From 3664e04b04ade624c1b2ee5bd2876939aed812cc Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Fri, 26 Jul 2019 15:53:26 +0200 Subject: k8s: Allow Dublin cluster creation using RKE This patch adds sample cluster.yml which is based on Dublin cluster configuration file [1]. Main difference is in avoiding repetition by using anchors and alias nodes. Actual cluster creation provisioner is disabled by default because 'control' and 'worker' nodes might not be ready yet. [1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml Issue-ID: SECCOM-235 Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9 Signed-off-by: Pawel Wieczorek --- test/security/k8s/vagrant/dublin/Vagrantfile | 32 ++++++++++++++---- test/security/k8s/vagrant/dublin/cluster.yml | 49 ++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 6 deletions(-) create mode 100644 test/security/k8s/vagrant/dublin/cluster.yml diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile index f0dfbb519..8870580c3 100644 --- a/test/security/k8s/vagrant/dublin/Vagrantfile +++ b/test/security/k8s/vagrant/dublin/Vagrantfile @@ -5,7 +5,9 @@ host_ip = "192.168.121.1" operator_key = "${HOME}/.ssh/onap-key" vagrant_user = "vagrant" vagrant_password = "vagrant" -synced_folder = "/vagrant" +synced_folder_main = "/vagrant" +synced_folder_config = "#{synced_folder_main}/config" +cluster_yml = "cluster.yml" vm_memory = 2 * 1024 vm_cpus = 1 @@ -65,6 +67,17 @@ $link_dotfiles = <<-SCRIPT done SCRIPT +$link_cluster_yml = <<-SCRIPT + SYNC_DIR="$1" + CLUSTER_YML="$2" + src="${SYNC_DIR}/${CLUSTER_YML}" + dst="$HOME" + echo "Symlinking ${src} to ${dst}" + ln -sf "$src" "$dst" +SCRIPT + +$rke_up = "rke up" + Vagrant.configure('2') do |config| all.each do |machine| config.vm.define machine[:name] do |config| @@ -96,20 +109,19 @@ Vagrant.configure('2') do |config| end if machine[:name] == 'operator' - config.vm.synced_folder "../../tools/config", synced_folder, type: "rsync" + config.vm.synced_folder ".", synced_folder_main, type: "rsync", rsync__exclude: "Vagrantfile" + config.vm.synced_folder "../../tools/config", synced_folder_config, type: "rsync" config.vm.provision "link_dotfiles_root", type: :shell, run: "always" do |s| s.inline = $link_dotfiles - s.args = synced_folder + s.args = synced_folder_config end config.vm.provision "link_dotfiles_user", type: :shell, run: "always" do |s| s.privileged = false s.inline = $link_dotfiles - s.args = synced_folder + s.args = synced_folder_config end - config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh" - config.vm.provision "install_sshpass", type: :shell, inline: $install_sshpass config.vm.provision "generate_key", type: :shell, privileged: false, inline: $generate_key, args: operator_key @@ -121,6 +133,14 @@ Vagrant.configure('2') do |config| s.args = [operator_key, vagrant_user, ips] s.env = {'PASSWORD': vagrant_password} end + + config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh" + config.vm.provision "link_cluster_yml", type: :shell, run: "always" do |s| + s.privileged = false + s.inline = $link_cluster_yml + s.args = [synced_folder_main, cluster_yml] + end + config.vm.provision "rke_up", type: :shell, run: "never", privileged: false, inline: $rke_up end end end diff --git a/test/security/k8s/vagrant/dublin/cluster.yml b/test/security/k8s/vagrant/dublin/cluster.yml new file mode 100644 index 000000000..f06222209 --- /dev/null +++ b/test/security/k8s/vagrant/dublin/cluster.yml @@ -0,0 +1,49 @@ +# An example of a Kubernetes cluster for ONAP +ssh_key_path: &ssh_key_path "~/.ssh/onap-key" +nodes: +- address: 172.17.0.100 + port: "22" + role: + - controlplane + - etcd + hostname_override: "onap-control-1" + user: vagrant + ssh_key_path: *ssh_key_path +- address: 172.17.0.101 + port: "22" + role: + - worker + hostname_override: "onap-k8s-1" + user: vagrant + ssh_key_path: *ssh_key_path +services: + kube-api: + service_cluster_ip_range: 10.43.0.0/16 + pod_security_policy: false + always_pull_images: false + kube-controller: + cluster_cidr: 10.42.0.0/16 + service_cluster_ip_range: 10.43.0.0/16 + kubelet: + cluster_domain: cluster.local + cluster_dns_server: 10.43.0.10 + fail_swap_on: false +network: + plugin: canal +authentication: + strategy: x509 +ssh_key_path: *ssh_key_path +ssh_agent_auth: false +authorization: + mode: rbac +ignore_docker_version: false +kubernetes_version: "v1.13.5-rancher1-2" +private_registries: +- url: nexus3.onap.org:10001 + user: docker + password: docker + is_default: true +cluster_name: "onap" +restore: + restore: false + snapshot_name: "" -- cgit 1.2.3-korg