zuul/zuul-jobs
Code Issues Proposed changes
zuul-jobs/roles/ensure-kubernetes/tasks/minikube.yaml
Jan Gutter 83bfd5b917
Update ensure-kubernetes with podman support 
* This adds some extra options to the ensure-kubernetes role:
  * podman + cri-o can now be used for testing
  * This mode seems to be slightly more supported than the
    current profiles.
* The location for minikube install can be moved.
* The use-buildset-registry role needed slight updates in order
  to populate the kubernetes registry config early.

Change-Id: Ia578f1e00432eec5d81304f70db649e420786a02
2024-08-22 20:50:39 +01:00

323 lines
10 KiB
YAML
Raw Blame History

# The following set_facts are used to select individual parameters from
# profiles.
- name: Set the minikube parameters for cri-o
set_fact:
ensure_kubernetes_minikube_runtime: cri-o
ensure_kubernetes_minikube_driver: none
ensure_kubernetes_container_provider: docker
when: kubernetes_runtime == 'cri-o'
- name: Set the minikube parameters for docker
set_fact:
ensure_kubernetes_minikube_runtime: docker
ensure_kubernetes_minikube_driver: none
ensure_kubernetes_container_provider: docker
when: kubernetes_runtime == 'docker'
- name: Set the minikube parameters for podman+cri-o
set_fact:
ensure_kubernetes_minikube_runtime: cri-o
ensure_kubernetes_minikube_driver: podman
ensure_kubernetes_container_provider: podman
when: kubernetes_runtime == 'podman'
- name: Check for Minikube install
stat:
path: "{{ ensure_kubernetes_bin_path }}/minikube"
register: stat_result
# This is needed because minikube is installed in /tmp
- name: Disable protections for races in /tmp
sysctl:
name: fs.protected_regular
value: '0'
sysctl_set: true
state: present
reload: true
become: true
when: '"/tmp" == ensure_kubernetes_bin_path'
- name: Download Minikube
become: true
get_url:
url: https://storage.googleapis.com/minikube/releases/{{ minikube_version }}/minikube-linux-amd64
dest: "{{ ensure_kubernetes_bin_path }}/minikube"
mode: 0755
when: not stat_result.stat.exists
- name: Install kubectl as minikube
become: true
file:
src: "{{ ensure_kubernetes_bin_path }}/minikube"
dest: /usr/local/bin/kubectl
state: link
- name: Get the kubernetes version
command: >-
{{ ensure_kubernetes_bin_path }}/minikube kubectl --
version --client=true --output=json
changed_when: False
register: ensure_kubernetes_kubectl_version_result
- name: Set the kubernetes version
vars:
kubectl_version: >-
{{ ensure_kubernetes_kubectl_version_result.stdout | from_json }}
set_fact:
ensure_kubernetes_kubectl_version: >-
v{{ kubectl_version['clientVersion']['major'] }}.{{ kubectl_version['clientVersion']['minor'] }}
- name: Load the role for the minikube container provider
include_role:
name: "ensure-{{ ensure_kubernetes_container_provider }}"
# Ubuntu doesn't have cri-o packages, a per distro task is required to install
# cri-o. We only need to install cri-o if we're using the 'none' driver.
- name: Install cri-o when needed
block:
- name: Install crio
# Note this is required even for the docker runtime, as minikube only
# supports cri now. See below for the docker wrapper
include_tasks: "{{ zj_distro_os }}"
with_first_found:
- "crio-{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "crio-default.yaml"
loop_control:
loop_var: zj_distro_os
# See: https://github.com/kubernetes/minikube/issues/13816
- name: Add missing crio.conf.d folder
file:
path: /etc/crio/crio.conf.d
state: directory
mode: 0755
become: true
- name: Fix missing 02-crio.conf
copy:
content: |
[crio.image]
# pause_image = ""
[crio.network]
# cni_default_network = ""
[crio.runtime]
# cgroup_manager = ""
dest: /etc/crio/crio.conf.d/02-crio.conf
mode: 0644
become: true
when:
- ensure_kubernetes_minikube_runtime == 'cri-o'
- ensure_kubernetes_minikube_driver == 'none'
- name: Create directories
file:
path: "{{ zj_mkdir }}"
state: directory
mode: 0755
loop_control:
loop_var: zj_mkdir
loop:
- "{{ ansible_user_dir }}/.kube"
- "{{ ansible_user_dir }}/.minikube/files/etc/containers"
- "{{ ansible_user_dir }}/.minikube/certs"
- name: Create .kube/config file
file:
path: "{{ ansible_user_dir }}/.kube/config"
state: touch
mode: 0644
- name: Create .minikube/files/etc/containers/ directory
file:
path: "{{ ansible_user_dir }}/.minikube/files/etc/containers"
state: directory
mode: 0755
- name: Update registries.conf if a buildset registry is used
block:
- name: Use buildset registry
include_role:
name: use-buildset-registry
tasks_from: containers-registry-config.yaml
vars:
buildset_registry_docker_user: root
- name: Set registries.conf for minikube
copy:
src: /etc/containers/registries.conf
dest: >-
{{ ansible_user_dir }}/.minikube/files/etc/containers/registries.conf
remote_src: true
mode: "0444"
- name: Write buildset registry TLS certificate
copy:
content: "{{ buildset_registry.cert }}"
dest: "{{ ansible_user_dir}}/.minikube/certs/buildset.pem"
mode: preserve
when: buildset_registry.cert
when: buildset_registry is defined
- name: Write resolv.conf for minikube
template:
src: resolv.conf.j2
dest: "{{ ansible_user_dir }}/.minikube/files/etc/resolv.conf"
mode: "0444"
when: minikube_dns_resolvers|length>0
- name: Enable extra cri-o debugging
block:
- name: Create .minikube/files/etc/default directory
file:
path: "{{ ansible_user_dir }}/.minikube/files/etc/default"
state: directory
mode: 0755
- name: Enable debugging for cri-o
copy:
content: |
CRIO_CONFIG_OPTIONS="--log-level debug"
dest: "{{ ansible_user_dir }}/.minikube/files/etc/default/crio"
mode: "0644"
when: ensure_kubernetes_debug_crio | bool
# See https://github.com/kubernetes/minikube/issues/14410
- name: Setup cri-dockerd
when: ensure_kubernetes_minikube_runtime == 'docker'
become: yes
block:
- name: Check for pre-existing cri-docker service
stat:
path: '/etc/system/cri-docker.service'
register: _cri_docker
- name: Install cri-docker
when: not _cri_docker.stat.exists
shell: |
set -x
VER=$(curl -s https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest|grep tag_name | cut -d '"' -f 4|sed 's/v//g')
DL=$(mktemp -d)
pushd ${DL}
wget https://github.com/Mirantis/cri-dockerd/releases/download/v${VER}/cri-dockerd-${VER}.amd64.tgz
tar xvf cri-dockerd-${VER}.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/v${VER}/packaging/systemd/cri-docker.service
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/v${VER}/packaging/systemd/cri-docker.socket
sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/
sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
popd
rm -rf ${DL}
systemctl daemon-reload
args:
executable: '/bin/bash'
# minikube has a hard-coded cri-docker setup step that writes out
# /etc/systemd/system/cri-docker.service.d/10-cni.conf
# which overrides the ExecStart with CNI arguments. This seems to
# be written to assume different packages than we have on Ubuntu
# Jammy -- containernetworking-plugins is a native package and is
# in /usr/lib, whereas the OpenSuse kubic versions are in /opt.
# We thus add an 11-* config to override the override with
# something that works ... see
# https://github.com/kubernetes/minikube/issues/15320
- name: Correct override for native packages
when: ansible_distribution_release == 'jammy'
block:
- name: Make override dir
file:
state: directory
path: /etc/systemd/system/cri-docker.service.d
owner: root
group: root
mode: '0755'
- name: Override cri-docker
template:
src: 11-cri-docker-override.conf.j2
dest: /etc/systemd/system/cri-docker.service.d/11-cri-docker-override.conf
owner: root
group: root
mode: '0644'
- name: Ensure cri-dockerd running
service:
name: cri-docker
state: started
- name: Start Minikube
command: >-
{{ ensure_kubernetes_bin_path }}/minikube start
--v=7
--driver={{ ensure_kubernetes_minikube_driver }}
--container-runtime={{ ensure_kubernetes_minikube_runtime }}
{% for _addon in ensure_kubernetes_minikube_addons %}
--addons={{ _addon }}
{% endfor %}
{{ '--network-plugin=cni' if kubernetes_runtime == 'cri-o' }}
--embed-certs
{% if ensure_kubernetes_minikube_driver == 'podman' %}
--cpus={{ ensure_kubernetes_minikube_cpus }}
--memory={{ ensure_kubernetes_minikube_memory }}
{% endif %}
environment:
MINIKUBE_WANTUPDATENOTIFICATION: false
MINIKUBE_WANTREPORTERRORPROMPT: false
MINIKUBE_WANTNONEDRIVERWARNING: false
MINIKUBE_WANTKUBECTLDOWNLOADMSG: false
CHANGE_MINIKUBE_NONE_USER: true
MINIKUBE_HOME: "{{ ansible_user_dir }}"
KUBECONFIG: "{{ ansible_user_dir }}/.kube/config"
- name: Get KUBECONFIG
command: "kubectl config view"
register: kubeconfig_yaml
- name: Parse KUBECONFIG YAML
set_fact:
kube_config: "{{ kubeconfig_yaml.stdout | from_yaml }}"
- name: Get cluster info
command: kubectl cluster-info
- name: Concatenate the dns resolvers
# This is a hack to solve a temp problem.
# The problem is related to the resolv conf auto-setting function of the minikube v1.10.x.
# Zuul uses ubound as a DNS caching, so the systemd resolv has localhost.
# To avoid the coreDNS loop, we specified nameservers explicitly and overrided the for the minikube.
# But the new version is appending the systemd resolv conf always. i.e. coreDNS loop.
set_fact:
dns_resolvers: "{{ minikube_dns_resolvers | join(' ') }}"
when: minikube_dns_resolvers|length>0
- name: Patch coreDNS corefile with the specified dns resolvers
command: |
kubectl patch cm coredns -n kube-system --patch="
data:
Corefile: |
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . {{ dns_resolvers }}
cache 30
loop
reload
loadbalance
}"
when: minikube_dns_resolvers|length>0
- name: Rollout coreDNS deployment
command: |
kubectl rollout restart deploy/coredns -n kube-system
when: minikube_dns_resolvers|length>0
View Git Blame Copy Permalink