-
Notifications
You must be signed in to change notification settings - Fork 1
K8S INTERNALS
In the following notes, the string "{FLAVOUR}" should be replaced by the flavour name of the TBUtil pod being considered. Valid names currently include:
- actionscripts
- adoption
- base
- chromedp
- full
- hotwarm
- reportmailer
- webhooks
All flavours are based on the "Alpine" 3.13.4 as build container with a number of minor changes, as follows.
- Two users called "tbutil" and "tbexport" have been created. Their home directories are maintained in a persistent volume so any files (including the tbutil configuration) stored there are retained over container cycles.
- The "tbutil" binary and a flavour-dependent selection of plugins are installed in /usr/local/bin. All of these are built for Alpine 64bit Linux using the "musl" library and loader.
- A "Set uid/gid" version of "busybox" is added, and a selection of utilities are linked to it. The current set includes:
- sudo
- su
- passwd
- crontab
- ping
- A number of additional APK packages are installed as follows...
| Pod Flavour | Base image | Additional packages |
|---|---|---|
| actionscripts | tbutil-base | openssh |
| adoption | tbutil-chromedp | libxml2-utils, ncurses, openssh, openssl, unzip, zip |
| base | alpine:3.13.12 | bash, busybox-extras, jq, screen, socat, sudo, tzdata |
| chromedp | tbutil-base | chromium |
| full | tbutil-base | mysql-client, openssh |
| hotwarm | tbutil-base | openssh |
| reportmailer | tbutil-chromedp | nano |
| webhooks | tbutil-base | openssh |
- If the openssh package is installed then the system ssh certificates are created and placed in persistent storage.
The container uses a K8S PVC (persistent volume claim) to ensure that the files in a number of key directorys are retained even when the container itself is cycled. The single PVC that contains all these directories is called turbo‑{FLAVOUR}‑volume. The different mount points are defined as sub folders of the PVC.
| Directory Path | PVC Sub Path | Description |
|---|---|---|
| /etc/crontabs | etc-crontabs | This directory contains user-specific crontab definitions which are typically set up at configuration time and so need to be retained. |
| /etc/ssh | etc-ssh | This directory contains the SSH configuration and global certificates. This needs to be retained so that action-script server connections survive pod cycling. |
| /home/tbutil | tbutil | This is the home directory of the user account used to run tbutil integrations. It includes custom copies of scripts and configuration, user ssh certificates and tbutil credential storage. |
| /home/tbexport | tbexport | This is the home directory of a user to which files to be collected are typically passed. This user does not have the ability to run tbutil scripts or subcommands but has been provided as the account that external data collection tools can connect to safely. |
The following ports are exposed as K8S "node ports"..
| POD Flavour | Service | Port | Exposed port |
|---|---|---|---|
| adoption | http | 8002 | 31313 |
| full | http | 80 | 31280 |
| full | ssh | 22 | 31222 |
| hotwarm | ssh | 22 | 31322 |
POD port 22 is exposed on different ports for different flavours so that they can co-exist in the same K8S cluster.
TBUtil access to a subset of the local K8S APIs has been enabled for flavours that use it.
TBUtil access is enabled (for flavours that require it) to vCenters that are validated targets in the local Turbonomic instance. To support this, the Topology Processor's "helper" directory is mounted read-only.
NB: This WIKI is a work in progress and is known to be incomplete and inaccurate in places as it stands.
Starting points
Popular pages