[doc] Move all variables to group_vars
Makes sense to be consistent and follow suggestion to use group_vars where applicable. There is a bug in vexxhost collection which prevents from doing so, unfortunatelly. For this to be accurate doc, a patch to vexxhost collection should land first: https://github.com/vexxhost/ansible-collection-kubernetes/pull/136 Change-Id: I5f48e913436bf5d6a8d6c0a9f77c58886e451d1f
This commit is contained in:
parent
551f75c425
commit
e9a9df3ff8
@ -110,10 +110,13 @@ in `/etc/openstack_deploy/group_vars/k8s_all/haproxy_service.yml`
|
|||||||
Configure the LXC container that will host the control plane k8s cluster to
|
Configure the LXC container that will host the control plane k8s cluster to
|
||||||
be suitable for running nested containers in `/etc/openstack_deploy/group_vars/k8s_all/main.yml`
|
be suitable for running nested containers in `/etc/openstack_deploy/group_vars/k8s_all/main.yml`
|
||||||
|
|
||||||
|
There you can also set config-overrides for the control plane of the k8s cluster,
|
||||||
|
which integrate the control plane k8s deployment with the rest of the openstack-ansible deployment.
|
||||||
|
|
||||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
|
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
|
||||||
Set up config-overrides for the magnum service in `/etc/openstack_deploy/user_variables_magnum.yml`.
|
Set up config-overrides for the magnum service in `/etc/openstack_deploy/group_vars/magnum_all/main.yml`.
|
||||||
Adjust the images and flavors here as necessary, these are just for demonstration. Upload as many
|
Adjust the images and flavors here as necessary, these are just for demonstration. Upload as many
|
||||||
images as you need for the different workload cluster kubernetes versions.
|
images as you need for the different workload cluster kubernetes versions.
|
||||||
|
|
||||||
@ -123,14 +126,7 @@ service and cluster-api can be configured to interact with either the external o
|
|||||||
internal endpoint and must trust the SSL certificiate. Depending on the environment,
|
internal endpoint and must trust the SSL certificiate. Depending on the environment,
|
||||||
these may be derived from different certificate authorities.
|
these may be derived from different certificate authorities.
|
||||||
|
|
||||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
|
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
|
||||||
:language: yaml
|
|
||||||
|
|
||||||
Set up config-overrides for the control plane k8s cluster in /etc/openstack_deploy/user_variables_k8s.yml`
|
|
||||||
These variables integrate the control plane k8s deployment with the rest of the
|
|
||||||
openstack-ansible deployment.
|
|
||||||
|
|
||||||
.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
|
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
|
||||||
Run the deployment
|
Run the deployment
|
||||||
|
@ -1,6 +1,31 @@
|
|||||||
|
---
|
||||||
|
# Run ansible modules in a venv on the target hosts
|
||||||
|
ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
|
||||||
|
|
||||||
|
# Pick a range of addresses for cilium that do not collide with anything else
|
||||||
|
cilium_ipv4_cidr: 172.29.200.0/22
|
||||||
|
|
||||||
|
# wire OSA group, host and network addresses into k8s deployment
|
||||||
|
kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
|
||||||
|
kubelet_node_ip: "{{ management_address }}"
|
||||||
|
kubernetes_control_plane_group: k8s_container
|
||||||
|
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
||||||
|
kubernetes_non_init_namespace: true
|
||||||
|
|
||||||
|
# Define custom k8s version for the control cluster
|
||||||
|
# kubernetes_version: 1.31
|
||||||
|
|
||||||
|
# Define LXC container overrides
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
- "lxc.apparmor.profile=unconfined"
|
- "lxc.apparmor.profile=unconfined"
|
||||||
|
|
||||||
lxc_container_mount_auto:
|
lxc_container_mount_auto:
|
||||||
- "proc:rw"
|
- "proc:rw"
|
||||||
- "sys:rw"
|
- "sys:rw"
|
||||||
|
|
||||||
|
# Set this manually, or kube-proxy will try to do this - not possible
|
||||||
|
# in a non-init namespace and will fail in LXC
|
||||||
|
openstack_host_nf_conntrack_max: 1572864
|
||||||
|
|
||||||
|
# OSA containers dont run ssh by default so cannot use synchronize
|
||||||
|
upload_helm_chart_method: copy
|
||||||
|
@ -0,0 +1,38 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2020, VEXXHOST, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
magnum_magnum_cluster_api_git_install_branch: v0.22.1
|
||||||
|
|
||||||
|
# install magnum-cluster-api and kubernetes python package into magnum venv
|
||||||
|
magnum_user_pip_packages:
|
||||||
|
- "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
|
||||||
|
- kubernetes
|
||||||
|
|
||||||
|
# ensure that the internal VIP CA is trusted by the CAPI driver
|
||||||
|
magnum_config_overrides:
|
||||||
|
drivers:
|
||||||
|
# Supply a custom CA file which will be passed and used exclusively on all workload nodes
|
||||||
|
# System trust will be used by default
|
||||||
|
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||||
|
capi_client:
|
||||||
|
# Supply a CA that will be used exclusively for connections towards
|
||||||
|
# OpenStack public and internal endpoints.
|
||||||
|
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||||
|
endpoint: 'internalURL'
|
||||||
|
cluster_template:
|
||||||
|
kubernetes_allowed_network_drivers: 'calico'
|
||||||
|
kubernetes_default_network_driver: 'calico'
|
||||||
|
certificates:
|
||||||
|
cert_manager_type: x509keypair
|
@ -1,19 +0,0 @@
|
|||||||
# wire OSA group, host and network addresses into k8s deployment
|
|
||||||
kubernetes_control_plane_group: k8s_container
|
|
||||||
kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
|
|
||||||
kubelet_node_ip: "{{ management_address }}"
|
|
||||||
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
|
||||||
kubernetes_non_init_namespace: true
|
|
||||||
|
|
||||||
# Pick a range of addresses for cilium that do not collide with anything else
|
|
||||||
cilium_ipv4_cidr: 172.29.200.0/22
|
|
||||||
|
|
||||||
# Set this manually, or kube-proxy will try to do this - not possible
|
|
||||||
# in a non-init namespace and will fail in LXC
|
|
||||||
openstack_host_nf_conntrack_max: 1572864
|
|
||||||
|
|
||||||
# OSA containers dont run ssh by default so cannot use synchronize
|
|
||||||
upload_helm_chart_method: copy
|
|
||||||
|
|
||||||
# Run ansible modules in a venv on the target hosts
|
|
||||||
ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
|
|
@ -13,27 +13,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
magnum_magnum_cluster_api_git_install_branch: v0.22.1
|
|
||||||
|
|
||||||
# install magnum-cluster-api and kubernetes python package into magnum venv
|
|
||||||
magnum_user_pip_packages:
|
|
||||||
- "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
|
|
||||||
- kubernetes
|
|
||||||
|
|
||||||
# ensure that the internal VIP CA is trusted by the CAPI driver
|
|
||||||
# TODO - this is too hardwired somehow
|
|
||||||
magnum_config_overrides:
|
|
||||||
drivers:
|
|
||||||
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
|
||||||
capi_client:
|
|
||||||
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
|
||||||
endpoint: 'internalURL'
|
|
||||||
cluster_template:
|
|
||||||
kubernetes_allowed_network_drivers: 'calico'
|
|
||||||
kubernetes_default_network_driver: 'calico'
|
|
||||||
certificates:
|
|
||||||
cert_manager_type: x509keypair
|
|
||||||
|
|
||||||
# use the openstack_resources role in the capi functional test rather than os_magnum
|
# use the openstack_resources role in the capi functional test rather than os_magnum
|
||||||
# to create the test resources
|
# to create the test resources
|
||||||
magnum_glance_images: []
|
magnum_glance_images: []
|
||||||
|
Loading…
Reference in New Issue
Block a user