This documentation explains how to deploy Outscale Cloud Controller Manager.
You will need a Kubernetes cluster on 3DS Outscale cloud. The next sections details prerequisites on some cloud resources.
| Plugin Version | Minimal Kubernetes Version | Recommended Kubernetes Version |
|---|---|---|
| <= v0.0.10beta | 1.20 | 1.23 |
| v0.2.1 - v0.2.3 | 1.20 | 1.25 |
| >= v0.2.4 | 1.20 | 1.30 |
You must tag some cloud resources with a cluster identifier in order to allow Cloud Controller Manager to identify which resources are part of the cluster. This includes:
The tag key must be OscK8sClusterID/my-cluster-id (adapt my-cluster-id) and tag value can be one of the following values:
shared: resource is shared between multiple clusters, and should not be destroyedowned: the resource is considered owned and managed by the cluster
Additionally, instances must be tagged with their node name.
Tag key is OscK8sNodeName and tag value my-kybernetes-host-name (my-kybernetes-host-name should be the same as kubernetes.io/hostname computed).
By default, the service controller will automatically create a Security Group for each Load Balancer Unit (LBU) and will attach it to nodes in a VPC setup.
If you want to use a pre-created Security Group to be applied to be attached/associated to the LBU, you must tag it with key OscK8sMainSG/my-cluster-id and value True.
Note that using LBU has some limitation (see issue #68).
Node controller is deployed as a daemon set and will need to access metadata server in order to get information about its node (cpu, memory, addresses, hostname).
To do this, node controller need to be able to access 169.254.169.254/32 through TCP port 80 (http).
If you want more details about network configuration with OpenShift, check openshift documentation.
Kubelet must be run with --cloud-provider=external, (more details in Cloud Controller Manager Administration documentation).
Outscale Cloud Controller Manager needs API access in order to create resources (like Load Balancer Units) or fetch some data.
It is recommended to use a specific Access Key and create an EIM user with limited access. Check EIM policy example to apply to such EIM user.
To Avoid commiting any secret, just copy secrets.example.yml resource and edit it:
cp deploy/secrets.example.yml deploy/secrets.ymlMake sure to have kubectl configured and deploy the Secret Resource containing your cloud crendentials:
kubectl apply -f deploy/secrets.yaml
Replace only MY_AWS_ACCESS_KEY_ID with your outscale access key, MY_AWS_SECRET_ACCESS_KEY with your outscale secret key and MY_AWS_DEFAULT_REGION with your outscale region.
You can then deploy Outscale Cloud Controller Manager using a simple manifest:
kubectl apply -f deploy/osc-ccm-manifest.yml
Alternatively, you can deploy using Helm:
helm upgrade --install --wait --wait-for-jobs k8s-osc-ccm deploy/k8s-osc-ccm --set oscSecretName=osc-secret
More helm options are available
To check if Outscale Cloud Manager has been deployed, check for osc-cloud-controller-manager:
kubectl get pod -n kube-system -l "app=osc-cloud-controller-manager"
You can also deploy a simple application exposed by a Service like 2048 web application.
When troubleshooting issues, you can follow this debug tree to identify and resolve common problems.
