Add krew support (#7464)

* Add krew support * Add reset for krew * Update install krew(local) * ansible lint * yamllint * fix krew default vars * fix kubectl_localhost mode * replace include * fix e206
3 years ago · 96e6a6ac3f
14 changed files with 176 additions and 0 deletions
--- a/inventory/sample/group_vars/k8s_cluster/addons.yml
+++ b/inventory/sample/group_vars/k8s_cluster/addons.yml
@ -175,3 +175,7 @@ metallb_enabled: false
 #   - peer_address: 192.0.2.2
 #     peer_asn: 64513
 #     my_asn: 4200000000
 # The plugin manager for kubectl
 krew_enabled: false
 krew_root_dir: "/usr/local/krew"
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -85,6 +85,7 @@ ovn4nfv_ovn_image_version: "v1.0.0"
 ovn4nfv_k8s_plugin_image_version: "v1.1.0"
 helm_version: "v3.5.4"
 nerdctl_version: "0.8.0"
 krew_version: "v0.4.1"
 # Get kubernetes major version (i.e. 1.17.4 => 1.17)
 kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
@ -107,6 +108,7 @@ helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_a
 crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 kata_containers_download_url: "https://github.com/kata-containers/runtime/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
 nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz"
 crictl_checksums:
  arm:
@ -336,6 +338,9 @@ calico_crds_archive_checksums:
  v3.17.4: 92b9d37dcebe382a8e43d4384cfcceb5c9bc22459a2f8cdd89ab7c41b09a7532
  v3.16.10: a4627285afe5761a2681452bfcc858ec998ba2dae3060283b81b5ae3f7ea386b
 krew_archive_checksums:
  v0.4.1: a26deea175f70264260d59a4e061778a892f8a8e301ac261660dd7d24c551c99
 helm_archive_checksums:
  arm:
    v3.5.4: 1a9cc09ef06db29a0232d265f73625056a0cb089e5a16b0a5ef8e810e0533157
@ -388,6 +393,7 @@ helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
 crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
 kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
 nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
 krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}"
 # Containers
 # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@ -923,6 +929,19 @@ downloads:
    groups:
    - kube_control_plane
  krew:
    enabled: "{{ krew_enabled }}"
    file: true
    version: "{{ krew_version }}"
    dest: "{{ local_release_dir }}/krew.tar.gz"
    sha256: "{{ krew_archive_checksum }}"
    url: "{{ krew_download_url }}"
    unarchive: true
    owner: "root"
    mode: "0755"
    groups:
    - kube_control_plane
  registry:
    enabled: "{{ registry_enabled }}"
    container: true
--- a/roles/kubernetes-apps/krew/defaults/main.yml
+++ b/roles/kubernetes-apps/krew/defaults/main.yml
@ -0,0 +1,4 @@
 ---
 krew_enabled: false
 krew_root_dir: "/usr/local/krew"
 krew_default_index_uri: https://github.com/kubernetes-sigs/krew-index.git
--- a/roles/kubernetes-apps/krew/tasks/krew.yml
+++ b/roles/kubernetes-apps/krew/tasks/krew.yml
@ -0,0 +1,21 @@
 ---
 - name: Krew | Download krew
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
    download: "{{ download_defaults | combine(downloads.krew) }}"
 - name: Krew | krew env
  template:
    src: krew.j2
    dest: /etc/bash_completion.d/krew
 - name: Krew | Copy krew manifest
  template:
    src: krew.yml.j2
    dest: "{{ local_release_dir }}/krew.yml"
 - name: Krew | Install krew  # noqa 301 305
  shell: "{{ local_release_dir }}/krew-linux_{{ image_arch }} install --archive={{ local_release_dir }}/krew.tar.gz --manifest={{ local_release_dir }}/krew.yml"
  environment:
    KREW_ROOT: "{{ krew_root_dir }}"
    KREW_DEFAULT_INDEX_URI: "{{ krew_default_index_uri | default('') }}"
--- a/roles/kubernetes-apps/krew/tasks/main.yml
+++ b/roles/kubernetes-apps/krew/tasks/main.yml
@ -0,0 +1,10 @@
 ---
 - name: Krew | install krew on kube_control_plane
  import_tasks: krew.yml
 - name: Krew | install krew on localhost
  import_tasks: krew.yml
  delegate_to: localhost
  connection: local
  run_once: true
  when: kubectl_localhost
--- a/roles/kubernetes-apps/krew/templates/krew.j2
+++ b/roles/kubernetes-apps/krew/templates/krew.j2
@ -0,0 +1,6 @@
 # krew bash env(kubespray)
 export KREW_ROOT="{{ krew_root_dir }}"
 {% if krew_default_index_uri is defined %}
 export KREW_DEFAULT_INDEX_URI='{{ krew_default_index_uri }}'
 {% endif %}
 export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
--- a/roles/kubernetes-apps/krew/templates/krew.yml.j2
+++ b/roles/kubernetes-apps/krew/templates/krew.yml.j2
@ -0,0 +1,100 @@
 apiVersion: krew.googlecontainertools.github.com/v1alpha2
 kind: Plugin
 metadata:
  name: krew
 spec:
  version: "{{ krew_version }}"
  homepage: https://krew.sigs.k8s.io/
  shortDescription: Package manager for kubectl plugins.
  caveats: |
    krew is now installed! To start using kubectl plugins, you need to add
    krew's installation directory to your PATH:
      * macOS/Linux:
        - Add the following to your ~/.bashrc or ~/.zshrc:
            export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
        - Restart your shell.
      * Windows: Add %USERPROFILE%\.krew\bin to your PATH environment variable
    To list krew commands and to get help, run:
      $ kubectl krew
    For a full list of available plugins, run:
      $ kubectl krew search
    You can find documentation at
      https://krew.sigs.k8s.io/docs/user-guide/quickstart/.
  platforms:
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew
    files:
    - from: ./krew-darwin_amd64
      to: krew
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: darwin
        arch: amd64
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew
    files:
    - from: ./krew-darwin_arm64
      to: krew
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: darwin
        arch: arm64
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew
    files:
    - from: ./krew-linux_amd64
      to: krew
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: linux
        arch: amd64
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew
    files:
    - from: ./krew-linux_arm
      to: krew
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: linux
        arch: arm
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew
    files:
    - from: ./krew-linux_arm64
      to: krew
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: linux
        arch: arm64
  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
    sha256: {{ krew_archive_checksum }}
    bin: krew.exe
    files:
    - from: ./krew-windows_amd64.exe
      to: krew.exe
    - from: ./LICENSE
      to: .
    selector:
      matchLabels:
        os: windows
        arch: amd64
--- a/roles/kubernetes-apps/meta/main.yml
+++ b/roles/kubernetes-apps/meta/main.yml
@ -10,6 +10,12 @@ dependencies:
    tags:
      - helm
  - role: kubernetes-apps/krew
    when:
      - krew_enabled
    tags:
      - krew
  - role: kubernetes-apps/registry
    when:
      - registry_enabled
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@ -340,6 +340,7 @@ dashboard_enabled: false
 # Addons which can be enabled
 helm_enabled: false
 krew_enabled: false
 registry_enabled: false
 metrics_server_enabled: false
 enable_network_policy: true
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@ -300,6 +300,7 @@
    - /etc/bash_completion.d/kubectl.sh
    - /etc/bash_completion.d/crictl
    - /etc/bash_completion.d/nerdctl
    - "{{ krew_root_dir }}"
  ignore_errors: yes
  tags:
    - files
--- a/tests/files/packet_centos7-flannel-containerd-addons-ha.yml
+++ b/tests/files/packet_centos7-flannel-containerd-addons-ha.yml
@ -10,6 +10,7 @@ kube_network_plugin: flannel
 download_localhost: false
 download_run_once: true
 helm_enabled: true
 krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true
--- a/tests/files/packet_debian10-containerd.yml
+++ b/tests/files/packet_debian10-containerd.yml
@ -10,6 +10,7 @@ deploy_netchecker: true
 dns_min_replicas: 1
 helm_enabled: true
 krew_enabled: true
 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
 http_proxy: http://172.30.30.30:8888
--- a/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml
+++ b/tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml
@ -9,6 +9,7 @@ kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c
 kube_proxy_mode: iptables
 kube_network_plugin: flannel
 helm_enabled: true
 krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true
--- a/tests/files/packet_ubuntu18-flannel-containerd-ha.yml
+++ b/tests/files/packet_ubuntu18-flannel-containerd-ha.yml
@ -9,6 +9,7 @@ kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c
 kube_proxy_mode: iptables
 kube_network_plugin: flannel
 helm_enabled: true
 krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true