kubespray/tests
unclejack e5d353d0a7 contiv network support (#1914)
* Add Contiv support

Contiv is a network plugin for Kubernetes and Docker. It supports
vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies,
multiple networks and bridging pods onto physical networks.

* Update contiv version to 1.1.4

Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config.

* Load openvswitch module to workaround on CentOS7.4

* Set contiv cni version to 0.1.0

Correct contiv CNI version to 0.1.0.

* Use kube_apiserver_endpoint for K8S_API_SERVER

Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks
to a available endpoint no matter if there's a loadbalancer or not.

* Make contiv use its own etcd

Before this commit, contiv is using a etcd proxy mode to k8s etcd,
this work fine when the etcd hosts are co-located with contiv etcd
proxy, however the k8s peering certs are only in etcd group, as a
result the etcd-proxy is not able to peering with the k8s etcd on
etcd group, plus the netplugin is always trying to find the etcd
endpoint on localhost, this will cause problem for all netplugins
not runnign on etcd group nodes.
This commit make contiv uses its own etcd, separate from k8s one.
on kube-master nodes (where net-master runs), it will run as leader
mode and on all rest nodes it will run as proxy mode.

* Use cp instead of rsync to copy cni binaries

Since rsync has been removed from hyperkube, this commit changes it
to use cp instead.

* Make contiv-etcd able to run on master nodes

* Add rbac_enabled flag for contiv pods

* Add contiv into CNI network plugin lists

* migrate contiv test to tests/files

Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>

* Add required rules for contiv netplugin

* Better handling json return of fwdMode

* Make contiv etcd port configurable

* Use default var instead of templating

* roles/download/defaults/main.yml: use contiv 1.1.7

Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
..
cloud_playbooks Fix broken CI jobs (#1854) 2017-10-25 11:45:54 +01:00
files contiv network support (#1914) 2017-11-29 14:24:16 +00:00
local_inventory Update playbooks for automatic deployment tests 2016-02-13 17:57:10 +01:00
scripts Enable netchecker for CI 2016-12-14 13:42:19 +01:00
support choose between gce and aws cloud providers 2016-03-23 17:27:06 +01:00
templates Move CI vars out of gitlab and into var files (#1808) 2017-10-18 17:28:54 +01:00
testcases Security best practice fixes (#1783) 2017-10-15 20:41:17 +01:00
README.md Move common groovy test code for jenkins into git repo and add test result matrix 2016-03-10 22:45:54 +01:00
ansible.cfg Move cluster roles and system namespace to new role 2017-10-26 14:36:05 +01:00
requirements.txt Update gce CI (#1748) 2017-10-05 16:52:28 +01:00
run-tests.sh Add complete test integration 2016-02-10 22:58:57 +01:00
shebang-unit Add complete test integration 2016-02-10 22:58:57 +01:00

README.md

Kubespray cloud deployment tests

Amazon Web Service

          | Calico        | Flannel       | Weave         |

------------- | ------------- | ------------- | ------------- | Debian Jessie | Build Status | Build Status | Build Status | Ubuntu Trusty |Build Status|Build Status|Build Status| RHEL 7.2 |Build Status|Build Status|Build Status| CentOS 7 |Build Status|Build Status|Build Status|

Test environment variables

Common

Variable Description Required Default
TEST_ID A unique execution ID for this test Yes
KUBE_NETWORK_PLUGIN The network plugin (calico or flannel) Yes
PRIVATE_KEY_FILE The path to the SSH private key file No

AWS Tests

Variable Description Required Default
AWS_ACCESS_KEY The Amazon Access Key ID Yes
AWS_SECRET_KEY The Amazon Secret Access Key Yes
AWS_AMI_ID The AMI ID to deploy Yes
AWS_KEY_PAIR_NAME The name of the EC2 key pair to use Yes
AWS_SECURITY_GROUP The EC2 Security Group to use No default
AWS_REGION The EC2 region No eu-central-1

Use private ssh key

Key
openssl pkcs12 -in gce-secure.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out gce-secure.pem
cat gce-secure.pem |base64 -w0 > GCE_PEM_FILE`