Blame - roles/keepalived/tasks/main.yml - atmosphere

blob: c97d66b9092c9c5148133edf419452cb27b5262e [file] [log] [blame]

okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
				15	- name: Create Secret
				16	kubernetes.core.k8s:
				17	state: present
				18	definition:
				19	apiVersion: v1
				20	kind: Secret
				21	metadata:
				22	name: keepalived-etc
				23	namespace: openstack
				24	stringData:
				25	keepalived.conf: \|
				26	global_defs {
				27	default_interface {{ keepalived_interface }}
				28	}
				29
				30	vrrp_instance VI_1 {
				31	interface {{ keepalived_interface }}
				32
				33	state BACKUP
				34	virtual_router_id {{ keepalived_vrid }}
				35	priority 150
				36	nopreempt
				37
				38	virtual_ipaddress {
				39	{{ keepalived_vip }}
				40	}
				41
				42	authentication {
				43	auth_type PASS
				44	auth_pass {{ keepalived_password }}
				45	}
				46	}
				47
				48	- name: Create ConfigMap
				49	kubernetes.core.k8s:
				50	state: present
				51	definition:
				52	apiVersion: v1
				53	kind: ConfigMap
				54	metadata:
				55	name: keepalived-bin
				56	namespace: openstack
				57	data:
				58	wait-for-ip.sh: \|
				59	#!/bin/sh -x
				60
				61	while true; do
				62	ip -4 addr list dev {{ keepalived_interface }} \| grep {{ keepalived_interface }}
				63
				64	# We detected an IP address
				65	if [ $? -eq 0 ]; then
				66	break
				67	fi
				68
				69	sleep 1
				70	done
				71
				72	- name: Create Role
				73	kubernetes.core.k8s:
				74	state: present
				75	definition:
				76	apiVersion: rbac.authorization.k8s.io/v1
				77	kind: Role
				78	metadata:
				79	name: keepalived
				80	namespace: openstack
				81	rules:
				82	- apiGroups:
				83	- ""
				84	resources:
				85	- pods
				86	verbs:
				87	- list
				88	- get
				89
				90	- name: Create ServiceAccount
				91	kubernetes.core.k8s:
				92	state: present
				93	definition:
				94	apiVersion: v1
				95	automountServiceAccountToken: true
				96	kind: ServiceAccount
				97	metadata:
				98	name: keepalived
				99	namespace: openstack
				100
				101	- name: Create ServiceAccount
				102	kubernetes.core.k8s:
				103	state: present
				104	definition:
				105	apiVersion: rbac.authorization.k8s.io/v1
				106	kind: RoleBinding
				107	metadata:
				108	name: keepalived
				109	namespace: openstack
				110	roleRef:
				111	apiGroup: rbac.authorization.k8s.io
				112	kind: Role
				113	name: keepalived
				114	subjects:
				115	- kind: ServiceAccount
				116	name: keepalived
				117	namespace: openstack
				118
				119	- name: Create DaemonSet
				120	kubernetes.core.k8s:
				121	state: present
				122	definition:
				123	apiVersion: apps/v1
				124	kind: DaemonSet
				125	metadata:
				126	name: keepalived
				127	namespace: openstack
				128	spec:
				129	selector:
				130	matchLabels:
				131	application: keepalived
				132	template:
				133	metadata:
				134	labels:
				135	application: keepalived
				136	spec:
				137	automountServiceAccountToken: true
				138	initContainers:
				139	- name: init
				140	image: "{{ keepalived_image_repository }}/kubernetes-entrypoint:latest"
				141	env:
				142	- name: NAMESPACE
				143	valueFrom:
				144	fieldRef:
				145	apiVersion: v1
				146	fieldPath: metadata.namespace
				147	- name: POD_NAME
				148	valueFrom:
				149	fieldRef:
				150	apiVersion: v1
				151	fieldPath: metadata.name
				152	- name: DEPENDENCY_POD_JSON
				153	value: '[{"labels":{"application":"neutron","component":"neutron-ovs-agent"},"requireSameNode":true}]'
				154	- name: wait-for-ip
				155	image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}"
				156	command:
				157	- /bin/wait-for-ip.sh
				158	volumeMounts:
				159	- mountPath: /bin/wait-for-ip.sh
				160	mountPropagation: None
				161	name: keepalived-bin
				162	readOnly: true
				163	subPath: wait-for-ip.sh
				164	containers:
				165	- name: keepalived
				166	image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}"
				167	command:
				168	- keepalived
				169	- -f
				170	- /etc/keepalived/keepalived.conf
				171	- --dont-fork
				172	- --log-console
				173	- --log-detail
				174	- --dump-conf
				175	securityContext:
				176	allowPrivilegeEscalation: true
				177	capabilities:
				178	add:
				179	- NET_ADMIN
				180	- NET_BROADCAST
				181	- NET_RAW
				182	volumeMounts:
				183	- mountPath: /etc/keepalived
				184	mountPropagation: None
				185	name: keepalived-etc
				186	readOnly: true
				187	hostNetwork: true
				188	nodeSelector:
				189	openstack-control-plane: enabled
				190	serviceAccountName: keepalived
				191	volumes:
				192	- name: keepalived-etc
				193	secret:
				194	optional: false
				195	secretName: keepalived-etc
				196	- configMap:
				197	defaultMode: 0755
				198	name: keepalived-bin
				199	optional: false
				200	name: keepalived-bin