1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
---
- name: Clean Danm
import_tasks: clear-danm.yaml
- name: Deploy DanmNet CRD
k8s:
state: present
apply: yes
definition: '{{ item }}'
with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmNet.yaml", split_lines=False) | from_yaml_all | list }}'
when: item is not none
- name: Deploy DanmEp CRD
k8s:
state: present
apply: yes
definition: '{{ item }}'
with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/crds/lightweight/DanmEp.yaml", split_lines=False) | from_yaml_all | list }}'
when: item is not none
- name: Create Danm service account
command: kubectl create --namespace kube-system serviceaccount danm
- name: Create Danm cni conf
copy:
dest: /etc/cni/net.d/00-danm.conf
mode: 0644
content: |
{
"cniVersion": "0.3.1",
"name": "meta_cni",
"type": "danm",
"kubeconfig": "/etc/cni/net.d/danm-kubeconfig",
"cniDir": "/etc/cni/net.d",
"namingScheme": "awesome",
}
become: yes
- name: Get Cluster name
command: kubectl config view -o jsonpath='{.clusters[0].name}'
register: cluster_name
- name: Get Cluster Server
command: kubectl config view -o jsonpath='{.clusters[0].cluster.server}'
register: cluster_server
- name: Get Cluster CA certification
command: kubectl config view --flatten -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
register: cluster_ca_certificate
- name: Get Danm Secret Name
command: kubectl get --namespace kube-system -o jsonpath='{.secrets[0].name}' serviceaccounts danm
register: danm_secret_name
- name: Get Danm Service Account Token
shell: kubectl get --namespace kube-system secrets {{ danm_secret_name.stdout }} -o jsonpath='{.data.token}' | base64 -d
register: danm_service_account_token
- name: Create Danm kubeconfig
copy:
dest: /etc/cni/net.d/danm-kubeconfig
mode: 0644
content: |
apiVersion: v1
kind: Config
current-context: default
clusters:
- cluster:
certificate-authority-data: {{ cluster_ca_certificate.stdout }}
server: {{ cluster_server.stdout }}
name: {{ cluster_name.stdout }}
contexts:
- context:
cluster: {{ cluster_name.stdout }}
user: danm
name: default
users:
- name: danm
user:
token: {{ danm_service_account_token.stdout }}
preferences: {}
become: yes
- name: Deploy Danm rbac
k8s:
state: present
apply: yes
definition: '{{ item }}'
with_items: '{{ lookup("url", "https://raw.githubusercontent.com/nokia/danm/v4.3.0/integration/cni_config/danm_rbac.yaml", split_lines=False) | from_yaml_all | list }}'
when: item is not none
- name: Deploy Danm cni plugins
k8s:
state: present
apply: yes
wait: yes
definition: "{{ lookup('file', 'danm-cni-plugins.yaml') }}"
- name: Deploy Danm netwatcher
k8s:
state: present
apply: yes
definition: "{{ lookup('file', 'danm-netwatcher-daemonset.yaml') }}"
- name: Create Danm webhook signed cert
script: danm-webhook-create-signed-cert.sh
- name: Get CA Bundle
shell: kubectl config view --raw -o json | jq -r '.clusters[0].cluster."certificate-authority-data"' | tr -d '"'
register: danm_ca_bundle
- name: Generate webhook deployment
template:
src: danm-webhook.yaml
dest: /tmp/danm-webhook.yaml
mode: 0644
vars:
ca_bundle: "{{ danm_ca_bundle.stdout }}"
- name: Deploy Danm webhook
k8s:
state: present
apply: yes
src: /tmp/danm-webhook.yaml
|