Home Explore Help
Sign In
rht
/
ocp-ing-ichp-materials
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add a role to properly label worker nodes

Grega Bremec 1 month ago
parent
2e4cb15272
commit
9c3fe07a94
2 changed files with 41 additions and 4 deletions
Unified View Show Diff Stats
  1. 14 4
      playbooks/pre-flight.yml
  2. 27 0
      playbooks/roles/apply-node-labels/tasks/main.yml

+ 14 - 4
playbooks/pre-flight.yml
View File 

@@ -43,7 +43,7 @@
 
       tags:
 
       tags:
 
         - prep
 
         - prep
 
         - fix
 
         - fix
 
-    # Re-apply any operators that have had their catalog sources changed.
 
+    # Re-apply any operators that have had their catalog sources changed and install new ones.
 
     - include_role:
 
     - include_role:
 
         name: deploy-operators
 
         name: deploy-operators
 
         apply:
 
         apply:
 
@@ -56,6 +56,18 @@
 
       tags:
 
       tags:
 
         - prep
 
         - prep
 
         - deploy
 
         - deploy
 
+    # Apply some labels to nodes.
 
+    - include_role:
 
+        name: apply-node-labels
 
+        apply:
 
+          tags:
 
+            - prep
 
+            - setup
 
+            - labels
 
+      tags:
 
+        - prep
 
+        - setup
 
+        - labels
 
     # Ensure RBAC resources (ClusterRoles and global Groups) are there.
 
     # Ensure RBAC resources (ClusterRoles and global Groups) are there.
 
     - include_role:
 
     - include_role:
 
         name: setup-rbac
 
         name: setup-rbac
 
@@ -97,10 +109,8 @@
 
 # TODO: deploy grafana (?)
 
 # TODO: deploy grafana (?)
 
 # TODO: deploy logging (?)
 
 # TODO: deploy logging (?)
 
 # TODO: logging requires minio
 
 # TODO: logging requires minio
 
-# TODO: label infra projects with ichp_infra: "true"
 
-# TODO: label nodes with k8s.ovn.org/egress-assignable=
 
-# TODO: define egress IP range somewhere (?)
 
 # TODO: create a private network (nmstate + bridges?)
 
 # TODO: create a private network (nmstate + bridges?)
 
+# TODO: apply ichp_infra: true labels to projects
 
 
 
 # Some additional configuration for infra.
 
 # Some additional configuration for infra.
 
 - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift.
 
 - name: Ensure HAProxy on utility does not forward plaintext HTTP to OpenShift.

+ 27 - 0
playbooks/roles/apply-node-labels/tasks/main.yml
View File 

@@ -0,0 +1,27 @@
 
+---
 
+# Applies egress labels to worker nodes.
 
+# TODO: any other labels? zone? region?
 
+- name: Get a list of worker nodes.
 
+  kubernets.core.k8s_info:
 
+    kubeconfig: tmp/kubeconfig-ocp4
 
+    validate_certs: no
 
+    api_version: v1
 
+    kind: node
 
+    label_selectors:
 
+      - node-role.kubernetes.io/worker=''
 
+  register: workers
 
+
 
+- name: Apply a label patch to all the worker nodes.
 
+  kubernets.core.k8s:
 
+    kubeconfig: tmp/kubeconfig-ocp4
 
+    validate_certs: no
 
+    api_version: v1
 
+    kind: node
 
+    name: "{{ item }}"
 
+    state: patched
 
+    resource_definition:
 
+      metadata:
 
+        labels:
 
+          k8s.ovn.org/egress-assignable=''
 
+  loop: "{{ workers | ansible.builtin.json_query('resources[*].metadata.name') }}"
 
+...