diff --git a/playbooks/kubevirt.yml b/playbooks/kubevirt.yml index 42b14921e..64734d15c 100644 --- a/playbooks/kubevirt.yml +++ b/playbooks/kubevirt.yml @@ -1,250 +1,105 @@ --- - hosts: all - become: true vars: - selinux_state: permissive - kubernetes_version: 1.13.5 - pod_network: 10.244.0.0/16 - flannel_version: a70459be0084506e4ec919aa1c114638878db11b - network_operator: 0.7.0 - kubevirt_version: v0.16.3 - ovs_cni_version: master + minikube_version: v1.38.0 # or latest + multus_version: v4.2.3 # or master roles: - - selinux - epel_repositories tasks: - - name: disable swap - command: swapoff -a + - name: install podman + ansible.builtin.package: + name: podman + become: true + + - name: install minikube + ansible.builtin.package: + name: https://storage.googleapis.com/minikube/releases/{{ minikube_version }}/minikube-latest.x86_64.rpm + disable_gpg_check: true + become: true + + - name: install python-kubernetes + ansible.builtin.package: + name: python3-kubernetes + become: true + + - name: use minikube for kubectl + ansible.builtin.file: + src: /usr/bin/minikube + dest: /usr/local/bin/kubectl + state: link + become: true + + - name: check minikube status + ansible.builtin.command: minikube status --output=json + ignore_errors: true + changed_when: false + register: _minikube_status - - name: deconfigure swap - mount: - src: /swapfile - fstype: swap - path: none - state: absent + # {"Name":"minikube","Host":"Running","Kubelet":"Running","APIServer":"Running","Kubeconfig":"Configured","Worker":false} + # will error with non-zero if no cluster defined + - name: deploy basic minikube cluster + ansible.builtin.command: minikube start --cni=flannel + when: _minikube_status is failed or 'Running' not in _minikube_status.stdout - - name: modprobe br_netfilter - modprobe: - name: br_netfilter - - name: configure bridge iptables - sysctl: - name: "{{ item }}" - value: 1 - sysctl_file: /etc/sysctl.d/k8s.conf - with_items: - - net.bridge.bridge-nf-call-ip6tables - - net.bridge.bridge-nf-call-iptables + - name: Get Cluster information + kubernetes.core.k8s_cluster_info: + register: _api_status - - name: install needed network manager libs - yum: - name: - - NetworkManager-glib - - NetworkManager + - name: Download multus-daemonset manifest to the cluster + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/{{ multus_version }}/deployments/multus-daemonset.yml + dest: ~/multus-daemonset.yml + mode: '0664' - - name: Configure bridge - nmcli: + - name: Deploy multus + kubernetes.core.k8s: state: present - type: bridge - conn_name: foreman - - - name: install docker - yum: - name: docker - - - name: enable docker - service: - name: docker - enabled: true - state: started - - - name: k8s repo - yum_repository: - name: kubernetes - description: Kubernetes - baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 - enabled: yes - gpgcheck: yes - repo_gpgcheck: yes - gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg - exclude: kube* - - - name: install kubelet kubeadm kubectl - yum: - name: - - kubelet-{{ kubernetes_version }} - - kubeadm-{{ kubernetes_version }} - - kubectl-{{ kubernetes_version }} - disable_excludes: kubernetes - - - name: create /etc/systemd/system/kubelet.service.d/ - file: - path: /etc/systemd/system/kubelet.service.d/ - state: directory - - - name: enable kubelet accounting - copy: - dest: /etc/systemd/system/kubelet.service.d/11-cgroups.conf - content: | - [Service] - CPUAccounting=true - MemoryAccounting=true - - - name: reload systemd - systemd: - daemon_reload: yes - - - name: enable kubelet - service: - name: kubelet - enabled: true - state: started - - - name: init cluster - command: kubeadm init --pod-network-cidr={{ pod_network }} --apiserver-advertise-address={{ ansible_eth0['ipv4']['address'] }} - args: - creates: /etc/kubernetes/admin.conf - - - name: untaint master - command: kubectl taint nodes --all node-role.kubernetes.io/master- - register: untaint_master - failed_when: false - changed_when: untaint_master.rc == 0 - environment: - KUBECONFIG: /etc/kubernetes/admin.conf + src: ~/multus-daemonset.yml - - name: deploy flannel - command: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/{{ flannel_version }}/Documentation/kube-flannel.yml - args: - creates: /etc/cni/net.d/10-flannel.conflist - environment: - KUBECONFIG: /etc/kubernetes/admin.conf + - name: deploy kubevirt + ansible.builtin.command: minikube addons enable kubevirt + when: + - "'kubevirt.io/v1' not in _api_status.apis.keys()" - - name: deploy network namespace - command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/namespace.yaml - args: - creates: /etc/cni/net.d/multus.d/multus.kubeconfig - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - - - name: deploy network crd - command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/network-addons-config.crd.yaml - args: - creates: /etc/cni/net.d/multus.d/multus.kubeconfig - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - - - name: deploy network operator - command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/operator.yaml - args: - creates: /etc/cni/net.d/multus.d/multus.kubeconfig - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - - - name: deploy kubevirt operator - command: kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/kubevirt-operator.yaml - args: - creates: /var/lib/kubelet/device-plugins/kubevirt-tun.sock - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - - - name: deploy kubevirt cr - command: kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/kubevirt-cr.yaml - args: - creates: /var/lib/kubelet/device-plugins/kubevirt-tun.sock - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - - - name: check for NetworkAddonsConfig - command: kubectl get networkaddonsconfigs cluster - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - failed_when: false + - name: wait for deployment to finish + ansible.builtin.command: !unsafe kubectl get kubevirt.kubevirt.io/kubevirt -n kubevirt --template="{{.status.phase}}" changed_when: false - register: netaddonsconfig - - - name: prepare NetworkAddonsConfig file - copy: - dest: /tmp/netaddonsconfig - content: | - apiVersion: networkaddonsoperator.network.kubevirt.io/v1alpha1 - kind: NetworkAddonsConfig - metadata: - name: cluster - spec: - imagePullPolicy: Always - kubeMacPool: {} - multus: {} - linuxBridge: {} - when: netaddonsconfig.rc != 0 - - - name: create NetworkAddonsConfig - command: kubectl create -f /tmp/netaddonsconfig - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - when: netaddonsconfig.rc != 0 - - - name: install virtctl - get_url: - url: https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/virtctl-{{ kubevirt_version }}-linux-amd64 - dest: /usr/bin/virtctl - mode: u=rwx,g=rx,o=rx - - - name: wait for the network to be ready - command: kubectl wait networkaddonsconfig cluster --for condition=Ready --timeout=300s - environment: - KUBECONFIG: /etc/kubernetes/admin.conf + register: _kubevirt_status + until: _kubevirt_status.stdout == 'Deployed' + retries: 100 - - name: check for bridge-foreman NetworkAttachmentDefinition - command: kubectl get net-attach-def bridge-foreman - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - failed_when: false - changed_when: false - register: bridge_foreman_net_attach - - - name: prepare bridge-foreman NetworkAttachmentDefinition file - copy: - dest: /tmp/bridge-foreman-net-attach-def - content: | - apiVersion: "k8s.cni.cncf.io/v1" - kind: NetworkAttachmentDefinition + - name: Enable HostDisk feature gate + # https://kubevirt.io/user-guide/cluster_admin/activating_feature_gates/ + kubernetes.core.k8s: + state: present + definition: + apiVersion: kubevirt.io/v1 + kind: KubeVirt metadata: - name: bridge-foreman + name: kubevirt + namespace: kubevirt spec: - config: '{ - "cniVersion": "0.3.1", - "type": "bridge", - "bridge": "foreman", - "ipam": {} - }' - when: bridge_foreman_net_attach.rc != 0 - - - name: create bridge-foreman NetworkAttachmentDefinition - command: kubectl create -f /tmp/bridge-foreman-net-attach-def - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - when: bridge_foreman_net_attach.rc != 0 - - - name: check for foreman-account ServiceAccount - command: kubectl get sa foreman-account - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - failed_when: false - changed_when: false - register: foreman_service_sa + configuration: + developerConfiguration: + featureGates: + - HostDisk - - name: prepare foreman-account ServiceAccount file - copy: - dest: /tmp/foreman-account-sa - content: | + - name: Create ServiceAccount foreman-account + kubernetes.core.k8s: + state: present + definition: apiVersion: v1 kind: ServiceAccount metadata: name: foreman-account namespace: default - --- - apiVersion: rbac.authorization.k8s.io/v1 + + - name: Create ClusterRoleBinding for foreman-account to get cluster-admin + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 kind: ClusterRoleBinding metadata: name: foreman-cluster-admin @@ -253,39 +108,31 @@ kind: ClusterRole name: cluster-admin subjects: - - kind: ServiceAccount - name: foreman-account - namespace: default - when: foreman_service_sa.rc != 0 - - - name: create foreman-account ServiceAccount - command: kubectl create -f /tmp/foreman-account-sa - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - when: foreman_service_sa.rc != 0 - - - name: create /home/vagrant/.kube - file: - path: /home/vagrant/.kube - state: directory - owner: vagrant - group: vagrant - - - name: deploy kube config - copy: - src: /etc/kubernetes/admin.conf - dest: /home/vagrant/.kube/config - remote_src: yes - owner: vagrant - group: vagrant - - - name: get foreman-account secret - shell: "set -o pipefail && kubectl get secrets $(kubectl get sa foreman-account -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d | xargs" - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - changed_when: false - register: foreman_account_secret + - kind: ServiceAccount + name: foreman-account + namespace: default - - name: show foreman-account secret - debug: - msg: "{{ foreman_account_secret.stdout }}" + - name: token + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: my-sa-token + namespace: default + annotations: + kubernetes.io/service-account.name: foreman-account + type: kubernetes.io/service-account-token + + - name: Get foreman-account secret + kubernetes.core.k8s_info: + api_version: v1 + kind: Secret + name: my-sa-token + namespace: default + register: _sa_token + + - name: Show foreman-account secret + ansible.builtin.debug: + msg: "{{ _sa_token.resources[0].data.token | b64decode }}" diff --git a/requirements.yml b/requirements.yml index d9acb0b61..f35a70cc8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,3 +7,4 @@ collections: - community.general - ansible.posix + - kubernetes.core diff --git a/vagrant/boxes.d/02-kubevirt.yaml b/vagrant/boxes.d/02-kubevirt.yaml index f4f224431..da48bbe44 100644 --- a/vagrant/boxes.d/02-kubevirt.yaml +++ b/vagrant/boxes.d/02-kubevirt.yaml @@ -4,8 +4,3 @@ centos9-infra-kubevirt: ansible: playbook: 'playbooks/kubevirt.yml' group: 'devel' - networks: - - type: 'private_network' - options: - ip: 192.168.150.3 - libvirt__network_name: foremankubevirt