From c939504da66a0c9a5f02f309e4c1e60872c0f9d7 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Fri, 22 Sep 2023 21:36:57 +0200 Subject: [PATCH] magnum: support kubeconfig configuration file If a file {{ node_custom_config }}/magnum/kubeconfig exists, it is copied to /var/lib/magnum/.kube/config in all Magnum Service Containers. At this location, the vexxhost/magnum-cluster-api will loo for the Kubeconfig configuration file to control the Cluster API Control Plane. If the vexxhost/magnum-cluster-api is installed in the Magnum container images, control of a cluster API control plane can then take place via the Magnum API. Depends-On: https://review.opendev.org/c/openstack/kolla/+/902101 Change-Id: I986c5192fe96b9c480a2d8fa87d719a50ce78186 --- ansible/roles/magnum/tasks/config.yml | 27 +++++++++++++++++++ .../roles/magnum/templates/magnum-api.json.j2 | 9 ++++++- .../magnum/templates/magnum-conductor.json.j2 | 9 ++++++- .../magnum-kubeconfig-71934a2980c7e74f.yaml | 5 ++++ 4 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/magnum-kubeconfig-71934a2980c7e74f.yaml diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml index c299631058..401adec0a9 100644 --- a/ansible/roles/magnum/tasks/config.yml +++ b/ansible/roles/magnum/tasks/config.yml @@ -31,6 +31,33 @@ when: - magnum_policy.results +- name: Check if kubeconfig file is supplied + stat: + path: "{{ node_custom_config }}/magnum/kubeconfig" + delegate_to: localhost + run_once: True + register: magnum_kubeconfig_file + +- name: Copying over kubeconfig file + template: + src: "{{ node_custom_config }}/magnum/kubeconfig" + dest: "{{ node_config_directory }}/{{ item.key }}/kubeconfig" + mode: "0660" + become: true + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + - magnum_kubeconfig_file.stat.exists + with_dict: "{{ magnum_services }}" + notify: + - Restart {{ item.key }} container + +- name: Set magnum kubeconfig file's path + set_fact: + magnum_kubeconfig_file_path: "{{ magnum_kubeconfig_file.stat.path }}" + when: + - magnum_kubeconfig_file.stat.exists + - include_tasks: copy-certs.yml when: - kolla_copy_ca_into_containers | bool diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2 index 9737ad8072..f3b172b812 100644 --- a/ansible/roles/magnum/templates/magnum-api.json.j2 +++ b/ansible/roles/magnum/templates/magnum-api.json.j2 @@ -6,7 +6,14 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" - }{% if magnum_policy_file is defined %}, + }{% if magnum_kubeconfig_file_path is defined %}, + { + "source": "{{ container_config_directory }}/kubeconfig", + "dest": "/var/lib/magnum/.kube/config", + "owner": "magnum", + "perm": "0600" + }{% endif %} + {% if magnum_policy_file is defined %}, { "source": "{{ container_config_directory }}/{{ magnum_policy_file }}", "dest": "/etc/magnum/{{ magnum_policy_file }}", diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2 index f77b1609d1..13a3f2062f 100644 --- a/ansible/roles/magnum/templates/magnum-conductor.json.j2 +++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2 @@ -6,7 +6,14 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" - }{% if magnum_policy_file is defined %}, + }{% if magnum_kubeconfig_file_path is defined %}, + { + "source": "{{ container_config_directory }}/kubeconfig", + "dest": "/var/lib/magnum/.kube/config", + "owner": "magnum", + "perm": "0600" + }{% endif %} + {% if magnum_policy_file is defined %}, { "source": "{{ container_config_directory }}/{{ magnum_policy_file }}", "dest": "/etc/magnum/{{ magnum_policy_file }}", diff --git a/releasenotes/notes/magnum-kubeconfig-71934a2980c7e74f.yaml b/releasenotes/notes/magnum-kubeconfig-71934a2980c7e74f.yaml new file mode 100644 index 0000000000..80155f498b --- /dev/null +++ b/releasenotes/notes/magnum-kubeconfig-71934a2980c7e74f.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds support for copying in ``{{ node_custom_config }}/magnum/kubeconfig`` + to Magnum containers for ``magnum-cluster-api`` driver.