Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Manage Single Cluster CN2

SUMMARY Learn how to perform life cycle management tasks in a single cluster installation or within a specific cluster in a multi-cluster installation.

Overview

The way that you manage a Kubernetes cluster does not change when CN2 is the CNI plug-in. Once CN2 is installed, CN2 components work seamlessly with Kubernetes components to provide the networking infrastructure.

The Contrail controller is constantly watching and reacting to cluster events as they occur. When you add a new node, the Contrail data plane components are automatically deployed. When you delete a node, the Contrail controller automatically deletes networking resources associated with that node. CN2 works seamlessly with kubectl and other tools such as Prometheus and Grafana.

See the Appendix for examples of how to perform some common tasks on a Kubernetes cluster. These examples are not specific to CN2 and are provided with no warranty.

The remainder of this chapter contains tasks that are specific to CN2.

Upgrade CN2

Use this procedure to upgrade CN2.

The Contrail controller consists of Deployments and StatefulSets, which are configured for rolling updates. During the upgrade, the pods in each Deployment and StatefulSet are upgraded one at a time. The remaining pods in that Deployment or StatefulSet remain operational. This enables Contrail controller upgrades to be hitless.

The Contrail data plane consists of a DaemonSet with a single vRouter pod. During the upgrade procedure, this single pod is taken down and upgraded. Because of this, Contrail data plane upgrades are not hitless. If desired, migrate traffic off of the node being upgraded prior to performing the upgrade.

You upgrade CN2 software by porting the contents of your existing manifests to the new manifests, and then applying the new manifests. All CN2 manifests must reference the same software version.

Note:

Before you upgrade, check to make sure that each node has at least one allocatable pod available. The upgrade procedure temporarily allocates an additional pod, which means that your node cannot be running at maximum pod capacity when you perform the upgrade. You can check pod capacity on a node by using the kubectl describe node command.

  1. Download the manifests for the new release.
  2. Locate the (old) manifest(s) that you used to create the existing CN2 installation. In this procedure, we assume it's single_cluster_deployer_example.yaml.
  3. Port over any changes from the old manifest(s) to the new manifest(s).
    The new manifests can contain constructs that are specific to the new release. Identify all changes that you've made to the old manifests and copy them over to the new manifests. This includes repository credentials, network configuration changes, and other customizations.
    Note:

    If you have a large number of nodes, use node selectors to group your upgrades to a more manageable number.

  4. Upgrade CN2.

    The pods in each Deployment and Stateful set will upgrade one at a time. The vRouter DaemonSet will go down and come back up.

  5. Use standard kubectl commands to check on the upgrade.

    Check the status of the nodes.

    Check the status of the pods.

    If some pods remain down, debug the installation as you normally do. Use the kubectl describe command to see why a pod is not coming up. A common error is a network or firewall issue preventing the node from reaching the Juniper Networks repository.

Uninstall CN2

Use this procedure to uninstall CN2.

We supply a script that uninstalls CN2 resources associated with Contrail namespaces. The script deletes the following:

  • contrail namespace and resources that belong to that namespace
  • contrail-system namespace and resources that belong to that namespace
  • contrail-deploy namespace and resources that belong to that namespace
  • default-global-vrouter-config and default-global-system-config
Note:

Since there are interdependencies between CN2 components, don't try to delete CN2 components individually. The provided script uninstalls CN2 components gracefully and in the proper sequence.

  1. If you've installed Contrail Analytics, uninstall it now. The uninstall script does not uninstall resources in namespaces other than those listed above.

    To uninstall Contrail Analytics, see step 6 in Install Contrail Analytics in Release 22.4.

  2. Delete any other resources and namespaces (for example, overlay networks) that you created after you installed CN2.
  3. Locate and extract the uninstall script from the downloaded CN2 Manifests and Tools package.
  4. Run the script to uninstall CN2. You must run the script from the extracted uninstall directory.

    The uninstall script should complete after a few minutes.

    If the script doesn't complete, type <CTRL> c to stop the uninstallation.

    It's likely that one or more namespaces are stuck in the Terminating state. To check the namespaces:

    If you see a namespace with a status of Terminating, get more information on that namespace:

    Look in the conditions section of the output to see what's blocking the uninstallation. For example:

    In this example output, the problem is the API services. Find out which API services are not available.

    Delete those API services with False availability.

    Rerun the uninstall script. You'll likely see errors because the script will try to delete resources that may already have been deleted when you ran the script earlier. For example: