_controller=<flavor with >= 16 cores, 64GB RAM and 50GB storage>
export OPENSTACK_FLAVOR_worker=<flavor with >= 8 cores, 32GB RAM and 50GB storage>
export OPENSTACK_PUBLIC_NETWORK=<name of the external network>
export OPENSTACK_SSH_KEY_NAME=<your ssh key-pair name>
export SSH_PUBLIC_KEY_FILE=/home/user/.ssh/id_ed25519.pub
export SSH_PRIVATE_KEY_FILE=/home/user/.ssh/id_ed25519
and create the environment by running:
./hack/ci/create_devstack.sh
You can use unprivileged podman to:
- Build the CAPO image
- Deploy the kind cluster
To do this you need to configure the host appropriately and pass PODMAN=1
to make, i.e.:
make test-e2e OPENSTACK_CLOUD_YAML_FILE=/path/to/clouds.yaml OPENSTACK_CLOUD=my_cloud \
PODMAN=1
Firstly, you must be using kernel >=5.11. If you are using Fedora, this means Fedora >= 34.
You must configure systemd and iptables as described in https://kind.sigs.k8s.io/docs/user/rootless/. There is no need to configure cgroups v2 on Fedora, as it uses this by default.
You must install the podman-docker
package to emulate the docker cli tool. However, this is not sufficient on its own as described below.
While kind itself supports podman, the cluster-api test framework does not. This framework is used by the CAPO tests to push test images into the kind cluster. Unfortunately the cluster-api test framework explicitly connects to a running docker daemon, so cli emulation is not sufficient for compatibility. This issue is tracked in kubernetes-sigs/cluster-api#5146, and the following workaround can be ignored when this is resolved.
podman includes a 'system service' which emulates docker. For the tests to work, this service must be running and listening on a unix socket at /var/run/docker.sock
. You can achieve this with:
$ podman system service -t 0 &
$ sudo rm /var/run/docker.sock
$ sudo ln -s /run/user/$(id -u)/podman/podman.sock /var/run/docker.sock