dsk-dev kubespray 이동

2023-12-19 14:31:22 +09:00
parent a35325e16b
commit 5671a92148
2568 changed files with 0 additions and 0 deletions
--- a/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml
+++ b/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-credential-check.yml
@@ -0,0 +1,59 @@
+---
+- name: Cinder CSI Driver | check cinder_auth_url value
+  fail:
+    msg: "cinder_auth_url is missing"
+  when: cinder_auth_url is not defined or not cinder_auth_url
+
+- name: Cinder CSI Driver | check cinder_username value cinder_application_credential_name value
+  fail:
+    msg: "you must either set cinder_username or cinder_application_credential_name"
+  when:
+    - cinder_username is not defined or not cinder_username
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
+
+- name: Cinder CSI Driver | check cinder_application_credential_id value
+  fail:
+    msg: "cinder_application_credential_id is missing"
+  when:
+    - cinder_application_credential_name is defined
+    - cinder_application_credential_name|length > 0
+    - cinder_application_credential_id is not defined or not cinder_application_credential_id
+
+- name: Cinder CSI Driver | check cinder_application_credential_secret value
+  fail:
+    msg: "cinder_application_credential_secret is missing"
+  when:
+    - cinder_application_credential_name is defined
+    - cinder_application_credential_name|length > 0
+    - cinder_application_credential_secret is not defined or not cinder_application_credential_secret
+
+- name: Cinder CSI Driver | check cinder_password value
+  fail:
+    msg: "cinder_password is missing"
+  when:
+    - cinder_username is defined
+    - cinder_username|length > 0
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
+    - cinder_application_credential_secret is not defined or not cinder_application_credential_secret
+    - cinder_password is not defined or not cinder_password
+
+- name: Cinder CSI Driver | check cinder_region value
+  fail:
+    msg: "cinder_region is missing"
+  when: cinder_region is not defined or not cinder_region
+
+- name: Cinder CSI Driver | check cinder_tenant_id value
+  fail:
+    msg: "one of cinder_tenant_id or cinder_tenant_name must be specified"
+  when:
+    - cinder_tenant_id is not defined or not cinder_tenant_id
+    - cinder_tenant_name is not defined or not cinder_tenant_name
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
+
+- name: Cinder CSI Driver | check cinder_domain_id value
+  fail:
+    msg: "one of cinder_domain_id or cinder_domain_name must be specified"
+  when:
+    - cinder_domain_id is not defined or not cinder_domain_id
+    - cinder_domain_name is not defined or not cinder_domain_name
+    - cinder_application_credential_name is not defined or not cinder_application_credential_name
--- a/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
+++ b/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
@@ -0,0 +1,11 @@
+---
+# include to workaround mitogen issue
+# https://github.com/dw/mitogen/issues/663
+
+- name: Cinder CSI Driver | Write cacert file
+  copy:
+    src: "{{ cinder_cacert }}"
+    dest: "{{ kube_config_dir }}/cinder-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  delegate_to: "{{ delegate_host_to_write_cacert }}"
--- a/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
+++ b/ansible/kubespray/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+- include_tasks: cinder-credential-check.yml
+
+- name: Cinder CSI Driver | Write cacert file
+  include_tasks: cinder-write-cacert.yml
+  run_once: true
+  loop: "{{ groups['k8s_cluster'] }}"
+  loop_control:
+    loop_var: delegate_host_to_write_cacert
+  when:
+    - inventory_hostname in groups['k8s_cluster']
+    - cinder_cacert is defined
+    - cinder_cacert | length > 0
+
+- name: Cinder CSI Driver | Write Cinder cloud-config
+  template:
+    src: "cinder-csi-cloud-config.j2"
+    dest: "{{ kube_config_dir }}/cinder_cloud_config"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  when: inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Cinder CSI Driver | Get base64 cloud-config
+  slurp:
+    src: "{{ kube_config_dir }}/cinder_cloud_config"
+  register: cloud_config_secret
+  when: inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Cinder CSI Driver | Generate Manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
+  with_items:
+    - {name: cinder-csi-driver, file: cinder-csi-driver.yml}
+    - {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml}
+    - {name: cinder-csi-controllerplugin, file: cinder-csi-controllerplugin-rbac.yml}
+    - {name: cinder-csi-controllerplugin, file: cinder-csi-controllerplugin.yml}
+    - {name: cinder-csi-nodeplugin, file: cinder-csi-nodeplugin-rbac.yml}
+    - {name: cinder-csi-nodeplugin, file: cinder-csi-nodeplugin.yml}
+    - {name: cinder-csi-poddisruptionbudget, file: cinder-csi-poddisruptionbudget.yml}
+  register: cinder_csi_manifests
+  when: inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Cinder CSI Driver | Apply Manifests
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
+    state: "latest"
+  with_items:
+    - "{{ cinder_csi_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - not item is skipped
+  loop_control:
+    label: "{{ item.item.file }}"