Add support for Calico, Cilium, Contiv-VPP and Danm in k8scluster deployment scripts.

This patch adds support for installing Calico, Cilium, Contiv-VPP and Danm in Kubernetes cluster deployment ansible scripts. Signed-off-by: Pawan Verma <pawanjbs5@gmail.com> Change-Id: Ib76620fa0f63dd58e8496bbf31baf515f697bcde
author: Pawan Verma <pawanjbs5@gmail.com> 2021-10-04 18:44:20 +0530
committer: Pawan Verma <pawanjbs5@gmail.com> 2021-10-16 00:55:05 +0530
commit: 0ab7ff90c3fec546275fd35ffc13cb787c03721e (patch)
tree: 983c14abdc5d840315c478f9555c9127e7219700 /tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks
parent: 212d0f7165d26d97823852992ed261529e095b69 (diff)
10 files changed, 312 insertions, 1 deletions
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-calico.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-calico.yaml
new file mode 100644
index 00000000..9e6f3fa6
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-calico.yaml
@@ -0,0 +1,10 @@
+---
+
+- name: Delete Calico
+  k8s:
+    state: absent
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://docs.projectcalico.org/manifests/calico.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-cilium.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-cilium.yaml
new file mode 100644
index 00000000..16b6e8c9
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-cilium.yaml
@@ -0,0 +1,7 @@
+---
+
+- name: Delete cilium
+  kubernetes.core.helm:
+   name: cilium
+   namespace: kube-system
+   state: absent
+\ No newline at end of file
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-contiv.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-contiv.yaml
new file mode 100644
index 00000000..553ac937
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-contiv.yaml
@@ -0,0 +1,11 @@
+---
+
+- name: Delete Contiv
+  k8s:
+    state: absent
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/contiv/vpp/v3.4.2/k8s/contiv-vpp.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+
+
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-danm.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-danm.yaml
new file mode 100644
index 00000000..1f989805
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/clear-danm.yaml
@@ -0,0 +1,63 @@
+---
+
+- name: Delete DanmNet CRD's
+  k8s:
+    state: absent
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmNet.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+- name: Delete DanmEp CRD's
+  k8s:
+    state: absent
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmEp.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+
+- name: Delete Danm service account
+  k8s:
+    state: absent
+    kind: ServiceAccount
+    name: danm
+    namespace: kube-system
+
+- name: Delete Danm cni conf
+  command: sudo rm -f  /etc/cni/net.d/00-danm.conf
+
+- name: Delete Danm cni kubeconfig
+  command: sudo rm -f /etc/cni/net.d/danm-kubeconfig
+
+- name: Delete Danm rbac
+  k8s:
+    state: absent
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/cni_config/danm_rbac.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+- name: Delete Danm cni plugins
+  k8s:
+    state: absent
+    definition: "{{ lookup('file', 'danm-cni-plugins.yaml') }}"
+
+- name: Delete Danm netwatcher
+  k8s:
+    state: absent
+    definition: "{{ lookup('file', 'danm-netwatcher-daemonset.yaml') }}"
+
+- name: Get CA Bundle
+  shell: kubectl config view --raw -o json | jq -r '.clusters[0].cluster."certificate-authority-data"' | tr -d '"'
+  register: danm_ca_bundle
+
+- name: Generate webhook deployment
+  template:
+    src: danm-webhook.yaml
+    dest: /tmp/danm-webhook.yaml
+    mode: 0644
+  vars:
+    ca_bundle: "{{ danm_ca_bundle.stdout }}"
+
+- name: Delete Danm webhook
+  k8s:
+    state: absent
+    src: /tmp/danm-webhook.yaml
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/cni-pre-deploy.yml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/cni-pre-deploy.yml
index b2f280ef..8e30c6e5 100644
--- a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/cni-pre-deploy.yml
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/cni-pre-deploy.yml
@@ -3,9 +3,21 @@
   pip:
     name: openshift
     executable: "{{ PIP_executable_version }}"
+    version: "{{ openshift_version }}"
   when: inventory_hostname in groups['master']
   become: yes
 
+- name: Install Helm
+  unarchive:
+    src: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"
+    dest: "/tmp"
+    remote_src: yes
+  become: yes
+
+- name: Move helm to PATH
+  command: mv /tmp/linux-amd64/helm /usr/local/bin/helm
+  become: yes
+
 - name: Check whether /etc/cni/net.d/ exists
   stat:
     path: /etc/cni/net.d
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-calico.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-calico.yaml
new file mode 100644
index 00000000..afee929a
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-calico.yaml
@@ -0,0 +1,12 @@
+---
+
+- name: Clean Calico
+  import_tasks: clear-calico.yaml
+
+- name: Deploy Calico
+  k8s:
+    state: present
+    apply: yes
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://docs.projectcalico.org/manifests/calico.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-cilium.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-cilium.yaml
new file mode 100644
index 00000000..fb48591e
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-cilium.yaml
@@ -0,0 +1,19 @@
+---
+
+- name: Add cilium helm repo
+  kubernetes.core.helm_repository:
+    name: cilium
+    repo_url: "https://helm.cilium.io/"
+
+- name: Clean Cilium
+  import_tasks: clear-cilium.yaml
+
+- name: Deploy cilium Chart
+  kubernetes.core.helm:
+   name: cilium
+   namespace: kube-system
+   chart_ref: cilium/cilium
+   wait: yes
+   values:
+    cni:
+      exclusive: false
+\ No newline at end of file
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-contiv.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-contiv.yaml
new file mode 100644
index 00000000..f08ad702
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-contiv.yaml
@@ -0,0 +1,12 @@
+---
+
+- name: Clean Contiv
+  import_tasks: clear-contiv.yaml
+
+- name: Deploy Contiv
+  k8s:
+    state: present
+    apply: yes
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/contiv/vpp/v3.4.2/k8s/contiv-vpp.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-danm.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-danm.yaml
new file mode 100644
index 00000000..04852e55
--- /dev/null
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/deploy-danm.yaml
@@ -0,0 +1,125 @@
+---
+
+- name: Clean Danm
+  import_tasks: clear-danm.yaml
+
+- name: Deploy DanmNet CRD
+  k8s:
+    state: present
+    apply: yes
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmNet.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+- name: Deploy DanmEp CRD
+  k8s:
+    state: present
+    apply: yes
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmEp.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+
+- name: Create Danm service account
+  command: kubectl create --namespace kube-system serviceaccount danm
+
+- name: Create Danm cni conf
+  copy:
+    dest: /etc/cni/net.d/00-danm.conf
+    mode: 0644
+    content: |
+      {
+        "cniVersion": "0.3.1",
+        "name": "meta_cni",
+        "type": "danm",
+        "kubeconfig": "/etc/cni/net.d/danm-kubeconfig",
+        "cniDir": "/etc/cni/net.d",
+        "namingScheme": "awesome",
+      }
+  become: yes
+
+- name: Get Cluster name
+  command: kubectl config view -o jsonpath='{.clusters[0].name}'
+  register: cluster_name
+
+- name: Get Cluster Server
+  command: kubectl config view -o jsonpath='{.clusters[0].cluster.server}'
+  register: cluster_server
+
+- name: Get Cluster CA certification
+  command: kubectl config view --flatten -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
+  register: cluster_ca_certificate
+
+- name: Get Danm Secret Name
+  command: kubectl get --namespace kube-system -o jsonpath='{.secrets[0].name}' serviceaccounts danm
+  register: danm_secret_name
+
+- name: Get Danm Service Account Token
+  shell: kubectl get --namespace kube-system secrets {{ danm_secret_name.stdout }} -o jsonpath='{.data.token}' | base64 -d
+  register: danm_service_account_token
+
+- name: Create Danm kubeconfig
+  copy:
+    dest: /etc/cni/net.d/danm-kubeconfig
+    mode: 0644
+    content: |
+      apiVersion: v1
+      kind: Config
+      current-context: default
+      clusters:
+      - cluster:
+          certificate-authority-data: {{ cluster_ca_certificate.stdout }}
+          server: {{ cluster_server.stdout }}
+        name: {{ cluster_name.stdout }}
+      contexts:
+      - context:
+          cluster: {{ cluster_name.stdout }}
+          user: danm
+        name: default
+      users:
+      - name: danm
+        user:
+          token: {{ danm_service_account_token.stdout }}
+      preferences: {}
+  become: yes
+
+- name: Deploy Danm rbac
+  k8s:
+    state: present
+    apply: yes
+    definition: '{{ item }}'
+  with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/cni_config/danm_rbac.yaml", split_lines=False) | from_yaml_all | list }}'
+  when: item is not none
+  
+- name: Deploy Danm cni plugins
+  k8s:
+    state: present
+    apply: yes
+    wait: yes
+    definition: "{{ lookup('file', 'danm-cni-plugins.yaml') }}"
+
+- name: Deploy Danm netwatcher
+  k8s:
+    state: present
+    apply: yes
+    definition: "{{ lookup('file', 'danm-netwatcher-daemonset.yaml') }}"
+
+- name: Create Danm webhook signed cert
+  script: danm-webhook-create-signed-cert.sh
+
+- name: Get CA Bundle
+  shell: kubectl config view --raw -o json | jq -r '.clusters[0].cluster."certificate-authority-data"' | tr -d '"'
+  register: danm_ca_bundle
+
+- name: Generate webhook deployment
+  template:
+    src: danm-webhook.yaml
+    dest: /tmp/danm-webhook.yaml
+    mode: 0644
+  vars:
+    ca_bundle: "{{ danm_ca_bundle.stdout }}"
+
+- name: Deploy Danm webhook
+  k8s:
+    state: present
+    apply: yes
+    src: /tmp/danm-webhook.yaml
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/main.yml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/main.yml
index 28c3f501..519cd36a 100644
--- a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/main.yml
+++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks/main.yml
@@ -29,7 +29,7 @@
 
 - name: deploy multus
   import_tasks: deploy-multus.yml
-  when: inventory_hostname in groups['master']
+  when: inventory_hostname in groups['master'] and 'danm' not in ansible_run_tags
   tags: deploy, cni
 
 - name: clear multus
@@ -67,6 +67,46 @@
   when: inventory_hostname in groups['master']
   tags: clear
 
+- name: deploy calico
+  import_tasks: deploy-calico.yaml
+  when: inventory_hostname in groups['master']
+  tags: deploy, cni
+
+- name: clear calico
+  import_tasks: clear-calico.yaml
+  when: inventory_hostname in groups['master']
+  tags: clear
+
+- name: deploy cilium
+  import_tasks: deploy-cilium.yaml
+  when: inventory_hostname in groups['master']
+  tags: deploy, cni
+
+- name: clear cilium
+  import_tasks: clear-cilium.yaml
+  when: inventory_hostname in groups['master']
+  tags: clear
+
+- name: deploy contiv
+  import_tasks: deploy-contiv.yaml
+  when: inventory_hostname in groups['master']
+  tags: deploy, cni
+
+- name: clear contiv
+  import_tasks: clear-contiv.yaml
+  when: inventory_hostname in groups['master']
+  tags: clear
+
+- name: deploy danm
+  import_tasks: deploy-danm.yaml
+  when: inventory_hostname in groups['master'] and 'danm' in ansible_run_tags
+  tags: deploy, cni, danm
+
+- name: clear danm
+  import_tasks: clear-danm.yaml
+  when: inventory_hostname in groups['master'] and 'danm' in ansible_run_tags
+  tags: clear
+
 - name: drain and delete workers from master
   import_tasks: clear-k8s-workers-drain.yml
   when: inventory_hostname in groups['workers']
author	Pawan Verma <pawanjbs5@gmail.com>	2021-10-04 18:44:20 +0530
committer	Pawan Verma <pawanjbs5@gmail.com>	2021-10-16 00:55:05 +0530
commit	0ab7ff90c3fec546275fd35ffc13cb787c03721e (patch)
tree	983c14abdc5d840315c478f9555c9127e7219700 /tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/tasks
parent	212d0f7165d26d97823852992ed261529e095b69 (diff)