From bc521a1ec1127b1c41ee76e9301009b8ed084f69 Mon Sep 17 00:00:00 2001 From: Rafael Montero Herrera Date: Fri, 13 Aug 2021 13:31:52 +0000 Subject: [PATCH] Added support for External Network Operator (ENO) Scenario This contribution aims to provide an automated environment for the deployment of the ENO, including all the required components that ENO needs to function properly. https://github.com/Nordix/eno Signed-off-by: Rafael Montero Herrera Change-Id: I44d15bcc29ca7499f739e6eab8e53fb09365a590 --- apps/eno/kubespray/playbooks/install.yml | 27 ++++++ .../install/tasks/install-app-master.yml | 58 ++++++++++++ .../install/tasks/install-app-worker.yml | 50 +++++++++++ .../playbooks/roles/install/tasks/main.yml | 30 +++++++ .../kubespray/playbooks/install.yml | 27 ++++++ .../install/tasks/install-app-master.yml | 66 ++++++++++++++ .../install/tasks/install-app-worker.yml | 46 ++++++++++ .../playbooks/roles/install/tasks/main.yml | 30 +++++++ .../install/templates/nri_server.yaml.j2 | 90 +++++++++++++++++++ apps/ovs-cni/kubespray/playbooks/install.yml | 27 ++++++ .../roles/install/tasks/install-plugin.yml | 54 +++++++++++ .../playbooks/roles/install/tasks/main.yml | 25 ++++++ .../kubespray/playbooks/install.yml | 27 ++++++ .../roles/install/tasks/install-plugin.yml | 76 ++++++++++++++++ .../playbooks/roles/install/tasks/main.yml | 25 ++++++ .../install/templates/sriov_configMap.yaml.j2 | 39 ++++++++ .../kubespray/playbooks/install.yml | 27 ++++++ .../roles/install/tasks/install-plugin.yml | 40 +++++++++ .../playbooks/roles/install/tasks/main.yml | 25 ++++++ playbooks/postinstall-eno.yaml | 32 +++++++ .../tasks/add-required-labels.yml | 28 ++++++ ...install-additional-requirements-master.yml | 48 ++++++++++ .../roles/postinstall-eno/tasks/main.yml | 29 ++++++ scenarios/k8-eno-ovs.yaml | 90 +++++++++++++++++++ vars/kubernetes.yaml | 1 + 25 files changed, 1017 insertions(+) create mode 100644 apps/eno/kubespray/playbooks/install.yml create mode 100644 apps/eno/kubespray/playbooks/roles/install/tasks/install-app-master.yml create mode 100644 apps/eno/kubespray/playbooks/roles/install/tasks/install-app-worker.yml create mode 100644 apps/eno/kubespray/playbooks/roles/install/tasks/main.yml create mode 100644 apps/network-resources-injector/kubespray/playbooks/install.yml create mode 100644 apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-master.yml create mode 100644 apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-worker.yml create mode 100644 apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/main.yml create mode 100644 apps/network-resources-injector/kubespray/playbooks/roles/install/templates/nri_server.yaml.j2 create mode 100644 apps/ovs-cni/kubespray/playbooks/install.yml create mode 100644 apps/ovs-cni/kubespray/playbooks/roles/install/tasks/install-plugin.yml create mode 100644 apps/ovs-cni/kubespray/playbooks/roles/install/tasks/main.yml create mode 100644 apps/sriov-network-device-plugin/kubespray/playbooks/install.yml create mode 100644 apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/install-plugin.yml create mode 100644 apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/main.yml create mode 100644 apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/templates/sriov_configMap.yaml.j2 create mode 100644 apps/whereabouts/kubespray/playbooks/install.yml create mode 100644 apps/whereabouts/kubespray/playbooks/roles/install/tasks/install-plugin.yml create mode 100644 apps/whereabouts/kubespray/playbooks/roles/install/tasks/main.yml create mode 100644 playbooks/postinstall-eno.yaml create mode 100644 playbooks/roles/postinstall-eno/tasks/add-required-labels.yml create mode 100644 playbooks/roles/postinstall-eno/tasks/install-additional-requirements-master.yml create mode 100644 playbooks/roles/postinstall-eno/tasks/main.yml create mode 100644 scenarios/k8-eno-ovs.yaml diff --git a/apps/eno/kubespray/playbooks/install.yml b/apps/eno/kubespray/playbooks/install.yml new file mode 100644 index 0000000..d79a89e --- /dev/null +++ b/apps/eno/kubespray/playbooks/install.yml @@ -0,0 +1,27 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: baremetal + gather_facts: true + become: true + + roles: + - role: install + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-master.yml b/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-master.yml new file mode 100644 index 0000000..d498fae --- /dev/null +++ b/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-master.yml @@ -0,0 +1,58 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure eno directory exists + file: + path: "/root/k8s-addons/eno" + state: directory + +- name: Install build-essential package + apt: + name: build-essential + state: present + update_cache: true + +- name: Clone ENO App GIT Repository + git: + repo: https://github.com/Nordix/eno.git + dest: /root/k8s-addons/eno + version: master + +- name: Make install eno-controller Docker image + command: "make eno-docker-build -C k8s-addons/eno/" + changed_when: true + +- name: Make install ovs-fabric-plugin Docker image + command: "make ovs-plugin-docker-build -C k8s-addons/eno/" + changed_when: true + +- name: Install ENO Application - ENO Controller Manager + command: "make eno-setup -C k8s-addons/eno/" + changed_when: true + +- name: Install ENO Application - ENO OVS Fabric Plugin + command: "make ovs-plugin-setup -C k8s-addons/eno/" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-worker.yml b/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-worker.yml new file mode 100644 index 0000000..5d13581 --- /dev/null +++ b/apps/eno/kubespray/playbooks/roles/install/tasks/install-app-worker.yml @@ -0,0 +1,50 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure eno directory exists + file: + path: "/root/k8s-addons/eno" + state: directory + +- name: Install build-essential package + apt: + name: build-essential + state: present + update_cache: true + +- name: Clone ENO App GIT Repository + git: + repo: https://github.com/Nordix/eno.git + dest: /root/k8s-addons/eno + version: master + +- name: Make install eno-controller Docker image + command: "make eno-docker-build -C k8s-addons/eno/" + changed_when: true + +- name: Make install ovs-fabric-plugin Docker image + command: "make ovs-plugin-docker-build -C k8s-addons/eno/" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/eno/kubespray/playbooks/roles/install/tasks/main.yml b/apps/eno/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..3bbe6b0 --- /dev/null +++ b/apps/eno/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,30 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install ENO Application requirements on worker node + include: install-app-worker.yml + when: + - inventory_hostname == 'node0' + +- name: Install ENO Application from master node + include: install-app-master.yml + when: + - inventory_hostname == 'master0' + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/network-resources-injector/kubespray/playbooks/install.yml b/apps/network-resources-injector/kubespray/playbooks/install.yml new file mode 100644 index 0000000..d79a89e --- /dev/null +++ b/apps/network-resources-injector/kubespray/playbooks/install.yml @@ -0,0 +1,27 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: baremetal + gather_facts: true + become: true + + roles: + - role: install + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-master.yml b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-master.yml new file mode 100644 index 0000000..69176b6 --- /dev/null +++ b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-master.yml @@ -0,0 +1,66 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure network-resources-injector directory exists + file: + path: "/root/k8s-addons/network-resources-injector" + state: directory + +- name: Clone Network Resources Injector App GIT Repository + git: + repo: https://github.com/k8snetworkplumbingwg/network-resources-injector.git + dest: /root/k8s-addons/network-resources-injector + version: master + +- name: Set python3.6 as default + alternatives: + name: python + link: /usr/bin/python + path: /usr/bin/python3.6 + changed_when: true + +- name: Install upgrade pip openshift + pip: + name: openshift==0.11.0 + extra_args: -Iv --user + executable: pip3 + changed_when: true + +- name: Install Network Resources Injector Application - Auth + command: "kubectl apply -f k8s-addons/network-resources-injector/deployments/auth.yaml" + changed_when: true + +- name: Install Network Resources Injector Application - Server + k8s: + state: present + definition: "{{ lookup('template', 'nri_server.yaml.j2') }}" + +- name: Set back python2.7 as default + alternatives: + name: python + link: /usr/bin/python + path: /usr/bin/python2.7 + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-worker.yml b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-worker.yml new file mode 100644 index 0000000..f8ce922 --- /dev/null +++ b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/install-app-worker.yml @@ -0,0 +1,46 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure network-resources-injector directory exists + file: + path: "/root/k8s-addons/network-resources-injector" + state: directory + +- name: Install build-essential package + apt: + name: build-essential + state: present + update_cache: true + +- name: Clone Network Resources Injector App GIT Repository + git: + repo: https://github.com/k8snetworkplumbingwg/network-resources-injector.git + dest: /root/k8s-addons/network-resources-injector + version: master + +- name: Make install Docker image + command: "make image -C k8s-addons/network-resources-injector/" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/main.yml b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..0c7948c --- /dev/null +++ b/apps/network-resources-injector/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,30 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install Network Resources Injector Application requirements on worker node + include: install-app-worker.yml + when: + - inventory_hostname == 'node0' + +- name: Install Network Resources Injector Application from master node + include: install-app-master.yml + when: + - inventory_hostname == 'master0' + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/network-resources-injector/kubespray/playbooks/roles/install/templates/nri_server.yaml.j2 b/apps/network-resources-injector/kubespray/playbooks/roles/install/templates/nri_server.yaml.j2 new file mode 100644 index 0000000..233416d --- /dev/null +++ b/apps/network-resources-injector/kubespray/playbooks/roles/install/templates/nri_server.yaml.j2 @@ -0,0 +1,90 @@ +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# Copyright (c) 2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: network-resources-injector + name: network-resources-injector + namespace: kube-system +spec: + serviceAccount: network-resources-injector-sa + containers: + - name: webhook-server + image: network-resources-injector:latest + imagePullPolicy: IfNotPresent + command: + - webhook + args: + - -bind-address=0.0.0.0 + - -port=8443 + - -tls-private-key-file=/etc/tls/tls.key + - -tls-cert-file=/etc/tls/tls.crt + - -logtostderr + - -insecure + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + runAsUser: 10000 + runAsGroup: 10000 + capabilities: + drop: + - ALL + add: ["NET_BIND_SERVICE"] + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /etc/tls + name: tls + resources: + requests: + memory: "50Mi" + cpu: "250m" + limits: + memory: "200Mi" + cpu: "500m" + initContainers: + - name: installer + image: network-resources-injector:latest + imagePullPolicy: IfNotPresent + command: + - installer + args: + - -name=network-resources-injector + - -namespace=kube-system + - -alsologtostderr + securityContext: + runAsUser: 10000 + runAsGroup: 10000 + volumeMounts: + - name: tls + mountPath: /etc/tls + volumes: + - name: tls + emptyDir: {} + +# For third-party certificate, use secret resource +# instead of self-generated one from installer as below: +# +# 1) Remove initContainers from Pod spec. +# 2) Replace `emptyDir: {}` with below config +# +# secret: +# secretName: network-resources-injector-secret + diff --git a/apps/ovs-cni/kubespray/playbooks/install.yml b/apps/ovs-cni/kubespray/playbooks/install.yml new file mode 100644 index 0000000..d79a89e --- /dev/null +++ b/apps/ovs-cni/kubespray/playbooks/install.yml @@ -0,0 +1,27 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: baremetal + gather_facts: true + become: true + + roles: + - role: install + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/install-plugin.yml b/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/install-plugin.yml new file mode 100644 index 0000000..4456e85 --- /dev/null +++ b/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/install-plugin.yml @@ -0,0 +1,54 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure ovs-cni directory exists + file: + path: "/root/k8s-addons/ovs-cni" + state: directory + +- name: Install build-essential package + apt: + name: build-essential + state: present + update_cache: true + +- name: Clone Open vSwitch CNI Plugin GIT Repository + git: + repo: https://github.com/k8snetworkplumbingwg/ovs-cni.git + dest: /root/k8s-addons/ovs-cni + version: main + +- name: Make install + command: "make -C k8s-addons/ovs-cni/" + changed_when: true + +- name: Make install Docker + command: "make docker-build -C k8s-addons/ovs-cni/" + changed_when: true + +- name: Install OVS CNI Plugin + command: "kubectl create -f k8s-addons/ovs-cni/examples/ovs-cni.yml" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/main.yml b/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..47be4d6 --- /dev/null +++ b/apps/ovs-cni/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install Open vSwitch CNI Plugin from master node + include: install-plugin.yml + when: + - inventory_hostname == 'master0' + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/sriov-network-device-plugin/kubespray/playbooks/install.yml b/apps/sriov-network-device-plugin/kubespray/playbooks/install.yml new file mode 100644 index 0000000..d79a89e --- /dev/null +++ b/apps/sriov-network-device-plugin/kubespray/playbooks/install.yml @@ -0,0 +1,27 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: baremetal + gather_facts: true + become: true + + roles: + - role: install + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/install-plugin.yml b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/install-plugin.yml new file mode 100644 index 0000000..262d445 --- /dev/null +++ b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/install-plugin.yml @@ -0,0 +1,76 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure sriov-network-device-plugin directory exists + file: + path: "/root/k8s-addons/sriov-network-device-plugin" + state: directory + +- name: Install build-essential package + apt: + name: build-essential + state: present + update_cache: true + +- name: Clone SR-IOV Network Device Plugin GIT Repository + git: + repo: https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin.git + dest: /root/k8s-addons/sriov-network-device-plugin + version: master + +- name: Make install Docker image + command: "make image -C k8s-addons/sriov-network-device-plugin/" + changed_when: true + +- name: Set python3.6 as default + alternatives: + name: python + link: /usr/bin/python + path: /usr/bin/python3.6 + changed_when: true + +- name: Install upgrade pip openshift + pip: + name: openshift==0.11.0 + extra_args: -Iv --user + executable: pip3 + changed_when: true + +- name: Install SR-IOV ConfigMap + k8s: + state: present + definition: "{{ lookup('template', 'sriov_configMap.yaml.j2') }}" + +- name: Install SR-IOV Network Device Plugin + command: "kubectl create -f k8s-addons/sriov-network-device-plugin/deployments/k8s-v1.16/sriovdp-daemonset.yaml" + changed_when: true + +- name: Set back python2.7 as default + alternatives: + name: python + link: /usr/bin/python + path: /usr/bin/python2.7 + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/main.yml b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..a6c595f --- /dev/null +++ b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install SR-IOV Network Device Plugin from master node + include: install-plugin.yml + when: + - inventory_hostname == 'master0' + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/templates/sriov_configMap.yaml.j2 b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/templates/sriov_configMap.yaml.j2 new file mode 100644 index 0000000..2d9df5f --- /dev/null +++ b/apps/sriov-network-device-plugin/kubespray/playbooks/roles/install/templates/sriov_configMap.yaml.j2 @@ -0,0 +1,39 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sriovdp-config + namespace: kube-system +data: + config.json: | + { + "resourceList": [{ + "resourceName": "virtio_net_device", + "selectors":{ + "vendors": ["1af4"], + "devices": ["1000"], + "drivers": ["virtio-pci"], + "pciAddresses": ["0000:00:0a.0", "0000:00:0b.0","0000:00:0c.0","0000:00:0d.0"] + } + } + ] + } + diff --git a/apps/whereabouts/kubespray/playbooks/install.yml b/apps/whereabouts/kubespray/playbooks/install.yml new file mode 100644 index 0000000..d79a89e --- /dev/null +++ b/apps/whereabouts/kubespray/playbooks/install.yml @@ -0,0 +1,27 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: baremetal + gather_facts: true + become: true + + roles: + - role: install + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/whereabouts/kubespray/playbooks/roles/install/tasks/install-plugin.yml b/apps/whereabouts/kubespray/playbooks/roles/install/tasks/install-plugin.yml new file mode 100644 index 0000000..12567ae --- /dev/null +++ b/apps/whereabouts/kubespray/playbooks/roles/install/tasks/install-plugin.yml @@ -0,0 +1,40 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Make sure k8s-addons directory exists + file: + path: "/root/k8s-addons" + state: directory + +- name: Make sure whereabouts directory exists + file: + path: "/root/k8s-addons/whereabouts" + state: directory + +- name: Clone Whereabouts Plugin GIT Repository + git: + repo: https://github.com/k8snetworkplumbingwg/whereabouts.git + dest: /root/k8s-addons/whereabouts + version: master + +- name: Install Whereabouts IPAM Plugin + command: "kubectl apply -f k8s-addons/whereabouts/doc/daemonset-install.yaml -f k8s-addons/whereabouts/doc/whereabouts.cni.cncf.io_ippools.yaml" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/apps/whereabouts/kubespray/playbooks/roles/install/tasks/main.yml b/apps/whereabouts/kubespray/playbooks/roles/install/tasks/main.yml new file mode 100644 index 0000000..6104195 --- /dev/null +++ b/apps/whereabouts/kubespray/playbooks/roles/install/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install Whereabouts IPAM Plugin from master node + include: install-plugin.yml + when: + - inventory_hostname == 'master0' + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/postinstall-eno.yaml b/playbooks/postinstall-eno.yaml new file mode 100644 index 0000000..01bb40c --- /dev/null +++ b/playbooks/postinstall-eno.yaml @@ -0,0 +1,32 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# run common postinstall tasks +# NOTE: The common post-deployment tasks is currently applicable only to +# simple k8s and openstack scenarios. +# in future, when statement could be moved to tasks in role if the current +# tasks become relevant or new tasks are added. +- hosts: kube-master + gather_facts: true + become: true + + roles: + - role: postinstall-eno + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/postinstall-eno/tasks/add-required-labels.yml b/playbooks/roles/postinstall-eno/tasks/add-required-labels.yml new file mode 100644 index 0000000..80dc23c --- /dev/null +++ b/playbooks/roles/postinstall-eno/tasks/add-required-labels.yml @@ -0,0 +1,28 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Label master node + command: "kubectl label nodes master0 node-pool=ovs-pool" + changed_when: true + +- name: Label worker node + command: "kubectl label nodes node0 node-pool=virtio-pool" + changed_when: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/postinstall-eno/tasks/install-additional-requirements-master.yml b/playbooks/roles/postinstall-eno/tasks/install-additional-requirements-master.yml new file mode 100644 index 0000000..ff01b1a --- /dev/null +++ b/playbooks/roles/postinstall-eno/tasks/install-additional-requirements-master.yml @@ -0,0 +1,48 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Install openvswitch package + apt: + name: openvswitch-switch + state: present + update_cache: true + +- name: Create br-trunk OVS Bridge + openvswitch_bridge: + bridge: br-trunk + state: present + +- name: Create br-data OVS Bridge + openvswitch_bridge: + bridge: br-data + state: present + +- name: Add port to br-trunk OVS Bridge + openvswitch_port: + bridge: br-trunk + port: ens26 + state: present + +- name: Add port to br-data OVS Bridge + openvswitch_port: + bridge: br-data + port: ens27 + state: present + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/postinstall-eno/tasks/main.yml b/playbooks/roles/postinstall-eno/tasks/main.yml new file mode 100644 index 0000000..74987ad --- /dev/null +++ b/playbooks/roles/postinstall-eno/tasks/main.yml @@ -0,0 +1,29 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# NOTE: Install OpenShift and configure kubectl & helm on localhost +# we operate against Kubernetes cluster from localhost + +- name: Install additional requirements only on master node + include_tasks: install-additional-requirements-master.yml + +- name: Add required labels to master and worker nodes + include_tasks: add-required-labels.yml + +# vim: set ts=2 sw=2 expandtab: diff --git a/scenarios/k8-eno-ovs.yaml b/scenarios/k8-eno-ovs.yaml new file mode 100644 index 0000000..ea53be5 --- /dev/null +++ b/scenarios/k8-eno-ovs.yaml @@ -0,0 +1,90 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# NOTE (fdegir): scenario specific preinstall tasks +- hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - preinstall + + tasks: + # set master plugin to calico for multus to use as the primary network plugin + - name: Configure Multus to use Calico as the primary network plugin + lineinfile: + path: "{{ engine_cache }}/repos/kubespray/inventory/engine/group_vars/k8s-cluster/k8s-cluster.yml" + regexp: "^kube_network_plugin:.*" + line: "kube_network_plugin: calico" + + # configure multus to use ca + - name: Enable Multus network plugin + lineinfile: + path: "{{ engine_cache }}/repos/kubespray/inventory/engine/group_vars/k8s-cluster/k8s-cluster.yml" + regexp: "^kube_network_plugin_multus:.*" + line: "kube_network_plugin_multus: true" + +# NOTE (fdegir): common postinstall tasks +- name: Execute common postinstall tasks + import_playbook: "../playbooks/postinstall.yaml" + tags: postinstall + +# NOTE (fdegir): scenario specific postinstall tasks + +- name: Execute ENO postinstall tasks + import_playbook: "../playbooks/postinstall-eno.yaml" + tags: postinstall + +- name: Install SR-IOV Network Device Plugin + import_playbook: "../apps/sriov-network-device-plugin/kubespray/playbooks/install.yml" + tags: postinstall + +- name: Install Open vSwitch CNI Plugin + import_playbook: "../apps/ovs-cni/kubespray/playbooks/install.yml" + tags: postinstall + +- name: Install Whereabouts IPAM Plugin + import_playbook: "../apps/whereabouts/kubespray/playbooks/install.yml" + tags: postinstall + +- name: Install Network Resources Injector Application + import_playbook: "../apps/network-resources-injector/kubespray/playbooks/install.yml" + tags: postinstall + +- name: Install ENO Application + import_playbook: "../apps/eno/kubespray/playbooks/install.yml" + tags: postinstall + + +- hosts: k8s-cluster + gather_facts: false + become: false + tags: + - postinstall + + tasks: + - name: Include Kubespray vars + include_vars: "{{ item }}" + with_items: + - "{{ engine_cache }}/repos/kubespray/roles/kubespray-defaults/defaults/main.yaml" + - "{{ engine_cache }}/repos/kubespray/roles/download/defaults/main.yml" + + - include_tasks: "{{ engine_cache }}/repos/kubespray/roles/network_plugin/cni/tasks/main.yml" + +# vim: set ts=2 sw=2 expandtab: diff --git a/vars/kubernetes.yaml b/vars/kubernetes.yaml index 8cd8a2d..462a7c7 100644 --- a/vars/kubernetes.yaml +++ b/vars/kubernetes.yaml @@ -55,6 +55,7 @@ scenarios: - k8-multus-dualstack - k8-multus-nofeature - k8-multus-plugins + - k8-eno-ovs - k8-weave-nofeature # NOTE (fdegir): set default deploy scenario for the stack -- 2.25.1