summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'kud/deployment_infra/playbooks')
-rw-r--r--kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml30
-rw-r--r--kud/deployment_infra/playbooks/configure-kata-webhook.yml69
-rw-r--r--kud/deployment_infra/playbooks/configure-kata.yml29
-rw-r--r--kud/deployment_infra/playbooks/kud-vars.yml11
4 files changed, 139 insertions, 0 deletions
diff --git a/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml b/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml
new file mode 100644
index 00000000..4c25613a
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata-webhook-reset.yml
@@ -0,0 +1,30 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: localhost
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: "{{ playbook_dir }}/kud-vars.yml"
+ tasks:
+ - name: Remove Kata webhook
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-{{ kata_webhook_runtimeclass }}.yaml"
+
+ - name: Remove Kata mutating webhook configuration
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-registration.yaml"
+
+ - name: Remove Kata webhook certs
+ command: "/usr/local/bin/kubectl delete -f {{ kata_webhook_dest }}/deploy/webhook-certs.yaml" \ No newline at end of file
diff --git a/kud/deployment_infra/playbooks/configure-kata-webhook.yml b/kud/deployment_infra/playbooks/configure-kata-webhook.yml
new file mode 100644
index 00000000..cb11bdf7
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata-webhook.yml
@@ -0,0 +1,69 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: localhost
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: "{{ playbook_dir }}/kud-vars.yml"
+ tasks:
+ - name: Create Kata webook folder
+ file:
+ state: directory
+ path: "{{ kata_webhook_dest }}/deploy"
+ ignore_errors: yes
+
+ - name: Download Kata webhook script
+ get_url:
+ url: "{{ kata_webhook_script_url }}"
+ dest: "{{ kata_webhook_dest }}"
+
+ - name: Download Kata webhook registration yaml
+ get_url:
+ url: "{{ kata_webhook_registration_url }}"
+ dest: "{{ kata_webhook_dest }}/deploy"
+
+ - name: Download Kata webhook deployment yaml
+ get_url:
+ url: "{{ kata_webhook_deployment_url }}"
+ dest: "{{ kata_webhook_dest }}/deploy"
+
+ - name: Changing perm of create-certs.sh, adding "+x"
+ shell: "chmod +x create-certs.sh"
+ args:
+ chdir: "{{ kata_webhook_dest }}"
+ warn: False
+
+ - name: Modify webhook for {{ kata_webhook_runtimeclass }} Runtimeclass
+ shell: "sed 's/value: kata/value: {{ kata_webhook_runtimeclass }}/g' webhook.yaml | tee webhook-{{ kata_webhook_runtimeclass }}.yaml"
+ args:
+ chdir: "{{ kata_webhook_dest }}/deploy"
+ warn: False
+
+ - name: Create Kata webhook secret
+ command: "{{ kata_webhook_dest }}/create-certs.sh"
+ args:
+ chdir: "{{ kata_webhook_dest }}"
+ warn: False
+
+ - name: Apply Kata webhook certs
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-certs.yaml"
+
+ - name: Apply Kata mutating webhook configuration
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-registration.yaml"
+
+ - name: Apply Kata webhook
+ command: "/usr/local/bin/kubectl apply -f {{ kata_webhook_dest }}/deploy/webhook-{{ kata_webhook_runtimeclass }}.yaml" \ No newline at end of file
diff --git a/kud/deployment_infra/playbooks/configure-kata.yml b/kud/deployment_infra/playbooks/configure-kata.yml
new file mode 100644
index 00000000..664d3521
--- /dev/null
+++ b/kud/deployment_infra/playbooks/configure-kata.yml
@@ -0,0 +1,29 @@
+---
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+- hosts: kube-master
+ become: yes
+ pre_tasks:
+ - name: Load kud variables
+ include_vars:
+ file: kud-vars.yml
+ tasks:
+ - name: Apply Kata rbac roles
+ command: "/usr/local/bin/kubectl apply -f {{ kata_rbac_url }}"
+ - name: Apply Kata Deploy
+ command: "/usr/local/bin/kubectl apply -f {{ kata_deploy_url }}"
+ - name: Setup Kata runtime classes
+ command: "/usr/local/bin/kubectl apply -f {{ kata_runtimeclass_url }}"
+
diff --git a/kud/deployment_infra/playbooks/kud-vars.yml b/kud/deployment_infra/playbooks/kud-vars.yml
index 4ad9e378..24a9ef98 100644
--- a/kud/deployment_infra/playbooks/kud-vars.yml
+++ b/kud/deployment_infra/playbooks/kud-vars.yml
@@ -115,3 +115,14 @@ emcoctl_localhost: true
emco_roles:
- emco
- monitor
+
+kata_version: 2.1.0-rc0
+kata_rbac_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml"
+kata_deploy_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"
+kata_runtimeclass_url: "https://raw.githubusercontent.com/kata-containers/kata-containers/{{ kata_version }}/tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml"
+kata_webhook_dest: "{{ base_dest }}/kata_webhook"
+kata_webhook_version: 2.1.0-rc0
+kata_webhook_script_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/create-certs.sh"
+kata_webhook_registration_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/deploy/webhook-registration.yaml.tpl"
+kata_webhook_deployment_url: "https://raw.githubusercontent.com/kata-containers/tests/{{ kata_webhook_version }}/kata-webhook/deploy/webhook.yaml"
+kata_webhook_runtimeclass: "kata-clh"