feat: Optionally Install KubeVirt

!35

CONTRIBUTING.md

@@ -0,0 +1,24 @@
+# Contribution Guide
+
+
+
+## Updating components with a remote source
+
+Some components within this role are sourced from a remote source. To update them to the latest release use the following commands.
+
+> Ensure that before committing the update remote files to the repository, that no features have been removed that were added.
+
+
+### Kubevirt
+
+``` bash
+
+export KUBEVIRT_RELEASE='<kubevirt release i.e. v1.2.0>'
+
+# From within the templates directory
+wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-operator.yaml -O kubevirt-operator.yaml.j2
+
+# From within the templates directory
+wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-cr.yaml -O kubevirt-cr.yaml.j2
+
+```

defaults/main.yml

@@ -17,6 +17,14 @@ nfc_kubernetes_enable_metallb: false
 nfc_kubernetes_enable_servicelb: false
 
 
+nfc_role_kubernetes_container_images:
+
+  kubevirt_operator:
+    name: Kubevirt Operator
+    registry: quay.io
+    image: kubevirt/virt-operator
+    tag: v1.2.0
+
 
 nfc_role_kubernetes_cluster_domain: cluster.local
 
@@ -24,6 +32,10 @@ nfc_role_kubernetes_etcd_enabled: false
 
 nfc_role_kubernetes_install_olm: false
 
+nfc_role_kubernetes_install_kubevirt: false
+
+nfc_role_kubernetes_kubevirt_operator_replicas: 1
+
 nfc_role_kubernetes_oidc_enabled: false
 
 nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
@@ -139,10 +151,20 @@ k3s:
 #       encrypt: true                   # Optional, Boolean. default `false`. Install wireguard for inter-node encryption
 #       podSubnet: 172.16.70.0/24       # Mandatory, String. CIDR
 #       ServiceSubnet: 172.16.72.0/24   # Mandatory, String. CIDR
+#
 #                                       # Mandatory, String. Token to join nodes to the cluster
 #   node_token: !vault |
 #     $ANSIBLE_VAULT;1.2;AES256;kubernetes/cluster/production
 #     {rest_of encrypted key}
+#
+#
+#  kube_virt:
+#    enabled: false
+#
+#    operator:
+#      replicas: 2
+#
+#
 #  oidc:                                                    # Used to configure Kubernetes with OIDC Authentication.
 #    enabled: true                                          # Mandatory, boolen. speaks for itself.
 #    issuer_url: https://domainname.com/realms/realm-name   # Mandatory, String. URL of OIDC Provider
@@ -152,7 +174,7 @@ k3s:
 #    groups_claim: roles                                    # Mandatory, String. Claim name containing groups
 #    groups_prefix: ''                                      # Optional, String. string to append to groups
 
-#     hosts: 
+#     hosts:
 
 #       my-host-name:
 #         labels:

docs/projects/ansible/roles/kubernetes/index.md

@@ -49,6 +49,8 @@ This Ansible role is designed to deploy a K3s Kubernetes cluster. Without adding
 
 - Install MetalLB
 
+- Install KubeVirt
+
 
 ## Role Workflow
 

tasks/kubevirt/main.yaml

@@ -0,0 +1,33 @@
+---
+
+- name: Validate Virtualization Support
+  ansible.builtin.include_tasks:
+    file: kubevirt/validate.yaml
+    apply:
+      tags:
+        - always
+  tags:
+    - always
+
+
+- name: Deploy KubeVirt
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/var/lib/rancher/k3s/server/manifests/{{ item | replace('.j2', '') | lower }}"
+    owner: root
+    mode: '700'
+    force: true
+  notify: "{{ item.notify | default(omit) }}"
+  loop: "{{ templates_to_apply }}"
+  diff: true
+  vars:
+    templates_to_apply:
+      - kubevirt-operator.yaml.j2
+      - kubevirt-cr.yaml.j2
+
+
+- name: Wait for KubeVirt to initialize
+  ansible.builtin.command:
+    cmd: kubectl -n kubevirt wait kv kubevirt --for condition=Available
+  changed_when: false
+  failed_when: false

tasks/kubevirt/validate.yaml

@@ -0,0 +1,25 @@
+---
+
+- name: Install LibVirt-Clients
+  ansible.builtin.apt:
+    name: libvirt-clients
+    state: present
+
+
+- name: Confirm Virtualization Support
+  ansible.builtin.command:
+    cmd: virt-host-validate qemu
+  changed_when: false
+  failed_when: false
+  register: virt_support_check_command
+
+
+- name: Confirm No QEMU failures
+  ansible.builtin.assert:
+    that:
+      - (": FAIL" | string) not in (item | string)
+      - |
+        (": PASS" | string) in (item | string)
+          or
+        (": WARN" | string) in (item | string)
+  loop: "{{ virt_support_check_command.stdout_lines }}"

tasks/main.yml

@@ -62,3 +62,17 @@
     kubernetes_installed | default(false) | bool
   tags:
     - always
+
+
+- name: Kubevert
+  ansible.builtin.include_tasks:
+    file: kubevirt/main.yaml
+    apply:
+      tags:
+        - always
+  when: >
+    kubernetes_installed | default(false) | bool
+      and
+    nfc_role_kubernetes_install_kubevirt
+  tags:
+    - always

templates/kubevirt-cr.yaml.j2

@@ -0,0 +1,14 @@
+---
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+  name: kubevirt
+  namespace: kubevirt
+spec:
+  certificateRotateStrategy: {}
+  configuration:
+    developerConfiguration:
+      featureGates: []
+  customizeComponents: {}
+  imagePullPolicy: IfNotPresent
+  workloadUpdateStrategy: {}