Merge pull request #21 from vexxhost/add-capi

feat: add capi

.github/workflows/molecule.yml

@@ -27,6 +27,8 @@ jobs:
       fail-fast: false
       matrix:
         scenario:
+          - cluster-api
+          - cluster-api-upgrade
           - containerd
           - helm
           - upload-helm-chart

molecule/cluster-api-upgrade/converge.yml

@@ -0,0 +1 @@
+../cluster-api/converge.yml

molecule/cluster-api-upgrade/molecule.yml

@@ -0,0 +1 @@
+../cluster-api/molecule.yml

molecule/cluster-api-upgrade/prepare.yml

@@ -0,0 +1,27 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- ansible.builtin.import_playbook: ../cluster-api/prepare.yml
+
+- name: Install older version of Cluster API
+  hosts: all
+  become: true
+  roles:
+    - role: vexxhost.kubernetes.cluster_api
+      vars:
+        clusterctl_version: 1.3.2
+        cluster_api_core_version: 1.3.2
+        cluster_api_bootstrap_version: 1.3.2
+        cluster_api_control_plane_version: 1.3.2
+        cluster_api_infrastructure_version: 0.7.0

molecule/cluster-api-upgrade/verify.yml

@@ -0,0 +1 @@
+../cluster-api/verify.yml

molecule/cluster-api/converge.yml

@@ -0,0 +1,19 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Converge
+  hosts: all
+  become: true
+  roles:
+    - vexxhost.kubernetes.cluster_api

molecule/cluster-api/molecule.yml

@@ -0,0 +1,56 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: kubernetes-${MOLECULE_SCENARIO_NAME}
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    privileged: true
+    cgroupns_mode: host
+    pre_build_image: true
+    etc_hosts:
+      k8s: 172.17.0.100
+    environment:
+      container: docker
+    security_opts:
+      - apparmor=unconfined
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /lib/modules:/lib/modules:ro
+      - /usr/src:/usr/src:ro
+    groups:
+      - controllers
+provisioner:
+  name: ansible
+  config_options:
+    connection:
+      pipelining: true
+  inventory:
+    group_vars:
+      all:
+        kubernetes_version: ${KUBERNETES_VERSION-1.26.3}
+        cilium_helm_values:
+          operator:
+            replicas: 1
+      controllers:
+        keepalived_interface: "{{ ansible_default_ipv4.interface }}"
+        keepalived_vip: 172.17.0.100
+        keepalived_vrid: 42
+        kubernetes_hostname: k8s
+verifier:
+  name: ansible

molecule/cluster-api/prepare.yml

@@ -0,0 +1,16 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- ansible.builtin.import_playbook: ../kubernetes/prepare.yml
+- ansible.builtin.import_playbook: ../kubernetes/converge.yml

molecule/cluster-api/verify.yml

@@ -0,0 +1,91 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Verify
+  hosts: all
+  become: true
+  tasks:
+    - name: Include default variables
+      ansible.builtin.include_vars:
+        file: "../../roles/{{ item }}/defaults/main.yml"
+      loop:
+        - download_artifact
+        - clusterctl
+        - cluster_api
+
+    - name: Ensure the "clusterctl" binary is installed
+      ansible.builtin.command: "{{ clusterctl_download_dest }} version -ojson"
+      register: _clusterctl_version
+
+    - name: Assert that the "clusterctl" binary is installed and version matches
+      ansible.builtin.assert:
+        that:
+          - _clusterctl_version.rc == 0
+          - _clusterctl_version.stdout | from_json | json_query('clusterctl.gitVersion') | regex_replace('^v', '') == clusterctl_version
+
+    - name: Ensure that the Cluster API components are ready
+      kubernetes.core.k8s_info:
+        api_version: v1
+        kind: Deployment
+        name: "{{ item.name }}"
+        namespace: "{{ item.namespace }}"
+      register: _resource_info
+      until: _resource_info.resources | json_query('[*].status.conditions[?reason==`NewReplicaSetAvailable`][].status') | select ('match','True') | list | length == 1
+      delay: 2
+      retries: 5
+      loop:
+        - namespace: capi-kubeadm-bootstrap-system
+          name: capi-kubeadm-bootstrap-controller-manager
+        - namespace: capi-kubeadm-control-plane-system
+          name: capi-kubeadm-control-plane-controller-manager
+        - namespace: capi-system
+          name: capi-controller-manager
+        - namespace: capo-system
+          name: capo-controller-manager
+
+    - name: Ensure that the Cluster API CRDs exist
+      kubernetes.core.k8s_info:
+        api_version: apiextensions.k8s.io/v1
+        kind: CustomResourceDefinition
+        name: "{{ item }}"
+      loop:
+        - clusters.cluster.x-k8s.io
+        - openstackclusters.infrastructure.cluster.x-k8s.io
+        - kubeadmcontrolplanes.controlplane.cluster.x-k8s.io
+        - machinedeployments.cluster.x-k8s.io
+        - machines.cluster.x-k8s.io
+        - openstackmachines.infrastructure.cluster.x-k8s.io
+
+    - name: Get a list of all Cluster API providers
+      run_once: true
+      kubernetes.core.k8s_info:
+        api_version: clusterctl.cluster.x-k8s.io/v1alpha3
+        kind: Provider
+      register: _cluster_api_providers
+
+    - name: Parse provider resources into version mapping
+      run_once: true
+      ansible.builtin.set_fact:
+        _cluster_api_core_version: "{{ _cluster_api_providers.resources | selectattr('type', 'equalto', 'CoreProvider') | map(attribute='version') | first | regex_replace('^v', '') }}"
+        _cluster_api_bootstrap_version: "{{ _cluster_api_providers.resources | selectattr('type', 'equalto', 'BootstrapProvider') | map(attribute='version') | first | regex_replace('^v', '') }}"
+        _cluster_api_control_plane_version: "{{ _cluster_api_providers.resources | selectattr('type', 'equalto', 'ControlPlaneProvider') | map(attribute='version') | first | regex_replace('^v', '') }}"
+        _cluster_api_infrastructure_version: "{{ _cluster_api_providers.resources | selectattr('type', 'equalto', 'InfrastructureProvider') | map(attribute='version') | first | regex_replace('^v', '') }}"
+
+    - name: Assert that the versions are the correct ones
+      ansible.builtin.assert:
+        that:
+          - _cluster_api_core_version == cluster_api_core_version
+          - _cluster_api_bootstrap_version == cluster_api_bootstrap_version
+          - _cluster_api_control_plane_version == cluster_api_control_plane_version
+          - _cluster_api_infrastructure_version == cluster_api_infrastructure_version

requirements.txt

@@ -1,5 +1,6 @@
 ansible-core
 docker-image-py
+jmespath
 molecule
 molecule-plugins[docker]
 pytest

roles/cluster_api/README.md

@@ -0,0 +1,4 @@
+# Cluster API
+
+This role deploys the [Cluster API](https://cluster-api.sigs.k8s.io/) on a
+Kubernetes cluster.

roles/cluster_api/defaults/main.yml

@@ -0,0 +1,31 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# clusterctl depends heavily on the GitHub API and gets very quickly rate
+# limited so you should set this to your own token.
+#
+# See: https://github.com/kubernetes-sigs/cluster-api/issues/3982
+cluster_api_github_token: ""
+
+cluster_api_core_provider: cluster-api
+cluster_api_core_version: 1.3.3
+
+cluster_api_bootstrap_provider: kubeadm
+cluster_api_bootstrap_version: 1.3.3
+
+cluster_api_control_plane_provider: kubeadm
+cluster_api_control_plane_version: 1.3.3
+
+cluster_api_infrastructure_provider: openstack
+cluster_api_infrastructure_version: 0.7.1

roles/cluster_api/meta/main.yml

@@ -0,0 +1,32 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+  author: VEXXHOST, Inc.
+  description: Ansible role for Cluster API
+  license: Apache-2.0
+  min_ansible_version: 5.5.0
+  standalone: false
+  platforms:
+    - name: EL
+      versions:
+        - "8"
+        - "9"
+    - name: Ubuntu
+      versions:
+        - focal
+        - jammy
+
+dependencies:
+  - role: vexxhost.kubernetes.clusterctl

roles/cluster_api/tasks/init.yml

@@ -0,0 +1,25 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Initialize the management cluster
+  run_once: true
+  changed_when: true
+  ansible.builtin.command: |
+    {{ clusterctl_download_dest }} init \
+      --config {{ clusterctl_config_file }} \
+      --core {{ cluster_api_core_provider }}:v{{ cluster_api_core_version }} \
+      --bootstrap {{ cluster_api_bootstrap_provider }}:v{{ cluster_api_bootstrap_version }} \
+      --control-plane {{ cluster_api_control_plane_provider }}:v{{ cluster_api_control_plane_version }} \
+      --infrastructure {{ cluster_api_infrastructure_provider }}:v{{ cluster_api_infrastructure_version }}
+  environment: "{{ _cluster_api_environment }}"

roles/cluster_api/tasks/main.yml

@@ -0,0 +1,28 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Get a list of all Cluster API providers
+  run_once: true
+  kubernetes.core.k8s_info:
+    api_version: clusterctl.cluster.x-k8s.io/v1alpha3
+    kind: Provider
+  register: _cluster_api_providers
+
+- name: Initialize Cluster API
+  ansible.builtin.import_tasks: init.yml
+  when: _cluster_api_providers.resources | length == 0
+
+- name: Upgrade Cluster API
+  ansible.builtin.import_tasks: upgrade.yml
+  when: _cluster_api_providers.resources | length != 0