Python库 | container-service-extension-1.1.1.dev13.tar.gz

The **container-service-extension** (`CSE`) is an add-on to VMware vCloud Director that helps tenants work with Kubernetes clusters. # Overview `CSE` enables Kubernetes as a service on vCloud Director (vCD) installations. `CSE` is based on VM templates that are automatically generated during the installation process, or anytime thereafter. vCD tenants can then request fully functional Kubernetes clusters that `CSE` instantiate on the tenant VDC from the templates, customized based on the tenant preferences.  The current document covers the following `CSE` topics: - for System Administrators: - [installation and configuration](#installation) - [operation](#operation) - for Tenants: - [installation](#tenant-installation) - [usage](#using-the-container-service) - [programming](#scripting-and-programming) - [static persistent volumes](#nfs-based-static-persistent-volumes) - [reference](#reference) - [command syntax](#command-syntax) - [release notes](#release-notes) # Installation The `CSE` service is designed to be installed by the vCloud Director System Administrator on a virtual machine (the `CSE` appliance) with network connectivity to the vCloud Director infrastructure where the following components access is required: - vCloud Director instance (Public Load Balancer VIP for multiple cells) - vCenter Server - AMQP Server vCD tenants can use `CSE` through [vcd-cli](https://vmware.github.io/vcd-cli). Web UI access will be available in a future release. ## System Administrator Installation Allocate a new virtual machine to run `CSE` (the `CSE` appliance) or use one of the existing servers in the vCloud Director installation. `CSE` requires Python 3.6 or higher. See the [Appendix](#appendix) at the end for installing Python 3 on different platforms. The `CSE` appliance doesn't need access to the network where the master template will be created (`network` and `temp_vapp` configuration parameters) or the tenant networks where the clusters will be created. The `CSE` appliance requires network access to the vCD cell, AMQP server and vCenter server. ### 1\. Install `CSE` package. ```shell $ pip3 install --user container-service-extension $ cse version CSE, Container Service Extension for VMware vCloud Director, version 0.3.0 ``` Alternatively, `CSE` can be installed directly from GitHub specifying a version number with: ```shell $ pip3 install --user git+https://github.com/vmware/[email protected] ``` The exact version might be different from the one listed above. `CSE` can also be installed using [virtualenv](https://virtualenv.pypa.io) and [virtualenvwrapper](http://virtualenvwrapper.readthedocs.io). `pip3 install` can be used with additional options depending on the needs: | option | meaning | |:-----------------|:----------------------------------------------| | `--user` | install to the Python user install directory | | `--upgrade` | upgrade an existing installation | | `--pre` | install a pre-release and development version | | `--no-cache-dir` | disable the cache and download the package | ### 2\. Generate a skeleton configuration and provide site specific settings. ```shell $ cse sample > config.yaml ``` Edit file `config.yaml` with the values for your vCloud Director installation. The following table describes the setting values. #### `CSE` Configuration Settings `CSE` supports multiple templates to create Kubernetes clusters. Each template might have a different guest OS or Kubernetes versions, and must have an unique name. One template has to be defined as the default. Tenants can specify the template to use during cluster or node creation, or use the default. The configuration file has 5 sections: - `amqp`: AMQP settings - `vcd`: vCD settings - `vcs`: vCenter Server settings - `service`: service settings - `broker`: service broker settings Group 'vcd' has following key properties | Property | Value | |:------------------|:------------------------------------------------------------------------------------------------| | `host` | IP or hostname of the vCloud Director | | `username` | Username of the vCD service account with minimum roles and rights | | `password` | Password of the vCD service account. | It is recommended to create a service account for vCD with minimum required privileges (as it can be catastrophic if someone gets hold of credentials of the user account with admin-level privileges). At high-level, below are minimum roles and (admin-view) rights required for the service account (they may subject to change with new versions of vCD) - Catalog Author (Role) - vApp Author (Role) - vApp User (Role) - vCenter: View (Right) - vCenter: Refresh (Right) - vCenter: Open in vSphere (Right) - Task: View Tasks (Right) - Task: Update (Right) - Task: Resume, Abort, or Fail (Right) - Catalog Item: Add to My Cloud (Right) - Catalog Item: Create/Upload a vApp Template/Media (Right) - Catalog Item: View vApp Templates/Media (Right) - Catalog Item: Copy/Move a vApp Template/Media (Right) - General: Administrator View (Right) - Organization VDC: View Organization VDCs (Right) - Organization VDC Network: View Properties (Right) - Organization: View Organizations (Right) Notes: - Use commands from vcd-cli to get list of rights required by 'Catalog Author' and 'vApp Author' eg: vcd role list-rights 'Catalog Author'. Create a custom role with union of rights derived from above set of roles and rights and then assign the custom role to user account. - Always ensure vCD service account has enough privileges. Another way is to create a role with Admin privileges and unselect (or) delete rights which are not required from the newly created role. Group 'broker' has following key properties | Property | Value | Value | |:---------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------| | `type` | Broker type, set to `default` | | | `org` | vCD organization that contains the shared catalog where the master templates will be stored | | | `vdc` | Virtual datacenter within `org` that will be used during the install process to build the template | | | `network` | Org Network within `vdc` that will be used during the install process to build the template. It should have outbound access to the public Internet. The `CSE` appliance doesn't need to be connected to this network | | | `ip_allocation_mode` | IP allocation mode to be used during the install process to build the template. Possible values are `dhcp` or `pool`. During creation of clusters for tenants, `pool` IP allocation mode is always used | | | `catalog` | Public shared catalog within `org` where the template will be published