X-Git-Url: https://gerrit.nordix.org/gitweb?p=infra%2Fstack%2Fkubernetes.git;a=blobdiff_plain;f=apps%2Fistio%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftasks%2Fmain.yml;fp=apps%2Fistio%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftasks%2Fmain.yml;h=1f4e8593eeb47c8bb73a7d80a5b7eb36b58dd8b0;hp=0000000000000000000000000000000000000000;hb=a1e1f40e71a48d8c5315f37999b9123c7ea908ab;hpb=20d34e772e021fabdee0aa9b50e9804a80d5108a diff --git a/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml b/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..1f4e859 --- /dev/null +++ b/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,176 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure "{{ istio_work_dir }}" exists + file: + path: "{{ istio_work_dir }}" + state: directory + +# TODO: validate download checksum +- name: Download the installation files + unarchive: + src: "{{ istio_download_url }}" + dest: "{{ istio_work_dir }}" + remote_src: true + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + +- name: List existing installation of Istio + shell: helm list | awk '{print $1}' | grep istio + register: installed_istio_charts + ignore_errors: true + changed_when: false + tags: reset + +- name: Delete existing installation of Istio + command: helm delete --purge "{{ item }}" + loop: "{{ installed_istio_charts.stdout_lines }}" + ignore_errors: true + changed_when: true + tags: reset + +# This solves this bug: https://github.com/ansible/ansible/issues/47081 with the k8s module which is caused +# due to the presence of --- at the end of the yaml file. +- name: Fix upstream Istio CRDs + lineinfile: + path: "{{ item }}" + regex: '^-{3}\n+$' + line: "" + state: present + firstmatch: true + with_fileglob: + - "{{ istio_work_dir }}/istio-{{ istio_version }}/install/kubernetes/helm/istio-init/files/*" + ignore_errors: true + tags: reset + +- name: Delete existing Istio CRDs + k8s: + api_version: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + state: absent + src: "{{ item }}" + with_fileglob: + - "{{ istio_work_dir }}/istio-{{ istio_version }}/install/kubernetes/helm/istio-init/files/*" + ignore_errors: true + tags: reset + +- name: Delete Istio init namespace + k8s: + name: "{{ istio_init_namespace }}" + api_version: v1 + kind: Namespace + state: absent + ignore_errors: true + tags: reset + +# This can be avoided when we update Ansible to 2.8 version as is included in k8s module +- name: Verify Istio init namespace deletion + k8s_facts: + kind: Namespace + name: "{{ istio_init_namespace }}" + register: namespace_status + until: not namespace_status.resources + retries: 5 + delay: 10 + ignore_errors: true + tags: reset + +- name: Delete Istio namespace + k8s: + name: "{{ istio_namespace }}" + api_version: v1 + kind: Namespace + state: absent + ignore_errors: true + tags: reset + +# This can be avoided when we update Ansible to 2.8 version as is included in k8s module +- name: Verify Istio init namespace deletion + k8s_facts: + kind: Namespace + name: "{{ istio_namespace }}" + register: namespace_status + until: not namespace_status.resources + retries: 5 + delay: 10 + ignore_errors: true + tags: reset + +- name: Install and bootstrap Istio CRDs + command: > + helm install "{{ istio_work_dir }}"/istio-"{{ istio_version }}"/install/kubernetes/helm/istio-init + --name "{{ istio_init_release_name }}" + --namespace "{{ istio_init_namespace }}" + changed_when: true + +- name: Verify the commitment of all Istio CRDs + k8s_facts: + kind: CustomResourceDefinition + api: apiextensions.k8s.io/v1beta1 + label_selectors: + - release=istio + register: crd_status + until: crd_status.resources|length >= 23 + retries: 5 + delay: 10 + +- name: Install Istio configuration profile + command: > + helm install "{{ istio_work_dir }}"/istio-"{{ istio_version }}"/install/kubernetes/helm/istio + --name "{{ istio_release_name }}" + --namespace "{{ istio_namespace }}" + changed_when: true + +- name: Verify Istio service existence + k8s_facts: + kind: Service + namespace: "{{ istio_namespace }}" + label_selectors: + - release=istio + register: istio_service_status + until: istio_service_status.resources is defined + retries: 5 + delay: 10 + +- name: Wait until Istio pods are ready + k8s_facts: + kind: Pod + namespace: "{{ istio_namespace }}" + label_selectors: + - release=istio + field_selectors: + - status.phase=Running + register: istio_pod_status + until: + - istio_pod_status.resources is defined + - istio_pod_status.resources + retries: 5 + delay: 10 + +- name: Add istioctl CLI bin to path + become: true + copy: + src: '{{ istio_work_dir }}/istio-{{ istio_version }}/bin/istioctl' + dest: '/usr/local/bin/istioctl' + remote_src: true + mode: '0755' + +# vim: set ts=2 sw=2 expandtab: