diff --git a/apps/aio-app-of-apps.yaml b/apps/aio-app-of-apps.yaml index ce978203..ba594393 100644 --- a/apps/aio-app-of-apps.yaml +++ b/apps/aio-app-of-apps.yaml @@ -2,6 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: app-of-apps + namespace: argocd spec: syncPolicy: preserveResourcesOnDeletion: true diff --git a/apps/app-of-apps.yaml b/apps/app-of-apps.yaml index d5228a15..75afaaa8 100644 --- a/apps/app-of-apps.yaml +++ b/apps/app-of-apps.yaml @@ -2,6 +2,7 @@ apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: app-of-apps + namespace: argocd spec: syncPolicy: preserveResourcesOnDeletion: true diff --git a/apps/appsets/components.yaml b/apps/appsets/components.yaml index 4e53a733..a067a8db 100644 --- a/apps/appsets/components.yaml +++ b/apps/appsets/components.yaml @@ -163,16 +163,14 @@ spec: value: '{{.name }}-cluster-issuer' - component: argo-events skipComponent: '{{has "argo-events" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}' - source: - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}' - targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}' - path: 'components/argo-events' - ignoreDifferences: - - group: '' - kind: ServiceAccount - name: workflow - jsonPointers: - - /imagePullSecrets + sources: + - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}' + targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}' + path: 'components/argo-events' + - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}' + targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}' + ref: secrets + path: 'secrets/{{.name}}/argo-events' - component: understack-workflows componentNamespace: argo-events skipComponent: '{{has "understack-workflows" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}' diff --git a/apps/appsets/infra.yaml b/apps/appsets/infra.yaml index 038cb86e..60bc9f7a 100644 --- a/apps/appsets/infra.yaml +++ b/apps/appsets/infra.yaml @@ -81,6 +81,14 @@ spec: valueFiles: - $secrets/helm-configs/{{.name}}/provisioning-ingress-nginx.yaml ignoreMissingValueFiles: true + - component: cilium + skipComponent: '{{has "cilium" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}' + sources: + # Cilium itself is deployed before ArgoCD so we only include project + # and environment specific stuff here + - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}' + targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}' + path: 'secrets/{{.name}}/cilium' selector: # by setting the key in the elements 'skipComponent' to 'true' it will skip installing it # ArgoCD's templating operates with strings so it's the string "true" diff --git a/components/ironic/aio-values.yaml b/components/ironic/aio-values.yaml index 1b329529..52177c31 100644 --- a/components/ironic/aio-values.yaml +++ b/components/ironic/aio-values.yaml @@ -18,6 +18,11 @@ conductor: # at this time we are running our own dnsmasq container and statefulset enabled: false +labels: + conductor: + node_selector_key: ironic_role + node_selector_value: conductor + conf: ironic: DEFAULT: @@ -140,7 +145,7 @@ pod: mountPath: /etc/dnsmasq.d/ - name: dnsmasq-dhcp mountPath: /var/lib/dnsmasq/ - - name: host-var-lib-understack + - name: understack-data mountPath: /var/lib/understack volumes: - name: dnsmasq-ironic @@ -149,9 +154,9 @@ pod: - name: dnsmasq-dhcp persistentVolumeClaim: claimName: dnsmasq-dhcp - - name: host-var-lib-understack - hostPath: - path: /var/lib/understack + - name: understack-data + persistentVolumeClaim: + claimName: understack-data lifecycle: disruption_budget: api: diff --git a/components/ironic/dnsmasq-ss.yaml b/components/ironic/dnsmasq-ss.yaml index 57188f5f..5b71894f 100644 --- a/components/ironic/dnsmasq-ss.yaml +++ b/components/ironic/dnsmasq-ss.yaml @@ -33,6 +33,9 @@ spec: labels: application: ironic-dnsmasq spec: + nodeSelector: + ironic_role: conductor + affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -73,7 +76,7 @@ spec: mountPath: /etc/dnsmasq.d - name: pod-dhcp mountPath: /var/lib/misc - - name: understack-images + - name: understack-data mountPath: /var/lib/understack/master_iso_images readOnly: true volumes: @@ -85,6 +88,6 @@ spec: - name: pod-dhcp persistentVolumeClaim: claimName: dnsmasq-dhcp - - name: understack-images - hostPath: - path: /var/lib/understack/master_iso_images + - name: understack-data + persistentVolumeClaim: + claimName: understack-data diff --git a/components/ironic/kustomization.yaml b/components/ironic/kustomization.yaml index 4abe8f81..938a022e 100644 --- a/components/ironic/kustomization.yaml +++ b/components/ironic/kustomization.yaml @@ -8,3 +8,4 @@ resources: - dnsmasq-pvc.yaml - dnsmasq-cm.yaml - dnsmasq-ss.yaml + - understack-data-pvc.yaml diff --git a/components/ironic/understack-data-pvc.yaml b/components/ironic/understack-data-pvc.yaml new file mode 100644 index 00000000..9fc530f0 --- /dev/null +++ b/components/ironic/understack-data-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: understack-data + namespace: openstack +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/components/openstack/mariadb-instance.yaml b/components/openstack/mariadb-instance.yaml index 7e0736f9..e3fc2995 100644 --- a/components/openstack/mariadb-instance.yaml +++ b/components/openstack/mariadb-instance.yaml @@ -15,7 +15,7 @@ spec: volumeClaimTemplate: resources: requests: - storage: 1Gi + storage: 10Gi accessModes: - ReadWriteOnce diff --git a/docs/deploy-guide/gitops-install.md b/docs/deploy-guide/gitops-install.md index 0ac53d36..cb6a3b7d 100644 --- a/docs/deploy-guide/gitops-install.md +++ b/docs/deploy-guide/gitops-install.md @@ -48,7 +48,11 @@ To avoid defining many environment variables we'll simplify by creating an place it where we've cloned understack. A complete file would like like ```bash title="/path/to/uc-deploy/my-k3s.env" -UC_DEPLOY="$(cd "$(dirname ${BASH_SOURCE[0]})" && git rev-parse --show-toplevel)" +if [ -n "$BASH_SOURCE" ]; then # bash + UC_DEPLOY="$(cd "$(dirname "${BASH_SOURCE[0]}")" && git rev-parse --show-toplevel)" +elif [ -n "$ZSH_VERSION" ]; then # zsh + UC_DEPLOY="$(cd "$(dirname "${(%):-%x}")" && git rev-parse --show-toplevel)" +fi DEPLOY_NAME="my-k3s" UC_DEPLOY_GIT_URL=git@github.com:myorg/uc-deploy.git UC_DEPLOY_SSH_FILE="$HOME/devel/uc-deploy-key" @@ -180,6 +184,12 @@ Now configure your ArgoCD to have the credential access to your deploy repo: kubectl -n argocd apply -f "${UC_DEPLOY}/secrets/${DEPLOY_NAME}/argocd/secret-deploy-repo.yaml" ``` +Label the node(s) to allow OpenStack control plane installation: + +```bash +kubectl label node $(kubectl get nodes -o 'jsonpath={.items[*].metadata.name}') openstack-control-plane=enabled +``` + Finally run the following to have ArgoCD deploy the system: ```bash diff --git a/scripts/gitops-secrets-gen.sh b/scripts/gitops-secrets-gen.sh index f696179b..87c372f6 100755 --- a/scripts/gitops-secrets-gen.sh +++ b/scripts/gitops-secrets-gen.sh @@ -266,7 +266,7 @@ load_or_gen_os_secret() { local data_var=$1 local secret_var=$2 - if kubectl -n openstack get secret "${secret_var}" > /dev/null; then + if kubectl -n openstack get secret "${secret_var}" &>/dev/null; then data="$(kubectl -n openstack get secret "${secret_var}" -o jsonpath='{.data.password}' | base64 -d)" # good ol' bash 3 compat for macOS eval "${data_var}=\"${data}\""