KaaS Predeployment Checklist
This checklist describes prerequisites for Kubernetes® deployments on various cloud platforms for customer data centers (CDC).
General requirements
Rackspace Kubernetes-as-a-Service (KaaS) enables you to run Kubernetes workloads on top of one of the supported cloud environments. You need to provide the following information before cluster deployment:
| Component | Required | Type | Notes |
|---|---|---|---|
| Desired name of the Kubernetes cluster | Yes | The Kubernetes cluster name with a resolvable subdomain assigned to KaaS. | Provide the desired name of the Kubernetes cluster. For OpenStack deployments, specify whether the subdomain is delegated to OpenStack DNS-as-a-Service. |
| Object store | Yes | OpenStack deployments: Ceph RGW or OpenStack Swift. Other platforms: On a case-by-case basis. | Kubernetes requires an object store that is compatible with the supported version of OpenStack and the Swift API. If you plan to use a different type of object storage, contact your Rackspace representative to submit a deal exception. |
| Block storage | Yes | OpenStack deployments: Ceph block storage. Other platforms: A dedicated cloud provider. | Kubernetes requires block storage. If you cannot use Ceph, contact your Rackspace representative. If your storage appliance is supported by OpenStack, has full cinder API support, and is redundant beyond the disk, you must submit a deal exception to replace Ceph. |
| Root or intermediate Certificate Authority (CA) | Optional | Customer provided or self-signed. | You can provide a certificate authority and key to be used by Kubernetes for signing certificates within Kubernetes. If you have an existing Public Key Infrastructure (PKI) setup, KaaS enables you to maintain certificate trusts in Kubernetes. |
| DNS zone | Yes | Not applicable | OpenStack deployments: Delegate a DNS zone for OpenStack DNS-as-a-Service (designate). Other platforms: Assign a domain name. |
| Network for the Kubernetes nodes | Yes | Not applicable | The network must be at least a /24 network. |
| Whitelist Quay.io, GitHub, and other websites that KaaS uses to deploy the Kubernetes subnet. | Yes | Not applicable | List of URLs. |
OpenStack environment requirements
If you use KaaS to deploy Kubernetes on Rackspace Private Cloud Powered by OpenStack® (RPCO) or Rackspace Private Cloud Powered by Red Hat® (RPCR), you need to provide the following information in addition to the items described in General requirements:
| Component | Required | Type | Notes |
|---|---|---|---|
| Host operating system (OS) | Yes | Ubuntu 16.04 / RHEL 7 | Not applicable |
| OpenStack version | Yes | Newton or OSP 13 | Kubernetes is supported on RPCO Newton and RPCR OSP 13. Previous and newer versions are not supported. |
| DNS zone | Yes | Not applicable | Delegate a DNS zone for OpenStack DNS-as-a-Service (designate). |
| Valid SSL certificates - OpenStack services | Yes | Valid formed SSL | KaaS requires a valid SSL certificate. You cannot use the self-signed certificates used with OpenStack-Ansible (OSA) playbooks for RPCO. |
| Free compute nodes | Yes | Minimum five nodes | Assign a minimum of five free compute nodes per one Kubernetes cluster. Rackspace recommends to use additional free nodes for production workloads. |
| OpenStack DNS-as-a-Service (designate) and Load Balancer-as-a-Service (octavia) | Yes | DNS and load balancing | Kubernetes deployments require both services. Octavia requires floating IP (FIP) support, which is satisfied with neutron and the default networking options. Different networking backends require a deal exception. |
| Networking: required VLANs | Yes | Tenant connectivity and octavia | Octavia requires one VLAN for internal management. To support Fast Local Internet Protocol (FLIP), one VLAN is required. Neutron requires one VLAN for the Kubernetes cluster. Note : Depending on your requirements, you might need to configure multiple VLANs based on the number and size of clusters. |
| Floating IP support | Yes | OpenStack Load Balancer-as-a-Service (octavia) | If another networking backend is selected through the deal exception process, it must support floating IPs. |
| Custom flavor classes | Optional | Not applicable | If you need custom flavors that house the Kubernetes master and worker nodes, notify Rackspace before the deployment. |
| SMTP server settings | Optional | Not applicable | SMTP server settings including hostname, password, username, port, and encryption. |
| A network block for internal Kubernetes services | Optional | Not applicable | The network block must be at least a /16 network. It does not have to be routable. |
| A network block for internal Kubernetes containers | Not applicable | The network block must be at least a /16 network. It does not have to be routable. |
Updated 5 months ago