{"id":911,"date":"2020-05-30T20:58:51","date_gmt":"2020-05-30T18:58:51","guid":{"rendered":"https:\/\/blog.unetresgrossebite.com\/?p=911"},"modified":"2020-11-21T20:10:13","modified_gmt":"2020-11-21T19:10:13","slug":"deploying-kubernetes-with-kube-spray","status":"publish","type":"post","link":"https:\/\/blog.unetresgrossebite.com\/?p=911","title":{"rendered":"Deploying Kubernetes with KubeSpray"},"content":{"rendered":"

I should first admit OpenShift 4 is slowly recovering from its architectural do-over. I’m still missing something that would be production ready, and quite disappointed by the waste of resources, violent upgrades, broken CSI, somewhat unstable RH-CoreOS, a complicated deployment scheme when dealing with bare-metal, … among lesser critical bugs.<\/p>\n

OpenShift 3 is still an interesting platform hosting production workloads, although its being based on Kubernetes 1.11 makes it quite an old version already.<\/p>\n

After some experimentation on a Raspberry-Pi lab, I figured I would give Kubernetes a try on x86. Doing so, I would be looking at KubeSpray<\/a>.<\/p>\n

\u00a0<\/p>\n

If you’re familiar with OpenShift 3 cluster deployments, you may have been using openshift-ansible<\/a> already. Kube-spray is a similar solution, focused on Kubernetes, simplifying the process of bootstrapping, scaling and upgrading highly available clusters.<\/p>\n

Currently, kube-spray allows for deploying Kubernetes with container runtimes such as docker, cri-o, containerd, SDN based on flannel, weave, calico, … as well as a registry, some nginx based ingress controller, certs manager controller, integrated metrics, or the localvolumes, rbd and cephfs provisioner plugins.<\/p>\n

Comparing with OpenShift 4, the main missing components would be the cluster and developer consoles, RBAC integrating with users and groups from some third-party authentication provider. Arguably, the OLM, though I never really liked that one — makes your operators deployment quite abstract, and complicated to troubleshoot, as it involves several namespaces and containers, … The Prometheus Operator, that could still be deployed manually.
I can confirm everything works perfectly deploying on Debian Buster nodes, with containerd<\/i> and calico<\/i>. Keeping pretty much all defaults in place and activating all addons.<\/p>\n

\u00a0<\/p>\n

The sample variables shipping with kube-spray are pretty much on point. We would create an inventory file, such as the following:<\/p>\n

\n

all:
\u00a0\u00a0hosts:
\u00a0\u00a0\u00a0\u00a0master1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.10
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.10
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.10
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: momos-adm
\u00a0\u00a0\u00a0\u00a0master2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.11
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.11
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.11
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: thaoatmos-adm
\u00a0\u00a0\u00a0\u00a0master3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.12
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.12
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.12
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: moros-adm
\u00a0\u00a0\u00a0\u00a0infra1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.13
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.13
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.13
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/infra: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: momos-adm
\u00a0\u00a0\u00a0\u00a0infra2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.14
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.14
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.14
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/infra: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: thanatos-adm
\u00a0\u00a0\u00a0\u00a0infra3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.15
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.15
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.15
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/infra: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: moros-adm
\u00a0\u00a0\u00a0\u00a0compute1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.20
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.20
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.20
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/worker: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: momos-adm
\u00a0\u00a0\u00a0\u00a0compute2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.21
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.21
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.21
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/worker: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: moros-adm
\u00a0\u00a0\u00a0\u00a0compute3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.22
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.22
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.22
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/worker: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: momos-adm
\u00a0\u00a0\u00a0\u00a0compute4:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0access_ip: 10.42.253.23
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ansible_host: 10.42.253.23
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ip: 10.42.253.23
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node_labels:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0node-role.kubernetes.io\/worker: “true”
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra.utgb\/zone: moros-adm
\u00a0\u00a0\u00a0\u00a0children:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-master:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0hosts:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-infra:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0hosts:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0infra3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-worker:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0hosts:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0compute1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0compute2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0compute3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0compute4:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-node:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0children:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-master:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-infra:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-worker:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0etcd:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0hosts:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master1:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master2:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0master3:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0k8s-cluster:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0children:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-master:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0kube-node:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0calico-rr:
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0hosts: {}<\/p>\n<\/blockquote>\n\n\n

Then, we’ll edit the sample group_vars\/etcd.yml<\/i>:<\/p>\n\n\n

\n

etcd_compaction_retention: “8”
etcd_metrics: basic
etcd_memory_limit: 5GB
etcd_quota_backend_bytes: 2147483648
# ^ WARNING: sample var tells about “2G”
# which results in etcd not starting (deployment_type=host)
# journalctl shows errors such as:
# > invalid value “2G” for ETCD_QUOTA_BACKEND_BYTES: strconv.ParseInt: parsing “2G”: invalid syntax
# Also note: here, I’m setting 20G, not 2.
etcd_deployment_type: host<\/p>\n<\/blockquote>\n\n\n

Next, common variables in group_vars\/all\/all.yml<\/i>:<\/p>\n\n\n

\n

etcd_data_dir: \/var\/lib\/etcd
bin_dir: \/usr\/local\/bin
kubelet_load_modules: true
upstream_dns_servers:
– 10.255.255.255
searchdomains:
– intra.unetresgrossebite.com
– unetresgrossebite.com
additional_no_proxy: “*.intra.unetresgrossebite.com,10.42.0.0\/15”
http_proxy: “http:\/\/netserv.vms.intra.unetresgrossebite.com:3128\/”
https_proxy: “{{ http_proxy }}”
download_validate_certs: False
cert_management: script
download_container: true
deploy_container_engine: true
apiserver_loadbalancer_domain_name: api-k8s.intra.unetresgrossebite.com
loadbalancer_apiserver:
  address: 10.42.253.152
  port: 6443
loadbalancer_apiserver_localhost: false
loadbalancer_apiserver_port: 6443<\/p>\n<\/blockquote>\n\n\n

We would also want to customize the variables in group_vars\/k8s-cluster\/k8s-cluster.yml<\/i>:<\/p>\n\n\n

\n

kube_config_dir: \/etc\/kubernetes
kube_script_dir: “{{ bin_dir }}\/kubernetes-scripts”
kube_manifest_dir: “{{ kube_config_dir }}\/manifests”
kube_cert_dir: “{{ kube_config_dir }}\/ssl”
kube_token_dir: “{{ kube_config_dir }}\/tokens”
kube_users_dir: “{{ kube_config_dir }}\/users”
kube_api_anonymous_auth: true
kube_version: v1.18.3
kube_image_repo: “k8s.gcr.io”
local_release_dir: “\/tmp\/releases”
retry_stagger: 5
kube_cert_group: kube-cert
kube_log_level: 2
credentials_dir: “{{ inventory_dir }}\/credentials”
\nkube_api_pwd: “{{ lookup(‘password’, credentials_dir + ‘\/kube_user.creds length=15 chars=ascii_letters,digits’) }}”
kube_users:
  kube:
    pass: “{{ kube_api_pwd }}”
    role: admin
    groups:
    – system:masters
kube_oidc_auth: false
kube_basic_auth: true
kube_token_auth: true
kube_network_plugin: calico
kube_network_plugin_multus: false
kube_service_addresses: 10.233.0.0\/18
kube_pods_subnet: 10.233.64.0\/18
kube_network_node_prefix: 24
kube_apiserver_ip: “{{ kube_service_addresses|ipaddr(‘net’)|ipaddr(1)|ipaddr(‘address’) }}”
kube_apiserver_port: 6443
kube_apiserver_insecure_port: 0
kube_proxy_mode: ipvs
# using metallb, set to true
kube_proxy_strict_arp: false
kube_proxy_nodeport_addresses: []
kube_encrypt_secret_data: false
cluster_name: cluster.local
ndots: 2
kubeconfig_localhost: true
kubectl_localhost: true
dns_mode: coredns
enable_nodelocaldns: true
nodelocaldns_ip: 169.254.25.10
nodelocaldns_health_port: 9254
enable_coredns_k8s_external: false
coredns_k8s_external_zone: k8s_external.local
enable_coredns_k8s_endpoint_pod_names: false
system_reserved: true
system_memory_reserved: 512M
system_cpu_reserved: 500m
system_master_memory_reserved: 256M
system_master_cpu_reserved: 250m
deploy_netchecker: false
skydns_server: “{{ kube_service_addresses|ipaddr(‘net’)|ipaddr(3)|ipaddr(‘address’) }}”
\nskydns_server_secondary: “{{ kube_service_addresses|ipaddr(‘net’)|ipaddr(4)|ipaddr(‘address’) }}”
\ndns_domain: “{{ cluster_name }}”
kubelet_deployment_type: host
helm_deployment_type: host
kubeadm_control_plane: false
kubeadm_certificate_key: “{{ lookup(‘password’, credentials_dir + ‘\/kubeadm_certificate_key.creds length=64 chars=hexdigits’) | lower }}”
k8s_image_pull_policy: IfNotPresent
kubernetes_audit: false
dynamic_kubelet_configuration: false
default_kubelet_config_dir: “{{ kube_config_dir }}\/dynamic_kubelet_dir”
dynamic_kubelet_configuration_dir: “{{ kubelet_config_dir | default(default_kubelet_config_dir) }}”
authorization_modes:
– Node
– RBAC
podsecuritypolicy_enabled: true
container_manager: containerd
resolvconf_mode: none
etcd_deployment_type: host<\/p>\n<\/blockquote>\n\n\n

Finally, we may enable additional components in group_vars\/k8s-cluster\/addons.yml<\/i>:<\/p>\n\n\n

\n

dashboard_enabled: true
helm_enabled: false<\/p>\n

registry_enabled: false
registry_namespace: kube-system
registry_storage_class: rwx-storage
registry_disk_size: 500Gi<\/p>\n

metrics_server_enabled: true
metrics_server_kubelet_insecure_tls: true
metrics_server_metric_resolution: 60s
metrics_server_kubelet_preferred_address_types: InternalIP<\/p>\n

cephfs_provisioner_enabled: true
cephfs_provisioner_namespace: cephfs-provisioner
cephfs_provisioner_cluster: ceph
cephfs_provisioner_monitors: “10.42.253.110:6789,10.42.253.111:6789,10.42.253.112:6789”
cephfs_provisioner_admin_id: admin
\ncephfs_provisioner_secret: key returned by ‘ceph auth get client.admin’<\/i>
cephfs_provisioner_storage_class: rwx-storage
cephfs_provisioner_reclaim_policy: Delete
cephfs_provisioner_claim_root: \/volumes
cephfs_provisioner_deterministic_names: true<\/p>\n

rbd_provisioner_enabled: true
rbd_provisioner_namespace: rbd-provisioner
rbd_provisioner_replicas: 2
rbd_provisioner_monitors: “10.42.253.110:6789,10.42.253.111:6789,10.42.253.112:6789”
rbd_provisioner_pool: kube
rbd_provisioner_admin_id: admin
rbd_provisioner_secret_name: ceph-secret-admin
rbd_provisioner_secret: key retured by ‘ceph auth get client.admin’<\/i>
rbd_provisioner_user_id: kube
rbd_provisioner_user_secret_name: ceph-secret-user
rbd_provisioner_user_secret: key returned by ‘ceph auth gt client.kube’<\/i>
rbd_provisioner_user_secret_namespace: “{{ rbd_provisioner_namespace }}”
rbd_provisioner_fs_type: ext4
rbd_provisioner_image_format: “2”
rbd_provisioner_image_features: layering
rbd_provisioner_storage_class: rwo-storage
rbd_provisioner_reclaim_policy: Delete<\/p>\n

ingress_nginx_enabled: true
ingress_nginx_host_network: true
ingress_publish_status_address: “”
ingress_nginx_nodeselector:
  node-role.kubernetes.io\/infra: “true”
ingress_nginx_namespace: ingress-nginx
ingress_nginx_insecure_port: 80
ingress_nginx_secure_port: 443
ingress_nginx_configmap:
  map-hash-bucket-size: “512”<\/p>\n

cert_manager_enabled: true
cert_manager_namespace: cert-manager<\/p>\n<\/blockquote>\n\n\n

We now have pretty much everything ready. Last, we would deploy some haproxy node, proxying requests to Kubernetes API. To do so, I would use a pair of VMs, with keepalived<\/i> and haproxy<\/i>. On both, install necessary packages and configuration:<\/p>\n\n\n

\n

apt-get update ; apt-get install keepalived haproxy hatop
\ncat << EOF>\/etc\/keepalived\/keepalived.conf
\nglobal_defs {
\n  notification_email {
\n    contact@example.com
\n  }
\n notification_email_from keepalive@$(hostname -f)
\n  smtp_server smtp.example.com
\n  smtp_connect_timeout 30
\n}<\/p>\n

vrrp_instance VI_1 {
\n  state MASTER
\n  interface ens3
\n  virtual_router_id 101
\n  priority 10
\n  advert_int 101
\n  authentication {
\n    auth_type PASS
\n    auth_pass your_secret
\n  }
\n  virtual_ipaddress {
\n  10.42.253.152
\n  }
\n}
EOF
echo net.ipv4.conf.all.forwarding=1 >>\/etc\/sysctl.conf
sysctl -w net.ipv4.conf.all.forwarding=1
systemctl restart keepalived && systemctl enable keepalived
#hint: use distinct priorities on nodes
cat << EOF>\/etc\/haproxy\/haproxy.cfg
\nglobal
  log \/dev\/log local0
  log \/dev\/log local1 notice
  chroot \/var\/lib\/haproxy
  stats socket \/run\/haproxy\/admin.sock mode 660 level admin expose-fd listeners
  stats timeout 30s
  user haproxy
  group haproxy
  daemon
  ca-base \/etc\/ssl\/certs
  crt-base \/etc\/ssl\/private
  ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  ssl-default-bind-options no-sslv3<\/p>\n

defaults
  log global
  option dontlognull
  timeout connect 5000
  timeout client 50000
  timeout server 50000
  errorfile 400 \/etc\/haproxy\/errors\/400.http
  errorfile 403 \/etc\/haproxy\/errors\/403.http
  errorfile 408 \/etc\/haproxy\/errors\/408.http
  errorfile 500 \/etc\/haproxy\/errors\/500.http
  errorfile 502 \/etc\/haproxy\/errors\/502.http
  errorfile 503 \/etc\/haproxy\/errors\/503.http
  errorfile 504 \/etc\/haproxy\/errors\/504.http<\/p>\n

listen kubernetes-apiserver-https
  bind 0.0.0.0:6443
  mode tcp
  option log-health-checks
  server master1 10.42.253.10:6443 check check-ssl verify none inter 10s
  server master2 10.42.253.11:6443 check check-ssl verify none inter 10s
  server master3 10.42.253.12:6443 check check-ssl verify none inter 10s
  balance roundrobin
EOF
systemctl restart haproxy && systemctl enable haproxy
cat << EOF>\/etc\/profile.d\/hatop.sh
alias hatop=’hatop -s \/run\/haproxy\/admin.sock’
EOF<\/p>\n<\/blockquote>\n\n\n

We may now deploy our cluster:<\/p>\n\n\n

\n

ansible -i path\/to\/inventory<\/i> cluster.yml<\/p>\n<\/blockquote>\n\n\n

For a 10 nodes cluster, it shouldn’t take more than an hour.
It is quite nice, to see you can have some reliable Kubernetes deployment, with less than 60 infra Pods.<\/p>\n\n\n\n

I’m also noticing that while the CSI provisioner is being used, creating Ceph RBD and CephFS volumes: the host is still in charge of mounting our those volumes – which is, in a way, a workaround to the CSI attacher plugins.
Although, on that note, I’ve heard those issues with blocked volumes during nodes failures was in its way to being solved, involving a fix to the CSI spec.
Sooner or later, we should be able to use the full CSI stack.<\/p>\n\n\n\n

All in all, kube-spray is quite a satisfying solution.
Having struggled quite a lot with openshift-ansible<\/i>, and not quite yet satisfied with their lasts installer<\/i>, kube-spray definitely feels like some reliable piece of software, code is well organized, it goes straight to the point, …
Besides, I need a break from CentOS. I’m amazed I did not try it earlier.<\/p>\n","protected":false},"excerpt":{"rendered":"

I should first admit OpenShift 4 is slowly recovering from its architectural do-over. I’m still missing something that would be production ready, and quite disappointed by the waste of resources, violent upgrades, broken CSI, somewhat unstable RH-CoreOS, a complicated deployment scheme when dealing with bare-metal, … among lesser critical bugs. OpenShift 3 is still an […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,12,14,2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/posts\/911"}],"collection":[{"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=911"}],"version-history":[{"count":11,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/posts\/911\/revisions"}],"predecessor-version":[{"id":944,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=\/wp\/v2\/posts\/911\/revisions\/944"}],"wp:attachment":[{"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.unetresgrossebite.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}