├── .gitignore
├── Makefile
├── README.md
├── bastion.tf
├── clusters.tf
├── envs
    ├── alaska-sriov.tfvars
    ├── alaska.tfvars
    ├── cumulus.tfvars
    ├── devstack-ipv6.tfvars
    ├── devstack.tfvars
    ├── kayobe-aio-overcloud.tfvars
    ├── sausage.tfvars
    ├── smslab.tfvars
    └── stein.tfvars
├── images
    ├── dev.txt
    ├── legacy.txt
    ├── master.txt
    └── sonobuoy.txt
├── manifests
    ├── nginx-cinder-csi.yaml
    ├── nginx-in-tree-cinder.yaml
    ├── sc-cinder-csi.yaml
    └── sc-in-tree-cinder.yaml
├── site
    ├── create.sh
    ├── destroy.sh
    ├── magnum-tiller.sh
    ├── plan.sh
    ├── pull-retag-push.py
    ├── purge.sh
    ├── taint.sh
    ├── upload-atomic.sh
    └── upload-coreos.sh
├── sonobuoy.yml
├── templates.tf
├── terraform.tfvars.sample
├── tfvars
    ├── atomic.tfvars
    ├── coreos.tfvars
    ├── flannel.tfvars
    └── podman.tfvars
└── versions.tf


/.gitignore:
--------------------------------------------------------------------------------
1 | .terraform/
2 | terraform.tfvars
3 | terraform.tfstate
4 | terraform.tfstate.backup
5 | *.bak
6 | *.qcow2
7 | *.swp
8 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | HELM ?=v3.6.1
 2 | HELM2 ?=v2.17.0
 3 | SONOBUOY ?= 0.53.2
 4 | TERRAFORM ?= 1.0.3
 5 | KUBECTL ?= $(shell curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
 6 | CLUSTERCTL ?= 0.4.0
 7 | 
 8 | OS = $(shell lsb_release -si || echo CentOS)
 9 | ifeq ($(OS),Ubuntu)
10 | 	PM = apt
11 | else ifeq ($(OS),CentOS)
12 | 	PM = dnf
13 | else
14 | 	exit 1
15 | endif
16 | 
17 | deps: helm kubectl terraform sonobuoy
18 | 
19 | # Install helm (version 3)
20 | helm:
21 | 	curl -L https://get.helm.sh/helm-${HELM}-linux-amd64.tar.gz --output helm.tar.gz && \
22 | 	mkdir -p tmp && \
23 | 	tar -xzf helm.tar.gz -C tmp/ && \
24 | 	sudo mv tmp/linux-amd64/helm /usr/local/bin/helm && \
25 | 	rm -rf helm.tar.gz tmp
26 | 
27 | # Install helm (version 2)
28 | helm2:
29 | 	curl -L https://get.helm.sh/helm-${HELM2}-linux-amd64.tar.gz --output helm.tar.gz && \
30 | 	mkdir -p tmp && \
31 | 	tar -xzf helm.tar.gz -C tmp/ && \
32 | 	sudo mv tmp/linux-amd64/helm /usr/local/bin/helm2 && \
33 | 	rm -rf helm.tar.gz tmp
34 | 
35 | unzip:
36 | 	sudo ${PM} install unzip -y
37 | 
38 | # Install known latest terraform
39 | terraform: unzip
40 | 	curl -L https://releases.hashicorp.com/terraform/${TERRAFORM}/terraform_${TERRAFORM}_linux_amd64.zip --output terraform.zip && \
41 | 	unzip terraform.zip && \
42 | 	rm terraform.zip && \
43 | 	sudo mv terraform /usr/local/bin/terraform
44 | 
45 | # Install latest kubectl
46 | kubectl:
47 | 	curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBECTL}/bin/linux/amd64/kubectl && \
48 | 	chmod +x kubectl && \
49 | 	sudo mv kubectl /usr/local/bin/kubectl
50 | 
51 | # Install latest known clusterctl
52 | clusterctl:
53 | 	curl -L https://github.com/kubernetes-sigs/cluster-api/releases/download/v${CLUSTERCTL}/clusterctl-linux-amd64 -o clusterctl && \
54 | 	chmod +x clusterctl && \
55 | 	sudo mv clusterctl /usr/local/bin/clusterctl
56 | jq:
57 | 	sudo ${PM} install jq -y
58 | 
59 | # Install latest known sonobuoy
60 | sonobuoy: jq
61 | 	curl -L "https://github.com/vmware-tanzu/sonobuoy/releases/download/v${SONOBUOY}/sonobuoy_${SONOBUOY}_linux_amd64.tar.gz" --output sonobuoy.tar.gz && \
62 | 	mkdir -p tmp && \
63 | 	tar -xzf sonobuoy.tar.gz -C tmp/ && \
64 | 	chmod +x tmp/sonobuoy && \
65 | 	sudo mv tmp/sonobuoy /usr/local/bin/sonobuoy && \
66 | 	rm -rf sonobuoy.tar.gz tmp
67 | 
68 | # Run conformance
69 | conformance:
70 | 	sonobuoy run --sonobuoy-image ghcr.io/stackhpc/sonobuoy:v${SONOBUOY} --systemd-logs-image ghcr.io/stackhpc/systemd-logs:v0.3 --mode=certified-conformance
71 | 
72 | # Retrieve conformance results, requires kubectl
73 | result:
74 | 	$(eval dir=k8s-conformance/$(shell kubectl version --short=true | grep Server | cut -f3 -d' ')/)
75 | 	$(eval output=$(shell sonobuoy retrieve))
76 | 	mkdir -p /tmp/${output} ${dir}
77 | 	tar xzf ${output} -C /tmp/${output}
78 | 	cp /tmp/${output}/plugins/e2e/results/global/* ${dir}
79 | 	rm -rf /tmp/${output} ${output}
80 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # OpenStack Magnum and Terraform to deploy Kubernetes cluster
  2 | 
  3 | Using this repository will deploy two separate Kubernetes clusters: one with
  4 | Calico and another with Flannel.
  5 | 
  6 | ## Prerequisites:
  7 | 
  8 | - OpenStack Queens, Magnum Stein 8.1.0 minimum
  9 | - Terraform v0.14.6, provider.openstack v1.37.1
 10 | - Kubernetes client (to be able to run `kubectl`)
 11 | 
 12 | Install dependencies:
 13 | 
 14 |     make deps
 15 | 
 16 | ## Upload OS image
 17 | 
 18 | Upload the latest stable Fedora CoreOS image to Glance:
 19 | 
 20 |     ./site/upload-coreos.sh
 21 | 
 22 | Upload the last ever Fedora Atomic image to Glance (DEPRECATED):
 23 | 
 24 |     ./site/upload-atomic.sh
 25 | 
 26 | ## Prepare registry
 27 | 
 28 | Pull retag and push list of images to a local container registry:
 29 | 
 30 |     ./site/pull-retag-push.py images/master.txt
 31 | 
 32 |     Pulling images in master.txt
 33 |     rancher/hyperkube:v1.19.1-rancher1                                   | exists locally
 34 |     k8s.gcr.io/hyperkube:v1.18.8                                         | exists locally
 35 |     ...
 36 |     gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.2 | exists locally
 37 |     quay.io/coreos/configmap-reload:v0.0.1                               | exists locally
 38 |     ---
 39 |     Pushing images in master.txt
 40 |     localhost:5000/hyperkube:v1.19.1-rancher1                            | pushed
 41 |     localhost:5000/hyperkube:v1.18.8                                     | pushed
 42 |     ...
 43 |     localhost:5000/csi-node-driver-registrar:v1.1.0                      | pushed
 44 |     localhost:5000/node-problem-detector:v0.6.2                          | pushed
 45 |     ---
 46 | 
 47 | ## Deployment:
 48 | 
 49 | Initialise terraform
 50 | 
 51 |     terraform init --upgrade
 52 | 
 53 | Copy sample variable file:
 54 | 
 55 |     cp terraform.tfvars{.sample,}
 56 | 
 57 | Edit `terraform.tfvars` and fill in details like `external_network_id` and `keypair_name`.
 58 | 
 59 | Source your OpenStack cloud environment variables:
 60 | 
 61 |     source openrc.sh
 62 | 
 63 | To upload the latest Fedora CoreOS image:
 64 | 
 65 |     ./site/upload-coreos.sh # requires Magnum Train 9.1.0 minimum and Heat Train.
 66 |     ./site/upload-atomic.sh # if using older Magnum releases
 67 | 
 68 | To execute `terraform plan`:
 69 | 
 70 |     ./site/cluster.sh tfvars/coreos.tfvars
 71 | 
 72 | To deploy the clusters (replace with `atomic.tfvars` or `podman.tfvars` if using Magnum release older than Train 9.1.0):
 73 | 
 74 |     ./site/create.sh tfvars/coreos.tfvars # requires Magnum Train (9.1.0) and Heat Train minimum.
 75 |     ./site/create.sh tfvars/podman.tfvars # requires Magnum Train (9.1.0) and Heat Queens minimum.
 76 |     ./site/create.sh tfvars/atomic.tfvars # requires Magnum Stein (8.1.0) and Heat Queens minimum.
 77 | 
 78 | To execute `terraform taint` against all clusters:
 79 | 
 80 |     ./site/taint.sh
 81 | 
 82 | To execute `terraform destroy`:
 83 | 
 84 |     ./site/destroy.sh tfvars/coreos.tfvars
 85 | 
 86 | To delete ALL clusters and templates manually using the OpenStack CLI [DANGER - for dev use only]:
 87 | 
 88 |     ./site/purge.sh
 89 | 
 90 | ## Autoscaling
 91 | 
 92 | SSH into the master node:
 93 | 
 94 |     kubectl create deployment test-autoscale --image=nginx
 95 |     kubectl scale deployment test-autoscale --replicas=100
 96 | 
 97 | Sample output of `kubectl logs deploy/cluster-autoscaler -n kube-system`:
 98 | 
 99 |     I1017 13:26:11.617165       1 leaderelection.go:217] attempting to acquire leader lease  kube-system/cluster-autoscaler...
100 |     I1017 13:26:11.626499       1 leaderelection.go:227] successfully acquired lease kube-system/cluster-autoscaler
101 |     I1017 13:26:13.804795       1 magnum_manager_heat.go:293] For stack ID 3e981ac7-4a6e-47a7-9d16-7874f5e108a0, stack name is k8s-sb7k6mtqieim
102 |     I1017 13:26:13.974239       1 magnum_manager_heat.go:310] Found nested kube_minions stack: name k8s-sb7k6mtqieim-kube_minions-33izbolw5kvp, ID 2f7b5dff-9960-4ae2-8572-abed511d0801
103 |     I1017 13:32:25.461803       1 scale_up.go:689] Scale-up: setting group default-worker size to 3
104 |     I1017 13:32:28.400053       1 magnum_nodegroup.go:101] Increasing size by 1, 2->3
105 |     I1017 13:33:02.387803       1 magnum_nodegroup.go:67] Waited for cluster UPDATE_IN_PROGRESS status
106 |     I1017 13:36:11.528032       1 magnum_nodegroup.go:67] Waited for cluster UPDATE_COMPLETE status
107 |     I1017 13:36:21.550679       1 scale_up.go:689] Scale-up: setting group default-worker size to 5
108 |     I1017 13:36:24.157717       1 magnum_nodegroup.go:101] Increasing size by 2, 3->5
109 |     I1017 13:36:58.062981       1 magnum_nodegroup.go:67] Waited for cluster UPDATE_IN_PROGRESS status
110 |     I1017 13:40:07.134681       1 magnum_nodegroup.go:67] Waited for cluster UPDATE_COMPLETE status
111 |     W1017 13:50:14.668777       1 reflector.go:289] k8s.io/autoscaler/cluster-autoscaler/utils/kubernetes/listers.go:190: watch of *v1.Pod ended with: too old resource version: 15787 (16414)
112 |     I1017 14:00:17.891270       1 scale_down.go:882] Scale-down: removing empty node k8s-sb7k6mtqieim-minion-2
113 |     I1017 14:00:17.891315       1 scale_down.go:882] Scale-down: removing empty node k8s-sb7k6mtqieim-minion-3
114 |     I1017 14:00:17.891323       1 scale_down.go:882] Scale-down: removing empty node k8s-sb7k6mtqieim-minion-4
115 |     I1017 14:00:23.255551       1 magnum_manager_heat.go:344] Resolved node k8s-sb7k6mtqieim-minion-2 to stack index 2
116 |     I1017 14:00:23.255579       1 magnum_manager_heat.go:344] Resolved node k8s-sb7k6mtqieim-minion-4 to stack index 4
117 |     I1017 14:00:23.255584       1 magnum_manager_heat.go:344] Resolved node k8s-sb7k6mtqieim-minion-3 to stack index 3
118 |     I1017 14:00:24.283658       1 magnum_manager_heat.go:280] Waited for stack UPDATE_IN_PROGRESS status
119 |     I1017 14:01:25.030818       1 magnum_manager_heat.go:280] Waited for stack UPDATE_COMPLETE status
120 |     I1017 14:01:58.970490       1 magnum_nodegroup.go:67] Waited for cluster UPDATE_IN_PROGRESS status
121 | 
122 | ## Cinder Volumes
123 | 
124 | In order to ensure support for cinder volumes, ensure that `volume_driver = "cinder"` in `terraform.tfvars`.
125 | 
126 | To attach cinder volumes:
127 | 
128 |     openstack volume create nginx-volume --size 100
129 | 
130 |     cat <<END | kubectl apply -f -
131 |     apiVersion: v1
132 |     kind: Pod
133 |     metadata:
134 |       name: cinder-web
135 |     spec:
136 |       containers:
137 |         - name: web
138 |           image: nginx
139 |           volumeMounts:
140 |             - name: html-volume
141 |               mountPath: "/usr/share/nginx/html"
142 |       volumes:
143 |         - name: html-volume
144 |           cinder:
145 |             # Enter the volume ID below
146 |             volumeID: `openstack volume show nginx-volume -f value -c id`
147 |             fsType: ext4
148 |     END
149 | 
150 | To use Cinder as the default storage class `kubectl apply -f https://raw.githubusercontent.com/stackhpc/magnum-terraform/master/manifests/sc-in-tree-cinder.yaml`:
151 | 
152 |     kind: StorageClass
153 |     apiVersion: storage.k8s.io/v1
154 |     metadata:
155 |       name: cinder
156 |       annotations:
157 |         storageclass.kubernetes.io/is-default-class: "true"
158 |     provisioner: kubernetes.io/cinder
159 |     END
160 | 
161 | You can then proceed to spawn a PVC `kubectl apply -f https://raw.githubusercontent.com/stackhpc/magnum-terraform/master/manifests/nginx-in-tree-cinder.yaml`:
162 | 
163 |     kind: PersistentVolumeClaim
164 |     apiVersion: v1
165 |     metadata:
166 |       name: nginx
167 |     spec:
168 |       accessModes:
169 |         - ReadWriteOnce
170 |       resources:
171 |         requests:
172 |           storage: 1Gi # pass here the size of the volume
173 |     ---
174 |     apiVersion: v1
175 |     kind: Pod
176 |     metadata:
177 |       name: web
178 |     spec:
179 |       containers:
180 |         - name: web
181 |           image: nginx
182 |           ports:
183 |             - name: web
184 |               containerPort: 80
185 |               hostPort: 8081
186 |               protocol: TCP
187 |           volumeMounts:
188 |             - mountPath: "/usr/share/nginx/html"
189 |               name: mypd
190 |       volumes:
191 |         - name: mypd
192 |           persistentVolumeClaim:
193 |             claimName: nginx
194 | 
195 | ## Helm
196 | 
197 | Helm should be installed as part of `./site/install-deps.sh` script.
198 | 
199 | If using Helm v2, source `magnum-tiller.sh` to use tiller installed in the `magnum-tiller` namespace.
200 | 
201 |     make helm2
202 |     source ./site/magnum-tiller.sh
203 |     helm2 version
204 | 
205 | If there is a mismatch between the intalled version of helm client and tiller installed on the server, upgrade tiller.
206 | 
207 |     helm2 init --upgrade
208 | 
209 | NOTE: Magnum currently uses Helm 2, and tiller has been deprecated in Helm 3.
210 | 
211 | ## Ingress
212 | 
213 | It is then necessary to label your node of choice as an ingress node, we are going to label the one that is not a master node:
214 | 
215 |     kubectl label `kubectl get nodes -o NAME | grep -v master-0 | head -n1` role=ingress
216 | 
217 | As an example, you can now proceed to map an Ingress to a service in the same Kubernetes namespace as follows:
218 |     
219 |     cat <<END | kubectl apply -f -
220 |     apiVersion: extensions/v1beta1
221 |     kind: Ingress
222 |     metadata:
223 |       name: grafana-ingress
224 |       namespace: monitoring
225 |       annotations:
226 |         kubernetes.io/ingress.class: "nginx"
227 |     spec:
228 |         rules:
229 |           - host: "grafana.`kubectl get nodes -l role=ingress -o jsonpath={.items[*].status.addresses[?\(@.type==\"ExternalIP\"\)].address}`.nip.io"
230 |             http:
231 |               paths:
232 |                 - backend:
233 |                       serviceName: prometheus-operator-grafana
234 |                       servicePort: 80
235 |                   path: "/"
236 |     END
237 | 
238 | You will also need to ensure that the security group rules allow access to HTTP endpoints.
239 | 
240 |     for name in `openstack security group list -c Name -f value | grep minion`; do openstack security group rule create --ingress $name --dst-port 80 --protocol tcp; done
241 | 
242 | ## Development
243 | 
244 | When developing terraform plugin, place the following in your `~/.terraformrc`:
245 | 
246 |     provider_installation {
247 |       dev_overrides {
248 |         "terraform-provider-openstack/openstack" = "/home/ubuntu/terraform-provider-openstack"
249 |       }
250 |       direct {}
251 |     }
252 | 
253 | ## Sonobuoy Conformance
254 | 
255 | To run sonobuoy conformance test:
256 | 
257 |     make conformance
258 | 
259 | To view the status of the test while it is running:
260 | 
261 |     watch "sonobuoy status --json | jq"
262 | 
263 | To dump the results to file when it is complete:
264 | 
265 |     make result
266 | 
267 | To clean up:
268 | 
269 |     sonobuoy delete --all
270 | 


--------------------------------------------------------------------------------
/bastion.tf:
--------------------------------------------------------------------------------
 1 | variable "bastion" {
 2 |   type = map(any)
 3 | }
 4 | 
 5 | data "openstack_networking_network_v2" "bastion" {
 6 |   count = lookup(var.bastion, "count", 0)
 7 |   name  = var.bastion.network
 8 | }
 9 | 
10 | resource "openstack_networking_port_v2" "bastion" {
11 |   count          = lookup(var.bastion, "count", 0)
12 |   name           = var.bastion.name
13 |   network_id     = data.openstack_networking_network_v2.bastion[count.index].id
14 |   admin_state_up = "true"
15 | }
16 | 
17 | resource "openstack_compute_instance_v2" "bastion" {
18 |   count           = lookup(var.bastion, "count", 0)
19 |   name            = var.bastion.name
20 |   image_id        = var.bastion.image
21 |   flavor_id       = var.bastion.flavor
22 |   key_pair        = var.bastion.keypair_name
23 |   security_groups = ["default"]
24 | 
25 |   network {
26 |     port = openstack_networking_port_v2.bastion[count.index].id
27 |   }
28 | 
29 | }
30 | 
31 | resource "null_resource" "bastion" {
32 |   count = lookup(var.bastion, "count", 0)
33 |   triggers = {
34 |     host       = openstack_compute_instance_v2.bastion[count.index].access_ip_v4
35 |     packages   = "helm kubectl clusterctl sonobuoy"
36 |     kubeconfig = lookup(lookup(openstack_containerinfra_cluster_v1.clusters, var.kubeconfig, {}), "kubeconfig", { raw_config : null }).raw_config
37 |   }
38 | 
39 |   connection {
40 |     type         = "ssh"
41 |     host         = self.triggers.host
42 |     user         = var.bastion.user
43 |     bastion_host = var.bastion.bastion_host
44 |     bastion_user = var.bastion.bastion_user
45 |   }
46 | 
47 |   provisioner "file" {
48 |     content     = self.triggers.kubeconfig
49 |     destination = "/tmp/config"
50 |   }
51 | 
52 |   provisioner "remote-exec" {
53 |     inline = [
54 |       "mkdir -p ~/.kube; mv /tmp/config ~/.kube/config; chmod 600 ~/.kube/config",
55 |       "git clone --depth 1 https://github.com/stackhpc/terraform-magnum",
56 |       "cd terraform-magnum",
57 |       "make ${self.triggers.packages}",
58 |     ]
59 |   }
60 | }
61 | 
62 | output "bastion" {
63 |   value = openstack_compute_instance_v2.bastion[*].access_ip_v4
64 | }
65 | 


--------------------------------------------------------------------------------
/clusters.tf:
--------------------------------------------------------------------------------
  1 | variable "clusters" {
  2 |   type = map(object({
  3 |     template            = optional(any)
  4 |     master_count        = optional(any)
  5 |     node_count          = optional(any)
  6 |     keypair             = optional(any)
  7 |     create_timeout      = optional(any)
  8 |     floating_ip_enabled = optional(any)
  9 |     flavor              = optional(any)
 10 |     master_flavor       = optional(any)
 11 |     fixed_network       = optional(any)
 12 |     fixed_subnet        = optional(any)
 13 |     labels              = optional(map(string))
 14 |   }))
 15 |   default = {}
 16 | }
 17 | 
 18 | variable "cluster_labels" {
 19 |   type = map(any)
 20 |   default = {
 21 |   }
 22 | }
 23 | 
 24 | variable "keypair_file" {
 25 |   type    = string
 26 |   default = "~/.ssh/id_rsa.pub"
 27 | }
 28 | 
 29 | variable "keypair_name" {
 30 |   type = string
 31 | }
 32 | 
 33 | variable "master_count" {
 34 |   type    = number
 35 |   default = "1"
 36 | }
 37 | 
 38 | variable "node_count" {
 39 |   type    = number
 40 |   default = "1"
 41 | }
 42 | 
 43 | variable "create_timeout" {
 44 |   type    = number
 45 |   default = "15"
 46 | }
 47 | 
 48 | variable "kubeconfig" {
 49 |   type = string
 50 | }
 51 | 
 52 | data "local_file" "public_key" {
 53 |   filename = pathexpand(var.keypair_file)
 54 | }
 55 | 
 56 | resource "openstack_compute_keypair_v2" "keypair" {
 57 |   name       = var.keypair_name
 58 |   public_key = data.local_file.public_key.content
 59 | }
 60 | 
 61 | resource "openstack_containerinfra_cluster_v1" "clusters" {
 62 |   for_each            = var.clusters
 63 |   name                = each.key
 64 |   cluster_template_id = openstack_containerinfra_clustertemplate_v1.templates[each.value.template].id
 65 |   master_count        = lookup(each.value, "master_count") != null ? lookup(each.value, "master_count") : var.master_count
 66 |   node_count          = lookup(each.value, "node_count") != null ? lookup(each.value, "node_count") : var.node_count
 67 |   keypair             = lookup(each.value, "keypair") != null ? lookup(each.value, "keypair") : openstack_compute_keypair_v2.keypair.id
 68 |   create_timeout      = lookup(each.value, "create_timeout") != null ? lookup(each.value, "create_timeout") : var.create_timeout
 69 |   floating_ip_enabled = lookup(each.value, "floating_ip_enabled") != null ? lookup(each.value, "floating_ip_enabled") : var.floating_ip_enabled
 70 |   flavor              = lookup(each.value, "flavor") != null ? lookup(each.value, "flavor") : var.flavor
 71 |   master_flavor       = lookup(each.value, "master_flavor") != null ? lookup(each.value, "master_flavor") : var.master_flavor
 72 |   fixed_network       = lookup(each.value, "fixed_network") != null ? lookup(each.value, "fixed_network") : var.fixed_network
 73 |   fixed_subnet        = lookup(each.value, "fixed_subnet") != null ? lookup(each.value, "fixed_subnet") : var.fixed_subnet
 74 |   labels              = merge(openstack_containerinfra_clustertemplate_v1.templates[each.value.template].labels, var.cluster_labels, lookup(each.value, "labels", {}))
 75 | }
 76 | 
 77 | resource "local_file" "kubeconfigs" {
 78 |   for_each        = var.clusters
 79 |   content         = lookup(lookup(openstack_containerinfra_cluster_v1.clusters, each.key, {}), "kubeconfig", { raw_config : null }).raw_config
 80 |   filename        = pathexpand("~/.kube/${each.key}/config")
 81 |   file_permission = "0600"
 82 |   depends_on      = [openstack_containerinfra_cluster_v1.clusters]
 83 | }
 84 | 
 85 | resource "null_resource" "kubeconfig" {
 86 |   triggers = {
 87 |     kubeconfig = var.kubeconfig
 88 |   }
 89 | 
 90 |   provisioner "local-exec" {
 91 |     command = "ln -fs ~/.kube/${var.kubeconfig}/config ~/.kube/config; chmod 600 ~/.kube/config"
 92 |   }
 93 | 
 94 |   depends_on = [local_file.kubeconfigs]
 95 | }
 96 | 
 97 | output "clusters" {
 98 |   value = var.clusters
 99 | }
100 | 


--------------------------------------------------------------------------------
/envs/alaska-sriov.tfvars:
--------------------------------------------------------------------------------
 1 | external_network    = "ilab"
 2 | keypair_name        = "sriov"
 3 | master_count        = 1
 4 | node_count          = 1
 5 | fixed_network       = "p3-bdn-gw"
 6 | fixed_subnet        = "p3-bdn-gw"
 7 | master_flavor       = "general.v1.tiny"
 8 | flavor              = "general.v1.tiny"
 9 | floating_ip_enabled = true
10 | master_lb_enabled   = false
11 | volume_driver       = ""
12 | insecure_registry   = "10.60.253.37"
13 | create_timeout      = 60
14 | 
15 | template_labels = {
16 |   container_infra_prefix  = "10.60.253.37/magnum/"
17 |   monitoring_enabled      = "true"
18 |   auto_scaling_enabled    = "true"
19 |   auto_healing_enabled    = "true"
20 |   auto_healing_controller = "magnum-auto-healer"
21 |   magnum_auto_healer_tag  = "v1.20.0"
22 |   ingress_controller      = "nginx"
23 |   vnic_type               = "direct"
24 | }
25 | 
26 | clusters = {
27 |   "k8s-sriov-1.20" = {
28 |     template = "k8s-sriov-1.20.4"
29 |     labels = {
30 |     }
31 |   }
32 | }
33 | kubeconfig = "k8s-sriov-1.20"
34 | 
35 | extra_templates = {
36 |   "k8s-sriov-1.20.4" = {
37 |     network_driver = "calico"
38 |     image          = "fedora-coreos-32.20201018.3.0-openstack.x86_64"
39 |     labels = {
40 |       kube_tag           = "v1.20.4-rancher1" # https://github.com/kubernetes/kubernetes/releases
41 |       cloud_provider_tag = "v1.20.0"           # https://hub.docker.com/r/k8scloudprovider/openstack-cloud-controller-manager/tags
42 |       vnic_type          = "direct"
43 |     }
44 |   }
45 | }
46 | 


--------------------------------------------------------------------------------
/envs/alaska.tfvars:
--------------------------------------------------------------------------------
 1 | external_network    = "ilab"
 2 | keypair_name        = "alaska"
 3 | master_count        = 1
 4 | node_count          = 2
 5 | fixed_network       = "p3-internal"
 6 | fixed_subnet        = "p3-internal"
 7 | master_flavor       = "general.v1.tiny"
 8 | flavor              = "general.v1.tiny"
 9 | floating_ip_enabled = true
10 | master_lb_enabled   = false
11 | volume_driver       = ""
12 | create_timeout      = 60
13 | 
14 | template_labels = {
15 |   container_infra_prefix = "harbor.cumulus.openstack.hpc.cam.ac.uk/magnum/"
16 |   monitoring_enabled     = "true"
17 |   auto_scaling_enabled   = "false"
18 |   auto_healing_enabled   = "false"
19 | }
20 | 
21 | clusters = {
22 |   "k8s-alaska" = {
23 |     template = "k8s-1.21.2"
24 |     labels = {
25 |       selinux_mode = "permissive"
26 |     }
27 |   }
28 | }
29 | kubeconfig = "k8s-alaska"
30 | 
31 | image = "fedora-coreos-32.20200601.3.0-openstack.x86_64"
32 | 


--------------------------------------------------------------------------------
/envs/cumulus.tfvars:
--------------------------------------------------------------------------------
1 | external_network = "internet"
2 | master_flavor    = "general.v1.tiny"
3 | flavor           = "general.v1.tiny"
4 | keypair_name     = "default"
5 | 


--------------------------------------------------------------------------------
/envs/devstack-ipv6.tfvars:
--------------------------------------------------------------------------------
 1 | node_count       = 2
 2 | external_network = "public"
 3 | keypair_name     = "devstack"
 4 | 
 5 | cluster_labels = {
 6 |   container_infra_prefix = "ghcr.io/stackhpc/"
 7 | }
 8 | 
 9 | clusters = {
10 |   "k8s-ipv6" = {
11 |     template            = "k8s-1.21.2"
12 |     fixed_network       = "private"
13 |     fixed_subnet        = "private-subnet"
14 |     labels = {
15 |       fixed_ipv6_subnet = "ipv6-private-subnet"
16 |       container_runtime = "containerd"
17 |     }
18 |   }
19 | }
20 | 
21 | kubeconfig = "k8s-ipv6"
22 | 


--------------------------------------------------------------------------------
/envs/devstack.tfvars:
--------------------------------------------------------------------------------
 1 | node_count       = 2
 2 | external_network = "public"
 3 | keypair_name     = "devstack"
 4 | 
 5 | cluster_labels = {
 6 |   container_infra_prefix = "ghcr.io/stackhpc/"
 7 | }
 8 | 
 9 | clusters = {
10 |   "k8s-devstack" = {
11 |     template            = "k8s-1.21.2"
12 |     floating_ip_enabled = "true"
13 |     labels = {
14 |     }
15 |   }
16 | }
17 | 
18 | kubeconfig = "k8s-devstack"
19 | 


--------------------------------------------------------------------------------
/envs/kayobe-aio-overcloud.tfvars:
--------------------------------------------------------------------------------
 1 | external_network    = "public"
 2 | keypair_name        = "default"
 3 | master_flavor       = "m1.small"
 4 | flavor              = "m1.medium"
 5 | volume_driver       = ""
 6 | master_lb_enabled   = "false"
 7 | floating_ip_enabled = "true"
 8 | template_labels = {
 9 |   tiller_enabled          = "true"
10 |   monitoring_enabled      = "true"
11 |   auto_scaling_enabled    = "true"
12 |   autoscaler_tag          = "v1.15.2"
13 |   auto_healing_enabled    = "true"
14 |   auto_healing_controller = "magnum-auto-healer"
15 |   calico_ipv4pool         = "10.100.0.0/16"
16 | }
17 | 


--------------------------------------------------------------------------------
/envs/sausage.tfvars:
--------------------------------------------------------------------------------
 1 | external_network    = "internet"
 2 | keypair_name        = "macbook"
 3 | master_flavor       = "bratwurst"
 4 | flavor              = "bratwurst"
 5 | volume_driver       = ""
 6 | floating_ip_enabled = false
 7 | master_count        = 1
 8 | node_count          = 1
 9 | master_lb_enabled   = true
10 | 


--------------------------------------------------------------------------------
/envs/smslab.tfvars:
--------------------------------------------------------------------------------
 1 | node_count       = 2
 2 | external_network = "stackhpc-ipv4-vlan-magnum"
 3 | keypair_name     = "smslab"
 4 | master_flavor    = "general.v1.tiny"
 5 | flavor           = "general.v1.tiny"
 6 | 
 7 | cluster_labels = {
 8 |   container_infra_prefix = "ghcr.io/stackhpc/"
 9 | }
10 | 
11 | clusters = {
12 |   "k8s-smslab" = {
13 |     template            = "k8s-1.21.2"
14 |     floating_ip_enabled = "true"
15 |     flavor           = "general.v1.small"
16 |     labels = {
17 |       etcd_volume_size = 1
18 |       monitoring_enabled = "false"
19 |       auto_healing_enabled = "false"
20 |       auto_scaling_enabled = "false"
21 |     }
22 |   }
23 | }
24 | 
25 | kubeconfig = "k8s-smslab"
26 | 
27 | bastion = {
28 |   count        = 1
29 |   name         = "clusterctl"
30 |   network      = "stackhpc-ipv4-vlan-magnum"
31 |   image        = "34a622a7-703e-4d43-b116-6fe92f04de14" # Ubuntu-20.04
32 |   flavor       = "abf8401b-f0f4-4c20-bdfa-5626bca8bf31" # general.v1.tiny
33 |   keypair_name = "smslab"
34 |   bastion_host = "185.45.78.150"
35 |   bastion_user = "bharat"
36 |   user         = "ubuntu"
37 | }
38 | 


--------------------------------------------------------------------------------
/envs/stein.tfvars:
--------------------------------------------------------------------------------
 1 | clusters = {
 2 |   "k8s-calico-stein" = {
 3 |     template = "k8s-calico-atomic"
 4 |     labels = {
 5 |       kube_tag           = "v1.15.12"
 6 |       cloud_provider_tag = "v1.15.0"
 7 |     }
 8 |   }
 9 |   "k8s-flannel-stein" = {
10 |     template = "k8s-flannel-atomic"
11 |     labels = {
12 |       kube_tag           = "v1.15.12"
13 |       cloud_provider_tag = "v1.15.0"
14 |     }
15 |   }
16 | }
17 | 
18 | 
19 | node_count   = 1
20 | master_count = 1
21 | 
22 | kubeconfig = "k8s-calico-coreos"
23 | 


--------------------------------------------------------------------------------
/images/dev.txt:
--------------------------------------------------------------------------------
 1 | # CSI images
 2 | quay.io/k8scsi/csi-attacher:v2.2.1
 3 | quay.io/k8scsi/csi-provisioner:v1.6.1
 4 | quay.io/k8scsi/csi-snapshotter:v2.1.3
 5 | quay.io/k8scsi/csi-resizer:v0.5.1
 6 | quay.io/k8scsi/livenessprobe:v2.1.0
 7 | quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
 8 | k8scloudprovider/cinder-csi-plugin:v1.20.0
 9 | # Calico images
10 | quay.io/calico/cni:v3.18.0
11 | quay.io/calico/kube-controllers:v3.18.0
12 | quay.io/calico/node:v3.18.0
13 | quay.io/calico/pod2daemon-flexvol:v3.18.0
14 | 


--------------------------------------------------------------------------------
/images/legacy.txt:
--------------------------------------------------------------------------------
1 | gcr.io/google_containers/pause:3.0
2 | k8s.gcr.io/etcd:3.3.17
3 | k8s.gcr.io/hyperkube:v1.17.2
4 | quay.io/calico/cni:v3.3.6
5 | quay.io/calico/node:v3.3.6
6 | coredns/coredns:1.3.1
7 | 


--------------------------------------------------------------------------------
/images/master.txt:
--------------------------------------------------------------------------------
 1 | coredns/coredns:1.6.6
 2 | directxman12/k8s-prometheus-adapter-amd64:v0.5.0
 3 | docker.io/openstackmagnum/heat-container-agent:ussuri-stable-1
 4 | docker.io/openstackmagnum/heat-container-agent:victoria-stable-1
 5 | docker.io/openstackmagnum/heat-container-agent:wallaby-stable-1
 6 | gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.2
 7 | gcr.io/google_containers/metrics-server-amd64:v0.3.5
 8 | gcr.io/google_containers/pause:3.1
 9 | grafana/grafana:6.6.2
10 | jettech/kube-webhook-certgen:v1.0.0
11 | k8s.gcr.io/defaultbackend:1.4
12 | k8s.gcr.io/node-problem-detector:v0.6.2
13 | k8scloudprovider/cinder-csi-plugin:v1.18.0
14 | k8scloudprovider/k8s-keystone-auth:v1.18.0
15 | k8scloudprovider/magnum-auto-healer:v1.20.0
16 | k8scloudprovider/openstack-cloud-controller-manager:v1.18.2
17 | k8scloudprovider/openstack-cloud-controller-manager:v1.19.2
18 | k8scloudprovider/openstack-cloud-controller-manager:v1.20.0
19 | k8scloudprovider/openstack-cloud-controller-manager:v1.20.2
20 | k8scloudprovider/openstack-cloud-controller-manager:v1.21.0
21 | kiwigrid/k8s-sidecar:0.1.99
22 | kubernetesui/dashboard:v2.0.0
23 | kubernetesui/metrics-scraper:v1.0.4
24 | openstackmagnum/cluster-autoscaler:v1.18.1
25 | quay.io/calico/cni:v3.13.1
26 | quay.io/calico/kube-controllers:v3.13.1
27 | quay.io/calico/node:v3.13.1
28 | quay.io/calico/pod2daemon-flexvol:v3.13.1
29 | quay.io/coreos/configmap-reload:v0.0.1
30 | quay.io/coreos/etcd:v3.4.6
31 | quay.io/coreos/flannel-cni:v0.3.0
32 | quay.io/coreos/flannel:v0.12.0-amd64
33 | quay.io/coreos/kube-state-metrics:v1.9.4
34 | quay.io/coreos/prometheus-config-reloader:v0.37.0
35 | quay.io/coreos/prometheus-operator:v0.37.0
36 | quay.io/k8scsi/csi-attacher:v2.0.0
37 | quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
38 | quay.io/k8scsi/csi-provisioner:v1.4.0
39 | quay.io/k8scsi/csi-resizer:v0.3.0
40 | quay.io/k8scsi/csi-snapshotter:v1.2.2
41 | quay.io/prometheus/alertmanager:v0.20.0
42 | quay.io/prometheus/node-exporter:v0.18.1
43 | quay.io/prometheus/prometheus:v2.15.2
44 | docker.io/rancher/hyperkube:v1.18.16-rancher1
45 | docker.io/rancher/hyperkube:v1.19.8-rancher1
46 | docker.io/rancher/hyperkube:v1.20.4-rancher1
47 | ghcr.io/stackhpc/hyperkube:v1.19.10
48 | ghcr.io/stackhpc/hyperkube:v1.19.12
49 | ghcr.io/stackhpc/hyperkube:v1.20.6
50 | ghcr.io/stackhpc/hyperkube:v1.20.8
51 | ghcr.io/stackhpc/hyperkube:v1.21.0
52 | ghcr.io/stackhpc/hyperkube:v1.21.2
53 | squareup/ghostunnel:v1.5.2
54 | 


--------------------------------------------------------------------------------
/images/sonobuoy.txt:
--------------------------------------------------------------------------------
1 | sonobuoy/sonobuoy:v0.53.2
2 | sonobuoy/systemd-logs:v0.3
3 | 


--------------------------------------------------------------------------------
/manifests/nginx-cinder-csi.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: nginx-cinder-csi
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteOnce
 8 |   resources:
 9 |     requests:
10 |       storage: 1Gi # pass here the size of the volume
11 |   storageClassName: cinder-csi
12 | ---
13 | apiVersion: v1
14 | kind: Pod
15 | metadata:
16 |   name: nginx-cinder-csi
17 | spec:
18 |   containers:
19 |     - name: web
20 |       image: nginx
21 |       ports:
22 |         - name: web
23 |           containerPort: 80
24 |           hostPort: 8081
25 |           protocol: TCP
26 |       volumeMounts:
27 |         - mountPath: "/usr/share/nginx/html"
28 |           name: mypd
29 |   volumes:
30 |     - name: mypd
31 |       persistentVolumeClaim:
32 |         claimName: nginx-cinder-csi
33 | 


--------------------------------------------------------------------------------
/manifests/nginx-in-tree-cinder.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: nginx-in-tree-cinder
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteOnce
 8 |   resources:
 9 |     requests:
10 |       storage: 1Gi # pass here the size of the volume
11 |   storageClassName: in-tree-cinder
12 | ---
13 | apiVersion: v1
14 | kind: Pod
15 | metadata:
16 |   name: nginx-in-tree-cinder
17 | spec:
18 |   containers:
19 |     - name: web
20 |       image: nginx
21 |       ports:
22 |         - name: web
23 |           containerPort: 80
24 |           hostPort: 8081
25 |           protocol: TCP
26 |       volumeMounts:
27 |         - mountPath: "/usr/share/nginx/html"
28 |           name: mypd
29 |   volumes:
30 |     - name: mypd
31 |       persistentVolumeClaim:
32 |         claimName: nginx-in-tree-cinder
33 | 


--------------------------------------------------------------------------------
/manifests/sc-cinder-csi.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 |   name: cinder-csi
5 |   annotations:
6 |     storageclass.kubernetes.io/is-default-class: "true"
7 | provisioner: cinder.csi.openstack.org
8 | 
9 | 


--------------------------------------------------------------------------------
/manifests/sc-in-tree-cinder.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 |   name: in-tree-cinder
5 |   annotations:
6 |     storageclass.kubernetes.io/is-default-class: "true"
7 | provisioner: kubernetes.io/cinder
8 | 


--------------------------------------------------------------------------------
/site/create.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 | DIR=`dirname $0`/..
4 | TFDIR=`realpath $DIR`
5 | TFVARS=${1:-$TFDIR/terraform.tfvars}
6 | TFSTATE=${2:-$TFDIR/terraform.tfstate}
7 | ACTION=${3:-apply -auto-approve}
8 | terraform $ACTION -var-file=$TFVARS -state=$TFSTATE
9 | 


--------------------------------------------------------------------------------
/site/destroy.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 | DIR=`dirname $0`/..
4 | TFDIR=`realpath $DIR`
5 | TFVARS=${1:-$TFDIR/terraform.tfvars}
6 | TFSTATE=${2:-$TFDIR/terraform.tfstate}
7 | ACTION=${3:-destroy}
8 | terraform $ACTION -var-file=$TFVARS -state=$TFSTATE
9 | 


--------------------------------------------------------------------------------
/site/magnum-tiller.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -ex
 3 | mkdir -p ${HOME}/ws/helm_home
 4 | export HELM_HOME="${HOME}/ws/helm_home"
 5 | export HELM_TLS_ENABLE="true"
 6 | export TILLER_NAMESPACE="magnum-tiller"
 7 | kubectl -n magnum-tiller get secret helm-client-secret -o jsonpath='{.data.ca\.pem}' | base64 --decode > "${HELM_HOME}/ca.pem"
 8 | kubectl -n magnum-tiller get secret helm-client-secret -o jsonpath='{.data.key\.pem}' | base64 --decode > "${HELM_HOME}/key.pem"
 9 | kubectl -n magnum-tiller get secret helm-client-secret -o jsonpath='{.data.cert\.pem}' | base64 --decode > "${HELM_HOME}/cert.pem"
10 | helm2 init --upgrade
11 | 


--------------------------------------------------------------------------------
/site/plan.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 | DIR=`dirname $0`/..
4 | TFDIR=`realpath $DIR`
5 | TFVARS=${1:-$TFDIR/terraform.tfvars}
6 | TFSTATE=${2:-$TFDIR/terraform.tfstate}
7 | ACTION=${3:-plan}
8 | terraform $ACTION -var-file=$TFVARS -state=$TFSTATE
9 | 


--------------------------------------------------------------------------------
/site/pull-retag-push.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | # for i in `cat worker.txt`; do (docker pull $i &); done
 3 | import argparse
 4 | import asyncio
 5 | import docker
 6 | import json
 7 | import sys
 8 | 
 9 | d = docker.from_env()
10 | 
11 | 
12 | def read_images(fname, filters):
13 |     with open(fname) as f:
14 |         images = f.read().splitlines()
15 |     return [i for i in images if all(f(i) for f in filters)]
16 | 
17 | 
18 | def pull(image, max_width):
19 |     try:
20 |         d.images.get(image)
21 |         result = "exists locally"
22 |     except docker.errors.ImageNotFound:
23 |         try:
24 |             d.images.pull(image)
25 |             result = "pulled"
26 |         except Exception:
27 |             result = "error"
28 |     cols = image.ljust(max_width), result
29 |     print(" | ".join(cols))
30 | 
31 | 
32 | def push(image, local_image, max_width):
33 |     try:
34 |         d.api.tag(image, local_image)
35 |         error = json.loads(d.images.push(local_image).splitlines()[-1]).get("error")
36 |         result = error if error else "pushed"
37 |     except docker.errors.ImageNotFound:
38 |         result = "not found"
39 |     cols = local_image.ljust(max_width), result
40 |     print(" | ".join(cols))
41 | 
42 | 
43 | async def main():
44 |     parser = argparse.ArgumentParser()
45 |     parser.add_argument(
46 |         "inputs",
47 |         nargs="+",
48 |         help="list of input files with list of remote images to pull, retag and push (default: images.txt)",
49 |     )
50 |     parser.add_argument(
51 |         "--registry",
52 |         "-r",
53 |         default="ghcr.io/stackhpc",
54 |         help="name of the local registry to retag and push images to (default: ghcr.io/stackhpc)",
55 |     )
56 |     parser.add_argument(
57 |         "--filter",
58 |         "-f",
59 |         default="",
60 |         required=False,
61 |         help="filter images (default: '')",
62 |     )
63 |     args = parser.parse_args()
64 | 
65 |     if not args.inputs:
66 |         print("Nothing to pull, retag and push.")
67 |         parser.print_help()
68 |         sys.exit(1)
69 | 
70 |     for fname in args.inputs:
71 |         filters = [lambda x: x, lambda x: not x.startswith("#")]
72 |         if args.filter:
73 |             filters.append(lambda x: args.filter in x)
74 |         images = read_images(fname, filters)
75 |         max_width = max([len(i) for i in images])
76 | 
77 |         print("Pulling images in %s" % fname)
78 |         tasks = [loop.run_in_executor(None, pull, image, max_width) for image in images]
79 |         await asyncio.gather(*tasks)
80 |         print("---")
81 | 
82 |         print("Pushing images in %s" % fname)
83 |         local_images = ["{}/{}".format(args.registry, image.rsplit("/", maxsplit=1)[-1]) for image in images]
84 |         max_width = max([len(i) for i in local_images])
85 | 
86 |         tasks = [
87 |             loop.run_in_executor(None, push, image, local_image, max_width)
88 |             for image, local_image in zip(images, local_images)
89 |         ]
90 |         await asyncio.gather(*tasks)
91 |         print("---")
92 | 
93 | 
94 | if __name__ == "__main__":
95 |     loop = asyncio.get_event_loop()
96 |     loop.run_until_complete(main())
97 | 


--------------------------------------------------------------------------------
/site/purge.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 | while openstack coe cluster delete `openstack coe cluster list -c uuid -f value`
4 | do
5 | 	sleep 5
6 | done
7 | openstack coe cluster template delete `openstack coe cluster template list -c uuid -f value`
8 | 


--------------------------------------------------------------------------------
/site/taint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -x
3 | TFDIR=`dirname $0`/..
4 | TFSTATE=$PWD/${1:-$TFDIR/terraform.tfstate}
5 | for i in `terraform state list -state=$TFSTATE | grep _cluster_`; do terraform taint -state=$TFSTATE $i; done
6 | 


--------------------------------------------------------------------------------
/site/upload-atomic.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -ex
 3 | DATE=${1:-20191126.0}
 4 | ARCH=${ARCH:-x86_64}
 5 | IMAGE=${IMAGE:-Fedora-AtomicHost-29-$DATE.$ARCH}
 6 | FNAME=$IMAGE.qcow2
 7 | set -e
 8 | openstack image show $IMAGE || (
 9 |     curl -OL https://dl.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-$DATE/AtomicHost/$ARCH/images/$FNAME
10 |     openstack image create \
11 |          --disk-format=qcow2 \
12 |          --container-format=bare \
13 |          --file=$FNAME \
14 |          --property os_distro=fedora-atomic --property hw_rng_model=virtio \
15 |          $IMAGE
16 |     )
17 | 


--------------------------------------------------------------------------------
/site/upload-coreos.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | LATEST=$(curl -s https://builds.coreos.fedoraproject.org/streams/stable.json | python3 -c "import json, sys; print(json.loads(sys.stdin.read())['architectures']['x86_64']['artifacts']['openstack']['release'])")
 4 | DEFAULT=33.20210426.3.0 #34.20210529.3.0
 5 | DATE=${1:-$DEFAULT}
 6 | STREAM=${STREAM:-stable}
 7 | ARCH=${ARCH:-x86_64}
 8 | USELATEST="y"
 9 | [[ "$DATE" = "$LATEST" ]] || read -p "The image you are using is $DATE but the latest is $LATEST. Use latest? [Y/n] " USELATEST
10 | [[ "$(echo $USELATEST | tr '[:upper:]' '[:lower:]')" = "n" ]] || DATE=$LATEST
11 | IMAGE=${IMAGE:-fedora-coreos-$DATE-openstack.$ARCH}
12 | echo "Using image: $IMAGE"
13 | FNAME=$IMAGE.qcow2
14 | set -x
15 | openstack image show $IMAGE || (
16 |     [[ -f "$FNAME" ]] || (
17 |         curl -OL https://builds.coreos.fedoraproject.org/prod/streams/$STREAM/builds/$DATE/$ARCH/$FNAME.xz
18 |         unxz $FNAME.xz
19 |     )
20 |     openstack image create --disk-format=qcow2 --container-format=bare --file=$FNAME --property os_distro='fedora-coreos' $IMAGE
21 | )
22 | sed -i.bak "s/fedora-coreos-.*-openstack.$ARCH/$IMAGE/g" *.tfvars tfvars/*.tfvars *.tf
23 | sed -i.bak "s/$DEFAULT/$DATE/g" $0
24 | 


--------------------------------------------------------------------------------
/sonobuoy.yml:
--------------------------------------------------------------------------------
1 | dockerLibraryRegistry: ghcr.io/stackhpc
2 | 


--------------------------------------------------------------------------------
/templates.tf:
--------------------------------------------------------------------------------
  1 | # kube_tag: https://github.com/rancher/hyperkube/tags
  2 | # cloud_provider_tag: https://github.com/kubernetes/cloud-provider-openstack/tags
  3 | 
  4 | variable "templates" {
  5 |   type = map(any)
  6 |   default = {
  7 |     "k8s-1.19.12" = {
  8 |       labels = {
  9 |         kube_tag           = "v1.19.12"
 10 |         cloud_provider_tag = "v1.19.2"
 11 |       }
 12 |     }
 13 |     "k8s-1.20.8" = {
 14 |       labels = {
 15 |         kube_tag           = "v1.20.8"
 16 |         cloud_provider_tag = "v1.20.2"
 17 |       }
 18 |     }
 19 |     "k8s-1.21.2" = {
 20 |       labels = {
 21 |         kube_tag           = "v1.21.2"
 22 |         cloud_provider_tag = "v1.20.2"
 23 |       }
 24 |     }
 25 |   }
 26 | }
 27 | 
 28 | variable "extra_templates" {
 29 |   type    = map(any)
 30 |   default = {}
 31 | }
 32 | 
 33 | variable "template_labels" {
 34 |   type = map(any)
 35 |   default = {
 36 |     monitoring_enabled            = "true"
 37 |     auto_scaling_enabled          = "true"
 38 |     auto_healing_enabled          = "true"
 39 |     auto_healing_controller       = "magnum-auto-healer"
 40 |     magnum_auto_healer_tag        = "v1.20.0"
 41 |     master_lb_floating_ip_enabled = "true"
 42 |     cinder_csi_enabled            = "true"
 43 |   }
 44 | }
 45 | 
 46 | variable "image" {
 47 |   type    = string
 48 |   default = "fedora-coreos-33.20210426.3.0-openstack.x86_64"
 49 | }
 50 | 
 51 | variable "floating_ip_enabled" {
 52 |   type    = string
 53 |   default = "false"
 54 | }
 55 | 
 56 | variable "flavor" {
 57 |   type    = string
 58 |   default = "ds4G"
 59 | }
 60 | 
 61 | variable "master_flavor" {
 62 |   type    = string
 63 |   default = "ds4G"
 64 | }
 65 | 
 66 | variable "volume_driver" {
 67 |   type    = string
 68 |   default = "cinder"
 69 | }
 70 | 
 71 | variable "external_network" {
 72 |   type = string
 73 | }
 74 | 
 75 | variable "network_driver" {
 76 |   type    = string
 77 |   default = "calico"
 78 | }
 79 | 
 80 | variable "fixed_network" {
 81 |   type    = string
 82 |   default = ""
 83 | }
 84 | 
 85 | variable "fixed_subnet" {
 86 |   type    = string
 87 |   default = ""
 88 | }
 89 | 
 90 | variable "insecure_registry" {
 91 |   type    = string
 92 |   default = ""
 93 | }
 94 | 
 95 | variable "docker_volume_size" {
 96 |   type    = number
 97 |   default = "0"
 98 | }
 99 | 
100 | variable "tls_disabled" {
101 |   type    = string
102 |   default = "false"
103 | }
104 | 
105 | variable "master_lb_enabled" {
106 |   type    = string
107 |   default = "true"
108 | }
109 | 
110 | resource "openstack_containerinfra_clustertemplate_v1" "templates" {
111 |   for_each              = merge(var.templates, var.extra_templates)
112 |   name                  = each.key
113 |   coe                   = "kubernetes"
114 |   docker_storage_driver = "overlay2"
115 |   server_type           = "vm"
116 |   tls_disabled          = var.tls_disabled
117 |   image                 = lookup(each.value, "image", var.image)
118 |   volume_driver         = var.volume_driver
119 |   external_network_id   = var.external_network
120 |   master_lb_enabled     = var.master_lb_enabled
121 |   fixed_network         = var.fixed_network
122 |   fixed_subnet          = var.fixed_subnet
123 |   insecure_registry     = var.insecure_registry
124 |   floating_ip_enabled   = var.floating_ip_enabled
125 |   docker_volume_size    = var.docker_volume_size
126 |   network_driver        = lookup(each.value, "network_driver", var.network_driver)
127 |   flavor                = lookup(each.value, "flavor", var.flavor)
128 |   master_flavor         = lookup(each.value, "master_flavor", var.master_flavor)
129 |   labels                = merge(var.template_labels, lookup(each.value, "labels", {}))
130 | 
131 |   lifecycle {
132 |     create_before_destroy = true
133 |   }
134 | }
135 | 
136 | output "templates" {
137 |   value = openstack_containerinfra_clustertemplate_v1.templates
138 | }
139 | 
140 | 


--------------------------------------------------------------------------------
/terraform.tfvars.sample:
--------------------------------------------------------------------------------
1 | external_network    = "public"
2 | keypair_name        = "default"
3 | floating_ip_enabled = "true"
4 | 


--------------------------------------------------------------------------------
/tfvars/atomic.tfvars:
--------------------------------------------------------------------------------
 1 | templates = {
 2 |   "k8s-calico-atomic" = {
 3 |     network_driver = "calico"
 4 |     image          = "Fedora-AtomicHost-29-20191126.0.x86_64"
 5 |     labels = {
 6 |       kube_tag           = "v1.15.12"
 7 |       cloud_provider_tag = "v1.15.0"
 8 |     }
 9 |   }
10 |   "k8s-flannel-atomic" = {
11 |     network_driver = "flannel"
12 |     image          = "Fedora-AtomicHost-29-20191126.0.x86_64"
13 |     labels = {
14 |       kube_tag           = "v1.15.12"
15 |       cloud_provider_tag = "v1.15.0"
16 |     }
17 |   }
18 | }
19 | 
20 | clusters = {
21 |   "k8s-calico-atomic" = {
22 |     template = "k8s-calico-atomic"
23 |   }
24 |   "k8s-flannel-atomic" = {
25 |     template = "k8s-flannel-atomic"
26 |   }
27 | }
28 | 
29 | kubeconfig = "k8s-calico-atomic"
30 | 


--------------------------------------------------------------------------------
/tfvars/coreos.tfvars:
--------------------------------------------------------------------------------
 1 | clusters = {
 2 |   "k8s-1.18" = {
 3 |     template = "k8s-1.18.16"
 4 |     labels = {
 5 |     }
 6 |   }
 7 |   "k8s-1.19" = {
 8 |     template = "k8s-1.19.8"
 9 |     labels = {
10 |     }
11 |   }
12 |   "k8s-1.20" = {
13 |     template = "k8s-1.20.4"
14 |     labels = {
15 |     }
16 |   }
17 | }
18 | 
19 | kubeconfig = "k8s-1.20"
20 | 


--------------------------------------------------------------------------------
/tfvars/flannel.tfvars:
--------------------------------------------------------------------------------
 1 | network_driver = "flannel"
 2 | 
 3 | clusters = {
 4 |   "k8s-flannel-1.18" = {
 5 |     template = "k8s-1.18.16"
 6 |     labels = {
 7 |     }
 8 |   }
 9 |   "k8s-flannel-1.19" = {
10 |     template = "k8s-1.19.8"
11 |     labels = {
12 |     }
13 |   }
14 |   "k8s-flannel-1.20" = {
15 |     template = "k8s-1.20.3"
16 |     labels = {
17 |     }
18 |   }
19 | }
20 | 
21 | kubeconfig = "k8s-flannel-1.20"
22 | 


--------------------------------------------------------------------------------
/tfvars/podman.tfvars:
--------------------------------------------------------------------------------
 1 | templates = {
 2 |   "k8s-calico-atomic" = {
 3 |     network_driver = "calico"
 4 |     image          = "Fedora-AtomicHost-29-20191126.0.x86_64"
 5 |     labels = {
 6 |       kube_tag           = "v1.15.12"
 7 |       cloud_provider_tag = "v1.15.0"
 8 |     }
 9 |   }
10 |   "k8s-flannel-atomic" = {
11 |     network_driver = "flannel"
12 |     image          = "Fedora-AtomicHost-29-20191126.0.x86_64"
13 |     labels = {
14 |       kube_tag           = "v1.15.12"
15 |       cloud_provider_tag = "v1.15.0"
16 |     }
17 |   }
18 | }
19 | 
20 | clusters = {
21 |   "k8s-calico-podman" = {
22 |     template = "k8s-calico-atomic"
23 |     labels = {
24 |       use_podman = "true"
25 |       etcd_tag   = "v3.4.6"
26 |     }
27 |   }
28 |   "k8s-flannel-podman" = {
29 |     template = "k8s-flannel-atomic"
30 |     labels = {
31 |       use_podman = "true"
32 |       etcd_tag   = "v3.4.6"
33 |     }
34 |   }
35 | }
36 | 
37 | kubeconfig = "k8s-calico-podman"
38 | 


--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     openstack = {
 4 |       source  = "terraform-provider-openstack/openstack"
 5 |       version = ">=1.31.0"
 6 |     }
 7 |     local = {
 8 |       source = "hashicorp/local"
 9 |     }
10 |     null = {
11 |       source = "hashicorp/null"
12 |     }
13 |   }
14 |   required_version = ">= 1.0.0"
15 |   experiments      = [module_variable_optional_attrs]
16 | }
17 | 


--------------------------------------------------------------------------------