Zuul V3 gate
This PS sets up the V3 gate for openstack-helm-infra. Change-Id: I07ffa591cb5e08f5e2f1f5cbc94e810c3aa1f97b
This commit is contained in:
parent
366a175447
commit
bd85bad919
73
.gitignore
vendored
Normal file
73
.gitignore
vendored
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
*.py[cod]
|
||||||
|
|
||||||
|
# C extensions
|
||||||
|
*.so
|
||||||
|
|
||||||
|
# Packages
|
||||||
|
*.egg*
|
||||||
|
*.egg-info
|
||||||
|
dist
|
||||||
|
build
|
||||||
|
eggs
|
||||||
|
parts
|
||||||
|
var
|
||||||
|
sdist
|
||||||
|
develop-eggs
|
||||||
|
.installed.cfg
|
||||||
|
lib
|
||||||
|
lib64
|
||||||
|
|
||||||
|
# Installer logs
|
||||||
|
pip-log.txt
|
||||||
|
|
||||||
|
# Unit test / coverage reports
|
||||||
|
cover/
|
||||||
|
.coverage*
|
||||||
|
!.coveragerc
|
||||||
|
.tox
|
||||||
|
nosetests.xml
|
||||||
|
.testrepository
|
||||||
|
.venv
|
||||||
|
|
||||||
|
# Translations
|
||||||
|
*.mo
|
||||||
|
|
||||||
|
# Mr Developer
|
||||||
|
.mr.developer.cfg
|
||||||
|
.project
|
||||||
|
.pydevproject
|
||||||
|
|
||||||
|
# Complexity
|
||||||
|
output/*.html
|
||||||
|
output/*/index.html
|
||||||
|
|
||||||
|
# Sphinx
|
||||||
|
doc/build
|
||||||
|
|
||||||
|
# pbr generates these
|
||||||
|
AUTHORS
|
||||||
|
ChangeLog
|
||||||
|
|
||||||
|
# Editors
|
||||||
|
*~
|
||||||
|
.*.swp
|
||||||
|
.*sw?
|
||||||
|
|
||||||
|
# Files created by releasenotes build
|
||||||
|
releasenotes/build
|
||||||
|
|
||||||
|
# Dev tools
|
||||||
|
.idea/
|
||||||
|
**/.vagrant
|
||||||
|
**/*.log
|
||||||
|
|
||||||
|
# Helm internals
|
||||||
|
*.lock
|
||||||
|
*/*.lock
|
||||||
|
*.tgz
|
||||||
|
**/*.tgz
|
||||||
|
**/_partials.tpl
|
||||||
|
**/_globals.tpl
|
||||||
|
|
||||||
|
# Gate and Check Logs
|
||||||
|
logs/
|
67
.zuul.yaml
Normal file
67
.zuul.yaml
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- project:
|
||||||
|
name: openstack/openstack-helm-infra
|
||||||
|
check:
|
||||||
|
jobs:
|
||||||
|
- openstack-helm-infra-ubuntu
|
||||||
|
- openstack-helm-infra-centos
|
||||||
|
|
||||||
|
- nodeset:
|
||||||
|
name: openstack-helm-ubuntu
|
||||||
|
nodes:
|
||||||
|
- name: primary
|
||||||
|
label: ubuntu-xenial
|
||||||
|
- name: node-1
|
||||||
|
label: ubuntu-xenial
|
||||||
|
- name: node-2
|
||||||
|
label: ubuntu-xenial
|
||||||
|
groups:
|
||||||
|
- name: primary
|
||||||
|
nodes:
|
||||||
|
- primary
|
||||||
|
- name: nodes
|
||||||
|
nodes:
|
||||||
|
- node-1
|
||||||
|
- node-2
|
||||||
|
|
||||||
|
- nodeset:
|
||||||
|
name: openstack-helm-centos
|
||||||
|
nodes:
|
||||||
|
- name: primary
|
||||||
|
label: centos-7
|
||||||
|
- name: node-1
|
||||||
|
label: centos-7
|
||||||
|
- name: node-2
|
||||||
|
label: centos-7
|
||||||
|
groups:
|
||||||
|
- name: primary
|
||||||
|
nodes:
|
||||||
|
- primary
|
||||||
|
- name: nodes
|
||||||
|
nodes:
|
||||||
|
- node-1
|
||||||
|
- node-2
|
||||||
|
- job:
|
||||||
|
name: openstack-helm-infra-ubuntu
|
||||||
|
pre-run: tools/gate/playbooks/zuul-pre
|
||||||
|
run: tools/gate/playbooks/zuul-run
|
||||||
|
nodeset: openstack-helm-ubuntu
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: openstack-helm-infra-centos
|
||||||
|
pre-run: tools/gate/playbooks/zuul-pre
|
||||||
|
run: tools/gate/playbooks/zuul-run
|
||||||
|
nodeset: openstack-helm-centos
|
53
Makefile
Normal file
53
Makefile
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# It's necessary to set this because some environments don't link sh -> bash.
|
||||||
|
SHELL := /bin/bash
|
||||||
|
|
||||||
|
HELM := helm
|
||||||
|
TASK := build
|
||||||
|
|
||||||
|
EXCLUDES := helm-toolkit doc tests tools logs
|
||||||
|
CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
|
||||||
|
|
||||||
|
all: $(CHARTS)
|
||||||
|
|
||||||
|
$(CHARTS):
|
||||||
|
@echo
|
||||||
|
@echo "===== Processing [$@] chart ====="
|
||||||
|
@make $(TASK)-$@
|
||||||
|
|
||||||
|
init-%:
|
||||||
|
if [ -f $*/Makefile ]; then make -C $*; fi
|
||||||
|
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
|
||||||
|
|
||||||
|
lint-%: init-%
|
||||||
|
if [ -d $* ]; then $(HELM) lint $*; fi
|
||||||
|
|
||||||
|
build-%: lint-%
|
||||||
|
if [ -d $* ]; then $(HELM) package $*; fi
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@echo "Removed .b64, _partials.tpl, and _globals.tpl files"
|
||||||
|
rm -f helm-toolkit/secrets/*.b64
|
||||||
|
rm -f */templates/_partials.tpl
|
||||||
|
rm -f */templates/_globals.tpl
|
||||||
|
rm -f *tgz */charts/*tgz
|
||||||
|
rm -f */requirements.lock
|
||||||
|
-rmdir -p */charts
|
||||||
|
|
||||||
|
pull-all-images:
|
||||||
|
@./tools/pull-images.sh
|
||||||
|
|
||||||
|
.PHONY: $(EXCLUDES) $(CHARTS)
|
25
calico/Chart.yaml
Normal file
25
calico/Chart.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm BootStrap Calico
|
||||||
|
name: calico
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://github.com/projectcalico/calico
|
||||||
|
icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67
|
||||||
|
sources:
|
||||||
|
- https://github.com/projectcalico/calico
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
29
calico/templates/clusterrole-calico-cni-plugin.yaml
Normal file
29
calico/templates/clusterrole-calico-cni-plugin.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- get
|
33
calico/templates/clusterrole-calico-policy-controller.yaml
Normal file
33
calico/templates/clusterrole-calico-policy-controller.yaml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: calico-policy-controller
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
- namespaces
|
||||||
|
- networkpolicies
|
||||||
|
verbs:
|
||||||
|
- watch
|
||||||
|
- list
|
30
calico/templates/clusterrolebinding-calico-cni-plugin.yaml
Normal file
30
calico/templates/clusterrolebinding-calico-cni-plugin.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: calico-cni-plugin
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: calico-cni-plugin
|
||||||
|
namespace: {{ .Release.Namespace }}
|
@ -0,0 +1,30 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: calico-policy-controller
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: calico-policy-controller
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: calico-policy-controller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
52
calico/templates/configmap-calico-config.yaml
Normal file
52
calico/templates/configmap-calico-config.yaml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
# This ConfigMap is used to configure a self-hosted Calico installation.
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: calico-config
|
||||||
|
data:
|
||||||
|
# The location of your etcd cluster. This uses the Service clusterIP
|
||||||
|
# defined below.
|
||||||
|
etcd_endpoints: "http://10.96.232.136:6666"
|
||||||
|
|
||||||
|
# Configure the Calico backend to use.
|
||||||
|
calico_backend: "bird"
|
||||||
|
|
||||||
|
# The CNI network configuration to install on each node.
|
||||||
|
cni_network_config: |-
|
||||||
|
{
|
||||||
|
"name": "k8s-pod-network",
|
||||||
|
"cniVersion": "0.1.0",
|
||||||
|
"type": "calico",
|
||||||
|
"etcd_endpoints": "__ETCD_ENDPOINTS__",
|
||||||
|
"log_level": "info",
|
||||||
|
"mtu": 1500,
|
||||||
|
"ipam": {
|
||||||
|
"type": "calico-ipam"
|
||||||
|
},
|
||||||
|
"policy": {
|
||||||
|
"type": "k8s",
|
||||||
|
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
|
||||||
|
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
|
||||||
|
},
|
||||||
|
"kubernetes": {
|
||||||
|
"kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
|
||||||
|
}
|
||||||
|
}
|
66
calico/templates/daemonset-calico-etcd.yaml
Normal file
66
calico/templates/daemonset-calico-etcd.yaml
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
# This manifest installs the Calico etcd on the kubeadm master. This uses a DaemonSet
|
||||||
|
# to force it to run on the master even when the master isn't schedulable, and uses
|
||||||
|
# nodeSelector to ensure it only runs on the master.
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: calico-etcd
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-etcd
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-etcd
|
||||||
|
annotations:
|
||||||
|
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
|
||||||
|
# reserves resources for critical add-on pods so that they can be rescheduled after
|
||||||
|
# a failure. This annotation works in tandem with the toleration below.
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
spec:
|
||||||
|
# Only run this pod on the master.
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
|
||||||
|
# This, along with the annotation above marks this pod as a critical add-on.
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/master: ""
|
||||||
|
hostNetwork: true
|
||||||
|
containers:
|
||||||
|
- name: calico-etcd
|
||||||
|
image: {{ .Values.images.tags.calico_etcd }}
|
||||||
|
env:
|
||||||
|
- name: CALICO_ETCD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
command: ["/bin/sh","-c"]
|
||||||
|
args: ["/usr/local/bin/etcd --name=calico --data-dir=/var/etcd/calico-data --advertise-client-urls=http://$CALICO_ETCD_IP:6666 --listen-client-urls=http://0.0.0.0:6666 --listen-peer-urls=http://0.0.0.0:6667"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: var-etcd
|
||||||
|
mountPath: /var/etcd
|
||||||
|
volumes:
|
||||||
|
- name: var-etcd
|
||||||
|
hostPath:
|
||||||
|
path: /var/etcd
|
165
calico/templates/daemonset-calico-node.yaml
Normal file
165
calico/templates/daemonset-calico-node.yaml
Normal file
@ -0,0 +1,165 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
# This manifest installs the calico/node container, as well
|
||||||
|
# as the Calico CNI plugins and network config on
|
||||||
|
# each master and worker node in a Kubernetes cluster.
|
||||||
|
kind: DaemonSet
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: calico-node
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-node
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: calico-node
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-node
|
||||||
|
annotations:
|
||||||
|
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
|
||||||
|
# reserves resources for critical add-on pods so that they can be rescheduled after
|
||||||
|
# a failure. This annotation works in tandem with the toleration below.
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
spec:
|
||||||
|
hostNetwork: true
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
|
||||||
|
# This, along with the annotation above marks this pod as a critical add-on.
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
serviceAccountName: calico-cni-plugin
|
||||||
|
containers:
|
||||||
|
# Runs calico/node container on each Kubernetes node. This
|
||||||
|
# container programs network policy and routes on each
|
||||||
|
# host.
|
||||||
|
- name: calico-node
|
||||||
|
image: {{ .Values.images.tags.calico_node }}
|
||||||
|
env:
|
||||||
|
# The location of the Calico etcd cluster.
|
||||||
|
- name: ETCD_ENDPOINTS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: calico-config
|
||||||
|
key: etcd_endpoints
|
||||||
|
# Enable BGP. Disable to enforce policy only.
|
||||||
|
- name: CALICO_NETWORKING_BACKEND
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: calico-config
|
||||||
|
key: calico_backend
|
||||||
|
# Cluster type to identify the deployment type
|
||||||
|
- name: CLUSTER_TYPE
|
||||||
|
value: "kubeadm,bgp"
|
||||||
|
# Disable file logging so `kubectl logs` works.
|
||||||
|
- name: CALICO_DISABLE_FILE_LOGGING
|
||||||
|
value: "true"
|
||||||
|
# Set Felix endpoint to host default action to ACCEPT.
|
||||||
|
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
|
||||||
|
value: "ACCEPT"
|
||||||
|
# Configure the IP Pool from which Pod IPs will be chosen.
|
||||||
|
- name: CALICO_IPV4POOL_CIDR
|
||||||
|
value: "{{ .Values.networking.podSubnet }}"
|
||||||
|
- name: CALICO_IPV4POOL_IPIP
|
||||||
|
value: "always"
|
||||||
|
# Disable IPv6 on Kubernetes.
|
||||||
|
- name: FELIX_IPV6SUPPORT
|
||||||
|
value: "false"
|
||||||
|
# Set MTU for tunnel device used if ipip is enabled
|
||||||
|
- name: FELIX_IPINIPMTU
|
||||||
|
value: "1440"
|
||||||
|
# Set Felix logging to "info"
|
||||||
|
- name: FELIX_LOGSEVERITYSCREEN
|
||||||
|
value: "info"
|
||||||
|
- name: FELIX_HEALTHENABLED
|
||||||
|
value: "true"
|
||||||
|
# Set Felix experimental Prometheus metrics server
|
||||||
|
- name: FELIX_PROMETHEUSMETRICSENABLED
|
||||||
|
value: "true"
|
||||||
|
- name: FELIX_PROMETHEUSMETRICSPORT
|
||||||
|
value: "9091"
|
||||||
|
# Auto-detect the BGP IP address.
|
||||||
|
- name: IP
|
||||||
|
value: ""
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 250m
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /liveness
|
||||||
|
port: 9099
|
||||||
|
periodSeconds: 10
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 6
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /readiness
|
||||||
|
port: 9099
|
||||||
|
periodSeconds: 10
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /lib/modules
|
||||||
|
name: lib-modules
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /var/run/calico
|
||||||
|
name: var-run-calico
|
||||||
|
readOnly: false
|
||||||
|
# This container installs the Calico CNI binaries
|
||||||
|
# and CNI network config file on each node.
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ .Values.images.tags.calico_cni }}
|
||||||
|
command: ["/install-cni.sh"]
|
||||||
|
env:
|
||||||
|
# The location of the Calico etcd cluster.
|
||||||
|
- name: ETCD_ENDPOINTS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: calico-config
|
||||||
|
key: etcd_endpoints
|
||||||
|
# The CNI network config to install on each node.
|
||||||
|
- name: CNI_NETWORK_CONFIG
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: calico-config
|
||||||
|
key: cni_network_config
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /host/opt/cni/bin
|
||||||
|
name: cni-bin-dir
|
||||||
|
- mountPath: /host/etc/cni/net.d
|
||||||
|
name: cni-net-dir
|
||||||
|
volumes:
|
||||||
|
# Used by calico/node.
|
||||||
|
- name: lib-modules
|
||||||
|
hostPath:
|
||||||
|
path: /lib/modules
|
||||||
|
- name: var-run-calico
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/calico
|
||||||
|
# Used to install CNI.
|
||||||
|
- name: cni-bin-dir
|
||||||
|
hostPath:
|
||||||
|
path: /opt/cni/bin
|
||||||
|
- name: cni-net-dir
|
||||||
|
hostPath:
|
||||||
|
path: /etc/cni/net.d
|
72
calico/templates/deployment-calico-policy-controller.yaml
Normal file
72
calico/templates/deployment-calico-policy-controller.yaml
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
# This manifest deploys the Calico policy controller on Kubernetes.
|
||||||
|
# See https://github.com/projectcalico/k8s-policy
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: calico-policy-controller
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-policy
|
||||||
|
spec:
|
||||||
|
# The policy controller can only have a single active instance.
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: calico-policy-controller
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-policy-controller
|
||||||
|
annotations:
|
||||||
|
# Mark this pod as a critical add-on; when enabled, the critical add-on scheduler
|
||||||
|
# reserves resources for critical add-on pods so that they can be rescheduled after
|
||||||
|
# a failure. This annotation works in tandem with the toleration below.
|
||||||
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
|
spec:
|
||||||
|
# The policy controller must run in the host network namespace so that
|
||||||
|
# it isn't governed by policy that would prevent it from working.
|
||||||
|
hostNetwork: true
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
# Allow this pod to be rescheduled while the node is in "critical add-ons only" mode.
|
||||||
|
# This, along with the annotation above marks this pod as a critical add-on.
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
serviceAccountName: calico-policy-controller
|
||||||
|
containers:
|
||||||
|
- name: calico-policy-controller
|
||||||
|
image: {{ .Values.images.tags.calico_kube_policy_controller }}
|
||||||
|
env:
|
||||||
|
# The location of the Calico etcd cluster.
|
||||||
|
- name: ETCD_ENDPOINTS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: calico-config
|
||||||
|
key: etcd_endpoints
|
||||||
|
# The location of the Kubernetes API. Use the default Kubernetes
|
||||||
|
# service for API access.
|
||||||
|
- name: K8S_API
|
||||||
|
value: "https://kubernetes.default:443"
|
||||||
|
# Since we're running in the host namespace and might not have KubeDNS
|
||||||
|
# access, configure the container's /etc/hosts to resolve
|
||||||
|
# kubernetes.default to the correct service clusterIP.
|
||||||
|
- name: CONFIGURE_ETC_HOSTS
|
||||||
|
value: "true"
|
35
calico/templates/service-calico-etcd.yaml
Normal file
35
calico/templates/service-calico-etcd.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
# This manifest installs the Service which gets traffic to the Calico
|
||||||
|
# etcd.
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: calico-etcd
|
||||||
|
name: calico-etcd
|
||||||
|
spec:
|
||||||
|
# Select the calico-etcd pod running on the master.
|
||||||
|
selector:
|
||||||
|
k8s-app: calico-etcd
|
||||||
|
# This ClusterIP needs to be known in advance, since we cannot rely
|
||||||
|
# on DNS to get access to etcd.
|
||||||
|
clusterIP: 10.96.232.136
|
||||||
|
ports:
|
||||||
|
- port: 6666
|
22
calico/templates/serviceaccount-calico-cni-plugin.yaml
Normal file
22
calico/templates/serviceaccount-calico-cni-plugin.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: calico-cni-plugin
|
@ -0,0 +1,22 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: calico-policy-controller
|
31
calico/values.yaml
Normal file
31
calico/values.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# http://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
|
||||||
|
# Calico Version v2.4.1
|
||||||
|
# https://docs.projectcalico.org/v2.4/releases#v2.4.1
|
||||||
|
# This manifest includes the following component versions:
|
||||||
|
# calico/node:v2.4.1
|
||||||
|
# calico/cni:v1.10.0
|
||||||
|
# calico/kube-policy-controller:v0.7.0
|
||||||
|
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
calico_etcd: quay.io/coreos/etcd:v3.1.10
|
||||||
|
calico_node: quay.io/calico/node:v2.4.1
|
||||||
|
calico_cni: quay.io/calico/cni:v1.10.0
|
||||||
|
calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0
|
||||||
|
|
||||||
|
networking:
|
||||||
|
podSubnet: 192.168.0.0/16
|
25
flannel/Chart.yaml
Normal file
25
flannel/Chart.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm BootStrap Flannel
|
||||||
|
name: flannel
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://github.com/coreos/flannel
|
||||||
|
icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png
|
||||||
|
sources:
|
||||||
|
- https://github.com/coreos/flannel
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
42
flannel/templates/clusterrole-flannel.yaml
Normal file
42
flannel/templates/clusterrole-flannel.yaml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: flannel
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
30
flannel/templates/clusterrolebinding-flannel.yaml
Normal file
30
flannel/templates/clusterrolebinding-flannel.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
metadata:
|
||||||
|
name: flannel
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: flannel
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: flannel
|
||||||
|
namespace: {{ .Release.Namespace }}
|
41
flannel/templates/configmap-kube-flannel-cfg.yaml
Normal file
41
flannel/templates/configmap-kube-flannel-cfg.yaml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
kind: ConfigMap
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: kube-flannel-cfg
|
||||||
|
labels:
|
||||||
|
tier: node
|
||||||
|
app: flannel
|
||||||
|
data:
|
||||||
|
cni-conf.json: |
|
||||||
|
{
|
||||||
|
"name": "cbr0",
|
||||||
|
"type": "flannel",
|
||||||
|
"delegate": {
|
||||||
|
"isDefaultGateway": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
net-conf.json: |
|
||||||
|
{
|
||||||
|
"Network": "{{ .Values.networking.podSubnet }}",
|
||||||
|
"Backend": {
|
||||||
|
"Type": "vxlan"
|
||||||
|
}
|
||||||
|
}
|
78
flannel/templates/daemonset-kube-flannel-ds.yaml
Normal file
78
flannel/templates/daemonset-kube-flannel-ds.yaml
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: kube-flannel-ds
|
||||||
|
labels:
|
||||||
|
tier: node
|
||||||
|
app: flannel
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
tier: node
|
||||||
|
app: flannel
|
||||||
|
spec:
|
||||||
|
hostNetwork: true
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/arch: amd64
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
effect: NoSchedule
|
||||||
|
serviceAccountName: flannel
|
||||||
|
containers:
|
||||||
|
- name: kube-flannel
|
||||||
|
image: {{ .Values.images.tags.flannel }}
|
||||||
|
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
env:
|
||||||
|
- name: POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
volumeMounts:
|
||||||
|
- name: run
|
||||||
|
mountPath: /run
|
||||||
|
- name: flannel-cfg
|
||||||
|
mountPath: /etc/kube-flannel/
|
||||||
|
- name: install-cni
|
||||||
|
image: {{ .Values.images.tags.flannel }}
|
||||||
|
command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ]
|
||||||
|
volumeMounts:
|
||||||
|
- name: cni
|
||||||
|
mountPath: /etc/cni/net.d
|
||||||
|
- name: flannel-cfg
|
||||||
|
mountPath: /etc/kube-flannel/
|
||||||
|
volumes:
|
||||||
|
- name: run
|
||||||
|
hostPath:
|
||||||
|
path: /run
|
||||||
|
- name: cni
|
||||||
|
hostPath:
|
||||||
|
path: /etc/cni/net.d
|
||||||
|
- name: flannel-cfg
|
||||||
|
configMap:
|
||||||
|
name: kube-flannel-cfg
|
22
flannel/templates/serviceaccount-flannel.yaml
Normal file
22
flannel/templates/serviceaccount-flannel.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: flannel
|
22
flannel/values.yaml
Normal file
22
flannel/values.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
||||||
|
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
flannel: quay.io/coreos/flannel:v0.8.0-amd64
|
||||||
|
|
||||||
|
networking:
|
||||||
|
podSubnet: 192.168.0.0/16
|
25
kube-dns/Chart.yaml
Normal file
25
kube-dns/Chart.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm Kube-DNS
|
||||||
|
name: kube-dns
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://github.com/coreos/flannel
|
||||||
|
icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png
|
||||||
|
sources:
|
||||||
|
- https://github.com/coreos/flannel
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
24
kube-dns/templates/configmap-kube-dns.yaml
Normal file
24
kube-dns/templates/configmap-kube-dns.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: kube-dns
|
||||||
|
labels:
|
||||||
|
addonmanager.kubernetes.io/mode: EnsureExists
|
189
kube-dns/templates/deployment-kube-dns.yaml
Normal file
189
kube-dns/templates/deployment-kube-dns.yaml
Normal file
@ -0,0 +1,189 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
name: kube-dns
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 10%
|
||||||
|
maxUnavailable: 0
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
labels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
spec:
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: beta.kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- amd64
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- --domain={{ .Values.networking.dnsDomain }}.
|
||||||
|
- --dns-port=10053
|
||||||
|
- --config-dir=/kube-dns-config
|
||||||
|
- --v=2
|
||||||
|
env:
|
||||||
|
- name: PROMETHEUS_PORT
|
||||||
|
value: "10055"
|
||||||
|
image: {{ .Values.images.tags.kube_dns }}
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /healthcheck/kubedns
|
||||||
|
port: 10054
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
name: kubedns
|
||||||
|
ports:
|
||||||
|
- containerPort: 10053
|
||||||
|
name: dns-local
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 10053
|
||||||
|
name: dns-tcp-local
|
||||||
|
protocol: TCP
|
||||||
|
- containerPort: 10055
|
||||||
|
name: metrics
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /readiness
|
||||||
|
port: 8081
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 3
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: 170Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 70Mi
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /kube-dns-config
|
||||||
|
name: kube-dns-config
|
||||||
|
- args:
|
||||||
|
- -v=2
|
||||||
|
- -logtostderr
|
||||||
|
- -configDir=/etc/k8s/dns/dnsmasq-nanny
|
||||||
|
- -restartDnsmasq=true
|
||||||
|
- --
|
||||||
|
- -k
|
||||||
|
- --cache-size=1000
|
||||||
|
- --log-facility=-
|
||||||
|
- --server=/{{ .Values.networking.dnsDomain }}/127.0.0.1#10053
|
||||||
|
- --server=/in-addr.arpa/127.0.0.1#10053
|
||||||
|
- --server=/ip6.arpa/127.0.0.1#10053
|
||||||
|
image: {{ .Values.images.tags.kube_dns_nanny }}
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /healthcheck/dnsmasq
|
||||||
|
port: 10054
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
name: dnsmasq
|
||||||
|
ports:
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 53
|
||||||
|
name: dns-tcp
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 150m
|
||||||
|
memory: 20Mi
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/k8s/dns/dnsmasq-nanny
|
||||||
|
name: kube-dns-config
|
||||||
|
- args:
|
||||||
|
- --v=2
|
||||||
|
- --logtostderr
|
||||||
|
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A
|
||||||
|
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ .Values.networking.dnsDomain }},5,A
|
||||||
|
image: {{ .Values.images.tags.kube_dns_sidecar }}
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /metrics
|
||||||
|
port: 10054
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
name: sidecar
|
||||||
|
ports:
|
||||||
|
- containerPort: 10054
|
||||||
|
name: metrics
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 20Mi
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
dnsPolicy: Default
|
||||||
|
restartPolicy: Always
|
||||||
|
schedulerName: default-scheduler
|
||||||
|
securityContext: {}
|
||||||
|
serviceAccount: kube-dns
|
||||||
|
serviceAccountName: kube-dns
|
||||||
|
terminationGracePeriodSeconds: 30
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
volumes:
|
||||||
|
- configMap:
|
||||||
|
defaultMode: 420
|
||||||
|
name: kube-dns
|
||||||
|
optional: true
|
||||||
|
name: kube-dns-config
|
41
kube-dns/templates/service-kube-dns.yaml
Normal file
41
kube-dns/templates/service-kube-dns.yaml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
kubernetes.io/name: KubeDNS
|
||||||
|
name: kube-dns
|
||||||
|
spec:
|
||||||
|
clusterIP: {{ .Values.networking.dnsIP }}
|
||||||
|
ports:
|
||||||
|
- name: dns
|
||||||
|
port: 53
|
||||||
|
protocol: UDP
|
||||||
|
targetPort: 53
|
||||||
|
- name: dns-tcp
|
||||||
|
port: 53
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 53
|
||||||
|
selector:
|
||||||
|
k8s-app: kube-dns
|
||||||
|
sessionAffinity: None
|
||||||
|
type: ClusterIP
|
25
kube-dns/templates/serviceaccount-kube-dns.yaml
Normal file
25
kube-dns/templates/serviceaccount-kube-dns.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: kube-dns
|
||||||
|
labels:
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
addonmanager.kubernetes.io/mode: Reconcile
|
25
kube-dns/values.yaml
Normal file
25
kube-dns/values.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# https://raw.githubusercontent.com/coreos/flannel/v0.8.0/Documentation/kube-flannel.yml
|
||||||
|
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
kube_dns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
|
||||||
|
kube_dns_nanny: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
|
||||||
|
kube_dns_sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
|
||||||
|
|
||||||
|
networking:
|
||||||
|
dnsDomain: cluster.local
|
||||||
|
dnsIP: 10.96.0.10
|
24
tiller/Chart.yaml
Normal file
24
tiller/Chart.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: OpenStack-Helm Tiller
|
||||||
|
name: tiller
|
||||||
|
version: 0.1.0
|
||||||
|
home: https://github.com/kubernetes/helm
|
||||||
|
sources:
|
||||||
|
- https://github.com/kubernetes/helm
|
||||||
|
- https://git.openstack.org/cgit/openstack/openstack-helm
|
||||||
|
maintainers:
|
||||||
|
- name: OpenStack-Helm Authors
|
30
tiller/templates/clusterrolebinding-tiller.yaml
Normal file
30
tiller/templates/clusterrolebinding-tiller.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: tiller
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: cluster-admin
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: tiller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
85
tiller/templates/deployment-tiller.yaml
Normal file
85
tiller/templates/deployment-tiller.yaml
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: helm
|
||||||
|
name: tiller
|
||||||
|
name: tiller-deploy
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: helm
|
||||||
|
name: tiller
|
||||||
|
strategy:
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 1
|
||||||
|
maxUnavailable: 1
|
||||||
|
type: RollingUpdate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: helm
|
||||||
|
name: tiller
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- env:
|
||||||
|
- name: TILLER_NAMESPACE
|
||||||
|
value: {{ .Release.Namespace }}
|
||||||
|
- name: TILLER_HISTORY_MAX
|
||||||
|
value: "0"
|
||||||
|
image: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /liveness
|
||||||
|
port: 44135
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
name: tiller
|
||||||
|
ports:
|
||||||
|
- containerPort: 44134
|
||||||
|
name: tiller
|
||||||
|
protocol: TCP
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
httpGet:
|
||||||
|
path: /readiness
|
||||||
|
port: 44135
|
||||||
|
scheme: HTTP
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
resources: {}
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
restartPolicy: Always
|
||||||
|
schedulerName: default-scheduler
|
||||||
|
securityContext: {}
|
||||||
|
serviceAccount: tiller
|
||||||
|
serviceAccountName: tiller
|
||||||
|
terminationGracePeriodSeconds: 30
|
36
tiller/templates/service-tiller-deploy.yaml
Normal file
36
tiller/templates/service-tiller-deploy.yaml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: helm
|
||||||
|
name: tiller
|
||||||
|
name: tiller-deploy
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: tiller
|
||||||
|
port: 44134
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: tiller
|
||||||
|
selector:
|
||||||
|
app: helm
|
||||||
|
name: tiller
|
||||||
|
sessionAffinity: None
|
||||||
|
type: ClusterIP
|
22
tiller/templates/serviceaccount-tiller.yaml
Normal file
22
tiller/templates/serviceaccount-tiller.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: tiller
|
20
tools/gate/devel/local-inventory.yaml
Normal file
20
tools/gate/devel/local-inventory.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
all:
|
||||||
|
children:
|
||||||
|
primary:
|
||||||
|
hosts:
|
||||||
|
local:
|
||||||
|
ansible_connection: local
|
19
tools/gate/devel/local-vars.yaml
Normal file
19
tools/gate/devel/local-vars.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
kubernetes:
|
||||||
|
network:
|
||||||
|
default_device: docker0
|
||||||
|
cluster:
|
||||||
|
cni: calcio
|
32
tools/gate/devel/multinode-inventory.yaml
Normal file
32
tools/gate/devel/multinode-inventory.yaml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
all:
|
||||||
|
children:
|
||||||
|
primary:
|
||||||
|
hosts:
|
||||||
|
jules:
|
||||||
|
ansible_port: 22
|
||||||
|
ansible_host: 10.10.10.13
|
||||||
|
ansible_user: ubuntu
|
||||||
|
ansible_ssh_private_key_file: /home/ubuntu/.ssh/insecure.pem
|
||||||
|
ansible_ssh_extra_args: -o StrictHostKeyChecking=no
|
||||||
|
nodes:
|
||||||
|
hosts:
|
||||||
|
verne:
|
||||||
|
ansible_port: 22
|
||||||
|
ansible_host: 10.10.10.6
|
||||||
|
ansible_user: ubuntu
|
||||||
|
ansible_ssh_private_key_file: /home/ubuntu/.ssh/insecure.pem
|
||||||
|
ansible_ssh_extra_args: -o StrictHostKeyChecking=no
|
19
tools/gate/devel/multinode-vars.yaml
Normal file
19
tools/gate/devel/multinode-vars.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
kubernetes:
|
||||||
|
network:
|
||||||
|
default_device: docker0
|
||||||
|
cluster:
|
||||||
|
cni: calico
|
74
tools/gate/devel/start.sh
Executable file
74
tools/gate/devel/start.sh
Executable file
@ -0,0 +1,74 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
: ${WORK_DIR:="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/../../.."}
|
||||||
|
export MODE=${1:-"local"}
|
||||||
|
|
||||||
|
function ansible_install {
|
||||||
|
cd /tmp
|
||||||
|
. /etc/os-release
|
||||||
|
HOST_OS=${HOST_OS:="${ID}"}
|
||||||
|
if [ "x$ID" == "xubuntu" ]; then
|
||||||
|
sudo apt-get update -y
|
||||||
|
sudo apt-get install -y --no-install-recommends \
|
||||||
|
python-pip \
|
||||||
|
libssl-dev \
|
||||||
|
python-dev \
|
||||||
|
build-essential
|
||||||
|
elif [ "x$ID" == "xcentos" ]; then
|
||||||
|
sudo yum install -y \
|
||||||
|
epel-release
|
||||||
|
sudo yum install -y \
|
||||||
|
python-pip \
|
||||||
|
python-devel \
|
||||||
|
redhat-rpm-config \
|
||||||
|
gcc
|
||||||
|
elif [ "x$ID" == "xfedora" ]; then
|
||||||
|
sudo dnf install -y \
|
||||||
|
python-devel \
|
||||||
|
redhat-rpm-config \
|
||||||
|
gcc
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo -H pip install --no-cache-dir --upgrade pip
|
||||||
|
sudo -H pip install --no-cache-dir --upgrade setuptools
|
||||||
|
sudo -H pip install --no-cache-dir --upgrade pyopenssl
|
||||||
|
sudo -H pip install --no-cache-dir ansible
|
||||||
|
sudo -H pip install --no-cache-dir ara
|
||||||
|
sudo -H pip install --no-cache-dir yq
|
||||||
|
}
|
||||||
|
ansible_install
|
||||||
|
|
||||||
|
cd ${WORK_DIR}
|
||||||
|
export ANSIBLE_CALLBACK_PLUGINS="$(python -c 'import os,ara; print(os.path.dirname(ara.__file__))')/plugins/callbacks"
|
||||||
|
rm -rf ${HOME}/.ara
|
||||||
|
|
||||||
|
function dump_logs () {
|
||||||
|
# Setup the logging location: by default use the working dir as the root.
|
||||||
|
export LOGS_DIR=${LOGS_DIR:-"${WORK_DIR}/logs"}
|
||||||
|
set +e
|
||||||
|
rm -rf ${LOGS_DIR} || true
|
||||||
|
mkdir -p ${LOGS_DIR}/ara
|
||||||
|
ara generate html ${LOGS_DIR}/ara
|
||||||
|
exit $1
|
||||||
|
}
|
||||||
|
trap 'dump_logs "$?"' ERR
|
||||||
|
|
||||||
|
INVENTORY=${WORK_DIR}/tools/gate/devel/${MODE}-inventory.yaml
|
||||||
|
VARS=${WORK_DIR}/tools/gate/devel/${MODE}-vars.yaml
|
||||||
|
ansible-playbook ${WORK_DIR}/tools/gate/playbooks/zuul-pre.yaml -i ${INVENTORY} --extra-vars=@${VARS} --extra-vars "work_dir=${WORK_DIR}"
|
||||||
|
ansible-playbook ${WORK_DIR}/tools/gate/playbooks/zuul-run.yaml -i ${INVENTORY} --extra-vars=@${VARS} --extra-vars "work_dir=${WORK_DIR}"
|
23
tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml
Normal file
23
tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: build the Kubeadm-AIO image
|
||||||
|
docker_image:
|
||||||
|
path: "{{ work_dir }}/"
|
||||||
|
name: "{{ images.kubernetes.kubeadm_aio }}"
|
||||||
|
dockerfile: "tools/images/kubeadm-aio/Dockerfile"
|
||||||
|
force: yes
|
||||||
|
pull: yes
|
||||||
|
state: present
|
||||||
|
rm: yes
|
15
tools/gate/playbooks/build-images/tasks/main.yaml
Normal file
15
tools/gate/playbooks/build-images/tasks/main.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include: kubeadm-aio.yaml
|
@ -0,0 +1,68 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: ensuring SELinux is disabled on centos & fedora
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
command: setenforce 0
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
|
||||||
|
- name: fix docker removal issue with ansible's docker_container on centos
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
block:
|
||||||
|
- name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: pip
|
||||||
|
vars:
|
||||||
|
state: absent
|
||||||
|
packages:
|
||||||
|
- requests
|
||||||
|
- urllib3
|
||||||
|
- name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
state: absent
|
||||||
|
packages:
|
||||||
|
rpm:
|
||||||
|
- python-urllib3
|
||||||
|
- python-requests
|
||||||
|
- name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
packages:
|
||||||
|
rpm:
|
||||||
|
- python-urllib3
|
||||||
|
- python-requests
|
||||||
|
|
||||||
|
- name: Ensure docker python packages deployed
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: pip
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
- docker-py
|
52
tools/gate/playbooks/deploy-docker/tasks/main.yaml
Normal file
52
tools/gate/playbooks/deploy-docker/tasks/main.yaml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: check if docker deploy is needed
|
||||||
|
raw: which docker
|
||||||
|
register: need_docker
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: deploy docker packages
|
||||||
|
when: need_docker | failed
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
deb:
|
||||||
|
- docker.io
|
||||||
|
rpm:
|
||||||
|
- docker-latest
|
||||||
|
|
||||||
|
- name: centos | moving systemd unit into place
|
||||||
|
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
||||||
|
template:
|
||||||
|
src: centos-docker.service.j2
|
||||||
|
dest: /etc/systemd/system/docker.service
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: fedora | moving systemd unit into place
|
||||||
|
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
||||||
|
template:
|
||||||
|
src: fedora-docker.service.j2
|
||||||
|
dest: /etc/systemd/system/docker.service
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: restarting docker
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
name: docker
|
||||||
|
|
||||||
|
- include: deploy-ansible-docker-support.yaml
|
@ -0,0 +1,31 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Docker Application Container Engine
|
||||||
|
Documentation=http://docs.docker.com
|
||||||
|
After=network.target
|
||||||
|
Wants=docker-latest-storage-setup.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=all
|
||||||
|
Environment=GOTRACEBACK=crash
|
||||||
|
Environment=DOCKER_HTTP_HOST_COMPAT=1
|
||||||
|
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
|
||||||
|
ExecStart=/usr/bin/dockerd-latest \
|
||||||
|
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-latest \
|
||||||
|
--default-runtime=docker-runc \
|
||||||
|
--exec-opt native.cgroupdriver=systemd \
|
||||||
|
--userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \
|
||||||
|
-g /var/lib/docker \
|
||||||
|
--storage-driver=overlay \
|
||||||
|
--log-driver=journald
|
||||||
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
|
LimitNOFILE=1048576
|
||||||
|
LimitNPROC=1048576
|
||||||
|
LimitCORE=infinity
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=on-abnormal
|
||||||
|
MountFlags=share
|
||||||
|
KillMode=process
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,29 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Docker Application Container Engine
|
||||||
|
Documentation=http://docs.docker.com
|
||||||
|
After=network.target docker-latest-containerd.service
|
||||||
|
Wants=docker-latest-storage-setup.service
|
||||||
|
Requires=docker-latest-containerd.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
Environment=GOTRACEBACK=crash
|
||||||
|
ExecStart=/usr/bin/dockerd-latest \
|
||||||
|
--add-runtime oci=/usr/libexec/docker/docker-runc-latest \
|
||||||
|
--default-runtime=oci \
|
||||||
|
--containerd /run/containerd.sock \
|
||||||
|
--exec-opt native.cgroupdriver=systemd \
|
||||||
|
--userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \
|
||||||
|
-g /var/lib/docker \
|
||||||
|
--storage-driver=overlay2 \
|
||||||
|
--log-driver=journald
|
||||||
|
ExecReload=/bin/kill -s HUP $MAINPID
|
||||||
|
TasksMax=8192
|
||||||
|
LimitNOFILE=1048576
|
||||||
|
LimitNPROC=1048576
|
||||||
|
LimitCORE=infinity
|
||||||
|
TimeoutStartSec=0
|
||||||
|
Restart=on-abnormal
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,69 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: master
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: clean-host
|
||||||
|
block:
|
||||||
|
- name: "kubeadm-aio perfoming action: {{ kubeadm_aio_action }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||||
|
state: started
|
||||||
|
detach: false
|
||||||
|
recreate: yes
|
||||||
|
pid_mode: host
|
||||||
|
network_mode: host
|
||||||
|
capabilities: SYS_ADMIN
|
||||||
|
volumes:
|
||||||
|
- /sys:/sys:rw
|
||||||
|
- /run:/run:rw
|
||||||
|
- /:/mnt/rootfs:rw
|
||||||
|
- /etc:/etc:rw
|
||||||
|
env:
|
||||||
|
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
ACTION="{{ kubeadm_aio_action }}"
|
||||||
|
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
||||||
|
USER_UID="{{ playbook_user_id }}"
|
||||||
|
USER_GID="{{ playbook_group_id }}"
|
||||||
|
USER_HOME="{{ playbook_user_dir }}"
|
||||||
|
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
||||||
|
PVC_SUPPORT_CEPH=true
|
||||||
|
PVC_SUPPORT_NFS=true
|
||||||
|
NET_SUPPORT_LINUXBRIDGE=true
|
||||||
|
KUBE_NET_POD_SUBNET=192.168.0.0/16
|
||||||
|
KUBE_NET_DNS_DOMAIN=cluster.local
|
||||||
|
CONTAINER_RUNTIME=docker
|
||||||
|
register: kubeadm_master_deploy
|
||||||
|
ignore_errors: True
|
||||||
|
rescue:
|
||||||
|
- name: getting logs from kubeadm-aio container
|
||||||
|
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
register: out
|
||||||
|
- name: dumping logs from kubeadm-aio container
|
||||||
|
debug:
|
||||||
|
var: out.stdout_lines
|
||||||
|
- name: exiting if the kubeadm deploy failed
|
||||||
|
command: exit 1
|
||||||
|
always:
|
||||||
|
- name: removing kubeadm-aio container
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
state: absent
|
@ -0,0 +1,18 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: master
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: deploy-kubelet
|
||||||
|
include: util-kubeadm-aio-run.yaml
|
@ -0,0 +1,35 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: setting playbook facts
|
||||||
|
set_fact:
|
||||||
|
playbook_user_id: "{{ ansible_user_uid }}"
|
||||||
|
playbook_group_id: "{{ ansible_user_gid }}"
|
||||||
|
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||||
|
kubernetes_default_device: "{{ ansible_default_ipv4.alias }}"
|
||||||
|
kubernetes_default_address: null
|
||||||
|
|
||||||
|
- name: if we have defined a custom interface for kubernetes use that
|
||||||
|
when: kubernetes.network.default_device is defined and kubernetes.network.default_device
|
||||||
|
set_fact:
|
||||||
|
kubernetes_default_device: "{{ kubernetes.network.default_device }}"
|
||||||
|
|
||||||
|
- name: if we are in openstack infra use the private IP for kubernetes
|
||||||
|
when: (nodepool is defined) and (nodepool.private_ipv4 is defined)
|
||||||
|
set_fact:
|
||||||
|
kubernetes_default_address: "{{ nodepool.private_ipv4 }}"
|
||||||
|
|
||||||
|
- include: clean-node.yaml
|
||||||
|
|
||||||
|
- include: deploy-kubelet.yaml
|
@ -0,0 +1,69 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Run Kubeadm-AIO container
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: null
|
||||||
|
block:
|
||||||
|
- name: "perfoming {{ kubeadm_aio_action }} action"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||||
|
state: started
|
||||||
|
detach: false
|
||||||
|
recreate: yes
|
||||||
|
pid_mode: host
|
||||||
|
network_mode: host
|
||||||
|
capabilities: SYS_ADMIN
|
||||||
|
volumes:
|
||||||
|
- /sys:/sys:rw
|
||||||
|
- /run:/run:rw
|
||||||
|
- /:/mnt/rootfs:rw
|
||||||
|
- /etc:/etc:rw
|
||||||
|
env:
|
||||||
|
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
ACTION="{{ kubeadm_aio_action }}"
|
||||||
|
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
||||||
|
KUBE_BIND_ADDR="{{ kubernetes_default_address }}"
|
||||||
|
USER_UID="{{ playbook_user_id }}"
|
||||||
|
USER_GID="{{ playbook_group_id }}"
|
||||||
|
USER_HOME="{{ playbook_user_dir }}"
|
||||||
|
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
||||||
|
PVC_SUPPORT_CEPH=true
|
||||||
|
PVC_SUPPORT_NFS=true
|
||||||
|
NET_SUPPORT_LINUXBRIDGE=true
|
||||||
|
KUBE_NET_POD_SUBNET=192.168.0.0/16
|
||||||
|
KUBE_NET_DNS_DOMAIN=cluster.local
|
||||||
|
CONTAINER_RUNTIME=docker
|
||||||
|
register: kubeadm_master_deploy
|
||||||
|
rescue:
|
||||||
|
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||||
|
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
register: out
|
||||||
|
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||||
|
debug:
|
||||||
|
var: out.stdout_lines
|
||||||
|
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||||
|
command: exit 1
|
||||||
|
always:
|
||||||
|
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
state: absent
|
@ -0,0 +1,31 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: setting playbook user info facts before escalating privileges
|
||||||
|
set_fact:
|
||||||
|
playbook_user_id: "{{ ansible_user_uid }}"
|
||||||
|
playbook_group_id: "{{ ansible_user_gid }}"
|
||||||
|
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||||
|
|
||||||
|
- name: deploying kubelet and support assets to node
|
||||||
|
include_role:
|
||||||
|
name: deploy-kubeadm-aio-common
|
||||||
|
tasks_from: main
|
||||||
|
|
||||||
|
- name: deploying kubernetes on master node
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: deploy-kube
|
||||||
|
include_role:
|
||||||
|
name: deploy-kubeadm-aio-common
|
||||||
|
tasks_from: util-kubeadm-aio-run
|
44
tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml
Normal file
44
tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: setting playbook user info facts before escalating privileges
|
||||||
|
set_fact:
|
||||||
|
playbook_user_id: "{{ ansible_user_uid }}"
|
||||||
|
playbook_group_id: "{{ ansible_user_gid }}"
|
||||||
|
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||||
|
kube_master: "{{ groups['primary'][0] }}"
|
||||||
|
kube_worker: "{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
- name: deploying kubelet and support assets to node
|
||||||
|
include_role:
|
||||||
|
name: deploy-kubeadm-aio-common
|
||||||
|
tasks_from: main
|
||||||
|
|
||||||
|
- name: generating the kubeadm join command for the node
|
||||||
|
include: util-generate-join-command.yaml
|
||||||
|
delegate_to: "{{ kube_master }}"
|
||||||
|
|
||||||
|
- name: joining node to kubernetes cluster
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: join-kube
|
||||||
|
kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}"
|
||||||
|
include: util-run-join-command.yaml
|
||||||
|
|
||||||
|
- name: waiting for node to be ready
|
||||||
|
delegate_to: "{{ kube_master }}"
|
||||||
|
command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}"
|
||||||
|
register: task_result
|
||||||
|
until: task_result.stdout == 'Ready'
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
@ -0,0 +1,56 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: generate the kubeadm join command for nodes
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: generate-join-cmd
|
||||||
|
kubeadm_cluster_join_ttl: 30m
|
||||||
|
kube_worker: null
|
||||||
|
block:
|
||||||
|
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||||
|
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||||
|
state: started
|
||||||
|
detach: false
|
||||||
|
recreate: yes
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /etc/kubernetes:/etc/kubernetes:ro
|
||||||
|
env:
|
||||||
|
ACTION=generate-join-cmd
|
||||||
|
TTL="{{ kubeadm_cluster_join_ttl }}"
|
||||||
|
register: kubeadm_generate_join_command
|
||||||
|
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||||
|
command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
register: kubeadm_aio_action_logs
|
||||||
|
- name: storing cluster join command
|
||||||
|
set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}"
|
||||||
|
rescue:
|
||||||
|
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||||
|
debug:
|
||||||
|
var: kubeadm_aio_action_logs.stdout_lines
|
||||||
|
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||||
|
command: exit 1
|
||||||
|
always:
|
||||||
|
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||||
|
state: absent
|
@ -0,0 +1,59 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: master
|
||||||
|
vars:
|
||||||
|
kubeadm_aio_action: join-kube
|
||||||
|
kubeadm_aio_join_command: null
|
||||||
|
block:
|
||||||
|
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||||
|
state: started
|
||||||
|
detach: false
|
||||||
|
recreate: yes
|
||||||
|
pid_mode: host
|
||||||
|
network_mode: host
|
||||||
|
capabilities: SYS_ADMIN
|
||||||
|
volumes:
|
||||||
|
- /sys:/sys:rw
|
||||||
|
- /run:/run:rw
|
||||||
|
- /:/mnt/rootfs:rw
|
||||||
|
- /etc:/etc:rw
|
||||||
|
env:
|
||||||
|
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
ACTION="{{ kubeadm_aio_action }}"
|
||||||
|
KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}"
|
||||||
|
register: kubeadm_aio_join_container
|
||||||
|
rescue:
|
||||||
|
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||||
|
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
register: kubeadm_aio_join_container_output
|
||||||
|
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||||
|
debug:
|
||||||
|
msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}"
|
||||||
|
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||||
|
command: exit 1
|
||||||
|
always:
|
||||||
|
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||||
|
state: absent
|
46
tools/gate/playbooks/deploy-package/tasks/dist.yaml
Normal file
46
tools/gate/playbooks/deploy-package/tasks/dist.yaml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: managing distro packages for ubuntu
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "{{ state }}"
|
||||||
|
with_items: "{{ packages.deb }}"
|
||||||
|
|
||||||
|
- name: managing distro packages for centos
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
yum:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "{{ state }}"
|
||||||
|
with_items: "{{ packages.rpm }}"
|
||||||
|
|
||||||
|
- name: managing distro packages for fedora
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
dnf:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "{{ state }}"
|
||||||
|
with_items: "{{ packages.rpm }}"
|
23
tools/gate/playbooks/deploy-package/tasks/pip.yaml
Normal file
23
tools/gate/playbooks/deploy-package/tasks/pip.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: managing pip packages
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
vars:
|
||||||
|
state: present
|
||||||
|
pip:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: "{{ state }}"
|
||||||
|
with_items: "{{ packages }}"
|
44
tools/gate/playbooks/deploy-python-pip/tasks/main.yaml
Normal file
44
tools/gate/playbooks/deploy-python-pip/tasks/main.yaml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: ensuring python pip package is present for ubuntu
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
apt:
|
||||||
|
name: python-pip
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensuring python pip package is present for centos
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
block:
|
||||||
|
- name: ensuring epel-release package is present for centos as python-pip is in the epel repo
|
||||||
|
yum:
|
||||||
|
name: epel-release
|
||||||
|
state: present
|
||||||
|
- name: ensuring python pip package is present for centos
|
||||||
|
yum:
|
||||||
|
name: python-pip
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensuring python pip package is present for fedora via the python-devel rpm
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
dnf:
|
||||||
|
name: python-devel
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensuring pip is the latest version
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
pip:
|
||||||
|
name: pip
|
||||||
|
state: latest
|
16
tools/gate/playbooks/deploy-python/tasks/main.yaml
Normal file
16
tools/gate/playbooks/deploy-python/tasks/main.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: ensuring python2 is present on all hosts
|
||||||
|
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)
|
18
tools/gate/playbooks/pull-images/tasks/main.yaml
Normal file
18
tools/gate/playbooks/pull-images/tasks/main.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: pull all images used in repo
|
||||||
|
make:
|
||||||
|
chdir: "{{ work_dir }}"
|
||||||
|
target: pull-all-images
|
29
tools/gate/playbooks/setup-firewall/tasks/main.yaml
Normal file
29
tools/gate/playbooks/setup-firewall/tasks/main.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
|
||||||
|
- name: deploy iptables packages
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
deb:
|
||||||
|
- iptables
|
||||||
|
rpm:
|
||||||
|
- iptables
|
||||||
|
- command: iptables -S
|
||||||
|
- command: iptables -F
|
||||||
|
- command: iptables -P INPUT ACCEPT
|
||||||
|
- command: iptables -S
|
26
tools/gate/playbooks/vars.yaml
Normal file
26
tools/gate/playbooks/vars.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
images:
|
||||||
|
kubernetes:
|
||||||
|
kubeadm_aio: openstackhelm/kubeadm-aio:dev
|
||||||
|
|
||||||
|
helm:
|
||||||
|
version: v2.7.0-rc1
|
||||||
|
|
||||||
|
kubernetes:
|
||||||
|
network:
|
||||||
|
default_device: null
|
||||||
|
cluster:
|
||||||
|
cni: calico
|
55
tools/gate/playbooks/zuul-pre.yaml
Normal file
55
tools/gate/playbooks/zuul-pre.yaml
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
gather_facts: False
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- deploy-python
|
||||||
|
tags:
|
||||||
|
- deploy-python
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
gather_facts: True
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- setup-firewall
|
||||||
|
- deploy-python-pip
|
||||||
|
- deploy-docker
|
||||||
|
tags:
|
||||||
|
- setup-firewall
|
||||||
|
- deploy-python-pip
|
||||||
|
- deploy-docker
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
gather_facts: False
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- pull-images
|
||||||
|
- build-images
|
||||||
|
tags:
|
||||||
|
- pull-images
|
||||||
|
- build-images
|
33
tools/gate/playbooks/zuul-run.yaml
Normal file
33
tools/gate/playbooks/zuul-run.yaml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: primary
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
roles:
|
||||||
|
- deploy-kubeadm-aio-master
|
||||||
|
tags:
|
||||||
|
- deploy-kubeadm-aio-master
|
||||||
|
|
||||||
|
- hosts: nodes
|
||||||
|
vars_files:
|
||||||
|
- vars.yaml
|
||||||
|
vars:
|
||||||
|
work_dir: "{{ zuul.project.src_dir }}"
|
||||||
|
roles:
|
||||||
|
- deploy-kubeadm-aio-node
|
||||||
|
tags:
|
||||||
|
- deploy-kubeadm-aio-node
|
68
tools/images/kubeadm-aio/Dockerfile
Normal file
68
tools/images/kubeadm-aio/Dockerfile
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
#https://github.com/kubernetes/ingress-nginx/tree/master/images/ubuntu-slim
|
||||||
|
FROM gcr.io/google_containers/ubuntu-slim:0.14
|
||||||
|
MAINTAINER pete.birley@att.com
|
||||||
|
|
||||||
|
ENV KUBE_VERSION="v1.8.1" \
|
||||||
|
CNI_VERSION="v0.6.0" \
|
||||||
|
HELM_VERSION="v2.7.0-rc1" \
|
||||||
|
container="docker" \
|
||||||
|
DEBIAN_FRONTEND="noninteractive" \
|
||||||
|
CNI_BIN_DIR="/opt/cni/bin" \
|
||||||
|
CHARTS="calico,flannel,tiller,kube-dns"
|
||||||
|
|
||||||
|
RUN set -ex ;\
|
||||||
|
apt-get update ;\
|
||||||
|
apt-get upgrade -y ;\
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
ca-certificates \
|
||||||
|
curl \
|
||||||
|
jq \
|
||||||
|
python-pip \
|
||||||
|
gawk ;\
|
||||||
|
pip --no-cache-dir install --upgrade pip ;\
|
||||||
|
pip --no-cache-dir install setuptools ;\
|
||||||
|
pip --no-cache-dir install kubernetes ;\
|
||||||
|
pip --no-cache-dir install ansible ;\
|
||||||
|
for BINARY in kubectl kubeadm; do \
|
||||||
|
curl -sSL -o /usr/bin/${BINARY} \
|
||||||
|
https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/${BINARY} ;\
|
||||||
|
chmod +x /usr/bin/${BINARY} ;\
|
||||||
|
done ;\
|
||||||
|
mkdir -p /opt/assets/usr/bin ;\
|
||||||
|
curl -sSL -o /opt/assets/usr/bin/kubelet \
|
||||||
|
https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubelet ;\
|
||||||
|
chmod +x /opt/assets/usr/bin/kubelet ;\
|
||||||
|
mkdir -p /opt/assets${CNI_BIN_DIR} ;\
|
||||||
|
curl -sSL https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION/cni-plugins-amd64-$CNI_VERSION.tgz | \
|
||||||
|
tar -zxv --strip-components=1 -C /opt/assets${CNI_BIN_DIR} ;\
|
||||||
|
TMP_DIR=$(mktemp -d) ;\
|
||||||
|
curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} ;\
|
||||||
|
mv ${TMP_DIR}/helm /usr/bin/helm ;\
|
||||||
|
rm -rf ${TMP_DIR} ;\
|
||||||
|
apt-get purge -y --auto-remove \
|
||||||
|
curl ;\
|
||||||
|
rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache
|
||||||
|
|
||||||
|
COPY ./ /tmp/source
|
||||||
|
RUN set -ex ;\
|
||||||
|
cp -rfav /tmp/source/tools/images/kubeadm-aio/assets/* / ;\
|
||||||
|
IFS=','; for CHART in $CHARTS; do \
|
||||||
|
mv -v /tmp/source/${CHART} /opt/charts/; \
|
||||||
|
done ;\
|
||||||
|
rm -rf /tmp/source
|
||||||
|
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
119
tools/images/kubeadm-aio/assets/entrypoint.sh
Executable file
119
tools/images/kubeadm-aio/assets/entrypoint.sh
Executable file
@ -0,0 +1,119 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then
|
||||||
|
: ${TTL:="10m"}
|
||||||
|
DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing --groups '')"
|
||||||
|
TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")"
|
||||||
|
DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')"
|
||||||
|
API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()")
|
||||||
|
exec echo "kubeadm join \
|
||||||
|
--tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \
|
||||||
|
--discovery-token ${DISCOVERY_TOKEN} \
|
||||||
|
--discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \
|
||||||
|
${API_SERVER}"
|
||||||
|
elif [ "x${ACTION}" == "xjoin-kube" ]; then
|
||||||
|
exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-node.yaml \
|
||||||
|
--inventory=/opt/playbooks/inventory.ini \
|
||||||
|
--extra-vars="kubeadm_join_command=\"${KUBEADM_JOIN_COMMAND}\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
: ${ACTION:="deploy-kube"}
|
||||||
|
: ${CONTAINER_NAME:="null"}
|
||||||
|
: ${CONTAINER_RUNTIME:="docker"}
|
||||||
|
: ${CNI_ENABLED:="calico"}
|
||||||
|
: ${NET_SUPPORT_LINUXBRIDGE:="true"}
|
||||||
|
: ${PVC_SUPPORT_CEPH:="false"}
|
||||||
|
: ${PVC_SUPPORT_NFS:="false"}
|
||||||
|
: ${HELM_TILLER_IMAGE:="gcr.io/kubernetes-helm/tiller:${HELM_VERSION}"}
|
||||||
|
: ${KUBE_VERSION:="${KUBE_VERSION}"}
|
||||||
|
: ${KUBE_IMAGE_REPO:="gcr.io/google_containers"}
|
||||||
|
: ${KUBE_API_BIND_PORT:="6443"}
|
||||||
|
: ${KUBE_NET_DNS_DOMAIN:="cluster.local"}
|
||||||
|
: ${KUBE_NET_POD_SUBNET:="192.168.0.0/16"}
|
||||||
|
: ${KUBE_NET_SUBNET_SUBNET:="10.96.0.0/12"}
|
||||||
|
: ${KUBE_BIND_DEVICE:=""}
|
||||||
|
: ${KUBE_BIND_ADDR:=""}
|
||||||
|
: ${KUBE_API_BIND_DEVICE:="${KUBE_BIND_DEVICE}"}
|
||||||
|
: ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"}
|
||||||
|
: ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"}
|
||||||
|
: ${KUBE_SELF_HOSTED:="false"}
|
||||||
|
|
||||||
|
PLAYBOOK_VARS="{
|
||||||
|
\"my_container_name\": \"${CONTAINER_NAME}\",
|
||||||
|
\"user\": {
|
||||||
|
\"uid\": ${USER_UID},
|
||||||
|
\"gid\": ${USER_GID},
|
||||||
|
\"home\": \"${USER_HOME}\"
|
||||||
|
},
|
||||||
|
\"cluster\": {
|
||||||
|
\"cni\": \"${CNI_ENABLED}\"
|
||||||
|
},
|
||||||
|
\"kubelet\": {
|
||||||
|
\"container_runtime\": \"${CONTAINER_RUNTIME}\",
|
||||||
|
\"net_support_linuxbridge\": ${NET_SUPPORT_LINUXBRIDGE},
|
||||||
|
\"pv_support_nfs\": ${PVC_SUPPORT_NFS},
|
||||||
|
\"pv_support_ceph\": ${PVC_SUPPORT_CEPH}
|
||||||
|
},
|
||||||
|
\"helm\": {
|
||||||
|
\"tiller_image\": \"${HELM_TILLER_IMAGE}\"
|
||||||
|
},
|
||||||
|
\"k8s\": {
|
||||||
|
\"kubernetesVersion\": \"${KUBE_VERSION}\",
|
||||||
|
\"imageRepository\": \"${KUBE_IMAGE_REPO}\",
|
||||||
|
\"certificatesDir\": \"${KUBE_CERTS_DIR}\",
|
||||||
|
\"selfHosted\": \"${KUBE_SELF_HOSTED}\",
|
||||||
|
\"api\": {
|
||||||
|
\"bindPort\": ${KUBE_API_BIND_PORT}
|
||||||
|
},
|
||||||
|
\"networking\": {
|
||||||
|
\"dnsDomain\": \"${KUBE_NET_DNS_DOMAIN}\",
|
||||||
|
\"podSubnet\": \"${KUBE_NET_POD_SUBNET}\",
|
||||||
|
\"serviceSubnet\": \"${KUBE_NET_SUBNET_SUBNET}\"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}"
|
||||||
|
|
||||||
|
set -x
|
||||||
|
if [ "x${ACTION}" == "xdeploy-kubelet" ]; then
|
||||||
|
if [ "x${KUBE_BIND_ADDR}" != "x" ]; then
|
||||||
|
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}")
|
||||||
|
elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then
|
||||||
|
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}")
|
||||||
|
fi
|
||||||
|
ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \
|
||||||
|
--inventory=/opt/playbooks/inventory.ini \
|
||||||
|
--inventory=/opt/playbooks/vars.yaml \
|
||||||
|
--extra-vars="${PLAYBOOK_VARS}"
|
||||||
|
elif [ "x${ACTION}" == "xdeploy-kube" ]; then
|
||||||
|
if [ "x${KUBE_API_BIND_ADDR}" != "x" ]; then
|
||||||
|
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddress\": \"${KUBE_API_BIND_ADDR}\"}")
|
||||||
|
elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then
|
||||||
|
PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}")
|
||||||
|
fi
|
||||||
|
ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \
|
||||||
|
--inventory=/opt/playbooks/inventory.ini \
|
||||||
|
--inventory=/opt/playbooks/vars.yaml \
|
||||||
|
--extra-vars="${PLAYBOOK_VARS}"
|
||||||
|
elif [ "x${ACTION}" == "xclean-host" ]; then
|
||||||
|
ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \
|
||||||
|
--inventory=/opt/playbooks/inventory.ini \
|
||||||
|
--inventory=/opt/playbooks/vars.yaml \
|
||||||
|
--extra-vars="${PLAYBOOK_VARS}"
|
||||||
|
else
|
||||||
|
exec ${ACTION}
|
||||||
|
fi
|
@ -0,0 +1,2 @@
|
|||||||
|
[node]
|
||||||
|
/mnt/rootfs ansible_connection=chroot
|
@ -0,0 +1,19 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: True
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- clean-host
|
||||||
|
tags:
|
||||||
|
- clean-host
|
@ -0,0 +1,19 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
gather_facts: True
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- deploy-kubelet
|
||||||
|
tags:
|
||||||
|
- deploy-kubelet
|
@ -0,0 +1,18 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- deploy-kubeadm-master
|
||||||
|
tags:
|
||||||
|
- deploy-kubeadm-master
|
@ -0,0 +1,18 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- deploy-kubeadm-node
|
||||||
|
tags:
|
||||||
|
- deploy-kubeadm-node
|
@ -0,0 +1,56 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
|
||||||
|
- name: clean | kube | remove config
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes
|
||||||
|
|
||||||
|
- name: clean | kube | stop kubelet service
|
||||||
|
ignore_errors: yes
|
||||||
|
systemd:
|
||||||
|
name: kubelet
|
||||||
|
state: stopped
|
||||||
|
enabled: no
|
||||||
|
masked: no
|
||||||
|
|
||||||
|
- name: clean | kube | removing any old docker containers
|
||||||
|
ignore_errors: yes
|
||||||
|
shell: MY_CONTAINER_ID=$(docker inspect --format {% raw %}'{{ .Id }}'{% endraw %} "{{ my_container_name }}"); docker ps --all --no-trunc --quiet | awk '!'"/${MY_CONTAINER_ID}/ { print \$1 }" | xargs -r -l1 -P16 docker rm -f
|
||||||
|
|
||||||
|
- name: clean | kube | remove any mounts
|
||||||
|
ignore_errors: yes
|
||||||
|
shell: |-
|
||||||
|
for MOUNT in $(findmnt --df --output TARGET | grep "^/var/lib/kubelet"); do
|
||||||
|
umount --force $MOUNT
|
||||||
|
done
|
||||||
|
|
||||||
|
- name: clean | kube | remove dirs
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes
|
||||||
|
- /etc/cni/net.d
|
||||||
|
- /etc/systemd/system/kubelet.service
|
||||||
|
- /etc/systemd/system/kubelet.service.d
|
||||||
|
- /var/lib/kubelet
|
||||||
|
- /var/lib/etcd
|
||||||
|
- /var/etcd
|
||||||
|
- /opt/cni/bin
|
||||||
|
|
||||||
|
- name: clean | kube | reload systemd
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
@ -0,0 +1,92 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: setting up bootstrap tiller
|
||||||
|
block:
|
||||||
|
- name: pull the helm tiller Image
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_image:
|
||||||
|
pull: true
|
||||||
|
name: "{{ helm.tiller_image }}"
|
||||||
|
- name: deploying bootstrap tiller
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
image: "{{ helm.tiller_image }}"
|
||||||
|
state: started
|
||||||
|
detach: true
|
||||||
|
recreate: yes
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro
|
||||||
|
env:
|
||||||
|
KUBECONFIG=/etc/kubernetes/admin.conf
|
||||||
|
register: kubeadm_aio_tiller_container
|
||||||
|
ignore_errors: True
|
||||||
|
- name: wait for tiller to be ready
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: helm version --server
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
- name: kubeadm | cni | calico
|
||||||
|
when: cluster.cni == 'calico'
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: kubeadm | cni | calico | label node
|
||||||
|
command: kubectl label --overwrite nodes {{ kubeadm_node_hostname }} node-role.kubernetes.io/master=
|
||||||
|
environment:
|
||||||
|
KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf'
|
||||||
|
- name: kubeadm | cni | calico
|
||||||
|
command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --wait
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
- name: kubeadm | cni | calico
|
||||||
|
command: helm status calico
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: kubeadm_helm_cni_status
|
||||||
|
- name: kubeadm | cni | status
|
||||||
|
debug:
|
||||||
|
msg: "{{ kubeadm_helm_cni_status }}"
|
||||||
|
|
||||||
|
- name: kubeadm | cni | flannel
|
||||||
|
when: cluster.cni == 'flannel'
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: kubeadm | cni | flannel
|
||||||
|
command: helm install /opt/charts/flannel --name flannel --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --wait
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
- name: kubeadm | cni | flannel
|
||||||
|
command: helm status flannel
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: kubeadm_helm_cni_status
|
||||||
|
- name: kubeadm | cni | status
|
||||||
|
debug:
|
||||||
|
msg: "{{ kubeadm_helm_cni_status }}"
|
||||||
|
|
||||||
|
- name: "removing bootstrap tiller container"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
state: absent
|
@ -0,0 +1,84 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: setting up bootstrap tiller
|
||||||
|
block:
|
||||||
|
- name: pull the helm tiller Image
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_image:
|
||||||
|
pull: true
|
||||||
|
name: "{{ helm.tiller_image }}"
|
||||||
|
- name: deploying bootstrap tiller
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
image: "{{ helm.tiller_image }}"
|
||||||
|
state: started
|
||||||
|
detach: true
|
||||||
|
recreate: yes
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro
|
||||||
|
env:
|
||||||
|
KUBECONFIG=/etc/kubernetes/admin.conf
|
||||||
|
register: kubeadm_aio_tiller_container
|
||||||
|
ignore_errors: True
|
||||||
|
- name: wait for tiller to be ready
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: helm version --server
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
- name: kubeadm | helm | tiller
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: kubeadm | helm | tiller
|
||||||
|
command: helm install /opt/charts/tiller --name tiller --namespace kube-system --wait
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
- name: kubeadm | helm | tiller
|
||||||
|
command: helm status tiller
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: kubeadm_helm_cni_status
|
||||||
|
- name: kubeadm | helm | tiller
|
||||||
|
debug:
|
||||||
|
msg: "{{ kubeadm_helm_cni_status }}"
|
||||||
|
|
||||||
|
- name: "removing bootstrap tiller container"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: setting up helm client on host
|
||||||
|
block:
|
||||||
|
- name: copying helm binary to host
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
copy:
|
||||||
|
src: /usr/bin/helm
|
||||||
|
dest: /usr/bin/helm
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0555
|
||||||
|
- name: setting up helm client for user
|
||||||
|
command: helm init --client-only
|
@ -0,0 +1,70 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: setting up bootstrap tiller
|
||||||
|
block:
|
||||||
|
- name: pull the helm tiller Image
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_image:
|
||||||
|
pull: true
|
||||||
|
name: "{{ helm.tiller_image }}"
|
||||||
|
- name: deploying bootstrap tiller
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
image: "{{ helm.tiller_image }}"
|
||||||
|
state: started
|
||||||
|
detach: true
|
||||||
|
recreate: yes
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro
|
||||||
|
env:
|
||||||
|
KUBECONFIG=/etc/kubernetes/admin.conf
|
||||||
|
register: kubeadm_aio_tiller_container
|
||||||
|
ignore_errors: True
|
||||||
|
- name: wait for tiller to be ready
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: helm version --server
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
- name: kubeadm | dns
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: kubeadm | dns
|
||||||
|
command: helm install /opt/charts/kube-dns --name kube-dns --namespace kube-system --wait
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
- name: kubeadm | dns
|
||||||
|
command: helm status kube-dns
|
||||||
|
environment:
|
||||||
|
HELM_HOST: 'localhost:44134'
|
||||||
|
register: kubeadm_helm_dns_status
|
||||||
|
- name: kubeadm | dns
|
||||||
|
debug:
|
||||||
|
msg: "{{ kubeadm_helm_dns_status }}"
|
||||||
|
|
||||||
|
- name: "removing bootstrap tiller container"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
docker_container:
|
||||||
|
name: "helm-tiller"
|
||||||
|
state: absent
|
@ -0,0 +1,209 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: storing node hostname
|
||||||
|
set_fact:
|
||||||
|
kubeadm_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}"
|
||||||
|
|
||||||
|
- name: deploy config file and make dir structure
|
||||||
|
block:
|
||||||
|
- name: setup directorys on host
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes
|
||||||
|
- /etc/kubernetes/pki
|
||||||
|
- name: generating initial admin token
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: /usr/bin/kubeadm token generate
|
||||||
|
register: kubeadm_bootstrap_token
|
||||||
|
- name: storing initial admin token
|
||||||
|
set_fact:
|
||||||
|
kubeadm_bootstrap_token: "{{ kubeadm_bootstrap_token.stdout }}"
|
||||||
|
- name: kubelet | copying config to host
|
||||||
|
template:
|
||||||
|
src: kubeadm-conf.yaml.j2
|
||||||
|
dest: /etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: generating certs
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: master | deploy | certs | ca
|
||||||
|
command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | certs | apiserver
|
||||||
|
command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | certs | apiserver-kubelet-client
|
||||||
|
command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | certs | sa
|
||||||
|
command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | certs | front-proxy-ca
|
||||||
|
command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | certs | front-proxy-client
|
||||||
|
command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: generating kubeconfigs
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: master | deploy | kubeconfig | admin
|
||||||
|
command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | kubeconfig | kubelet
|
||||||
|
command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | kubeconfig | controller-manager
|
||||||
|
command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | kubeconfig | scheduler
|
||||||
|
command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: generating etcd static manifest
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: generating controlplane static manifests
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: master | deploy | controlplane | apiserver
|
||||||
|
command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | controlplane | controller-manager
|
||||||
|
command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
- name: master | deploy | controlplane | scheduler
|
||||||
|
command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: wait for kube components
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: wait for kube api
|
||||||
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; python /usr/bin/test-kube-api.py
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
- name: wait for node to come online
|
||||||
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '\(^Ready\)\|\(^NotReady\)'
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
- include_tasks: wait-for-kube-system-namespace.yaml
|
||||||
|
|
||||||
|
- name: deploying kube-proxy
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- include_tasks: helm-cni.yaml
|
||||||
|
|
||||||
|
- name: wait for kube components
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: wait for node to be ready
|
||||||
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '^Ready'
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
||||||
|
- include_tasks: wait-for-kube-system-namespace.yaml
|
||||||
|
|
||||||
|
# - name: deploying kube-dns addon
|
||||||
|
# delegate_to: 127.0.0.1
|
||||||
|
# block:
|
||||||
|
# - name: master | deploy | kube-dns
|
||||||
|
# command: kubeadm alpha phase addon kube-dns --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
# - include_tasks: wait-for-kube-system-namespace.yaml
|
||||||
|
|
||||||
|
- include_tasks: helm-dns.yaml
|
||||||
|
- include_tasks: helm-deploy.yaml
|
||||||
|
|
||||||
|
- name: uploading cluster config to api
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: generating bootstrap-token objects
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: master | deploy | bootstrap-token | allow-post-csrs
|
||||||
|
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
|
||||||
|
- name: master | deploy | bootstrap-token | allow-auto-approve
|
||||||
|
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
|
||||||
|
|
||||||
|
- name: generating bootstrap-token objects
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
block:
|
||||||
|
- name: check if kube-public namespace exists
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf get ns kube-public
|
||||||
|
register: kube_public_ns_exists
|
||||||
|
ignore_errors: True
|
||||||
|
- name: create kube-public namespace if required
|
||||||
|
when: kube_public_ns_exists | failed
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create ns kube-public
|
||||||
|
- name: sourcing kube cluster admin credentials
|
||||||
|
include_vars: /etc/kubernetes/admin.conf
|
||||||
|
- name: creating cluster-info configmap manifest on host
|
||||||
|
template:
|
||||||
|
src: cluster-info.yaml.j2
|
||||||
|
dest: /etc/kubernetes/cluster-info.yaml
|
||||||
|
mode: 0644
|
||||||
|
- name: removing any pre-existing cluster-info configmap
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf delete -f /etc/kubernetes/cluster-info.yaml --ignore-not-found
|
||||||
|
- name: creating cluster-info configmap
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create -f /etc/kubernetes/cluster-info.yaml
|
||||||
|
- name: removing cluster-info configmap manifest from host
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes/cluster-info.yaml
|
||||||
|
|
||||||
|
- name: check if kube-public configmap role exists
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get role system:bootstrap-signer-clusterinfo
|
||||||
|
register: kube_public_configmap_role_exists
|
||||||
|
ignore_errors: True
|
||||||
|
- name: create kube-public configmap role if required
|
||||||
|
when: kube_public_configmap_role_exists | failed
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create role system:bootstrap-signer-clusterinfo --verb get --resource configmaps
|
||||||
|
|
||||||
|
- name: check if kube-public configmap rolebinding exists
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get rolebinding kubeadm:bootstrap-signer-clusterinfo
|
||||||
|
register: kube_public_configmap_rolebinding_exists
|
||||||
|
ignore_errors: True
|
||||||
|
- name: create kube-public configmap rolebinding if required
|
||||||
|
when: kube_public_configmap_rolebinding_exists | failed
|
||||||
|
command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create rolebinding kubeadm:bootstrap-signer-clusterinfo --role system:bootstrap-signer-clusterinfo --user system:anonymous
|
||||||
|
|
||||||
|
- name: converting the cluster to be selfhosted
|
||||||
|
when: k8s.selfHosted|bool == true
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
|
||||||
|
|
||||||
|
- name: setting up kubectl client on host
|
||||||
|
block:
|
||||||
|
- name: kubectl | copying kubectl binary to host
|
||||||
|
copy:
|
||||||
|
src: /usr/bin/kubectl
|
||||||
|
dest: /usr/bin/kubectl
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0555
|
||||||
|
- name: kubectl | master | ensure kube config directory exists for user
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- "{{ vars.user.home }}/.kube"
|
||||||
|
- name: kubectl | master | deploy kube config file for user
|
||||||
|
copy:
|
||||||
|
src: /mnt/rootfs/etc/kubernetes/admin.conf
|
||||||
|
dest: "{{ vars.user.home }}/.kube/config"
|
||||||
|
owner: "{{ vars.user.uid }}"
|
||||||
|
group: "{{ vars.user.gid }}"
|
||||||
|
mode: 0600
|
@ -0,0 +1,21 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- name: wait for kube pods to all be running in kube-system namespace
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; /usr/bin/test-kube-pods-ready kube-system
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: cluster-info
|
||||||
|
namespace: kube-public
|
||||||
|
data:
|
||||||
|
kubeconfig: |
|
||||||
|
apiVersion: v1
|
||||||
|
clusters:
|
||||||
|
- cluster:
|
||||||
|
certificate-authority-data: {{ clusters[0].cluster['certificate-authority-data'] }}
|
||||||
|
server: {{ clusters[0].cluster['server'] }}
|
||||||
|
name: ""
|
||||||
|
contexts: []
|
||||||
|
current-context: ""
|
||||||
|
kind: Config
|
||||||
|
preferences: {}
|
||||||
|
users: []
|
@ -0,0 +1,46 @@
|
|||||||
|
#jinja2: trim_blocks:False
|
||||||
|
apiVersion: kubeadm.k8s.io/v1alpha1
|
||||||
|
kind: MasterConfiguration
|
||||||
|
kubernetesVersion: {{ k8s.kubernetesVersion }}
|
||||||
|
imageRepository: {{ k8s.imageRepository }}
|
||||||
|
nodeName: {{ kubeadm_node_hostname }}
|
||||||
|
api:
|
||||||
|
advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
|
||||||
|
bindPort: {{ k8s.api.bindPort }}
|
||||||
|
# etcd:
|
||||||
|
# endpoints:
|
||||||
|
# - <endpoint1|string>
|
||||||
|
# - <endpoint2|string>
|
||||||
|
# caFile: <path|string>
|
||||||
|
# certFile: <path|string>
|
||||||
|
# keyFile: <path|string>
|
||||||
|
# dataDir: <path|string>
|
||||||
|
# extraArgs:
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# image: <string>
|
||||||
|
networking:
|
||||||
|
dnsDomain: {{ k8s.networking.dnsDomain }}
|
||||||
|
podSubnet: {{ k8s.networking.podSubnet }}
|
||||||
|
serviceSubnet: {{ k8s.networking.serviceSubnet }}
|
||||||
|
#cloudProvider: <string>
|
||||||
|
authorizationModes:
|
||||||
|
- Node
|
||||||
|
- RBAC
|
||||||
|
token: {{ kubeadm_bootstrap_token }}
|
||||||
|
tokenTTL: 24h0m0s
|
||||||
|
selfHosted: {{ k8s.selfHosted }}
|
||||||
|
apiServerExtraArgs:
|
||||||
|
runtime-config: "batch/v2alpha1=true"
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# controllerManagerExtraArgs:
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# schedulerExtraArgs:
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# <argument>: <value|string>
|
||||||
|
# apiServerCertSANs:
|
||||||
|
# - <name1|string>
|
||||||
|
# - <name2|string>
|
||||||
|
certificatesDir: {{ k8s.certificatesDir }}
|
||||||
|
#unifiedControlPlaneImage: <string>
|
@ -0,0 +1,40 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: base kubeadm deploy
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes/
|
||||||
|
- /etc/systemd/system/kubelet.service.d/
|
||||||
|
- /var/lib/kubelet/
|
||||||
|
- name: copying kubeadm binary to host
|
||||||
|
copy:
|
||||||
|
src: /usr/bin/kubeadm
|
||||||
|
dest: /usr/bin/kubeadm
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0555
|
||||||
|
- debug:
|
||||||
|
msg: "{{ kubeadm_join_command }}"
|
||||||
|
- name: running kubeadm join command
|
||||||
|
command: "{{ kubeadm_join_command }}"
|
||||||
|
- name: base kubeadm deploy
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /usr/bin/kubeadm
|
@ -0,0 +1,35 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: DNS | Ensure node fully qualified hostname is set
|
||||||
|
lineinfile:
|
||||||
|
unsafe_writes: true
|
||||||
|
state: present
|
||||||
|
dest: /etc/hosts
|
||||||
|
line: "{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %} {% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %} {{ ansible_hostname }}"
|
||||||
|
regexp: "^{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% if kubelet.bind_device is defined %}|{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% endif %}"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: DNS | Ensure node localhost ipv4 hostname is set
|
||||||
|
lineinfile:
|
||||||
|
unsafe_writes: true
|
||||||
|
state: present
|
||||||
|
dest: /etc/hosts
|
||||||
|
line: "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4"
|
||||||
|
regexp: "^127.0.0.1"
|
||||||
|
- name: DNS | Ensure node localhost ipv6 hostname is set
|
||||||
|
lineinfile:
|
||||||
|
unsafe_writes: true
|
||||||
|
state: present
|
||||||
|
dest: /etc/hosts
|
||||||
|
line: "::1 localhost6 localhost6.localdomain6"
|
||||||
|
regexp: "^::1"
|
@ -0,0 +1,162 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: ubuntu | installing kubelet support packages
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
apt:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- ebtables
|
||||||
|
- ethtool
|
||||||
|
- iproute2
|
||||||
|
- iptables
|
||||||
|
- libmnl0
|
||||||
|
- libnfnetlink0
|
||||||
|
- libwrap0
|
||||||
|
- libxtables11
|
||||||
|
- socat
|
||||||
|
|
||||||
|
- name: centos | installing kubelet support packages
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
yum:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- ebtables
|
||||||
|
- ethtool
|
||||||
|
- tcp_wrappers-libs
|
||||||
|
- libmnl
|
||||||
|
- socat
|
||||||
|
|
||||||
|
- name: fedora | installing kubelet support packages
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
dnf:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- ebtables
|
||||||
|
- ethtool
|
||||||
|
- tcp_wrappers-libs
|
||||||
|
- libmnl
|
||||||
|
- socat
|
||||||
|
|
||||||
|
- name: getting docker cgroup driver info
|
||||||
|
when: kubelet.container_runtime == 'docker'
|
||||||
|
block:
|
||||||
|
- name: docker | getting cgroup driver info
|
||||||
|
shell: docker info | awk '/^Cgroup Driver:/ { print $NF }'
|
||||||
|
register: docker_cgroup_driver
|
||||||
|
- name: setting kublet cgroup driver
|
||||||
|
set_fact:
|
||||||
|
kubelet_cgroup_driver: "{{ docker_cgroup_driver.stdout }}"
|
||||||
|
|
||||||
|
- name: setting kublet cgroup driver for CRI-O
|
||||||
|
when: kubelet.container_runtime == 'crio'
|
||||||
|
set_fact:
|
||||||
|
kubelet_cgroup_driver: "systemd"
|
||||||
|
|
||||||
|
- name: setting node hostname fact
|
||||||
|
set_fact:
|
||||||
|
kubelet_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}"
|
||||||
|
|
||||||
|
- name: base kubelet deploy
|
||||||
|
block:
|
||||||
|
- file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /etc/kubernetes/
|
||||||
|
- /etc/systemd/system/kubelet.service.d/
|
||||||
|
- /var/lib/kubelet/
|
||||||
|
- name: copying kubelet binary to host
|
||||||
|
copy:
|
||||||
|
src: /opt/assets/usr/bin/kubelet
|
||||||
|
dest: /usr/bin/kubelet
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0555
|
||||||
|
- name: copying base systemd unit to host
|
||||||
|
template:
|
||||||
|
src: kubelet.service.j2
|
||||||
|
dest: /etc/systemd/system/kubelet.service
|
||||||
|
mode: 0640
|
||||||
|
- name: copying kubeadm drop-in systemd unit to host
|
||||||
|
template:
|
||||||
|
src: 10-kubeadm.conf.j2
|
||||||
|
dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
|
||||||
|
mode: 0640
|
||||||
|
- name: copying kubelet DNS config to host
|
||||||
|
template:
|
||||||
|
src: kubelet-resolv.conf.j2
|
||||||
|
dest: /etc/kubernetes/kubelet-resolv.conf
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: base cni support
|
||||||
|
block:
|
||||||
|
- file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- /etc/cni/net.d
|
||||||
|
- /opt/cni/bin
|
||||||
|
- name: copy cni binaries into place
|
||||||
|
copy:
|
||||||
|
src: /opt/assets/opt/cni/bin/{{ item }}
|
||||||
|
dest: /opt/cni/bin/{{ item }}
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0555
|
||||||
|
with_items:
|
||||||
|
- flannel
|
||||||
|
- ptp
|
||||||
|
- host-local
|
||||||
|
- portmap
|
||||||
|
- tuning
|
||||||
|
- vlan
|
||||||
|
- sample
|
||||||
|
- dhcp
|
||||||
|
- ipvlan
|
||||||
|
- macvlan
|
||||||
|
- loopback
|
||||||
|
- bridge
|
||||||
|
|
||||||
|
- name: CRI-O runtime config
|
||||||
|
when: kubelet.container_runtime == 'crio'
|
||||||
|
block:
|
||||||
|
- name: copying CRI-O drop-in systemd unit to host
|
||||||
|
template:
|
||||||
|
src: 0-crio.conf.j2
|
||||||
|
dest: /etc/systemd/system/kubelet.service.d/0-crio.conf
|
||||||
|
mode: 0640
|
||||||
|
- name: CRI-O | ensure service is restarted and enabled
|
||||||
|
systemd:
|
||||||
|
name: crio
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
||||||
|
|
||||||
|
- name: docker | ensure service is started and enabled
|
||||||
|
when: kubelet.container_runtime == 'docker'
|
||||||
|
systemd:
|
||||||
|
name: docker
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
||||||
|
|
||||||
|
- name: ensure service is restarted and enabled
|
||||||
|
systemd:
|
||||||
|
name: kubelet
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
@ -0,0 +1,19 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- include_tasks: support-packages.yaml
|
||||||
|
|
||||||
|
- include_tasks: hostname.yaml
|
||||||
|
|
||||||
|
- include_tasks: setup-dns.yaml
|
||||||
|
|
||||||
|
- include_tasks: kubelet.yaml
|
@ -0,0 +1,49 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: DNS | Check if NetworkManager is being used
|
||||||
|
raw: systemctl status NetworkManager --no-pager
|
||||||
|
register: network_manager_in_use
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: DNS | Disable network NetworkManager management of resolv.conf
|
||||||
|
when: network_manager_in_use | succeeded
|
||||||
|
ini_file:
|
||||||
|
path: /etc/NetworkManager/NetworkManager.conf
|
||||||
|
section: main
|
||||||
|
option: dns
|
||||||
|
value: none
|
||||||
|
|
||||||
|
- name: DNS | load new resolv.conf
|
||||||
|
template:
|
||||||
|
unsafe_writes: yes
|
||||||
|
src: resolv.conf.j2
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
|
||||||
|
- name: DNS | Restarting NetworkManager
|
||||||
|
when: network_manager_in_use | succeeded
|
||||||
|
block:
|
||||||
|
- name: DNS | Restarting NetworkManager Service
|
||||||
|
systemd:
|
||||||
|
name: NetworkManager
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
||||||
|
- pause:
|
||||||
|
seconds: 5
|
||||||
|
- name: DNS | Waiting for connectivity to be restored to outside world
|
||||||
|
shell: if ! [[ $(ip -4 route list 0/0 | head -c1 | wc -c) -ne 0 ]]; then exit 1; fi
|
||||||
|
register: task_result
|
||||||
|
until: task_result.rc == 0
|
||||||
|
retries: 120
|
||||||
|
delay: 5
|
@ -0,0 +1,71 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: centos | installing epel-release
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
yum:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- epel-release
|
||||||
|
|
||||||
|
- name: centos | installing SElinux support packages
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
yum:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- libselinux-python
|
||||||
|
|
||||||
|
- name: fedora | installing SElinux support packages
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
dnf:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- libselinux-python
|
||||||
|
|
||||||
|
- when: kubelet.pv_support_ceph
|
||||||
|
name: installing ceph support packages
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
deb:
|
||||||
|
- ceph-common
|
||||||
|
rpm:
|
||||||
|
- ceph-common
|
||||||
|
|
||||||
|
- when: kubelet.pv_support_nfs
|
||||||
|
name: installing NFS support packages
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
deb:
|
||||||
|
- nfs-common
|
||||||
|
rpm:
|
||||||
|
- nfs-utils
|
||||||
|
|
||||||
|
- name: installing LinuxBridge support
|
||||||
|
when: kubelet.net_support_linuxbridge
|
||||||
|
include_role:
|
||||||
|
name: deploy-package
|
||||||
|
tasks_from: dist
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
deb:
|
||||||
|
- bridge-utils
|
||||||
|
rpm:
|
||||||
|
- bridge-utils
|
@ -0,0 +1,2 @@
|
|||||||
|
[Service]
|
||||||
|
Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --image-service-endpoint /var/run/crio.sock --container-runtime-endpoint /var/run/crio.sock"
|
@ -0,0 +1,11 @@
|
|||||||
|
[Service]
|
||||||
|
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
|
||||||
|
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --cgroup-driver={{ kubelet_cgroup_driver }}"
|
||||||
|
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"
|
||||||
|
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf"
|
||||||
|
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
|
||||||
|
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
|
||||||
|
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
|
||||||
|
#ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS
|
@ -0,0 +1,3 @@
|
|||||||
|
{% for nameserver in external_dns_nameservers %}
|
||||||
|
nameserver {{ nameserver }}
|
||||||
|
{% endfor %}
|
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=kubelet: The Kubernetes Node Agent
|
||||||
|
Documentation=http://kubernetes.io/docs/
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre=/sbin/swapoff -a
|
||||||
|
ExecStart=/usr/bin/kubelet
|
||||||
|
Restart=always
|
||||||
|
StartLimitInterval=0
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,6 @@
|
|||||||
|
search svc.{{ k8s.networking.dnsDomain }} {{ k8s.networking.dnsDomain }}
|
||||||
|
nameserver 10.96.0.10
|
||||||
|
{% for nameserver in external_dns_nameservers %}
|
||||||
|
nameserver {{ nameserver }}
|
||||||
|
{% endfor %}
|
||||||
|
options ndots:5 timeout:1 attempts:1
|
@ -0,0 +1,38 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: ubuntu | installing packages
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||||
|
apt:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ packages.deb }}"
|
||||||
|
|
||||||
|
- name: centos | installing packages
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||||
|
yum:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ packages.rpm }}"
|
||||||
|
|
||||||
|
- name: fedora | installing packages
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
dnf:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ packages.rpm }}"
|
@ -0,0 +1,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
- name: "installing python {{ package }}"
|
||||||
|
become: true
|
||||||
|
become_user: root
|
||||||
|
pip:
|
||||||
|
name: "{{ package }}"
|
48
tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
Normal file
48
tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
all:
|
||||||
|
vars:
|
||||||
|
my_container_name: null
|
||||||
|
user:
|
||||||
|
uid: null
|
||||||
|
gid: null
|
||||||
|
home: null
|
||||||
|
external_dns_nameservers:
|
||||||
|
- 8.8.8.8
|
||||||
|
- 8.8.4.4
|
||||||
|
cluster:
|
||||||
|
cni: calico
|
||||||
|
kubelet:
|
||||||
|
container_runtime: docker
|
||||||
|
net_support_linuxbridge: true
|
||||||
|
pv_support_ceph: true
|
||||||
|
pv_support_nfs: true
|
||||||
|
bind_device: null
|
||||||
|
helm:
|
||||||
|
tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0-rc1
|
||||||
|
k8s:
|
||||||
|
kubernetesVersion: v1.8.0
|
||||||
|
imageRepository: gcr.io/google_containers
|
||||||
|
certificatesDir: /etc/kubernetes/pki
|
||||||
|
selfHosted: false
|
||||||
|
api:
|
||||||
|
bindPort: 6443
|
||||||
|
#NOTE(portdirect): The following is a custom key, which resolves the
|
||||||
|
# 'advertiseAddress' key dynamicly.
|
||||||
|
advertiseAddressDevice: null
|
||||||
|
networking:
|
||||||
|
dnsDomain: cluster.local
|
||||||
|
podSubnet: 192.168.0.0/16
|
||||||
|
serviceSubnet: 10.96.0.0/12
|
21
tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py
Executable file
21
tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py
Executable file
@ -0,0 +1,21 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from kubernetes import client, config
|
||||||
|
config.load_kube_config()
|
||||||
|
# create an instance of the API class
|
||||||
|
api_instance = client.VersionApi()
|
||||||
|
api_instance.get_code()
|
33
tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready
Executable file
33
tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready
Executable file
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
NAMESPACE=$1
|
||||||
|
|
||||||
|
kubectl get pods --namespace=${NAMESPACE} -o json | jq -r \
|
||||||
|
'.items[].status.phase' | grep Pending > /dev/null && \
|
||||||
|
PENDING=True || PENDING=False
|
||||||
|
|
||||||
|
query='.items[]|select(.status.phase=="Running")'
|
||||||
|
query="$query|.status.containerStatuses[].ready"
|
||||||
|
kubectl get pods --namespace=${NAMESPACE} -o json | jq -r "$query" | \
|
||||||
|
grep false > /dev/null && READY="False" || READY="True"
|
||||||
|
|
||||||
|
kubectl get jobs -o json --namespace=${NAMESPACE} | jq -r \
|
||||||
|
'.items[] | .spec.completions == .status.succeeded' | \
|
||||||
|
grep false > /dev/null && JOBR="False" || JOBR="True"
|
||||||
|
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
|
||||||
|
exit 0 || exit 1
|
37
tools/pull-images.sh
Executable file
37
tools/pull-images.sh
Executable file
@ -0,0 +1,37 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -x
|
||||||
|
KUBE_VERSION=v1.8.1
|
||||||
|
KUBE_IMAGES="gcr.io/google_containers/hyperkube-amd64:${KUBE_VERSION}
|
||||||
|
gcr.io/google_containers/kube-apiserver-amd64:${KUBE_VERSION}
|
||||||
|
gcr.io/google_containers/kube-controller-manager-amd64:${KUBE_VERSION}
|
||||||
|
gcr.io/google_containers/kube-proxy-amd64:${KUBE_VERSION}
|
||||||
|
gcr.io/google_containers/kube-scheduler-amd64:${KUBE_VERSION}
|
||||||
|
gcr.io/google_containers/pause-amd64:3.0
|
||||||
|
gcr.io/google_containers/etcd-amd64:3.0.17"
|
||||||
|
|
||||||
|
CHART_IMAGES=""
|
||||||
|
for CHART_DIR in ./*/ ; do
|
||||||
|
if [ -e ${CHART_DIR}values.yaml ]; then
|
||||||
|
CHART_IMAGES+=" $(cat ${CHART_DIR}values.yaml | yq '.images.tags | map(.) | join(" ")' | tr -d '"')"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
ALL_IMAGES="${KUBE_IMAGES} ${CHART_IMAGES}"
|
||||||
|
|
||||||
|
for IMAGE in ${ALL_IMAGES}; do
|
||||||
|
docker inspect $IMAGE >/dev/null|| docker pull $IMAGE
|
||||||
|
done
|
Loading…
Reference in New Issue
Block a user