[openstack-dev] [deployment] [oslo] [ansible] [tripleo] [kolla] [helm] Configuration management with etcd / confd
Fox, Kevin M
Kevin.Fox at pnnl.gov
Mon Jun 12 16:58:44 UTC 2017
+1 for putting confd in a side car with shared namespaces. much more k8s native.
Still generally -1 on the approach of using confd instead of configmaps. You loose all the atomicity that k8s provides with deployments. It breaks upgrade/downgrade behavior.
Would it be possible to have confd run in k8s, generate the configmaps, and push them to k8s? That might be even more k8s native.
From: Bogdan Dobrelya [bdobreli at redhat.com]
Sent: Monday, June 12, 2017 1:07 AM
To: openstack-dev at lists.openstack.org
Subject: Re: [openstack-dev] [deployment] [oslo] [ansible] [tripleo] [kolla] [helm] Configuration management with etcd / confd
On 09.06.2017 18:51, Flavio Percoco wrote:
> On Fri, Jun 9, 2017 at 8:07 AM Doug Hellmann <doug at doughellmann.com
> <mailto:doug at doughellmann.com>> wrote:
> Excerpts from Flavio Percoco's message of 2017-06-08 22:28:05 +0000:
> > Unless I'm missing something, to use confd with an OpenStack
> deployment on
> > k8s, we'll have to do something like this:
> > * Deploy confd in every node where we may want to run a pod (basically
> > wvery node)
> Oh, no, no. That's not how it works at all.
> confd runs *inside* the containers. It's input files and command line
> arguments tell it how to watch for the settings to be used just for that
> one container instance. It does all of its work (reading templates,
> watching settings, HUPing services, etc.) from inside the container.
> The only inputs confd needs from outside of the container are the
> connection information to get to etcd. Everything else can be put
> in the system package for the application.
> A-ha, ok! I figured this was another option. In this case I guess we
> would have 2 options:
> 1. Run confd + openstack service in side the container. My concern in
> this case
> would be that we'd have to run 2 services inside the container and structure
> things in a way we can monitor both services and make sure they are both
> running. Nothing impossible but one more thing to do.
> 2. Run confd `-onetime` and then run the openstack service.
A sidecar confd container running in a shared pod, which is having a
shared PID namespace with the managed service, would look much more
containerish. So confd could still HUP the service or signal it to be
restarted w/o baking itself into the container image. We have to deal
with the Pod abstraction as we want to be prepared for future
integration with k8s.
> Either would work but #2 means we won't have config files monitored and the
> container would have to be restarted to update the config files.
> Thanks, Doug.
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev