Support for DEIS Workflow, a PaaS built on k8s

Not sure if this really belongs here, but I find it a good test of kubernetes being configured and working correctly.
2016-05-30 11:11:03 -05:00 · 2016-05-30 11:11:03 -05:00 · 7d04c72ec2
parent cb92b30c25
commit 7d04c72ec2
13 changed files with 191 additions and 5 deletions
--- a/4
+++ b/4
@ -97,7 +97,9 @@ Vagrant.configure("2") do |config|
          ansible.host_key_checking = false
          ansible.raw_arguments = ["--forks=#{$num_instances}"]
          ansible.host_vars = host_vars
-          #ansible.tags = ['download']
+          if ENV['ansible_tags']
            ansible.tags = ENV['ansible_tags'].split(',')
          end
          ansible.groups = {
            # The first three nodes should be etcd servers
            "etcd" => ["k8s-0[1:3]"],
--- a/cluster.yml
+++ b/cluster.yml
@ -14,3 +14,15 @@
 - hosts: k8s-cluster
  roles:
    - { role: dnsmasq, tags: dnsmasq }
 - hosts: kube-master
  roles:
    - role: helm
      tags: helm
      when: helm_enabled|default('False')|bool
 - hosts: kube-master
  roles:
    - role: deis
      tags: deis
      when: deis_enabled|default('False')|bool
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -134,3 +134,6 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
 ## An obvious use case is allowing insecure-registry access
 ## to self hosted registries like so:
 docker_options: "--insecure-registry={{ kube_service_addresses }}"
 ## Enable [DEIS Workflow](https://docs-v2.readthedocs.io/en/latest/)
 deis_enabled: True
--- a/roles/deis/defaults/main.yml
+++ b/roles/deis/defaults/main.yml
@ -0,0 +1,30 @@
 ---
 deis_chart_repo: "https://github.com/deis/charts"
 deis_remote_chart_name: "deis/workflow-rc1"
 deis_local_chart_name: "workflow-rc1"
 deis_helm_command: "helmc --home /etc/deis/helm"
 # lookup service that returns IP when accessed like
 # `$ host deis.10.3.3.11.nip.io`
 deis_wildcard_provider: nip.io
 # the interval and number of times to retry the deis
 # api when installing. If you have a slow connection
 # you may need to increase these values.
 deis_check_api_retries: 20
 deis_check_api_interval: 60
 # by default we will create an admin user.  set one
 # of these values to null if you do not want this
 # behavior.
 deis_admin_username: admin
 deis_admin_password: admin
 deis_admin_email: admin@example.com
 # do not change this
 deis_admin_register:
  username: "{{ deis_admin_username }}"
  password: "{{ deis_admin_password }}"
  email: "{{ deis_admin_email }}"
--- a/roles/deis/handlers/main.yml
+++ b/roles/deis/handlers/main.yml
@ -0,0 +1,7 @@
 ---
 - name: generate deis manifest
  command: "{{ deis_helm_command }} generate -x manifests {{ deis_local_chart_name }}"
 - name: give k8s a chance to get deis pods scheduled
  pause:
    minutes: 1
--- a/roles/deis/meta/main.yml
+++ b/roles/deis/meta/main.yml
@ -0,0 +1,5 @@
 ---
 dependencies:
  - role: helm
  - role: download
    file: "{{ downloads.deis }}"
--- a/roles/deis/tasks/main.yml
+++ b/roles/deis/tasks/main.yml
@ -0,0 +1,90 @@
 ---
 - name: Copy deis binary
  command: rsync -piu "{{ local_release_dir }}/deis/deis-{{ deis_version }}" "{{ bin_dir }}/deis"
  changed_when: false
 - name: create deis config path
  file:
    path: /etc/deis
    state: directory
 - name: tell helm about deis chart repo
  command: "{{ deis_helm_command }} repo add deis {{ deis_chart_repo }}"
  args:
    creates: /etc/deis/helm/cache/deis
 - name: fetch deis charts
  command: "{{ deis_helm_command }} fetch {{ deis_remote_chart_name }}"
  args:
    creates: "/etc/deis/helm/workspace/charts/{{ deis_local_chart_name }}/Chart.yaml"
  notify:
    - generate deis manifest
 - meta: flush_handlers
 - name: check if deis namespace exists
  uri:
    url: http://localhost:8080/api/v1/namespaces/deis
    method: GET
  register: deis_namespace
  failed_when: false
  run_once: true
 - name: install deis
  command: "{{ deis_helm_command }} install {{ deis_local_chart_name }}"
  when: deis_namespace.status != 200
  run_once: true
  notify:
    - give k8s a chance to get deis pods scheduled
 - meta: flush_handlers
 - name: get deis router IP
  shell: "kubectl --namespace=deis describe service deis-router | grep IP | awk '{ print $2 }'"
  register: deis_router_ip
  retries: 10
  delay: 60
  changed_when: false
 - name: check deis API
  uri:
    url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/"
    method: GET
  register: check_deis_api
  run_once: true
  failed_when: check_deis_api.status != 401
  until: check_deis_api.status == 401
  retries: "{{ deis_check_api_retries }}"
  delay: "{{ deis_check_api_interval }}"
 - name: check if deis admin credentials work
  uri:
    url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/login/"
    body: "{{ deis_admin_register | to_json }}"
    method: POST
    body_format: json
  register: check_deis_admin_creds
  run_once: true
  failed_when: false
 - name: set deis admin credentials.
  uri:
    url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/register/"
    method: POST
    body: "{{ deis_admin_register | to_json }}"
    body_format: json
  register: set_deis_admin_user
  run_once: true
  failed_when: false
  when: check_deis_admin_creds.status == 401
 - name: check if deis admin credentials work
  uri:
    url: "http://deis.{{ deis_router_ip.stdout }}.{{ deis_wildcard_provider }}/v2/auth/login/"
    body: "{{ deis_admin_register | to_json }}"
    method: POST
    body_format: json
  register: check_deis_admin_creds_after_creation
  when: check_deis_admin_creds.status == 401
  run_once: true
  failed_when: check_deis_admin_creds_after_creation.status != 200
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -4,24 +4,22 @@ local_release_dir: /tmp
 # if this is set to true will only download files once
 download_run_once: False
 ## Core Components
 # Versions
 kube_version: "v1.2.4"
 etcd_version: v2.2.5
 calico_version: v0.19.0
 calico_cni_version: v1.2.1
 weave_version: v1.5.0
 # Download URL's
 kubelet_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubelet"
 apiserver_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-apiserver"
 kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl"
 etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
 calico_download_url: "https://storage.googleapis.com/kargo/{{calico_version}}_calico"
 calico_cni_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin"
 calico_cni_ipam_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin-ipam"
 weave_download_url: "https://storage.googleapis.com/kargo/{{weave_version}}_weave"
 # Checksums
 calico_checksum: "6db00c94619e82d878d348c4e1791f8d2f0db59075f6c8e430fefae297c54d96"
 calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f25e89e"
@ -32,7 +30,19 @@ kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578
 kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341"
 kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e"
 ## Extra Components
 # Versions
 helm_version: "0.8.0%2Bf3cafbc"
 deis_version: "7283e7c"
 # Download URL's
 helm_download_url: "https://bintray.com/deis/helm/download_file?file_path=helmc-{{ helm_version }}-linux-amd64.zip"
 deis_download_url: "https://dl.bintray.com/deis/deisci/deis-{{ deis_version }}-linux-amd64"
 # Checksums
 helm_checksum: "f91216d0ec77aba2e330827bdc0e599f50d0d75f5d437b9413f6a464299be186"
 deis_checksum: "c28ab01c4fd220153d0303401f711e02963c2320b39ffc288a378ab862cc47f7"
 downloads:
 ## Core Components
  calico:
    dest: calico/bin/calicoctl
    version: "{{calico_version}}"
@ -98,6 +108,24 @@ downloads:
    url: "{{ apiserver_download_url }}"
    owner: "kube"
    mode: "0755"
 ## Extras
  helm:
    version: "{{ helm_version }}"
    dest: "helm/helmc-{{ helm_version }}-linux-amd64.zip"
    sha256: "{{ helm_checksum }}"
    source_url: "{{ helm_download_url }}"
    url: "{{ helm_download_url }}"
    unarchive: true
    owner: "kube"
    mode: "0755"
  deis:
    version: "{{ deis_version }}"
    dest: "deis/deis-{{ deis_version }}"
    sha256: "{{ deis_checksum }}"
    source_url: "{{ deis_download_url }}"
    url: "{{ deis_download_url }}"
    owner: "kube"
    mode: "0755"
 download:
  enabled: "{{ file.enabled|default('true') }}"
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -3,6 +3,7 @@
  debug:
    msg: "{{ download.url }}"
  when: "{{ download.enabled|bool }}"
  run_once: "{{ download_run_once|bool }}"
 - name: Create dest directories
  file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@ -10,7 +10,6 @@
 # reload systemd before starting service
 - meta: flush_handlers
 - name: Ensure etcd is running
  service:
    name: etcd
--- a/roles/helm/meta/main.yml
+++ b/roles/helm/meta/main.yml
@ -0,0 +1,4 @@
 ---
 dependencies:
  - role: download
    file: "{{ downloads.helm }}"
--- a/roles/helm/tasks/main.yml
+++ b/roles/helm/tasks/main.yml
@ -0,0 +1,4 @@
 ---
 - name: Copy helm binary
  command: rsync -piu "{{ local_release_dir }}/helm/helmc" "{{ bin_dir }}/helmc"
  changed_when: false
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@ -7,6 +7,7 @@ common_required_pkgs:
  - curl
  - rsync
  - bash-completion
  - unzip