richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7231 Commits
30 Branches
81 Tags
149 MiB
Tree: 2aafab6c19
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2aafab6c19'
${ noResults }
kubespray/docs/ci-setup.md

206 lines
6.1 KiB
Raw Normal View History

Add docs about CI setup (#6397)
4 years ago
document the CI environment (#9714)
1 year ago
Add docs about CI setup (#6397)
4 years ago
document the CI environment (#9714)
1 year ago
Add docs about CI setup (#6397)
4 years ago
Various documentation updates (#8243) * Docs: update CONTRIBUTING.md * Docs: clean up outdated roadmap and point to github issues instead * Docs: update note on kubelet_cgroup_driver * Docs: update kata containers docs with note about cgroup driver * Docs: note about CI specific overrides
3 years ago
document the CI environment (#9714)
1 year ago
correct typo hhttps -> https (#9763)
1 year ago
document the CI environment (#9714)
1 year ago
Enabled module_name in provider meta for Equinix (#10044)
1 year ago
document the CI environment (#9714)
1 year ago
  1. # CI Setup
  3. ## Pipeline
  5. 1. build: build a docker image to be used in the pipeline
  6. 2. unit-tests: fast jobs for fast feedback (linting, etc...)
  7. 3. deploy-part1: small number of jobs to test if the PR works with default settings
  8. 4. deploy-part2: slow jobs testing different platforms, OS, settings, CNI, etc...
  9. 5. deploy-part3: very slow jobs (upgrades, etc...)
  11. ## Runners
  13. Kubespray has 3 types of GitLab runners:
  15. - packet runners: used for E2E jobs (usually long), running on Equinix Metal (ex-packet), on kubevirt managed VMs
  16. - light runners: used for short lived jobs, running on Equinix Metal (ex-packet), as managed pods
  17. - auto scaling runners (managed via docker-machine on Equinix Metal): used for on-demand resources, see [GitLab docs](https://docs.gitlab.com/runner/configuration/autoscale.html) for more info
  19. ## Vagrant
  21. Vagrant jobs are using the [quay.io/kubespray/vagrant](/test-infra/vagrant-docker/Dockerfile) docker image with `/var/run/libvirt/libvirt-sock` exposed from the host, allowing the container to boot VMs on the host.
  23. ## CI Variables
  25. In CI we have a set of overrides we use to ensure greater success of our CI jobs and avoid throttling by various APIs we depend on. See:
  27. - [Docker mirrors](/tests/common/_docker_hub_registry_mirror.yml)
  28. - [Test settings](/tests/common/_kubespray_test_settings.yml)
  30. ## CI Environment
  32. The CI packet and light runners are deployed on a kubernetes cluster on Equinix Metal. The cluster is deployed with kubespray itself and maintained by the kubespray maintainers.
  34. The following files are used for that inventory:
  36. ### cluster.tfvars
  38. ```ini
  39. # your Kubernetes cluster name here
  40. cluster_name = "ci"
  42. # Your Equinix Metal project ID. See https://metal.equinix.com/developers/docs/accounts/
  43. equinix_metal_project_id = "_redacted_"
  45. # The public SSH key to be uploaded into authorized_keys in bare metal Equinix Metal nodes provisioned
  46. # leave this value blank if the public key is already setup in the Equinix Metal project
  47. # Terraform will complain if the public key is setup in Equinix Metal
  48. public_key_path = "~/.ssh/id_rsa.pub"
  50. # cluster location
  51. metro = "da"
  53. # standalone etcds
  54. number_of_etcd = 0
  56. plan_etcd = "t1.small.x86"
  58. # masters
  59. number_of_k8s_masters = 1
  61. number_of_k8s_masters_no_etcd = 0
  63. plan_k8s_masters = "c3.small.x86"
  65. plan_k8s_masters_no_etcd = "t1.small.x86"
  67. # nodes
  68. number_of_k8s_nodes = 1
  70. plan_k8s_nodes = "c3.medium.x86"
  71. ```
  73. ### group_vars/all/mirrors.yml
  75. ```yaml
  76. ---
  77. docker_registry_mirrors:
  78. - "https://mirror.gcr.io"
  80. containerd_grpc_max_recv_message_size: 16777216
  81. containerd_grpc_max_send_message_size: 16777216
  83. containerd_registries:
  84. "docker.io":
  85. - "https://mirror.gcr.io"
  86. - "https://registry-1.docker.io"
  88. containerd_max_container_log_line_size: -1
  90. crio_registries_mirrors:
  91. - prefix: docker.io
  92. insecure: false
  93. blocked: false
  94. location: registry-1.docker.io
  95. mirrors:
  96. - location: mirror.gcr.io
  97. insecure: false
  99. netcheck_agent_image_repo: "{{ quay_image_repo }}/kubespray/k8s-netchecker-agent"
  100. netcheck_server_image_repo: "{{ quay_image_repo }}/kubespray/k8s-netchecker-server"
  102. nginx_image_repo: "{{ quay_image_repo }}/kubespray/nginx"
  103. ```
  105. ### group_vars/all/settings.yml
  107. ```yaml
  108. ---
  109. # Networking setting
  110. kube_service_addresses: 172.30.0.0/18
  111. kube_pods_subnet: 172.30.64.0/18
  112. kube_network_plugin: calico
  113. # avoid overlap with CI jobs deploying nodelocaldns
  114. nodelocaldns_ip: 169.254.255.100
  116. # ipip: False
  117. calico_ipip_mode: "Never"
  118. calico_vxlan_mode: "Never"
  119. calico_network_backend: "bird"
  120. calico_wireguard_enabled: True
  122. # Cluster settings
  123. upgrade_cluster_setup: True
  124. force_certificate_regeneration: True
  126. # Etcd settings
  127. etcd_deployment_type: "host"
  129. # Kubernetes settings
  130. kube_controller_terminated_pod_gc_threshold: 100
  131. kubelet_enforce_node_allocatable: pods
  132. kubelet_preferred_address_types: 'InternalIP,ExternalIP,Hostname'
  133. kubelet_custom_flags:
  134. - "--serialize-image-pulls=true"
  135. - "--eviction-hard=memory.available<1Gi"
  136. - "--eviction-soft-grace-period=memory.available=30s"
  137. - "--eviction-soft=memory.available<2Gi"
  138. - "--system-reserved cpu=100m,memory=4Gi"
  139. - "--eviction-minimum-reclaim=memory.available=2Gi"
  141. # DNS settings
  142. resolvconf_mode: none
  143. dns_min_replicas: 1
  144. upstream_dns_servers:
  145. - 1.1.1.1
  146. - 1.0.0.1
  148. # Extensions
  149. ingress_nginx_enabled: True
  150. helm_enabled: True
  151. cert_manager_enabled: True
  152. metrics_server_enabled: True
  154. # Enable ZSWAP
  155. kubelet_fail_swap_on: False
  156. kube_feature_gates:
  157. - "NodeSwap=True"
  158. ```
  160. ## Aditional files
  162. This section documents additional files used to complete a deployment of the kubespray CI, these files sit on the control-plane node and assume a working kubernetes cluster.
  164. ### /root/nscleanup.sh
  166. ```bash
  167. #!/bin/bash
  169. kubectl=/usr/local/bin/kubectl
  171. $kubectl get ns | grep -P "(\d.+-\d.+)" | awk 'match($3,/[0-9]+d/) {print $1}' | xargs -r $kubectl delete ns
  172. $kubectl get ns | grep -P "(\d.+-\d.+)" | awk 'match($3,/[3-9]+h/) {print $1}' | xargs -r $kubectl delete ns
  173. $kubectl get ns | grep Terminating | awk '{print $1}' | xargs -i $kubectl delete vmi/instance-1 vmi/instance-0 vmi/instance-2 -n {} --force --grace-period=0 &
  174. ```
  176. ### /root/path-calico.sh
  178. ```bash
  179. #!/bin/bash
  181. calicoctl patch felixconfig default -p '{"spec":{"allowIPIPPacketsFromWorkloads":true, "allowVXLANPacketsFromWorkloads": true}}'
  182. ```
  184. ### /root/kubevirt/kubevirt.sh
  186. ```bash
  187. #!/bin/bash
  189. export VERSION=$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases | grep tag_name | grep -v -- '-rc' | sort -r | head -1 | awk -F': ' '{print $2}' | sed 's/,//' | xargs)
  190. echo $VERSION
  191. kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/kubevirt-operator.yaml
  192. kubectl apply -f https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/kubevirt-cr.yaml
  193. ```
  195. ### /root/kubevirt/virtctl.sh
  197. ```bash
  198. #!/bin/bash
  200. VERSION=$(kubectl get kubevirt.kubevirt.io/kubevirt -n kubevirt -o=jsonpath="{.status.observedKubeVirtVersion}")
  201. ARCH=$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/') || windows-amd64.exe
  202. echo ${ARCH}
  203. curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/${VERSION}/virtctl-${VERSION}-${ARCH}
  204. chmod +x virtctl
  205. sudo install virtctl /usr/local/bin
  206. ```