aboutsummaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra
AgeCommit message (Collapse)AuthorFilesLines
2021-06-24Add ovn4nfv-network addonTodd Malsbary8-0/+63
This chart contains the ovn-networkobj NetworkAttachmentDefinition required by EMCO. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Iaf10bacaf7ff263b165ca18a427958f7e75c3628
2021-06-24Merge "Move topology-manager configuration to kubespray"Eric Multanen2-73/+0
2021-06-24Merge "Refactor EMCO deploy of addons"Eric Multanen10-266/+380
2021-06-24Merge "Add kubevirt and cdi addon helm charts"Eric Multanen41-1/+6056
2021-06-21Move topology-manager configuration to kubesprayTodd Malsbary2-73/+0
The steps performed by the existing ansible playbook can be performed directly by kubespray. In addtion, fix and enable the topology-manager.sh test. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Iee2197c1fc3e35288796399cccff0d3ae0925a6c
2021-06-16SDEWAN CNF helm chartYao Le6-0/+351
Create SDEWAN CNF helm chart and configure it with default value Issue-ID: MULTICLOUD-1092 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: Ib80e6b734c599a91f90d2fa4c32b098d6d279c0b Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
2021-06-15Add kubevirt and cdi addon helm chartsTodd Malsbary41-1/+6056
Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I6ba134140f0aca6717c656ffa35c6576426a8b98
2021-06-09Refactor EMCO deploy of addonsTodd Malsbary10-266/+380
Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I90b33cd99c42017b50f3174b6f9033a861e11dd3
2021-06-04Expose installer ENV vars through DockerfileTodd Malsbary3-1/+9
Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ie913d3f26d039fae0bff98149ebe0a6e6dea2ebd
2021-05-21Merge "Mount /var/run as shared"Ritu Sood1-0/+1
2021-05-20Added initial kata files and containerd support as well as adding the Kata ↵Eric Adams4-0/+139
webhook Issue-ID: MULTICLOUD-1320 Signed-off-by: Eric Adams <eric.adams@intel.com> Change-Id: I9ef0bcde7c2ef22a04c32311d4571abc3b688ffe
2021-05-19Mount /var/run as sharedTodd Malsbary1-0/+1
This fixes the "unknown FS magic" error reported by nfn-agent: E0518 22:05:58.596460 20593 cni.go:150] Failed to configure interface in pod: failed to open netns "/var/run/netns/cni-c24e4d8e-819c-6a0c-9ae5-6b4e5cf8f68d": unknown FS magic on "/var/run/netns/cni-c24e4d8e-819c-6a0c-9ae5-6b4e5cf8f68d": 1021994 It can be observed as a failure of the ovn4nfv.sh test when CONTAINER_RUNTIME is "containerd". Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: If979110d125511827a65a5de5101a2832d5efeb5
2021-05-10Merge "EMCO deploy of addons"Ritu Sood21-0/+403
2021-05-07Update go_version from 1.12 to 1.14.Todd Malsbary1-1/+1
Go reports a missing crypto/ed25519 module when running the vagrant installer with KUD_PLUGIN_ENABLED. The package was introduced in go 1.13 (https://golang.org/doc/go1.13#crypto/ed25519). Issue-ID: MULTICLOUD-1343 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I2fdd06b67122506308038be0fe6b00a2e737f0f0
2021-05-07EMCO deploy of addonsTodd Malsbary21-0/+403
An example is provided with instructions on how to install the addons with emcoctl. Addtionally, the containerized installer will populate /opt/kud/addons and /opt/kud/multi-cluster/$CLUSTER_NAME/artifacts with the files and instructions necessary as well. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I74de1c9d18a0aaec4a96e38684ec80f00ab0b940
2021-05-07Merge "Replace emco with openness-21.03 release"Ritu Sood6-45/+244
2021-05-05Add qat addon helm chartTodd Malsbary11-1/+971
This chart contains the upstream qat plugin from intel-device-plugins-for-kubernetes together with a qat driver installer. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I3467ba204276999dac4087bdf68ac0d4439861ad
2021-05-05Merge "Add cmk addon helm chart"Ritu Sood9-0/+654
2021-05-05Merge "Add sriov-network addon helm chart"Ritu Sood6-0/+317
2021-05-05Merge "Add ovn4nfv addon helm chart"Ritu Sood17-0/+1232
2021-05-05Merge "Add sriov-network-operator addon helm chart"Ritu Sood20-0/+1384
2021-05-04Add ovn4nfv addon helm chartTodd Malsbary17-0/+1232
This chart follows the upstream installation guide with the following exceptions: - The node-role.kubernetes.io/master:NoSchedule taint is not removed. The YAML files already included the necessary tolerations. - No node labeling is done. Instead, the ovn-control-plane node selector is for the master role, and the nfn-operator pod affinity is for "role: ovn-control-plane". This ensures that the ovn-control-plane and nfn-operator run are scheduled on the same master node, equivalent to the labelling approach used upstream. Also, additional allowed capabilities are needed to run the pods with the restricted PodSecurityPolicy. These capabilities are requested by the Pods, but not available in the default set of allowed capabilities. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I54ae12434572e2e2dd1fe2ec9298d04557331d94
2021-05-04Replace emco with openness-21.03 releaseTodd Malsbary6-45/+244
This change also installs emcoctl in the artifacts directory, similar to what is done for kubectl by kubespray. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I8447210487578ceeef61afc7c3e4d97905303c8a
2021-05-04Add sriov-network addon helm chartTodd Malsbary6-0/+317
This chart deploys the CR used by the sriov-network-operator. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I9364868d3e58fd64e51a77aaa934284fad86a1b1
2021-05-04Add sriov-network-operator addon helm chartTodd Malsbary20-0/+1384
This chart contains the upstream sriov-network-operator from k8snetworkplumbingwg together with an iavf driver installer. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ic925c66f8e2b28b7604240c3ed35b1a56883b60b
2021-04-30Merge "Remove unused cmk kud vars"Ritu Sood1-4/+0
2021-04-30Merge "Add nfd addon helm chart"Ritu Sood11-0/+619
2021-04-30Merge "Add multus addon helm chart"Ritu Sood10-0/+433
2021-04-30Merge "Add Makefile for addon helm charts"Ritu Sood2-0/+52
2021-04-29Add cmk addon helm chartTodd Malsbary9-0/+654
The chart follows the instructions laid out in the CMK operator manual, with the following notes: - The nodes are prepared by running each CMK subcommand as a Pod instead of running cmk cluster-init. The first reason for this is that the existing addon only deploys CMK to the worker nodes in the cluster. This is not possible using cluster-init without explicitly providing the list of worker nodes to cluster-init, and this list is unknown by helm. Instead it is sufficient to rely on the node-role.kubernetes.io/master:NoSchedule taint. The second reason is that cluster-init creates resources which are unknown to helm, thus uninstall does not behave as expected. - The v1.4.1 version of CMK is chosen. In v1.5.2, the description key of the cmk-nodereport resource is not correct. - All values listed as possibly requiring modification are exposed in values.yaml Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ibc75462de3729cd88edeb4b15602d57fe12791ca
2021-04-29Remove unused cmk kud varsTodd Malsbary1-4/+0
Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I0c1d43de8506233eb62bde52641bb7fc95b422fc
2021-04-28Add X710 to iavf driver NICsTodd Malsbary2-9/+3
Issue-ID: MULTICLOUD-1336 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7a0ee4302c020e6b7ec785d6a85af636b6a85ecc
2021-04-09Add multus addon helm chartTodd Malsbary10-0/+433
- Support for calico configuration is present but currently disabled. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I2d2161564c4da2e165e5cf13cea92fae4935f8b2
2021-04-06Add Makefile for addon helm chartsTodd Malsbary2-0/+52
Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I90a9cf23a8fb01cbc579d2b6670b476494c2a7bb
2021-03-30Add nfd addon helm chartTodd Malsbary11-0/+619
This change adds iavf, qat, and pci device labels to the node feature discovery config. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ie6296caf898983149483ac581428f2c80405bca8
2021-01-24Merge "Fix the nodeSelector indent and define name"Ritu Sood3-5/+5
2020-12-10Merge "Fix broken virtlet image URL"Eric Multanen1-1/+1
2020-12-10Merge "Enable pod security policies"Eric Multanen4-2/+39
2020-12-09Enable pod security policiesTodd Malsbary4-2/+39
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2020-12-07Fix QAT addon deploy and testTodd Malsbary3-91/+75
Note that as mentioned in install_qat.sh, the kernel command line must include "intel_iommu=on iommu=pt" for the deploy and test to succeed. The underlying issue is that the playbook was expecting to be run on the same host it executed on and was looking for files in the wrong places. Issue-ID: MULTICLOUD-1261 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
2020-12-02Fix broken virtlet image URLTodd Malsbary1-1/+1
Issue-ID: MULTICLOUD-1259 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I92cc722818b9023b4aa29d191cf92e2c319f957b
2020-11-23Fix the nodeSelector indent and define nameLe Yao3-5/+5
Deploy the sdewan controller on master node Change sdewan-contoller-manager to sdewan-crd-controller Issue-ID: MULTICLOUD-1253 Signed-off-by: Le Yao <le.yao@intel.com> Change-Id: Ic55744914266278f1c344c10af587d41f4426918
2020-11-19Fix CrashLoopBackoff in emco-fluentd PodTodd Malsbary1-0/+4
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to resolve the "cluster.local" name. Explicitly set the fluentd.clusterDomain value to the actual cluster name during helm install. Issue-ID: MULTICLOUD-1244 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
2020-11-19Merge "Build and deploy sriov module only on supported hosts."Ritu Sood5-89/+96
2020-11-19Merge "Update multus-daemonset.yml to that of multus-cni v3.6 release"Ritu Sood1-17/+45
2020-11-19Merge "Upgrade kubespray from 2.12.6 to 2.14.1"Ritu Sood8-48/+27
2020-11-11Update multus-daemonset.yml to that of multus-cni v3.6 releaseTodd Malsbary1-17/+45
The only change to the upstream yml is the removal of the kube-multus-ds-ppc64le DaemonSet and the replacement of "default-cni-network" with "cni0". Note also that the v3.6 yml actually uses the v3.4.1 image tag. The yml now points to a v3.4.1 image with the addition of code to merge the results from all delegates to support Virtlet. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I0e18644a567facfac1fd7dc1c053002b2d906288
2020-10-30Upgrade kubespray from 2.12.6 to 2.14.1Todd Malsbary8-48/+27
- Replace move of ansible.cfg from kubespray distribution to /etc/ansible with ANSIBLE_CONFIG environment variable. Ansible modifies ansible.cfg during installation, and the paths in it are relative. - kubespray 2.14.1 requires a kubernetes version > 1.16. Use the default versions of kubernetes and helm provided by kubespray 2.14.1. - kubespray 2.14.1 replaces helm 2 with helm 3. This removes support for helm init and helm serve. It is no longer necessary to call helm init, and the helm serve repository is replaced with file relative URLs. This also triggered a subsequent update of the kubernetes-helm ansible module to include the newer helm versions. - Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of etcd will fail without this due to nil PersistentVolume.metadata.labels.type. - The mitogen module used by kubespray/ansible requires python2 on the hosts. Use the linear strategy to bypass mitogen and install python2 on the cluster hosts. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
2020-10-30Use same host in both copy and run of deploy_optane.shTodd Malsbary2-9/+9
NOTE: This is not a complete fix, it is only a workaround so that installer.sh can succeed when Optane hardware is not present. Without this, "No such file or directory" is reported during the "Apply Optane PMEM CSI Daemonset" task of the configure-optane playbook. This error was observed with kubespray 2.14.1 and not with 2.12.6. Issue-ID: MULTICLOUD-1234 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
2020-10-05Build and deploy sriov module only on supported hosts.Todd Malsbary5-89/+96
Building on the target host fixes a couple issues: - In the containerized installer, the container image does not include the necessary kernel headers to build the module. - The build and target host must have the same kernel version. There is no guarantee of this. The deploy uses NFD, similar to the QAT playbook. Issue-ID: MULTICLOUD-1228 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13