From f5aa03314d8df6078a66e679a24d4b7e3512f86e Mon Sep 17 00:00:00 2001 From: Ryan Hallisey Date: Fri, 18 Jan 2019 13:35:22 -0500 Subject: [PATCH] Add kubevirt-cpu-node-labeller deployment to kubevirt ansible (#574) (cherry picked from commit 207f58372c913b47d30b1b946cd3b114a664502b) --- playbooks/kubevirt-cpu-node-labeller.yml | 11 +++ playbooks/kubevirt.yml | 6 +- roles/kubevirt-cpu-node-labeller/README.md | 2 + .../defaults/main.yml | 9 ++ .../tasks/deprovision.yml | 21 ++++ .../tasks/main.yaml | 1 + .../tasks/provision.yml | 21 ++++ .../kubevirt-cpu-node-labeller-0.0.1.yaml | 97 +++++++++++++++++++ 8 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 playbooks/kubevirt-cpu-node-labeller.yml create mode 100644 roles/kubevirt-cpu-node-labeller/README.md create mode 100644 roles/kubevirt-cpu-node-labeller/defaults/main.yml create mode 100644 roles/kubevirt-cpu-node-labeller/tasks/deprovision.yml create mode 100644 roles/kubevirt-cpu-node-labeller/tasks/main.yaml create mode 100644 roles/kubevirt-cpu-node-labeller/tasks/provision.yml create mode 100644 roles/kubevirt-cpu-node-labeller/templates/kubevirt-cpu-node-labeller-0.0.1.yaml diff --git a/playbooks/kubevirt-cpu-node-labeller.yml b/playbooks/kubevirt-cpu-node-labeller.yml new file mode 100644 index 000000000..380ecc820 --- /dev/null +++ b/playbooks/kubevirt-cpu-node-labeller.yml @@ -0,0 +1,11 @@ +--- +- import_playbook: initial_configuration.yml + +- name: Deploy kubevirt-cpu-node-labeller role + hosts: localhost + connection: local + gather_facts: False + environment: + http_proxy: "" + roles: + - role: "kubevirt-cpu-node-labeller" \ No newline at end of file diff --git a/playbooks/kubevirt.yml b/playbooks/kubevirt.yml index 21ee11397..f0bac0b1c 100644 --- a/playbooks/kubevirt.yml +++ b/playbooks/kubevirt.yml @@ -24,4 +24,8 @@ # Deploy kubevirt ssp - import_playbook: kubevirt-ssp.yml - when: platform == "openshift" \ No newline at end of file + when: platform == "openshift" + +# Deploy kubevirt cpu-node-labeller +- import_playbook: kubevirt-cpu-node-labeller.yml + when: platform == "openshift" diff --git a/roles/kubevirt-cpu-node-labeller/README.md b/roles/kubevirt-cpu-node-labeller/README.md new file mode 100644 index 000000000..a7f1b85ee --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/README.md @@ -0,0 +1,2 @@ +# kubevirt-cpu-node-labeller +Labells nodes with all supported cpu models on host. diff --git a/roles/kubevirt-cpu-node-labeller/defaults/main.yml b/roles/kubevirt-cpu-node-labeller/defaults/main.yml new file mode 100644 index 000000000..88e09523b --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/defaults/main.yml @@ -0,0 +1,9 @@ +--- +kubevirt_node_labeller_namespace: "kubevirt" +kubevirt_cpu_node_labeller_files_dir: "{{ role_path }}/templates" +cluster_command: "oc" # in case the roles/playbook is not executed from kubevirt.yml +registry_url: "quay.io" +repo_tag: "ksimon" +docker_tag: "0.0.1" +docker_prefix: "{{ registry_url }}/{{ repo_tag }}" +libvirt_image: "kubevirt/libvirt:4.9.0" diff --git a/roles/kubevirt-cpu-node-labeller/tasks/deprovision.yml b/roles/kubevirt-cpu-node-labeller/tasks/deprovision.yml new file mode 100644 index 000000000..c770aaa70 --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/tasks/deprovision.yml @@ -0,0 +1,21 @@ +--- +- name: Check that kubevirt-cpu-node-labeller.yaml still exists in /tmp + stat: + path: "/tmp/kubevirt-cpu-node-labeller.yaml" + register: kubevirt_cpu_node_labeller + +- name: Copy kubevirt-cpu-node-labeller yaml to temp directory + template: + src: "{{ kubevirt_cpu_node_labeller_files_dir }}/kubevirt-cpu-node-labeller-0.0.1.yaml" + dest: "/tmp/kubevirt-cpu-node-labeller.yaml" + when: kubevirt_cpu_node_labeller.stat.exists == false + +- name: Delete Kubevirt cpu-node-labeller + shell: "{{ cluster_command }} delete --ignore-not-found -f /tmp/kubevirt-cpu-node-labeller.yaml -n {{ kubevirt_node_labeller_namespace }}" + +- name: Wait until kubevirt-cpu-node-labeller deamonset is deleted + shell: "{{ cluster_command }} -n {{ kubevirt_node_labeller_namespace }} get ds | grep -o -E kubevirt-cpu-node-labeller | wc -l" + register: result + until: result.stdout == "0" + retries: 24 + delay: 10 diff --git a/roles/kubevirt-cpu-node-labeller/tasks/main.yaml b/roles/kubevirt-cpu-node-labeller/tasks/main.yaml new file mode 100644 index 000000000..4249568a5 --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/tasks/main.yaml @@ -0,0 +1 @@ +- include_tasks: "{{ apb_action }}.yml" diff --git a/roles/kubevirt-cpu-node-labeller/tasks/provision.yml b/roles/kubevirt-cpu-node-labeller/tasks/provision.yml new file mode 100644 index 000000000..49870e3cc --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/tasks/provision.yml @@ -0,0 +1,21 @@ +--- +- name: Check that kubevirt-cpu-node-labeller.yaml still exists in /tmp + stat: + path: "/tmp/kubevirt-cpu-node-labeller.yaml" + register: kubevirt_cpu_node_labeller + +- name: Copy kubevirt-cpu-node-labeller.yaml to temp directory + template: + src: "{{ kubevirt_cpu_node_labeller_files_dir }}/kubevirt-cpu-node-labeller-0.0.1.yaml" + dest: "/tmp/kubevirt-cpu-node-labeller.yaml" + when: kubevirt_cpu_node_labeller.stat.exists == false + +- name: Create kubevirt-cpu-node-labeller + shell: "{{ cluster_command }} create -f /tmp/kubevirt-cpu-node-labeller.yaml -n {{ kubevirt_node_labeller_namespace }}" + +- name: Wait until kubevirt-cpu-node-labeller deamonset is created + shell: "{{ cluster_command }} -n {{ kubevirt_node_labeller_namespace }} get ds | grep -o -E kubevirt-cpu-node-labeller | wc -l" + register: result + until: result.stdout == "1" + retries: 24 + delay: 10 diff --git a/roles/kubevirt-cpu-node-labeller/templates/kubevirt-cpu-node-labeller-0.0.1.yaml b/roles/kubevirt-cpu-node-labeller/templates/kubevirt-cpu-node-labeller-0.0.1.yaml new file mode 100644 index 000000000..9a8fb221d --- /dev/null +++ b/roles/kubevirt-cpu-node-labeller/templates/kubevirt-cpu-node-labeller-0.0.1.yaml @@ -0,0 +1,97 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubevirt-cpu-node-labeller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt-cpu-node-labeller +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - patch + - update +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + resourceName: + - privileged +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubevirt-cpu-node-labeller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-cpu-node-labeller +subjects: +- kind: ServiceAccount + name: kubevirt-cpu-node-labeller + namespace: {{kubevirt_node_labeller_namespace}} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: kubevirt-cpu-node-labeller + name: kubevirt-cpu-node-labeller +spec: + selector: + matchLabels: + app: kubevirt-cpu-node-labeller + template: + metadata: + labels: + app: kubevirt-cpu-node-labeller + spec: + serviceAccount: kubevirt-cpu-node-labeller + containers: + - env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: {{ docker_prefix }}/kubevirt-cpu-node-labeller:{{ docker_tag }} + name: kubevirt-cpu-node-labeller + volumeMounts: + - name: nfd-source + mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" + initContainers: + - image: {{ docker_prefix }}/kubevirt-cpu-model-nfd-plugin:{{ docker_tag }} + command: ["/bin/sh","-c"] + args: ["cp /plugin/dest/cpu-model-nfd-plugin /etc/kubernetes/node-feature-discovery/source.d/;"] + imagePullPolicy: Always + name: cpu-model-nfd-plugin + volumeMounts: + - name: nfd-source + mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" + + - image: {{ libvirt_image }} + command: ["/bin/sh","-c"] + args: ["libvirtd -d; chmod o+rw /dev/kvm; virsh domcapabilities --machine q35 --arch x86_64 --virttype kvm > /etc/kubernetes/node-feature-discovery/source.d/virsh_domcapabilities.xml;"] + imagePullPolicy: Always + name: libvirt + securityContext: + privileged: true + resources: + requests: + devices.kubevirt.io/kvm: "1" + limits: + devices.kubevirt.io/kvm: "1" + volumeMounts: + - name: nfd-source + mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" + + volumes: + - name: nfd-source + emptyDir: {}