Blame - roles/keepalived/tasks/main.yml - atmosphere

blob: 4eff1796593717f1b7860a4c19c31b6420139945 [file] [log] [blame]

okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	15	- name: Deploy service
Mohammed Naser	956d49c	2022-04-29 11:20:05 -0400	[diff] [blame]	16	when: keepalived_enabled \| bool
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	17	kubernetes.core.k8s:
				18	state: present
				19	definition:
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	20	- apiVersion: v1
				21	kind: Secret
				22	metadata:
				23	name: keepalived-etc
				24	namespace: openstack
				25	stringData:
				26	keepalived.conf: \|
				27	global_defs {
				28	default_interface {{ keepalived_interface }}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	29	}
				30
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	31	vrrp_instance VI_1 {
				32	interface {{ keepalived_interface }}
				33
				34	state BACKUP
				35	virtual_router_id {{ keepalived_vrid }}
				36	priority 150
				37	nopreempt
				38
				39	virtual_ipaddress {
				40	{{ keepalived_vip }}
				41	}
				42
				43	authentication {
				44	auth_type PASS
				45	auth_pass {{ keepalived_password }}
				46	}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	47	}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	48
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	49	- apiVersion: v1
				50	kind: ConfigMap
				51	metadata:
				52	name: keepalived-bin
				53	namespace: openstack
				54	data:
				55	wait-for-ip.sh: \|
				56	#!/bin/sh -x
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	57
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	58	while true; do
				59	ip -4 addr list dev {{ keepalived_interface }} \| grep {{ keepalived_interface }}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	60
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	61	# We detected an IP address
				62	if [ $? -eq 0 ]; then
				63	break
				64	fi
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	65
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	66	sleep 1
				67	done
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	68
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	69	- apiVersion: rbac.authorization.k8s.io/v1
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	70	kind: Role
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	71	metadata:
				72	name: keepalived
				73	namespace: openstack
				74	rules:
				75	- apiGroups:
				76	- ""
				77	resources:
				78	- pods
				79	verbs:
				80	- list
				81	- get
				82
				83	- apiVersion: v1
				84	automountServiceAccountToken: true
				85	kind: ServiceAccount
				86	metadata:
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	87	name: keepalived
				88	namespace: openstack
				89
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	90	- apiVersion: rbac.authorization.k8s.io/v1
				91	kind: RoleBinding
				92	metadata:
				93	name: keepalived
				94	namespace: openstack
				95	roleRef:
				96	apiGroup: rbac.authorization.k8s.io
				97	kind: Role
				98	name: keepalived
				99	subjects:
				100	- kind: ServiceAccount
				101	name: keepalived
				102	namespace: openstack
				103
				104	- apiVersion: apps/v1
				105	kind: DaemonSet
				106	metadata:
				107	name: keepalived
				108	namespace: openstack
				109	spec:
				110	selector:
				111	matchLabels:
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	112	application: keepalived
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	113	template:
				114	metadata:
				115	labels:
				116	application: keepalived
				117	spec:
				118	automountServiceAccountToken: true
				119	initContainers:
				120	- name: init
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	121	image: "{{ atmosphere_images['dep_check'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	122	env:
				123	- name: NAMESPACE
				124	valueFrom:
				125	fieldRef:
				126	apiVersion: v1
				127	fieldPath: metadata.namespace
				128	- name: POD_NAME
				129	valueFrom:
				130	fieldRef:
				131	apiVersion: v1
				132	fieldPath: metadata.name
				133	- name: DEPENDENCY_POD_JSON
Mohammed Naser	1d75a92	2023-07-23 19:24:49 +0000	[diff] [blame]	134	value: "{{ keepalived_pod_dependency[atmosphere_network_backend] \| to_json }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	135	- name: wait-for-ip
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	136	image: "{{ atmosphere_images['keepalived'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	137	command:
				138	- /bin/wait-for-ip.sh
				139	volumeMounts:
				140	- mountPath: /bin/wait-for-ip.sh
				141	mountPropagation: None
				142	name: keepalived-bin
				143	readOnly: true
				144	subPath: wait-for-ip.sh
				145	containers:
				146	- name: keepalived
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	147	image: "{{ atmosphere_images['keepalived'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	148	command:
				149	- keepalived
				150	- -f
				151	- /etc/keepalived/keepalived.conf
				152	- --dont-fork
				153	- --log-console
				154	- --log-detail
				155	- --dump-conf
				156	securityContext:
				157	allowPrivilegeEscalation: true
				158	capabilities:
				159	add:
				160	- NET_ADMIN
				161	- NET_BROADCAST
				162	- NET_RAW
				163	volumeMounts:
				164	- mountPath: /etc/keepalived
				165	mountPropagation: None
				166	name: keepalived-etc
				167	readOnly: true
				168	hostNetwork: true
				169	nodeSelector:
				170	openstack-control-plane: enabled
				171	serviceAccountName: keepalived
				172	volumes:
				173	- name: keepalived-etc
				174	secret:
				175	optional: false
				176	secretName: keepalived-etc
				177	- configMap:
Tadas Sutkaitis	4ace418	2023-02-27 04:31:52 +0200	[diff] [blame]	178	defaultMode: 0755 # noqa: yaml[octal-values]
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	179	name: keepalived-bin
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	180	optional: false
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	181	name: keepalived-bin