Create k8-calico-spinnaker scenario
This scenario is created in traditional way and will be adapted
to refactored application installation once it is ready.
Change-Id: Iefc8a6150ee66188a011df779303a4f583b901f4
deploy-scenario:k8-calico-nofeature
diff --git a/scenarios/k8-calico-spinnaker/kubespray/overrides b/scenarios/k8-calico-spinnaker/kubespray/overrides
new file mode 100644
index 0000000..3ae1a2b
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/overrides
@@ -0,0 +1,7 @@
+export PROVISIONER_TYPE=heat
+export INSTALLER_TYPE=kubespray
+export BASE_SCENARIO=k8-calico-nofeature
+export KUBESPRAY_VERSION=86cc703c75768207e1943ddf8f6a8082d756cb83
+export KUBERNETES_VERSION=v1.15.3
+export KUBECTL_VERSION=v1.15.3
+export HELM_VERSION=v2.14.2
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/ansible.cfg b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/ansible.cfg
new file mode 100644
index 0000000..825438c
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/ansible.cfg
@@ -0,0 +1,10 @@
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+[defaults]
+host_key_checking=False
+deprecation_warnings=False
+localhost_warning=False
+display_skipped_hosts=False
+inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo, .creds
+[inventory]
+ignore_patterns = artifacts, credentials
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/heat-environment-full.yaml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/heat-environment-full.yaml
new file mode 100644
index 0000000..8aa335a
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/heat-environment-full.yaml
@@ -0,0 +1,43 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# NOTE: this heat environment file creates resources for full Spinnaker deployment
+parameters:
+ # parameters for jumphost
+ jumphost_image: 'Ubuntu 18.04 Bionic Beaver'
+ jumphost_flavor: 1C-2GB
+ jumphost_volume_size: 150
+
+ # parameters for master nodes
+ no_of_master_nodes: 1
+ master_image: 'Ubuntu 18.04 Bionic Beaver'
+ master_flavor: 2C-4GB-10GB
+ master_volume_size: 200
+
+ # parameters for worker nodes
+ no_of_worker_nodes: 1
+ worker_image: 'Ubuntu 18.04 Bionic Beaver'
+ worker_flavor: 4C-8GB
+ worker_volume_size: 250
+
+ # common parameters
+ public_network: ext-net
+ dns_nameservers: ['8.8.8.8', '8.8.4.4']
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/log-spinnaker-status.sh b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/log-spinnaker-status.sh
new file mode 100755
index 0000000..c176ac1
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/log-spinnaker-status.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+cat << EOF
+---------------------------------------------------
+Halyard Spinnaker Deployment Log
+---------------------------------------------------
+$(kubectl -n spinnaker logs $(kubectl -n spinnaker get pod --no-headers -o custom-columns=':metadata.name' | grep spinnaker-install-using))
+
+
+---------------------------------------------------
+Spinnaker pods in Create or ImagePullBackOff state
+---------------------------------------------------
+$(kubectl get pod -n spinnaker | grep -i 'creating\|ImagePullBackOff')
+
+
+---------------------------------------------------
+Spinnaker pods in Init state
+---------------------------------------------------
+$(kubectl get pod -n spinnaker | grep Init | grep -v Error)
+
+
+---------------------------------------------------
+Spinnaker pods in Error or CrashLoopBackOff state
+---------------------------------------------------
+$(kubectl get pod -n spinnaker | grep 'Crash\|Error')
+
+
+---------------------------------------------------
+Spinnaker POD Summary
+---------------------------------------------------
+Creating/ImagePullBackOff : $(kubectl get pod -n spinnaker | grep -i 'creating\|ImagePullBackOff' | wc -l) pods
+Init : $(kubectl get pod -n spinnaker | grep Init | grep -v Error | wc -l) pods
+Error/CrashLoopBackOff : $(kubectl get pod -n spinnaker | grep 'Error\|Crash' | wc -l) pods
+Terminating : $(kubectl get pod -n spinnaker | grep -i terminating | wc -l) pods
+Running/Completed : $(kubectl get pod -n spinnaker | grep -i 'running\|completed' | wc -l) pods
+Total : $(kubectl get pod -n spinnaker | grep -v RESTART | wc -l) pods
+---------------------------------------------------
+
+
+---------------------------------------------------
+Summary of Container Images pulled for Spinnaker
+---------------------------------------------------
+Number of Spinnaker containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | grep '^spin.*' | wc -l)
+Number of non-Spinnaker containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | grep -v 'spin' | wc -l)
+Total number of containers : $(kubectl get pods -n spinnaker -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq | wc -l)
+---------------------------------------------------
+EOF
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/values-nordix.yaml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/values-nordix.yaml
new file mode 100644
index 0000000..828b3fa
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/files/values-nordix.yaml
@@ -0,0 +1,308 @@
+halyard:
+ spinnakerVersion: 1.16.1
+ image:
+ repository: gcr.io/spinnaker-marketplace/halyard
+ tag: 1.23.2
+ pullSecrets: []
+ # Set to false to disable persistence data volume for halyard
+ persistence:
+ enabled: false
+ # Provide a config map with Hal commands that will be run the core config (storage)
+ # The config map should contain a script in the config.sh key
+ additionalScripts:
+ enabled: false
+ configMapName: my-halyard-config
+ configMapKey: config.sh
+ # If you'd rather do an inline script, set create to true and put the content in the data dict like you would a configmap
+ # The content will be passed through `tpl`, so value interpolation is supported.
+ create: false
+ data: {}
+ additionalSecrets:
+ create: false
+ data: {}
+ ## Uncomment if you want to use a pre-created secret rather than feeding data in via helm.
+ # name:
+ additionalConfigMaps:
+ create: false
+ data: {}
+ ## Uncomment if you want to use a pre-created ConfigMap rather than feeding data in via helm.
+ # name:
+ ## Define custom profiles for Spinnaker services. Read more for details:
+ ## https://www.spinnaker.io/reference/halyard/custom/#custom-profiles
+ ## The contents of the files will be passed through `tpl`, so value interpolation is supported.
+ additionalProfileConfigMaps:
+ data: {}
+ ## if you're running spinnaker behind a reverse proxy such as a GCE ingress
+ ## you may need the following profile settings for the gate profile.
+ ## see https://github.com/spinnaker/spinnaker/issues/1630
+ ## otherwise its harmless and will likely become default behavior in the future
+ ## According to the linked github issue.
+ # gate-local.yml:
+ # server:
+ # tomcat:
+ # protocolHeader: X-Forwarded-Proto
+ # remoteIpHeader: X-Forwarded-For
+ # internalProxies: .*
+ # httpsServerPort: X-Forwarded-Port
+
+ ## Define custom settings for Spinnaker services. Read more for details:
+ ## https://www.spinnaker.io/reference/halyard/custom/#custom-service-settings
+ ## You can use it to add annotations for pods, override the image, etc.
+ additionalServiceSettings: {}
+ # deck.yml:
+ # artifactId: gcr.io/spinnaker-marketplace/deck:2.9.0-20190412012808
+ # kubernetes:
+ # podAnnotations:
+ # iam.amazonaws.com/role: <role_arn>
+ # clouddriver.yml:
+ # kubernetes:
+ # podAnnotations:
+ # iam.amazonaws.com/role: <role_arn>
+
+ ## Populate to provide a custom local BOM for Halyard to use for deployment. Read more for details:
+ ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
+ bom: ~
+ # artifactSources:
+ # debianRepository: https://dl.bintray.com/spinnaker-releases/debians
+ # dockerRegistry: gcr.io/spinnaker-marketplace
+ # gitPrefix: https://github.com/spinnaker
+ # googleImageProject: marketplace-spinnaker-release
+ # services:
+ # clouddriver:
+ # commit: 031bcec52d6c3eb447095df4251b9d7516ed74f5
+ # version: 6.3.0-20190904130744
+ # deck:
+ # commit: b0aac478e13a7f9642d4d39479f649dd2ef52a5a
+ # version: 2.12.0-20190916141821
+ # ...
+ # timestamp: '2019-09-16 18:18:44'
+ # version: 1.16.1
+
+ ## Define local configuration for Spinnaker services.
+ ## The contents of these files would be copies of the configuration normally retrieved from
+ ## `gs://halconfig/<service-name>`, but instead need to be available locally on the halyard pod to facilitate
+ ## offline installation. This would typically be used along with a custom `bom:` with the `local:` prefix on a
+ ## service version.
+ ## Read more for details:
+ ## https://www.spinnaker.io/guides/operator/custom-boms/#boms-and-configuration-on-your-filesystem
+ ## The key for each entry must be the name of the service and a file name separated by the '_' character.
+ serviceConfigs: {}
+ # clouddriver_clouddriver-ro.yml: |-
+ # ...
+ # clouddriver_clouddriver-rw.yml: |-
+ # ...
+ # clouddriver_clouddriver.yml: |-
+ # ...
+ # deck_settings.json: |-
+ # ...
+ # echo_echo.yml: |-
+ # ...
+
+ ## Uncomment if you want to add extra commands to the init script
+ ## run by the init container before halyard is started.
+ ## The content will be passed through `tpl`, so value interpolation is supported.
+ # additionalInitScript: |-
+
+ ## Uncomment if you want to add annotations on halyard and install-using-hal pods
+ # annotations:
+ # iam.amazonaws.com/role: <role_arn>
+
+ ## Uncomment the following resources definitions to control the cpu and memory
+ # resources allocated for the halyard pod
+ resources: {}
+ # requests:
+ # memory: "1Gi"
+ # cpu: "100m"
+ # limits:
+ # memory: "2Gi"
+ # cpu: "200m"
+
+ ## Uncomment if you want to set environment variables on the Halyard pod.
+ # env:
+ # - name: JAVA_OPTS
+ # value: -Dhttp.proxyHost=proxy.example.com
+ customCerts:
+ ## Enable to override the default cacerts with your own one
+ enabled: false
+ secretName: custom-cacerts
+
+# Define which registries and repositories you want available in your
+# Spinnaker pipeline definitions
+# For more info visit:
+# https://www.spinnaker.io/setup/providers/docker-registry/
+
+# Configure your Docker registries here
+dockerRegistries:
+- name: dockerhub
+ address: index.docker.io
+ repositories:
+ - library/alpine
+ - library/ubuntu
+ - library/centos
+ - library/nginx
+# - name: gcr
+# address: https://gcr.io
+# username: _json_key
+# password: '<INSERT YOUR SERVICE ACCOUNT JSON HERE>'
+# email: 1234@5678.com
+
+# If you don't want to put your passwords into a values file
+# you can use a pre-created secret instead of putting passwords
+# (specify secret name in below `dockerRegistryAccountSecret`)
+# per account above with data in the format:
+# <name>: <password>
+
+# dockerRegistryAccountSecret: myregistry-secrets
+
+kubeConfig:
+ # Use this when you want to register arbitrary clusters with Spinnaker
+ # Upload your ~/kube/.config to a secret
+ enabled: false
+ secretName: my-kubeconfig
+ secretKey: config
+ # Use this when you want to configure halyard to reference a kubeconfig from s3
+ # This allows you to keep your kubeconfig in an encrypted s3 bucket
+ # For more info visit:
+ # https://www.spinnaker.io/reference/halyard/secrets/s3-secrets/#secrets-in-s3
+ # encryptedKubeconfig: encrypted:s3!r:us-west-2!b:mybucket!f:mykubeconfig
+ # List of contexts from the kubeconfig to make available to Spinnaker
+ contexts:
+ - default
+ deploymentContext: default
+ omittedNameSpaces:
+ - kube-system
+ - kube-public
+ onlySpinnakerManaged:
+ enabled: false
+
+ # When false, clouddriver will skip the permission checks for all kubernetes kinds at startup.
+ # This can save a great deal of time during clouddriver startup when you have many kubernetes
+ # accounts configured. This disables the log messages at startup about missing permissions.
+ checkPermissionsOnStartup: true
+
+ # A list of resource kinds this Spinnaker account can deploy to and will cache.
+ # When no kinds are configured, this defaults to ‘all kinds'.
+ # kinds:
+ # -
+
+ # A list of resource kinds this Spinnaker account cannot deploy to or cache.
+ # This can only be set when –kinds is empty or not set.
+ # omittedKinds:
+ # -
+
+# Change this if youd like to expose Spinnaker outside the cluster
+ingress:
+ enabled: false
+ # host: spinnaker.example.org
+ # annotations:
+ # ingress.kubernetes.io/ssl-redirect: 'true'
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # tls:
+ # - secretName: -tls
+ # hosts:
+ # - domain.com
+
+ingressGate:
+ enabled: false
+ # host: gate.spinnaker.example.org
+ # annotations:
+ # ingress.kubernetes.io/ssl-redirect: 'true'
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # tls:
+ # - secretName: -tls
+ # hosts:
+ # - domain.com
+
+# spinnakerFeatureFlags is a list of Spinnaker feature flags to enable
+# Ref: https://www.spinnaker.io/reference/halyard/commands/#hal-config-features-edit
+# spinnakerFeatureFlags:
+# - artifacts
+# - pipeline-templates
+spinnakerFeatureFlags:
+ - artifacts
+ - jobs
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+# nodeSelector to provide to each of the Spinnaker components
+nodeSelector: {}
+
+# Redis password to use for the in-cluster redis service
+# Enable redis to use in-cluster redis
+redis:
+ enabled: true
+ # External Redis option will be enabled if in-cluster redis is disabled
+ external:
+ host: "<EXTERNAL-REDIS-HOST-NAME>"
+ port: 6379
+ # password: ""
+ password: password
+ nodeSelector: {}
+ cluster:
+ enabled: false
+# Uncomment if you don't want to create a PVC for redis
+ master:
+ persistence:
+ enabled: false
+
+# Minio access/secret keys for the in-cluster S3 usage
+# Minio is not exposed publically
+minio:
+ enabled: true
+ imageTag: RELEASE.2019-02-13T19-48-27Z
+ serviceType: ClusterIP
+ accessKey: spinnakeradmin
+ secretKey: spinnakeradmin
+ bucket: "spinnaker"
+ nodeSelector: {}
+# Uncomment if you don't want to create a PVC for minio
+ persistence:
+ enabled: false
+
+# Google Cloud Storage
+gcs:
+ enabled: false
+ project: my-project-name
+ bucket: "<GCS-BUCKET-NAME>"
+ ## if jsonKey is set, will create a secret containing it
+ jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
+ ## override the name of the secret to use for jsonKey, if `jsonKey`
+ ## is empty, it will not create a secret assuming you are creating one
+ ## external to the chart. the key for that secret should be `key.json`.
+ secretName:
+
+# AWS Simple Storage Service
+s3:
+ enabled: false
+ bucket: "<S3-BUCKET-NAME>"
+ # rootFolder: "front50"
+ # region: "us-east-1"
+ # endpoint: ""
+ # accessKey: ""
+ # secretKey: ""
+ # assumeRole: "<role to assume>"
+
+# Azure Storage Account
+azs:
+ enabled: false
+# storageAccountName: ""
+# accessKey: ""
+# containerName: "spinnaker"
+
+rbac:
+ # Specifies whether RBAC resources should be created
+ create: true
+
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccounts to use.
+ # If left blank it is auto-generated from the fullname of the release
+ halyardName:
+ spinnakerName:
+securityContext:
+ # Specifies permissions to write for user/group
+ runAsUser: 1000
+ fsGroup: 1000
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment.yml
new file mode 100644
index 0000000..6ebd5e7
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment.yml
@@ -0,0 +1,34 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# NOTE: this playbook should only include tasks to be run after the actual deployment
+# is completed in order to install additional stuff or adjust the deployment.c
+# anything that needs to be done before the deployment then they should go
+# into ppre-deployment.yml playbook by creating it if it doesn't already exist
+# and adding the required tasks.
+
+# NOTE: once the kubernetes installation is ready and before we start installing
+# Spinnaker, there are few things that need to be done as preparation
+- include: post-deployment/prepare-spinnaker-installation.yml
+ when: "'jumphost' in group_names"
+
+- include: post-deployment/install-spinnaker.yml
+ when: "'jumphost' in group_names"
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/install-spinnaker.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/install-spinnaker.yml
new file mode 100644
index 0000000..c410e4e
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/install-spinnaker.yml
@@ -0,0 +1,122 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Setup local Helm server
+ command: >
+ start-stop-daemon --start --background --oknodo
+ --exec /usr/local/bin/helm -- serve --home {{ ansible_env.HOME }}/.helm
+ changed_when: "true"
+
+- name: Add Helm repository
+ command: helm repo add local http://127.0.0.1:8879
+
+- name: Verify Helm repository is setup
+ command: helm repo list
+ register: helm_repo_list
+
+- name: Log Helm repository list to console
+ debug:
+ msg: "{{ helm_repo_list.stdout_lines }}"
+
+- name: Verify Spinnaker Helm charts are available to be deployed
+ command: helm search spinnaker -l
+ register: helm_search
+
+- name: Log Helm chart list to console
+ debug:
+ msg: "{{ helm_search.stdout_lines }}"
+
+- name: Create spinnaker namespace
+ k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: spinnaker
+ vars:
+ ansible_python_interpreter: "{{ remote_venv }}/bin/python"
+
+- name: Inform user about Spinnaker deployment
+ debug:
+ msg: >
+ Spinnaker deployment is about to start!
+ This takes a while and nothing will be logged to console until the process is completed.
+
+- name: Launch spinnaker installation
+ command: >
+ helm install
+ --name spinnaker
+ --namespace spinnaker
+ -f {{ remote_work_dir }}/charts/stable/spinnaker/values-nordix.yaml
+ --timeout 900
+ stable/spinnaker
+ register: spinnaker_helm_log
+ changed_when: true
+
+- name: Log spinnaker output to console
+ debug:
+ msg: "{{ spinnaker_helm_log.stdout_lines }}"
+
+# wait 10 minutes for all containers to be started
+- name: Wait for all containers to be started
+ shell:
+ "kubectl get po -n spinnaker | \
+ grep ContainerCreating | wc -l"
+ register: kube
+ changed_when:
+ kube.stdout == '0'
+ until:
+ kube.stdout == '0'
+ retries: 60
+ delay: 10
+
+# wait 20 minutes for all containers to be initialized
+- block:
+ - name: Wait for all containers to be initialized
+ shell:
+ "kubectl get po -n spinnaker | \
+ grep Init | grep -v Error | wc -l"
+ register: kube
+ changed_when:
+ kube.stdout == '0'
+ until:
+ kube.stdout == '0'
+ retries: 120
+ delay: 10
+ always:
+ - name: Get POD status
+ shell:
+ "kubectl get po -n spinnaker"
+ changed_when: "false"
+ register: kube
+
+ - name: Log POD status to console
+ debug:
+ msg: "{{ kube.stdout_lines }}"
+
+ - name: Get summary of Spinnaker deployment
+ script: log-spinnaker-status.sh
+ register: spinnaker_status
+
+ - name: Log Spinnaker status to console
+ debug:
+ msg: "{{ spinnaker_status.stdout_lines }}"
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/prepare-spinnaker-installation.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/prepare-spinnaker-installation.yml
new file mode 100644
index 0000000..1f4b9ae
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/post-deployment/prepare-spinnaker-installation.yml
@@ -0,0 +1,136 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# kubernetes related stuff
+- name: Ensure /root/.kube folder exists and empty
+ file:
+ path: "/root/.kube"
+ state: "{{ item }}"
+ owner: "root"
+ mode: 0700
+ with_items:
+ - absent
+ - directory
+
+- name: Copy kubernetes admin.conf to /root/.kube
+ copy:
+ src: "{{ engine_cache }}/repos/kubespray/inventory/engine/artifacts/admin.conf"
+ dest: "/root/.kube/config"
+ owner: "root"
+ mode: 0600
+
+- name: Download kubectl and place it to /usr/local/bin
+ get_url:
+ url: "{{ kubectl_download_url }}"
+ dest: /usr/local/bin/kubectl
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Download helm client
+ unarchive:
+ src: "{{ helm_client_download_url }}"
+ remote_src: yes
+ dest: /tmp
+
+- name: Place helm and tiller binaries to /usr/local/bin
+ copy:
+ src: "/tmp/linux-amd64/{{ item }}"
+ dest: "/usr/local/bin/{{ item }}"
+ owner: root
+ group: root
+ mode: 0755
+ remote_src: yes
+ with_items:
+ - helm
+ - tiller
+
+- name: Delete temporary files and folders
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "/tmp/helm-{{ helm_version }}-linux-amd64.tar.gz"
+ - "/tmp/linux-amd64"
+
+- name: Create tiller service account
+ k8s:
+ name: tiller
+ kind: ServiceAccount
+ namespace: kube-system
+ state: present
+ vars:
+ ansible_python_interpreter: "{{ remote_venv }}/bin/python"
+
+- name: Create cluster role binding for tiller
+ k8s:
+ definition:
+ kind: ClusterRoleBinding
+ metadata:
+ name: tiller
+ role_ref:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+ subjects:
+ - kind: ServiceAccount
+ name: tiller
+ namespace: kube-system
+ state: present
+ vars:
+ ansible_python_interpreter: "{{ remote_venv }}/bin/python"
+
+- name: Initialize Helm
+ command: helm init --service-account tiller
+ register: helm_init_result
+ changed_when: "'already installed' not in helm_init_result.stdout"
+
+- name: Get tiller rollout status
+ command: kubectl -n kube-system rollout status deploy/tiller-deploy
+ register: tiller_rollout_status
+ failed_when: "'successfully rolled out' not in tiller_rollout_status.stdout"
+
+- name: Remove outdated ONAP OOM clones and Helm plugins
+ file:
+ path: '{{ item }}'
+ state: absent
+ with_items:
+ - '{{ remote_work_dir }}/charts'
+ - '{{ ansible_env.HOME }}/.helm/plugins'
+
+- name: Clone Helm Charts repository
+ git:
+ repo: '{{ item.repo }}'
+ dest: '{{ item.dest }}'
+ force: yes
+ recursive: yes
+ environment:
+ http_proxy: "{{ lookup('env','http_proxy') }}"
+ https_proxy: "{{ lookup('env','https_proxy') }}"
+ no_proxy: "{{ lookup('env','no_proxy') }}"
+ with_items:
+ - { repo: '{{ helm_charts_git_url }}', dest: '{{ remote_work_dir }}/charts' }
+
+- name: Copy Nordix Spinnaker values-nordix.yaml
+ copy:
+ src: "values-nordix.yaml"
+ dest: "{{ remote_work_dir }}/charts/stable/spinnaker/values-nordix.yaml"
+ mode: 0644
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment.yml
new file mode 100644
index 0000000..34ddb8c
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment.yml
@@ -0,0 +1,45 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# NOTE: this playbook should only include tasks to be run before the actual deployment
+# is initiated in order to configure or fine tune the final deployment.
+# anything that needs to be done after the completion of the deployment should go
+# into post-deployment.yml playbook by creating it if it doesn't already exist
+# and adding the required tasks.
+
+# NOTE: copy custom ansible.cfg to suppress logging skipped hosts to console
+- name: Copy scenario ansible.cfg to '{{ engine_path }}'
+ copy:
+ src: ansible.cfg
+ dest: '{{ engine_path }}/ansible.cfg'
+ when: "'localhost' in group_names"
+
+# NOTE: configure k8s deployment
+# this task should only be run on localhost as the kubespray repository is cloned on it
+# and the deployment is driven from it
+- include: pre-deployment/configure-k8s-deployment.yml
+ when: "'localhost' in group_names"
+
+# NOTE: configure jumphost and kubernetes nodes
+# jumphost and kubernetes nodes require updates, installation of packages and so on
+# before we start kubernetes deployment
+- include: pre-deployment/configure-nodes.yml
+ when: "'localhost' not in group_names"
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-k8s-deployment.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-k8s-deployment.yml
new file mode 100644
index 0000000..5567e89
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-k8s-deployment.yml
@@ -0,0 +1,41 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# set networking plugin to calico
+- name: Set network plugin to calico
+ lineinfile:
+ path: "{{ engine_cache }}/repos/kubespray/inventory/engine/group_vars/k8s-cluster/k8s-cluster.yml"
+ regexp: "^kube_network_plugin:.*"
+ line: "kube_network_plugin: calico"
+
+# set k8s version to install
+- name: Set k8s version to '{{ kubernetes_version }}'
+ lineinfile:
+ path: "{{ engine_cache }}/repos/kubespray/inventory/engine/group_vars/k8s-cluster/k8s-cluster.yml"
+ regexp: "^kube_version:.*"
+ line: "kube_version: {{ kubernetes_version }}"
+
+# set helm version to install
+- name: Set helm version to '{{ helm_version }}'
+ lineinfile:
+ path: "{{ engine_cache }}/repos/kubespray/roles/download/defaults/main.yml"
+ regexp: "^helm_version:.*"
+ line: "helm_version: {{ helm_version }}"
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-nodes.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-nodes.yml
new file mode 100644
index 0000000..05c8028
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/tasks/pre-deployment/configure-nodes.yml
@@ -0,0 +1,66 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- name: Install packages
+ apt:
+ name: "{{ packages }}"
+ state: present
+ update_cache: yes
+ allow_unauthenticated: yes
+ vars:
+ packages:
+ - python-virtualenv
+ - python-pip
+ - make
+ - nfs-common
+ - nfs-kernel-server
+
+- block:
+ - name: Create remote working dir '{{ remote_work_dir }}' on jumphost
+ file:
+ path: '{{ remote_work_dir }}'
+ state: '{{ item }}'
+ with_items:
+ - absent
+ - directory
+ - name: Install pip packages
+ pip:
+ name: "{{ item }}"
+ state: present
+ virtualenv: "{{ remote_venv }}"
+ with_items:
+ - paramiko
+ - openshift
+ - docker
+ when: inventory_hostname == 'jumphost'
+
+- name: Add cluster hosts to /etc/hosts on jumphost
+ lineinfile:
+ dest: /etc/hosts
+ regexp: '{{ hostvars[item].ansible_default_ipv4.address }}.*{{ item }}$'
+ line: '{{ hostvars[item].ansible_default_ipv4.address }} {{item}}'
+ state: present
+ with_items:
+ - "{{ groups['jumphost'] }}"
+ - "{{ groups['k8s-cluster'] }}"
+ when:
+ - hostvars[item]['ansible_facts']['default_ipv4'] is defined
+ - inventory_hostname == 'jumphost'
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/vars/main.yml b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/vars/main.yml
new file mode 100644
index 0000000..ae88707
--- /dev/null
+++ b/scenarios/k8-calico-spinnaker/kubespray/role/k8-calico-spinnaker/vars/main.yml
@@ -0,0 +1,27 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+remote_work_dir: "{{ ansible_env.HOME }}/engine"
+remote_venv: "{{ remote_work_dir }}/.venv"
+kubectl_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubectl_version }}/bin/linux/amd64/kubectl"
+helm_client_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"
+k8s_cluster_name: "{{ lookup('env', 'K8S_CLUSTER_NAME') | default('spinnaker', true) }}"
+helm_charts_git_url: https://github.com/helm/charts.git
+# setting this to true will increase the time it takes to finish the deployment
+promote_onap: "{{ lookup('env', 'PROMOTE_ONAP') | default('False', true) }}"
+
+# vim: set ts=2 sw=2 expandtab: