airship/airshipctl
Code Issues Proposed changes
master
airshipctl/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
Pallav Gupta 13c4e82f7e AIAP multinode deployment 
It deploys 3 controlplane and 2 worker nodes using AIAP gate.

+ kubectl --context target-cluster get node
NAME     STATUS   ROLES                  AGE   VERSION
node01   Ready    control-plane,master   48m   v1.21.2
node03   Ready    worker                 43s   v1.21.2
node04   Ready    control-plane,master   16m   v1.21.2
node05   Ready    control-plane,master   26m   v1.21.2
node06   Ready    worker                 54s   v1.21.2

Tested with 32 GB node.
https://zuul.opendev.org/t/openstack/build/da1c2c440d3d4026ab454de73ee518e2/logs

Closes: #652
Closes: #228

Change-Id: Ie2267e15ed75b57e2e27f45b9be19ddcf7b0a0a8
2022-03-03 14:10:57 +00:00

418 lines
11 KiB
YAML
Raw Permalink Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Secret
metadata:
name: aiap-secret
labels:
aiap: aiap
data:
AIRSHIPCTL_REPO_AUTH_USERNAME: ""
AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD: ""
AIRSHIPCTL_REPO_AUTH_SSH_KEY: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: ""
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: ""
---
apiVersion: v1
kind: Pod
metadata:
name: airship-in-a-pod
labels:
aiap: aiap
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: aiap
operator: Exists
topologyKey: kubernetes.io/hostname
hostNetwork: false
restartPolicy: Never
containers:
- name: libvirt
image: quay.io/airshipit/libvirt:aiap-v1
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
#SYS_ADMIN required for systemd, need to work out reqs for libvirt
command:
- bash
- -cex
- "exec /usr/lib/systemd/systemd"
env:
- name: container
value: docker
readinessProbe:
exec:
command:
- virsh
- version
initialDelaySeconds: 5
periodSeconds: 5
startupProbe:
exec:
command:
- systemctl
- is-active
- --quiet
- libvirtd
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- name: var-run-aiap
mountPath: /var/run/aiap/
- name: dev
mountPath: /dev
- name: tmp
mountPath: /tmp
- name: run
mountPath: /run
- name: var-lib-libvirt-images
mountPath: /var/lib/libvirt/images
- name: var-lib-libvirt-default
mountPath: /var/lib/libvirt/default
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: sys-fs-cgroup
mountPath: /sys/fs/cgroup
readOnly: false
- name: logs
mountPath: /var/log/
- name: sushy
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command:
- bash
- -cex
- |
tee /csr_details.txt << EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = localhost
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = 127.0.0.1
DNS.2 = ::1
EOF
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout /airship_gate_redfish_auth.key \
-x509 \
-days 365 \
-out /airship_gate_redfish_auth.pem \
-config <(cat /csr_details.txt) \
-extensions 'req_ext'
# Wait for infrastructure to come up
while (! grep -sq "SUCCESS" "/tmp/status/infra-builder"); do printf "Waiting on infra-builder...\n"; sleep 1; done
sushy-emulator \
--debug \
--interface 10.23.25.1 \
--port 8443 \
--ssl-key /airship_gate_redfish_auth.key \
--ssl-certificate /airship_gate_redfish_auth.pem
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: status
mountPath: /tmp/status
- name: nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
command:
- bash
- -cex
- |
tee /etc/nginx/nginx.conf <<'EOF'
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 8099;
listen [::]:8099;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /srv/images;
autoindex on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
EOF
exec nginx -g 'daemon off;'
volumeMounts:
- name: srv
mountPath: /srv/
- name: dind
image: docker:stable-dind
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- name: var-run-aiap
mountPath: /var/run/aiap/
- name: dind-storage
mountPath: /var/lib/docker
- name: var-run-docker
mountPath: /var/run/
- name: srv
mountPath: /srv/
- name: airship-config
mountPath: /root/.airship
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: artifact-setup
image: quay.io/airshipit/aiap-artifact-setup:latest
imagePullPolicy: IfNotPresent
command:
- bash
- -cex
- /entrypoint.sh
env:
- name: CACHE_DIR
value: /opt/aiap-files/cache
- name: USE_CACHED_AIRSHIPCTL
value: "false"
- name: ARTIFACTS_DIR
value: /opt/aiap-files/artifacts
- name: AIRSHIPCTL_REPO_URL
value: https://opendev.org/airship/airshipctl
- name: AIRSHIPCTL_REPO_REF
value: master
- name: AIRSHIPCTL_REPO_AUTH_TYPE
value: "none"
- name: USE_PROXY
value:
- name: no_proxy
value:
- name: http_proxy
value:
- name: https_proxy
value:
volumeMounts:
- name: tmp
mountPath: /tmp
- name: aiap-files
mountPath: /opt/aiap-files
- name: status
mountPath: /tmp/status
- name: var-run-docker
mountPath: /var/run
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: aiap-secret-volume
mountPath: /opt/aiap-secret-volume
- name: infra-builder
image: quay.io/airshipit/aiap-infra-builder:latest
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
command:
- bash
- -cex
- /entrypoint.sh
env:
- name: CACHE_DIR
value: /opt/aiap-files/cache
- name: ARTIFACTS_DIR
value: /opt/aiap-files/artifacts
- name: USE_PROXY
value:
- name: no_proxy
value:
- name: http_proxy
value:
- name: https_proxy
value:
volumeMounts:
- name: aiap-files
mountPath: /opt/aiap-files
- name: status
mountPath: /tmp/status
- name: tmp
mountPath: /tmp
- name: var-run-aiap
mountPath: /var/run/aiap/
- name: var-lib-libvirt-images
mountPath: /var/lib/libvirt/images
- name: var-lib-libvirt-default
mountPath: /var/lib/libvirt/default
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: logs
mountPath: /var/log/
- name: var-run-docker
mountPath: /var/run
- name: runner
image: quay.io/airshipit/aiap-runner:latest
imagePullPolicy: IfNotPresent
command:
- bash
- -cex
- /entrypoint.sh
env:
- name: CACHE_DIR
value: /opt/aiap-files/cache
- name: ARTIFACTS_DIR
value: /opt/aiap-files/artifacts
- name: USE_CACHED_ISO
value: "false"
- name: AIRSHIP_CONFIG_PHASE_REPO_URL
value: https://review.opendev.org/airship/airshipctl
- name: AIRSHIP_CONFIG_PHASE_REPO_BRANCH
value: master
- name: AIRSHIP_CONFIG_PHASE_REPO_REF
value:
- name: USE_PROXY
value:
- name: no_proxy
value:
- name: http_proxy
value:
- name: https_proxy
value:
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE
value: "none"
- name: SKIP_REGENERATE
value:
volumeMounts:
- name: aiap-files
mountPath: /opt/aiap-files
- name: status
mountPath: /tmp/status
- name: tmp
mountPath: /tmp
- name: var-run-aiap
mountPath: /var/run/aiap/
- name: srv
mountPath: /srv/
- name: run
mountPath: /run
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: logs
mountPath: /var/log/
- name: var-run-docker
mountPath: /var/run
- name: airship-config
mountPath: /root/.airship
- mountPath: /opt/aiap-secret-volume
name: aiap-secret-volume
- name: status-checker
image: quay.io/airshipit/aiap-status-checker:latest
volumeMounts:
- name: status
mountPath: /tmp/status
initContainers:
- name: init-aiap-files
image: ubuntu:20.04
command:
- bash
- -cex
- |
mkdir -p /opt/aiap-files/artifacts
mkdir -p /opt/aiap-files/cache
volumeMounts:
- name: aiap-files
mountPath: /opt/aiap-files
volumes:
- name: aiap-files
persistentVolumeClaim:
claimName: aiap-pv-files-claim
- name: status
emptyDir: {}
- name: dev
hostPath:
path: /dev
- name: tmp
emptyDir:
medium: "Memory"
- name: airship-config
emptyDir: {}
- name: run
emptyDir:
medium: "Memory"
- name: var-lib-libvirt-images
emptyDir: {}
- name: var-lib-libvirt-default
emptyDir: {}
- name: var-run-libvirt
emptyDir:
medium: "Memory"
- name: var-run-aiap
emptyDir:
medium: "Memory"
- name: sys-fs-cgroup
hostPath:
path: /sys/fs/cgroup
- name: srv
emptyDir: {}
- name: logs
emptyDir: {}
- name: var-run-docker
emptyDir:
medium: "Memory"
- name: dind-storage
emptyDir: {}
- name: aiap-secret-volume
secret:
secretName: aiap-secret
View Git Blame Copy Permalink