k8s: Allow Dublin cluster creation using RKE

This patch adds sample cluster.yml which is based on Dublin cluster
configuration file [1]. Main difference is in avoiding repetition by
using anchors and alias nodes.

Actual cluster creation provisioner is disabled by default because
'control' and 'worker' nodes might not be ready yet.

[1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml

Issue-ID: SECCOM-235
Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
index f0dfbb5..8870580 100644 (file)
--- a/test/security/k8s/vagrant/dublin/Vagrantfile
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -5,7 +5,9 @@ host_ip = "192.168.121.1"
 operator_key = "${HOME}/.ssh/onap-key"
 vagrant_user = "vagrant"
 vagrant_password = "vagrant"
-synced_folder = "/vagrant"
+synced_folder_main = "/vagrant"
+synced_folder_config = "#{synced_folder_main}/config"
+cluster_yml = "cluster.yml"
 
 vm_memory = 2 * 1024
 vm_cpus = 1
@@ -65,6 +67,17 @@ $link_dotfiles = <<-SCRIPT
   done
 SCRIPT
 
+$link_cluster_yml = <<-SCRIPT
+  SYNC_DIR="$1"
+  CLUSTER_YML="$2"
+  src="${SYNC_DIR}/${CLUSTER_YML}"
+  dst="$HOME"
+  echo "Symlinking ${src} to ${dst}"
+  ln -sf "$src" "$dst"
+SCRIPT
+
+$rke_up = "rke up"
+
 Vagrant.configure('2') do |config|
   all.each do |machine|
     config.vm.define machine[:name] do |config|
@@ -96,20 +109,19 @@ Vagrant.configure('2') do |config|
       end
 
       if machine[:name] == 'operator'
-        config.vm.synced_folder "../../tools/config", synced_folder, type: "rsync"
+        config.vm.synced_folder ".", synced_folder_main, type: "rsync", rsync__exclude: "Vagrantfile"
+        config.vm.synced_folder "../../tools/config", synced_folder_config, type: "rsync"
 
         config.vm.provision "link_dotfiles_root", type: :shell, run: "always" do |s|
           s.inline = $link_dotfiles
-          s.args = synced_folder
+          s.args = synced_folder_config
         end
         config.vm.provision "link_dotfiles_user", type: :shell, run: "always" do |s|
           s.privileged = false
           s.inline = $link_dotfiles
-          s.args = synced_folder
+          s.args = synced_folder_config
         end
 
-        config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh"
-
         config.vm.provision "install_sshpass", type: :shell, inline: $install_sshpass
         config.vm.provision "generate_key", type: :shell, privileged: false, inline: $generate_key, args: operator_key
 
@@ -121,6 +133,14 @@ Vagrant.configure('2') do |config|
           s.args = [operator_key, vagrant_user, ips]
           s.env = {'PASSWORD': vagrant_password}
         end
+
+        config.vm.provision "get_rke", type: :shell, path: "../../tools/dublin/get_rke.sh"
+        config.vm.provision "link_cluster_yml", type: :shell, run: "always" do |s|
+          s.privileged = false
+          s.inline = $link_cluster_yml
+          s.args = [synced_folder_main, cluster_yml]
+        end
+        config.vm.provision "rke_up", type: :shell, run: "never", privileged: false, inline: $rke_up
       end
     end
   end

diff --git a/test/security/k8s/vagrant/dublin/cluster.yml b/test/security/k8s/vagrant/dublin/cluster.yml
new file mode 100644 (file)
index 0000000..f062222
--- /dev/null
+++ b/test/security/k8s/vagrant/dublin/cluster.yml
@@ -0,0 +1,49 @@
+# An example of a Kubernetes cluster for ONAP
+ssh_key_path: &ssh_key_path "~/.ssh/onap-key"
+nodes:
+- address: 172.17.0.100
+  port: "22"
+  role:
+  - controlplane
+  - etcd
+  hostname_override: "onap-control-1"
+  user: vagrant
+  ssh_key_path: *ssh_key_path
+- address: 172.17.0.101
+  port: "22"
+  role:
+  - worker
+  hostname_override: "onap-k8s-1"
+  user: vagrant
+  ssh_key_path: *ssh_key_path
+services:
+  kube-api:
+    service_cluster_ip_range: 10.43.0.0/16
+    pod_security_policy: false
+    always_pull_images: false
+  kube-controller:
+    cluster_cidr: 10.42.0.0/16
+    service_cluster_ip_range: 10.43.0.0/16
+  kubelet:
+    cluster_domain: cluster.local
+    cluster_dns_server: 10.43.0.10
+    fail_swap_on: false
+network:
+  plugin: canal
+authentication:
+  strategy: x509
+ssh_key_path: *ssh_key_path
+ssh_agent_auth: false
+authorization:
+  mode: rbac
+ignore_docker_version: false
+kubernetes_version: "v1.13.5-rancher1-2"
+private_registries:
+- url: nexus3.onap.org:10001
+  user: docker
+  password: docker
+  is_default: true
+cluster_name: "onap"
+restore:
+  restore: false
+  snapshot_name: ""