kubespray 2.24 추가

roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/huaweicloud-credential-check.yml

@@ -0,0 +1,33 @@
+---
+- name: External Huawei Cloud Controller | check external_huaweicloud_auth_url value
+  fail:
+    msg: "external_huaweicloud_auth_url is missing"
+  when: external_huaweicloud_auth_url is not defined or not external_huaweicloud_auth_url
+
+
+- name: External Huawei Cloud Controller | check external_huaweicloud_access_key value
+  fail:
+    msg: "you must set external_huaweicloud_access_key"
+  when:
+    - external_huaweicloud_access_key is not defined or not external_huaweicloud_access_key
+
+- name: External Huawei Cloud Controller | check external_huaweicloud_secret_key value
+  fail:
+    msg: "external_huaweicloud_secret_key is missing"
+  when:
+    - external_huaweicloud_access_key is defined
+    - external_huaweicloud_access_key|length > 0
+    - external_huaweicloud_secret_key is not defined or not external_huaweicloud_secret_key
+
+
+- name: External Huawei Cloud Controller | check external_huaweicloud_region value
+  fail:
+    msg: "external_huaweicloud_region is missing"
+  when: external_huaweicloud_region is not defined or not external_huaweicloud_region
+
+
+- name: External Huawei Cloud Controller | check external_huaweicloud_project_id value
+  fail:
+    msg: "one of external_huaweicloud_project_id must be specified"
+  when:
+    - external_huaweicloud_project_id is not defined or not external_huaweicloud_project_id

roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+- name: External Huawei Cloud Controller | Check Huawei credentials
+  include_tasks: huaweicloud-credential-check.yml
+  tags: external-huaweicloud
+
+- name: External huaweicloud Cloud Controller | Get base64 cacert
+  slurp:
+    src: "{{ external_huaweicloud_cacert }}"
+  register: external_huaweicloud_cacert_b64
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - external_huaweicloud_cacert is defined
+    - external_huaweicloud_cacert | length > 0
+  tags: external-huaweicloud
+
+- name: External huaweicloud Cloud Controller | Get base64 cloud-config
+  set_fact:
+    external_huawei_cloud_config_secret: "{{ lookup('template', 'external-huawei-cloud-config.j2') | b64encode }}"
+  when: inventory_hostname == groups['kube_control_plane'][0]
+  tags: external-huaweicloud
+
+- name: External Huawei Cloud Controller | Generate Manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  with_items:
+    - {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml}
+    - {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml}
+    - {name: external-huawei-cloud-controller-manager-role-bindings, file: external-huawei-cloud-controller-manager-role-bindings.yml}
+    - {name: external-huawei-cloud-controller-manager-ds, file: external-huawei-cloud-controller-manager-ds.yml}
+  register: external_huaweicloud_manifests
+  when: inventory_hostname == groups['kube_control_plane'][0]
+  tags: external-huaweicloud
+
+- name: External Huawei Cloud Controller | Apply Manifests
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
+    state: "latest"
+  with_items:
+    - "{{ external_huaweicloud_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - not item is skipped
+  loop_control:
+    label: "{{ item.item.file }}"
+  tags: external-huaweicloud