k8s: Allow Dublin cluster creation using RKE
This patch adds sample cluster.yml which is based on Dublin cluster
configuration file [1]. Main difference is in avoiding repetition by
using anchors and alias nodes.
Actual cluster creation provisioner is disabled by default because
'control' and 'worker' nodes might not be ready yet.
[1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml
Issue-ID: SECCOM-235
Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
index f0dfbb5..8870580 100644
--- a/test/security/k8s/vagrant/dublin/Vagrantfile
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -5,7 +5,9 @@
operator_key = "${HOME}/.ssh/onap-key"
vagrant_user = "vagrant"
vagrant_password = "vagrant"
-synced_folder = "/vagrant"
+synced_folder_main = "/vagrant"
+synced_folder_config = "#{synced_folder_main}/config"
+cluster_yml = "cluster.yml"
vm_memory = 2 * 1024
vm_cpus = 1
@@ -65,6 +67,17 @@
done
SCRIPT
+$link_cluster_yml = <<-SCRIPT
+ SYNC_DIR="$1"
+ CLUSTER_YML="$2"
+ src="${SYNC_DIR}/${CLUSTER_YML}"
+ dst="$HOME"
+ echo "Symlinking ${src} to ${dst}"
+ ln -sf "$src" "$dst"
+SCRIPT
+
+$rke_up = "rke up"
+
Vagrant.configure('2') do |config|
all.each do |machine|
config.vm.define machine[:name] do |config|
@@ -96,20 +109,19 @@
end
if machine[:name] == 'operator'
- config.vm.synced_folder "../../tools/config", synced_folder, type: "rsync"
+ config.vm.synced_folder ".", synced_folder_main, type: "rsync", rsync__exclude: "Vagrantfile"
+ config.vm.synced_folder "../../tools/config", synced_folder_config, type: "rsync"
config.vm.provision "link_dotfiles_root", type: :shell, run: "always" do |s|
s.inline = $link_dotfiles
- s.args = synced_folder
+ s.args = synced_folder_config
end
config.vm.provision "link_dotfiles_user", type: :shell, run: "always" do |s|
s.privileged = false
s.inline = $link_dotfiles
- s.args = synced_folder
+ s.args = synced_folder_config
end
- config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh"
-
config.vm.provision "install_sshpass", type: :shell, inline: $install_sshpass
config.vm.provision "generate_key", type: :shell, privileged: false, inline: $generate_key, args: operator_key
@@ -121,6 +133,14 @@
s.args = [operator_key, vagrant_user, ips]
s.env = {'PASSWORD': vagrant_password}
end
+
+ config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh"
+ config.vm.provision "link_cluster_yml", type: :shell, run: "always" do |s|
+ s.privileged = false
+ s.inline = $link_cluster_yml
+ s.args = [synced_folder_main, cluster_yml]
+ end
+ config.vm.provision "rke_up", type: :shell, run: "never", privileged: false, inline: $rke_up
end
end
end
diff --git a/test/security/k8s/vagrant/dublin/cluster.yml b/test/security/k8s/vagrant/dublin/cluster.yml
new file mode 100644
index 0000000..f062222
--- /dev/null
+++ b/test/security/k8s/vagrant/dublin/cluster.yml
@@ -0,0 +1,49 @@
+# An example of a Kubernetes cluster for ONAP
+ssh_key_path: &ssh_key_path "~/.ssh/onap-key"
+nodes:
+- address: 172.17.0.100
+ port: "22"
+ role:
+ - controlplane
+ - etcd
+ hostname_override: "onap-control-1"
+ user: vagrant
+ ssh_key_path: *ssh_key_path
+- address: 172.17.0.101
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-k8s-1"
+ user: vagrant
+ ssh_key_path: *ssh_key_path
+services:
+ kube-api:
+ service_cluster_ip_range: 10.43.0.0/16
+ pod_security_policy: false
+ always_pull_images: false
+ kube-controller:
+ cluster_cidr: 10.42.0.0/16
+ service_cluster_ip_range: 10.43.0.0/16
+ kubelet:
+ cluster_domain: cluster.local
+ cluster_dns_server: 10.43.0.10
+ fail_swap_on: false
+network:
+ plugin: canal
+authentication:
+ strategy: x509
+ssh_key_path: *ssh_key_path
+ssh_agent_auth: false
+authorization:
+ mode: rbac
+ignore_docker_version: false
+kubernetes_version: "v1.13.5-rancher1-2"
+private_registries:
+- url: nexus3.onap.org:10001
+ user: docker
+ password: docker
+ is_default: true
+cluster_name: "onap"
+restore:
+ restore: false
+ snapshot_name: ""