Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 1cec107d80a66407870a5eb93b5f957f21ac889c / . / roles / magnum / tasks / main.yml
blob: 93fbf7b3f41d7a916ddeba32d22be59ac80343ac [file] [log] [blame]
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]15# NOTE(mnaser): We should get rid of this task eventually as it is suspending
16# the old HelmRelease and removing it to avoid uninstalling the
17# Helm chart.
18- name: Uninstall the legacy HelmRelease
19 run_once: true
20 block:
21 - name: Suspend the existing HelmRelease
22 kubernetes.core.k8s:
23 state: patched
24 api_version: helm.toolkit.fluxcd.io/v2beta1
25 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]26 name: "{{ magnum_helm_release_name }}"
27 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]28 definition:
29 spec:
30 suspend: true
31
32 - name: Remove the existing HelmRelease
33 kubernetes.core.k8s:
34 state: absent
35 api_version: helm.toolkit.fluxcd.io/v2beta1
36 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]37 name: "{{ magnum_helm_release_name }}"
38 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]39
Mohammed Naser65850fd2023-02-22 21:36:27 -0500[diff] [blame]40- name: Install "clusterctl"
41 ansible.builtin.get_url:
42 url: "{{ magnum_clusterctl_url }}"
43 dest: /usr/local/bin/clusterctl
44 mode: 0755
45 owner: root
46 group: root
47
48- name: Create a configuration file
49 ansible.builtin.copy:
50 content: "{{ magnum_clusterctl_config | to_nice_yaml }}"
51 dest: "{{ magnum_clusterctl_config_file }}"
52 mode: 0644
53 owner: root
54 group: root
55
56- name: Initialize the management cluster
okozachenko120319b530e2023-01-27 23:52:04 +1100[diff] [blame]57 run_once: true
okozachenko12035b9d0f12023-01-28 01:24:40 +1100[diff] [blame]58 changed_when: false
Mohammed Naser65850fd2023-02-22 21:36:27 -0500[diff] [blame]59 ansible.builtin.command: |
60 clusterctl init \
61 --config {{ magnum_clusterctl_config_file }} \
62 --core cluster-api:v1.3.3 \
63 --bootstrap kubeadm:v1.3.3 \
64 --control-plane kubeadm:v1.3.3 \
65 --infrastructure openstack:v0.7.0
66 environment:
67 CLUSTER_TOPOLOGY: "true"
68 EXP_CLUSTER_RESOURCE_SET: "true"
okozachenko120319b530e2023-01-27 23:52:04 +1100[diff] [blame]69
Mohammed Naser7943cf82023-02-23 04:31:30 +0000[diff] [blame]70- name: Deploy Cluster API for Magnum RBAC
71 kubernetes.core.k8s:
72 state: present
73 definition:
74 - apiVersion: v1
75 kind: Namespace
76 metadata:
77 name: magnum-system
78
79 - apiVersion: rbac.authorization.k8s.io/v1
80 kind: Role
81 metadata:
82 name: magnum-cluster-api
83 namespace: magnum-system
84 rules:
85 - apiGroups: [""]
86 resources: [namespaces]
87 verbs: [patch]
88 - apiGroups: [""]
89 resources: [configmaps, secrets]
90 verbs: [create, update, patch, get, delete]
91 - apiGroups: [cluster.x-k8s.io]
92 resources: [clusters]
93 verbs: [create, update, patch, get, delete]
94 - apiGroups: [cluster.x-k8s.io]
95 resources: [clusterclasses]
96 verbs: [create, update, patch]
97 - apiGroups: [cluster.x-k8s.io]
98 resources: [machinedeployments]
99 verbs: [list, patch]
100 - apiGroups: [bootstrap.cluster.x-k8s.io]
101 resources: [kubeadmconfigtemplates]
102 verbs: [create, update, patch]
103 - apiGroups: [controlplane.cluster.x-k8s.io]
104 resources: [kubeadmcontrolplanes]
105 verbs: [list]
106 - apiGroups: [controlplane.cluster.x-k8s.io]
107 resources: [kubeadmcontrolplanetemplates]
108 verbs: [create, update, patch]
109 - apiGroups: [infrastructure.cluster.x-k8s.io]
110 resources: [openstackclustertemplates, openstackmachinetemplates]
111 verbs: [create, update, patch]
112 - apiGroups: [addons.cluster.x-k8s.io]
113 resources: [clusterresourcesets]
114 verbs: [create, update, patch, delete]
115 - apiGroups: [source.toolkit.fluxcd.io]
116 resources: [helmrepositories]
117 verbs: [create, update, patch, delete]
118 - apiGroups: [helm.toolkit.fluxcd.io]
119 resources: [helmreleases]
120 verbs: [create, update, patch, delete]
121
122 - apiVersion: rbac.authorization.k8s.io/v1
123 kind: RoleBinding
124 metadata:
125 name: magnum-cluster-api
126 namespace: magnum-system
127 roleRef:
128 apiGroup: rbac.authorization.k8s.io
129 kind: Role
130 name: magnum-cluster-api
131 subjects:
132 - kind: ServiceAccount
133 name: magnum-conductor
134 namespace: "{{ magnum_helm_release_namespace }}"
135
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]136- name: Deploy Helm chart
137 run_once: true
138 kubernetes.core.helm:
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]139 name: "{{ magnum_helm_release_name }}"
140 chart_ref: "{{ magnum_helm_chart_ref }}"
141 release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +0000[diff] [blame]142 create_namespace: true
143 kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]144 values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]145
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000[diff] [blame]146- name: Create Ingress
147 ansible.builtin.include_role:
148 name: openstack_helm_ingress
149 vars:
150 openstack_helm_ingress_endpoint: container_infra
151 openstack_helm_ingress_service_name: magnum-api
152 openstack_helm_ingress_service_port: 9511
Mohammed Naser2145fc32023-01-29 23:23:03 +0000[diff] [blame]153 openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000[diff] [blame]154
okozachenko120319b530e2023-01-27 23:52:04 +1100[diff] [blame]155- name: Deploy magnum registry
Mohammed Naser65850fd2023-02-22 21:36:27 -0500[diff] [blame]156 run_once: true
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]157 kubernetes.core.k8s:
158 state: present
159 definition:
160 - apiVersion: v1
161 kind: PersistentVolumeClaim
162 metadata:
163 labels:
164 application: magnum
165 component: registry
166 name: magnum-registry
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]167 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]168 spec:
169 accessModes:
170 - ReadWriteOnce
171 resources:
172 requests:
173 storage: 50Gi
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]174
175 - apiVersion: apps/v1
176 kind: Deployment
177 metadata:
178 labels:
179 application: magnum
180 component: registry
181 name: magnum-registry
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]182 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]183 spec:
184 replicas: 1
185 selector:
186 matchLabels:
187 application: magnum
188 component: registry
189 strategy:
190 type: Recreate
191 template:
192 metadata:
193 labels:
194 application: magnum
195 component: registry
196 spec:
197 containers:
198 - name: registry
199 env:
200 - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
201 value: /var/lib/registry
202 - name: REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED
203 value: "true"
Michiel Piscaer60d09f92023-01-20 18:58:55 +0100[diff] [blame]204 image: "{{ atmosphere_images['magnum_registry'] | vexxhost.atmosphere.docker_image('ref') }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]205 ports:
206 - containerPort: 5000
207 name: registry
208 protocol: TCP
209 livenessProbe:
210 httpGet:
211 path: /
212 port: 5000
213 scheme: HTTP
214 readinessProbe:
215 httpGet:
216 path: /
217 port: 5000
218 scheme: HTTP
219 volumeMounts:
220 - mountPath: /var/lib/registry
221 name: magnum-registry
222 nodeSelector:
223 openstack-control-plane: enabled
224 volumes:
225 - name: magnum-registry
226 persistentVolumeClaim:
227 claimName: magnum-registry
228
229 - apiVersion: v1
230 kind: Service
231 metadata:
232 labels:
233 application: magnum
234 component: registry
235 name: magnum-registry
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]236 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]237 spec:
238 ports:
239 - name: magnum
240 port: 5000
241 protocol: TCP
242 targetPort: 5000
243 selector:
244 application: magnum
245 component: registry
246 type: ClusterIP
247
248 - apiVersion: batch/v1
249 kind: Job
250 metadata:
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]251 name: magnum-registry-init
252 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]253 labels:
254 application: magnum
255 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]256 spec:
257 backoffLimit: 5
258 template:
259 metadata:
260 labels:
261 application: magnum
262 spec:
263 restartPolicy: OnFailure
264 containers:
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]265 - name: loader
266 image: "{{ atmosphere_images['magnum_api'] | vexxhost.atmosphere.docker_image('ref') }}"
267 command:
268 - magnum-cluster-api-image-loader
269 - --insecure
270 - --repository
271 - magnum-registry.openstack.svc.cluster.local:5000
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]272 nodeSelector:
273 openstack-control-plane: enabled
274
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]275- name: Create magnum registry Ingress
276 ansible.builtin.include_role:
277 name: openstack_helm_ingress
278 vars:
279 openstack_helm_ingress_endpoint: container_infra_registry
280 openstack_helm_ingress_service_name: magnum-registry
281 openstack_helm_ingress_service_port: 5000
Mohammed Naser756b7172023-02-03 04:01:53 +0000[diff] [blame]282 openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500[diff] [blame]283
Mohammed Naser4b630042023-02-07 20:47:45 +0000[diff] [blame]284- name: Upload images
285 ansible.builtin.include_role:
286 name: glance_image
287 loop: "{{ magnum_images }}"
288 vars:
289 glance_image_name: "{{ item.name }}"
290 glance_image_url: "{{ item.url }}"
291 glance_image_container_format: "{{ magnum_image_container_format }}"
292 glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser38a74382023-02-07 22:48:11 +0000[diff] [blame]293 glance_image_properties:
294 os_distro: "{{ item.distro }}"