mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-03-26 20:00:13 +03:00
Compare commits
5 Commits
e979e770f2
...
copilot/di
| Author | SHA1 | Date | |
|---|---|---|---|
|
f2c34a64bf | ||
|
|
341da0e8cb | ||
|
|
6dad642f52 | ||
|
|
6ce0a1c18e | ||
|
|
fae47ab9e6 |
@@ -218,6 +218,21 @@ kube_network_plugin_multus: false
|
||||
# This enables to deploy cilium alongside another CNI to replace kube-proxy.
|
||||
cilium_deploy_additionally: false
|
||||
|
||||
# Identity allocation mode selects how identities are shared between cilium
|
||||
# nodes by setting how they are stored. The options are "crd" or "kvstore".
|
||||
# - "crd" stores identities in kubernetes as CRDs (custom resource definition).
|
||||
# These can be queried with:
|
||||
# `kubectl get ciliumid`
|
||||
# - "kvstore" stores identities in an etcd kvstore.
|
||||
# - In order to support External Workloads, "crd" is required
|
||||
# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta
|
||||
# - KVStore operations are only required when cilium-operator is running with any of the below options:
|
||||
# - --synchronize-k8s-services
|
||||
# - --synchronize-k8s-nodes
|
||||
# - --identity-allocation-mode=kvstore
|
||||
# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
|
||||
cilium_identity_allocation_mode: crd
|
||||
|
||||
# Determines if calico_rr group exists
|
||||
peer_with_calico_rr: "{{ 'calico_rr' in groups and groups['calico_rr'] | length > 0 }}"
|
||||
|
||||
|
||||
@@ -14,21 +14,6 @@ cilium_l2announcements: false
|
||||
# Cilium agent health port
|
||||
cilium_agent_health_port: "9879"
|
||||
|
||||
# Identity allocation mode selects how identities are shared between cilium
|
||||
# nodes by setting how they are stored. The options are "crd" or "kvstore".
|
||||
# - "crd" stores identities in kubernetes as CRDs (custom resource definition).
|
||||
# These can be queried with:
|
||||
# `kubectl get ciliumid`
|
||||
# - "kvstore" stores identities in an etcd kvstore.
|
||||
# - In order to support External Workloads, "crd" is required
|
||||
# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta
|
||||
# - KVStore operations are only required when cilium-operator is running with any of the below options:
|
||||
# - --synchronize-k8s-services
|
||||
# - --synchronize-k8s-nodes
|
||||
# - --identity-allocation-mode=kvstore
|
||||
# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
|
||||
cilium_identity_allocation_mode: crd
|
||||
|
||||
# Etcd SSL dirs
|
||||
cilium_cert_dir: /etc/cilium/certs
|
||||
kube_etcd_cacert_file: ca.pem
|
||||
|
||||
@@ -62,8 +62,8 @@ cni:
|
||||
|
||||
autoDirectNodeRoutes: {{ cilium_auto_direct_node_routes | to_json }}
|
||||
|
||||
ipv4NativeRoutingCIDR: {{ cilium_native_routing_cidr }}
|
||||
ipv6NativeRoutingCIDR: {{ cilium_native_routing_cidr_ipv6 }}
|
||||
ipv4NativeRoutingCIDR: "{{ cilium_native_routing_cidr }}"
|
||||
ipv6NativeRoutingCIDR: "{{ cilium_native_routing_cidr_ipv6 }}"
|
||||
|
||||
encryption:
|
||||
enabled: {{ cilium_encryption_enabled | to_json }}
|
||||
|
||||
57
test-infra/image-builder/README.md
Normal file
57
test-infra/image-builder/README.md
Normal file
@@ -0,0 +1,57 @@
|
||||
# KubeVirt Image Builder
|
||||
|
||||
Build and push KubeVirt VM disk images to quay.io for Kubespray CI testing.
|
||||
|
||||
## How It Works
|
||||
|
||||
The Ansible playbook downloads upstream cloud images, converts them to qcow2, resizes (+8G), wraps each in a Docker image based on `kubevirt/registry-disk-v1alpha`, and pushes to `quay.io/kubespray/vm-<os-name>:<tag>`.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Docker, `qemu-img`, Ansible
|
||||
- Push access to [quay.io/kubespray](https://quay.io/organization/kubespray) (robot account `kubespray+buildvmimages`)
|
||||
|
||||
## Image Definitions
|
||||
|
||||
All OS images are defined in [`roles/kubevirt-images/defaults/main.yml`](roles/kubevirt-images/defaults/main.yml).
|
||||
|
||||
Each entry specifies:
|
||||
|
||||
| Field | Description |
|
||||
|-------|-------------|
|
||||
| `filename` | Downloaded file name |
|
||||
| `url` | Upstream cloud image URL |
|
||||
| `checksum` | Checksum for download verification |
|
||||
| `converted` | `true` if the source is already qcow2, `false` if conversion is needed |
|
||||
| `tag` | Docker image tag (usually `latest`) |
|
||||
|
||||
## Usage
|
||||
|
||||
### Build and push all images
|
||||
|
||||
```bash
|
||||
cd test-infra/image-builder/
|
||||
make docker_password=<quay-robot-token>
|
||||
```
|
||||
|
||||
### Add a new OS image
|
||||
|
||||
1. Add a new entry to `roles/kubevirt-images/defaults/main.yml`:
|
||||
|
||||
```yaml
|
||||
new-os-name:
|
||||
filename: cloud-image-file.qcow2
|
||||
url: https://example.com/cloud-image-file.qcow2
|
||||
checksum: sha256:<hash>
|
||||
converted: true
|
||||
tag: "latest"
|
||||
```
|
||||
|
||||
2. Build and push the image:
|
||||
|
||||
```bash
|
||||
make docker_password=<quay-robot-token>
|
||||
```
|
||||
|
||||
3. Submit a PR with the `defaults/main.yml` change so CI can use the new image.
|
||||
See [#12379](https://github.com/kubernetes-sigs/kubespray/pull/12379) for an example.
|
||||
@@ -50,6 +50,8 @@ cloudinit_config: |
|
||||
partition: 'none'
|
||||
mounts:
|
||||
- ['/dev/disk/by-id/virtio-2825A83CBDC8A32D5E', '/tmp/releases']
|
||||
runcmd:
|
||||
- chmod 777 /tmp/releases
|
||||
|
||||
ignition_config:
|
||||
ignition:
|
||||
@@ -68,3 +70,9 @@ ignition_config:
|
||||
format: ext4
|
||||
path: /tmp/releases
|
||||
wipeFilesystem: true
|
||||
directories:
|
||||
- path: /tmp/releases
|
||||
# ignition require a integer, so using the octal notation is easier
|
||||
# than noting it in decimal form
|
||||
# yamllint disable-line rule:octal-values
|
||||
mode: 0777
|
||||
|
||||
Reference in New Issue
Block a user