From 4bcc3721740f1f42e2c109ae39ba08f3024da1e5 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Wed, 23 Oct 2019 16:02:33 +0200 Subject: [PATCH] Load docker images only on image_registry host --- .../ansible/playbooks/image_registry.yml | 6 +-- .../auth-service/auth-service.yml.j2 | 4 ++ .../templates/rabbitmq/rabbitmq.yml.j2 | 8 ++- .../roles/image_registry/tasks/load-image.yml | 43 ++++++++++++++++ .../roles/image_registry/tasks/main.yml | 49 +++++++++---------- .../kubernetes_common/tasks/load-image.yml | 35 ------------- .../roles/kubernetes_common/tasks/main.yml | 7 --- .../defaults/configuration/applications.yml | 6 ++- .../defaults/configuration/image-registry.yml | 43 +++++++++++++++- .../configuration/kubernetes-master.yml | 38 -------------- .../configuration/kubernetes-node.yml | 5 -- 11 files changed, 121 insertions(+), 123 deletions(-) create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/load-image.yml delete mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/load-image.yml diff --git a/core/src/epicli/data/common/ansible/playbooks/image_registry.yml b/core/src/epicli/data/common/ansible/playbooks/image_registry.yml index fee200322e..8d31223c01 100644 --- a/core/src/epicli/data/common/ansible/playbooks/image_registry.yml +++ b/core/src/epicli/data/common/ansible/playbooks/image_registry.yml @@ -1,9 +1,5 @@ --- -# Ansible playbook that makes sure the base items for all nodes are installed - -- hosts: all - gather_facts: yes - tasks: [ ] +# Ansible playbook that creates local docker image registry - hosts: image_registry become: true diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/auth-service/auth-service.yml.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/auth-service/auth-service.yml.j2 index 76bce574f5..2332444dc9 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/auth-service/auth-service.yml.j2 +++ b/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/auth-service/auth-service.yml.j2 @@ -194,7 +194,11 @@ spec: name: {{ auth_service_name }}-db - name: X509_CA_BUNDLE value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" +{% if data.use_image_registry_address is defined and data.use_image_registry_address %} + image: {{ image_registry_address }}/{{ data.image_path }} +{% else %} image: {{ data.image_path }} +{% endif %} imagePullPolicy: IfNotPresent name: {{ auth_service_name }} ports: diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/rabbitmq/rabbitmq.yml.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/rabbitmq/rabbitmq.yml.j2 index 17612a636f..3c15158051 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/rabbitmq/rabbitmq.yml.j2 +++ b/core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/rabbitmq/rabbitmq.yml.j2 @@ -78,9 +78,13 @@ spec: spec: serviceAccountName: {{ rabbitmq_service_name }} terminationGracePeriodSeconds: 10 - containers: + containers: - name: {{ rabbitmq_service_name }} +{% if data.use_image_registry_address is defined and data.use_image_registry_address %} + image: {{ image_registry_address }}/{{ data.image_path }} +{% else %} image: {{ data.image_path }} +{% endif %} volumeMounts: - name: config-volume mountPath: /etc/rabbitmq @@ -124,7 +128,7 @@ spec: name: {{ rabbitmq_service_name }}-cookie {% if data.image_pull_secret_name is defined and data.image_pull_secret_name|length %} imagePullSecrets: - - name: {{ data.image_pull_secret_name }} + - name: {{ data.image_pull_secret_name }} {% endif %} volumes: - name: config-volume diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/load-image.yml b/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/load-image.yml new file mode 100644 index 0000000000..073957320e --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/load-image.yml @@ -0,0 +1,43 @@ +--- +- name: Set tag name with local image registry + set_fact: + new_image_tag: "{{ image_registry_address }}/{{ docker_image.name }}" + changed_when: false + when: + - docker_image.name != specification.registry_image.name + +- name: Check if image is already loaded + shell: >- + docker images {{ new_image_tag if (docker_image.name != specification.registry_image.name) else docker_image.name }} + --format {{ '{{' }}.ID{{ '}}' }} + register: image_check + ignore_errors: true + changed_when: false + +- name: Load image if does not exists + block: + - name: Download image file + include_role: + name: download + tasks_from: download_image + vars: + file_name: "{{ docker_image.file_name }}" + + - name: Load image {{ docker_image.name }} + become: yes + shell: "docker load --input {{ download_directory }}/{{ docker_image.file_name }}" + + - name: Tag image {{ docker_image.name }} with {{ new_image_tag }} + become: yes + shell: "docker tag {{ docker_image.name }} {{ new_image_tag }}" + when: + - docker_image.name != specification.registry_image.name + + - name: Push image to registry {{ docker_image.name }} + become: yes + shell: "docker push {{ new_image_tag }}" + when: + - docker_image.name != specification.registry_image.name + + when: + - image_check.stdout | length == 0 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/main.yml index db09739cc5..eef7a5036d 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/main.yml @@ -1,32 +1,27 @@ --- -- name: Check if image is already loaded - shell: "docker images {{ specification.repository_image.name }} --format {{ '{{' }}.ID{{ '}}' }}" - register: image_check - ignore_errors: true - changed_when: false - -- name: Load image if does not exists +- name: Load docker images and run local registry block: - - name: Download file - include_role: - name: download - tasks_from: download_image - vars: - file_name: "{{ specification.repository_image.file_name }}" + - name: Load registry image + include_tasks: "load-image.yml" + vars: + docker_image: "{{ specification.registry_image }}" + + - name: Check if registry is running + become: yes + shell: docker ps | grep registry:2 | cat + register: regitry_up_check + check_mode: no - - name: Load image {{ specification.repository_image.name }} - become: yes - shell: "docker load --input {{ download_directory }}/{{ specification.repository_image.file_name }}" - when: image_check.stdout | length == 0 + # todo run registry with SSL - generate/copy certs, mount it to registry container + - name: Run registry + become: yes + shell: "docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name epiphany-registry {{ specification.registry_image.name }}" + when: regitry_up_check.stdout | length == 0 -- name: Check if registry is running - become: yes - shell: docker ps | grep registry:2 | cat - register: regitry_up_check - check_mode: no + - name: Include load-image.yml + include_tasks: "load-image.yml" + vars: + docker_image: "{{ item }}" + loop: "{{ specification.images_to_load }}" -# todo run registry with SSL - generate/copy certs, mount it to registry container -- name: Run registry - become: yes - shell: "docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name epiphany-registry {{ specification.repository_image.name }}" - when: regitry_up_check.stdout | length == 0 + when: not custom_image_registry_address \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/load-image.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/load-image.yml deleted file mode 100644 index 450fbcbbea..0000000000 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/load-image.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Create tag name with local image registry - set_fact: - new_image_tag: "{{image_registry_address}}/{{ docker_image.name }}" - changed_when: false - -- name: Check if image is already loaded - shell: "docker images {{ new_image_tag }} --format {{ '{{' }}.ID{{ '}}' }}" - register: image_check - ignore_errors: true - changed_when: false - -- name: Load image if does not exists - block: - - name: Download file - include_role: - name: download - tasks_from: download_image - vars: - file_name: "{{ docker_image.file_name }}" - - - name: Load image {{ docker_image.name }} - become: yes - shell: "docker load --input {{ download_directory }}/{{ docker_image.file_name }}" - - - name: Tag image {{ docker_image.name }} with {{ new_image_tag }} - become: yes - shell: "docker tag {{ docker_image.name }} {{ new_image_tag }}" - - - name: Push image to registry {{ docker_image.name }} - become: yes - shell: "docker push {{ new_image_tag }}" - - when: - - image_check.stdout | length == 0 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/main.yml index fa57d01c90..ca3fc6c7e7 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/main.yml @@ -2,13 +2,6 @@ - include_tasks: install-packages.yml -- name: Include load-image.yml - include_tasks: "load-image.yml" - vars: - docker_image: "{{ item }}" - loop: "{{ specification.images_to_load }}" - when: not custom_image_registry_address - - name: Enable ip forwarding sysctl: name: net.ipv4.ip_forward diff --git a/core/src/epicli/data/common/defaults/configuration/applications.yml b/core/src/epicli/data/common/defaults/configuration/applications.yml index df50688323..22756fefba 100644 --- a/core/src/epicli/data/common/defaults/configuration/applications.yml +++ b/core/src/epicli/data/common/defaults/configuration/applications.yml @@ -10,6 +10,7 @@ specification: # - name: rabbitmq 2 # image_path: rabbitmq:3.7.10 +# use_image_registry_address: true # #image_pull_secret_name: regcred # optional # service: # name: rabbitmq-cluster @@ -18,7 +19,7 @@ specification: # replicas: 2 # namespace: queue # rabbitmq: -# #amqp_port: 5672 #optional - default 5672 +# #amqp_port: 5672 #optional - default 5672 # plugins: # optional list of RabbitMQ plugins # - rabbitmq_management # - rabbitmq_management_agent @@ -37,6 +38,7 @@ specification: # - name: auth-service # this service require postgresql to be installed in cluster # image_path: jboss/keycloak:4.8.3.Final +# use_image_registry_address: true # #image_pull_secret_name: regcred # service: # name: as-testauthdb @@ -46,7 +48,7 @@ specification: # admin_user: auth-service-username # admin_password: auth-service-password # database: -# name: "auth-database-name" +# name: "auth-database-name" # #port: "5432" # leave it when default # user: "auth-db-user" # password: "auth-db-password" diff --git a/core/src/epicli/data/common/defaults/configuration/image-registry.yml b/core/src/epicli/data/common/defaults/configuration/image-registry.yml index b77d301f3c..11bfbb5812 100644 --- a/core/src/epicli/data/common/defaults/configuration/image-registry.yml +++ b/core/src/epicli/data/common/defaults/configuration/image-registry.yml @@ -4,6 +4,45 @@ title: "Epiphany image registry" name: default specification: description: "Local registry with Docker images" - repository_image: + registry_image: name: "registry:2" - file_name: registry-2.tar \ No newline at end of file + file_name: registry-2.tar + images_to_load: + # K8s + - name: "k8s.gcr.io/kube-apiserver:v1.14.6" + file_name: kube-apiserver-v1.14.6.tar + - name: "k8s.gcr.io/kube-controller-manager:v1.14.6" + file_name: kube-controller-manager-v1.14.6.tar + - name: "k8s.gcr.io/kube-scheduler:v1.14.6" + file_name: kube-scheduler-v1.14.6.tar + - name: "k8s.gcr.io/kube-proxy:v1.14.6" + file_name: kube-proxy-v1.14.6.tar + - name: "k8s.gcr.io/pause:3.1" + file_name: pause-3.1.tar + - name: "k8s.gcr.io/etcd:3.3.10" + file_name: etcd-3.3.10.tar + - name: "k8s.gcr.io/coredns:1.3.1" + file_name: coredns-1.3.1.tar + - name: "coredns/coredns:1.5.0" + file_name: coredns-1.5.0.tar + - name: "quay.io/coreos/flannel:v0.11.0-amd64" + file_name: flannel-v0.11.0-amd64.tar + - name: "quay.io/coreos/flannel:v0.11.0" + file_name: flannel-v0.11.0.tar + - name: "calico/node:v3.8.1" + file_name: node-v3.8.1.tar + - name: "calico/pod2daemon-flexvol:v3.8.1" + file_name: pod2daemon-flexvol-v3.8.1.tar + - name: "kubernetesui/dashboard:v2.0.0-beta1" + file_name: dashboard-v2.0.0-beta1.tar + - name: "kubernetesui/metrics-scraper:v1.0.0" + file_name: metrics-scraper-v1.0.0.tar + - name: "calico/cni:v3.8.1" + file_name: cni-v3.8.1.tar + - name: "calico/kube-controllers:v3.8.1" + file_name: kube-controllers-v3.8.1.tar + # applications + - name: "jboss/keycloak:4.8.3.Final" + file_name: keycloak-4.8.3.Final.tar + - name: "rabbitmq:3.7.10" + file_name: rabbitmq-3.7.10.tar \ No newline at end of file diff --git a/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml b/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml index a176003827..c5876d54fb 100644 --- a/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml +++ b/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml @@ -4,44 +4,6 @@ title: "Kubernetes Master Config" name: default specification: version: 1.14.6 - images_to_load: - - name: "k8s.gcr.io/kube-apiserver:v1.14.6" - file_name: kube-apiserver-v1.14.6.tar - - name: "k8s.gcr.io/kube-controller-manager:v1.14.6" - file_name: kube-controller-manager-v1.14.6.tar - - name: "k8s.gcr.io/kube-scheduler:v1.14.6" - file_name: kube-scheduler-v1.14.6.tar - - name: "k8s.gcr.io/kube-proxy:v1.14.6" - file_name: kube-proxy-v1.14.6.tar - - name: "k8s.gcr.io/pause:3.1" - file_name: pause-3.1.tar - - name: "k8s.gcr.io/etcd:3.3.10" - file_name: etcd-3.3.10.tar - - name: "k8s.gcr.io/coredns:1.3.1" - file_name: coredns-1.3.1.tar - - name: "coredns/coredns:1.5.0" - file_name: coredns-1.5.0.tar - - name: "quay.io/coreos/flannel:v0.11.0-amd64" - file_name: flannel-v0.11.0-amd64.tar - - name: "quay.io/coreos/flannel:v0.11.0" - file_name: flannel-v0.11.0.tar - - name: "calico/node:v3.8.1" - file_name: node-v3.8.1.tar - - name: "calico/pod2daemon-flexvol:v3.8.1" - file_name: pod2daemon-flexvol-v3.8.1.tar - - name: "kubernetesui/dashboard:v2.0.0-beta1" - file_name: dashboard-v2.0.0-beta1.tar - - name: "kubernetesui/metrics-scraper:v1.0.0" - file_name: metrics-scraper-v1.0.0.tar - - name: "calico/cni:v3.8.1" - file_name: cni-v3.8.1.tar - - name: "calico/kube-controllers:v3.8.1" - file_name: kube-controllers-v3.8.1.tar - - name: "jboss/keycloak:4.8.3.Final" - file_name: keycloak-4.8.3.Final.tar - - name: "rabbitmq:3.7.10" - file_name: rabbitmq-3.7.10.tar - allow_pods_on_master: False storage: name: epiphany-cluster-volume # name of the Kubernetes resource diff --git a/core/src/epicli/data/common/defaults/configuration/kubernetes-node.yml b/core/src/epicli/data/common/defaults/configuration/kubernetes-node.yml index ca36cf8cf5..698ba5724e 100644 --- a/core/src/epicli/data/common/defaults/configuration/kubernetes-node.yml +++ b/core/src/epicli/data/common/defaults/configuration/kubernetes-node.yml @@ -4,9 +4,4 @@ title: "Kubernetes Node Config" name: default specification: version: 1.14.6 - images_to_load: - - name: "jboss/keycloak:4.8.3.Final" - file_name: keycloak-4.8.3.Final.tar - - name: "rabbitmq:3.7.10" - file_name: rabbitmq-3.7.10.tar node_labels: "node-type=epiphany"