From ad133069aa3ae7e7976e4735e4d761c630a49a81 Mon Sep 17 00:00:00 2001 From: Gage Hugo Date: Thu, 31 Mar 2022 16:58:03 -0500 Subject: [PATCH] Remove kubeadm-aio As part of the move to helm v3, we migrated how we setup deploying kubernetes from a series of playbooks to using a bash script. This had the advantage of being easier to follow and deploy locally, as well as easier to debug when an issue arose. While the kubeadm-aio was very useful in the past to help lower run-times, currently it appears that optimizations in our jobs have seem to mitigate a lot of the issues that were lessened with the AIO. Change-Id: If0c6a97aed4083307a9b6f5beb4ec525e8103e01 --- roles/build-images/defaults/main.yml | 32 --- roles/build-images/tasks/kubeadm-aio.yaml | 98 ------- roles/build-images/tasks/main.yaml | 15 -- .../defaults/main.yml | 55 ---- .../tasks/clean-node.yaml | 69 ----- .../tasks/deploy-kubelet.yaml | 27 -- .../deploy-kubeadm-aio-common/tasks/main.yaml | 36 --- .../tasks/util-kubeadm-aio-run.yaml | 83 ------ .../deploy-kubeadm-aio-master/tasks/main.yaml | 31 --- .../deploy-kubeadm-aio-node/defaults/main.yml | 17 -- roles/deploy-kubeadm-aio-node/tasks/main.yaml | 51 ---- .../tasks/util-generate-join-command.yaml | 56 ---- .../tasks/util-run-join-command.yaml | 59 ----- tools/images/kubeadm-aio/Dockerfile | 119 --------- tools/images/kubeadm-aio/assets/entrypoint.sh | 134 ---------- .../assets/opt/charts/.placeholder | 0 .../assets/opt/playbooks/inventory.ini | 2 - .../opt/playbooks/kubeadm-aio-clean.yaml | 21 -- .../playbooks/kubeadm-aio-deploy-kubelet.yaml | 21 -- .../playbooks/kubeadm-aio-deploy-master.yaml | 20 -- .../playbooks/kubeadm-aio-deploy-node.yaml | 20 -- .../roles/clean-host/tasks/main.yaml | 62 ----- .../deploy-kubeadm-master/tasks/helm-cni.yaml | 142 ----------- .../tasks/helm-deploy.yaml | 89 ------- .../deploy-kubeadm-master/tasks/helm-dns.yaml | 71 ------ .../tasks/helm-keystone-auth.yaml | 102 -------- .../deploy-kubeadm-master/tasks/main.yaml | 240 ------------------ .../tasks/wait-for-kube-system-namespace.yaml | 25 -- .../templates/ca-config.json.j2 | 35 --- .../templates/certs.py.j2 | 28 -- .../templates/cluster-info.yaml.j2 | 18 -- .../templates/kubeadm-conf.yaml.j2 | 34 --- .../templates/webhook.kubeconfig.j2 | 16 -- .../roles/deploy-kubeadm-node/tasks/main.yaml | 40 --- .../roles/deploy-kubelet/tasks/hostname.yaml | 37 --- .../roles/deploy-kubelet/tasks/kubelet.yaml | 217 ---------------- .../roles/deploy-kubelet/tasks/main.yaml | 21 -- .../roles/deploy-kubelet/tasks/setup-dns.yaml | 62 ----- .../tasks/support-packages.yaml | 128 ---------- .../deploy-kubelet/templates/0-crio.conf.j2 | 2 - .../templates/10-kubeadm.conf.j2 | 13 - .../templates/kubelet-resolv.conf.j2 | 3 - .../templates/kubelet.service.j2 | 15 -- .../templates/osh-dns-redirector.yaml.j2 | 36 --- .../templates/resolv-upstream.conf.j2 | 4 - .../deploy-kubelet/templates/resolv.conf.j2 | 6 - .../roles/deploy-package/tasks/dist.yaml | 40 --- .../roles/deploy-package/tasks/pip.yaml | 11 - .../assets/opt/playbooks/vars.yaml | 57 ----- .../assets/usr/bin/test-kube-api.py | 19 -- .../assets/usr/bin/test-kube-pods-ready | 31 --- tools/images/kubeadm-aio/sources.list | 4 - 52 files changed, 2574 deletions(-) delete mode 100644 roles/build-images/defaults/main.yml delete mode 100644 roles/build-images/tasks/kubeadm-aio.yaml delete mode 100644 roles/build-images/tasks/main.yaml delete mode 100644 roles/deploy-kubeadm-aio-common/defaults/main.yml delete mode 100644 roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml delete mode 100644 roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml delete mode 100644 roles/deploy-kubeadm-aio-common/tasks/main.yaml delete mode 100644 roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml delete mode 100644 roles/deploy-kubeadm-aio-master/tasks/main.yaml delete mode 100644 roles/deploy-kubeadm-aio-node/defaults/main.yml delete mode 100644 roles/deploy-kubeadm-aio-node/tasks/main.yaml delete mode 100644 roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml delete mode 100644 roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml delete mode 100644 tools/images/kubeadm-aio/Dockerfile delete mode 100755 tools/images/kubeadm-aio/assets/entrypoint.sh delete mode 100644 tools/images/kubeadm-aio/assets/opt/charts/.placeholder delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/inventory.ini delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/ca-config.json.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/certs.py.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/cluster-info.yaml.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/webhook.kubeconfig.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/0-crio.conf.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet-resolv.conf.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet.service.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/osh-dns-redirector.yaml.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv-upstream.conf.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv.conf.j2 delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml delete mode 100644 tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml delete mode 100755 tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py delete mode 100755 tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready delete mode 100644 tools/images/kubeadm-aio/sources.list diff --git a/roles/build-images/defaults/main.yml b/roles/build-images/defaults/main.yml deleted file mode 100644 index bce90db07..000000000 --- a/roles/build-images/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -version: - kubernetes: v1.19.15 - helm: v2.17.0 - cni: v0.8.5 - -proxy: - http: null - https: null - noproxy: null - -images: - kubernetes: - kubeadm_aio: openstackhelm/kubeadm-aio:dev - -url: - google_kubernetes_repo: https://storage.googleapis.com/kubernetes-release/release/{{ version.kubernetes }}/bin/linux/amd64 - helm_repo: https://get.helm.sh - cni_repo: https://github.com/containernetworking/plugins/releases/download/{{ version.cni }} -... diff --git a/roles/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml deleted file mode 100644 index c652eb4d1..000000000 --- a/roles/build-images/tasks/kubeadm-aio.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: set zuul_site_mirror_fqdn from env var if not defined - when: zuul_site_mirror_fqdn is not defined - ignore_errors: True - set_fact: - zuul_site_mirror_fqdn: "{{ lookup('env','zuul_site_mirror_fqdn') }}" - -# NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is -# reolved, we build with a shell script to make use of the host network. -- name: Kubeadm-AIO build - block: - # NOTE(portdirect): we do this to ensure we are feeding the docker build - # a clean path to work with. - - name: Kubeadm-AIO image build path - shell: cd "{{ work_dir }}"; pwd - register: kubeadm_aio_path - # - name: build the Kubeadm-AIO image - # docker_image: - # path: "{{ kubeadm_aio_path.stdout }}/" - # name: "{{ images.kubernetes.kubeadm_aio }}" - # dockerfile: "tools/images/kubeadm-aio/Dockerfile" - # force: yes - # pull: yes - # state: present - # rm: yes - # buildargs: - # KUBE_VERSION: "{{ version.kubernetes }}" - # CNI_VERSION: "{{ version.cni }}" - # HELM_VERSION: "{{ version.helm }}" - # CHARTS: "calico,flannel,tiller,kube-dns" - - name: Kubeadm-AIO image build path with proxy - when: proxy.http - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns,kubernetes-keystone-webhook" \ - --build-arg GOOGLE_KUBERNETES_REPO_URL="{{ url.google_kubernetes_repo }}" \ - --build-arg GOOGLE_HELM_REPO_URL="{{ url.helm_repo }}" \ - --build-arg CNI_REPO_URL="{{ url.cni_repo }}" \ - --build-arg HTTP_PROXY="{{ proxy.http }}" \ - --build-arg HTTPS_PROXY="{{ proxy.https }}" \ - --build-arg NO_PROXY="{{ proxy.noproxy }}" \ - {% if zuul_site_mirror_fqdn is defined and zuul_site_mirror_fqdn %} - --build-arg UBUNTU_URL="http://{{ zuul_site_mirror_fqdn }}/ubuntu/" \ - --build-arg ALLOW_UNAUTHENTICATED="true" \ - --build-arg PIP_INDEX_URL="http://{{ zuul_site_mirror_fqdn }}/pypi/simple" \ - --build-arg PIP_TRUSTED_HOST="{{ zuul_site_mirror_fqdn }}" \ - {% endif %} - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash - - name: Kubeadm-AIO image build path - when: not proxy.http - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns,kubernetes-keystone-webhook" \ - --build-arg GOOGLE_KUBERNETES_REPO_URL="{{ url.google_kubernetes_repo }}" \ - --build-arg GOOGLE_HELM_REPO_URL="{{ url.helm_repo }}" \ - --build-arg CNI_REPO_URL="{{ url.cni_repo }}" \ - {% if zuul_site_mirror_fqdn is defined and zuul_site_mirror_fqdn %} - --build-arg UBUNTU_URL="http://{{ zuul_site_mirror_fqdn }}/ubuntu/" \ - --build-arg ALLOW_UNAUTHENTICATED="true" \ - --build-arg PIP_INDEX_URL="http://{{ zuul_site_mirror_fqdn }}/pypi/simple" \ - --build-arg PIP_TRUSTED_HOST="{{ zuul_site_mirror_fqdn }}" \ - {% endif %} - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash -... diff --git a/roles/build-images/tasks/main.yaml b/roles/build-images/tasks/main.yaml deleted file mode 100644 index cd8a2f372..000000000 --- a/roles/build-images/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- include: kubeadm-aio.yaml -... diff --git a/roles/deploy-kubeadm-aio-common/defaults/main.yml b/roles/deploy-kubeadm-aio-common/defaults/main.yml deleted file mode 100644 index 056c16cae..000000000 --- a/roles/deploy-kubeadm-aio-common/defaults/main.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -kubernetes_cluster_cni: calico -kubernetes_cluster_pod_subnet: 192.168.0.0/16 -kubernetes_cluster_domain: cluster.local -kubernetes_network_default_device: null -kubernetes_selfhosted: false -kubernetes_keystone_auth: false - -images: - kubernetes: - kubeadm_aio: openstackhelm/kubeadm-aio:dev - -nodes: - labels: - primary: - - name: openstack-helm-node-class - value: primary - nodes: - - name: openstack-helm-node-class - value: general - all: - - name: openstack-control-plane - value: enabled - - name: openstack-compute-node - value: enabled - - name: openvswitch - value: enabled - - name: linuxbridge - value: enabled - - name: ceph-mon - value: enabled - - name: ceph-osd - value: enabled - - name: ceph-mds - value: enabled - - name: ceph-rgw - value: enabled - - name: ceph-mgr - value: enabled - -gate_fqdn_test: false -gate_fqdn_tld: openstackhelm.test -... diff --git a/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml deleted file mode 100644 index 23efe7218..000000000 --- a/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: master - vars: - kubeadm_aio_action: clean-host - block: - - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes_cluster_cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes_cluster_pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes_cluster_domain }}" - CONTAINER_RUNTIME=docker - register: kubeadm_master_deploy - ignore_errors: True - rescue: - - name: getting logs from kubeadm-aio container - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: dumping logs from kubeadm-aio container - debug: - var: out.stdout_lines - - name: exiting if the kubeadm deploy failed - command: exit 1 - always: - - name: removing kubeadm-aio container - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent -... diff --git a/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml deleted file mode 100644 index e5c9e9094..000000000 --- a/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - ---- -- name: setting node labels - vars: - kubeadm_kubelet_labels_node: - - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}" - - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}" - set_fact: - kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}" - -- name: deploy-kubelet - vars: - kubeadm_aio_action: deploy-kubelet - include: util-kubeadm-aio-run.yaml -... diff --git a/roles/deploy-kubeadm-aio-common/tasks/main.yaml b/roles/deploy-kubeadm-aio-common/tasks/main.yaml deleted file mode 100644 index cf605e99d..000000000 --- a/roles/deploy-kubeadm-aio-common/tasks/main.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: setting playbook facts - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kubernetes_default_device: "{{ ansible_default_ipv4.alias }}" - kubernetes_default_address: null - primary_node_default_ip: "{{ hostvars[(groups['primary'][0])]['ansible_default_ipv4']['address'] }}" - -- name: if we have defined a custom interface for kubernetes use that - when: kubernetes_network_default_device is defined and kubernetes_network_default_device - set_fact: - kubernetes_default_device: "{{ kubernetes_network_default_device }}" - -- name: if we are in openstack infra use the private IP for kubernetes - when: (nodepool is defined) and (nodepool.private_ipv4 is defined) - set_fact: - kubernetes_default_address: "{{ nodepool.private_ipv4 }}" - -- include: clean-node.yaml - -- include: deploy-kubelet.yaml -... diff --git a/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml deleted file mode 100644 index f14bfd79e..000000000 --- a/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: Run Kubeadm-AIO container - vars: - kubeadm_aio_action: null - kubeadm_kubelet_labels: "" - block: - - name: "performing {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - KUBE_BIND_ADDR="{{ kubernetes_default_address }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes_cluster_cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes_cluster_pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes_cluster_domain }}" - CONTAINER_RUNTIME=docker - KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}" - KUBE_SELF_HOSTED="{{ kubernetes_selfhosted }}" - KUBE_KEYSTONE_AUTH="{{ kubernetes_keystone_auth }}" - GATE_FQDN_TEST="{{ gate_fqdn_test }}" - GATE_FQDN_TLD="{{ gate_fqdn_tld }}" - GATE_INGRESS_IP="{{ primary_node_default_ip }}" - register: kubeadm_master_deploy - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: out.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent - - name: add labels to namespaces - command: kubectl label --overwrite namespace {{ item }} name={{ item }} - with_items: - - default - - kube-system - - kube-public - ignore_errors: True -... diff --git a/roles/deploy-kubeadm-aio-master/tasks/main.yaml b/roles/deploy-kubeadm-aio-master/tasks/main.yaml deleted file mode 100644 index aeb3c89d6..000000000 --- a/roles/deploy-kubeadm-aio-master/tasks/main.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: deploying kubernetes on master node - vars: - kubeadm_aio_action: deploy-kube - include_role: - name: deploy-kubeadm-aio-common - tasks_from: util-kubeadm-aio-run -... diff --git a/roles/deploy-kubeadm-aio-node/defaults/main.yml b/roles/deploy-kubeadm-aio-node/defaults/main.yml deleted file mode 100644 index 8497dc8cb..000000000 --- a/roles/deploy-kubeadm-aio-node/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -images: - kubernetes: - kubeadm_aio: openstackhelm/kubeadm-aio:dev -... diff --git a/roles/deploy-kubeadm-aio-node/tasks/main.yaml b/roles/deploy-kubeadm-aio-node/tasks/main.yaml deleted file mode 100644 index b1c635890..000000000 --- a/roles/deploy-kubeadm-aio-node/tasks/main.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kube_master: "{{ groups['primary'][0] }}" - kube_worker: "{{ inventory_hostname }}" - kube_node_hostname: "{{ ansible_fqdn }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: generating the kubeadm join command for the node - include: util-generate-join-command.yaml - delegate_to: "{{ kube_master }}" - -- name: joining node to kubernetes cluster - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}" - include: util-run-join-command.yaml - -# FIXME(portdirect): running as root for now to unblock the gates, though this -# runs ok under ansible 2.5.4 locally without privileges -- name: waiting for node to be ready - delegate_to: "{{ kube_master }}" - become: true - become_user: root - shell: kubectl get node "{{ kube_node_hostname }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}" || echo "Not registered yet" - environment: - KUBECONFIG: '/etc/kubernetes/admin.conf' - register: task_result - until: task_result.stdout == 'Ready' - retries: 120 - delay: 5 -... diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml deleted file mode 100644 index a99b909e3..000000000 --- a/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: generate the kubeadm join command for nodes - vars: - kubeadm_aio_action: generate-join-cmd - kubeadm_cluster_join_ttl: 30m - kube_worker: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - network_mode: host - volumes: - - /etc/kubernetes:/etc/kubernetes:ro - env: - ACTION=generate-join-cmd - TTL="{{ kubeadm_cluster_join_ttl }}" - register: kubeadm_generate_join_command - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_action_logs - - name: storing cluster join command - set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout | regex_search('kubeadm join.*') }}" - rescue: - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: kubeadm_aio_action_logs.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - state: absent -... diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml deleted file mode 100644 index ee78b7b31..000000000 --- a/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: master - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}" - register: kubeadm_aio_join_container - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_join_container_output - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}" - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent -... diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile deleted file mode 100644 index c69d05aa4..000000000 --- a/tools/images/kubeadm-aio/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM docker.io/ubuntu:bionic -MAINTAINER pete.birley@att.com - -ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/ -ARG ALLOW_UNAUTHENTICATED=false -ARG PIP_INDEX_URL=https://pypi.python.org/simple/ -ARG PIP_TRUSTED_HOST=pypi.python.org -ENV PIP_INDEX_URL=${PIP_INDEX_URL} -ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST} - -COPY ./tools/images/kubeadm-aio/sources.list /etc/apt/ -RUN sed -i \ - -e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \ - /etc/apt/sources.list ;\ - echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\ -Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\ -Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \ - >> /etc/apt/apt.conf.d/allow-unathenticated - -ARG GOOGLE_KUBERNETES_REPO_URL=https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64 -ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL} - -ARG HELM_REPO_URL=https://get.helm.sh -ENV HELM_REPO_URL ${HELM_REPO_URL} - -ARG KUBE_VERSION="v1.19.15" -ENV KUBE_VERSION ${KUBE_VERSION} - -ARG CNI_VERSION="v0.8.5" -ENV CNI_VERSION ${CNI_VERSION} - -ARG CNI_REPO_URL=https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION -ENV CNI_REPO_URL ${CNI_REPO_URL} - -ARG HELM_VERSION="v2.17.0" -ENV HELM_VERSION ${HELM_VERSION} - -ARG CHARTS="calico,flannel,tiller,kube-dns,kubernetes-keystone-webhook" -ENV CHARTS ${CHARTS} - -ARG HTTP_PROXY="" -ENV HTTP_PROXY ${HTTP_PROXY} -ENV http_proxy ${HTTP_PROXY} - -ARG HTTPS_PROXY="" -ENV HTTPS_PROXY ${HTTPS_PROXY} -ENV https_proxy ${HTTPS_PROXY} - -ARG NO_PROXY="127.0.0.1,localhost,.svc.cluster.local" -ENV NO_PROXY ${NO_PROXY} -ENV no_proxy ${NO_PROXY} - -ENV container="docker" \ - DEBIAN_FRONTEND="noninteractive" \ - CNI_BIN_DIR="/opt/cni/bin" - -RUN set -ex ;\ - apt-get update ;\ - apt-get upgrade -y ;\ - apt-get install -y --no-install-recommends \ - bash \ - ca-certificates \ - curl \ - jq \ - python3-pip \ - gawk ;\ - pip3 --no-cache-dir install --upgrade pip==21.0.1 ;\ - hash -r ;\ - pip3 --no-cache-dir install --upgrade setuptools ;\ - # NOTE(srwilkers): Pinning ansible to 2.5.5, as pip installs 2.6 by default. - # 2.6 introduces a new command flag (init) for the docker_container module - # that is incompatible with what we have currently. 2.5.5 ensures we match - # what's deployed in the gates - pip3 --no-cache-dir install --upgrade \ - requests \ - docker \ - kubernetes \ - "ansible==2.5.5" ;\ - for BINARY in kubectl kubeadm; do \ - curl -sSL -o /usr/bin/${BINARY} \ - ${GOOGLE_KUBERNETES_REPO_URL}/${BINARY} ;\ - chmod +x /usr/bin/${BINARY} ;\ - done ;\ - mkdir -p /opt/assets/usr/bin ;\ - curl -sSL -o /opt/assets/usr/bin/kubelet \ - ${GOOGLE_KUBERNETES_REPO_URL}/kubelet ;\ - chmod +x /opt/assets/usr/bin/kubelet ;\ - mkdir -p /opt/assets${CNI_BIN_DIR} ;\ - curl -sSL ${CNI_REPO_URL}/cni-plugins-linux-amd64-$CNI_VERSION.tgz | \ - tar -zxv --strip-components=1 -C /opt/assets${CNI_BIN_DIR} ;\ - TMP_DIR=$(mktemp -d) ;\ - curl -sSL ${HELM_REPO_URL}/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} ;\ - mv ${TMP_DIR}/helm /usr/bin/helm ;\ - rm -rf ${TMP_DIR} ;\ - apt-get purge -y --auto-remove \ - curl ;\ - rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache - -COPY ./ /tmp/source -RUN set -ex ;\ - cp -rfav /tmp/source/tools/images/kubeadm-aio/assets/* / ;\ - IFS=','; for CHART in $CHARTS; do \ - mv -v /tmp/source/${CHART} /opt/charts/; \ - done ;\ - rm -rf /tmp/source - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/tools/images/kubeadm-aio/assets/entrypoint.sh b/tools/images/kubeadm-aio/assets/entrypoint.sh deleted file mode 100755 index 8a005608f..000000000 --- a/tools/images/kubeadm-aio/assets/entrypoint.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/env bash - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e -if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then -: ${TTL:="10m"} -DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')" -DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')" -API_SERVER=$(cat /etc/kubernetes/admin.conf | python3 -c "import sys, yaml; print(yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop())") -exec echo "kubeadm join \ ---token ${DISCOVERY_TOKEN} \ ---discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \ -${API_SERVER}" -elif [ "x${ACTION}" == "xjoin-kube" ]; then - exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-node.yaml \ - --inventory=/opt/playbooks/inventory.ini \ - --extra-vars="kubeadm_join_command=\"${KUBEADM_JOIN_COMMAND}\"" -fi - -: ${ACTION:="deploy-kube"} -: ${CONTAINER_NAME:="null"} -: ${CONTAINER_RUNTIME:="docker"} -: ${CNI_ENABLED:="calico"} -: ${CNI_HOST_IP:="10.96.232.136"} -: ${NET_SUPPORT_LINUXBRIDGE:="true"} -: ${PVC_SUPPORT_CEPH:="false"} -: ${PVC_SUPPORT_NFS:="false"} -: ${HELM_TILLER_IMAGE:="ghcr.io/helm/tiller:${HELM_VERSION}"} -: ${KUBE_VERSION:="${KUBE_VERSION}"} -: ${KUBE_IMAGE_REPO:="k8s.gcr.io"} -: ${KUBE_API_BIND_PORT:="6443"} -: ${KUBE_NET_DNS_DOMAIN:="cluster.local"} -: ${KUBE_NET_POD_SUBNET:="192.168.0.0/16"} -: ${KUBE_NET_SUBNET_SUBNET:="10.96.0.0/12"} -: ${KUBE_BIND_DEVICE:=""} -: ${KUBE_BIND_ADDR:=""} -: ${KUBE_API_BIND_DEVICE:="${KUBE_BIND_DEVICE}"} -: ${KUBE_API_BIND_ADDR:="${KUBE_BIND_ADDR}"} -: ${KUBE_CERTS_DIR:="/etc/kubernetes/pki"} -: ${KUBE_SELF_HOSTED:="false"} -: ${KUBE_KEYSTONE_AUTH:="false"} -: ${KUBELET_NODE_LABELS:=""} -: ${GATE_FQDN_TEST:="false"} -: ${GATE_INGRESS_IP:="127.0.0.1"} -: ${GATE_FQDN_TLD:="openstackhelm.test"} - -PLAYBOOK_VARS="{ - \"my_container_name\": \"${CONTAINER_NAME}\", - \"user\": { - \"uid\": ${USER_UID}, - \"gid\": ${USER_GID}, - \"home\": \"${USER_HOME}\" - }, - \"cluster\": { - \"cni\": \"${CNI_ENABLED}\", - \"cni_host_ip\": \"${CNI_HOST_IP}\" - }, - \"kubelet\": { - \"container_runtime\": \"${CONTAINER_RUNTIME}\", - \"net_support_linuxbridge\": ${NET_SUPPORT_LINUXBRIDGE}, - \"pv_support_nfs\": ${PVC_SUPPORT_NFS}, - \"pv_support_ceph\": ${PVC_SUPPORT_CEPH} - }, - \"helm\": { - \"tiller_image\": \"${HELM_TILLER_IMAGE}\" - }, - \"k8s\": { - \"kubernetesVersion\": \"${KUBE_VERSION}\", - \"imageRepository\": \"${KUBE_IMAGE_REPO}\", - \"certificatesDir\": \"${KUBE_CERTS_DIR}\", - \"selfHosted\": \"${KUBE_SELF_HOSTED}\", - \"keystoneAuth\": \"${KUBE_KEYSTONE_AUTH}\", - \"api\": { - \"bindPort\": ${KUBE_API_BIND_PORT} - }, - \"networking\": { - \"dnsDomain\": \"${KUBE_NET_DNS_DOMAIN}\", - \"podSubnet\": \"${KUBE_NET_POD_SUBNET}\", - \"serviceSubnet\": \"${KUBE_NET_SUBNET_SUBNET}\" - } - }, - \"gate\": { - \"fqdn_testing\": \"${GATE_FQDN_TEST}\", - \"ingress_ip\": \"${GATE_INGRESS_IP}\", - \"fqdn_tld\": \"${GATE_FQDN_TLD}\" - } -}" - -set -x -if [ "x${ACTION}" == "xdeploy-kubelet" ]; then - - if [ "x${KUBE_BIND_ADDR}" != "x" ]; then - PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_addr\": \"${KUBE_BIND_ADDR}\"}") - elif [ "x${KUBE_BIND_DEVICE}" != "x" ]; then - PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"bind_device\": \"${KUBE_BIND_DEVICE}\"}") - fi - - if [ "x${KUBELET_NODE_LABELS}" != "x" ]; then - PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".kubelet += {\"kubelet_labels\": \"${KUBELET_NODE_LABELS}\"}") - fi - - exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-kubelet.yaml \ - --inventory=/opt/playbooks/inventory.ini \ - --inventory=/opt/playbooks/vars.yaml \ - --extra-vars="${PLAYBOOK_VARS}" -elif [ "x${ACTION}" == "xdeploy-kube" ]; then - if [ "x${KUBE_API_BIND_ADDR}" != "x" ]; then - PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddress\": \"${KUBE_API_BIND_ADDR}\"}") - elif [ "x${KUBE_API_BIND_DEVICE}" != "x" ]; then - PLAYBOOK_VARS=$(echo $PLAYBOOK_VARS | jq ".k8s.api += {\"advertiseAddressDevice\": \"${KUBE_API_BIND_DEVICE}\"}") - fi - exec ansible-playbook /opt/playbooks/kubeadm-aio-deploy-master.yaml \ - --inventory=/opt/playbooks/inventory.ini \ - --inventory=/opt/playbooks/vars.yaml \ - --extra-vars="${PLAYBOOK_VARS}" -elif [ "x${ACTION}" == "xclean-host" ]; then - exec ansible-playbook /opt/playbooks/kubeadm-aio-clean.yaml \ - --inventory=/opt/playbooks/inventory.ini \ - --inventory=/opt/playbooks/vars.yaml \ - --extra-vars="${PLAYBOOK_VARS}" -else - exec ${ACTION} -fi diff --git a/tools/images/kubeadm-aio/assets/opt/charts/.placeholder b/tools/images/kubeadm-aio/assets/opt/charts/.placeholder deleted file mode 100644 index e69de29bb..000000000 diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/inventory.ini b/tools/images/kubeadm-aio/assets/opt/playbooks/inventory.ini deleted file mode 100644 index 3d9caf368..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/inventory.ini +++ /dev/null @@ -1,2 +0,0 @@ -[node] -/mnt/rootfs ansible_connection=chroot diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml deleted file mode 100644 index db6d37e23..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- hosts: all - gather_facts: True - become: yes - roles: - - clean-host - tags: - - clean-host -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml deleted file mode 100644 index 3e74e8a91..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- hosts: all - gather_facts: True - become: yes - roles: - - deploy-kubelet - tags: - - deploy-kubelet -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml deleted file mode 100644 index d085eefe5..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- hosts: all - become: yes - roles: - - deploy-kubeadm-master - tags: - - deploy-kubeadm-master -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml deleted file mode 100644 index 48e2a5684..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- hosts: all - become: yes - roles: - - deploy-kubeadm-node - tags: - - deploy-kubeadm-node -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml deleted file mode 100644 index 0782846f1..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - ---- -- name: clean | kube | remove config - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/kubernetes - -- name: clean | kube | stop kubelet service - ignore_errors: yes - systemd: - name: kubelet - state: stopped - enabled: no - masked: no - -- name: clean | kube | removing any old docker containers - ignore_errors: yes - shell: MY_CONTAINER_ID=$(docker inspect --format {% raw %}'{{ .Id }}'{% endraw %} "{{ my_container_name }}"); docker ps --all --no-trunc --quiet | awk '!'"/${MY_CONTAINER_ID}/ { print \$1 }" | xargs -r -l1 -P16 docker rm -f - args: - executable: /bin/bash - -- name: clean | kube | remove any mounts - ignore_errors: yes - shell: |- - for MOUNT in $(findmnt --df --output TARGET | grep "^/var/lib/kubelet"); do - umount --force $MOUNT - done - args: - executable: /bin/bash - -- name: clean | kube | remove dirs - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/kubernetes - - /etc/cni/net.d - - /etc/systemd/system/kubelet.service - - /etc/systemd/system/kubelet.service.d - - /var/lib/kubelet - - /var/lib/etcd - - /var/etcd - - /opt/cni/bin - -- name: clean | kube | reload systemd - systemd: - daemon_reload: yes -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml deleted file mode 100644 index fe101e641..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml +++ /dev/null @@ -1,142 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: setting up bootstrap tiller - block: - - name: pull the helm tiller Image - become: true - become_user: root - docker_image: - pull: true - name: "{{ helm.tiller_image }}" - - name: deploying bootstrap tiller - become: true - become_user: root - docker_container: - name: "helm-tiller" - image: "{{ helm.tiller_image }}" - state: started - detach: true - recreate: yes - network_mode: host - user: root - volumes: - - /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro - env: - KUBECONFIG=/etc/kubernetes/admin.conf - register: kubeadm_aio_tiller_container - ignore_errors: True - - name: wait for tiller to be ready - delegate_to: 127.0.0.1 - command: helm version --server - environment: - HELM_HOST: 'localhost:44134' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - -- name: kubeadm | cni | get default mtu - block: - - name: getting default route device mtu - shell: echo $(cat /sys/class/net/$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')/mtu) - args: - executable: /bin/bash - register: cni_default_device_mtu - -- name: Generate self-signed certificates - when: cluster.cni == 'calico' - delegate_to: 127.0.0.1 - block: - - name: Get cfssl - get_url: - url: "https://pkg.cfssl.org/R1.2/{{ item }}_linux-amd64" - dest: "/usr/local/bin/{{ item }}" - mode: 744 - with_items: - - cfssl - - cfssljson - - name: Add ca-config - template: - src: ca-config.json.j2 - dest: /etc/kubernetes/pki/calico/ca-config.json - - name: Copy CA - copy: - src: /etc/kubernetes/pki/{{ item }} - dest: /etc/kubernetes/pki/calico/{{ item }} - with_items: - - ca.crt - - ca.key - - name: Prepare certificates for Calico - shell: | - echo '{"CN":"server","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.crt -ca-key=ca.key -config=ca-config.json -profile=server -hostname="{{ cluster.cni_host_ip }},127.0.0.1,localhost" - | cfssljson -bare server - echo '{"CN":"client","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.crt -ca-key=ca.key -config=ca-config.json -profile=client - | cfssljson -bare client - args: - chdir: /etc/kubernetes/pki/calico - executable: /bin/bash - - name: Add script file - template: - src: certs.py.j2 - dest: /etc/kubernetes/pki/calico/certs.py - - - name: Create yaml file - shell: python3 /etc/kubernetes/pki/calico/certs.py - args: - executable: /bin/bash - chdir: /etc/kubernetes/pki/calico - -- name: kubeadm | cni | calico - when: cluster.cni == 'calico' - delegate_to: 127.0.0.1 - block: - - name: kubeadm | cni | calico | label node - command: kubectl label --overwrite nodes {{ kubeadm_node_hostname }} node-role.kubernetes.io/master= - environment: - KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - - name: kubeadm | cni | calico - command: helm install /opt/charts/calico --name calico --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --set conf.node.IP_AUTODETECTION_METHOD="can-reach={% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}" --set networking.mtu="{{ cni_default_device_mtu.stdout }}" --values="/etc/kubernetes/pki/calico/calico_certs.yaml" --set monitoring.prometheus.calico_node.port="{{ calico.prometheus_port }}" --wait --timeout=600 - environment: - HELM_HOST: 'localhost:44134' - - name: kubeadm | cni | calico - command: helm status calico - environment: - HELM_HOST: 'localhost:44134' - register: kubeadm_helm_cni_status - - name: kubeadm | cni | status - debug: - msg: "{{ kubeadm_helm_cni_status.stdout_lines }}" - -- name: kubeadm | cni | flannel - when: cluster.cni == 'flannel' - delegate_to: 127.0.0.1 - block: - - name: kubeadm | cni | flannel - command: helm install /opt/charts/flannel --name flannel --namespace kube-system --set networking.podSubnet="{{ k8s.networking.podSubnet }}" --wait --timeout=600 - environment: - HELM_HOST: 'localhost:44134' - - name: kubeadm | cni | flannel - command: helm status flannel - environment: - HELM_HOST: 'localhost:44134' - register: kubeadm_helm_cni_status - - name: kubeadm | cni | status - debug: - msg: "{{ kubeadm_helm_cni_status.stdout_lines }}" - -- name: "removing bootstrap tiller container" - become: true - become_user: root - docker_container: - name: "helm-tiller" - state: absent -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml deleted file mode 100644 index e784bd17f..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: setting up bootstrap tiller - block: - - name: pull the helm tiller Image - become: true - become_user: root - docker_image: - pull: true - name: "{{ helm.tiller_image }}" - - name: deploying bootstrap tiller - become: true - become_user: root - docker_container: - name: "helm-tiller" - image: "{{ helm.tiller_image }}" - state: started - detach: true - recreate: yes - network_mode: host - user: root - volumes: - - /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro - env: - KUBECONFIG: /etc/kubernetes/admin.conf - register: kubeadm_aio_tiller_container - ignore_errors: True - - name: wait for tiller to be ready - delegate_to: 127.0.0.1 - command: helm version --server - environment: - HELM_HOST: 'localhost:44134' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - -- name: ensure tiller release installed - delegate_to: 127.0.0.1 - block: - - name: install tiller release - command: helm install /opt/charts/tiller --name tiller --namespace kube-system --set monitoring.prometheus.enabled=true --wait - environment: - HELM_HOST: 'localhost:44134' - - name: get the status for tiller release - command: helm status tiller - environment: - HELM_HOST: 'localhost:44134' - register: kubeadm_helm_cni_status - - name: display the status for tiller release - debug: - msg: "{{ kubeadm_helm_cni_status }}" - -- name: "removing bootstrap tiller container" - become: true - become_user: root - docker_container: - name: "helm-tiller" - state: absent - -- name: setting up helm client on host - block: - - name: copying helm binary to host - become: true - become_user: root - copy: - src: /usr/bin/helm - dest: /usr/bin/helm - owner: root - group: root - mode: 365 - - name: setting up helm client for user - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - command: helm init --client-only --skip-refresh --stable-repo-url "https://charts.helm.sh/stable" -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml deleted file mode 100644 index ebcd913cf..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: setting up bootstrap tiller - block: - - name: pull the helm tiller Image - become: true - become_user: root - docker_image: - pull: true - name: "{{ helm.tiller_image }}" - - name: deploying bootstrap tiller - become: true - become_user: root - docker_container: - name: "helm-tiller" - image: "{{ helm.tiller_image }}" - state: started - detach: true - recreate: yes - network_mode: host - user: root - volumes: - - /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro - env: - KUBECONFIG=/etc/kubernetes/admin.conf - register: kubeadm_aio_tiller_container - ignore_errors: True - - name: wait for tiller to be ready - delegate_to: 127.0.0.1 - command: helm version --server - environment: - HELM_HOST: 'localhost:44134' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - -- name: kubeadm | dns - delegate_to: 127.0.0.1 - block: - - name: kubeadm | dns - command: "helm install /opt/charts/kube-dns --name kube-dns --namespace kube-system --set networking.dnsDomain={{ k8s.networking.dnsDomain }} --wait" - environment: - HELM_HOST: 'localhost:44134' - - name: kubeadm | dns - command: helm status kube-dns - environment: - HELM_HOST: 'localhost:44134' - register: kubeadm_helm_dns_status - - name: kubeadm | dns - debug: - msg: "{{ kubeadm_helm_dns_status }}" - -- name: "removing bootstrap tiller container" - become: true - become_user: root - docker_container: - name: "helm-tiller" - state: absent -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml deleted file mode 100644 index 1041037c2..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: setting up bootstrap tiller - block: - - name: pull the helm tiller Image - become: true - become_user: root - docker_image: - pull: true - name: "{{ helm.tiller_image }}" - - name: deploying bootstrap tiller - become: true - become_user: root - docker_container: - name: "helm-tiller" - image: "{{ helm.tiller_image }}" - state: started - detach: true - recreate: yes - network_mode: host - user: root - volumes: - - /etc/kubernetes/admin.conf:/etc/kubernetes/admin.conf:ro - env: - KUBECONFIG=/etc/kubernetes/admin.conf - register: kubeadm_aio_tiller_container - ignore_errors: True - - name: wait for tiller to be ready - delegate_to: 127.0.0.1 - command: helm version --server - environment: - HELM_HOST: 'localhost:44134' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - -- name: kubeadm | get certs - block: - - name: kubeadm | get kubeapi cert - shell: cat /etc/kubernetes/pki/apiserver.crt - register: kubeadm_kubeapi_cert - - name: kubeadm | get kubeapi key - shell: cat /etc/kubernetes/pki/apiserver.key - register: kubeadm_kubeapi_key - -- name: kubeadm | keystone auth - delegate_to: 127.0.0.1 - block: - - name: kubeadm | keystone auth - command: "helm upgrade --install kubernetes-keystone-webhook /opt/charts/kubernetes-keystone-webhook --namespace=kube-system --set endpoints.identity.namespace=openstack --set endpoints.kubernetes.auth.api.tls.crt='{{ kubeadm_kubeapi_cert.stdout }}' --set endpoints.kubernetes.auth.api.tls.key='{{ kubeadm_kubeapi_key.stdout }}'" - environment: - HELM_HOST: 'localhost:44134' - - name: kubeadm | keystone auth - command: helm status kubernetes-keystone-webhook - environment: - HELM_HOST: 'localhost:44134' - register: kubeadm_helm_keystone_status - - name: kubeadm | keystone auth - debug: - msg: "{{ kubeadm_helm_keystone_status }}" - -- name: kubeadm | setup api server for keystone - block: - - name: kubeadm | copying webhook config to host - become: true - become_user: root - template: - src: webhook.kubeconfig.j2 - dest: /etc/kubernetes/pki/webhook.kubeconfig - mode: 416 - - name: kubeadm | configuring api server - become: true - become_user: root - shell: | - # TODO(lamt): Clean up this way of restarting the kube-apiserver. Preferably, - # the setting is in place when the kube-apiserver comes up. Currently, the - # kube-apiserver does not start whenever the webhook fails. - cat /etc/kubernetes/manifests/kube-apiserver.yaml > /tmp/kube-apiserver.yaml - sed -i '/etcd-keyfile/a \ \ \ \ -\ --authentication-token-webhook-config-file=/etc/kubernetes/pki/webhook.kubeconfig\n \ \ \ \- --authorization-webhook-config-file=/etc/kubernetes/pki/webhook.kubeconfig' /tmp/kube-apiserver.yaml - sed -i -e 's/Node,RBAC/Node,Webhook,RBAC/g' /tmp/kube-apiserver.yaml - sed -i '/hostNetwork: true/a\ \ dnsPolicy: ClusterFirstWithHostNet' /tmp/kube-apiserver.yaml - mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml - -- name: "removing bootstrap tiller container" - become: true - become_user: root - docker_container: - name: "helm-tiller" - state: absent -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml deleted file mode 100644 index e507f7e70..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml +++ /dev/null @@ -1,240 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: storing node hostname - set_fact: - kubeadm_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}" - -- name: deploy config file and make dir structure - block: - - name: setup directorys on host - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/kubernetes - - /etc/kubernetes/pki - - /etc/kubernetes/pki/calico - - name: generating initial admin token - delegate_to: 127.0.0.1 - command: /usr/bin/kubeadm token generate - register: kubeadm_bootstrap_token - - name: storing initial admin token - set_fact: - kubeadm_bootstrap_token: "{{ kubeadm_bootstrap_token.stdout }}" - - name: kubelet | copying config to host - template: - src: kubeadm-conf.yaml.j2 - dest: /etc/kubernetes/kubeadm-conf.yaml - mode: 416 - -- name: generating certs - delegate_to: 127.0.0.1 - block: - - name: master | deploy | certs | etcd-ca - command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | etcd-server - command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | etcd-peer - command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | etcd-healthcheck-client - command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | ca - command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | apiserver - command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | apiserver-etcd-client - command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | apiserver-kubelet-client - command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | sa - command: kubeadm init phase certs sa - - name: master | deploy | certs | front-proxy-ca - command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | certs | front-proxy-client - command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: generating kubeconfigs - delegate_to: 127.0.0.1 - block: - - name: master | deploy | kubeconfig | admin - command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | kubeconfig | kubelet - command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | kubeconfig | controller-manager - command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | kubeconfig | scheduler - command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: generating etcd static manifest - delegate_to: 127.0.0.1 - command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: generating controlplane static manifests - delegate_to: 127.0.0.1 - block: - - name: master | deploy | controlplane | apiserver - command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | controlplane | controller-manager - command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - - name: master | deploy | controlplane | scheduler - command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: wait for kube components - delegate_to: 127.0.0.1 - block: - - name: wait for kube api - shell: python3 /usr/bin/test-kube-api.py - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - environment: - KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - args: - executable: /bin/bash - - name: wait for node to come online - shell: kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '\(^Ready\)\|\(^NotReady\)' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - environment: - KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - args: - executable: /bin/bash - - include_tasks: wait-for-kube-system-namespace.yaml - -- name: deploying kube-proxy - delegate_to: 127.0.0.1 - command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- include_tasks: helm-cni.yaml - -- name: wait for kube components - delegate_to: 127.0.0.1 - block: - - name: wait for node to be ready - shell: kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '^Ready' - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - environment: - KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - args: - executable: /bin/bash - - include_tasks: wait-for-kube-system-namespace.yaml - -- include_tasks: helm-dns.yaml -- include_tasks: helm-keystone-auth.yaml - when: k8s.keystoneAuth|bool == true -- include_tasks: helm-deploy.yaml - -- name: uploading kubeadm config - delegate_to: 127.0.0.1 - command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: uploading kubelet config - delegate_to: 127.0.0.1 - command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: generating bootstrap-token objects - delegate_to: 127.0.0.1 - block: - - name: master | deploy | bootstrap-token - command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf - -- name: generating bootstrap-token objects - delegate_to: 127.0.0.1 - block: - - name: check if kube-public namespace exists - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf get ns kube-public - register: kube_public_ns_exists - ignore_errors: True - - name: create kube-public namespace if required - when: kube_public_ns_exists is failed - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create ns kube-public - - name: sourcing kube cluster admin credentials - include_vars: /etc/kubernetes/admin.conf - - name: creating cluster-info configmap manifest on host - template: - src: cluster-info.yaml.j2 - dest: /etc/kubernetes/cluster-info.yaml - mode: 420 - - name: removing any pre-existing cluster-info configmap - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf delete -f /etc/kubernetes/cluster-info.yaml --ignore-not-found - - name: creating cluster-info configmap - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create -f /etc/kubernetes/cluster-info.yaml - - name: removing cluster-info configmap manifest from host - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/kubernetes/cluster-info.yaml - - - name: check if kube-public configmap role exists - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get role system:bootstrap-signer-clusterinfo - register: kube_public_configmap_role_exists - ignore_errors: True - - name: create kube-public configmap role if required - when: kube_public_configmap_role_exists is failed - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create role system:bootstrap-signer-clusterinfo --verb get --resource configmaps - - - name: check if kube-public configmap rolebinding exists - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get rolebinding kubeadm:bootstrap-signer-clusterinfo - register: kube_public_configmap_rolebinding_exists - ignore_errors: True - - name: create kube-public configmap rolebinding if required - when: kube_public_configmap_rolebinding_exists is failed - command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create rolebinding kubeadm:bootstrap-signer-clusterinfo --role system:bootstrap-signer-clusterinfo --user system:anonymous - -- name: adding labels to namespace to support network policy - delegate_to: 127.0.0.1 - command: kubectl --kubeconfig=/mnt/rootfs/etc/kubernetes/admin.conf label --overwrite namespace {{ item }} name={{ item }} - with_items: - - default - - kube-system - - kube-public - -- name: converting the cluster to be selfhosted - when: k8s.selfHosted|bool == true - delegate_to: 127.0.0.1 - command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - -- name: setting up kubectl client and kubeadm on host - block: - - name: kubectl | copying kubectl binary to host - copy: - src: "/usr/bin/{{ item }}" - dest: "/usr/bin/{{ item }}" - owner: root - group: root - mode: 365 - with_items: - - kubectl - - kubeadm - - name: kubectl | master | ensure kube config directory exists for user - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ vars.user.home }}/.kube" - - name: kubectl | master | deploy kube config file for user - copy: - src: /mnt/rootfs/etc/kubernetes/admin.conf - dest: "{{ vars.user.home }}/.kube/config" - owner: "{{ vars.user.uid }}" - group: "{{ vars.user.gid }}" - mode: 384 -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml deleted file mode 100644 index db92b84f1..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- name: wait for kube pods to all be running in kube-system namespace - delegate_to: 127.0.0.1 - shell: /usr/bin/test-kube-pods-ready kube-system - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - environment: - KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf' - args: - executable: /bin/bash -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/ca-config.json.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/ca-config.json.j2 deleted file mode 100644 index 9dc5d1a36..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/ca-config.json.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "8760h" - }, - "profiles": { - "server": { - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - }, - "client": { - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment", - "client auth" - ] - }, - "peer": { - "expiry": "8760h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - } - } - } -} diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/certs.py.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/certs.py.j2 deleted file mode 100644 index f92519376..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/certs.py.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/python - -import yaml - -data = {'server': '', - 'server-key': '', - 'client': '', - 'client-key': ''} - -for i in data.keys(): - with open('{}.pem'.format(i)) as f: - data[i] = f.read() -with open('ca.crt') as f: - data['ca'] = f.read() - -res = {'endpoints': {'etcd': {'auth': {'client': {'tls': ''}}, - 'scheme': {'default': 'https'}}}, - 'conf': {'etcd': {'credentials': ''}}} - -res['endpoints']['etcd']['auth']['client']['tls'] = {'ca': data['ca'], - 'key': data['client-key'], - 'crt': data['client']} -res['conf']['etcd']['credentials'] = {'ca': data['ca'], - 'key': data['server-key'], - 'certificate': data['server']} - -with open('calico_certs.yaml', 'w') as f: - yaml.dump(res, f, default_style='|') diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/cluster-info.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/cluster-info.yaml.j2 deleted file mode 100644 index 8a92fc264..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/cluster-info.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cluster-info - namespace: kube-public -data: - kubeconfig: | - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: {{ clusters[0].cluster['certificate-authority-data'] }} - server: {{ clusters[0].cluster['server'] }} - name: "" - contexts: [] - current-context: "" - kind: Config - preferences: {} - users: [] diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 deleted file mode 100644 index f23bcf578..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 +++ /dev/null @@ -1,34 +0,0 @@ -#jinja2: trim_blocks:False -apiVersion: kubeadm.k8s.io/v1beta2 -kind: ClusterConfiguration -kubernetesVersion: {{ k8s.kubernetesVersion }} -imageRepository: {{ k8s.imageRepository }} -networking: - dnsDomain: {{ k8s.networking.dnsDomain }} - podSubnet: {{ k8s.networking.podSubnet }} - serviceSubnet: {{ k8s.networking.serviceSubnet }} -controllerManager: - extraArgs: - address: "0.0.0.0" - port: "10252" - feature-gates: "PodShareProcessNamespace=true" -scheduler: - extraArgs: - address: "0.0.0.0" - port: "10251" - feature-gates: "PodShareProcessNamespace=true" -certificatesDir: {{ k8s.certificatesDir }} ---- -apiVersion: kubeadm.k8s.io/v1beta2 -localAPIEndpoint: - advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} - bindPort: {{ k8s.api.bindPort }} -bootstrapTokens: -- groups: - - system:bootstrappers:kubeadm:default-node-token - token: {{ kubeadm_bootstrap_token }} - ttl: 24h0m0s - usages: - - signing - - authentication -kind: InitConfiguration diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/webhook.kubeconfig.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/webhook.kubeconfig.j2 deleted file mode 100644 index 681c7db6d..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/webhook.kubeconfig.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -clusters: - - cluster: - insecure-skip-tls-verify: true - server: https://k8sksauth-api.kube-system.svc.cluster.local:8443/webhook - name: webhook -contexts: - - context: - cluster: webhook - user: webhook - name: webhook -current-context: webhook -kind: Config -preferences: {} -users: - - name: webhook diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml deleted file mode 100644 index a2233e6d5..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -- block: - - name: base kubeadm deploy - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/kubernetes/ - - /etc/systemd/system/kubelet.service.d/ - - /var/lib/kubelet/ - - name: copying kubeadm binary to host - copy: - src: /usr/bin/kubeadm - dest: /usr/bin/kubeadm - owner: root - group: root - mode: 365 - - debug: - msg: "{{ kubeadm_join_command }}" - - name: running kubeadm join command - command: "{{ kubeadm_join_command }}" - - name: base kubeadm deploy - file: - path: "{{ item }}" - state: absent - with_items: - - /usr/bin/kubeadm -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml deleted file mode 100644 index 9928ca014..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: DNS | Ensure node fully qualified hostname is set - lineinfile: - unsafe_writes: true - state: present - dest: /etc/hosts - line: "{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %} {% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %} {{ ansible_hostname }}" - regexp: "^{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% if kubelet.bind_device is defined %}|{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% endif %}" - -- block: - - name: DNS | Ensure node localhost ipv4 hostname is set - lineinfile: - unsafe_writes: true - state: present - dest: /etc/hosts - line: "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4" - regexp: "^127.0.0.1" - - name: DNS | Ensure node localhost ipv6 hostname is set - lineinfile: - unsafe_writes: true - state: present - dest: /etc/hosts - line: "::1 localhost6 localhost6.localdomain6" - regexp: "^::1" -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml deleted file mode 100644 index 7ea9ccf01..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml +++ /dev/null @@ -1,217 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: ubuntu or debian | installing kubelet support packages - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: "{{item}}" - state: installed - with_items: - - ebtables - - ethtool - - iproute2 - - iptables - - libmnl0 - - libnfnetlink0 - - libwrap0 - - socat - -- name: ubuntu xenial | installing kubelet support packages - when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial' - apt: - name: "{{item}}" - state: installed - with_items: - - libxtables11 - -- name: debian and ubuntu bionic | installing kubelet support packages - when: ansible_distribution == 'Debian' or ( ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'bionic' ) - apt: - name: "{{item}}" - state: installed - with_items: - - libxtables12 - -- name: centos | installing kubelet support packages - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: installed - with_items: - - ebtables - - ethtool - - tcp_wrappers-libs - - libmnl - - socat - -- name: fedora | installing kubelet support packages - when: ansible_distribution == 'Fedora' - dnf: - name: "{{item}}" - state: installed - with_items: - - ebtables - - ethtool - - tcp_wrappers-libs - - libmnl - - socat - -- name: getting docker cgroup driver info - when: kubelet.container_runtime == 'docker' - block: - - name: docker | getting cgroup driver info - shell: docker info | awk '/^Cgroup Driver:/ { print $NF }' - register: docker_cgroup_driver - args: - executable: /bin/bash - - name: setting kublet cgroup driver - set_fact: - kubelet_cgroup_driver: "{{ docker_cgroup_driver.stdout }}" - -- name: setting kublet cgroup driver for CRI-O - when: kubelet.container_runtime == 'crio' - set_fact: - kubelet_cgroup_driver: "systemd" - -- name: setting node hostname fact - set_fact: - kubelet_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}" - -- name: base kubelet deploy - block: - - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/kubernetes/ - - /etc/systemd/system/kubelet.service.d/ - - /var/lib/kubelet/ - - name: copying kubelet binary to host - copy: - src: /opt/assets/usr/bin/kubelet - dest: /usr/bin/kubelet - owner: root - group: root - mode: 365 - - name: copying base systemd unit to host - template: - src: kubelet.service.j2 - dest: /etc/systemd/system/kubelet.service - mode: 416 - - name: copying kubeadm drop-in systemd unit to host - template: - src: 10-kubeadm.conf.j2 - dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf - mode: 416 - - name: copying kubelet DNS config to host - template: - src: kubelet-resolv.conf.j2 - dest: /etc/kubernetes/kubelet-resolv.conf - mode: 416 - -- name: base cni support - block: - - file: - path: "{{ item }}" - state: directory - with_items: - - /etc/cni/net.d - - /opt/cni/bin - - name: copy cni binaries into place - copy: - src: /opt/assets/opt/cni/bin/{{ item }} - dest: /opt/cni/bin/{{ item }} - owner: root - group: root - mode: 365 - with_items: - - flannel - - ptp - - host-local - - portmap - - tuning - - vlan - # NOTE(aostapenko) absent with v0.8.5 cni - # - sample - - dhcp - - ipvlan - - macvlan - - loopback - - bridge - -- name: CRI-O runtime config - when: kubelet.container_runtime == 'crio' - block: - - name: copying CRI-O drop-in systemd unit to host - template: - src: 0-crio.conf.j2 - dest: /etc/systemd/system/kubelet.service.d/0-crio.conf - mode: 416 - - name: CRI-O | ensure service is restarted and enabled - systemd: - name: crio - state: restarted - enabled: yes - masked: no - -- name: Setup DNS redirector for fqdn testing - # NOTE(portdirect): This must be done before the K8S DNS pods attempt to - # start, so they use the dnsmasq instance to resolve upstream hostnames - when: gate.fqdn_testing|bool == true - block: - - name: Setup DNS redirector | Remove std kubelet resolv.conf - file: - path: "/etc/kubernetes/kubelet-resolv.conf" - state: absent - - name: Setup DNS redirector | Populating new kubelet resolv.conf - copy: - dest: "/etc/kubernetes/kubelet-resolv.conf" - mode: 416 - content: | - nameserver 172.17.0.1 - - name: Setup DNS redirector | Ensuring static manifests dir exists - file: - path: "/etc/kubernetes/manifests/" - state: directory - - name: Setup DNS redirector | check if an resolv-upstream.conf exists - stat: - path: /etc/resolv-upstream.conf - register: resolv_upstream_conf - - name: Setup DNS redirector | Placing pod manifest on host - when: resolv_upstream_conf.stat.exists == False - template: - src: resolv-upstream.conf.j2 - dest: /etc/resolv-upstream.conf - mode: 436 - - name: Setup DNS redirector | Placing pod manifest on host - template: - src: osh-dns-redirector.yaml.j2 - dest: /etc/kubernetes/manifests/osh-dns-redirector.yaml - mode: 416 - -- name: docker | ensure service is started and enabled - when: kubelet.container_runtime == 'docker' - systemd: - name: docker - state: started - enabled: yes - masked: no - -- name: ensure service is restarted and enabled - systemd: - name: kubelet - state: restarted - daemon_reload: yes - enabled: yes - masked: no -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml deleted file mode 100644 index 8d73d4783..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- include_tasks: support-packages.yaml - -- include_tasks: hostname.yaml - -- include_tasks: setup-dns.yaml - -- include_tasks: kubelet.yaml -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml deleted file mode 100644 index a102449a5..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: DNS | Check if NetworkManager is being used - raw: systemctl status NetworkManager --no-pager - register: network_manager_in_use - ignore_errors: True - -- name: DNS | Check if NetworkManager is managing DNS - set_fact: - network_manager_manage_dns: "{{ lookup('ini', 'dns section=main file=/etc/NetworkManager/NetworkManager.conf') }}" - ignore_errors: True - -- name: DNS | Disable network NetworkManager management of resolv.conf - when: - - network_manager_in_use is succeeded - - network_manager_manage_dns != "none" - ini_file: - path: /etc/NetworkManager/NetworkManager.conf - section: main - option: dns - value: none - -- name: DNS | load new resolv.conf - template: - unsafe_writes: yes - src: resolv.conf.j2 - dest: /etc/resolv.conf - -- name: DNS | Restarting NetworkManager - when: - - network_manager_in_use is succeeded - - network_manager_manage_dns != "none" - block: - - name: DNS | Restarting NetworkManager Service - systemd: - name: NetworkManager - state: restarted - daemon_reload: yes - enabled: yes - masked: no - - pause: - seconds: 5 - - name: DNS | Waiting for connectivity to be restored to outside world - shell: if ! [[ $(ip -4 route list 0/0 | head -c1 | wc -c) -ne 0 ]]; then exit 1; fi - register: task_result - until: task_result.rc == 0 - retries: 120 - delay: 5 - args: - executable: /bin/bash -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml deleted file mode 100644 index 2eea44413..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: installing community ceph repository - when: kubelet.pv_support_ceph - block: - - name: ubuntu | ensure community ceph repository key is installed - when: ansible_distribution == "Ubuntu" - shell: wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add - - - - name: ubuntu | ensure community ceph repository exists - when: ansible_distribution == 'Ubuntu' - apt_repository: - repo: "deb https://download.ceph.com/debian-nautilus/ {{ ansible_lsb.codename }} main" - state: present - update_cache: yes - - - name: centos | ensure community ceph repository exists - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum_repository: - name: ceph - description: "Ceph community packages for Redhat/Centos" - gpgkey: "https://download.ceph.com/keys/release.asc" - baseurl: "https://download.ceph.com/rpm-nautilus/el7/$basearch" - gpgcheck: yes - state: present - -- name: centos | installing epel-release - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: installed - with_items: - - epel-release - -- name: centos | installing SElinux support packages - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: installed - with_items: - - libselinux-python - -- name: fedora | installing SElinux support packages - when: ansible_distribution == 'Fedora' - dnf: - name: "{{item}}" - state: installed - with_items: - - libselinux-python - -- name: installing ceph support packages - when: kubelet.pv_support_ceph - block: - - name: ubuntu | installing packages - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: "{{item}}" - state: latest - with_items: - - ceph-common - - rbd-nbd - - - name: ubuntu | uninstall packages - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: "{{item}}" - state: absent - with_items: - - ceph - - - name: centos | installing packages - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: latest - with_items: - - ceph-common - - rbd-nbd - - - name: centos | installing packages - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: absent - with_items: - - ceph - -- name: blacklist kernel RBD driver module - when: kubelet.pv_support_ceph - copy: - dest: "/etc/modprobe.d/rbd.conf" - content: "install rbd /bin/true" - -- when: kubelet.pv_support_nfs - name: installing NFS support packages - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - nfs-common - rpm: - - nfs-utils - -- name: installing LinuxBridge support - when: kubelet.net_support_linuxbridge - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - bridge-utils - rpm: - - bridge-utils -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/0-crio.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/0-crio.conf.j2 deleted file mode 100644 index 52500ed9c..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/0-crio.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --image-service-endpoint /var/run/crio.sock --container-runtime-endpoint /var/run/crio.sock" diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 deleted file mode 100644 index ef8bb92ea..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[Service] -User=root -Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" -Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver={{ kubelet_cgroup_driver }}" -Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}" -Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf" -Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" -Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki" -Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}" -Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=PodShareProcessNamespace=true" -#ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux -ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet-resolv.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet-resolv.conf.j2 deleted file mode 100644 index 671726faf..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet-resolv.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for nameserver in external_dns_nameservers %} -nameserver {{ nameserver }} -{% endfor %} diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet.service.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet.service.j2 deleted file mode 100644 index 46fcdd467..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/kubelet.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=kubelet: The Kubernetes Node Agent -Documentation=http://kubernetes.io/docs/ - -[Service] -ExecStartPre=/sbin/swapoff -a -ExecStartPre=/bin/bash -cex "modprobe br_netfilter" -ExecStartPre=/bin/bash -cex "echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables" -ExecStart=/usr/bin/kubelet -Restart=always -StartLimitInterval=0 -RestartSec=10 - -[Install] -WantedBy=multi-user.target diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/osh-dns-redirector.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/osh-dns-redirector.yaml.j2 deleted file mode 100644 index 0ff2b3be4..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/osh-dns-redirector.yaml.j2 +++ /dev/null @@ -1,36 +0,0 @@ -#jinja2: trim_blocks:False -apiVersion: v1 -kind: Pod -metadata: - name: osh-dns-redirector - namespace: kube-system -spec: - hostNetwork: true - containers: - - name: osh-dns-redirector - image: docker.io/openstackhelm/neutron:newton - securityContext: - capabilities: - add: - - NET_ADMIN - runAsUser: 0 - command: - - dnsmasq - - --keep-in-foreground - - --no-hosts - - --bind-interfaces - - --all-servers - - --address - - /{{ gate.fqdn_tld }}/{{ gate.ingress_ip }} - # NOTE(portdirect): just listen on the docker0 interface - - --listen-address - - 172.17.0.1 - volumeMounts: - - mountPath: /etc/resolv.conf - name: resolv-conf - readOnly: true - volumes: - - name: resolv-conf - hostPath: - path: /etc/resolv-upstream.conf - type: FileOrCreate diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv-upstream.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv-upstream.conf.j2 deleted file mode 100644 index cca51052d..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv-upstream.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{% for nameserver in external_dns_nameservers %} -nameserver {{ nameserver }} -{% endfor %} -options timeout:1 attempts:1 diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv.conf.j2 deleted file mode 100644 index 517686a48..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/resolv.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -search svc.{{ k8s.networking.dnsDomain }} {{ k8s.networking.dnsDomain }} -nameserver 10.96.0.10 -{% for nameserver in external_dns_nameservers %} -nameserver {{ nameserver }} -{% endfor %} -options ndots:5 timeout:1 attempts:1 diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml deleted file mode 100644 index 2a81698b3..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: ubuntu | installing packages - become: true - become_user: root - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: "{{item}}" - state: present - with_items: "{{ packages.deb }}" - -- name: centos | installing packages - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - yum: - name: "{{item}}" - state: present - with_items: "{{ packages.rpm }}" - -- name: fedora | installing packages - become: true - become_user: root - when: ansible_distribution == 'Fedora' - dnf: - name: "{{item}}" - state: present - with_items: "{{ packages.rpm }}" -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml deleted file mode 100644 index 1fb8609d3..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: "installing python {{ package }}" - become: true - become_user: root - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - pip: - name: "{{ package }}" -... diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml deleted file mode 100644 index f37b2cf9b..000000000 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - ---- -all: - vars: - ansible_python_interpreter: python3 - my_container_name: null - user: - uid: null - gid: null - home: null - external_dns_nameservers: - - 8.8.8.8 - - 8.8.4.4 - calico: - prometheus_port: 9091 - cluster: - cni: calico - cni_host_ip: 10.96.232.136 - kubelet: - container_runtime: docker - net_support_linuxbridge: true - pv_support_ceph: true - pv_support_nfs: true - bind_device: null - helm: - tiller_image: ghcr.io/helm/tiller:v2.17.0 - k8s: - kubernetesVersion: v1.19.15 - imageRepository: k8s.gcr.io - certificatesDir: /etc/kubernetes/pki - selfHosted: false - keystoneAuth: false - api: - bindPort: 6443 - # NOTE(portdirect): The following is a custom key, which resolves the - # 'advertiseAddress' key dynamicly. - advertiseAddressDevice: null - networking: - dnsDomain: cluster.local - podSubnet: 192.168.0.0/16 - serviceSubnet: 10.96.0.0/12 - gate: - fqdn_testing: false - ingress_ip: 127.0.0.1 - fqdn_tld: openstackhelm.test -... diff --git a/tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py b/tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py deleted file mode 100755 index c55847cf7..000000000 --- a/tools/images/kubeadm-aio/assets/usr/bin/test-kube-api.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env python - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from kubernetes import client, config -config.load_kube_config() -# create an instance of the API class -api_instance = client.VersionApi() -api_instance.get_code() diff --git a/tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready b/tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready deleted file mode 100755 index dd48a9934..000000000 --- a/tools/images/kubeadm-aio/assets/usr/bin/test-kube-pods-ready +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e -NAMESPACE=$1 - -kubectl get pods --namespace=${NAMESPACE} -o json | jq -r \ - '.items[].status.phase' | grep Pending > /dev/null && \ - PENDING=True || PENDING=False - -query='.items[]|select(.status.phase=="Running")' -query="$query|.status.containerStatuses[].ready" -kubectl get pods --namespace=${NAMESPACE} -o json | jq -r "$query" | \ - grep false > /dev/null && READY="False" || READY="True" - -kubectl get jobs -o json --namespace=${NAMESPACE} | jq -r \ - '.items[] | .spec.completions == .status.succeeded' | \ - grep false > /dev/null && JOBR="False" || JOBR="True" -[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \ - exit 0 || exit 1 diff --git a/tools/images/kubeadm-aio/sources.list b/tools/images/kubeadm-aio/sources.list deleted file mode 100644 index ee1f99668..000000000 --- a/tools/images/kubeadm-aio/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb %%UBUNTU_URL%% bionic main universe -deb %%UBUNTU_URL%% bionic-updates main universe -deb %%UBUNTU_URL%% bionic-backports main universe -deb %%UBUNTU_URL%% bionic-security main universe