Add osh ingress (#249)
* feat: add OpenstackHelmIngress
* chore: drop certbuilder deps
* chore: shave more deps
* feat: added openstackhelmrabbitmqclusters
* fix: install cert-manager first
* test: fix integration tests
* test: fix e2e tests
* tests: describe and get all resources
* fix: change default image repo to be none
* fix: solve when no override_registry
* fix: add annotation + labels
* fix: move more reesources to helm
* fix: add more dependencies
* chore: move services out of flows
* chore: build dependencies
* fix: drops deps from ApplyPerconaXtraDBClusterTask
* fix: add wait_for_pxc role to avoid race conditions
* fix: solve rabbitmq for magnum
* fix: clean-up filter_annotations
* chore: increase wait_timeout for secret waiting
diff --git a/roles/atmosphere/templates/crds.yml b/roles/atmosphere/templates/crds.yml
index 2a31263..db56695 100644
--- a/roles/atmosphere/templates/crds.yml
+++ b/roles/atmosphere/templates/crds.yml
@@ -2,6 +2,58 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
+ name: openstackhelmrabbitmqclusters.atmosphere.vexxhost.com
+spec:
+ scope: Namespaced
+ group: atmosphere.vexxhost.com
+ names:
+ kind: OpenstackHelmRabbitmqCluster
+ plural: openstackhelmrabbitmqclusters
+ singular: openstackhelmrabbitmqcluster
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: openstackhelmingresses.atmosphere.vexxhost.com
+spec:
+ scope: Namespaced
+ group: atmosphere.vexxhost.com
+ names:
+ kind: OpenstackHelmIngress
+ plural: openstackhelmingresses
+ singular: openstackhelmingress
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
name: clouds.atmosphere.vexxhost.com
spec:
scope: Namespaced
diff --git a/roles/atmosphere/templates/deployment.yml b/roles/atmosphere/templates/deployment.yml
index 64066dc..3242dd0 100644
--- a/roles/atmosphere/templates/deployment.yml
+++ b/roles/atmosphere/templates/deployment.yml
@@ -19,11 +19,6 @@
containers:
- name: operator
image: "{{ atmosphere_image }}"
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
volumeMounts:
- name: config
mountPath: /etc/atmosphere
diff --git a/roles/atmosphere/vars/main.yml b/roles/atmosphere/vars/main.yml
index 8801f39..31b9832 100644
--- a/roles/atmosphere/vars/main.yml
+++ b/roles/atmosphere/vars/main.yml
@@ -1,5 +1,5 @@
_atmosphere_cloud_spec:
- imageRepository: "{{ atmosphere_image_repository | default('quay.io/vexxhost') }}"
+ imageRepository: "{{ atmosphere_image_repository | default(None) }}"
ingressClassName: "{{ openstack_helm_ingress_class_name | default('openstack') }}"
certManagerClusterIssuer: "{{ openstack_helm_ingress_cluster_issuer | default('atmosphere') }}"
regionName: "{{ openstack_helm_endpoints_region_name }}"
diff --git a/roles/certificates/tasks/main.yml b/roles/certificates/tasks/main.yml
index 4cdb916..e47b897 100644
--- a/roles/certificates/tasks/main.yml
+++ b/roles/certificates/tasks/main.yml
@@ -25,7 +25,7 @@
namespace: cert-manager
wait: true
wait_sleep: 1
- wait_timeout: 300
+ wait_timeout: 600
register: _openstack_helm_root_secret
- name: Copy CA certificate on host
diff --git a/roles/openstack_helm_barbican/meta/main.yml b/roles/openstack_helm_barbican/meta/main.yml
index f479c17..3f8b4a4 100644
--- a/roles/openstack_helm_barbican/meta/main.yml
+++ b/roles/openstack_helm_barbican/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_cinder/meta/main.yml b/roles/openstack_helm_cinder/meta/main.yml
index e44991a..83f86ce 100644
--- a/roles/openstack_helm_cinder/meta/main.yml
+++ b/roles/openstack_helm_cinder/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_designate/meta/main.yml b/roles/openstack_helm_designate/meta/main.yml
index c0d03fc..469958a 100644
--- a/roles/openstack_helm_designate/meta/main.yml
+++ b/roles/openstack_helm_designate/meta/main.yml
@@ -24,3 +24,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_glance/meta/main.yml b/roles/openstack_helm_glance/meta/main.yml
index d286883..baf7a6d 100644
--- a/roles/openstack_helm_glance/meta/main.yml
+++ b/roles/openstack_helm_glance/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: openstacksdk
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_heat/meta/main.yml b/roles/openstack_helm_heat/meta/main.yml
index 3a7140b..57e2e1c 100644
--- a/roles/openstack_helm_heat/meta/main.yml
+++ b/roles/openstack_helm_heat/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_horizon/meta/main.yml b/roles/openstack_helm_horizon/meta/main.yml
index f101c63..f0271e3 100644
--- a/roles/openstack_helm_horizon/meta/main.yml
+++ b/roles/openstack_helm_horizon/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_ingress/tasks/main.yml b/roles/openstack_helm_ingress/tasks/main.yml
index 8ba0a52..cf2b287 100644
--- a/roles/openstack_helm_ingress/tasks/main.yml
+++ b/roles/openstack_helm_ingress/tasks/main.yml
@@ -16,26 +16,13 @@
kubernetes.core.k8s:
state: present
definition:
- apiVersion: v1
- kind: Ingress
+ apiVersion: atmosphere.vexxhost.com/v1alpha1
+ kind: OpenstackHelmIngress
metadata:
name: "{{ openstack_helm_ingress_endpoint | replace('_', '-') }}"
namespace: openstack
- annotations: "{{ _openstack_helm_ingress_annotations | combine(openstack_helm_ingress_annotations, recursive=True) }}"
+ annotations: "{{ openstack_helm_ingress_annotations }}"
spec:
+ clusterIssuer: "{{ openstack_helm_ingress_cluster_issuer | default('atmosphere') }}"
ingressClassName: "{{ openstack_helm_ingress_class_name | default('openstack') }}"
- rules:
- - host: "{{ openstack_helm_endpoints[openstack_helm_ingress_endpoint]['host_fqdn_override']['public']['host'] }}"
- http:
- paths: "{{ _openstack_helm_ingress_paths }}"
- tls:
- - secretName: "{{ openstack_helm_ingress_secret_name | default(openstack_helm_ingress_service_name + '-certs') }}"
- hosts:
- - "{{ openstack_helm_endpoints[openstack_helm_ingress_endpoint]['host_fqdn_override']['public']['host'] }}"
- # NOTE(mnaser): The Atmosphere operator is so fast that the Ingress webhook
- # is not up yet by the time we run this for the first time, so
- # we retry until we let the operator handle creating the ingress.
- retries: 60
- delay: 5
- register: _result
- until: _result is not failed
+ host: "{{ openstack_helm_endpoints[openstack_helm_ingress_endpoint]['host_fqdn_override']['public']['host'] }}"
diff --git a/roles/openstack_helm_ingress/vars/main.yml b/roles/openstack_helm_ingress/vars/main.yml
deleted file mode 100644
index 0af5c42..0000000
--- a/roles/openstack_helm_ingress/vars/main.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright (c) 2022 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-_openstack_helm_ingress_annotations:
- cert-manager.io/cluster-issuer: "{{ openstack_helm_ingress_cluster_issuer | default('atmosphere') }}"
-
-_openstack_helm_ingress_paths: "{{ openstack_helm_ingress_paths + __openstack_helm_ingress_paths }}"
-__openstack_helm_ingress_paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: "{{ openstack_helm_ingress_service_name }}"
- port:
- number: "{{ openstack_helm_ingress_service_port }}"
diff --git a/roles/openstack_helm_keystone/meta/main.yml b/roles/openstack_helm_keystone/meta/main.yml
index 4929cc5..0fcab44 100644
--- a/roles/openstack_helm_keystone/meta/main.yml
+++ b/roles/openstack_helm_keystone/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_magnum/meta/main.yml b/roles/openstack_helm_magnum/meta/main.yml
index f2e80be..9b7fe68 100644
--- a/roles/openstack_helm_magnum/meta/main.yml
+++ b/roles/openstack_helm_magnum/meta/main.yml
@@ -25,5 +25,6 @@
dependencies:
- role: openstacksdk
- role: openstack_cli
+ - role: wait_for_pxc
- role: openstack_helm_barbican
- role: openstack_helm_octavia
diff --git a/roles/openstack_helm_neutron/meta/main.yml b/roles/openstack_helm_neutron/meta/main.yml
index ba41c29..b56ee77 100644
--- a/roles/openstack_helm_neutron/meta/main.yml
+++ b/roles/openstack_helm_neutron/meta/main.yml
@@ -26,3 +26,4 @@
dependencies:
- role: atmosphere
- role: openstacksdk
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_nova/meta/main.yml b/roles/openstack_helm_nova/meta/main.yml
index ad12692..2812822 100644
--- a/roles/openstack_helm_nova/meta/main.yml
+++ b/roles/openstack_helm_nova/meta/main.yml
@@ -26,3 +26,4 @@
dependencies:
- role: atmosphere
- role: openstacksdk
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_octavia/meta/main.yml b/roles/openstack_helm_octavia/meta/main.yml
index 181e9ad..96b62d3 100644
--- a/roles/openstack_helm_octavia/meta/main.yml
+++ b/roles/openstack_helm_octavia/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: openstacksdk
- role: openstack_cli
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_placement/meta/main.yml b/roles/openstack_helm_placement/meta/main.yml
index c83011a..37a83d9 100644
--- a/roles/openstack_helm_placement/meta/main.yml
+++ b/roles/openstack_helm_placement/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/openstack_helm_senlin/meta/main.yml b/roles/openstack_helm_senlin/meta/main.yml
index 4c25fbe..73308ad 100644
--- a/roles/openstack_helm_senlin/meta/main.yml
+++ b/roles/openstack_helm_senlin/meta/main.yml
@@ -25,3 +25,4 @@
dependencies:
- role: atmosphere
+ - role: wait_for_pxc
diff --git a/roles/wait_for_pxc/README.md b/roles/wait_for_pxc/README.md
new file mode 100644
index 0000000..918f313
--- /dev/null
+++ b/roles/wait_for_pxc/README.md
@@ -0,0 +1,4 @@
+# wait_for_pxc
+
+This is a meta-role which should be used as a dependency for now to allow the
+Ansible roles to wait for the PXC cluster to be ready before proceeding.
diff --git a/roles/wait_for_pxc/tasks/main.yml b/roles/wait_for_pxc/tasks/main.yml
new file mode 100644
index 0000000..5fa3637
--- /dev/null
+++ b/roles/wait_for_pxc/tasks/main.yml
@@ -0,0 +1,12 @@
+- name: Wait until Percona XtraDB Cluster is ready
+ kubernetes.core.k8s_info:
+ api_version: pxc.percona.com/v1
+ kind: PerconaXtraDBCluster
+ name: percona-xtradb
+ namespace: openstack
+ wait_sleep: 1
+ wait_timeout: 600
+ wait: true
+ wait_condition:
+ type: ready
+ status: true