Browse Source

Configure .kube/config on bridge

Add the gitea k8s cluster to root's .kube/config file on bridge.

The default context does not exist in order to force us to explicitly
specify a context for all commands (so that we do not inadvertently
deploy something on the wrong k8s cluster).

Change-Id: I53368c76e6f5b3ab45b1982e9a977f9ce9f08581
changes/58/635358/1
James E. Blair 3 years ago
parent
commit
7610682b6f
  1. 8
      kubernetes/gitea/gitea-playbook.yaml
  2. 2
      kubernetes/gitea/setup-repo.yaml
  3. 9
      kubernetes/percona-xtradb-cluster/pxc-playbook.yaml
  4. 8
      kubernetes/rook/rook-playbook.yaml
  5. 4
      playbooks/base.yaml
  6. 1
      playbooks/host_vars/bridge.openstack.org.yaml
  7. 2
      playbooks/roles/configure-kubectl/README.rst
  8. 1
      playbooks/run-k8s-on-openstack.yaml
  9. 19
      playbooks/templates/clouds/bridge_kube_config.yaml.j2
  10. 2
      playbooks/zuul/templates/group_vars/nodepool.yaml.j2
  11. 1
      playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2
  12. 7
      testinfra/test_bridge.py
  13. 2
      testinfra/test_nodepool.py

8
kubernetes/gitea/gitea-playbook.yaml

@ -2,14 +2,17 @@
tasks:
- name: Set up gitea namespace
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}"
- name: Set up gitea secrets
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/secret.yaml') | from_yaml }}"
- name: Set up gitea configmap
k8s:
context: gitea
state: present
definition:
apiVersion: v1
@ -23,14 +26,17 @@
app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}"
- name: Set up gitea deployment
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}"
- name: Set up gitea service
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}"
- name: Get service IP
k8s:
context: gitea
namespace: gitea
kind: Service
name: gitea-service
@ -57,7 +63,7 @@
- "app = gitea"
register: gitea_pods
- name: Create root user
command: "kubectl exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
command: "kubectl --context gitea exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
no_log: true
- name: Check if gerrit user exists
uri:

2
kubernetes/gitea/setup-repo.yaml

@ -36,4 +36,4 @@
- name: Adjust repo settings
when: "sql_statement is defined"
command: |
kubectl exec gitea-pxc-0 -c database -n gitea-db -- mysql gitea -e '{{ sql_statement }}'
kubectl --context gitea exec gitea-pxc-0 -c database -n gitea-db -- mysql gitea -e '{{ sql_statement }}'

9
kubernetes/percona-xtradb-cluster/pxc-playbook.yaml

@ -2,45 +2,54 @@
tasks:
- name: Set up cinder storage class
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'storage-class.yaml') | from_yaml }}"
- name: Set up gitea-db namespace
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'gitea-db-namespace.yaml') | from_yaml }}"
- name: Set up gitea-db secrets
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'secrets.yaml') | from_yaml }}"
- name: Set up gitea-db mysql config configmap
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'config-map_mysql-config.yaml') | from_yaml }}"
- name: Set up gitea-db startup scripts configmap
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'config-map_startup-scripts.yaml') | from_yaml }}"
- name: Set up gitea-db xtradb cluster statefulset
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'statefulset.yaml') | from_yaml }}"
- name: Set up gitea-db metrics service
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'service-metrics.yaml') | from_yaml }}"
- name: Set up gitea-db database service
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'service-percona.yaml') | from_yaml }}"
- name: Set up gitea-db galera replication service
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'service-repl.yaml') | from_yaml }}"

8
kubernetes/rook/rook-playbook.yaml

@ -8,7 +8,7 @@
# into single document files is lame.
- name: Set up cinder storage class
command: |
kubectl apply -f rook-operator.yaml
kubectl apply -f rook-cluster.yaml
kubectl apply -f rook-toolbox.yaml
kubectl apply -f rook-filesystem.yaml
kubectl --context gitea apply -f rook-operator.yaml
kubectl --context gitea apply -f rook-cluster.yaml
kubectl --context gitea apply -f rook-toolbox.yaml
kubectl --context gitea apply -f rook-filesystem.yaml

4
playbooks/base.yaml

@ -17,7 +17,9 @@
- snmpd
- hosts: bridge.openstack.org:!disabled
name: "Base: configure OpenStackSDK on bridge"
name: "Base: configure cloud credentials on bridge"
roles:
- configure-kubectl
tasks:
- include_role:
name: configure-openstacksdk

1
playbooks/host_vars/bridge.openstack.org.yaml

@ -1,2 +1,3 @@
ansible_python_interpreter: python3
bastion_key_exclusive: false
kube_config_template: clouds/bridge_kube_config.yaml.j2

2
playbooks/roles/configure-kubectl/README.rst

@ -1,6 +1,6 @@
Configure kube config files
Configure kubernetes files needed by nodepool.
Configure kubernetes files needed by kubectl.
**Role Variables**

1
playbooks/run-k8s-on-openstack.yaml

@ -18,5 +18,6 @@
- name: Install cinder storage class
k8s:
context: gitea
state: present
definition: "{{ lookup('file', 'k8s/storage-class.yaml') | from_yaml }}"

19
playbooks/templates/clouds/bridge_kube_config.yaml.j2

@ -0,0 +1,19 @@
apiVersion: v1
kind: Config
current-context: default # This context does not exist
preferences: {}
clusters:
- name: gitea
cluster:
server: https://38.108.68.20:6443
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1ERXdPREV6TURRd05sb1hEVEk1TURFd05URXpNRFF3Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT3loCkxQWjdWeU42YzN5a0QwWFBvM3c1enFRamNXeGVZRWVpMHhYTEV1SDA2anpGdXUwV1ZFWmd2ais3dEcvMnZiRDMKdlBGUmE5ZHpyelBjRkk5OHJPR2JlTjBGTFJYaHVYR0ZibDR6L3hoWHZHYVViZ2JRT0gvNDVzek5DOUltRWtEeQpRU1Zsa1EyOHl4Zmo4a2lwUTJocEk5MHNpSG05L1lnSjhrMHVhTEF4MmgvQnRwOUJPNVFtOEw0SUVyUThFUHZ0Cm1XMEROWlp3RDE3OEcrZUx2Ym9qbnhPaklYVmNMMTZFcWROSzRiMTZwSTVFa1RlT2FqSnowdWYvUlpCdzNUTCsKWForamdKV2I3VTVEU04wbndFVUlPTXBJWmtDcGVvbHFkRmF0eG93SUdaOFU2Q3BsbUlJMDBnYTBWTlpwZnRNRgpKdDdsM094YXlPaUNNdllSVVNFQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFEMlFPMDV4VGsrSG5xYi9JOVVvakIraGVZeEsKbktnUmwwMElvS2JvNEpHZ3FuZVBFMVZWYlZnRkFMRXJ2bjBZVnBWTi84QU1VeTZJSlBDV1FwSU1XUE54bUx2UwprYmsvREM5T2c1ZzlsSkdpUlYvdkRLV0Q1Vy9RN1ZjNHBnbE9VMHplUzNXUkZxeW5BSmlqSWJrTm1RQkEyTDNLCjRraVcrQXd1eVZJQ1VZVlpIU3E2M0tLeVlsK282Y1ROdHYwT1ZpRkg0UThKL2E0a0kvTTNXSitZd1ZXeW1kU2EKYXBvVzFCSFVYQmhmL01kQWs3c0xYaWhtR2YvRFdBaGFORGdvRFRvRVJwbmIwKzBJYWVwRHBOYW9qUVRvdEs5Nwp1TW5mUitkcDZQTUFmamZHMW9nZ2FTSDE0MHVjdlVZMTZvdGVrV1doYk9sSXBMWnQxMGxSZEVZdjBPND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
contexts:
- name: gitea
context:
cluster: gitea
user: gitea-admin
users:
- name: gitea-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJSHQ5WXgyOGN2Wll3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB4T1RBeE1EZ3hNekEwTURaYUZ3MHlNREF4TURneE16QTBNVEJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTRvQlUxbWJRRURtcDhETUYKVkVCa0o0TTIybExINGlxOXlsbjR2UG1MVUYyRHJLaWpvNUVvOEtuWlduM3IrWUJCcUVSd3J6YWQ4NkdDTjM4TQpRemoyY3ViTGR5U2pPVXl0Q0Y2NldlM01jMnAxbGdFVTBvQmNhTUxCWHFXbmZLMVI1aGdNZmI5VmNkNXJSaDZhCmhKdHJ3cWpBTXU2WVQ4M05SbXNKK2tZKzYwRkprSUVtcXNDa0xZRzRja0ZOZkxQMit1clY1d3NDMTBLTTlURXMKc2RnWDlTSEhBNXdDRkRXMnB2emliV0FiSGplYnc4ZUVrcFdTMnd6UFFsZ09CUEpFUWc2djhlWnlIUTZzaXJlUApmQ1c5TUZGaG1oaUVhT2doTTI0YVZVemkwOGk0YVRqYXRGbHhQcUhIdnlTcUV3YnFwYmRlWkh6MWpBdngvMkRnCk8zeDgwUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGQXY5WHRYL3lrNDg2aE9jaTVPRHU2dnQwQXpDbzFzYXNMagppcWxQUmcwbFN6T3k2WG9SczNGbVViYThzRFRjeDM2SWg4N2ZGb0hKNWM0RzZCclJ1TlVxNWpaTkRTakxnOXJFCnlwUU1icmNCRXZqQ1lPSjA3WWRNQjR4cEJYOFFLOStsOGorai9Od29rNTBDZzExTlV6K3F2aCtXdGJhQUthWU4KQTJrOTVhTy9ZMk1vTFY1VHI3T2xwTkF0T1VSdVU1WUFOUzhHclVDQThEeUdGQW1EQlpyeHkzWEErdG1vL2dEZQpHQndyM0M4UndmZ2tpVEUzLzJodnZXZWlrRUtHZ0c1MTNxbUhRV0ZPMDZNZXhIbkVSUWVHUkZ0UEZHZkcrVC9HCm9yNHVIeENLaTBFajUrNFJLcGZYRmVSUzM1NGNkRWtQdkhWeFRicTQ3K3RWWlVGRXM5cz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: {{ gitea_kube_key }}

2
playbooks/zuul/templates/group_vars/nodepool.yaml.j2

@ -11,7 +11,7 @@ nodepool_internap_project: project
nodepool_vexxhost_username: user
nodepool_vexxhost_password: password
nodepool_vexxhost_project: project
nodepool_vexxhost_kube_key: k8s_key
nodepool_vexxhost_kube_key: nodepool_k8s_key
nodepool_citycloud_username: user
nodepool_citycloud_password: password
nodepool_linaro_username: user

1
playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2

@ -58,3 +58,4 @@ clouds:
openstackzuul_arm64ci_username: user
openstackzuul_arm64ci_password: password
openstackzuul_arm64ci_project_name: project
gitea_kube_key: gitea_k8s_key

7
testinfra/test_bridge.py

@ -65,3 +65,10 @@ def test_ara(host):
assert ara.rc == 0
database = host.file('/var/cache/ansible/ara.sqlite')
assert database.exists
def test_kube_config(host):
kubeconfig = host.file('/root/.kube/config')
assert kubeconfig.exists
assert b'gitea_k8s_key' in kubeconfig.content

2
testinfra/test_nodepool.py

@ -27,4 +27,4 @@ def test_kube_config(host):
kubeconfig = host.file('/home/nodepool/.kube/config')
assert kubeconfig.exists
assert b'k8s_key' in kubeconfig.content
assert b'nodepool_k8s_key' in kubeconfig.content

Loading…
Cancel
Save