Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / f1ca5296d378162089973be496d7cb41cd5aa097 / . / roles / magnum / tasks / main.yml
blob: 785be090c6fbaabe69c9ae73ce00db49a876a14c [file] [log] [blame]
# Copyright (c) 2022 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# NOTE(mnaser): We should get rid of this task eventually as it is suspending
# the old HelmRelease and removing it to avoid uninstalling the
# Helm chart.
- name: Uninstall the legacy HelmRelease
run_once: true
block:
- name: Suspend the existing HelmRelease
kubernetes.core.k8s:
state: patched
api_version: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: "{{ magnum_helm_release_name }}"
namespace: "{{ magnum_helm_release_namespace }}"
definition:
spec:
suspend: true
- name: Remove the existing HelmRelease
kubernetes.core.k8s:
state: absent
api_version: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: "{{ magnum_helm_release_name }}"
namespace: "{{ magnum_helm_release_namespace }}"
- name: Install "clusterctl"
ansible.builtin.get_url:
url: "{{ magnum_clusterctl_url }}"
dest: /usr/local/bin/clusterctl
mode: 0755
owner: root
group: root
- name: Create a configuration file
ansible.builtin.copy:
content: "{{ magnum_clusterctl_config | to_nice_yaml }}"
dest: "{{ magnum_clusterctl_config_file }}"
mode: 0644
owner: root
group: root
- name: Initialize the management cluster
run_once: true
changed_when: false
ansible.builtin.command: |
clusterctl init \
--config {{ magnum_clusterctl_config_file }} \
--core cluster-api:v1.3.3 \
--bootstrap kubeadm:v1.3.3 \
--control-plane kubeadm:v1.3.3 \
--infrastructure openstack:v0.7.1
environment:
CLUSTER_TOPOLOGY: "true"
EXP_CLUSTER_RESOURCE_SET: "true"
- name: Deploy Cluster API for Magnum RBAC
kubernetes.core.k8s:
state: present
definition:
- apiVersion: v1
kind: Namespace
metadata:
name: magnum-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: magnum-cluster-api
namespace: magnum-system
rules:
- apiGroups: [""]
resources: [namespaces]
verbs: [patch]
- apiGroups: [""]
resources: [configmaps, secrets]
verbs: [create, update, patch, get, delete]
- apiGroups: [cluster.x-k8s.io]
resources: [clusters]
verbs: [create, update, patch, get, delete]
- apiGroups: [cluster.x-k8s.io]
resources: [clusterclasses]
verbs: [create, update, patch]
- apiGroups: [cluster.x-k8s.io]
resources: [machinedeployments]
verbs: [list, patch]
- apiGroups: [bootstrap.cluster.x-k8s.io]
resources: [kubeadmconfigtemplates]
verbs: [create, update, patch]
- apiGroups: [controlplane.cluster.x-k8s.io]
resources: [kubeadmcontrolplanes]
verbs: [list]
- apiGroups: [controlplane.cluster.x-k8s.io]
resources: [kubeadmcontrolplanetemplates]
verbs: [create, update, patch]
- apiGroups: [infrastructure.cluster.x-k8s.io]
resources: [openstackclustertemplates, openstackmachinetemplates]
verbs: [create, update, patch]
- apiGroups: [addons.cluster.x-k8s.io]
resources: [clusterresourcesets]
verbs: [create, update, patch, delete]
- apiGroups: [source.toolkit.fluxcd.io]
resources: [helmrepositories]
verbs: [create, update, patch, delete]
- apiGroups: [helm.toolkit.fluxcd.io]
resources: [helmreleases]
verbs: [create, update, patch, delete]
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: magnum-cluster-api
namespace: magnum-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: magnum-cluster-api
subjects:
- kind: ServiceAccount
name: magnum-conductor
namespace: "{{ magnum_helm_release_namespace }}"
- name: Deploy Helm chart
run_once: true
kubernetes.core.helm:
name: "{{ magnum_helm_release_name }}"
chart_ref: "{{ magnum_helm_chart_ref }}"
release_namespace: "{{ magnum_helm_release_namespace }}"
create_namespace: true
kubeconfig: /etc/kubernetes/admin.conf
values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"
- name: Create Ingress
ansible.builtin.include_role:
name: openstack_helm_ingress
vars:
openstack_helm_ingress_endpoint: container_infra
openstack_helm_ingress_service_name: magnum-api
openstack_helm_ingress_service_port: 9511
openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
- name: Deploy magnum registry
run_once: true
kubernetes.core.k8s:
state: present
definition:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
application: magnum
component: registry
name: magnum-registry
namespace: "{{ magnum_helm_release_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
- apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application: magnum
component: registry
name: magnum-registry
namespace: "{{ magnum_helm_release_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
application: magnum
component: registry
strategy:
type: Recreate
template:
metadata:
labels:
application: magnum
component: registry
spec:
containers:
- name: registry
env:
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: /var/lib/registry
- name: REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED
value: "true"
image: "{{ atmosphere_images['magnum_registry'] | vexxhost.atmosphere.docker_image('ref') }}"
ports:
- containerPort: 5000
name: registry
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 5000
scheme: HTTP
readinessProbe:
httpGet:
path: /
port: 5000
scheme: HTTP
volumeMounts:
- mountPath: /var/lib/registry
name: magnum-registry
nodeSelector:
openstack-control-plane: enabled
volumes:
- name: magnum-registry
persistentVolumeClaim:
claimName: magnum-registry
- apiVersion: v1
kind: Service
metadata:
labels:
application: magnum
component: registry
name: magnum-registry
namespace: "{{ magnum_helm_release_namespace }}"
spec:
ports:
- name: magnum
port: 5000
protocol: TCP
targetPort: 5000
selector:
application: magnum
component: registry
type: ClusterIP
- apiVersion: batch/v1
kind: Job
metadata:
name: magnum-registry-init
namespace: "{{ magnum_helm_release_namespace }}"
labels:
application: magnum
component: registry
spec:
backoffLimit: 5
template:
metadata:
labels:
application: magnum
spec:
restartPolicy: OnFailure
containers:
- name: loader
image: "{{ atmosphere_images['magnum_api'] | vexxhost.atmosphere.docker_image('ref') }}"
command:
- magnum-cluster-api-image-loader
- --insecure
- --repository
- magnum-registry.openstack.svc.cluster.local:5000
nodeSelector:
openstack-control-plane: enabled
- name: Create magnum registry Ingress
ansible.builtin.include_role:
name: openstack_helm_ingress
vars:
openstack_helm_ingress_endpoint: container_infra_registry
openstack_helm_ingress_service_name: magnum-registry
openstack_helm_ingress_service_port: 5000
openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"
- name: Upload images
ansible.builtin.include_role:
name: glance_image
loop: "{{ magnum_images }}"
vars:
glance_image_name: "{{ item.name }}"
glance_image_url: "{{ item.url }}"
glance_image_container_format: "{{ magnum_image_container_format }}"
glance_image_disk_format: "{{ magnum_image_disk_format }}"
glance_image_properties:
os_distro: "{{ item.distro }}"