blob: 9fc94fa02cae2cbf6ad4cda090a091b1313bf8e2 [file] [log] [blame]
Mohammed Naser096ade02022-12-15 09:53:33 -05001# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Mohammed Naserfef69422023-01-18 02:38:06 +000015# NOTE(mnaser): We should get rid of this task eventually as it is suspending
16# the old HelmRelease and removing it to avoid uninstalling the
17# Helm chart.
18- name: Uninstall the legacy HelmRelease
19 run_once: true
20 block:
21 - name: Suspend the existing HelmRelease
Mohammed Naserf0314a82023-04-11 18:53:30 +000022 failed_when: false
Mohammed Naserfef69422023-01-18 02:38:06 +000023 kubernetes.core.k8s:
24 state: patched
25 api_version: helm.toolkit.fluxcd.io/v2beta1
26 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +000027 name: "{{ magnum_helm_release_name }}"
28 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +000029 definition:
30 spec:
31 suspend: true
32
33 - name: Remove the existing HelmRelease
Mohammed Naserf0314a82023-04-11 18:53:30 +000034 failed_when: false
Mohammed Naserfef69422023-01-18 02:38:06 +000035 kubernetes.core.k8s:
36 state: absent
37 api_version: helm.toolkit.fluxcd.io/v2beta1
38 kind: HelmRelease
Mohammed Naser2145fc32023-01-29 23:23:03 +000039 name: "{{ magnum_helm_release_name }}"
40 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +000041
Oleksandr Kozachenko77653522023-05-11 23:23:39 +020042# NOTE(okozachenko1203): We should get rid of this task eventually as it is removing
43# the old RBAC resources.
44- name: Remove the legacy mcapi RBAC resources
45 run_once: true
46 block:
47 - name: Remove the Role
48 failed_when: false
49 kubernetes.core.k8s:
50 state: absent
51 api_version: rbac.authorization.k8s.io/v1
52 kind: Role
53 name: magnum-cluster-api
54 namespace: magnum-system
55
56 - name: Remove the RoleBinding
57 failed_when: false
58 kubernetes.core.k8s:
59 state: absent
60 api_version: rbac.authorization.k8s.io/v1
61 kind: RoleBinding
62 name: magnum-cluster-api
63 namespace: magnum-system
64
Mohammed Naser7943cf82023-02-23 04:31:30 +000065- name: Deploy Cluster API for Magnum RBAC
66 kubernetes.core.k8s:
67 state: present
68 definition:
69 - apiVersion: v1
70 kind: Namespace
71 metadata:
72 name: magnum-system
73
Mohammed Naser15882362023-04-04 20:38:56 +000074 # TODO(mnaser): This should be removed once we have a proper Helm chart
75 # for Cluster API for Magnum.
Mohammed Naser7943cf82023-02-23 04:31:30 +000076 - apiVersion: rbac.authorization.k8s.io/v1
Mohammed Naser15882362023-04-04 20:38:56 +000077 kind: ClusterRoleBinding
Mohammed Naser7943cf82023-02-23 04:31:30 +000078 metadata:
79 name: magnum-cluster-api
Mohammed Naser7943cf82023-02-23 04:31:30 +000080 roleRef:
81 apiGroup: rbac.authorization.k8s.io
Mohammed Naser15882362023-04-04 20:38:56 +000082 kind: ClusterRole
83 name: cluster-admin
Mohammed Naser7943cf82023-02-23 04:31:30 +000084 subjects:
85 - kind: ServiceAccount
86 name: magnum-conductor
87 namespace: "{{ magnum_helm_release_namespace }}"
88
Mohammed Naserfef69422023-01-18 02:38:06 +000089- name: Deploy Helm chart
90 run_once: true
91 kubernetes.core.helm:
Mohammed Naser2145fc32023-01-29 23:23:03 +000092 name: "{{ magnum_helm_release_name }}"
93 chart_ref: "{{ magnum_helm_chart_ref }}"
94 release_namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naserfef69422023-01-18 02:38:06 +000095 create_namespace: true
96 kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser2145fc32023-01-29 23:23:03 +000097 values: "{{ _magnum_helm_values | combine(magnum_helm_values, recursive=True) }}"
Mohammed Naser096ade02022-12-15 09:53:33 -050098
Mohammed Naserf0314a82023-04-11 18:53:30 +000099- name: Deploy "magnum-cluster-api-proxy"
100 run_once: true
101 kubernetes.core.k8s:
102 state: present
103 definition:
104 - apiVerison: v1
105 kind: ConfigMap
106 metadata:
107 name: magnum-cluster-api-proxy-config
108 namespace: "{{ magnum_helm_release_namespace }}"
109 data:
110 magnum_capi_sudoers: |
111 Defaults !requiretty
112 Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
113 magnum ALL = (root) NOPASSWD: /var/lib/openstack/bin/privsep-helper
114
115 - apiVersion: apps/v1
116 kind: DaemonSet
117 metadata:
118 name: magnum-cluster-api-proxy
119 namespace: openstack
120 labels:
121 application: magnum
122 component: cluster-api-proxy
123 spec:
124 selector:
125 matchLabels:
126 application: magnum
127 component: cluster-api-proxy
128 template:
129 metadata:
130 labels:
131 application: magnum
132 component: cluster-api-proxy
133 spec:
134 containers:
135 - name: magnum-cluster-api-proxy
136 command: ["magnum-cluster-api-proxy"]
137 image: "{{ atmosphere_images['magnum_cluster_api_proxy'] | vexxhost.kubernetes.docker_image('ref') }}"
138 securityContext:
139 privileged: true
140 readOnlyRootFilesystem: true
141 volumeMounts:
142 - name: pod-tmp
143 mountPath: /tmp
144 - name: pod-run
145 mountPath: /run
146 - name: config
147 mountPath: /etc/sudoers.d/magnum_capi_sudoers
148 subPath: magnum_capi_sudoers
149 readOnly: true
150 - name: haproxy-state
151 mountPath: /var/lib/magnum/.magnum-cluster-api-proxy
152 - name: host-run-netns
153 mountPath: /run/netns
154 mountPropagation: Bidirectional
Oleksandr Kc090abb2023-12-12 19:46:11 +0100155 nodeSelector: "{{ magnum_cluster_api_proxy_ovn_node_selector if atmosphere_network_backend == 'ovn' else magnum_cluster_api_proxy_ovs_node_selector }}" # noqa: yaml[line-length]
Mohammed Naserf0314a82023-04-11 18:53:30 +0000156 securityContext:
157 runAsUser: 42424
158 serviceAccountName: magnum-conductor
159 volumes:
160 - name: pod-tmp
161 emptyDir: {}
162 - name: pod-run
163 emptyDir: {}
164 - name: config
165 configMap:
166 name: magnum-cluster-api-proxy-config
167 - name: haproxy-state
168 emptyDir: {}
169 - name: host-run-netns
170 hostPath:
171 path: /run/netns
172
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000173- name: Create Ingress
174 ansible.builtin.include_role:
175 name: openstack_helm_ingress
176 vars:
177 openstack_helm_ingress_endpoint: container_infra
178 openstack_helm_ingress_service_name: magnum-api
179 openstack_helm_ingress_service_port: 9511
Mohammed Naser2145fc32023-01-29 23:23:03 +0000180 openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
Mohammed Naser4c33bb52023-01-18 03:23:18 +0000181
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000182- name: Delete un-used job and PVC
183 run_once: true
184 kubernetes.core.k8s:
185 state: absent
186 definition:
187 - apiVersion: batch/v1
188 kind: Job
189 metadata:
190 name: magnum-registry-init
191 namespace: "{{ magnum_helm_release_namespace }}"
192 - apiVersion: v1
193 kind: PersistentVolumeClaim
194 metadata:
195 name: magnum-registry
196 namespace: "{{ magnum_helm_release_namespace }}"
197
okozachenko120319b530e2023-01-27 23:52:04 +1100198- name: Deploy magnum registry
Mohammed Naser65850fd2023-02-22 21:36:27 -0500199 run_once: true
Mohammed Naser096ade02022-12-15 09:53:33 -0500200 kubernetes.core.k8s:
201 state: present
202 definition:
Mohammed Naser096ade02022-12-15 09:53:33 -0500203 - apiVersion: apps/v1
204 kind: Deployment
205 metadata:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000206 name: magnum-registry
207 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500208 labels:
209 application: magnum
210 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500211 spec:
Mohammed Naserda59fe92023-07-07 00:03:37 -0400212 replicas: 1
Mohammed Naser096ade02022-12-15 09:53:33 -0500213 selector:
214 matchLabels:
215 application: magnum
216 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500217 template:
218 metadata:
219 labels:
220 application: magnum
221 component: registry
222 spec:
223 containers:
224 - name: registry
Mohammed Naser31171f42023-03-19 00:10:46 +0000225 image: "{{ atmosphere_images['magnum_registry'] | vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser6fd97ab2024-03-14 11:50:13 -0400226 env:
227 - name: REGISTRY_STORAGE_MAINTENANCE_READONLY
228 value: '{"enabled": true}'
Mohammed Naser096ade02022-12-15 09:53:33 -0500229 ports:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000230 - name: registry
231 containerPort: 5000
Mohammed Naser096ade02022-12-15 09:53:33 -0500232 protocol: TCP
233 livenessProbe:
234 httpGet:
235 path: /
236 port: 5000
237 scheme: HTTP
238 readinessProbe:
239 httpGet:
240 path: /
241 port: 5000
242 scheme: HTTP
Mohammed Naser096ade02022-12-15 09:53:33 -0500243 nodeSelector:
244 openstack-control-plane: enabled
Mohammed Naser096ade02022-12-15 09:53:33 -0500245
246 - apiVersion: v1
247 kind: Service
248 metadata:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000249 name: magnum-registry
250 namespace: "{{ magnum_helm_release_namespace }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500251 labels:
252 application: magnum
253 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500254 spec:
Mohammed Nasere97c6a52023-04-13 17:50:29 +0000255 type: ClusterIP
Mohammed Naser096ade02022-12-15 09:53:33 -0500256 ports:
257 - name: magnum
258 port: 5000
259 protocol: TCP
260 targetPort: 5000
261 selector:
262 application: magnum
263 component: registry
Mohammed Naser096ade02022-12-15 09:53:33 -0500264
Mohammed Naser096ade02022-12-15 09:53:33 -0500265- name: Create magnum registry Ingress
266 ansible.builtin.include_role:
267 name: openstack_helm_ingress
268 vars:
269 openstack_helm_ingress_endpoint: container_infra_registry
270 openstack_helm_ingress_service_name: magnum-registry
271 openstack_helm_ingress_service_port: 5000
Mohammed Naser756b7172023-02-03 04:01:53 +0000272 openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"
Mohammed Naser096ade02022-12-15 09:53:33 -0500273
Mohammed Naser4b630042023-02-07 20:47:45 +0000274- name: Upload images
275 ansible.builtin.include_role:
276 name: glance_image
277 loop: "{{ magnum_images }}"
278 vars:
279 glance_image_name: "{{ item.name }}"
280 glance_image_url: "{{ item.url }}"
281 glance_image_container_format: "{{ magnum_image_container_format }}"
282 glance_image_disk_format: "{{ magnum_image_disk_format }}"
Mohammed Naser38a74382023-02-07 22:48:11 +0000283 glance_image_properties:
284 os_distro: "{{ item.distro }}"