Introduce istio installation
App installation has been moved to swconfig repo to decouple it from
the regular engine. It can be installed from the scenario as an
extra deployment feature. Istio has been added as a first example.
deploy-scenario: k8-calico-nofeature
installer-type: kubespray
Change-Id: I2cc4bf9121b1d3800645b10db23532a5dd1a04b0
diff --git a/apps/istio/kubespray/playbooks/install.yml b/apps/istio/kubespray/playbooks/install.yml
new file mode 100644
index 0000000..640dedf
--- /dev/null
+++ b/apps/istio/kubespray/playbooks/install.yml
@@ -0,0 +1,30 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+- hosts: localhost
+ gather_facts: true
+ become: no
+ vars_files:
+ - "{{ engine_path }}/engine/var/versions.yml"
+ - "{{ engine_path }}/engine/var/global.yml"
+
+ roles:
+ - role: install
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml b/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml
new file mode 100644
index 0000000..b894331
--- /dev/null
+++ b/apps/istio/kubespray/playbooks/roles/install/tasks/main.yml
@@ -0,0 +1,166 @@
+---
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# TODO: validate download checksum
+- name: Download the installation files
+ unarchive:
+ src: "{{ istio_download_url }}"
+ dest: "{{ engine_cache }}/repos/"
+ remote_src: yes
+ environment:
+ http_proxy: "{{ lookup('env','http_proxy') }}"
+ https_proxy: "{{ lookup('env','https_proxy') }}"
+ no_proxy: "{{ lookup('env','no_proxy') }}"
+
+- name: List existing installation of Istio
+ shell: helm list | awk '{print $1}' | grep istio
+ register: installed_istio_charts
+ ignore_errors: yes
+ tags: reset
+
+- name: Delete existing installation of Istio
+ shell: helm delete --purge "{{ item }}"
+ loop: "{{ installed_istio_charts.stdout_lines }}"
+ ignore_errors: yes
+ tags: reset
+
+# This solves this bug: https://github.com/ansible/ansible/issues/47081 with the k8s module which is caused
+# due to the presence of --- at the end of the yaml file.
+- name: Fix upstream Istio CRDs
+ lineinfile:
+ path: "{{ item }}"
+ regex: '^-{3}\n+$'
+ line: ""
+ state: present
+ firstmatch: yes
+ with_fileglob:
+ - "{{ engine_cache }}/repos/istio-{{ istio_version }}/install/kubernetes/helm/istio-init/files/*"
+ ignore_errors: yes
+ tags: reset
+
+- name: Delete existing Istio CRDs
+ k8s:
+ api_version: apiextensions.k8s.io/v1beta1
+ kind: CustomResourceDefinition
+ state: absent
+ src: "{{ item }}"
+ with_fileglob:
+ - "{{ engine_cache }}/repos/istio-{{ istio_version }}/install/kubernetes/helm/istio-init/files/*"
+ ignore_errors: yes
+ tags: reset
+
+- name: Delete Istio init namespace
+ k8s:
+ name: "{{ istio_init_namespace }}"
+ api_version: v1
+ kind: Namespace
+ state: absent
+ ignore_errors: yes
+ tags: reset
+
+# This can be avoided when we update Ansible to 2.8 version as is included in k8s module
+- name: Verify Istio init namespace deletion
+ k8s_facts:
+ kind: Namespace
+ name: "{{ istio_init_namespace }}"
+ register: namespace_status
+ until: not namespace_status.resources
+ retries: 5
+ delay: 10
+ ignore_errors: yes
+ tags: reset
+
+- name: Delete Istio namespace
+ k8s:
+ name: "{{ istio_namespace }}"
+ api_version: v1
+ kind: Namespace
+ state: absent
+ ignore_errors: yes
+ tags: reset
+
+# This can be avoided when we update Ansible to 2.8 version as is included in k8s module
+- name: Verify Istio init namespace deletion
+ k8s_facts:
+ kind: Namespace
+ name: "{{ istio_namespace }}"
+ register: namespace_status
+ until: not namespace_status.resources
+ retries: 5
+ delay: 10
+ ignore_errors: yes
+ tags: reset
+
+- name: Install and bootstrap Istio CRDs
+ command: >
+ helm install "{{ engine_cache }}"/repos/istio-"{{ istio_version }}"/install/kubernetes/helm/istio-init
+ --name "{{ istio_init_release_name }}"
+ --namespace "{{ istio_init_namespace }}"
+
+- name: Verify the commitment of all Istio CRDs
+ k8s_facts:
+ kind: CustomResourceDefinition
+ api: apiextensions.k8s.io/v1beta1
+ label_selectors:
+ - release=istio
+ register: crd_status
+ until: crd_status.resources|length >= 23
+ retries: 5
+ delay: 10
+
+- name: Install Istio configuration profile
+ command: >
+ helm install "{{ engine_cache }}"/repos/istio-"{{ istio_version }}"/install/kubernetes/helm/istio
+ --name "{{ istio_release_name }}"
+ --namespace "{{ istio_namespace }}"
+
+- name: Verify Istio service existence
+ k8s_facts:
+ kind: Service
+ namespace: "{{ istio_namespace }}"
+ label_selectors:
+ - release=istio
+ register: istio_service_status
+ until: istio_service_status.resources is defined
+ retries: 5
+ delay: 10
+
+- name: Wait until Istio pods are ready
+ k8s_facts:
+ kind: Pod
+ namespace: "{{ istio_namespace }}"
+ label_selectors:
+ - release=istio
+ field_selectors:
+ - status.phase=Running
+ register: istio_pod_status
+ until:
+ - istio_pod_status.resources is defined
+ - istio_pod_status.resources
+ retries: 5
+ delay: 10
+
+- name: Add istioctl CLI bin to path
+ become: yes
+ copy:
+ src: '{{ engine_cache }}/repos/istio-{{ istio_version }}/bin/istioctl'
+ dest: '/usr/local/bin/istioctl'
+ mode: '0755'
+
+# vim: set ts=2 sw=2 expandtab:
diff --git a/apps/istio/kubespray/playbooks/roles/install/vars/main.yml b/apps/istio/kubespray/playbooks/roles/install/vars/main.yml
new file mode 100644
index 0000000..7fccd01
--- /dev/null
+++ b/apps/istio/kubespray/playbooks/roles/install/vars/main.yml
@@ -0,0 +1,24 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+istio_download_url: "https://github.com/istio/istio/releases/download/{{ istio_version }}/istio-{{ istio_version }}-linux.tar.gz"
+
+istio_namespace: istio-system
+istio_release_name: istio
+istio_init_namespace: istio-init
+istio_init_release_name: istio-init