Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 6d3286ee30c294fa1d20774d6e52c1ae2d088407 / . / roles / keepalived / tasks / main.yml
blob: 8e4a583a0d173c7843eaa5294c7b1ecd5dfe995b [file] [log] [blame]
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Create Secret
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]16 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]17 kubernetes.core.k8s:
18 state: present
19 definition:
20 apiVersion: v1
21 kind: Secret
22 metadata:
23 name: keepalived-etc
24 namespace: openstack
25 stringData:
26 keepalived.conf: |
27 global_defs {
28 default_interface {{ keepalived_interface }}
29 }
30
31 vrrp_instance VI_1 {
32 interface {{ keepalived_interface }}
33
34 state BACKUP
35 virtual_router_id {{ keepalived_vrid }}
36 priority 150
37 nopreempt
38
39 virtual_ipaddress {
40 {{ keepalived_vip }}
41 }
42
43 authentication {
44 auth_type PASS
45 auth_pass {{ keepalived_password }}
46 }
47 }
48
49- name: Create ConfigMap
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]50 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]51 kubernetes.core.k8s:
52 state: present
53 definition:
54 apiVersion: v1
55 kind: ConfigMap
56 metadata:
57 name: keepalived-bin
58 namespace: openstack
59 data:
60 wait-for-ip.sh: |
61 #!/bin/sh -x
62
63 while true; do
64 ip -4 addr list dev {{ keepalived_interface }} | grep {{ keepalived_interface }}
65
66 # We detected an IP address
67 if [ $? -eq 0 ]; then
68 break
69 fi
70
71 sleep 1
72 done
73
74- name: Create Role
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]75 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]76 kubernetes.core.k8s:
77 state: present
78 definition:
79 apiVersion: rbac.authorization.k8s.io/v1
80 kind: Role
81 metadata:
82 name: keepalived
83 namespace: openstack
84 rules:
85 - apiGroups:
86 - ""
87 resources:
88 - pods
89 verbs:
90 - list
91 - get
92
93- name: Create ServiceAccount
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]94 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]95 kubernetes.core.k8s:
96 state: present
97 definition:
98 apiVersion: v1
99 automountServiceAccountToken: true
100 kind: ServiceAccount
101 metadata:
102 name: keepalived
103 namespace: openstack
104
105- name: Create ServiceAccount
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]106 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]107 kubernetes.core.k8s:
108 state: present
109 definition:
110 apiVersion: rbac.authorization.k8s.io/v1
111 kind: RoleBinding
112 metadata:
113 name: keepalived
114 namespace: openstack
115 roleRef:
116 apiGroup: rbac.authorization.k8s.io
117 kind: Role
118 name: keepalived
119 subjects:
120 - kind: ServiceAccount
121 name: keepalived
122 namespace: openstack
123
124- name: Create DaemonSet
Mohammed Naser956d49c2022-04-29 11:20:05 -0400[diff] [blame]125 when: keepalived_enabled | bool
okozachenko85a31332022-04-11 23:34:30 +1000[diff] [blame]126 kubernetes.core.k8s:
127 state: present
128 definition:
129 apiVersion: apps/v1
130 kind: DaemonSet
131 metadata:
132 name: keepalived
133 namespace: openstack
134 spec:
135 selector:
136 matchLabels:
137 application: keepalived
138 template:
139 metadata:
140 labels:
141 application: keepalived
142 spec:
143 automountServiceAccountToken: true
144 initContainers:
145 - name: init
146 image: "{{ keepalived_image_repository }}/kubernetes-entrypoint:latest"
147 env:
148 - name: NAMESPACE
149 valueFrom:
150 fieldRef:
151 apiVersion: v1
152 fieldPath: metadata.namespace
153 - name: POD_NAME
154 valueFrom:
155 fieldRef:
156 apiVersion: v1
157 fieldPath: metadata.name
158 - name: DEPENDENCY_POD_JSON
159 value: '[{"labels":{"application":"neutron","component":"neutron-ovs-agent"},"requireSameNode":true}]'
160 - name: wait-for-ip
161 image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}"
162 command:
163 - /bin/wait-for-ip.sh
164 volumeMounts:
165 - mountPath: /bin/wait-for-ip.sh
166 mountPropagation: None
167 name: keepalived-bin
168 readOnly: true
169 subPath: wait-for-ip.sh
170 containers:
171 - name: keepalived
172 image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}"
173 command:
174 - keepalived
175 - -f
176 - /etc/keepalived/keepalived.conf
177 - --dont-fork
178 - --log-console
179 - --log-detail
180 - --dump-conf
181 securityContext:
182 allowPrivilegeEscalation: true
183 capabilities:
184 add:
185 - NET_ADMIN
186 - NET_BROADCAST
187 - NET_RAW
188 volumeMounts:
189 - mountPath: /etc/keepalived
190 mountPropagation: None
191 name: keepalived-etc
192 readOnly: true
193 hostNetwork: true
194 nodeSelector:
195 openstack-control-plane: enabled
196 serviceAccountName: keepalived
197 volumes:
198 - name: keepalived-etc
199 secret:
200 optional: false
201 secretName: keepalived-etc
202 - configMap:
203 defaultMode: 0755
204 name: keepalived-bin
205 optional: false
206 name: keepalived-bin