|
| 1 | += Stackable Agent |
| 2 | + |
| 3 | +== Purpose |
| 4 | +The Stackable Agent is an alternative to the Kubernetes Kubelet that executes Pods not in containers but using systemd as its backend. |
| 5 | +It is implemented in Rust as a https://github.com/deislabs/krustlet[Krustlet] provider. |
| 6 | + |
| 7 | +In principle this behavior is similar to that of the the https://github.com/virtual-kubelet/virtual-kubelet[virtual kubelet] project. |
| 8 | +More specifically the functionality of this agent closely resembles that of https://github.com/virtual-kubelet/systemk[systemk]. |
| 9 | +The reason why both projects currently exist is simply that systemk was not around when we started Stackable and so we had to go and build our own. |
| 10 | + |
| 11 | +WARNING: We are currently evaluating whether or not we should instead use systemk and contribute to that project instead of building our own agent under https://github.com/stackabletech/agent/issues/42[issue #42] |
| 12 | + |
| 13 | +The agent registers itself as a node with a kube-apiserver and will be considered by the Kubernetes scheduler for workloads (pods). |
| 14 | +To avoid _normal_ Kubernetes pods being scheduled on the Stackable agent (it would not know what to do with these) the agent assigns the following taints to its node object: |
| 15 | + |
| 16 | +|=== |
| 17 | +|Taint |Type|Value |
| 18 | + |
| 19 | +|kubernetes.io/arch |
| 20 | +|NoSchedule |
| 21 | +|stackable-linux |
| 22 | + |
| 23 | +|kubernetes.io/arch |
| 24 | +|NoExecute |
| 25 | +|stackable-linux |
| 26 | +|=== |
| 27 | + |
| 28 | +These taints _suggest_ to the Kubernetes scheduler that only pods with matching tolerations should be scheduled on this node. |
| 29 | + |
| 30 | +== Installation |
| 31 | +=== Build from source |
| 32 | +Building from source is fairly straightforward if you have the rust toolchain installed, our CI chain tests against the latest stable version at the time the checks are run. |
| 33 | +If you need to install this, generally the recommended way is to use https://rustup.rs/[rustup]. |
| 34 | + |
| 35 | +After rust is installed simply run |
| 36 | + |
| 37 | + cargo build |
| 38 | + |
| 39 | +To create the binary file in _target/debug_. |
| 40 | + |
| 41 | +=== Download binary |
| 42 | +We do not at this time provide pre-compiled binaries, as we are still in the process of setting up the build jobs to create these. |
| 43 | +This readme will be updated as soon as binary downloads are available! |
| 44 | + |
| 45 | +=== OS Packages |
| 46 | +We do not at this time provide OS packages, that is due to change in the near future and this readme will be updated accordingly! |
| 47 | + |
| 48 | +== Configuration |
| 49 | + |
| 50 | +=== Command Line Parameters |
| 51 | +The agent accepts the following command line parameters: |
| 52 | + |
| 53 | +include::documentation/commandline_args.adoc[] |
| 54 | + |
| 55 | +=== Config File |
| 56 | +In addition to directly specifying them on the command line, the agent allows specifying a config file via the environment variable `CONFIG_FILE`. Values specified in the file will have to adhere to the format `--parameter=value`. |
| 57 | + |
| 58 | +This file can contain all command line parameters and will be parsed before the actual command line. |
| 59 | +For parameters that are present in the file and on the command line, the command line will take precedence, unless it is a parameter that can be specified multiple times, in which case parameters from both, file and commandline, will be merged. |
| 60 | + |
| 61 | +.Example config file |
| 62 | + --package-directory=/opt/stackable/agent/work/packages |
| 63 | + --config-directory=/etc/stackable/agent |
| 64 | + --server-cert-file=/etc/stackable/agent/secure/cert.crt |
| 65 | + --server-key-file=/etc/stackable/agent/secure/key.key |
| 66 | + |
| 67 | +=== Kubernetes Config |
| 68 | +The agent uses the default way of looking for a kube-apiserver, so if your system is already set up to connect to Kubernetes with kubectl you should be good to go right of the bat. |
| 69 | + |
| 70 | +The default location for the Kubernetes client config is `~/.kube/config`, if you want to change this location you can override this via the `KUBECONFIG` environment variable. |
| 71 | + |
| 72 | + export KUBECONFIG=/etc/stackable/agent/kubeconfig |
| 73 | + |
| 74 | + |
| 75 | +=== Certificates |
| 76 | +The agent requires a keypair and signed certificate to start a webserver which can be used to handle callbacks. |
| 77 | +If these are not specified on the commandline, the agent will create a keypair, upload a certificate signing request to Kubernetes and wait for the certificate before continuing. |
| 78 | +These steps require a certificate manager to be set up and running in your Kubernetes cluster, which may or may not be the case. |
| 79 | + |
| 80 | +You can also manually create these files and specify them on the command line. |
| 81 | +The following example shows how to create these files using https://github.com/OpenVPN/easy-rsa[easy-rsa], but this can be done in any number of different ways as well. |
| 82 | + |
| 83 | + ./easyrsa init-pki |
| 84 | + ./easyrsa build-ca |
| 85 | + ./easyrsa gen-req krustlet1 |
| 86 | + ./easyrsa import-req pki/reqs/krustlet1.req krustlet1-req |
| 87 | + ./easyrsa sign-req serverClient krustlet1-req |
| 88 | + # Convert key to pksc8 format |
| 89 | + openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pki/private/krustlet1.key -out pkcs8.key |
| 90 | + |
| 91 | +== Contributing |
| 92 | +The agent is developed as an open source tool and we absolutely welcome any and all contributions! |
| 93 | +Don't hesitate to drop us a line at [email protected] or reach out directly to any of our committers / contributors. |
| 94 | + |
| 95 | +We will run a bi-weekly dev call during which we will discuss current development, issues, our children and the general state of the world. |
| 96 | +Please feel free to drop in if you have the time! |
| 97 | + |
| 98 | +Dial in info coming soon! |
| 99 | + |
0 commit comments