Skip to content

update kubevirt playbook to work on el9 #1933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
evgeni wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

update kubevirt playbook to work on el9 #1933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
363 changes: 105 additions & 258 deletions playbooks/kubevirt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,250 +1,105 @@
---
- hosts: all
become: true
vars:
selinux_state: permissive
kubernetes_version: 1.13.5
pod_network: 10.244.0.0/16
flannel_version: a70459be0084506e4ec919aa1c114638878db11b
network_operator: 0.7.0
kubevirt_version: v0.16.3
ovs_cni_version: master
minikube_version: v1.38.0 # or latest
multus_version: v4.2.3 # or master
roles:
- selinux
- epel_repositories
tasks:
- name: disable swap
command: swapoff -a
- name: install podman
ansible.builtin.package:
name: podman
become: true

- name: install minikube
ansible.builtin.package:
name: https://storage.googleapis.com/minikube/releases/{{ minikube_version }}/minikube-latest.x86_64.rpm
disable_gpg_check: true
become: true

- name: install python-kubernetes
ansible.builtin.package:
name: python3-kubernetes
become: true

- name: use minikube for kubectl
ansible.builtin.file:
src: /usr/bin/minikube
dest: /usr/local/bin/kubectl
state: link
become: true

- name: check minikube status
ansible.builtin.command: minikube status --output=json
ignore_errors: true
changed_when: false
register: _minikube_status

- name: deconfigure swap
mount:
src: /swapfile
fstype: swap
path: none
state: absent
# {"Name":"minikube","Host":"Running","Kubelet":"Running","APIServer":"Running","Kubeconfig":"Configured","Worker":false}
# will error with non-zero if no cluster defined
- name: deploy basic minikube cluster
ansible.builtin.command: minikube start --cni=flannel
when: _minikube_status is failed or 'Running' not in _minikube_status.stdout

- name: modprobe br_netfilter
modprobe:
name: br_netfilter

- name: configure bridge iptables
sysctl:
name: "{{ item }}"
value: 1
sysctl_file: /etc/sysctl.d/k8s.conf
with_items:
- net.bridge.bridge-nf-call-ip6tables
- net.bridge.bridge-nf-call-iptables
- name: Get Cluster information
kubernetes.core.k8s_cluster_info:
register: _api_status

- name: install needed network manager libs
yum:
name:
- NetworkManager-glib
- NetworkManager
- name: Download multus-daemonset manifest to the cluster
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/{{ multus_version }}/deployments/multus-daemonset.yml
dest: ~/multus-daemonset.yml
mode: '0664'

- name: Configure bridge
nmcli:
- name: Deploy multus
kubernetes.core.k8s:
state: present
type: bridge
conn_name: foreman

- name: install docker
yum:
name: docker

- name: enable docker
service:
name: docker
enabled: true
state: started

- name: k8s repo
yum_repository:
name: kubernetes
description: Kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: yes
gpgcheck: yes
repo_gpgcheck: yes
gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude: kube*

- name: install kubelet kubeadm kubectl
yum:
name:
- kubelet-{{ kubernetes_version }}
- kubeadm-{{ kubernetes_version }}
- kubectl-{{ kubernetes_version }}
disable_excludes: kubernetes

- name: create /etc/systemd/system/kubelet.service.d/
file:
path: /etc/systemd/system/kubelet.service.d/
state: directory

- name: enable kubelet accounting
copy:
dest: /etc/systemd/system/kubelet.service.d/11-cgroups.conf
content: |
[Service]
CPUAccounting=true
MemoryAccounting=true

- name: reload systemd
systemd:
daemon_reload: yes

- name: enable kubelet
service:
name: kubelet
enabled: true
state: started

- name: init cluster
command: kubeadm init --pod-network-cidr={{ pod_network }} --apiserver-advertise-address={{ ansible_eth0['ipv4']['address'] }}
args:
creates: /etc/kubernetes/admin.conf

- name: untaint master
command: kubectl taint nodes --all node-role.kubernetes.io/master-
register: untaint_master
failed_when: false
changed_when: untaint_master.rc == 0
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
src: ~/multus-daemonset.yml

- name: deploy flannel
command: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/{{ flannel_version }}/Documentation/kube-flannel.yml
args:
creates: /etc/cni/net.d/10-flannel.conflist
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
- name: deploy kubevirt
ansible.builtin.command: minikube addons enable kubevirt
when:
- "'kubevirt.io/v1' not in _api_status.apis.keys()"

- name: deploy network namespace
command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/namespace.yaml
args:
creates: /etc/cni/net.d/multus.d/multus.kubeconfig
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

- name: deploy network crd
command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/network-addons-config.crd.yaml
args:
creates: /etc/cni/net.d/multus.d/multus.kubeconfig
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

- name: deploy network operator
command: kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/{{ network_operator }}/operator.yaml
args:
creates: /etc/cni/net.d/multus.d/multus.kubeconfig
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

- name: deploy kubevirt operator
command: kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/kubevirt-operator.yaml
args:
creates: /var/lib/kubelet/device-plugins/kubevirt-tun.sock
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

- name: deploy kubevirt cr
command: kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/kubevirt-cr.yaml
args:
creates: /var/lib/kubelet/device-plugins/kubevirt-tun.sock
environment:
KUBECONFIG: /etc/kubernetes/admin.conf

- name: check for NetworkAddonsConfig
command: kubectl get networkaddonsconfigs cluster
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
failed_when: false
- name: wait for deployment to finish
ansible.builtin.command: !unsafe kubectl get kubevirt.kubevirt.io/kubevirt -n kubevirt --template="{{.status.phase}}"
changed_when: false
register: netaddonsconfig

- name: prepare NetworkAddonsConfig file
copy:
dest: /tmp/netaddonsconfig
content: |
apiVersion: networkaddonsoperator.network.kubevirt.io/v1alpha1
kind: NetworkAddonsConfig
metadata:
name: cluster
spec:
imagePullPolicy: Always
kubeMacPool: {}
multus: {}
linuxBridge: {}
when: netaddonsconfig.rc != 0

- name: create NetworkAddonsConfig
command: kubectl create -f /tmp/netaddonsconfig
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
when: netaddonsconfig.rc != 0

- name: install virtctl
get_url:
url: https://github.com/kubevirt/kubevirt/releases/download/{{ kubevirt_version }}/virtctl-{{ kubevirt_version }}-linux-amd64
dest: /usr/bin/virtctl
mode: u=rwx,g=rx,o=rx

- name: wait for the network to be ready
command: kubectl wait networkaddonsconfig cluster --for condition=Ready --timeout=300s
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
register: _kubevirt_status
until: _kubevirt_status.stdout == 'Deployed'
retries: 100

- name: check for bridge-foreman NetworkAttachmentDefinition
command: kubectl get net-attach-def bridge-foreman
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
failed_when: false
changed_when: false
register: bridge_foreman_net_attach

- name: prepare bridge-foreman NetworkAttachmentDefinition file
copy:
dest: /tmp/bridge-foreman-net-attach-def
content: |
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
- name: Enable HostDisk feature gate
# https://kubevirt.io/user-guide/cluster_admin/activating_feature_gates/
kubernetes.core.k8s:
state: present
definition:
apiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
name: bridge-foreman
name: kubevirt
namespace: kubevirt
spec:
config: '{
"cniVersion": "0.3.1",
"type": "bridge",
"bridge": "foreman",
"ipam": {}
}'
when: bridge_foreman_net_attach.rc != 0

- name: create bridge-foreman NetworkAttachmentDefinition
command: kubectl create -f /tmp/bridge-foreman-net-attach-def
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
when: bridge_foreman_net_attach.rc != 0

- name: check for foreman-account ServiceAccount
command: kubectl get sa foreman-account
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
failed_when: false
changed_when: false
register: foreman_service_sa
configuration:
developerConfiguration:
featureGates:
- HostDisk

- name: prepare foreman-account ServiceAccount file
copy:
dest: /tmp/foreman-account-sa
content: |
- name: Create ServiceAccount foreman-account
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: ServiceAccount
metadata:
name: foreman-account
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1

- name: Create ClusterRoleBinding for foreman-account to get cluster-admin
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: ClusterRoleBinding
metadata:
name: foreman-cluster-admin
Expand All @@ -253,39 +108,31 @@
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: foreman-account
namespace: default
when: foreman_service_sa.rc != 0

- name: create foreman-account ServiceAccount
command: kubectl create -f /tmp/foreman-account-sa
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
when: foreman_service_sa.rc != 0

- name: create /home/vagrant/.kube
file:
path: /home/vagrant/.kube
state: directory
owner: vagrant
group: vagrant

- name: deploy kube config
copy:
src: /etc/kubernetes/admin.conf
dest: /home/vagrant/.kube/config
remote_src: yes
owner: vagrant
group: vagrant

- name: get foreman-account secret
shell: "set -o pipefail && kubectl get secrets $(kubectl get sa foreman-account -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d | xargs"
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
changed_when: false
register: foreman_account_secret
- kind: ServiceAccount
name: foreman-account
namespace: default

- name: show foreman-account secret
debug:
msg: "{{ foreman_account_secret.stdout }}"
- name: token
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: my-sa-token
namespace: default
annotations:
kubernetes.io/service-account.name: foreman-account
type: kubernetes.io/service-account-token

- name: Get foreman-account secret
kubernetes.core.k8s_info:
api_version: v1
kind: Secret
name: my-sa-token
namespace: default
register: _sa_token

- name: Show foreman-account secret
ansible.builtin.debug:
msg: "{{ _sa_token.resources[0].data.token | b64decode }}"
Loading