-
Task
-
Resolution: Done
-
Medium
-
None
-
None
https://wiki.onap.org/display/DW/ONAP+on+Kubernetes+on+Rancher#ONAPonKubernetesonRancher-Rancher2.0
Only docker 17.03 supports Kubernetes so far
http://rancher.com/docs/rancher/v1.6/en/hosts/#supported-docker-versions
https://rancher.com/blog/ Adding custom nodes to your Kubernetes cluster in Rancher 2.0 Tech Preview 2 root@ip-172-31-76-75:~# sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/server:preview 42d5d98fb352ae4198ea039e2ab0d54e0a4dbe882ee62d3e3168ce648f5deb7c root@ip-172-31-76-75:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 42d5d98fb352 rancher/server:preview "rancher --k8s-mod..." 6 seconds ago Up 5 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp naughty_mccarthy root@ip-172-31-76-75:~# LOGINRESPONSE=`curl -s 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"admin"}' --insecure` root@ip-172-31-76-75:~# LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token` root@ip-172-31-76-75:~# curl -s 'https://127.0.0.1/v3/users?action=changepassword' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"currentPassword":"admin","newPassword":"thisisyournewpassword"}' --insecure root@ip-172-31-76-75:~# APIRESPONSE=`curl -s 'https://127.0.0.1/v3/token' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"type":"token","description":"automation"}' --insecure` root@ip-172-31-76-75:~# APITOKEN=`echo $APIRESPONSE | jq -r .token` root@ip-172-31-76-75:~# echo $LOGINRESPONSE {"actions":{},"authProvider":"local","baseType":"token","created":"2018-02-17T19:46:54Z","createdTS":1518896814000,"creatorId":null,"description":"","groupPrincipals":[],"id":"token-6lpf6","isDerived":false,"labels":{"authn.management.cattle.io/token-userId":"user-dxpzc"},"lastUpdateTime":"","links":{"self":"https://127.0.0.1/v3-public/tokens/token-6lpf6"},"name":"token-6lpf6","token":"token-6lpf6:9mjxxpfz4qmz9cvbsgs7fksxjxkhpvkx8j9jlnkq59cn9rbwztzmsz","ttl":57600000,"type":"token","userId":"user-dxpzc","userPrincipal":"map[metadata:map[name:local://user-dxpzc creationTimestamp:\u003cnil\u003e] displayName:Default Admin loginName:admin kind:user me:true provider:local]","uuid":"4e7a0d5b-141b-11e8-bacc-0242ac110002"} root@ip-172-31-76-75:~# echo $LOGINTOKEN token-6lpf6:9mjxxpfz4qmz9cvbsgs7fksxjxkhpvkx8j9jlnkq59cn9rbwztzmsz root@ip-172-31-76-75:~# echo $APIRESPONSE {"actions":{},"authProvider":"local","baseType":"token","created":"2018-02-17T19:47:51Z","createdTS":1518896871000,"creatorId":null,"description":"automation","groupPrincipals":[],"id":"token-46x9z","isDerived":true,"labels":{"authn.management.cattle.io/token-userId":"user-dxpzc"},"lastUpdateTime":"","links":{"remove":"https://127.0.0.1/v3/tokens/token-46x9z","self":"https://127.0.0.1/v3/tokens/token-46x9z","update":"https://127.0.0.1/v3/tokens/token-46x9z"},"name":"token-46x9z","token":"token-46x9z:4sf88ppf7fnwtfgdzxmnd7lf5rtbkndjl4zqrpbzvr8mchj68qkt4v","ttl":57600000,"type":"token","userId":"user-dxpzc","userPrincipal":"map[kind:user me:true provider:local metadata:map[name:local://user-dxpzc creationTimestamp:\u003cnil\u003e] displayName:Default Admin loginName:admin]","uuid":"704dc296-141b-11e8-bacc-0242ac110002"} root@ip-172-31-76-75:~# echo $APITOKEN token-46x9z:4sf88ppf7fnwtfgdzxmnd7lf5rtbkndjl4zqrpbzvr8mchj68qkt4v root@ip-172-31-76-75:~# CLUSTERRESPONSE=`curl -s 'https://127.0.0.1/v3/cluster' -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" --data-binary '{"type":"cluster","nodes":[],"rancherKubernetesEngineConfig":{"ignoreDockerVersion":true},"name":"yournewcluster"}' --insecure` root@ip-172-31-76-75:~# CLUSTERID=`echo $CLUSTERRESPONSE | jq -r .id` root@ip-172-31-76-75:~# echo $CLUSTERRESPONSE {"actions":{},"annotations":{},"baseType":"cluster","created":"2018-02-17T19:49:59Z","createdTS":1518896999000,"creatorId":"user-dxpzc","defaultClusterRoleForProjectMembers":null,"defaultPodSecurityPolicyTemplateId":null,"id":"cluster-ztcdt","links":{"clusterEvents":"https://127.0.0.1/v3/clusterEvents?clusterId=cluster-ztcdt","clusterLoggings":"https://127.0.0.1/v3/clusterLoggings?clusterId=cluster-ztcdt","clusterRegistrationTokens":"https://127.0.0.1/v3/clusterRegistrationTokens?clusterId=cluster-ztcdt","clusterRoleTemplateBindings":"https://127.0.0.1/v3/clusterRoleTemplateBindings?clusterId=cluster-ztcdt","machines":"https://127.0.0.1/v3/machines?clusterId=cluster-ztcdt","namespaces":"https://127.0.0.1/v3/clusters/cluster-ztcdt/namespaces","nodes":"https://127.0.0.1/v3/clusters/cluster-ztcdt/nodes","persistentVolumes":"https://127.0.0.1/v3/clusters/cluster-ztcdt/persistentvolumes","projects":"https://127.0.0.1/v3/projects?clusterId=cluster-ztcdt","remove":"https://127.0.0.1/v3/clusters/cluster-ztcdt","schemas":"https://127.0.0.1/v3/clusters/cluster-ztcdt/schemas","self":"https://127.0.0.1/v3/clusters/cluster-ztcdt","update":"https://127.0.0.1/v3/clusters/cluster-ztcdt"},"name":"yournewcluster","nodes":[],"rancherKubernetesEngineConfig":{"ignoreDockerVersion":true,"type":"/v3/schemas/rancherKubernetesEngineConfig"},"removed":null,"state":"active","transitioning":"no","transitioningMessage":"","type":"cluster","uuid":"bc584143-141b-11e8-bacc-0242ac110002"} root@ip-172-31-76-75:~# echo $CLUSTERID cluster-ztcdt root@ip-172-31-76-75:~# AGENTIMAGE=`curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/agent-image --insecure | jq -r .value` root@ip-172-31-76-75:~# ROLEFLAGS="--etcd --controlplane --worker" root@ip-172-31-76-75:~# RANCHERSERVER="https://cd.onap.info" root@ip-172-31-76-75:~# AGENTTOKEN=`curl -s 'https://127.0.0.1/v3/clusterregistrationtoken' -H 'content-type: application/json' -H "Authorization: Bearer $APITOKEN" --data-binary '{"type":"clusterRegistrationToken","clusterId":"'$CLUSTERID'"}' --insecure | jq -r .token` root@ip-172-31-76-75:~# echo $AGENTIMAGE rancher/agent:v2.0.2 root@ip-172-31-76-75:~# echo $AGENTTOKEN wzqlds7nshd22r7vz7m4ttk8f9s89k6ld584lj6jn2wdglr6mrkmb7 root@ip-172-31-76-75:~# CACHECKSUM=`curl -s -H "Authorization: Bearer $APITOKEN" https://127.0.0.1/v3/settings/cacerts --insecure | jq -r .value | sha256sum | awk '{ print $1 }'` root@ip-172-31-76-75:~# AGENTCOMMAND="docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host $AGENTIMAGE $ROLEFLAGS --server $RANCHERSERVER --token $AGENTTOKEN --ca-checksum $CACHECKSUM" root@ip-172-31-76-75:~# echo $AGENTCOMMAND docker run -d --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock --net=host rancher/agent:v2.0.2 --etcd --controlplane --worker --server https://cd.onap.info --token wzqlds7nshd22r7vz7m4ttk8f9s89k6ld584lj6jn2wdglr6mrkmb7 --ca-checksum d6da06563b4d056d178c33bff79edec838132ae853b4c2cdc683e3d81614dd2f root@ip-172-31-76-75:~# $AGENTCOMMAND Unable to find image 'rancher/agent:v2.0.2' locally v2.0.2: Pulling from rancher/agent d26cfb4142fa: Pull complete 64e695836438: Pull complete 23612a50167e: Pull complete 0f87853aa05b: Pull complete 196b8aba5fb6: Pull complete 5f239a0ec768: Pull complete cc3d598471c6: Pull complete Digest: sha256:ce0821e430208a96719e9f48f9be8798b049469d76ce5c0e8fddf06ba8ba6c57 Status: Downloaded newer image for rancher/agent:v2.0.2 48c28a3e070f89036050c46836b0d83f8c961e62494e5c5b48e84c6875fd6d47 install helm, kubectl 14 curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.6/bin/linux/amd64/kubectl 15 chmod +x ./kubectl 16 sudo mv ./kubectl /usr/local/bin/kubectl 17 mkdir ~/.kube 18 helm version 19 wget http://storage.googleapis.com/kubernetes-helm/helm-v2.6.1-linux-amd64.tar.gz 20 tar -zxvf helm-v2.6.1-linux-amd64.tar.gz 21 sudo mv linux-amd64/helm /usr/local/bin/helm replace url and token in apiVersion: v1 kind: Config clusters: - name: "yournewcluster" cluster: server: "https://amsterdam.onap.info/k8s/clusters/cluster-nlwrf" api-version: v1 certificate-authority-data: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM3a\ kNDQWRhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFvTVJJd0VBWURWUVFLRXdsM\ GFHVXQKY21GdVkyZ3hFakFRQmdOVkJBTVRDV05oZEhSc1pTMWpZVEFlRncweE9EQXlNVGd3T\ WpRd016QmFGdzB5T0RBeQpNVFl3TWpRd016QmFNQ2d4RWpBUUJnTlZCQW9UQ1hSb1pTMXlZV\ zVqYURFU01CQUdBMVVFQXhNSlkyRjBkR3hsCkxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRR\ UZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdsVjV6czF3cW9hVkJTQTYKdXVTeVVRWGhRTnYwbTFaW\ HdCTlJYVkVRQ0s2T2FaenBlcW1uRm9tUmQyVzZ0KzNjN0xTUDM4ekVNT0ZuWEcrNQp2N3JEY\ 3A3dkpTd3A1MytiSEdzMFFEM0h2UjMxcURuVThSSWl6ZlNHbDZmcWZkNEZJLy9oTjRVNTRNM\ 0g5MjF2CkQ2TkVoQlU2dmM2SlFiOU1MUFBaQ3dMWUExVHhUcDliaGhNRUhYWTg2MG5OK3RRM\ k4yVGUvK0tvZ096eG5IK3YKR2k0OU5XT1RaVGpQemx3Skh1S0tpWlFHNitJSDlDbmpqcXRWN\ mJIMzFnMHZJakwybG1OZHJGajd2OGQ1bHY2cAoxWEtqZFZKUTQvWjUrOXVpQURsNU9sSlY3S\ kpnR1Zoc2pBeXV1Vm0yUVJlOEJpbTI4YWY5WkkyYWxhTkRSb0FNCkJMemtxd0lEQVFBQm95T\ XdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU4KQmdrc\ WhraUc5dzBCQVFzRkFBT0NBUUVBUElZQjJ6Qis5Y1Z2Y1FjT2VzZ2VPMnpva2hSRk9GUk45d\ 0pJQ0R6TwpsVlByWXFQazJLWkdwOEJIZVh2RHNTbGZ5TzdRRXpiRkdLaUpwSk03OE5BUVQxN\ 04xMCttU1pPemdLcGxzdENPCnlvVDhZVUZUUXRwRVFLbzZCNGIwd0VTaWVRUys0eVhYcGhuR\ WN2RTZJQy9MWnFHcnpIeGNHSi9DZlprQWQ4R3kKcGFsdXRqQ3NXeTUzVjZEdlR0eGlkZzF4e\ UJYWGpXdnpIUFprb1hnTEQxc0NmL010N2d3V3ZqK0tNVUxjM1JJegpEeUZGQVFVbjArZkJle\ jdvMWFpY3lZMFovZWZHWXJZWTlid25qUTk4cGdRWVcwaHJKMkRaZC9BeXVST2s0dTNqCnBMM\ WJTSkQ2QWp4ZCtYZFNWMWZFMTBueHdGMjF6MVo0UVdMenZjbFR4NHFhQkE9PQotLS0tLUVOR\ CBDRVJUSUZJQ0FURS0tLS0t" users: - name: "admin" user: token: "token-5vmcg:qbk6b4jr7dnknvrqshsltlgj7kvcnw6jlmxss8t62flks7s6kjhrz8" contexts: - name: "yournewcluster" context: user: "admin" cluster: "yournewcluster" current-context: "yournewcluster" using 37 LOGINRESPONSE=`curl -s 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"admin"}' --insecure` 38 LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token` 39 echo $LOGINTOKEN 40 LOGINRESPONSE=`curl -s 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"thisisyournewpassword"}' --insecure` 41 echo $LOGINRESPONSE 44 LOGINTOKEN=`echo $LOGINRESPONSE | jq -r .token` 45 echo $LOGINTOKEN 46 APIRESPONSE=`curl -s 'https://127.0.0.1/v3/token' -H 'content-type: application/json' -H "Authorization: Bearer $LOGINTOKEN" --data-binary '{"type":"token","description":"automation"}' --insecure` 47 APITOKEN=`echo $APIRESPONSE | jq -r .token` 48 echo $APITOKEN