Home Explore Help
Sign In
rht
/
ocp-ing-ichp-materials
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8fa27d46bc
Branches Tags
ocp-ing-ichp...
/
playbooks
/
roles
/
create-ichp-project
/
tasks
/
main.yml

main.yml 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. ---
    2. 

  2. # Ensures a project exists and is configured in accordance with ICHP rules:
    3. 

  3. #
    4. 

  4. #   - has correct RBAC (user role binding)
    5. 

  5. #   - has network policies
    6. 

  6. #   - has quota and limitranges
    7. 

  7. #   - has an EgressIP allocated
    8. 

  8. #
    9. 

  9. # Requires the following structure:
    10. 

  10. #
    11. 

  11. #   role:
    12. 

  12. #     state:          present or absent
    13. 

  13. #     requester:      the user requesting the project
    14. 

  14. #     name:           the name of the project
    15. 

  15. #     displayname:    optional displayname (defaults to name)
    16. 

  16. #     rbac_level:     cluster role to assign to requester
    17. 

  17. #     egress_ip:      an available egress IP to allocate to the project
    18. 

  18. #     quota:          compute resourcequotas
    19. 

  19. #       requests:       compute reservation
    20. 

  20. #         cpu:            max cpu reserved (1500m, 1.5 CPU)
    21. 

  21. #         memory:         max memory reserved (2048Mi, 2Gi)
    22. 

  22. #       limits:         compute limits
    23. 

  23. #         cpu:            max cpu consumed (4000m, 4 CPUs)
    24. 

  24. #         memory:         max memory consumed (4096Mi, 4Gi)
    25. 

  25. #     lrange:         compute limitranges, for both container and pod
    26. 

  26. #       default:        default limits and requests
    27. 

  27. #         limit:
    28. 

  28. #           cpu:          role.lrange.min.cpu * role.lrange.ratio.cpu
    29. 

  29. #           memory:       role.lrange.min.memory * role.lrange.ratio.memory
    30. 

  30. #         request:
    31. 

  31. #           cpu:          defaults to whatever role.lrange.min.cpu is
    32. 

  32. #           memory:       defaults to whatever role.lrange.min.memory is
    33. 

  33. #       max:            maximum limits
    34. 

  34. #         cpu:            maximum cpu limit (4000m, 4 cpus)
    35. 

  35. #         memory:         maximum memory limit (4096Mi, 4Gi)
    36. 

  36. #       min:            minimum requests
    37. 

  37. #         cpu:            minimum requested cpu (50m, 5%)
    38. 

  38. #         memory:         minimum requested memory (64Mi)
    39. 

  39. #       ratio:          max limit-to-request ratio (x-to-1)
    40. 

  40. #         cpu:            cpu lrr (4)
    41. 

  41. #         memory:         memory lrr (4)
    42. 

  42. #
    43. 

  43. # IMPORTANT: XXX: ALL COMPUTE UNITS MUST BE IN milicores AND Mi!
    44. 

  44. #
    45. 

  45. # TODO: verify stuff before applying template
    46. 

  46. #
    47. 

  47. - name: Show the values at verbosity 1+
    48. 

  48.   ansible.builtin.debug:
    49. 

  49.     var: role
    50. 

  50.     verbosity: 1
    51. 

  51. 

  52. - name: Apply the project template to the cluster.
    53. 

  53.   kubernetes.core.k8s:
    54. 

  54.     kubeconfig: tmp/kubeconfig-ocp4
    55. 

  55.     validate_certs: no
    56. 

  56.     template: templates/project-template.yml
    57. 

  57.     state: "{{ role.state | default('present') }}"
    58. 

  58. ...
    59.