gerrit.nordix Code Review - infra/stack/kubernetes.git/log

ceph: configuration fixes

* Wire through deviceFilter properly
* Expose rook configuration knobs via env vars

Change-Id: Idfdb2d229f542ea73835f41b1ea574a3f72b8023
Signed-off-by: Cian Johnston <cian.johnston@est.tech>

Update rook-ceph kubernetes deployment

* Upgrade rook to v1.5.9 (and update associated CRDs)
* Upgrade ceph to latest release
* Add taints and tolerations to separate rook-ceph workloads
from other workloads to work around RBD+XFS hangup bug
* Use a separate volume for Ceph block storage

Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: I3a634204ab63183adb137d9c07bf026b16ec2fcf
Signed-off-by: Cian Johnston <cian.johnston@est.tech>

Changes for Helm v3 compatibility:

* Helm v3 complains if kubeconfig is world-readable. Setting permissions
on /root/.kube/config to keep it happy.
* Add local helm repos in prometheus/spinnaker install tasks
* Pinning openshift due to regression in kubernetes client

Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: Ie0dc3d9c7af4eda5a4d56461f9e3e4341ea7a12c

Add k8-calico-dualstack and k8-multus-dualstack scenarios

This commit adds two self-contained scenarios that support the following:
  * Assigning both IPv4 and IPv6 addresses to pods using the Calico CNI
    (kubernetes_version >= v1.16)
  * Setting both IPv4 and IPv6 kubelet addresses
    (kubernetes_version >= v1.20)

One of these scenarios installs the Calico CNI only, and the other
installs the Multus CNI with Calico as the backing CNI.

*** NOTE: this depends on upstream features incompatible with k8s < 1.18. ***
    DO NOT MERGE with 1.15, 1.16, or 1.17.

Deploy-Scenario: k8-calico-dualstack
Change-Id: I5b9e21f6e0b5aaff276c8e86c19d5ae75d0c4569
Signed-off-by: Cian Johnston <cian.johnston@est.tech>

build helm version to match kubespray > 2.15

Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: I14eef23eaf95b5dc917ac2ca26a069932b58cbb8
Depends-On: I592ec75bfeb76444d21216652e308120c3c3ef8a

containers: export all images in one file

This change modifies how images are exported before packaging.
Previously, each image was exported as a separate file, which
causes duplication of layers in common between images. Now, all
images are exported as one file, allowing deduplication of image
layers and significant on-disk space savings.

NOTE: the docker-registry image is exported separately for the
sake of engine.

Change-Id: I95a0597590ada9c32c8b9449d6f58b321168c2f8
Signed-off-by: Cian Johnston <cian.johnston@est.tech>

containers: check item.container before pull/save

In later versions of Kubespray, certain items (such as Helm) are
no longer fetched as a container. This change checks that the
download manifest in Kubespray specifies that the item in question
is meant to be treated as a container before pulling and saving.

Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: Iedbfb6f020c4d89e050f1fa83209634affe3ebab

Update Helm to version 3.3.4

* helm_version -> v3.3.4
* required changes to Helm CLI invocations

Change-Id: I4816a6da5da50d039d5cf77717d8d33797ff0d6e
Signed-off-by: Cian Johnston <cian.johnston@est.tech>

bugfix: update references to helm stable repo

Depends-On: If025c222db2aa3dcc9be4d18ce79eb3f8bdbc672
Signed-off-by: Cian Johnston <cian.johnston@est.tech>
Change-Id: Ia5a929ef07429aab6dd61006ae7c87579c04983d

Distribute dependencies

This change moves the dependencies required for Kubernetes stack to
stack itself, making sure we deal with the dependencies required for
it and no other stack.

This is achieved by
- moving operating system dependencies from engine core bindep.txt into
stack bindep.txt
- moving python dependencies from engine core requirements.txt into
stack requirements.txt
- taking setup-stack.sh script in use so engine core executes this script
from the stack

The benefits of this approach
- ability to control dependencies directly within the stack without
impacting other stacks and engine core
- package dependencies required for the stack itself and not everything
- allow identifying engine core dependencies so they can be made part of
stack packaging, enabling stacks to stop using leftovers of an earlier
deployment done for a different stack
- pave the way for multi distro support since some stacks may support
more than one distro and that support can be introduced and maintained
within corresponding stack
- deferred processing of dependencies allow to engine become functioning
faster than how it is know. also, the overall deployment time will be
shortened a bit with the help of this due to dealing with dependencies
based on stack

Depends-On: I713d0e333bc4a01c92e6aa6ae1a4e6f3d9efe2ad
Change-Id: I9508275fe581cea15af3c9e7dfa0b3342370460b

Package busybox container image for ceph workaround

Busybox image is not packaged for offline deployments, causing
pod to fail coming up as the image is not available in local
docker registry. Adding image to list of images to pull and
package. Busybox repo in the install template is also updated
in order to get rid of duplicated path and adjust it based on
the path it gets on local registry.

Warning Failed 118s (x4 over 3m56s) kubelet, master0 Failed to pull image "engine.local/library/busybox/library/busybox:1.32.0": rpc error: code = Unknown desc = Error response from daemon: manifest for engine.local/library/busybox/library/busybox:1.32.0 not found

Change-Id: Ibc173049c1bae5676dde2a686bd6092761dc645d

Merge "Add Shared Storage as optional"

Add workaround for tunnel connectivity

This patch creates a DeamonSet (pod on each node) that pings all the ipip tunnels of all the other nodes.
It should be removed once we find why the tunnels aren't open without pinging

Signed-off-by: afenner <andrew.fenner@est.tech>
Change-Id: Ic4e8241aa2a014daa0d299186d07615ee79030a2
Signed-off-by: afenner <andrew.fenner@est.tech>

Add Shared Storage as optional

In some setups there will be no shared storage configured.
The current playbooks will always create a cephfs Storage Class,
this change will make it optional and controlled from a variable.

Change-Id: I70a57e50cd0ecdc4ac300d46e1d269ebcb90a5aa

Bump kubernetes to v1.18.5

The container image, flannel_cni, is removed in upstream Kubespray
download role so we remove it as well.

Depends-On: Ie8be93ba62dc90229f54bd618c982aeaf4bdaafb
Change-Id: I7bc9f42fd5bb6a29d4dd16d9e56228dde58fd498

bugfix: Set git folder for recording repo shas

Change-Id: I38aa63be3becc39e4dc0673c90779944e8cd8820

Keep tarball and release properties for release

The installer file created by the package role can not be scanned by
JFrog XRAY due to it being an incompatible artifact type. In order for
the artifact to be scanned, it needs to be in one of the supported
formats.

This change updates package role to keep the tarball if the packaging
is run by release job in order to make scanning of artifacts possible.

In addition to keeping the tarball around, release job records release
metadata in release.properties file. This file is needed to be included
in tarball and installer file in order to make the traceability better.

Please note that both of these operations take effect if the release
metadata file /tmp/release.properties exists. This file is only created
by release job on Jenkins and does not exist for manual builds so there
is not change for manual packaging.

Change-Id: I3189806fc7a45b63328dc7236c94119f2ee9e295

Introduce stack setup script

This change introduces setup-stack.sh script which will do setup
for the stack itself such as setting the default scenario if not
specified by the user and more importantly installing the dependencies.

Further changes will be sent, moving dependencies to stacks and
installations of those into stack setup script.

Depends-On: I6b9d27edd2016594b197a368b8ed393e98beef7f
Change-Id: I7892fa217a7db5c0c7b84a1b57aa6f311ee14cc6

Control docker version within stack

Docker version was originally controlled within engine repository
but it is more appropriate to control it within the stack as the
version requirements could be different across the stacks. See the
dependent change for how it was controlled before.

Depends-On: Id5f2c72e35bba4d5ab413f7b19119330540f5674
Change-Id: I2720d6b6ddcde0f742f527e3f86b3085f13aaeda

Move pre, postinstall, scenario, and apps to stack

Preinstall, postinstall, scenario, and apps are specific
to stack composition and more appropriate to locate them
within the stacks themselves rather than the installers.
This makes it possible for different stacks to configure
target deployment according to their needs and use the
installer without thinking about potential effects the
changes could cause on other stacks that may be using the
same installer.

An example to this is Kubernetes and ONAP stacks and the
CEPH configuration. Both stacks use Kubespray but the
configuration of Kubernetes differs between them. By moving
the pre/post/scenario/app configuration into stacks
themselves, they become independent from each other as
much as possible.

Please note that once this change goes in, the dependent
change needs to be verified and submitted in order to
conclude the transition.

https://gerrit.nordix.org/c/infra/installer/kubespray/+/5157

Change-Id: I24d7e9546034b385565708f528ed9caddf03ae26

Create engine kubernetes stack

This change creates kubernetes stack for engine in order to package,
deploy, and test stacks independently from engine core.

The main feature this enables is the ability to develop stacks
in their own repository with proper versioning and branching no
matter how the tools (provisioner and installer) are developed.
The stack simply selects versions of the tools (could be branches)
and the rest is done accordingly.

The role package which was previously located under
infra/installer/kubespray is moved into this repository in order to
handle what to package within the stack since some of the artifacts
we package do not belong to installer but to the stack itself.

Change-Id: I760d4d904544dad768525e999ebe53e156464111

Set up repository

Change-Id: Ia4bc2dd99a5ec808af1be471ce32ad8a1021b68c

Initial empty repository