search

kubernetes / cloud-provider-openstack

Apache License 2.0
623 stars 611 forks source link

[occm] Multi region openstack cluster #2595

Open sergelogvinov opened 6 months ago

sergelogvinov commented 6 months ago

What this PR does / why we need it:

Openstack CCM multi region support, if it has one Identity provider.

Which issue this PR fixes(if applicable): fixes #1924

Special notes for reviewers:

CCM config changes:

[Global]
auth-url=https://auth.openstack.example.com/v3/
region=REGION1
# new param 'regions' can be specified multiple times
regions=REGION1
regions=REGION2
regions=REGION3

Optionally can be set in cloud.conf

clouds:
  kubernetes:
    auth:
      auth_url: https://auth.openstack.example.com/v3
    region_name: "REGION1"
    regions:
      - REGION1
      - REGION2
      - REGION3

During the initialization process, OCCM checks for the existence of providerID. If providerID does not exist, it defaults to using node.name, as it did previously. Additionally, if the node has the label topology.kubernetes.io/region, OCCM will prioritize using this region as the first one to check. This approach ensures that in the event of a region outage, OCCM can continue to function.

In addition, we can assist CCM in locating the node by providing kubelet parameters:

Release note:

NONE
k8s-ci-robot commented 6 months ago

Hi @sergelogvinov. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
sergelogvinov commented 6 months ago

@mdbooth can you take a look on this PR. Probably I need to add more configuration checks.

Thanks.

MatthieuFin commented 6 months ago

Hi @sergelogvinov I propose an implementation of multi cloud support for cinder-csi-plugin, which offer multiple openstack clusters support, not only multiple regions, I haven't take look of occm implementation yet, but is it possible to adapt it to support multiple cloud definitions instead of only multiple regions ?

sergelogvinov commented 6 months ago

Hi @sergelogvinov I propose an implementation of multi cloud support for cinder-csi-plugin, which offer multiple openstack clusters support, not only multiple regions, I haven't take look of occm implementation yet, but is it possible to adapt it to support multiple cloud definitions instead of only multiple regions ?

Thank you for this PR, it is very interesting. Can we have a call/chat in slack #provider-openstack (Serge Logvinov)?

jichenjc commented 6 months ago

/ok-to-test

jichenjc commented 6 months ago

/ok-to-test

sergelogvinov commented 3 months ago

I've rebased the PR. all tests passed and i've tested manually too

Can you take a look please @jichenjc @mdbooth It will be great to merge this change into the upcoming release...

Thanks.

sergelogvinov commented 2 months ago

Is anything else we can do here? @jichenjc @mdbooth @kayrus

We had conversation how we need initialize the openstack clients

    for _, region := range os.regions {
        opt := os.epOpts
        opt.Region = region

        compute[region], err = client.NewComputeV2(os.provider, opt)
        if err != nil {
            klog.Errorf("unable to access compute v2 API : %v", err)
            return nil, false
        }

        network[region], err = client.NewNetworkV2(os.provider, opt)
        if err != nil {
            klog.Errorf("unable to access network v2 API : %v", err)
            return nil, false
        }

It seems to be a similar process to the one we followed in cinder-csi-plugin. I believe @MatthieuFin and I can introduce multi OpenStack authentication support after this PR.

    [Global]
    auth-url="https://auth.cloud.openstackcluster.region-default.local/v3"
    username="region-default-username"
    password="region-default-password"
    region="default"
    tenant-id="region-default-tenant-id"
    tenant-name="region-default-tenant-name"
    domain-name="Default"

    [Global "region-one"]
    auth-url="https://auth.cloud.openstackcluster.region-one.local/v3"
    username="region-one-username"
    password="region-one-password"
    region="one"
    tenant-id="region-one-tenant-id"
    tenant-name="region-one-tenant-name"
    domain-name="Default"

Thanks.

k8s-ci-robot commented 2 days ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign zetaab for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes/cloud-provider-openstack/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
sergelogvinov commented 22 hours ago

/retest

sergelogvinov commented 20 hours ago

/test openstack-cloud-controller-manager-e2e-test