From 4526f5457d012bc14c16b844bebc3eaeaa8ff191 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 11 Oct 2017 13:14:27 -0400 Subject: Adding support for cluster-autoscaler role --- roles/openshift_cluster_autoscaler/README.md | 58 +++++++++++++++++ .../openshift_cluster_autoscaler/defaults/main.yml | 40 ++++++++++++ .../files/clusterrole.yml | 41 ++++++++++++ roles/openshift_cluster_autoscaler/files/role.yml | 33 ++++++++++ roles/openshift_cluster_autoscaler/meta/main.yml | 3 + roles/openshift_cluster_autoscaler/tasks/aws.yml | 17 +++++ roles/openshift_cluster_autoscaler/tasks/main.yml | 72 ++++++++++++++++++++++ .../templates/aws-creds.j2 | 3 + .../templates/cluster-autoscaler.j2 | 58 +++++++++++++++++ 9 files changed, 325 insertions(+) create mode 100644 roles/openshift_cluster_autoscaler/README.md create mode 100644 roles/openshift_cluster_autoscaler/defaults/main.yml create mode 100644 roles/openshift_cluster_autoscaler/files/clusterrole.yml create mode 100644 roles/openshift_cluster_autoscaler/files/role.yml create mode 100644 roles/openshift_cluster_autoscaler/meta/main.yml create mode 100644 roles/openshift_cluster_autoscaler/tasks/aws.yml create mode 100644 roles/openshift_cluster_autoscaler/tasks/main.yml create mode 100644 roles/openshift_cluster_autoscaler/templates/aws-creds.j2 create mode 100644 roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 (limited to 'roles/openshift_cluster_autoscaler') diff --git a/roles/openshift_cluster_autoscaler/README.md b/roles/openshift_cluster_autoscaler/README.md new file mode 100644 index 000000000..d775a8a71 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/README.md @@ -0,0 +1,58 @@ +Openshift cluster autoscaler +================================ + +Install the cluster autoscaler + +Requirements +------------ + +* One or more Master servers +* A cloud provider that supports the cluster-autoscaler + +Role Variables +-------------- +Check defaults/main.yml + +Dependencies +------------ + + +Example Playbook +---------------- + +#!/usr/bin/ansible-playbook +``` +--- +- hosts: masters + gather_facts: no + remote_user: root + tasks: + - name: include role autoscaler + include_role: + name: openshift_cluster_autoscaler + vars: + openshift_clusterid: opstest + openshift_cluster_autoscaler_aws_key: + openshift_cluster_autoscaler_aws_secret_key: +``` + + +Notes +----- + +This is currently experimental software. This role allows users to install the cluster-autoscaler and the necessary authorization pieces that allow the autoscaler to function. + + +This feature requires cloud provider credentials or a serviceaccount that has access to scale up/down nodes within the scaling groups. + +https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Openshift diff --git a/roles/openshift_cluster_autoscaler/defaults/main.yml b/roles/openshift_cluster_autoscaler/defaults/main.yml new file mode 100644 index 000000000..707e3c79b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/defaults/main.yml @@ -0,0 +1,40 @@ +--- +openshift_cluster_autoscaler_name: cluster-autoscaler +openshift_cluster_autoscaler_version: 4 + +openshift_cluster_autoscaler_template_location: /tmp +openshift_cluster_autoscaler_template_name: "{{ openshift_cluster_autoscaler_name }}" + +openshift_cluster_autoscaler_node_selector: + type: infra + +openshift_cluster_autoscaler_state: present +openshift_cluster_autoscaler_namespace: openshift-infra +openshift_cluster_autoscaler_delete_config: True +openshift_cluster_autoscaler_skip_nodes_local_storage: False +openshift_cluster_autoscaler_serviceaccount: cluster-autoscaler +openshift_cluster_autoscaler_region: us-east-1 + +openshift_cluster_autoscaler_image: docker.io/openshift/kubernetes-autoscaler:v0.6.1 + +openshift_cluster_autoscaler_cloud_provider: aws + +# AWS specific variables here +openshift_cluster_autoscaler_aws_creds_name: aws-creds +openshift_cluster_autoscaler_aws_secret_name: autoscaler-credentials +openshift_cluster_autoscaler_aws_creds_path: "/var/run/secrets/{{ openshift_cluster_autoscaler_aws_creds_name }}/creds" +openshift_cluster_autoscaler_aws_env_vars: +- name: AWS_REGION + value: "{{ openshift_cluster_autoscaler_region }}" +- name: AWS_SHARED_CREDENTIALS_FILE + value: "{{ openshift_cluster_autoscaler_aws_creds_path }}" + +## End AWS vars ## + +openshift_cluster_autoscaler_env_vars: [] + + +openshift_cluster_autoscaler_node_groups: +- min: 3 + max: 10 + name: "{{ openshift_cluster_autoscaler_node_group_name | default(openshift_clusterid ~ ' openshift compute') }}" diff --git a/roles/openshift_cluster_autoscaler/files/clusterrole.yml b/roles/openshift_cluster_autoscaler/files/clusterrole.yml new file mode 100644 index 000000000..a4691888a --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/clusterrole.yml @@ -0,0 +1,41 @@ +--- +apiVersion: v1 +kind: ClusterRole +metadata: + name: system:cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - extensions + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/files/role.yml b/roles/openshift_cluster_autoscaler/files/role.yml new file mode 100644 index 000000000..c2abb5435 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/role.yml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Role +metadata: + name: cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cluster-autoscaler + - cluster-autoscaler-status + verbs: + - create + - get + - patch + - update + attributeRestrictions: null +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + attributeRestrictions: null +- apiGroups: + - "" + resources: + - events + verbs: + - create + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/meta/main.yml b/roles/openshift_cluster_autoscaler/meta/main.yml new file mode 100644 index 000000000..d2bbd2576 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- lib_openshift diff --git a/roles/openshift_cluster_autoscaler/tasks/aws.yml b/roles/openshift_cluster_autoscaler/tasks/aws.yml new file mode 100644 index 000000000..f08e97ebc --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/aws.yml @@ -0,0 +1,17 @@ +--- +- when: openshift_cluster_autoscaler_cloud_provider == 'aws' + block: + - name: laydown the aws-credentials + template: + src: aws-creds.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" + when: openshift_cluster_autoscaler_state == 'present' + + - name: create the aws creds secret + oc_secret: + state: "{{ openshift_cluster_autoscaler_state }}" + name: "{{ openshift_cluster_autoscaler_aws_secret_name }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + files: + - name: creds + path: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" diff --git a/roles/openshift_cluster_autoscaler/tasks/main.yml b/roles/openshift_cluster_autoscaler/tasks/main.yml new file mode 100644 index 000000000..173dcf044 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: create the cluster-autoscaler serviceaccount + oc_serviceaccount: + name: "{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + +- name: copy the cluster-autoscaler files + copy: + src: "{{ item }}" + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ item }}" + with_items: + - clusterrole.yml + - role.yml + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler roles are {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: "{{ item.type }}" + name: "{{ item.name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ item.fname }}" + with_items: + - fname: clusterrole.yml + type: clusterrole + name: "system:{{ openshift_cluster_autoscaler_name }}" + - fname: role.yml + type: role + name: "{{ openshift_cluster_autoscaler_name }}" + +- include: aws.yml + when: openshift_cluster_autoscaler_cloud_provider == 'aws' + +- name: create the policies + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:openshift-infra:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_kind: "{{ item.name }}" + resource_name: cluster-autoscaler + role_namespace: "{{ item.role_namespace | default(omit) }}" + with_items: + - name: cluster-role + - name: role + role_namespace: "{{ openshift_cluster_autoscaler_namespace }}" + +- name: "grant cluster-reader to {{ openshift_cluster_autoscaler_serviceaccount }}" + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:{{ openshift_cluster_autoscaler_namespace }}:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_name: cluster-reader + resource_kind: cluster-role + +- name: laydown the deployment file for cluster-autoscaler + template: + src: cluster-autoscaler.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler is {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: deployment + name: "{{ openshift_cluster_autoscaler_name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" diff --git a/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 new file mode 100644 index 000000000..28399e652 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 @@ -0,0 +1,3 @@ +[default] +aws_access_key_id = {{ openshift_cluster_autoscaler_aws_key }} +aws_secret_access_key = {{ openshift_cluster_autoscaler_aws_secret_key }} diff --git a/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 new file mode 100644 index 000000000..f76bce37b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 @@ -0,0 +1,58 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + name: {{ openshift_cluster_autoscaler_name }} + namespace: {{ openshift_cluster_autoscaler_namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + template: + metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + spec: + containers: + - args: + - --alsologtostderr + - --v={{ openshift_cluster_autoscaler_version }} + - --skip-nodes-with-local-storage={{ openshift_cluster_autoscaler_skip_nodes_local_storage }} + - --leader-elect-resource-lock=configmaps + - --namespace={{ openshift_cluster_autoscaler_namespace }} +{% if openshift_cluster_autoscaler_scale_down_delay is defined %} + - --scale-down-delay={{ openshift_cluster_autoscaler_scale_down_delay }} +{% endif %} + - --cloud-provider={{ openshift_cluster_autoscaler_cloud_provider }} +{% for group in openshift_cluster_autoscaler_node_groups %} + - --nodes={{ group.min }}:{{ group.max }}:{{ group.name }} +{% endfor %} +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + env: {{ openshift_cluster_autoscaler_aws_env_vars | union(openshift_cluster_autoscaler_env_vars) | to_json }} +{% else %} + env: {{ openshift_cluster_autoscaler_env_vars }} +{% endif %} + image: {{ openshift_cluster_autoscaler_image }} + name: autoscaler +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumeMounts: + - mountPath: {{ openshift_cluster_autoscaler_aws_creds_path | dirname }} + name: {{ openshift_cluster_autoscaler_aws_creds_name }} + readOnly: true +{% endif %} + nodeSelector: {{ openshift_cluster_autoscaler_node_selector | to_json }} + dnsPolicy: ClusterFirst + serviceAccountName: {{ openshift_cluster_autoscaler_serviceaccount }} + terminationGracePeriodSeconds: 30 +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumes: + - name: {{ openshift_cluster_autoscaler_aws_creds_name }} + secret: + defaultMode: 420 + secretName: {{ openshift_cluster_autoscaler_aws_secret_name }} +{% endif %} -- cgit v1.2.1