Cluster API Bootstrapping playbook

Change-Id: Ic9abda6619d10bb5c2b1ac2cf77f962a793714d9

mcapi_vexxhost/playbooks/bootstrap.yml

@@ -0,0 +1,7 @@
+- hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Copy configuration files into place
+      ansible.builtin.copy:
+        src: '.'
+        dest: '/etc/'

mcapi_vexxhost/playbooks/files/openstack_deploy/conf.d/k8s.yml

@@ -0,0 +1,3 @@
+cluster-api_hosts:
+  aio1:
+    ip: 172.29.236.100

mcapi_vexxhost/playbooks/files/openstack_deploy/env.d/k8s.yml

@@ -0,0 +1,20 @@
+---
+component_skel:
+  k8s_capi:
+    belongs_to:
+      - k8s_all
+
+container_skel:
+  k8s_container:
+    belongs_to:
+      - cluster-api_containers
+    contains:
+      - k8s_capi
+
+physical_skel:
+  cluster-api_containers:
+    belongs_to:
+      - all_containers
+  cluster-api_hosts:
+    belongs_to:
+      - hosts

mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/haproxy_service.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2023, BBC R&D
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+haproxy_k8s_service:
+  haproxy_service_name: k8s
+  haproxy_backend_nodes: "{{ groups['k8s_all'] | default([]) }}"
+  haproxy_ssl: false
+  haproxy_ssl_all_vips: false
+  haproxy_port: 6443
+  haproxy_balance_type: tcp
+  haproxy_balance_alg: leastconn
+  haproxy_interval: '15000'
+  haproxy_backend_port: 6443
+  haproxy_backend_rise: 2
+  haproxy_backend_fall: 2
+  haproxy_timeout_server: '15m'
+  haproxy_timeout_client: '5m'
+  haproxy_backend_options:
+    - tcplog
+    - ssl-hello-chk
+    - log-health-checks
+    - httpchk GET /healthz
+  haproxy_backend_httpcheck_options:
+    - 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthz'
+  haproxy_backend_server_options:
+    - check-ssl
+    - verify none
+  haproxy_service_enabled: "{{ groups['k8s_all'] is defined and groups['k8s_all'] | length > 0 }}"
+
+k8s_haproxy_services:
+  - "{{ haproxy_k8s_service | combine(haproxy_k8s_service_overrides | default({})) }}"

mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml

@@ -0,0 +1,6 @@
+lxc_container_config_list:
+  - "lxc.apparmor.profile=unconfined"
+
+lxc_container_mount_auto:
+  - "proc:rw"
+  - "sys:rw"

mcapi_vexxhost/playbooks/files/openstack_deploy/user-ansible-venv-requirements.txt

@@ -0,0 +1,2 @@
+docker-image-py
+kubernetes

mcapi_vexxhost/playbooks/files/openstack_deploy/user-collection-requirements.yml

@@ -0,0 +1,9 @@
+collections:
+  - name: vexxhost.kubernetes
+    source: https://github.com/jrosser/ansible-collection-kubernetes
+    type: git
+    version: synchronize
+  - name: osa_ops.mcapi_vexxhost
+    type: git
+    version: master
+    source: https://opendev.org/openstack/openstack-ansible-ops#/mcapi_vexxhost

mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml

@@ -0,0 +1,16 @@
+# wire OSA group, host and network addresses into k8s deployment
+kubernetes_control_plane_group: k8s_container
+kubelet_hostname: "{{ ansible_facts['hostname'] }}"
+kubelet_node_ip: "{{ management_address }}"
+kubernetes_hostname: "{{ internal_lb_vip_address }}"
+kubernetes_non_init_namespace: true
+
+# Pick a range of addresses for cilium that do not collide with anything else
+cilium_ipv4_cidr: 172.29.200.0/22
+
+# Set this manually, or kube-proxy will try to do this - not possible
+# in a non-init namespace and will fail in LXC
+openstack_host_nf_conntrack_max: 1572864
+
+# OSA containers dont run ssh by default so cannot use synchronize
+upload_helm_chart_method: copy

mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_tempest.yml

@@ -0,0 +1 @@
+tempest_tempest_install: False

mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml

@@ -0,0 +1,39 @@
+---
+# Copyright 2020, VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# install magnum-cluster-api and kubernetes python package into magnum venv
+magnum_user_pip_packages:
+  - git+https://github.com/vexxhost/magnum-cluster-api@main#egg=magnum-cluster-api
+  - kubernetes
+
+# ensure that the internal VIP CA is trusted by the CAPI driver
+# TODO - this is too hardwired somehow
+magnum_config_overrides:
+  drivers:
+    openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
+  capi_client:
+    ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
+    endpoint: 'internalURL'
+  cluster_template:
+    kubernetes_allowed_network_drivers: 'calico'
+    kubernetes_default_network_driver: 'calico'
+  certificates:
+    cert_manager_type: x509keypair
+
+# use the openstack_resources role in the capi functional test rather than os_magnum
+# to create the test resources
+magnum_glance_images: []
+magnum_cluster_templates: []
+magnum_flavors: []