kubespray 2.24 추가

roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+- name: External OpenStack Cloud Controller | Check OpenStack credentials
+  include_tasks: openstack-credential-check.yml
+  tags: external-openstack
+
+- name: External OpenStack Cloud Controller | Get base64 cacert
+  slurp:
+    src: "{{ external_openstack_cacert }}"
+  register: external_openstack_cacert_b64
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - external_openstack_cacert is defined
+    - external_openstack_cacert | length > 0
+  tags: external-openstack
+
+- name: External OpenStack Cloud Controller | Get base64 cloud-config
+  set_fact:
+    external_openstack_cloud_config_secret: "{{ lookup('template', 'external-openstack-cloud-config.j2') | b64encode }}"
+  when: inventory_hostname == groups['kube_control_plane'][0]
+  tags: external-openstack
+
+- name: External OpenStack Cloud Controller | Generate Manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  with_items:
+    - {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml}
+    - {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml}
+    - {name: external-openstack-cloud-controller-manager-role-bindings, file: external-openstack-cloud-controller-manager-role-bindings.yml}
+    - {name: external-openstack-cloud-controller-manager-ds, file: external-openstack-cloud-controller-manager-ds.yml}
+  register: external_openstack_manifests
+  when: inventory_hostname == groups['kube_control_plane'][0]
+  tags: external-openstack
+
+- name: External OpenStack Cloud Controller | Apply Manifests
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
+    state: "latest"
+  with_items:
+    - "{{ external_openstack_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - not item is skipped
+  loop_control:
+    label: "{{ item.item.file }}"
+  tags: external-openstack

roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-credential-check.yml

@@ -0,0 +1,66 @@
+---
+- name: External OpenStack Cloud Controller | check external_openstack_auth_url value
+  fail:
+    msg: "external_openstack_auth_url is missing"
+  when: external_openstack_auth_url is not defined or not external_openstack_auth_url
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_username or external_openstack_application_credential_name value
+  fail:
+    msg: "you must either set external_openstack_username or external_openstack_application_credential_name"
+  when:
+    - external_openstack_username is not defined or not external_openstack_username
+    - external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_application_credential_id value
+  fail:
+    msg: "external_openstack_application_credential_id is missing"
+  when:
+    - external_openstack_application_credential_name is defined
+    - external_openstack_application_credential_name | length > 0
+    - external_openstack_application_credential_id is not defined or not external_openstack_application_credential_id
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_application_credential_secret value
+  fail:
+    msg: "external_openstack_application_credential_secret is missing"
+  when:
+    - external_openstack_application_credential_name is defined
+    - external_openstack_application_credential_name | length > 0
+    - external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_password value
+  fail:
+    msg: "external_openstack_password is missing"
+  when:
+    - external_openstack_username is defined
+    - external_openstack_username | length > 0
+    - external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
+    - external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
+    - external_openstack_password is not defined or not external_openstack_password
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_region value
+  fail:
+    msg: "external_openstack_region is missing"
+  when: external_openstack_region is not defined or not external_openstack_region
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_tenant_id value
+  fail:
+    msg: "one of external_openstack_tenant_id or external_openstack_tenant_name must be specified"
+  when:
+    - external_openstack_tenant_id is not defined or not external_openstack_tenant_id
+    - external_openstack_tenant_name is not defined or not external_openstack_tenant_name
+    - external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
+
+
+- name: External OpenStack Cloud Controller | check external_openstack_domain_id value
+  fail:
+    msg: "one of external_openstack_domain_id or external_openstack_domain_name must be specified"
+  when:
+    - external_openstack_domain_id is not defined or not external_openstack_domain_id
+    - external_openstack_domain_name is not defined or not external_openstack_domain_name
+    - external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name