Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-12847

Upgrade to Interim Kubernetes

    XMLWordPrintable

    Details

    • Epic Name:
      Upgrade to Interim Kubernetes
    • Story Points:
      20
    • WBS:
      02C.07.09
    • Team:
      Data Facility
    • Cycle:
      Spring 2018

      Description

      Upgrade interim Kubernetes service for development use. Per conversations with the SLAC and SQuaRE teams, this will involve investigating Kubernetes versions with desired capabilities and installing requested system software and services on PDAC nodes. Ongoing administration is not covered in this epic.

        Attachments

          Issue Links

          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. DM-12836 Containerization: Initial Service

          • Done
          mentioned in

          Page Loading...

            Activity

            Ascending order - Click to sort in descending order
            18 older comments
            Hide
            Permalink
            spietrowicz Steve Pietrowicz added a comment -

            Kubernetes 1.9.3 installed here late this afternoon.  That all works. I ran the multicast test with the Weave 1.7 overlay and that worked fine too.   Installed the dashboard, and that responded as well.  I say "responded" because I did that via wget, and not the browser, since I'm on a VPN here, and wasn't able to test it fully.  The VPN is something to keep in mind for the iptables rules for those systems.  I don't know how they're set since I don't have access to them, but we don't want that exposed on the open internet.  Doing the dashboard via a VPN would be a better choice, I think.

            Show
            spietrowicz Steve Pietrowicz added a comment - Kubernetes 1.9.3 installed here late this afternoon.  That all works. I ran the multicast test with the Weave 1.7 overlay and that worked fine too.   Installed the dashboard, and that responded as well.  I say "responded" because I did that via wget, and not the browser, since I'm on a VPN here, and wasn't able to test it fully.  The VPN is something to keep in mind for the iptables rules for those systems.  I don't know how they're set since I don't have access to them, but we don't want that exposed on the open internet.  Doing the dashboard via a VPN would be a better choice, I think.
            Hide
            Permalink
            spietrowicz Steve Pietrowicz added a comment -

            I'm seeing an issue here with 1.9.3 as the control plane and client, and 1.9.2 client with 1.9.3 control plane  I'm trying to track this down, and retesting something for 1.9.2's control plane with 1.9.2 client to be sure.  I'll update here.

            Show
            spietrowicz Steve Pietrowicz added a comment - I'm seeing an issue here with 1.9.3 as the control plane and client, and 1.9.2 client with 1.9.3 control plane  I'm trying to track this down, and retesting something for 1.9.2's control plane with 1.9.2 client to be sure.  I'll update here.
            Hide
            Permalink
            spietrowicz Steve Pietrowicz added a comment -

            This was an issue where there was a race condition between when the firewall rules were set by kubernetes and when additional rules were put into place by puppet.  An additional rule for port 6443 had to be introduced.   This was tested under all configs listed above and works fine.

            Show
            spietrowicz Steve Pietrowicz added a comment - This was an issue where there was a race condition between when the firewall rules were set by kubernetes and when additional rules were put into place by puppet.  An additional rule for port 6443 had to be introduced.   This was tested under all configs listed above and works fine.
            Hide
            Permalink
            fritzm Fritz Mueller added a comment - - edited

            Hello Andrew Loftus [X], we will need to add the line:

            Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"

            ...to the top section of /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on the pdac nodes, if this file is under puppet control?

            Additionally, we will need the kubelet systemd service enabled and started on all the nodes if systemd services are under puppet control?

            Show
            fritzm Fritz Mueller added a comment - - edited Hello Andrew Loftus [X] , we will need to add the line: Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ...to the top section of /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on the pdac nodes, if this file is under puppet control? Additionally, we will need the kubelet systemd service enabled and started on all the nodes if systemd services are under puppet control?
            Hide
            Permalink
            plutchak Joel Plutchak (Inactive) added a comment -

            Kubernetes installation has been up and running. Initial configuration changes in place and stable.

            Show
            plutchak Joel Plutchak (Inactive) added a comment - Kubernetes installation has been up and running. Initial configuration changes in place and stable.

              People

              Assignee:
              aloftus Andrew Loftus [X] (Inactive)
              Reporter:
              plutchak Joel Plutchak (Inactive)
              Watchers:
              Andrew Loftus [X] (Inactive), Bill Glick [X] (Inactive), Fritz Mueller, Gregory Dubois-Felsmann, Jacob Rundall, Joel Plutchak (Inactive), Steve Pietrowicz, Xiuqin Wu [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Start date:
                End date:

                  Jenkins

                  No builds found.