Merge "[doc] Move all variables to group_vars"
This commit is contained in:
Zuul
Gerrit Code Review
commit
23172d96b7
@ -110,10 +110,13 @@ in `/etc/openstack_deploy/group_vars/k8s_all/haproxy_service.yml`
|
||||
Configure the LXC container that will host the control plane k8s cluster to
|
||||
be suitable for running nested containers in `/etc/openstack_deploy/group_vars/k8s_all/main.yml`
|
||||
|
||||
There you can also set config-overrides for the control plane of the k8s cluster,
|
||||
which integrate the control plane k8s deployment with the rest of the openstack-ansible deployment.
|
||||
|
||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
|
||||
:language: yaml
|
||||
|
||||
Set up config-overrides for the magnum service in `/etc/openstack_deploy/user_variables_magnum.yml`.
|
||||
Set up config-overrides for the magnum service in `/etc/openstack_deploy/group_vars/magnum_all/main.yml`.
|
||||
Adjust the images and flavors here as necessary, these are just for demonstration. Upload as many
|
||||
images as you need for the different workload cluster kubernetes versions.
|
||||
|
||||
@ -123,14 +126,7 @@ service and cluster-api can be configured to interact with either the external o
|
||||
internal endpoint and must trust the SSL certificiate. Depending on the environment,
|
||||
these may be derived from different certificate authorities.
|
||||
|
||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
|
||||
:language: yaml
|
||||
|
||||
Set up config-overrides for the control plane k8s cluster in /etc/openstack_deploy/user_variables_k8s.yml`
|
||||
These variables integrate the control plane k8s deployment with the rest of the
|
||||
openstack-ansible deployment.
|
||||
|
||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
|
||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
|
||||
:language: yaml
|
||||
|
||||
Run the deployment
|
||||
|
||||
@ -1,6 +1,31 @@
|
||||
---
|
||||
# Run ansible modules in a venv on the target hosts
|
||||
ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
|
||||
|
||||
# Pick a range of addresses for cilium that do not collide with anything else
|
||||
cilium_ipv4_cidr: 172.29.200.0/22
|
||||
|
||||
# wire OSA group, host and network addresses into k8s deployment
|
||||
kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
|
||||
kubelet_node_ip: "{{ management_address }}"
|
||||
kubernetes_control_plane_group: k8s_container
|
||||
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
||||
kubernetes_non_init_namespace: true
|
||||
|
||||
# Define custom k8s version for the control cluster
|
||||
# kubernetes_version: 1.31
|
||||
|
||||
# Define LXC container overrides
|
||||
lxc_container_config_list:
|
||||
- "lxc.apparmor.profile=unconfined"
|
||||
|
||||
lxc_container_mount_auto:
|
||||
- "proc:rw"
|
||||
- "sys:rw"
|
||||
|
||||
# Set this manually, or kube-proxy will try to do this - not possible
|
||||
# in a non-init namespace and will fail in LXC
|
||||
openstack_host_nf_conntrack_max: 1572864
|
||||
|
||||
# OSA containers dont run ssh by default so cannot use synchronize
|
||||
upload_helm_chart_method: copy
|
||||
|
||||
@ -0,0 +1,38 @@
|
||||
---
|
||||
# Copyright 2020, VEXXHOST, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
magnum_magnum_cluster_api_git_install_branch: v0.22.1
|
||||
|
||||
# install magnum-cluster-api and kubernetes python package into magnum venv
|
||||
magnum_user_pip_packages:
|
||||
- "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
|
||||
- kubernetes
|
||||
|
||||
# ensure that the internal VIP CA is trusted by the CAPI driver
|
||||
magnum_config_overrides:
|
||||
drivers:
|
||||
# Supply a custom CA file which will be passed and used exclusively on all workload nodes
|
||||
# System trust will be used by default
|
||||
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
capi_client:
|
||||
# Supply a CA that will be used exclusively for connections towards
|
||||
# OpenStack public and internal endpoints.
|
||||
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
endpoint: 'internalURL'
|
||||
cluster_template:
|
||||
kubernetes_allowed_network_drivers: 'calico'
|
||||
kubernetes_default_network_driver: 'calico'
|
||||
certificates:
|
||||
cert_manager_type: x509keypair
|
||||
@ -1,19 +0,0 @@
|
||||
# wire OSA group, host and network addresses into k8s deployment
|
||||
kubernetes_control_plane_group: k8s_container
|
||||
kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
|
||||
kubelet_node_ip: "{{ management_address }}"
|
||||
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
||||
kubernetes_non_init_namespace: true
|
||||
|
||||
# Pick a range of addresses for cilium that do not collide with anything else
|
||||
cilium_ipv4_cidr: 172.29.200.0/22
|
||||
|
||||
# Set this manually, or kube-proxy will try to do this - not possible
|
||||
# in a non-init namespace and will fail in LXC
|
||||
openstack_host_nf_conntrack_max: 1572864
|
||||
|
||||
# OSA containers dont run ssh by default so cannot use synchronize
|
||||
upload_helm_chart_method: copy
|
||||
|
||||
# Run ansible modules in a venv on the target hosts
|
||||
ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
|
||||
@ -13,27 +13,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
magnum_magnum_cluster_api_git_install_branch: v0.22.1
|
||||
|
||||
# install magnum-cluster-api and kubernetes python package into magnum venv
|
||||
magnum_user_pip_packages:
|
||||
- "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
|
||||
- kubernetes
|
||||
|
||||
# ensure that the internal VIP CA is trusted by the CAPI driver
|
||||
# TODO - this is too hardwired somehow
|
||||
magnum_config_overrides:
|
||||
drivers:
|
||||
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
capi_client:
|
||||
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
endpoint: 'internalURL'
|
||||
cluster_template:
|
||||
kubernetes_allowed_network_drivers: 'calico'
|
||||
kubernetes_default_network_driver: 'calico'
|
||||
certificates:
|
||||
cert_manager_type: x509keypair
|
||||
|
||||
# use the openstack_resources role in the capi functional test rather than os_magnum
|
||||
# to create the test resources
|
||||
magnum_glance_images: []
|
||||
|
||||
Loading…
Reference in New Issue
Block a user