fix: implement isolated clusters
diff --git a/internal/pkg/image_repositories/build_workflow.go b/internal/pkg/image_repositories/build_workflow.go
index a5b48e7..b152947 100644
--- a/internal/pkg/image_repositories/build_workflow.go
+++ b/internal/pkg/image_repositories/build_workflow.go
@@ -41,7 +41,7 @@
"glance": "glance_store[cinder]",
"horizon": "git+https://github.com/openstack/designate-dashboard.git@stable/${{ matrix.release }} git+https://github.com/openstack/heat-dashboard.git@stable/${{ matrix.release }} git+https://github.com/openstack/ironic-ui.git@stable/${{ matrix.release }} git+https://github.com/vexxhost/magnum-ui.git@stable/${{ matrix.release }} git+https://github.com/openstack/neutron-vpnaas-dashboard.git@stable/${{ matrix.release }} git+https://github.com/openstack/octavia-dashboard.git@stable/${{ matrix.release }} git+https://github.com/openstack/senlin-dashboard.git@stable/${{ matrix.release }} git+https://github.com/openstack/monasca-ui.git@stable/${{ matrix.release }} git+https://github.com/openstack/manila-ui.git@stable/${{ matrix.release }}",
"ironic": "python-dracclient sushy",
- "magnum": "magnum-cluster-api==0.5.0",
+ "magnum": "magnum-cluster-api==0.5.1",
"monasca-agent": "libvirt-python python-glanceclient python-neutronclient python-novaclient py3nvml",
"neutron": "neutron-vpnaas",
"placement": "httplib2",
diff --git a/roles/barbican/tasks/main.yml b/roles/barbican/tasks/main.yml
index ebf57b6..fd40051 100644
--- a/roles/barbican/tasks/main.yml
+++ b/roles/barbican/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/ceph_csi_rbd/tasks/main.yml b/roles/ceph_csi_rbd/tasks/main.yml
index 04826e5..f992364 100644
--- a/roles/ceph_csi_rbd/tasks/main.yml
+++ b/roles/ceph_csi_rbd/tasks/main.yml
@@ -64,6 +64,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -75,6 +76,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml
index f20b1c6..89bdee3 100644
--- a/roles/cert_manager/tasks/main.yml
+++ b/roles/cert_manager/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/cinder/tasks/main.yml b/roles/cinder/tasks/main.yml
index e52eaf7..540f7e5 100644
--- a/roles/cinder/tasks/main.yml
+++ b/roles/cinder/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/coredns/tasks/main.yml b/roles/coredns/tasks/main.yml
index 2510fe2..c3fe1a2 100644
--- a/roles/coredns/tasks/main.yml
+++ b/roles/coredns/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index c692130..d98a8c8 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -103,6 +103,7 @@
loki: docker.io/grafana/loki:2.7.3
loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine
magnum_api: quay.io/vexxhost/magnum:zed
+ magnum_cluster_api_proxy: quay.io/vexxhost/magnum:zed
magnum_conductor: quay.io/vexxhost/magnum:zed
magnum_db_sync: quay.io/vexxhost/magnum:zed
magnum_registry: docker.io/library/registry:2.7.1
diff --git a/roles/designate/tasks/main.yml b/roles/designate/tasks/main.yml
index bd8e0a2..b951822 100644
--- a/roles/designate/tasks/main.yml
+++ b/roles/designate/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/glance/tasks/main.yml b/roles/glance/tasks/main.yml
index f3ff7d5..3c4ce3c 100644
--- a/roles/glance/tasks/main.yml
+++ b/roles/glance/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/heat/tasks/main.yml b/roles/heat/tasks/main.yml
index 11adf1e..961f4e0 100644
--- a/roles/heat/tasks/main.yml
+++ b/roles/heat/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/horizon/tasks/main.yml b/roles/horizon/tasks/main.yml
index 5404637..dc980de 100644
--- a/roles/horizon/tasks/main.yml
+++ b/roles/horizon/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/ingress_nginx/tasks/main.yml b/roles/ingress_nginx/tasks/main.yml
index 4595d4c..88410b1 100644
--- a/roles/ingress_nginx/tasks/main.yml
+++ b/roles/ingress_nginx/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index 4bc689e..75e2e49 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/kube_prometheus_stack/tasks/main.yml b/roles/kube_prometheus_stack/tasks/main.yml
index 3d4bd07..d2f1f2c 100644
--- a/roles/kube_prometheus_stack/tasks/main.yml
+++ b/roles/kube_prometheus_stack/tasks/main.yml
@@ -45,6 +45,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -56,6 +57,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/libvirt/tasks/main.yml b/roles/libvirt/tasks/main.yml
index f941b64..8c66d1f 100644
--- a/roles/libvirt/tasks/main.yml
+++ b/roles/libvirt/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/magnum/tasks/main.yml b/roles/magnum/tasks/main.yml
index c546565..d364282 100644
--- a/roles/magnum/tasks/main.yml
+++ b/roles/magnum/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -101,6 +103,81 @@
kubeconfig: /etc/kubernetes/admin.conf
values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"
+- name: Deploy "magnum-cluster-api-proxy"
+ run_once: true
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ - apiVerison: v1
+ kind: ConfigMap
+ metadata:
+ name: magnum-cluster-api-proxy-config
+ namespace: "{{ magnum_helm_release_namespace }}"
+ data:
+ magnum_capi_sudoers: |
+ Defaults !requiretty
+ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
+ magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
+
+ - apiVersion: apps/v1
+ kind: DaemonSet
+ metadata:
+ name: magnum-cluster-api-proxy
+ namespace: openstack
+ labels:
+ application: magnum
+ component: cluster-api-proxy
+ spec:
+ selector:
+ matchLabels:
+ application: magnum
+ component: cluster-api-proxy
+ template:
+ metadata:
+ labels:
+ application: magnum
+ component: cluster-api-proxy
+ spec:
+ containers:
+ - name: magnum-cluster-api-proxy
+ command: ["magnum-cluster-api-proxy"]
+ image: "{{ atmosphere_images['magnum_cluster_api_proxy'] | vexxhost.kubernetes.docker_image('ref') }}"
+ securityContext:
+ privileged: true
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-run
+ mountPath: /run
+ - name: config
+ mountPath: /etc/sudoers.d/magnum_capi_sudoers
+ subPath: magnum_capi_sudoers
+ readOnly: true
+ - name: haproxy-state
+ mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
+ - name: host-run-netns
+ mountPath: /run/netns
+ mountPropagation: Bidirectional
+ nodeSelector:
+ openstack-control-plane: enabled
+ securityContext:
+ runAsUser: 42424
+ serviceAccountName: magnum-conductor
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: pod-run
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: magnum-cluster-api-proxy-config
+ - name: haproxy-state
+ emptyDir: {}
+ - name: host-run-netns
+ hostPath:
+ path: /run/netns
+
- name: Create Ingress
ansible.builtin.include_role:
name: openstack_helm_ingress
diff --git a/roles/memcached/tasks/main.yml b/roles/memcached/tasks/main.yml
index d941a98..6590351 100644
--- a/roles/memcached/tasks/main.yml
+++ b/roles/memcached/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/neutron/tasks/main.yml b/roles/neutron/tasks/main.yml
index 2b53912..18266f6 100644
--- a/roles/neutron/tasks/main.yml
+++ b/roles/neutron/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/node_feature_discovery/tasks/main.yml b/roles/node_feature_discovery/tasks/main.yml
index 3e7a2dc..ca39131 100644
--- a/roles/node_feature_discovery/tasks/main.yml
+++ b/roles/node_feature_discovery/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/nova/tasks/main.yml b/roles/nova/tasks/main.yml
index f1d868e..eb7df76 100644
--- a/roles/nova/tasks/main.yml
+++ b/roles/nova/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index 712242a..820b12c 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -80,8 +80,6 @@
max_instances_per_host: 200
glance:
enable_rbd_download: true
- libvirt:
- volume_use_multipath: true
neutron:
metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
oslo_messaging_notifications:
diff --git a/roles/octavia/tasks/main.yml b/roles/octavia/tasks/main.yml
index a807dee..811f24c 100644
--- a/roles/octavia/tasks/main.yml
+++ b/roles/octavia/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/openvswitch/tasks/main.yml b/roles/openvswitch/tasks/main.yml
index c4ca63b..bcc78ea 100644
--- a/roles/openvswitch/tasks/main.yml
+++ b/roles/openvswitch/tasks/main.yml
@@ -32,6 +32,7 @@
delegate_to: "{{ groups['controllers'][0] }}"
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -43,6 +44,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/percona_xtradb_cluster_operator/tasks/main.yml b/roles/percona_xtradb_cluster_operator/tasks/main.yml
index 19cab59..9bb0d95 100644
--- a/roles/percona_xtradb_cluster_operator/tasks/main.yml
+++ b/roles/percona_xtradb_cluster_operator/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/placement/tasks/main.yml b/roles/placement/tasks/main.yml
index d338ebe..ebc90a0 100644
--- a/roles/placement/tasks/main.yml
+++ b/roles/placement/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/prometheus_pushgateway/tasks/main.yml b/roles/prometheus_pushgateway/tasks/main.yml
index f617f14..4c65c88 100644
--- a/roles/prometheus_pushgateway/tasks/main.yml
+++ b/roles/prometheus_pushgateway/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/rabbitmq_cluster_operator/tasks/main.yml b/roles/rabbitmq_cluster_operator/tasks/main.yml
index 583f964..42068eb 100644
--- a/roles/rabbitmq_cluster_operator/tasks/main.yml
+++ b/roles/rabbitmq_cluster_operator/tasks/main.yml
@@ -19,6 +19,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -30,6 +31,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
diff --git a/roles/senlin/tasks/main.yml b/roles/senlin/tasks/main.yml
index 673d308..a76587f 100644
--- a/roles/senlin/tasks/main.yml
+++ b/roles/senlin/tasks/main.yml
@@ -16,6 +16,7 @@
run_once: true
block:
- name: Suspend the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
@@ -27,6 +28,7 @@
suspend: true
- name: Remove the existing HelmRelease
+ failed_when: false
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1