tacker/roles/setup-k8s-oidc
Yoshiro Watanabe 0d29292e00 Alternative to "kuryr-kubernetes"
This patch replaces the "kuryr-kubernetes" handling used by tacker's
FT to build the k8s environment with "devstack-plugin-container".
Also, with the update of devstack-plugin-container, k8s, cri-o and
helm will be upgraded.

k8s: 1.26.8 -> 1.30.5
crio: 1.26 -> 1.30.5
helm: 3.11.3 -> 3.15.4

The following is a summary of the fixes in this patch.

* Remove plugins and settings related to kuryr-kubernetes
* Rename parameters with "kuryr"
* Modify devstack-plugin-container to be used in FT k8s environment
  build
* Add parameters required by devstack-plugin-container

Also, the following is a list of problems that occurred when setting
up the k8s environment with devstack-plugin-container and how to fix
them.

Cannot get bearer_token value:
- modified file: roles/setup-default-vim/tasks/main.yaml
- The task "Get admin token from described secret" of the Ansible
  role "setup-default-vim" failed to obtain the value of
  bearer_token, which is set as a parameter when creating vim,
  causing an error. Retrying to obtain token fixed the problem.

Unknown error in "Create clusterrolebinding on k8s server" task:
- modified file: roles/setup-k8s-nodes/tasks/main.yaml
- In task "Create clusterrolebinding on k8s server" in Ansible role
  "setup-k8s-oidc", `failed to download openapi: unknown;` error
  occurred. The cause was that the pod status of kube-apiserver was
  "Pending" after executing the previous "Wait for k8s apiserver to
  restart" task. The error was fixed by waiting for the Pod status
  to reach the "Running" state.

"cni0" is not assigned the intended IP address:
- added file: roles/restart-kubelet-service/tasks/main.yaml
- When using devstack-plugin-container to create a k8s environment
  and deploy a Pod, the Pod deployment fails with the error `network:
  failed to set bridge addr: "cni0" already has an IP address
  different from 10.x.x.x`. Removing the associated interface and
  restarting the service cleared the error.

Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-container/+/926709
Change-Id: I596a2339f6a3c78fee99b92d7bfb65a6b0244901
2024-10-02 09:08:06 +00:00
..
defaults Add OpenID Connect Token Auth for k8s 2022-09-12 01:26:53 +00:00
files Replace CRLF by LF 2024-03-15 01:02:00 +09:00
tasks Alternative to "kuryr-kubernetes" 2024-10-02 09:08:06 +00:00