From 6368113ec991a97517e6d633b3d79f2e012e99af Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 28 Nov 2018 16:19:40 -0800 Subject: [PATCH] Add kube config to nodepool servers This adds connection information for an experimental kubernetes cluster hosted in vexxhost-sjc1 to the nodepool servers. Change-Id: Ie7aad841df1779ddba69315ddd9e0ae96a1c8c53 --- playbooks/base.yaml | 1 + playbooks/group_vars/nodepool.yaml | 5 ++++- playbooks/roles/configure-kubectl/README.rst | 19 +++++++++++++++++++ .../configure-kubectl/defaults/main.yaml | 4 ++++ .../roles/configure-kubectl/tasks/main.yaml | 15 +++++++++++++++ .../clouds/nodepool_kube_config.yaml.j2 | 19 +++++++++++++++++++ .../templates/group_vars/nodepool.yaml.j2 | 1 + testinfra/test_nodepool.py | 7 +++++++ 8 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/configure-kubectl/README.rst create mode 100644 playbooks/roles/configure-kubectl/defaults/main.yaml create mode 100644 playbooks/roles/configure-kubectl/tasks/main.yaml create mode 100644 playbooks/templates/clouds/nodepool_kube_config.yaml.j2 diff --git a/playbooks/base.yaml b/playbooks/base.yaml index 4c9ee170e4..d4165d3fe3 100644 --- a/playbooks/base.yaml +++ b/playbooks/base.yaml @@ -35,6 +35,7 @@ roles: - minimal-nodepool - configure-openstacksdk + - configure-kubectl - hosts: "puppet:!disabled" name: "Base: install and configure puppet on puppet hosts" diff --git a/playbooks/group_vars/nodepool.yaml b/playbooks/group_vars/nodepool.yaml index ebb2b91c07..e1f06e3530 100644 --- a/playbooks/group_vars/nodepool.yaml +++ b/playbooks/group_vars/nodepool.yaml @@ -23,4 +23,7 @@ iptables_extra_allowed_hosts: - protocol: tcp port: 2181 hostname: zuul01.openstack.org - +kube_config_dir: ~nodepool/.kube +kube_config_owner: nodepool +kube_config_group: nodepool +kube_config_template: clouds/nodepool_kube_config.yaml.j2 diff --git a/playbooks/roles/configure-kubectl/README.rst b/playbooks/roles/configure-kubectl/README.rst new file mode 100644 index 0000000000..164a68bd06 --- /dev/null +++ b/playbooks/roles/configure-kubectl/README.rst @@ -0,0 +1,19 @@ +Configure kube config files + +Configure kubernetes files needed by nodepool. + +**Role Variables** + +.. zuul:rolevar:: kube_config_dir + :default: /root/.kube + +.. zuul:rolevar:: kube_config_owner + :default: root + +.. zuul:rolevar:: kube_config_group + :default: root + +.. zuul:rolevar:: kube_config_file + :default: {{ kube_config_dir }}/config + +.. zuul:rolevar:: kube_config_template diff --git a/playbooks/roles/configure-kubectl/defaults/main.yaml b/playbooks/roles/configure-kubectl/defaults/main.yaml new file mode 100644 index 0000000000..3bad6481d4 --- /dev/null +++ b/playbooks/roles/configure-kubectl/defaults/main.yaml @@ -0,0 +1,4 @@ +kube_config_dir: /root/.kube +kube_config_owner: root +kube_config_group: root +kube_config_file: '{{ kube_config_dir }}/config' diff --git a/playbooks/roles/configure-kubectl/tasks/main.yaml b/playbooks/roles/configure-kubectl/tasks/main.yaml new file mode 100644 index 0000000000..4e0ba770d2 --- /dev/null +++ b/playbooks/roles/configure-kubectl/tasks/main.yaml @@ -0,0 +1,15 @@ +- name: Ensure kube config directory + file: + group: '{{ kube_config_group }}' + owner: '{{ kube_config_owner }}' + mode: 0750 + path: '{{ kube_config_dir }}' + state: directory + +- name: Install the kube config file + template: + src: '{{ kube_config_template }}' + dest: '{{ kube_config_file }}' + group: '{{ kube_config_group }}' + owner: '{{ kube_config_owner }}' + mode: 0640 diff --git a/playbooks/templates/clouds/nodepool_kube_config.yaml.j2 b/playbooks/templates/clouds/nodepool_kube_config.yaml.j2 new file mode 100644 index 0000000000..2e9bc28008 --- /dev/null +++ b/playbooks/templates/clouds/nodepool_kube_config.yaml.j2 @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: + - name: vexxhost-sjc1 + cluster: + server: https://38.108.68.90:6443 + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMxekNDQWIrZ0F3SUJBZ0lSQU1oQUVLSU96MDlSa3VZSXJjSWtSVjh3RFFZSktvWklodmNOQVFFTEJRQXcKRXpFUk1BOEdBMVVFQXd3SVRtOWtaWEJ2YjJ3d0hoY05NVGd4TVRJM01qSXpPRFV4V2hjTk1qTXhNVEkzTWpJegpPRFV4V2pBVE1SRXdEd1lEVlFRRERBaE9iMlJsY0c5dmJEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFLbXFDcHNkTDlHbTN2WmVGSkRLYXJDeVBiazFkUldraUVMZ2oreWpnalVpejNsUEltUksKZU5Cb24ybzBScDBPMzVPRTZFdTE4Z25JaW1ybk9YWGM2RW1zUEJONHZkbThoRGxsaXFKYjZlSFdIWkcyNGVZSApvWCtWckJ2QjBSYWpBeU9LMW5mRTVscVhlUU8vdUJ0M24yQ0FBbm90bWRkTkpMNFFDN3VpOEV6Vzc3ZkpzUGU5CkZDSVpERktUOGNNL2o0R1BybjdFSEpoQ2tWb2JTaExVbHA4cDN4c05hMmYzam52eGJiUVVBN2lzVCtybXBwY2gKUEx2THFMRytpT01hSDA5aC9SVWN0VE5GeG9uTnZpR21zSVdOdWwxWHBtL2pHa3NNa09xQmhrcXo3V1FNK25wMAo2MDRBcFdHd3Z2bUI2K05TVjVERzNxSk9tZXdyRzg2SW1Xc0NBd0VBQWFNbU1DUXdFZ1lEVlIwVEFRSC9CQWd3CkJnRUIvd0lCQURBT0JnTlZIUThCQWY4RUJBTUNBZ1F3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUFramJJKysKTUZXQWJwcXp1T0ppS2FnZlZxY3FZSUs0cFFOSkVpTHdCUnU2RmVJTmFCYXhQUVpIeURsby9NZCsxdlMvQTErTgpQd216T1Rhc0ZTZmlCSHBxdDZVSWdNWm1MenhOMkwyUzFYSFZ4MUg4c2h3aVFmQ0NtaS80eGpDYUhXOS9uUytYCnh5OGNEMXJJTUJkTlRaOERXU2Q0VU9iUWpHQ3ZUdFAvZEdkU21SU1BGNkt6YWIwRjU5dElqc20rVkhvd2NjS1QKaVB1bDUvQnpIRkFlZlV5dXpMeTJlb3ZjSzJzL0l1aWhBMDY5emIyS2JybURvTjBwNnhlRjlZR0o2VHVKZkNBeQpkOU5EejU3RjRBcTh2T2p5SjI2SEZhQ3ovRTdKWUxzZVJ2QWdZS2pRS0J4OVRwdjFNQnFYdm5mYWJQSzNUQVdGClZsV0xxeHRYZGJuYW5iOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== +contexts: + - name: vexxhost-sjc1 + context: + cluster: vexxhost-sjc1 + user: admin +current-context: default +kind: Config +preferences: {} +users: + - name: admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4VENDQWEyZ0F3SUJBZ0lSQVBxcnlJNkZXa25saHo4dWtqZHJ5elV3RFFZSktvWklodmNOQVFFTEJRQXcKRXpFUk1BOEdBMVVFQXd3SVRtOWtaWEJ2YjJ3d0hoY05NVGd4TVRJM01qTXpOelF4V2hjTk1qTXhNVEkzTWpNegpOelF4V2pBcE1RNHdEQVlEVlFRRERBVmhaRzFwYmpFWE1CVUdBMVVFQ2d3T2MzbHpkR1Z0T20xaGMzUmxjbk13CmdnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUROYzRMVFlyVjhPTVd1Tk5ndU5tb3UKOTZGcUp0NEljNFdoY1Y1SmU0V3dLbUN4bGpSV2hITnBDWkZ0REl4MHpNeUZzcmMxcjdTWWordEdDZXdmY3hKQgpwVU5FYmk3VWdTOEZRKzltWWdaTVcwUzZUL2RPbEpkc0lVSUU5QitiS3ZxSmd1emNZZkxldWU4bmp3T0xNeEl4Ck42YlFlMEhwbXB3bXpnS0dXMVpSYnpMN0Q2TjNoNUZIZWRBL1hGZ2FMVmR5VUtDK2dFQUxyem9UNk5NTFY3VTMKZGdQU0syS0pzbURFb1hTMWx6MkVCbUNrQUdodmdRaEs3TnlrMkEySnRDNTQ5c2ZjR1lMYmd4VXBwYVp2bW10KwpqQjhubW9JWTRyd1lpSnVHUkZsczNSYXFZNnRPWTl3YXpIdHZkZnFsVmxsTkJteDd6Mk5vSHBEWFA3a1FEN1ZaCkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURlU0lDenpPOGN0bnlPVUdUYS9STHdBNUs2bzJYUUEKc3ozSHRlcHRFL1hYV2E3MC9nUVlNNEhPdEx3Q3BncW1HZWZBbnczbUJzL0NWQ2tzVnA1cENjVnB6UkxYVFIwbAo3NG1sWllNSzY2QVMzWE5GZkVmS3RBU2pySHNrbUxpWCt4emVmR0VRTXRkaURHZFlObzErenV0aTdjV3A4Z2E5CnUzL2xPRnp4ekZveWhHTkhyOHJnOC8rMExnNTJGUmhZZCtLYkJxWVlqYkwzQ3JUbmtCY2tlUVZ1SkRaeE9WYnUKcmE3VFNEWlAzT01xK1B6QjlNdEJKendUVzVwMndkMVZQWEhCN1MrV0xBeGUyU2xOM0ZLaHRKQXg2SHNtczc1dwp6N0p0ZEZzdnVPUEtDcUIwYWJQazk4dkxkWXo1MWVWYm9saXV0TVNXMTcwNk5hUDJETnVmc2dNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t + client-key-data: {{ nodepool_vexxhost_kube_key }} diff --git a/playbooks/zuul/templates/group_vars/nodepool.yaml.j2 b/playbooks/zuul/templates/group_vars/nodepool.yaml.j2 index 9f3b361426..e2d36c0f97 100644 --- a/playbooks/zuul/templates/group_vars/nodepool.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/nodepool.yaml.j2 @@ -11,6 +11,7 @@ nodepool_internap_project: project nodepool_vexxhost_username: user nodepool_vexxhost_password: password nodepool_vexxhost_project: project +nodepool_vexxhost_kube_key: k8s_key nodepool_citycloud_username: user nodepool_citycloud_password: password nodepool_linaro_username: user diff --git a/testinfra/test_nodepool.py b/testinfra/test_nodepool.py index 32dc0938bd..d74459012c 100644 --- a/testinfra/test_nodepool.py +++ b/testinfra/test_nodepool.py @@ -21,3 +21,10 @@ def test_clouds_yaml(host): assert clouds_yaml.exists assert b'password' in clouds_yaml.content + + +def test_kube_config(host): + kubeconfig = host.file('/home/nodepool/.kube/config') + assert kubeconfig.exists + + assert b'k8s_key' in kubeconfig.content