Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Manage Single Cluster CN2

SUMMARY Learn how to perform life cycle management tasks in a single cluster installation or within a specific cluster in a multi-cluster installation.

Overview

The way that you manage a Kubernetes cluster does not change when CN2 is the CNI plug-in. Once CN2 is installed, CN2 components work seamlessly with Kubernetes components to provide the networking infrastructure.

The Contrail controller is constantly watching and reacting to cluster events as they occur. When you add a new node, the Contrail data plane components are automatically deployed. When you delete a node, the Contrail controller automatically deletes networking resources associated with that node. CN2 works seamlessly with kubectl and other tools such as Prometheus and Grafana.

In addition to standard Kubernetes management tools, you can use tools and procedures that are specific to CN2. This section covers these tools and procedures.

Run Preflight and Postflight Checks in Release 23.1

Use this procedure to run preflight or postflight checks on all cluster nodes.

Preflight checks allow you to verify that your cluster nodes can support CN2. The checks test for resource capacity, kernel compability, network reachability, and other infrastructure requirements. You typically run preflight checks prior to installing CN2, but you can run these checks after installing CN2 as well.

Postflight checks allow you to verify that your CN2 installation is working properly. The checks test for status, pod-to-pod communication, API server reachability, and other basic functions. You run postflight checks after installing CN2.

You must create the ContrailReadiness controller prior to running this procedure. See Install ContrailReadiness Controller in Release 23.1.

  1. Locate the contrail-tools/contrail-readiness directory from the downloaded CN2 Tools package.
  2. If you haven't already done so, ensure you've populated the manifests with your repository login credentials. See Configure Repository Credentials for one way to do this.
  3. To run the preflight checks:
    You typically run preflight checks after you create the cluster but before you install CN2.
    Note:

    In a multi-cluster deployment, run preflight checks from the central cluster only.

  4. To run the postflight checks:
    You run postflight checks after you install CN2.
    Note:

    In a multi-cluster deployment, run postflight checks from the central cluster only.

  5. Read the preflight and postflight check results as applicable.

    Address any errors before proceeding.

    Note:

    The preflight and postflight checks do not automatically rerun after you've fixed any errors. The output will continue to show errors even after you've fixed them.

Upgrade CN2

Use this procedure to upgrade CN2.

The Contrail controller consists of Deployments and StatefulSets, which are configured for rolling updates. During the upgrade, the pods in each Deployment and StatefulSet are upgraded one at a time. The remaining pods in that Deployment or StatefulSet remain operational. This enables Contrail controller upgrades to be hitless.

The Contrail data plane consists of a DaemonSet with a single vRouter pod. During the upgrade procedure, this single pod is taken down and upgraded. Because of this, Contrail data plane upgrades are not hitless. If desired, migrate traffic off of the node being upgraded prior to performing the upgrade.

You upgrade CN2 software by porting the contents of your existing manifests to the new manifests, and then applying the new manifests. All CN2 manifests must reference the same software version.

Note:

Before you upgrade, check to make sure that each node has at least one allocatable pod available. The upgrade procedure temporarily allocates an additional pod, which means that your node cannot be running at maximum pod capacity when you perform the upgrade. You can check pod capacity on a node by using the kubectl describe node command.

  1. Download the manifests for the new release.
  2. Locate the (old) manifest(s) that you used to create the existing CN2 installation. In this procedure, we assume it's single_cluster_deployer_example.yaml.
  3. Port over any changes from the old manifest(s) to the new manifest(s).
    The new manifests can contain constructs that are specific to the new release. Identify all changes that you've made to the old manifests and copy them over to the new manifests. This includes repository credentials, network configuration changes, and other customizations.
    Note:

    If you have a large number of nodes, use node selectors to group your upgrades to a more manageable number.

  4. Upgrade CN2.

    The pods in each Deployment and Stateful set will upgrade one at a time. The vRouter DaemonSet will go down and come back up.

  5. Use standard kubectl commands to check on the upgrade.

    Check the status of the nodes.

    Check the status of the pods.

    If some pods remain down, debug the installation as you normally do. Use the kubectl describe command to see why a pod is not coming up. A common error is a network or firewall issue preventing the node from reaching the Juniper Networks repository.

Uninstall CN2 in Release 23.1

Use this procedure to uninstall CN2. You must install the ContrailReadiness controller prior to running this procedure. See Install ContrailReadiness Controller in Release 23.1.

This tool removes the following:

  • contrail namespace and resources that belong to that namespace
  • contrail-system namespace and resources that belong to that namespace
  • contrail-deploy namespace and resources that belong to that namespace
  • default-global-vrouter-config and default-global-system-config
Note:

Since there are interdependencies between CN2 components, don't try to delete CN2 components individually. The provided tool uninstalls CN2 components gracefully and in the proper sequence.

  1. Locate the contrail-tools/contrail-readiness directory from the downloaded CN2 Tools package.
  2. If you haven't already done so, ensure you've populated the manifests with your repository login credentials. See Configure Repository Credentials for one way to do this.
  3. If you've installed Contrail Analytics, uninstall it now. The uninstall script does not uninstall resources in namespaces other than those listed above.
  4. Delete any other resources and namespaces (for example, overlay networks) that you created after you installed CN2.
  5. Uninstall CN2.
  6. Query the uninstall results.
  7. Finally, delete the contrail-readiness namespace.