[doc] Move all variables to group_vars

Makes sense to be consistent and follow suggestion to use group_vars where applicable. There is a bug in vexxhost collection which prevents from doing so, unfortunatelly. For this to be accurate doc, a patch to vexxhost collection should land first: https://github.com/vexxhost/ansible-collection-kubernetes/pull/136 Change-Id: I5f48e913436bf5d6a8d6c0a9f77c58886e451d1f
2024-10-05 16:36:44 +02:00 · 2024-10-05 16:36:44 +02:00 · e9a9df3ff8
commit e9a9df3ff8
parent 551f75c425
5 changed files with 68 additions and 49 deletions
--- a/mcapi_vexxhost/README.rst
+++ b/mcapi_vexxhost/README.rst
@ -110,10 +110,13 @@ in `/etc/openstack_deploy/group_vars/k8s_all/haproxy_service.yml`
 Configure the LXC container that will host the control plane k8s cluster to
 be suitable for running nested containers in `/etc/openstack_deploy/group_vars/k8s_all/main.yml`
 There you can also set config-overrides for the control plane of the k8s cluster,
 which integrate the control plane k8s deployment with the rest of the openstack-ansible deployment.
 .. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
   :language: yaml
-Set up config-overrides for the magnum service in `/etc/openstack_deploy/user_variables_magnum.yml`.
+Set up config-overrides for the magnum service in `/etc/openstack_deploy/group_vars/magnum_all/main.yml`.
 Adjust the images and flavors here as necessary, these are just for demonstration. Upload as many
 images as you need for the different workload cluster kubernetes versions.
@ -123,14 +126,7 @@ service and cluster-api can be configured to interact with either the external o
 internal endpoint and must trust the SSL certificiate. Depending on the environment,
 these may be derived from different certificate authorities.
-.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
+.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
   :language: yaml
 Set up config-overrides for the control plane k8s cluster in /etc/openstack_deploy/user_variables_k8s.yml`
 These variables integrate the control plane k8s deployment with the rest of the
 openstack-ansible deployment.
 .. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
   :language: yaml
 Run the deployment
--- a/mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
+++ b/mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
@ -1,6 +1,31 @@
 ---
 # Run ansible modules in a venv on the target hosts
 ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
 # Pick a range of addresses for cilium that do not collide with anything else
 cilium_ipv4_cidr: 172.29.200.0/22
 # wire OSA group, host and network addresses into k8s deployment
 kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
 kubelet_node_ip: "{{ management_address }}"
 kubernetes_control_plane_group: k8s_container
 kubernetes_hostname: "{{ internal_lb_vip_address }}"
 kubernetes_non_init_namespace: true
 # Define custom k8s version for the control cluster
 # kubernetes_version: 1.31
 # Define LXC container overrides
 lxc_container_config_list:
  - "lxc.apparmor.profile=unconfined"
 lxc_container_mount_auto:
  - "proc:rw"
  - "sys:rw"
 # Set this manually, or kube-proxy will try to do this - not possible
 # in a non-init namespace and will fail in LXC
 openstack_host_nf_conntrack_max: 1572864
 # OSA containers dont run ssh by default so cannot use synchronize
 upload_helm_chart_method: copy
--- a/mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
+++ b/mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
@ -0,0 +1,38 @@
 ---
 # Copyright 2020, VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 magnum_magnum_cluster_api_git_install_branch: v0.22.1
 # install magnum-cluster-api and kubernetes python package into magnum venv
 magnum_user_pip_packages:
  - "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
  - kubernetes
 # ensure that the internal VIP CA is trusted by the CAPI driver
 magnum_config_overrides:
  drivers:
    # Supply a custom CA file which will be passed and used exclusively on all workload nodes
    # System trust will be used by default
    openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
  capi_client:
    # Supply a CA that will be used exclusively for connections towards
    # OpenStack public and internal endpoints.
    ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
    endpoint: 'internalURL'
  cluster_template:
    kubernetes_allowed_network_drivers: 'calico'
    kubernetes_default_network_driver: 'calico'
  certificates:
    cert_manager_type: x509keypair
--- a/mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
+++ b/mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
@ -1,19 +0,0 @@
 # wire OSA group, host and network addresses into k8s deployment
 kubernetes_control_plane_group: k8s_container
 kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
 kubelet_node_ip: "{{ management_address }}"
 kubernetes_hostname: "{{ internal_lb_vip_address }}"
 kubernetes_non_init_namespace: true
 # Pick a range of addresses for cilium that do not collide with anything else
 cilium_ipv4_cidr: 172.29.200.0/22
 # Set this manually, or kube-proxy will try to do this - not possible
 # in a non-init namespace and will fail in LXC
 openstack_host_nf_conntrack_max: 1572864
 # OSA containers dont run ssh by default so cannot use synchronize
 upload_helm_chart_method: copy
 # Run ansible modules in a venv on the target hosts
 ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
--- a/mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
+++ b/mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
@ -13,27 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 magnum_magnum_cluster_api_git_install_branch: v0.22.1
 # install magnum-cluster-api and kubernetes python package into magnum venv
 magnum_user_pip_packages:
  - "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
  - kubernetes
 # ensure that the internal VIP CA is trusted by the CAPI driver
 # TODO - this is too hardwired somehow
 magnum_config_overrides:
  drivers:
    openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
  capi_client:
    ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
    endpoint: 'internalURL'
  cluster_template:
    kubernetes_allowed_network_drivers: 'calico'
    kubernetes_default_network_driver: 'calico'
  certificates:
    cert_manager_type: x509keypair
 # use the openstack_resources role in the capi functional test rather than os_magnum
 # to create the test resources
 magnum_glance_images: []