Ingress Nginx Integration

[infra/stack/kubernetes.git] / playbooks / roles / package / tasks / containers.yaml

---
# ============LICENSE_START=======================================================
#  Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================

- name: Create directory to store container images
  file:
    path: "{{ containers_folder }}"
    state: "{{ item }}"
  with_items:
    - absent
    - directory

- name: Set versions of k8s components in Kubespray downloads role
  lineinfile:
    path: "{{ git_folder }}/kubespray/roles/download/defaults/main.yml"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  with_items:
    - {regexp: "^kube_version:.*", line: "kube_version: {{ kubernetes_version }}"}
    - {regexp: "^helm_version:.*", line: "helm_version: {{ helm_version }}"}

# NOTE (fdegir): order of vars files is significant
- name: Include kubespray vars files
  include_vars: "{{ item }}"
  with_items:
    - "{{ git_folder }}/kubespray/roles/kubespray-defaults/defaults/main.yaml"
    - "{{ git_folder }}/kubespray/roles/download/defaults/main.yml"

- name: Remove outdated kubeadm-images.yaml file
  file:
    path: "/tmp/kubeadm-images.yaml"
    state: absent

- name: Generate kubeadm-images.yaml to fetch container images
  template:
    src: "kubeadm-images.yaml.j2"
    dest: "/tmp/kubeadm-images.yaml"
    force: true

# NOTE (fdegir): the tasks below are taken from kubespray/roles/download/tasks/prep_kubeadm_images.yml
- name: Get list of kubeadm images
  shell: |
    set -o pipefail
    {{ binaries_folder }}/kubeadm config images list --config=/tmp/kubeadm-images.yaml | grep -v coredns
  args:
    executable: /bin/bash
  register: kubeadm_images_raw
  run_once: true
  changed_when: false

- name: Parse list of kubeadm images
  vars:
    kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}"
  set_fact:
    kubeadm_image:
      key: "kubeadm_{{ (item | regex_replace('^(?:.*\\/)*','')).split(':')[0] }}"
      value:
        enabled: true
        container: true
        repo: "{{ item | regex_replace('^(.*):.*$','\\1') }}"
        tag: "{{ item | regex_replace('^.*:(.*)$','\\1') }}"
  loop: "{{ kubeadm_images_list | flatten(levels=1) }}"
  register: kubeadm_images_cooked
  run_once: true

- name: Convert list of kubeadm images to dict
  set_fact:
    kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}"
  run_once: true

- name: Populate list of images to pull and save with those specified by Kubespray
  vars:
    image_list: []
  set_fact:
    image_list: "{{ image_list }} + [ '{{ downloads[item].repo }}:{{ downloads[item].tag }}' ]"
  loop: "{{ k8s_misc_images }}"
  changed_when: false
  when: downloads[item].container is defined and downloads[item].container

- name: Populate list of images to pull and save with those specified by Kubeadm
  set_fact:
    image_list: "{{ image_list }} + [ '{{ item.value.repo }}:{{ item.value.tag }}' ]"
  loop: "{{ kubeadm_images | dict2items }}"
  changed_when: false

- name: Populate list of images to pull and save with other miscellaneous images
  set_fact:
    image_list: "{{ image_list }} + [ '{{ item.value.repo }}:{{ item.value.tag }}' ]"
  loop: "{{ other_images | dict2items }}"
  changed_when: false

- name: Add tiller container image to list of images (helm v2 only)
  set_fact:
    image_list: "{{ image_list }} + [ '{{ downloads['tiller'].repo }}:{{ downloads['tiller'].tag }}' ]"
  changed_when: false
  when: helm_version is version('v3.0.0', '<')

- name: Dump image list to disk
  copy:
    content: "{{ image_list | join('\n') }}"
    dest: "{{ engine_cache }}/images.txt"

- name: Pull images (using pull-images.sh)
  vars:
    container_tool: docker
    container_pull_parallel: 4
    images_txt: "{{ engine_cache }}/images.txt"
  script: pull-images.sh -l {{ images_txt }} -c {{ container_tool }} -p {{ container_pull_parallel }}
  become: true
  register: pull_images_output_raw
  changed_when: pull_images_output_raw.stdout is search("downloaded newer image for", ignorecase=true)

- name: Save images (using save-images.sh)
  vars:
    container_tool: docker
    images_txt: "{{ engine_cache }}/images.txt"
    images_output: "{{ containers_folder }}/images.tar"
  script: save-images.sh -l {{ images_txt }} -c {{ container_tool }} -o {{ images_output }}
  args:
    creates: "{{ images_output }}"
  become: true

- name: Save registry image separately
  vars:
    img: "{{ other_images['docker-registry'].repo }}:{{ other_images['docker-registry'].tag }}"
    dest: "{{ img | regex_replace('[/:]', '_') }}.tar"
  shell: |-
    set -o pipefail && \
    docker save {{ img }} -o {{ dest }}
  args:
    executable: "/bin/bash"
    chdir: "{{ containers_folder }}"
    creates: "{{ containers_folder }}/{{ dest }}"
  become: true

# NOTE (fdegir): archive fails due to wrong permissions so we fix them
- name: Fix container image permissions
  file:
    path: "{{ containers_folder }}"
    state: directory
    recurse: true
    mode: 0755
  become: true

# vim: set ts=2 sw=2 expandtab: