summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra
AgeCommit message (Collapse)AuthorFilesLines
2020-12-10Merge "Enable pod security policies"Eric Multanen4-2/+39
2020-12-09Enable pod security policiesTodd Malsbary4-2/+39
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2020-12-07Fix QAT addon deploy and testTodd Malsbary3-91/+75
Note that as mentioned in install_qat.sh, the kernel command line must include "intel_iommu=on iommu=pt" for the deploy and test to succeed. The underlying issue is that the playbook was expecting to be run on the same host it executed on and was looking for files in the wrong places. Issue-ID: MULTICLOUD-1261 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
2020-11-19Fix CrashLoopBackoff in emco-fluentd PodTodd Malsbary1-0/+4
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to resolve the "cluster.local" name. Explicitly set the fluentd.clusterDomain value to the actual cluster name during helm install. Issue-ID: MULTICLOUD-1244 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
2020-11-19Merge "Build and deploy sriov module only on supported hosts."Ritu Sood5-89/+96
2020-11-19Merge "Update multus-daemonset.yml to that of multus-cni v3.6 release"Ritu Sood1-17/+45
2020-11-19Merge "Upgrade kubespray from 2.12.6 to 2.14.1"Ritu Sood8-48/+27
2020-11-11Update multus-daemonset.yml to that of multus-cni v3.6 releaseTodd Malsbary1-17/+45
The only change to the upstream yml is the removal of the kube-multus-ds-ppc64le DaemonSet and the replacement of "default-cni-network" with "cni0". Note also that the v3.6 yml actually uses the v3.4.1 image tag. The yml now points to a v3.4.1 image with the addition of code to merge the results from all delegates to support Virtlet. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
2020-10-30Upgrade kubespray from 2.12.6 to 2.14.1Todd Malsbary8-48/+27
- Replace move of ansible.cfg from kubespray distribution to /etc/ansible with ANSIBLE_CONFIG environment variable. Ansible modifies ansible.cfg during installation, and the paths in it are relative. - kubespray 2.14.1 requires a kubernetes version > 1.16. Use the default versions of kubernetes and helm provided by kubespray 2.14.1. - kubespray 2.14.1 replaces helm 2 with helm 3. This removes support for helm init and helm serve. It is no longer necessary to call helm init, and the helm serve repository is replaced with file relative URLs. This also triggered a subsequent update of the kubernetes-helm ansible module to include the newer helm versions. - Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of etcd will fail without this due to nil PersistentVolume.metadata.labels.type. - The mitogen module used by kubespray/ansible requires python2 on the hosts. Use the linear strategy to bypass mitogen and install python2 on the cluster hosts. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
2020-10-30Use same host in both copy and run of deploy_optane.shTodd Malsbary2-9/+9
NOTE: This is not a complete fix, it is only a workaround so that installer.sh can succeed when Optane hardware is not present. Without this, "No such file or directory" is reported during the "Apply Optane PMEM CSI Daemonset" task of the configure-optane playbook. This error was observed with kubespray 2.14.1 and not with 2.12.6. Issue-ID: MULTICLOUD-1234 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
2020-10-05Build and deploy sriov module only on supported hosts.Todd Malsbary5-89/+96
Building on the target host fixes a couple issues: - In the containerized installer, the container image does not include the necessary kernel headers to build the module. - The build and target host must have the same kernel version. There is no guarantee of this. The deploy uses NFD, similar to the QAT playbook. Issue-ID: MULTICLOUD-1228 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
2020-09-23Merge "Add playbooks for v2 emco chart."Ritu Sood3-1/+112
2020-09-23Add playbooks for v2 emco chart.Todd Malsbary3-1/+112
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to emco.sh. This allows --plugins emco to be passed to installer.sh in place of --plugins onap4k8s. Issue-ID: MULTICLOUD-1181 Signed-off-by: Todd <todd.malsbary@intel.com> Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
2020-09-23Create helm chart for ICN/SDEWAN controllersYao Le12-0/+1755
Create helm chart for sdewan-controller in KUD Issue-ID: MULTICLOUD-1104 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: Ic5d8daecdecba52c05d3ed38fa91ebd555ce5533
2020-09-01Replace invalid literal true with valid string "true" in yaml.Todd Malsbary1-1/+1
Prior to this change qat_plugin_privileges.yaml fails to kubectl apply due to a validation error. Issue-ID: MULTICLOUD-1182 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ibe73c1b39d1164fe05ea5cdede74dc93f846c943
2020-08-10Integrate Topology Managerchenjie12-0/+73
Integrate topology manager by utilizing ansible scripts from openness. Issue-ID: MULTICLOUD-1102 Signed-off-by: ChenjieXu <chenjie.xu@intel.com> Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
2020-05-27Bug fix for the qat device plugin deploymentKuralamudhan Ramakrishnan1-0/+9
Issue-ID: MULTICLOUD-1075 Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I0b02a3872b525a061bbdaf87aabad8b3fee539cc
2020-06-01Merge "Update the Kubernetes Version to 1.16"Huang Haibin5-7/+25
2020-06-01Merge "Add support for pmem-csi plugin and e2e test"Huang Haibin9-0/+1074
2020-05-30Add support for pmem-csi plugin and e2e testChen, Tingjie9-0/+1074
Issue-ID: MULTICLOUD-1046 Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
2020-05-27Update the Kubernetes Version to 1.16Yao Le5-7/+25
Update kubespray to 2.12 to deploy Kubernetes 1.16 Issue-ID: MULTICLOUD-1063 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
2020-05-26Bug fix for the ImagePullBackOff error in qat testKuralamudhan Ramakrishnan1-1/+1
Issue-ID: MULTICLOUD-1076 Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I2b6bfb265ce5e055987788f6f28fc475a8b5b46c
2020-05-25sriov baremetal installation fixKuralamudhan Ramakrishnan2-5/+11
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Issue-ID: MULTICLOUD-1074 Change-Id: I5c497aef954945c4baee10ff5613b220ed9b8152
2020-05-21Update scripts for ovn4nfv in multicloud-k8sRuoyu1-12/+26
* Update the image version to integratedcloudnative/ovn4nfv-k8s-plugin * Update the CRD of provider network to support direct provider network Issue-ID: MULTICLOUD-1070 Change-Id: Icfa321bbd354de47af4db65b2021c87facc26871 Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
2020-05-05add cmk in KuDLiang Ding4-0/+479
- deploy cmk related pods - untaint compute nodes if necessary - run cmk unit tests: allocate CPUs from exclusive and shared pools - deploy a testing nginx pod along with cmk testing pods - preset 1/2 CPUs for shared/exlusive pools to fit CI server machines users can adjust the parameters to meet their own requirements Test Results: - many rounds of vagrant/5 VMs(controller01/02/03 and compute01/02) based test are all OK - 14 rounds tests on my local server (S2600WFQ (36C/72T) )and PC(HP Z228 (4C/4T)) with all-in-one bare metal deployment are all OK - CI(a 4C/4T machine) results of latest patch set also show that the test of bare metal deployment is OK - NOTE: both my local test and CI use the same testing method of calling aio.sh after applying the latest patch set. Change-Id: I046a4a63b94f92f23347ab76c21a661521e01119 Issue-ID: MULTICLOUD-879 Signed-off-by: Liang Ding <liang.ding@intel.com>
2020-04-27Merge "Install criproxy binary in /usr/local/bin instead of /tmp. Issue-ID: ↵Ritu Sood2-1/+4
MULTICLOUD-1051"
2020-04-21Upgrate the out-of-date link in virtlet testYao Le1-1/+1
The fedora 29 image link is out of date. It is not reachable now. So upgrade the link to fedora 31. Issue-ID: MULTICLOUD-1057 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: I5f384cb906bf080c55ea4ea2a27b1514722c8b76
2020-04-19Install criproxy binary in /usr/local/bin instead of /tmp.Eric Tang2-1/+4
Issue-ID: MULTICLOUD-1051 Signed-off-by: Eric Tang <qcorba@gmail.com> Change-Id: I96443ee539de0e2a18011148f86f97e70634cae3 Signed-off-by: Eric Tang <qcorba@gmail.com>
2020-02-27Adding QAT device plugin to KuDakhilakishore6-6/+466
Basic working skeleton. Adding install script adding vars and updated the playbook. Working on Kernel mode updates and driver installation. Removing SRIOV vars Adding script to change the SSL value for 2 kinds of config files. Updating daemonset image. Adding prereq packages for qat. Minor edits for bashate.Adding testcase and conditions to Ansible tasks for clean, uninstall and install the driver. Updating the plays to use templating. Adding qat-kernel mode test case. Signed-off-by: akhilakishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-860 Change-Id: I5ad99e7211c859dc3cb054df644edd3fa77b2596
2020-02-10Fix OVN issue in KUDRitu Sood1-0/+8
OVN related test cases are failing. This patch updates the installation of OVN. Issue-ID: MULTICLOUD-474 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Idfa7d256b74d01d9ff604a02ba06d6ce82a8f09d
2019-12-29Update nfn-operator to add provider networksRitu Sood1-2/+226
Issue-ID: MULTICLOUD-474 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I92d0d34a46b8faadda8aa698307ede4306316ef7
2019-11-28Remove WAND repositoryKonrad Bańka1-8/+0
Official ubuntu repositories already contain all ovn/ovs packages. WAND repository may introduce unnecessary complications, as it pins package dependencies to exact version making conflicts with ubuntu ones. Issue-ID: MULTICLOUD-957 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Ida75e5a38ab5796c4b95e7d633aebb276383a745
2019-11-21adding both i40evf iavf to support back compatibilityr.kuralamudhan1-1/+1
Issue-ID: MULTICLOUD-944 Signed-off-by: r.kuralamudhan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I22b92adaad8d4f778b97821df68c1d42e2012e9c
2019-11-15Merge "Updating sriov playbook to meet requirements of updated device"Ritu Sood5-43/+75
2019-11-13Updating sriov playbook to meet requirements of updated deviceAkhila Kishore5-43/+75
Previous sriov playbook supported X710 SRIOV NIC. Updating the scripts to support new device XL710. Other changes include syntactical corrections to "WHEN" condition in ansible. Co-authored-by: hle2 <huifeng.le@intel.com> Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-929 Change-Id: I697a49a64472ad2d755753e58f8fd4e7857b0456
2019-11-11Optimizing the onap4k8s for all deployment modelKuralamudhan Ramakrishnan1-0/+8
Issue-ID: MULTICLOUD-927 Co-authored-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I97019f3ab06c948b77e189f526c4e217e7706fb6
2019-10-24Merge "Adding onap4ks installation script in kud containerized installer"Ritu Sood3-1/+104
2019-10-24Merge "Update KUD to switch to Ubuntu 18.04"Kiran Kamineni1-2/+0
2019-10-23update helm chart for onap4k8s installation scriptKuralamudhan Ramakrishnan2-2/+2
Issue-ID: MULTICLOUD-867 Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> Co-authored-by: Ritu Sood <ritu.sood@intel.com> Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I72f3b56fd709da21854280abeaadb0c6d03b72fb
2019-10-23Adding onap4ks installation script in kud containerized installerKuralamudhan Ramakrishnan3-1/+104
Issue-ID: MULTICLOUD-867 Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> Co-authored-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8 Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2019-10-21Adding SRIOV Network Device Plugin to KuDAkhila Kishore8-0/+398
Integrating SRIOV as an add-on to KuD. A device should have X700 series NIC for this Add-on to work. Getting the device driver, build and installing it is a part of this patch. Followed by running the SRIOV CNI Daemonset, and NetworkAttachmentDefinition. Reworked the way SRIOV check happens. Previously ran on installer.sh. Now the script is injected into kube-nodes and playbook will run only if the hardware check is true by creating a conf file. Removed unwanted comments and nit changes. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-832 Change-Id: I1701a50bc717ddca0d332d6a42d329eaf4c03820
2019-10-20Update KUD to switch to Ubuntu 18.04Ritu Sood1-2/+0
Removed not needed packages for 18.04 for OVN, updated the vagrant image to 18.04 and added some needed apt packages Issue-ID: MULTICLOUD-474 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I82550f8e58371af1c2476540c6b864384c450967
2019-09-12Merge "Integrating NFD Daemonset with KuD"Ritu Sood4-51/+151
2019-09-12Remove unused ovn-kubernetesRitu Sood1-136/+0
Removing unsused ovn-kubernetes playbook and test from KUD. Currently there is no plan to use and also this is untested. Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I684bf82c7d4ab6d051178a027a385923ec9c4f2b
2019-09-11Integrating NFD Daemonset with KuDAkhila Kishore4-51/+151
Current NFD code in KuD is unused and obsolete. Integrating NFD as DaemonSet and updating test case for NFD. Added comments. Addressed comments and changed the matchExpression to kernel features. Changed operator from "In" to Gt, and values 4 to 3 better fit broader spectrum of O.S's. Adding exit conditon in case there's an error status. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-797 Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183
2019-09-04Merge "Use Multus Daemonset for installing Multus in KuD"Ritu Sood3-117/+164
2019-09-03Use Multus Daemonset for installing Multus in KuDAkhila Kishore3-117/+164
Currently KuD uses Ansible scripts for installing Multus. Multus has a daemonset that should be used for installing the multus as part of an add-on. This is also helpful for KuD offline deployment in the future. Removed the comment. Updated the images path and removed error supression addressed by comments. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-681 Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840
2019-08-28Merge "Remove unsused variables from kud-vars"Kiran Kamineni1-6/+0
2019-08-30Remove unsused variables from kud-varsRitu Sood1-6/+0
ovn4nfv url and other information not required now after the patch https://gerrit.onap.org/r/#/c/multicloud/k8s/+/93602/ Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Ic4ccc67647c85a39d482ff7d71122f05641d1acb
2019-08-29Fix path to imagesRitu Sood1-1/+1
Relative playbook path breaks in aio configuration. Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Id064157d010438dea33500dd0dc200b1c1b0f0d1