Package container images with the self-extracting installer for The C…

…ombine (#3240)

* Add container images to install package

- add container images for helm charts to the install package
    - cert-manager
    - NGINX ingress controller
    - The Combine
- add a `--net-install` to create installer without the images

* Update Python dependencies

* Update installer README.md

* Restore installation of helm in non-airgap installations

* Remove cert-manager from standard charts

cert-manager is not needed for NUCs or the offline development and it
is installed by LTOps for the QA and Production environments.  It is
only used for development clusters, e.g. on Rancher Desktop or
Docker Desktop

.gitignore

@@ -83,7 +83,7 @@ deploy/scripts/semantic_domains/json/*.json
 database/semantic_domains/*
 
 # Combine installer
-installer/combine-installer.run
+installer/*.run
 installer/makeself-*
 installer/README.pdf
 

README.md

@@ -531,7 +531,12 @@ cd installer
 ./make-combine-installer.sh combine-release-number
 ```
 
-where `combine-release-number` is the Combine release to be installed, e.g. `v1.2.0`.
+where `combine-release-number` is the Combine release to be installed, e.g. `v2.1.0`.
+
+Options:
+
+- `--net-install` - build an installer that will download the required images at installation time. The default is to
+  package the images in the installation script.
 
 To update the PDF copy of the installer README.md file, run the following from the `installer` directory:
 
@@ -636,7 +641,7 @@ environment. (See the [Python](#python) section to create the virtual environmen
 Install the required charts by running:
 
 ```bash
-python deploy/scripts/setup_cluster.py
+python deploy/scripts/setup_cluster.py --type development
 ```
 
 `deploy/scripts/setup_cluster.py` assumes that the `kubectl` configuration file is setup to manage the desired

deploy/ansible/group_vars/nuc/main.yml

@@ -14,17 +14,13 @@
 k8s_engine: k3s
 
 image_pull_secret: aws-login-credentials
+use_airgap_images: false
 
 # k8s namespaces
 app_namespace: thecombine
 
 k8s_user: sillsdev
 
-################################################
-# Helm Installation
-################################################
-install_helm: no
-
 ################################################
 # Support Tool Settings
 ################################################

deploy/ansible/group_vars/server/main.yml

@@ -9,21 +9,13 @@
 # Configure Kubernetes cluster
 ################################################
 
-# Specify which Kubernetes engine to install -
-# one of k3s, or none.
-k8s_engine: none
-
 image_pull_secret: aws-login-credentials
+use_airgap_images: false
 
 create_namespaces: []
 # k8s namespaces
 app_namespace: thecombine
 
-################################################
-# Helm Installation
-################################################
-install_helm: no
-
 ################################################
 # Support Tool Settings
 ################################################

deploy/ansible/host_vars/localhost/main.yml

@@ -7,22 +7,14 @@
 # Configure Kubernetes cluster
 ################################################
 
-# Specify which Kubernetes engine to install -
-# one of k3s or none.
-k8s_engine: k3s
-
 image_pull_secret: aws-login-credentials
+use_airgap_images: true
 
 # k8s namespaces
 app_namespace: thecombine
 
 k8s_user: "{{ ansible_user_id }}"
 
-################################################
-# Helm Installation
-################################################
-install_helm: yes
-
 ################################################
 # Support Tool Settings
 ################################################

deploy/ansible/playbook_desktop_setup.yaml

@@ -15,27 +15,23 @@
 
   vars_files:
     - "vars/config_common.yml"
+    - "vars/k3s_versions.yml"
 
   tasks:
-    - name: Update packages
-      apt:
-        update_cache: yes
-        upgrade: "yes"
-
     - name: Setup WiFi Access Point
       import_role:
         name: wifi_ap
       when: has_wifi
 
-    - name: Enable hardware monitoring
-      import_role:
-        name: monitor_hardware
-      when: include_hw_monitoring
-
     - name: Configure Network Interfaces
       import_role:
         name: network_config
 
+    - name: Install Preloaded Images
+      import_role:
+        name: container_images
+      when: install_airgap_images
+
     - name: Install Container Engine
       import_role:
         name: container_engine
@@ -47,7 +43,7 @@
     - name: Install Helm
       import_role:
         name: helm_install
-      when: install_helm
+      when: not install_airgap_images
 
     - name: Setup Support Tool
       import_role:

deploy/ansible/playbook_k3s_airgapped_files.yml

@@ -0,0 +1,58 @@
+---
+##############################################################
+# Playbook: playbook_k3s_airgapped_files.yml
+#
+# playbook_k3s_airgapped_files.yml downloads and packages the
+# files necessary to install k3s on an airgapped system.  This
+# includes:
+#  - the k3s airgap images
+#  - k3s executable
+#  - k3s installation script
+#  - kubectl
+#  - helm
+#
+##############################################################
+
+- name: Build package for k3s airgap installation
+  hosts: localhost
+  gather_facts: yes
+  become: no
+
+  vars_files:
+    - "vars/k3s_versions.yml"
+
+  tasks:
+    - name: Create package directory if necessary
+      file:
+        path: "{{ package_dir }}"
+        state: directory
+
+    - name: Download k3s assets
+      get_url:
+        dest: "{{ package_dir }}/{{ item }}"
+        url: "https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/{{ item }}"
+      loop:
+        - k3s-airgap-images-amd64.tar.zst
+        - k3s
+        - sha256sum-amd64.txt
+
+    - name: Verify k3s downloads
+      shell:
+        cmd: sha256sum --check --ignore-missing sha256sum-amd64.txt
+        chdir: "{{ package_dir }}"
+      changed_when: false
+
+    - name: Download k3s install script
+      get_url:
+        dest: "{{ package_dir }}/install.sh"
+        url: https://get.k3s.io/
+
+    - name: Download kubectl
+      get_url:
+        dest: "{{ package_dir }}/kubectl"
+        url: "https://dl.k8s.io/release/{{ kubectl_version }}/bin/linux/amd64/kubectl"
+
+    - name: Download helm
+      get_url:
+        dest: "{{ package_dir }}/helm.tar.gz"
+        url: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz"

deploy/ansible/playbook_nuc_setup.yaml

@@ -16,6 +16,7 @@
 
   vars_files:
     - "vars/config_common.yml"
+    - "vars/k3s_versions.yml"
 
   tasks:
     - name: Update packages

deploy/ansible/roles/container_engine/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 container_packages:
   - containerd.io
+
+keyring_location: /etc/apt/keyrings

deploy/ansible/roles/container_engine/tasks/main.yml

@@ -27,20 +27,20 @@
 
 - name: Create keyring directory
   file:
-    path: /etc/apt/keyrings
+    path: "{{ keyring_location }}"
     state: directory
     owner: root
     group: root
     mode: 0755
 
 - name: Install Docker apt key
   shell:
-    cmd: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg"
-    creates: /etc/apt/keyrings/docker.gpg
+    cmd: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o {{ keyring_location }}/docker.gpg"
+    creates: "{{ keyring_location }}/docker.gpg"
 
 - name: Add Docker repository
   apt_repository:
-    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    repo: "deb [arch=amd64 signed-by={{ keyring_location }}/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
     state: present
     filename: docker
 

deploy/ansible/roles/container_images/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# Default values for setting up the container images for
+# installing pre-downloaded images
+
+source_image_dir: ../airgap-images
+airgap_image_dir: /var/lib/rancher/k3s/agent/images

deploy/ansible/roles/container_images/tasks/main.yml

@@ -0,0 +1,59 @@
+---
+# Setup airgap images in {{ airgap_image_dir }} to be
+# available when k3s and subsequent helm charts are installed.
+
+- name: Create airgap image directory
+  file:
+    path: "{{ airgap_image_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy image files
+  copy:
+    src: "{{ source_image_dir }}/{{ item }}"
+    dest: "{{ airgap_image_dir }}/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+    - k3s-airgap-images-amd64.tar.zst
+    - middleware-airgap-images-amd64.tar.zst
+    - combine-airgap-images-amd64.tar.zst
+
+# Add k3s, kubectl and the k3s installation script to
+# /usr/local/bin
+- name: Copy k3s & utility programes
+  copy:
+    src: "{{ source_image_dir }}/{{ item }}"
+    dest: /usr/local/bin/{{ item }}
+    owner: root
+    group: root
+    mode: 0755
+  loop:
+    - k3s
+    - kubectl
+    - install.sh
+
+# Install helm
+- name: Create directory for helm installation
+  file:
+    path: /opt/helm/{{ helm_version }}
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Unpack helm
+  shell:
+    cmd: tar xzvf "{{ source_image_dir }}/helm.tar.gz" -C /opt/helm/{{ helm_version }}
+
+- name: Create link to helm binary
+  file:
+    src: /opt/helm/{{ helm_version }}/linux-amd64/helm
+    dest: /usr/local/bin/helm
+    state: link
+    owner: root
+    group: root
+    mode: 0755

deploy/ansible/roles/helm_install/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-helm_version: v3.13.2
+helm_version: v3.15.2
 helm_arch: linux-amd64
 
 helm_download_dir: /opt/helm-{{ helm_version }}-{{ helm_arch }}

deploy/ansible/roles/k8s_install/defaults/main.yml

@@ -3,6 +3,8 @@
 # Can be overridden by specific groups/hosts
 k8s_dns_name: "{{ combine_server_name }}"
 
+keyring_location: /etc/apt/keyrings
+
 k8s_required_pkgs:
   - apt-transport-https
   - ca-certificates
@@ -16,6 +18,3 @@ k3s_options:
   - traefik
   - --tls-san
   - "{{ k8s_dns_name }}"
-
-k3s_version: "v1.25.14+k3s1"
-kubectl_version: "v1.29"