Fix zuul settings to use latest kuryr-kubernetes

kuryr-kubernetes patch [1] that changes to use kubeadm for
installing Kubernetes on devstack.

A patch [2] was previously created to address the change, but the fix
used kuryr-Kubernetes stable/wallaby as a temporary fix.

This patch fixes to use latest kuryr-kubernetes.

* Change the ".zuul.yaml" setting to use the latest kuryr-kubernetes.
* Add the process of creating a ServiceAccount and change the vim
  authentication method to bearer_token. This is because
  kuryr-kubernetes does not create an admin ServiceAccount by default.

[1] https://review.opendev.org/c/openstack/kuryr-kubernetes/+/779250
[2] https://review.opendev.org/c/openstack/tacker/+/791252

Change-Id: Ib64183b5e978774811f51f8af0f4590a20ced856
This commit is contained in:
Ayumu Ueha 2021-07-13 04:58:30 +00:00 committed by ueha.ayumu
parent 361465b877
commit 3145e3cc37
4 changed files with 75 additions and 15 deletions

View File

@ -299,10 +299,7 @@
- openstack/heat - openstack/heat
- openstack/horizon - openstack/horizon
- openstack/keystone - openstack/keystone
# TODO(ueha): temporarily use stable/wallaby branch for solve FT error. - openstack/kuryr-kubernetes
# After confirming that it works in the master branch, modify it.
- name: openstack/kuryr-kubernetes
override-branch: stable/wallaby
- openstack/mistral - openstack/mistral
- openstack/neutron - openstack/neutron
- openstack/nova - openstack/nova
@ -387,10 +384,7 @@
kuryr-kubernetes: https://opendev.org/openstack/kuryr-kubernetes kuryr-kubernetes: https://opendev.org/openstack/kuryr-kubernetes
devstack_services: devstack_services:
etcd3: false etcd3: false
kubelet: true kubernetes-master: true
kubernetes-api: true
kubernetes-controller-manager: true
kubernetes-scheduler: true
kuryr-daemon: true kuryr-daemon: true
kuryr-kubernetes: true kuryr-kubernetes: true
octavia: false octavia: false
@ -406,13 +400,12 @@
CELLSV2_SETUP: singleconductor CELLSV2_SETUP: singleconductor
DATABASE_TYPE: mysql DATABASE_TYPE: mysql
IS_ZUUL_FT: True IS_ZUUL_FT: True
K8S_API_SERVER_IP: "{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}"
KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}" KEYSTONE_SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
KURYR_FORCE_IMAGE_BUILD: true KURYR_FORCE_IMAGE_BUILD: true
KURYR_K8S_API_PORT: 8080 KURYR_K8S_API_PORT: 6443
KURYR_K8S_API_URL: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:${KURYR_K8S_API_PORT}" KURYR_K8S_API_URL: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:${KURYR_K8S_API_PORT}"
KURYR_K8S_CLOUD_PROVIDER: false
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: false KURYR_K8S_CONTAINERIZED_DEPLOYMENT: false
KURYR_K8S_MULTI_WORKER_TESTS: false
KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID: shared-default-subnetpool-v4 KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID: shared-default-subnetpool-v4
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}" MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
OCTAVIA_AMP_IMAGE_FILE: "/tmp/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2" OCTAVIA_AMP_IMAGE_FILE: "/tmp/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2"
@ -471,7 +464,7 @@
$OCTAVIA_CONF: $OCTAVIA_CONF:
controller_worker: controller_worker:
amp_active_retries: 9999 amp_active_retries: 9999
kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080" kuryr_k8s_api_url: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:6443"
helm_version: "3.5.4" helm_version: "3.5.4"
test_matrix_configs: [neutron] test_matrix_configs: [neutron]
zuul_work_dir: src/opendev.org/openstack/tacker zuul_work_dir: src/opendev.org/openstack/tacker

View File

@ -0,0 +1,23 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile

View File

@ -66,6 +66,41 @@
when: when:
- inventory_hostname == 'controller-tacker' - inventory_hostname == 'controller-tacker'
- block:
- name: Copy create_admin_token.yaml
copy:
src: "create_admin_token.yaml"
dest: "/tmp/create_admin_token.yaml"
mode: 0644
owner: stack
group: stack
become: yes
- name: Create admin ServiceAccount
command: kubectl create -f /tmp/create_admin_token.yaml
become: yes
become_user: stack
- name: Get admin secret name
shell: >
kubectl get secrets -n kube-system -o name
| grep admin-token
register: admin_secret_name
become: yes
become_user: stack
- name: Get admin token from described secret
shell: >
kubectl get {{ admin_secret_name.stdout }} -n kube-system -o jsonpath="{.data.token}"
| base64 -d
register: admin_token
become: yes
become_user: stack
when:
- inventory_hostname == 'controller-k8s'
- kuryr_k8s_api_url is defined
- block: - block:
- name: Copy tools/test-setup-k8s-vim.sh - name: Copy tools/test-setup-k8s-vim.sh
copy: copy:
@ -126,6 +161,16 @@
when: when:
- p.stat.exists - p.stat.exists
- name: Replace k8s auth token in local-k8s-vim.yaml
replace:
path: "{{ item }}"
regexp: "secret_token"
replace: "{{ hostvars['controller-k8s'].admin_token.stdout }}"
with_items:
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
when:
- p.stat.exists
- name: Replace the config file path in the test-setup-k8s-vim.sh - name: Replace the config file path in the test-setup-k8s-vim.sh
replace: replace:
path: "{{ zuul_work_dir }}/tools/test-setup-k8s-vim.sh" path: "{{ zuul_work_dir }}/tools/test-setup-k8s-vim.sh"

View File

@ -1,6 +1,5 @@
auth_url: "https://127.0.0.1:6443" auth_url: "https://127.0.0.1:6443"
username: "admin" bearer_token: "secret_token"
password: "admin"
project_name: "default" project_name: "default"
ssl_ca_cert: None ssl_ca_cert: None
type: "kubernetes" type: "kubernetes"