63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
---
|
|
- name: Build inventory
|
|
template:
|
|
src: "roles/kubernetes/templates/inventory.j2"
|
|
dest: "/tmp/kubespray/ci_inventory"
|
|
delegate_to: "primary"
|
|
|
|
- shell:
|
|
cmd: |
|
|
set -e
|
|
set -x
|
|
|
|
ansible-playbook -i ci_inventory --skip-tags bastion-ssh-config -e skip_downloads=true -e docker_dns_servers_strict=no -e deploy_netchecker=true cluster.yml
|
|
kubectl create namespace openstack
|
|
|
|
cat <<EOF | kubectl create -f -
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: openstack-test-volume
|
|
spec:
|
|
capacity:
|
|
storage: 5Gi
|
|
accessModes:
|
|
- ReadWriteMany
|
|
persistentVolumeReclaimPolicy: Recycle
|
|
storageClassName: slow
|
|
hostPath:
|
|
path: /tmp
|
|
EOF
|
|
|
|
cat <<EOF | kubectl create -f -
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
namespace: openstack
|
|
name: pod-reader
|
|
rules:
|
|
- apiGroups: [""] # "" indicates the core API group
|
|
resources: ["secrets"]
|
|
verbs: ["get", "watch", "update", "delete", "list"]
|
|
EOF
|
|
|
|
cat <<EOF | kubectl create -f -
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: read-pods
|
|
namespace: openstack
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: default
|
|
roleRef:
|
|
kind: Role
|
|
name: pod-reader
|
|
apiGroup: rbac.authorization.k8s.io
|
|
EOF
|
|
executable: /bin/bash
|
|
chdir: "/tmp/kubespray"
|
|
delegate_to: "primary"
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
register: kubespray_output
|