Add krew support (#7464)

* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206

inventory/sample/group_vars/k8s_cluster/addons.yml

@@ -175,3 +175,7 @@ metallb_enabled: false
 #   - peer_address: 192.0.2.2
 #     peer_asn: 64513
 #     my_asn: 4200000000
+
+# The plugin manager for kubectl
+krew_enabled: false
+krew_root_dir: "/usr/local/krew"

roles/download/defaults/main.yml

@@ -85,6 +85,7 @@ ovn4nfv_ovn_image_version: "v1.0.0"
 ovn4nfv_k8s_plugin_image_version: "v1.1.0"
 helm_version: "v3.5.4"
 nerdctl_version: "0.8.0"
+krew_version: "v0.4.1"
 
 # Get kubernetes major version (i.e. 1.17.4 => 1.17)
 kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
@@ -107,6 +108,7 @@ helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_a
 crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 kata_containers_download_url: "https://github.com/kata-containers/runtime/releases/download/{{ kata_containers_version }}/kata-static-{{ kata_containers_version }}-{{ ansible_architecture }}.tar.xz"
 nerdctl_download_url: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
+krew_download_url: "https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz"
 
 crictl_checksums:
   arm:
@@ -336,6 +338,9 @@ calico_crds_archive_checksums:
   v3.17.4: 92b9d37dcebe382a8e43d4384cfcceb5c9bc22459a2f8cdd89ab7c41b09a7532
   v3.16.10: a4627285afe5761a2681452bfcc858ec998ba2dae3060283b81b5ae3f7ea386b
 
+krew_archive_checksums:
+  v0.4.1: a26deea175f70264260d59a4e061778a892f8a8e301ac261660dd7d24c551c99
+
 helm_archive_checksums:
   arm:
     v3.5.4: 1a9cc09ef06db29a0232d265f73625056a0cb089e5a16b0a5ef8e810e0533157
@@ -388,6 +393,7 @@ helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
 crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
 kata_containers_binary_checksum: "{{ kata_containers_binary_checksums[image_arch][kata_containers_version] }}"
 nerdctl_archive_checksum: "{{ nerdctl_archive_checksums[image_arch][nerdctl_version] }}"
+krew_archive_checksum: "{{ krew_archive_checksums[krew_version] }}"
 
 # Containers
 # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -923,6 +929,19 @@ downloads:
     groups:
     - kube_control_plane
 
+  krew:
+    enabled: "{{ krew_enabled }}"
+    file: true
+    version: "{{ krew_version }}"
+    dest: "{{ local_release_dir }}/krew.tar.gz"
+    sha256: "{{ krew_archive_checksum }}"
+    url: "{{ krew_download_url }}"
+    unarchive: true
+    owner: "root"
+    mode: "0755"
+    groups:
+    - kube_control_plane
+
   registry:
     enabled: "{{ registry_enabled }}"
     container: true

roles/kubernetes-apps/krew/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+krew_enabled: false
+krew_root_dir: "/usr/local/krew"
+krew_default_index_uri: https://github.com/kubernetes-sigs/krew-index.git

roles/kubernetes-apps/krew/tasks/krew.yml

@@ -0,0 +1,21 @@
+---
+- name: Krew | Download krew
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.krew) }}"
+
+- name: Krew | krew env
+  template:
+    src: krew.j2
+    dest: /etc/bash_completion.d/krew
+
+- name: Krew | Copy krew manifest
+  template:
+    src: krew.yml.j2
+    dest: "{{ local_release_dir }}/krew.yml"
+
+- name: Krew | Install krew  # noqa 301 305
+  shell: "{{ local_release_dir }}/krew-linux_{{ image_arch }} install --archive={{ local_release_dir }}/krew.tar.gz --manifest={{ local_release_dir }}/krew.yml"
+  environment:
+    KREW_ROOT: "{{ krew_root_dir }}"
+    KREW_DEFAULT_INDEX_URI: "{{ krew_default_index_uri | default('') }}"

roles/kubernetes-apps/krew/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Krew | install krew on kube_control_plane
+  import_tasks: krew.yml
+
+- name: Krew | install krew on localhost
+  import_tasks: krew.yml
+  delegate_to: localhost
+  connection: local
+  run_once: true
+  when: kubectl_localhost

roles/kubernetes-apps/krew/templates/krew.j2

@@ -0,0 +1,6 @@
+# krew bash env(kubespray)
+export KREW_ROOT="{{ krew_root_dir }}"
+{% if krew_default_index_uri is defined %}
+export KREW_DEFAULT_INDEX_URI='{{ krew_default_index_uri }}'
+{% endif %}
+export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"

roles/kubernetes-apps/krew/templates/krew.yml.j2

@@ -0,0 +1,100 @@
+apiVersion: krew.googlecontainertools.github.com/v1alpha2
+kind: Plugin
+metadata:
+  name: krew
+spec:
+  version: "{{ krew_version }}"
+  homepage: https://krew.sigs.k8s.io/
+  shortDescription: Package manager for kubectl plugins.
+  caveats: |
+    krew is now installed! To start using kubectl plugins, you need to add
+    krew's installation directory to your PATH:
+
+      * macOS/Linux:
+        - Add the following to your ~/.bashrc or ~/.zshrc:
+            export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+        - Restart your shell.
+
+      * Windows: Add %USERPROFILE%\.krew\bin to your PATH environment variable
+
+    To list krew commands and to get help, run:
+      $ kubectl krew
+    For a full list of available plugins, run:
+      $ kubectl krew search
+
+    You can find documentation at
+      https://krew.sigs.k8s.io/docs/user-guide/quickstart/.
+
+  platforms:
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew
+    files:
+    - from: ./krew-darwin_amd64
+      to: krew
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: darwin
+        arch: amd64
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew
+    files:
+    - from: ./krew-darwin_arm64
+      to: krew
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: darwin
+        arch: arm64
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew
+    files:
+    - from: ./krew-linux_amd64
+      to: krew
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: linux
+        arch: amd64
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew
+    files:
+    - from: ./krew-linux_arm
+      to: krew
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: linux
+        arch: arm
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew
+    files:
+    - from: ./krew-linux_arm64
+      to: krew
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: linux
+        arch: arm64
+  - uri: https://github.com/kubernetes-sigs/krew/releases/download/{{ krew_version }}/krew.tar.gz
+    sha256: {{ krew_archive_checksum }}
+    bin: krew.exe
+    files:
+    - from: ./krew-windows_amd64.exe
+      to: krew.exe
+    - from: ./LICENSE
+      to: .
+    selector:
+      matchLabels:
+        os: windows
+        arch: amd64

roles/kubernetes-apps/meta/main.yml

@@ -10,6 +10,12 @@ dependencies:
     tags:
       - helm
 
+  - role: kubernetes-apps/krew
+    when:
+      - krew_enabled
+    tags:
+      - krew
+
   - role: kubernetes-apps/registry
     when:
       - registry_enabled

roles/kubespray-defaults/defaults/main.yaml

@@ -340,6 +340,7 @@ dashboard_enabled: false
 
 # Addons which can be enabled
 helm_enabled: false
+krew_enabled: false
 registry_enabled: false
 metrics_server_enabled: false
 enable_network_policy: true

roles/reset/tasks/main.yml

@@ -300,6 +300,7 @@
     - /etc/bash_completion.d/kubectl.sh
     - /etc/bash_completion.d/crictl
     - /etc/bash_completion.d/nerdctl
+    - "{{ krew_root_dir }}"
   ignore_errors: yes
   tags:
     - files

tests/files/packet_centos7-flannel-containerd-addons-ha.yml

@@ -10,6 +10,7 @@ kube_network_plugin: flannel
 download_localhost: false
 download_run_once: true
 helm_enabled: true
+krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true

tests/files/packet_debian10-containerd.yml

@@ -10,6 +10,7 @@ deploy_netchecker: true
 dns_min_replicas: 1
 
 helm_enabled: true
+krew_enabled: true
 
 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
 http_proxy: http://172.30.30.30:8888

tests/files/packet_ubuntu18-flannel-containerd-ha-once.yml

@@ -9,6 +9,7 @@ kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c
 kube_proxy_mode: iptables
 kube_network_plugin: flannel
 helm_enabled: true
+krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true

tests/files/packet_ubuntu18-flannel-containerd-ha.yml

@@ -9,6 +9,7 @@ kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c
 kube_proxy_mode: iptables
 kube_network_plugin: flannel
 helm_enabled: true
+krew_enabled: true
 kubernetes_audit: true
 container_manager: containerd
 etcd_events_cluster_enabled: true