blob: 4805cbc841279f96b761c93c2fd3a6413c0d82ce [file] [log] [blame]
Mohammed Naser096ade02022-12-15 09:53:33 -05001# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naser7943cf82023-02-23 04:31:30 +000015- name: Deploy Cluster API for Magnum RBAC
16 kubernetes.core.k8s:
17 state: present
18 definition:
19 - apiVersion: v1
20 kind: Namespace
21 metadata:
22 name: magnum-system
23
Mohammed Naser15882362023-04-04 20:38:56 +000024 # TODO(mnaser): This should be removed once we have a proper Helm chart
25 # for Cluster API for Magnum.
Mohammed Naser7943cf82023-02-23 04:31:30 +000026 - apiVersion: rbac.authorization.k8s.io/v1
Mohammed Naser15882362023-04-04 20:38:56 +000027 kind: ClusterRoleBinding
Mohammed Naser7943cf82023-02-23 04:31:30 +000028 metadata:
29 name: magnum-cluster-api
Mohammed Naser7943cf82023-02-23 04:31:30 +000030 roleRef:
31 apiGroup: rbac.authorization.k8s.io
Mohammed Naser15882362023-04-04 20:38:56 +000032 kind: ClusterRole
33 name: cluster-admin
Mohammed Naser7943cf82023-02-23 04:31:30 +000034 subjects:
35 - kind: ServiceAccount
36 name: magnum-conductor
37 namespace: "{{ magnum_helm_release_namespace }}"
38
Mohammed Naserfef69422023-01-18 02:38:06 +000039- name: Deploy Helm chart
40 run_once: true
41 kubernetes.core.helm:
Mohammed Naser2145fc32023-01-29 23:23:03 +000042 name: "{{ magnum_helm_release_name }}"
43 chart_ref: "{{ magnum_helm_chart_ref }}"
44 release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +000045 create_namespace: true
Austin Talbot78a774a2024-09-25 10:15:36 -060046 kubeconfig: "{{ magnum_helm_kubeconfig }}"
Mohammed Naser2145fc32023-01-29 23:23:03 +000047 values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser096ade02022-12-15 09:53:33 -050048
Mohammed Naserf0314a82023-04-11 18:53:30 +000049- name: Deploy "magnum-cluster-api-proxy"
50 run_once: true
51 kubernetes.core.k8s:
52 state: present
53 definition:
54 - apiVerison: v1
55 kind: ConfigMap
56 metadata:
57 name: magnum-cluster-api-proxy-config
58 namespace: "{{ magnum_helm_release_namespace }}"
59 data:
60 magnum_capi_sudoers: |
61 Defaults !requiretty
62 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
63 magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
64
65 - apiVersion: apps/v1
66 kind: DaemonSet
67 metadata:
68 name: magnum-cluster-api-proxy
69 namespace: openstack
70 labels:
71 application: magnum
72 component: cluster-api-proxy
73 spec:
74 selector:
75 matchLabels:
76 application: magnum
77 component: cluster-api-proxy
78 template:
79 metadata:
80 labels:
81 application: magnum
82 component: cluster-api-proxy
83 spec:
84 containers:
85 - name: magnum-cluster-api-proxy
86 command: ["magnum-cluster-api-proxy"]
87 image: "{{ atmosphere_images['magnum_cluster_api_proxy'] | vexxhost.kubernetes.docker_image('ref') }}"
88 securityContext:
89 privileged: true
90 readOnlyRootFilesystem: true
91 volumeMounts:
92 - name: pod-tmp
93 mountPath: /tmp
94 - name: pod-run
95 mountPath: /run
96 - name: config
97 mountPath: /etc/sudoers.d/magnum_capi_sudoers
98 subPath: magnum_capi_sudoers
99 readOnly: true
100 - name: haproxy-state
101 mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
102 - name: host-run-netns
103 mountPath: /run/netns
104 mountPropagation: Bidirectional
Oleksandr Kc090abb2023-12-12 19:46:11 +0100105 nodeSelector: "{{ magnum_cluster_api_proxy_ovn_node_selector if atmosphere_network_backend == 'ovn' else magnum_cluster_api_proxy_ovs_node_selector }}" # noqa: yaml[line-length]
Mohammed Naserf0314a82023-04-11 18:53:30 +0000106 securityContext:
107 runAsUser: 42424
108 serviceAccountName: magnum-conductor
109 volumes:
110 - name: pod-tmp
111 emptyDir: {}
112 - name: pod-run
113 emptyDir: {}
114 - name: config
115 configMap:
116 name: magnum-cluster-api-proxy-config
117 - name: haproxy-state
118 emptyDir: {}
119 - name: host-run-netns
120 hostPath:
121 path: /run/netns
122
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000123- name: Create Ingress
124 ansible.builtin.include_role:
125 name: openstack_helm_ingress
126 vars:
127 openstack_helm_ingress_endpoint: container_infra
128 openstack_helm_ingress_service_name: magnum-api
129 openstack_helm_ingress_service_port: 9511
Mohammed Naser2145fc32023-01-29 23:23:03 +0000130 openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naserc139abc2025-02-05 14:03:20 -0500131 openstack_helm_ingress_class_name: "{{ magnum_ingress_class_name }}"
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000132
okozachenko120319b530e2023-01-27 23:52:04 +1100133- name: Deploy magnum registry
Mohammed Naser65850fd2023-02-22 21:36:27 -0500134 run_once: true
Mohammed Naser096ade02022-12-15 09:53:33 -0500135 kubernetes.core.k8s:
136 state: present
137 definition:
Mohammed Naser096ade02022-12-15 09:53:33 -0500138 - apiVersion: apps/v1
139 kind: Deployment
140 metadata:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000141 name: magnum-registry
142 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500143 labels:
144 application: magnum
145 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500146 spec:
Mohammed Naserda59fe92023-07-07 00:03:37 -0400147 replicas: 1
Mohammed Naser096ade02022-12-15 09:53:33 -0500148 selector:
149 matchLabels:
150 application: magnum
151 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500152 template:
153 metadata:
154 labels:
155 application: magnum
156 component: registry
157 spec:
158 containers:
159 - name: registry
Mohammed Naser31171f42023-03-19 00:10:46 +0000160 image: "{{ atmosphere_images['magnum_registry'] | vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser6fd97ab2024-03-14 11:50:13 -0400161 env:
162 - name: REGISTRY_STORAGE_MAINTENANCE_READONLY
163 value: '{"enabled": true}'
Mohammed Naser096ade02022-12-15 09:53:33 -0500164 ports:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000165 - name: registry
166 containerPort: 5000
Mohammed Naser096ade02022-12-15 09:53:33 -0500167 protocol: TCP
168 livenessProbe:
169 httpGet:
170 path: /
171 port: 5000
172 scheme: HTTP
173 readinessProbe:
174 httpGet:
175 path: /
176 port: 5000
177 scheme: HTTP
Mohammed Naser096ade02022-12-15 09:53:33 -0500178 nodeSelector:
179 openstack-control-plane: enabled
Mohammed Naser096ade02022-12-15 09:53:33 -0500180
181 - apiVersion: v1
182 kind: Service
183 metadata:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000184 name: magnum-registry
185 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500186 labels:
187 application: magnum
188 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500189 spec:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000190 type: ClusterIP
Mohammed Naser096ade02022-12-15 09:53:33 -0500191 ports:
192 - name: magnum
193 port: 5000
194 protocol: TCP
195 targetPort: 5000
196 selector:
197 application: magnum
198 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500199
Mohammed Naser096ade02022-12-15 09:53:33 -0500200- name: Create magnum registry Ingress
201 ansible.builtin.include_role:
202 name: openstack_helm_ingress
203 vars:
204 openstack_helm_ingress_endpoint: container_infra_registry
205 openstack_helm_ingress_service_name: magnum-registry
206 openstack_helm_ingress_service_port: 5000
Mohammed Naser756b7172023-02-03 04:01:53 +0000207 openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"
Mohammed Naserc139abc2025-02-05 14:03:20 -0500208 openstack_helm_ingress_class_name: "{{ magnum_registry_ingress_class_name }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500209
Mohammed Naser4b630042023-02-07 20:47:45 +0000210- name: Upload images
211 ansible.builtin.include_role:
212 name: glance_image
213 loop: "{{ magnum_images }}"
214 vars:
215 glance_image_name: "{{ item.name }}"
216 glance_image_url: "{{ item.url }}"
217 glance_image_container_format: "{{ magnum_image_container_format }}"
218 glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser38a74382023-02-07 22:48:11 +0000219 glance_image_properties:
220 os_distro: "{{ item.distro }}"