-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add kadalu client for external glusterfs service - works with glusterfs role created add openstack tasks to configure for microk8s, especially metallb setup simplified join to cluster operation
- Loading branch information
Dean Taylor
committed
May 4, 2022
1 parent
60eb124
commit 85de71b
Showing
9 changed files
with
397 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| --- | ||
| # roles/microk8s/tasks/configure-cert-manager.yml | ||
| # | ||
| - name: configure cert-manager | ||
| become: false | ||
| run_once: "{{run_once}}" | ||
| block: | ||
| - name: jetstack helm chart | ||
| kubernetes.core.helm_repository: | ||
| binary_path: "{{helm}}" | ||
| repo_name: jetstack | ||
| repo_state: present | ||
| repo_url: https://charts.jetstack.io | ||
| delegate_to: "{{delegate_to}}" | ||
|
|
||
| - name: cert-manager CRDs | ||
| ansible.builtin.shell: | ||
| cmd: > | ||
| {{kubectl}} apply | ||
| -f https://github.com/cert-manager/cert-manager/releases/download/{{microk8s_cert_manager_version}}/cert-manager.crds.yaml | ||
| register: kubectl_apply_cert_manager_crds | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_cert_manager_crds.stdout_lines |reject('search','unchanged') |list |length >0 | ||
|
|
||
| - name: cert-manager | ||
| kubernetes.core.helm: | ||
| binary_path: "{{helm}}" | ||
| chart_ref: jetstack/cert-manager | ||
| chart_version: "{{microk8s_cert_manager_version}}" | ||
| create_namespace: true | ||
| release_name: cert-manager | ||
| release_namespace: cert-manager | ||
| release_state: present | ||
| release_values: | ||
| ingressShim.defaultIssuerName: selfsign | ||
| ingressShim.defaultIssuerKind: ClusterIssuer | ||
| ingressShim.defaultIssuerGroup: cert-manager.io | ||
| skip_crds: true | ||
| update_repo_cache: false | ||
| wait: true | ||
| delegate_to: "{{delegate_to}}" | ||
|
|
||
| - name: cert-manager issuer selfsign | ||
| ansible.builtin.shell: | ||
| cmd: | | ||
| cat <<EOT |{{kubectl}} apply -f - | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: ClusterIssuer | ||
| metadata: | ||
| name: selfsigned | ||
| spec: | ||
| selfSigned: {} | ||
| EOT | ||
| register: kubectl_apply_selfsign | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_selfsign.stdout_lines |reject('search','unchanged') |list |length >0 | ||
|
|
||
| - name: cert-manager root CA | ||
| ansible.builtin.shell: | ||
| cmd: | | ||
| cat <<EOT |{{kubectl}} apply -f - | ||
| --- | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Certificate | ||
| metadata: | ||
| name: ca-issuer-root-x1 | ||
| namespace: cert-manager | ||
| spec: | ||
| isCA: true | ||
| commonName: Microk8s Root X1 | ||
| duration: 175200h | ||
| secretName: ca-issuer-root-x1 | ||
| privateKey: | ||
| algorithm: ECDSA | ||
| size: 256 | ||
| issuerRef: | ||
| name: selfsigned | ||
| kind: ClusterIssuer | ||
| group: cert-manager.io | ||
| --- | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: ClusterIssuer | ||
| metadata: | ||
| name: ca-issuer | ||
| spec: | ||
| ca: | ||
| secretName: ca-issuer-root-x1 | ||
| EOT | ||
| register: kubectl_apply_ca | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_ca.stdout_lines |select('match','(created|updated)$') |list |length == 0 | ||
| #changed_when: kubectl_apply_ca.stdout_lines |reject('search','unchanged') |list |length >0 | ||
| when: | ||
| - microk8s_cert_manager_rootCA_issuer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| --- | ||
| # roles/microk8s/tasks/configure-kadalu.yml | ||
| # | ||
| - ansible.builtin.debug: | ||
| var: microk8s_kadalu_gluster_hosts | ||
|
|
||
| - name: kadalu configuration | ||
| become: false | ||
| run_once: true | ||
| block: | ||
| - name: kadalu external auth | ||
| ansible.builtin.shell: | ||
| cmd: | | ||
| cat <<EOT |{{kubectl}} apply -f - | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: kadalu | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| type: Opaque | ||
| metadata: | ||
| name: glusterquota-ssh-secret | ||
| namespace: kadalu | ||
| stringData: | ||
| glusterquota-ssh-username: kadalu | ||
| ssh-privatekey: | | ||
| {{microk8s_kadalu_ssh_priv |indent(4)}} | ||
| EOT | ||
| executable: /bin/bash | ||
| register: kubectl_apply_kadalu_auth | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_kadalu_auth.stdout_lines |reject('search','unchanged') |list |length >0 | ||
|
|
||
| - name: kadalu install --type microk8s | ||
| ansible.builtin.shell: | ||
| cmd: > | ||
| {{kubectl}} apply -f | ||
| https://github.com/kadalu/kadalu/releases/download/0.8.14/{{item}}.yaml | ||
| register: kubectl_apply_kadalu | ||
| changed_when: kubectl_apply_kadalu.stdout_lines |reject('search','unchanged') |list |length >0 | ||
| delegate_to: "{{delegate_to}}" | ||
| with_items: | ||
| - kadalu-operator-microk8s | ||
| - csi-nodeplugin-microk8s | ||
|
|
||
| - name: kadalu storage class | ||
| ansible.builtin.shell: | ||
| cmd: | | ||
| cat <<EOT |{{kubectl}} apply -f - | ||
| apiVersion: kadalu-operator.storage/v1alpha1 | ||
| kind: KadaluStorage | ||
| metadata: | ||
| name: external-delete | ||
| spec: | ||
| type: External | ||
| storage: [] | ||
| details: | ||
| gluster_hosts: {{microk8s_kadalu_gluster_hosts |list}} | ||
| gluster_volname: kadalu | ||
| gluster_options: "" | ||
| EOT | ||
| executable: /bin/bash | ||
| register: kubectl_apply_kadalu_sc | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_kadalu_sc.stdout_lines |reject('search','unchanged') |list |length >0 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| --- | ||
| # roles/microk8s/tasks/configure-openstack.yml | ||
| # https://github.com/kubernetes/cloud-provider-openstack/tree/master/charts/cinder-csi-plugin | ||
| # https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md | ||
| # | ||
| - name: openstack cloud provider | ||
| become: false | ||
| run_once: "{{run_once}}" | ||
| block: | ||
| - name: openstack cloud provider settings | ||
| ansible.builtin.shell: | ||
| cmd: | | ||
| cat <<EOT |{{kubectl}} apply -f - | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: cloud-provider-openstack | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| type: Opaque | ||
| metadata: | ||
| name: cloud-config | ||
| namespace: cloud-provider-openstack | ||
| stringData: | ||
| cloud-config: | | ||
| {{lookup('template','openstack-cloud.conf.j2') |indent(4)}} | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: cacert | ||
| namespace: cloud-provider-openstack | ||
| data: | ||
| ca-bundle.crt: | | ||
| {{microk8s_openstack_cloud_conf.ca_bundle_crt |indent(4)}} | ||
| EOT | ||
| executable: /bin/bash | ||
| register: kubectl_apply_openstack | ||
| delegate_to: "{{delegate_to}}" | ||
| changed_when: kubectl_apply_openstack.stdout_lines |reject('search','unchanged') |list |length >0 | ||
|
|
||
| - name: openstack cloud provider charts | ||
| kubernetes.core.helm_repository: | ||
| binary_path: "{{helm}}" | ||
| repo_name: cpo | ||
| repo_state: present | ||
| repo_url: https://kubernetes.github.io/cloud-provider-openstack | ||
| delegate_to: "{{delegate_to}}" | ||
|
|
||
| - name: openstack cinder csi | ||
| kubernetes.core.helm: | ||
| binary_path: "{{helm}}" | ||
| chart_ref: cpo/openstack-cinder-csi | ||
| #chart_version: "" | ||
| create_namespace: true | ||
| release_name: cinder-csi | ||
| release_namespace: cloud-provider-openstack | ||
| release_state: present | ||
| release_values: | ||
| csi: | ||
| plugin: | ||
| volumes: | ||
| - name: cacert | ||
| configMap: | ||
| name: cacert | ||
| secret: | ||
| enabled: true | ||
| name: cloud-config | ||
| storageClass: | ||
| custom: |- | ||
| --- | ||
| apiVersion: storage.k8s.io/v1 | ||
| kind: StorageClass | ||
| metadata: | ||
| name: csi-cinder-sc-retain-wffc | ||
| provisioner: cinder.csi.openstack.org | ||
| reclaimPolicy: Retain | ||
| volumeBindingMode: WaitForFirstConsumer | ||
| allowVolumeExpansion: true | ||
| delegate_to: "{{delegate_to}}" | ||
| when: | ||
| - microk8s_openstack_cinder_enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.