-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprovision.yaml
229 lines (227 loc) · 10.1 KB
/
provision.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
---
- name: Provision Infrastructure
hosts: localhost
gather_facts: false
vars:
os_config_file_path: "{{ lookup('env', 'OS_CLIENT_CONFIG_FILE') }}"
kansible_node_keypairs: []
tasks:
- name: Check if OpenStack credentials exist
stat:
path: "{{ os_config_file_path }}"
register: os_config_file
- name: Include OpenStack credentials as variables
include_vars: "{{ os_config_file_path }}"
when: os_config_file.stat.exists and os_config_file.stat.isreg
- name: Generate AWX token
awx.awx.tower_token:
description: "AWX Token for further API calls for cluster {{ kubernetes.cluster.name }}"
application: Kansible
tower_host: "{{ awx.address }}"
tower_username: "{{ awx.username }}"
tower_password: "{{ awx.password }}"
- name: Generate nodes keypair
openstack.cloud.keypair:
name: "{{ (kubernetes.cluster.name + '-keypair') }}"
auth: "{{ clouds.devstack.auth }}"
register: nova_keypair
- name: Create nodes credential
awx.awx.tower_credential:
name: "{{ (kubernetes.cluster.name + '-node-keypair') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' Node SSH Credential' }}"
organization: MafiaRPG
kind: ssh
inputs:
username: core
ssh_key_data: "{{ nova_keypair.key.private_key }}"
become_method: sudo
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
when: nova_keypair.key.private_key
- name: Generate list of keypairs
set_fact:
kansible_node_keypairs: "{{ kansible_node_keypairs + [item.public_key] }}"
with_items:
- "{{ nova_keypair.key }}"
- "{{ ssh_keypair }}"
- name: Create cluster inventory
awx.awx.tower_inventory:
name: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' cluster inventory' }}"
organization: MafiaRPG
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create host groups
block:
- name: Create masters group
awx.awx.tower_group:
name: kube_control_plane
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create etcd group
awx.awx.tower_group:
name: etcd
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create nodes group
awx.awx.tower_group:
name: kube_node
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create calico group
awx.awx.tower_group:
name: calico-rr
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create common group
awx.awx.tower_group:
name: k8s-cluster
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
children:
- kube_control_plane
- kube_node
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Create OpenStack source
awx.awx.tower_inventory_source:
name: "{{ (kubernetes.cluster.name + '-openstack') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' cluster OpenStack inventory source' }}"
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
credential: MafiaRPG OpenStack
source: openstack
source_vars:
groups:
etcd: "openstack.metadata.kubernetes_cluster_role is defined and openstack.metadata.kubernetes_cluster_role == 'control_plane'"
kube_control_plane: "openstack.metadata.kubernetes_cluster_role is defined and openstack.metadata.kubernetes_cluster_role == 'control_plane'"
kube_node: "openstack.metadata.kubernetes_cluster_role is defined and openstack.metadata.kubernetes_cluster_role == 'node'"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Debug openstack
debug:
var: openstack
- name: Create KubeSpray job template
vars:
openstack_auth: "{{ clouds.devstack.auth }}"
awx.awx.tower_job_template:
name: "{{ (kubernetes.cluster.name + '-master-deploy') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' cluster KubeSpray job' }}"
project: KubeSpray
playbook: cluster.yml
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
credentials:
- "{{ (kubernetes.cluster.name + '-node-keypair') | to_uuid }}"
extra_vars:
cloud_provider: external
external_cloud_provider: openstack
external_openstack_auth_url: "{{ openstack_auth.auth_url }}"
external_openstack_domain_name: "{{ openstack_auth.project_domain_name }}"
external_openstack_tenant_name: "{{ openstack_auth.project_name }}"
external_openstack_username: "{{ openstack_auth.username }}"
external_openstack_password: "{{ openstack_auth.password }}"
external_openstack_region: "{{ openstack.region }}"
external_openstack_lbaas_network_id: "{{ openstack.octavia.vip_network_id }}"
external_openstack_lbaas_floating_network_id: "{{ openstack.octavia.floating_network_id }}"
cinder_csi_enabled: true
kube_feature_gates:
- CSIMigration=true
- CSIMigrationOpenStack=true
- ExpandCSIVolumes=true
become_enabled: true
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Generate Kubernetes instance user-data
set_fact:
kubernetes_instance_userdata: "{{ lookup('template', 'userdata/flatcar.j2') }}"
- name: Provision control plane
block:
- name: Create Kubernetes master data volume
openstack.cloud.volume:
name: "{{ (kubernetes.cluster.name + '-master' + item + '-volume') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' cluster master ' + item + ' data volume' }}"
state: present
auth: "{{ clouds.devstack.auth }}"
size: "{{ kubernetes.master.volume.size | default('40') }}"
with_sequence: start=1 end="{{ kubernetes.master.count }}"
- name: Create Kubernetes master instance
openstack.cloud.server:
name: "{{ kubernetes.cluster.name + '-kubernetes-master' + item }}"
state: present
auth: "{{ clouds.devstack.auth }}"
flavor: "{{ kubernetes.master.flavor}}"
image: "{{ openstack.image }}"
network: "{{ kubernetes.cluster.network }}"
meta:
kubernetes.cluster.name: "{{ kubernetes.cluster.name }}"
kubernetes_cluster_role: control_plane
floating_ip_pools:
- "{{ kubernetes.cluster.floating_ip_network }}"
security_groups:
- default
- Kubernetes Master
volumes:
- "{{ (kubernetes.cluster.name + '-master' + item + '-volume') | to_uuid }}"
userdata: "{{ kubernetes_instance_userdata | to_json }}"
with_sequence: start=1 end="{{ kubernetes.master.count }}"
- name: Provision nodes
block:
- name: Create Kubernetes node data volume
openstack.cloud.volume:
name: "{{ (kubernetes.cluster.name + '-node' + item + '-volume') | to_uuid }}"
description: "{{ kubernetes.cluster.name + ' cluster node ' + item + ' data volume' }}"
state: present
auth: "{{ clouds.devstack.auth }}"
size: "{{ kubernetes.node.volume.size | default('40') }}"
with_sequence: start=1 end="{{ kubernetes.node.count }}"
- name: Create Kubernetes node instance
openstack.cloud.server:
name: "{{ kubernetes.cluster.name + '-kubernetes-node' + item }}"
state: present
auth: "{{ clouds.devstack.auth }}"
flavor: "{{ kubernetes.node.flavor }}"
image: "{{ openstack.image }}"
network: "{{ kubernetes.cluster.network }}"
meta:
kubernetes.cluster.name: "{{ kubernetes.cluster.name }}"
kubernetes_cluster_role: node
floating_ip_pools:
- "{{ kubernetes.cluster.floating_ip_network }}"
security_groups:
- default
- Kubernetes Node
volumes:
- "{{ (kubernetes.cluster.name + '-node' + item + '-volume') | to_uuid }}"
userdata: "{{ kubernetes_instance_userdata | to_json }}"
with_sequence: start=1 end="{{ kubernetes.node.count }}"
- name: Update cluster inventory
awx.awx.tower_inventory_source_update:
name: "{{ (kubernetes.cluster.name + '-openstack') | to_uuid }}"
inventory: "{{ (kubernetes.cluster.name + '-inventory') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Wait for nodes to become ready
hosts: all
gather_facts: false
tasks:
- wait_for_connection:
delay: "{{ kansible.instance.initial_timeout }}"
connect_timeout: 20
- name: Run KubeSpray
hosts: localhost
gather_facts: false
tasks:
- name: Launch KubeSpray job
awx.awx.tower_job_launch:
name: "{{ (kubernetes.cluster.name + '-master-deploy') | to_uuid }}"
tower_host: "{{ awx.address }}"
tower_oauthtoken: "{{ tower_token }}"
- name: Delete AWX token
awx.awx.tower_token:
existing_token: "{{ tower_token }}"
state: absent
tower_host: "{{ awx.address }}"
tower_username: "{{ awx.username }}"
tower_password: "{{ awx.password }}"