Actions References

The managed-k8s submodule provides the following ready-to-use action scripts to work with the cluster repository. The scripts extensively rely on environment variables. See the Environment Variables Reference for details.

Additional operating scripts:

The is used for the Cluster Repository Initialization. Before executing this script you must have configured your environment variables. The script will create the basic cluster repository structure as described here. Except in very rare cases where a new feature requires it, you’ll need and should execute this script only once.

managed-k8s/actions/ is a wrapper script which can be used to create a yk8s on top of OpenStack.

The script triggers the execution of the following scripts:

Apply Terraform Script Visualization

The creates and updates the underlying cluster platform infrastructure (sometimes also called harbour infrastructure layer) as defined by the configuration. It also creates and updates the inventory files for ansible (inventory/*/hosts) and creates some variables in the inventory (all created files have the terraform_ prefix).

Apply Stage 2 Script Visualization

The can be used to trigger the frontend preparation. This script triggers an Ansible playbook which installs and prepares the frontend nodes, including rolling out all users, setting up the basic infrastructure for C&H LBaaS and configuring wireguard.

Apply Stage 3 Script Visualization

This installs the Kubernetes worker and master nodes, including rolling out all users, installing Kubernetes itself, deploying Rook, Prometheus etc., and configuring C&H LBaaS (also on the frontend nodes) if it is enabled.

Apply Stage 4 Script Visualization


add details

Apply Stage 5 Script Visualization


add details

Apply Custom Script Visualization


add details

This runs the cluster test suite. It ensures basic functionality:

  • Starting a pod & service

  • Cinder volume block storage

  • Rook ceph block storage (if enabled)

  • Rook ceph shared filesystem storage (if enabled)

  • C&H LBaaS (if enabled)

  • Pod security policies (if enabled)

  • Network policies (if enabled)

  • Monitoring (if enabled)

This triggers system updates of the host nodes (harbour infrastructure layer). That includes updates of the frontend nodes and as well as Kubernetes nodes. As this may be a disruptive action, you have to explicitly allow system updates by setting MANAGED_K8S_RELEASE_THE_KRAKEN (see Environment Variables. Nodes will get updated one after another if they are already initialized. Between the node updates, it is verified that the cluster is healthy. These verification checks can be skipped by passing -s.

# Trigger system updates of nodes
$ MANAGED_K8S_RELEASE_THE_KRAKEN=true bash managed-k8s/actions/ [-s]

Destroy the entire cluster and all of its data.

This is, obviously, destructive. Don’t run light-heartedly.

When the Wireguard tunnel needs to be up, it is automatically setup by all apply-*.sh-scripts.

Bring up the WireGuard VPN to the cluster.

It tries to be smart about not doing anything stupid and ensuring that you’re really connected to the correct cluster.

This Python script should be used to create new Ansible roles and update and extend the meta information of existing ones. The script can create and update roles with a minimal skeleton and an extended one (--full).

For further information on Ansible meta information take a look here.

usage: [-h] {init,update} ...

positional arguments:
  {init,update}  Desired action to perform
    init         Initialize the skeleton for a new ansible role
    update       Update the existing ansible role. This action only updates the meta/main.yaml of the existing ansible role. If you want to create missing skeleton directory structure use `--create-missing` argument.

optional arguments:
  -h, --help     show this help message and exit

This is a thin wrapper around Terraform. The arguments are passed on to Terraform, and the environment for it is set to use the same module and state as when run from

This is useful for operational interventions, debugging and development work (e.g. to inspect the state or to taint a resource in order to have it rebuilt when running

Example usage:

$ ./managed-k8s/actions/ taint 'openstack_compute_instance_v2.master["managed-k8s-master-1"]'


Creating a new role into the k8s-base directory:

$ python3 managed-k8s/actions/ init "ROLE_NAME" --path managed-k8s/k8s-base/roles

Updating the authors for all KSL roles:

$ python3 actions/ update '*' --path k8s-service-layer/roles --author "AUTHORS"

Update Inventory Script Visualization

The inventory updater is triggered automatically in advance of each action script. It cleans up the inventory and ensures the latest variable/value pairs from your configuration file are used.

This script can be used to trigger a Kubernetes upgrade. More details about that can be found here.

The is included by other action scripts and defines commonly used variables and function definitions.