Add ansible scripts to deploy Kubernetes

For know, only one node is supported. - build/configure CNI drivers - Init Kubernetes Change-Id: I1a0eb44fcbba20870a6b7611d4ffaf0bc3be92f3 Signed-off-by: Mytnyk, Volodymyr <volodymyrx.mytnyk@intel.com>
author: Mytnyk, Volodymyr <volodymyrx.mytnyk@intel.com> 2018-05-11 17:36:20 +0100
committer: Mytnyk, Volodymyr <volodymyrx.mytnyk@intel.com> 2019-04-17 14:47:44 +0300
commit: a1b0dc306662befdf22f19374cbb3126681c9f14 (patch)
tree: b24c919a5a970587e7f39c7952e3c8349531369a
parent: 441c147b14aae5ed6181d024b6f9ff370d9286c3 (diff)
24 files changed, 757 insertions, 1 deletions
diff --git a/ansible/deploy_kube.yml b/ansible/deploy_kube.yml
new file mode 100644
index 000000000..b71e7dc7c
--- /dev/null
+++ b/ansible/deploy_kube.yml
@@ -0,0 +1,28 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- hosts: master
+  become: yes
+  environment: "{{ proxy_env }}"
+  roles:
+  - set_package_installer_proxy
+  - install_dependencies_kubernetes
+  - docker
+  - install_go
+  - install_kube
+  - build_cni
+  - role: download_dpdk
+    dpdk_version: "17.02.1"
+  - install_dpdk
+  - init_kubeadm
diff --git a/ansible/group_vars/master.yml b/ansible/group_vars/master.yml
new file mode 100644
index 000000000..f5f703a2f
--- /dev/null
+++ b/ansible/group_vars/master.yml
@@ -0,0 +1,39 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+cni_info:
+  multus-cni:
+    repo_url: https://github.com/Intel-Corp/multus-cni
+    repo_ver: v1.2
+    build_script: build
+  sriov-cni:
+    repo_url: https://github.com/Intel-Corp/sriov-cni
+    repo_ver: v0.4.0
+    build_script: build
+  containernetworking-cni:
+    repo_url: https://github.com/containernetworking/cni
+    repo_ver: v0.6.0
+    build_script: build.sh
+  containernetworking-plugins:
+    repo_url: https://github.com/containernetworking/plugins
+    repo_ver: v0.7.1
+    build_script: build.sh
+kubeadm_kubernetes_version: 1.9.3
+# Default CIDR defined in kube-flannel.yml
+kubeadm_pod_network_cidr: 10.244.0.0/16
+kubelet_cluster_dns_ip: 172.20.0.10
+docker_daemon_config:
+  bip: 172.10.1.1/16
+  fixed-cidr: 172.10.0.0/24
+  mtu: 1500
diff --git a/ansible/kube-inventory.ini b/ansible/kube-inventory.ini
new file mode 100644
index 000000000..ff11b391d
--- /dev/null
+++ b/ansible/kube-inventory.ini
@@ -0,0 +1,6 @@
+[master]
+kube-master ansible_host=192.168.1.155
+
+[master:vars]
+ansible_user=ubuntu
+ansible_ssh_private_key_file=ubuntu.key
diff --git a/ansible/roles/build_cni/defaults/main.yml b/ansible/roles/build_cni/defaults/main.yml
new file mode 100644
index 000000000..18aa418f4
--- /dev/null
+++ b/ansible/roles/build_cni/defaults/main.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+cni_src_dir: /opt/cni/src
+cni_bin_dir: /opt/cni/bin
diff --git a/ansible/roles/build_cni/tasks/main.yml b/ansible/roles/build_cni/tasks/main.yml
new file mode 100644
index 000000000..ee66686f8
--- /dev/null
+++ b/ansible/roles/build_cni/tasks/main.yml
@@ -0,0 +1,49 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Get CNI driver sources
+  git:
+    repo: "{{ item.value.repo_url }}"
+    dest: "{{ cni_src_dir }}/{{ item.key }}"
+    version: "{{ item.value.repo_ver }}"
+  with_dict: "{{ cni_info }}"
+
+- name: Compile CNI drivers
+  command: "{{ cni_src_dir }}/{{ item.key }}/{{ item.value.build_script }}"
+  environment: "{{ go_env }}"
+  args:
+    chdir: "{{ cni_src_dir }}/{{ item.key }}"
+  with_dict: "{{ cni_info }}"
+
+- name: Get list of compiled CNI binaries
+  shell: ls -1 {{ item.key }}/bin/*
+  register: ls_cni_binaries_result
+  args:
+    chdir: "{{ cni_src_dir }}"
+  with_dict: "{{ cni_info }}"
+
+- set_fact:
+    cni_binary_list: "{{ cni_binary_list|default([]) + item.stdout_lines }}"
+  with_items: "{{ ls_cni_binaries_result.results }}"
+
+- name: Create CNI binaries dir
+  file: path={{ cni_bin_dir }} state=directory
+
+- name: Copy CNI binaries into kublet bin dir
+  copy:
+    src: "{{ cni_src_dir }}/{{ item }}"
+    dest: "{{ cni_bin_dir }}/"
+    remote_src: yes
+    mode: 0755
+  with_items: "{{ cni_binary_list }}"
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index bbec371a8..18e441462 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2017 Intel Corporation.
+# Copyright (c) 2017-2019 Intel Corporation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,6 +18,10 @@
   - name: create docker service config dir
     file: path=/etc/systemd/system/docker.service.d state=directory
 
+  - name: docker configuration
+    template: src=daemon.json.j2 dest=/etc/docker/daemon.json owner=root mode=0644
+    when: 'docker_daemon_config is defined'
+
   - name: create docker proxy config
     template: src=http-proxy-conf.j2 dest=/etc/systemd/system/docker.service.d/http-proxy.conf owner=root mode=0644
     when: 'proxy_env is defined and "http_proxy" in proxy_env or "https_proxy" in proxy_env'
diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2
new file mode 100644
index 000000000..57bdc9f63
--- /dev/null
+++ b/ansible/roles/docker/templates/daemon.json.j2
@@ -0,0 +1 @@
+{{ docker_daemon_config | to_nice_json }}
diff --git a/ansible/roles/init_kubeadm/defaults/main.yml b/ansible/roles/init_kubeadm/defaults/main.yml
new file mode 100644
index 000000000..3d868398d
--- /dev/null
+++ b/ansible/roles/init_kubeadm/defaults/main.yml
@@ -0,0 +1,27 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+cmk_rbc_rules_url: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-rbac-rules.yaml
+cmk_serviceaccount: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-serviceaccount.yaml
+dpdk_devbind_path: "{{ INSTALL_BIN_PATH|default('/opt') }}"
+multus_config:
+  name: node-cni-network
+  type: multus
+  kubeconfig: /etc/kubernetes/kubelet.conf
+  delegates:
+    - type: flannel
+      delegate:
+        isDefaultGateway: true
+      hairpinMode: true
+      masterplugin: true
diff --git a/ansible/roles/init_kubeadm/tasks/kubeadm.yml b/ansible/roles/init_kubeadm/tasks/kubeadm.yml
new file mode 100644
index 000000000..7c808a01c
--- /dev/null
+++ b/ansible/roles/init_kubeadm/tasks/kubeadm.yml
@@ -0,0 +1,50 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- set_fact:
+    service_cidr_param: --service-cidr={{ kubeadm_service_cidr }}
+  when: 'kubeadm_service_cidr is defined'
+
+- set_fact:
+    pod_network_cidr_param: --pod-network-cidr={{ kubeadm_pod_network_cidr }}
+  when: 'kubeadm_pod_network_cidr is defined'
+
+- set_fact:
+    kubernetes_version: --kubernetes-version {{ kubeadm_kubernetes_version }}
+  when: 'kubeadm_kubernetes_version is defined'
+
+- name: Initialize Kubernetes cluster
+  command: >
+           kubeadm init {{ pod_network_cidr_param|default('') }}
+           {{ service_cidr_param|default('') }} {{ kubernetes_version|default('') }}
+           --ignore-preflight-errors=all
+
+- name: Create Kubernetes configuration dir
+  file: path={{ ansible_env.HOME }}/.kube state=directory
+
+- name: Setup Kubernetes environment
+  copy:
+    src: /etc/kubernetes/admin.conf
+    dest: "{{ ansible_env.HOME }}/.kube/config"
+    remote_src: yes
+
+- name: Allow to schedule pods on the master
+  command: kubectl taint nodes --all node-role.kubernetes.io/master-
+
+- name: Wait for kube-dns pod to be in running state
+  command: kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o json
+  register: result
+  until: result.stdout|from_json|json_query('items[].status.phase|[0]') == "Running"
+  retries: 30
+  delay: 2
diff --git a/ansible/roles/init_kubeadm/tasks/kubectl.yml b/ansible/roles/init_kubeadm/tasks/kubectl.yml
new file mode 100644
index 000000000..dd8ad2f65
--- /dev/null
+++ b/ansible/roles/init_kubeadm/tasks/kubectl.yml
@@ -0,0 +1,26 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Generate temporary resource file
+  tempfile: state=file prefix=kubectl.{{ item }}.
+  register: config_file
+
+- name: Generate {{ item }} resource file
+  template: src={{ item }}.j2 dest={{ config_file.path }}
+
+- name: Create {{ item }} resource
+  command: kubectl create -f {{ config_file.path }}
+
+- name: Create Kubernetes configuration dir
+  file: path={{ config_file.path  }} state=absent
diff --git a/ansible/roles/init_kubeadm/tasks/main.yml b/ansible/roles/init_kubeadm/tasks/main.yml
new file mode 100644
index 000000000..df7334ce1
--- /dev/null
+++ b/ansible/roles/init_kubeadm/tasks/main.yml
@@ -0,0 +1,70 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Disable swap
+  command: swapoff -a
+  ignore_errors: true
+
+- name: Reset Kubernetes cluster
+  command: kubeadm reset
+
+- name: Clean Kubernetes directories (w/o removing the folder itself)
+  shell: rm -fr {{ item }}/*
+  with_items:
+    - /etc/kubernetes
+    - /var/lib/cni
+    - /etc/cmk
+
+- name: Create Multus CNI plugin dir
+  file: path=/etc/cni/net.d state=directory
+
+- name: Configure Multus CNI plugin
+  template: src=10-multus-cni.conf.j2 dest=/etc/cni/net.d/10-multus-cni.conf owner=root mode=0644
+
+- name: Change default kubelet cluster dns IP
+  lineinfile:
+    path: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+    regexp: '^(.*)--cluster-dns=([0-9\.]*)( +.*)$'
+    line: '\1--cluster-dns={{ kubelet_cluster_dns_ip }}\3'
+    backrefs: yes
+    backup: yes
+
+- name: Systemd daemon reload
+  command: systemctl daemon-reload
+
+- name: Restart kubelet
+  service: name=kubelet state=restarted
+
+- name: Initialize kubeadm
+  include: kubeadm.yml
+
+- name: Create CMK Kubernetes resources
+  command: kubectl create -f {{ item }}
+  with_items:
+    - "{{ cmk_rbc_rules_url }}"
+    - "{{ cmk_serviceaccount }}"
+
+- name: Create Kubernetes resources
+  include: kubectl.yml
+  with_items:
+    - crd-network.yaml
+    - net-flannel.yaml
+    - roles.yaml
+    - kube-flannel.yaml
+    - cmk-init-pod.yaml
+
+- name: Create a ClusterRoleBinding for a particular ClusterRole
+  command: >
+           kubectl create clusterrolebinding multus-node-{{ ansible_hostname }}
+           --clusterrole=multus-crd-overpowered --user=system:node:{{ ansible_hostname }}
diff --git a/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2
new file mode 100644
index 000000000..a68afaf26
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2
@@ -0,0 +1 @@
+{{ multus_config | to_nice_json }}
diff --git a/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2
new file mode 100644
index 000000000..44c22581f
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2
@@ -0,0 +1,32 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app: cmk-cluster-init-pod
+  name: cmk-cluster-init-pod
+spec:
+  serviceAccountName: cmk-serviceaccount
+  containers:
+  - args:
+      # Change this value to pass different options to cluster-init.
+      - "/cmk/cmk.py cluster-init --host-list={{ ansible_hostname }} --saname=cmk-serviceaccount --cmk-img=si-docker.ir.intel.com/vcmts-ubuntu/cmk --num-dp-cores=4 --dp-mode=spread --num-cp-cores=1 --cp-mode=spread"
+    command:
+    - "/bin/bash"
+    - "-c"
+    image: si-docker.ir.intel.com/vcmts-ubuntu/cmk
+    name: cmk-cluster-init-pod
+  restartPolicy: Never
diff --git a/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2
new file mode 100644
index 000000000..0e451c51a
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2
@@ -0,0 +1,26 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: "apiextensions.k8s.io/v1beta1"
+kind: CustomResourceDefinition
+metadata:
+  name: networks.kubernetes.com
+spec:
+  group: kubernetes.com
+  version: v1
+  scope: Namespaced
+  names:
+    plural: networks
+    singular: network
+    kind: Network
diff --git a/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2
new file mode 100644
index 000000000..ddb849616
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2
@@ -0,0 +1,158 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: flannel
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+- kind: ServiceAccount
+  name: flannel
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel
+  namespace: kube-system
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-cfg
+  namespace: kube-system
+  labels:
+    tier: node
+    app: flannel
+data:
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "plugins": [
+        {
+          "type": "flannel",
+          "delegate": {
+            "hairpinMode": true,
+            "isDefaultGateway": true
+          }
+        },
+        {
+          "type": "portmap",
+          "capabilities": {
+            "portMappings": true
+          }
+        }
+      ]
+    }
+  net-conf.json: |
+    {
+      "Network": "{{ kubeadm_pod_network_cidr }}",
+      "Backend": {
+        "Type": "vxlan"
+      }
+    }
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds
+  namespace: kube-system
+  labels:
+    tier: node
+    app: flannel
+spec:
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+    spec:
+      hostNetwork: true
+      nodeSelector:
+        beta.kubernetes.io/arch: amd64
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      serviceAccountName: flannel
+      containers:
+      - name: kube-flannel
+        image: quay.io/coreos/flannel:v0.10.0-amd64
+        command:
+        - /opt/bin/flanneld
+        args:
+        - --ip-masq
+        - --kube-subnet-mgr
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - name: run
+          mountPath: /run
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+      volumes:
+        - name: run
+          hostPath:
+            path: /run
+        - name: cni
+          hostPath:
+            path: /etc/cni/net.d
+        - name: flannel-cfg
+          configMap:
+            name: kube-flannel-cfg
diff --git a/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2
new file mode 100644
index 000000000..db25c6a89
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2
@@ -0,0 +1,24 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: "kubernetes.com/v1"
+kind: Network
+metadata:
+  name: flannel
+plugin: flannel
+args: '[{
+                "delegate": {
+                        "isDefaultGateway": true
+                }
+        }]'
diff --git a/ansible/roles/init_kubeadm/templates/roles.yaml.j2 b/ansible/roles/init_kubeadm/templates/roles.yaml.j2
new file mode 100644
index 000000000..b3509b048
--- /dev/null
+++ b/ansible/roles/init_kubeadm/templates/roles.yaml.j2
@@ -0,0 +1,29 @@
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: multus-crd-overpowered
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- nonResourceURLs:
+  - '*'
+  verbs:
+  - '*'
diff --git a/ansible/roles/install_dependencies_kubernetes/tasks/main.yml b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml
new file mode 100644
index 000000000..90098a48e
--- /dev/null
+++ b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Install https download transport for APT
+  apt:
+    name: apt-transport-https
+    state: latest
+    update_cache: yes
diff --git a/ansible/roles/install_go/defaults/main.yml b/ansible/roles/install_go/defaults/main.yml
new file mode 100644
index 000000000..dee4f82d2
--- /dev/null
+++ b/ansible/roles/install_go/defaults/main.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+golang_repo_key_server: keyserver.ubuntu.com
+golang_repo_key_id: C73998DC9DFEA6DCF1241057308C15A29AD198E9
+golang_repo_url: deb http://ppa.launchpad.net/gophers/archive/ubuntu xenial main
+golang_bin_dir: /usr/lib/go-1.10/bin
diff --git a/ansible/roles/install_go/tasks/main.yml b/ansible/roles/install_go/tasks/main.yml
new file mode 100644
index 000000000..5489fadae
--- /dev/null
+++ b/ansible/roles/install_go/tasks/main.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add go language gophers repo key
+  # due to a proxy issue in the ansible apt_key module on Ubuntu 17.10,
+  # it doesn't work to add key via `id` and `keyserver` parametes. Similar
+  # issue is described here: https://github.com/debops/ansible-elastic_co/issues/2
+  #  apt_key:
+  #    keyserver: "{{ golang_repo_key_server }}"
+  #    id: "{{ golang_repo_key_id }}"
+  # As a workaround, we can use `apt-key` tool directly with proxy specified.
+  command: >
+           apt-key adv --keyserver {{ golang_repo_key_server }} --recv-keys
+           --keyserver-options http-proxy={{ proxy_env.http_proxy }}
+           {{ golang_repo_key_id }}
+
+- name: Add apt golang repository
+  apt_repository:
+    repo: "{{ golang_repo_url }}"
+    filename: golang-1.10-go
+
+- name: Install golang-1.10-go
+  apt:
+    name: golang-1.10-go
+
+- name: Setup Go environment variable
+  set_fact:
+    go_env:
+      PATH: "{{ golang_bin_dir }}:{{ ansible_env.PATH }}"
diff --git a/ansible/roles/install_kube/defaults/main.yml b/ansible/roles/install_kube/defaults/main.yml
new file mode 100644
index 000000000..1ae57469d
--- /dev/null
+++ b/ansible/roles/install_kube/defaults/main.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kubernetes_key_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+kubernetes_repo_url: deb http://apt.kubernetes.io/ kubernetes-xenial main
diff --git a/ansible/roles/install_kube/tasks/main.yml b/ansible/roles/install_kube/tasks/main.yml
new file mode 100644
index 000000000..ea4f0cdb5
--- /dev/null
+++ b/ansible/roles/install_kube/tasks/main.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add kubernetes repo key
+  apt_key:
+    url: "{{ kubernetes_key_url }}"
+
+- name: Add apt kubernetes repository
+  apt_repository:
+    repo: "{{ kubernetes_repo_url }}"
+    filename: kubernetes
+
+- name: Install kubelet kubeadm kubectl kubernetes-cni
+  apt:
+    name:
+    - kubelet=1.9.3*
+    - kubeadm=1.9.3*
+    - kubectl=1.9.3*
+    force: yes
diff --git a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2
index 5b57178a7..cba8eacd4 100644
--- a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2
+++ b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2
@@ -1,3 +1,6 @@
 {% if "http_proxy" in proxy_env %}
 Acquire::http::Proxy "{{ proxy_env.http_proxy }}";
 {% endif %}
+{% if "https_proxy" in proxy_env %}
+Acquire::https::Proxy "{{ proxy_env.https_proxy }}";
+{% endif %}
diff --git a/tools/kube-setup-one-node.sh b/tools/kube-setup-one-node.sh
new file mode 100755
index 000000000..180f11b46
--- /dev/null
+++ b/tools/kube-setup-one-node.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+# Copyright (c) 2018-2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+proxy_vars=(http_proxy https_proxy ftp_proxy no_proxy)
+# get proxy environment values from /etc/environment if not set
+for proxy_var in ${proxy_vars[@]}
+do
+    env_proxy=$(sed -ne "s/^$proxy_var=[\"\']\(.*\)[\"\']/\1/p" /etc/environment)
+    if [[ -z ${!proxy_var} ]] && [[ ! -z ${env_proxy} ]]; then
+        export ${proxy_var}=${env_proxy}
+    fi
+done
+# add proxy configuration into proxy file
+add_extra_env=false
+echo "proxy_env:" > /tmp/proxy.yml
+for proxy_var in ${proxy_vars[@]}
+do
+    if [[ ! -z ${!proxy_var} ]]; then
+        echo "  ${proxy_var}: ${!proxy_var}" >> /tmp/proxy.yml
+        add_extra_env=true
+    fi
+done
+# add extra arguments file if needed
+if ${add_extra_env}; then
+    extra_args="${extra_args} -e @/tmp/proxy.yml "
+fi
+
+ANSIBLE_SCRIPTS="${0%/*}/../ansible"
+
+cd ${ANSIBLE_SCRIPTS} && \
+ansible-playbook \
+         ${extra_args} -i kube-inventory.ini deploy_kube.yml
author	Mytnyk, Volodymyr <volodymyrx.mytnyk@intel.com>	2018-05-11 17:36:20 +0100
committer	Mytnyk, Volodymyr <volodymyrx.mytnyk@intel.com>	2019-04-17 14:47:44 +0300
commit	a1b0dc306662befdf22f19374cbb3126681c9f14 (patch)
tree	b24c919a5a970587e7f39c7952e3c8349531369a
parent	441c147b14aae5ed6181d024b6f9ff370d9286c3 (diff)