diff options
Diffstat (limited to 'tools/docker-compose-minikube')
5 files changed, 180 insertions, 0 deletions
diff --git a/tools/docker-compose-minikube/deploy.yml b/tools/docker-compose-minikube/deploy.yml new file mode 100644 index 0000000000..6425a2c52a --- /dev/null +++ b/tools/docker-compose-minikube/deploy.yml @@ -0,0 +1,6 @@ +--- +- name: Deploy Minikube and connect with AWX + hosts: localhost + gather_facts: true + roles: + - {role: minikube} diff --git a/tools/docker-compose-minikube/minikube/defaults/main.yml b/tools/docker-compose-minikube/minikube/defaults/main.yml new file mode 100644 index 0000000000..42ee8bdbe7 --- /dev/null +++ b/tools/docker-compose-minikube/minikube/defaults/main.yml @@ -0,0 +1,13 @@ +--- +sources_dest: '_sources' +driver: 'docker' + +minikube_url_linux: 'https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64' +minikube_url_macos: 'https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64' + +kubectl_url_linux: 'https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl' +kubectl_url_macos: 'https://dl.k8s.io/release/v1.21.0/bin/darwin/amd64/kubectl' + +# Service Account Name +minikube_service_account_name: 'awx-devel' +minikube_service_account_namespace: 'default' diff --git a/tools/docker-compose-minikube/minikube/tasks/main.yml b/tools/docker-compose-minikube/minikube/tasks/main.yml new file mode 100644 index 0000000000..aa2c4c8c8d --- /dev/null +++ b/tools/docker-compose-minikube/minikube/tasks/main.yml @@ -0,0 +1,81 @@ +--- +- name: Create _sources directory + file: + path: "{{ sources_dest }}" + state: 'directory' + mode: '0700' + +# Linux block +- block: + - name: Download Minikube + get_url: + url: "{{ minikube_url_linux }}" + dest: "{{ sources_dest }}/minikube" + mode: 0755 + + - name: Download Kubectl + get_url: + url: "{{ kubectl_url_linux }}" + dest: "{{ sources_dest }}/kubectl" + mode: 0755 + when: + - ansible_architecture == "x86_64" + - ansible_system == "Linux" + +# MacOS block +- block: + - name: Download Minikube + get_url: + url: "{{ minikube_url_macos }}" + dest: "{{ sources_dest }}/minikube" + mode: 0755 + + - name: Download Kubectl + get_url: + url: "{{ kubectl_url_macos }}" + dest: "{{ sources_dest }}/kubectl" + mode: 0755 + when: + - ansible_architecture == "x86_64" + - ansible_system == "Darwin" + +- name: Starting Minikube + shell: "{{ sources_dest }}/minikube start --driver={{ driver }} --install-addons=true --addons=ingress" + +- name: Create ServiceAccount and clusterRoleBinding + k8s: + apply: true + definition: "{{ lookup('template', 'rbac.yml.j2') }}" + +- name: Retrieve serviceAccount secret name + k8s_info: + kind: ServiceAccount + namespace: '{{ minikube_service_account_namespace }}' + name: '{{ minikube_service_account_name }}' + register: service_account + +- name: Register serviceAccount secret name + set_fact: + _service_account_secret_name: '{{ service_account["resources"][0]["secrets"][0]["name"] }}' + when: + - service_account["resources"][0]["secrets"] | length + - '"name" in service_account["resources"][0]["secrets"][0]' + +- name: Retrieve bearer_token from serviceAccount secret + k8s_info: + kind: Secret + namespace: '{{ minikube_service_account_namespace }}' + name: '{{ _service_account_secret_name }}' + register: _service_account_secret + +- name: Load Minikube Bearer Token + set_fact: + service_account_token: '{{ _service_account_secret["resources"][0]["data"]["token"] | b64decode }}' + when: + - _service_account_secret["resources"][0]["data"] | length + +- name: Render minikube credential JSON template + template: + src: bootstrap_minikube.py.j2 + dest: "{{ sources_dest }}/bootstrap_minikube.py" + mode: '0600' diff --git a/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2 b/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2 new file mode 100644 index 0000000000..861ba5e23a --- /dev/null +++ b/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2 @@ -0,0 +1,42 @@ +# Create Openshift/Kubernetes credential for Minikube +# This script gets called by the bootstrap_development process +# awx-manage shell_plus --quiet < bootstrap_minikube.py + +from awx.main.utils.encryption import encrypt_field + +NAME = 'Minikube' + +POD_SPEC = """apiVersion: v1 +kind: Pod +metadata: + namespace: {{ minikube_service_account_namespace }} +spec: + containers: + - image: 'quay.io/ansible/awx-ee:devel' + name: worker + args: + - ansible-runner + - worker + - '--private-data-dir=/runner'""" + +# Creates Minikube credential +if not Credential.objects.filter(name=NAME).count(): + cred = Credential() + cred.name = NAME + cred.credential_type = CredentialType.objects.get(name='OpenShift or Kubernetes API Bearer Token') + cred.description = 'Minikube Devel' + cred.inputs['host'] = 'https://minikube:8443' + cred.inputs['verify_ssl'] = False + cred.inputs['bearer_token'] = '{{ service_account_token }}' + encrypt_field(cred, 'bearer_token', secret_key=settings.SECRET_KEY) + cred.save() + +# Create Container Group for Minikube +if not InstanceGroup.objects.filter(name=NAME).count(): + ccgrp = InstanceGroup() + ccgrp.name = NAME + ccgrp.credential = cred + ccgrp.pod_spec_override = POD_SPEC + ccgrp.is_container_group = True + ccgrp.save() + diff --git a/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2 b/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2 new file mode 100644 index 0000000000..642e2d94ca --- /dev/null +++ b/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2 @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ minikube_service_account_name }} + namespace: {{ minikube_service_account_namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ minikube_service_account_name }} + namespace: {{ minikube_service_account_namespace }} +rules: +- apiGroups: [""] # "" indicates the core API group + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods/attach"] + verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ minikube_service_account_name }} + namespace: {{ minikube_service_account_namespace }} +subjects: +- kind: ServiceAccount + name: {{ minikube_service_account_name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ minikube_service_account_name }} |