v0.0.3
This commit is contained in:
89
roles/geerlingguy.kubernetes/tasks/control-plane-setup.yml
Normal file
89
roles/geerlingguy.kubernetes/tasks/control-plane-setup.yml
Normal file
@@ -0,0 +1,89 @@
|
||||
---
|
||||
- name: Create the directory for the kubernetes_config_file
|
||||
file:
|
||||
path: "{{ kubernetes_kubeadm_kubelet_config_file_path | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Deploy the config-file for kubeadm and kubelet
|
||||
template:
|
||||
src: "kubeadm-kubelet-config.j2"
|
||||
dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}"
|
||||
|
||||
- name: Initialize Kubernetes control plane with kubeadm init
|
||||
command: >
|
||||
kubeadm init
|
||||
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined)
|
||||
|
||||
- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
|
||||
command: >
|
||||
kubeadm init
|
||||
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
|
||||
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined)
|
||||
|
||||
- name: Print the init output to screen.
|
||||
debug:
|
||||
var: kubeadmin_init.stdout
|
||||
verbosity: 2
|
||||
when: not kubernetes_init_stat.stat.exists
|
||||
|
||||
- name: Ensure .kube directory exists.
|
||||
file:
|
||||
path: ~/.kube
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Symlink the kubectl admin.conf to ~/.kube/conf.
|
||||
file:
|
||||
src: /etc/kubernetes/admin.conf
|
||||
dest: ~/.kube/config
|
||||
state: link
|
||||
mode: 0644
|
||||
|
||||
- name: Configure Flannel networking.
|
||||
command: "kubectl apply -f {{ kubernetes_flannel_manifest_file }}"
|
||||
register: flannel_result
|
||||
changed_when: "'created' in flannel_result.stdout"
|
||||
when: kubernetes_pod_network.cni == 'flannel'
|
||||
until: flannel_result is not failed
|
||||
retries: 12
|
||||
delay: 5
|
||||
|
||||
- name: Configure Calico networking.
|
||||
command: "kubectl apply -f {{ kubernetes_calico_manifest_file }}"
|
||||
register: calico_result
|
||||
changed_when: "'created' in calico_result.stdout"
|
||||
when: kubernetes_pod_network.cni == 'calico'
|
||||
until: calico_result is not failed
|
||||
retries: 12
|
||||
delay: 5
|
||||
|
||||
- name: Get Kubernetes version for Weave installation.
|
||||
shell: kubectl version | base64 | tr -d '\n'
|
||||
changed_when: false
|
||||
register: kubectl_version
|
||||
when: kubernetes_pod_network.cni == 'weave'
|
||||
until: kubectl_version is not failed
|
||||
retries: 12
|
||||
delay: 5
|
||||
|
||||
- name: Configure Weave networking.
|
||||
command: "{{ item }}"
|
||||
with_items:
|
||||
- "kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version={{ kubectl_version.stdout_lines[0] }}"
|
||||
register: weave_result
|
||||
changed_when: "'created' in weave_result.stdout"
|
||||
when: kubernetes_pod_network.cni == 'weave'
|
||||
|
||||
# TODO: Check if taint exists with something like `kubectl describe nodes`
|
||||
# instead of using kubernetes_init_stat.stat.exists check.
|
||||
- name: Allow pods on control plane (if configured).
|
||||
command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
|
||||
when:
|
||||
- kubernetes_allow_pods_on_control_plane | bool
|
||||
- not kubernetes_init_stat.stat.exists
|
||||
42
roles/geerlingguy.kubernetes/tasks/kubelet-setup.yml
Normal file
42
roles/geerlingguy.kubernetes/tasks/kubelet-setup.yml
Normal file
@@ -0,0 +1,42 @@
|
||||
---
|
||||
|
||||
# ---- DEPRECATED ----------------
|
||||
#
|
||||
# Most of the kubernetes_kubelet_extra_args are deprecated. See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet for details.
|
||||
# Use the kubernetes_kubelet_config variable instead, which will be used to create the kubelet config file.
|
||||
|
||||
- name: Check for existence of kubelet environment file. (deprecated)
|
||||
stat:
|
||||
path: '{{ kubelet_environment_file_path }}'
|
||||
register: kubelet_environment_file
|
||||
|
||||
- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists. (deprecated)
|
||||
set_fact:
|
||||
kubelet_args_path: '{{ kubelet_environment_file_path }}'
|
||||
kubelet_args_line: "{{ 'KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args }}"
|
||||
kubelet_args_regexp: '^KUBELET_EXTRA_ARGS='
|
||||
when: kubelet_environment_file.stat.exists
|
||||
|
||||
- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist. (deprecated)
|
||||
set_fact:
|
||||
kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf'
|
||||
kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}"
|
||||
kubelet_args_regexp: '^Environment="KUBELET_EXTRA_ARGS='
|
||||
when: not kubelet_environment_file.stat.exists
|
||||
|
||||
- name: Configure KUBELET_EXTRA_ARGS. (deprecated)
|
||||
lineinfile:
|
||||
path: '{{ kubelet_args_path }}'
|
||||
line: '{{ kubelet_args_line }}'
|
||||
regexp: '{{ kubelet_args_regexp }}'
|
||||
state: present
|
||||
mode: 0644
|
||||
register: kubelet_extra_args
|
||||
when: kubernetes_kubelet_extra_args|length > 0
|
||||
|
||||
- name: Reload systemd unit if args were changed. (deprecated)
|
||||
systemd:
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
name: kubelet
|
||||
when: kubelet_extra_args is changed
|
||||
59
roles/geerlingguy.kubernetes/tasks/main.yml
Normal file
59
roles/geerlingguy.kubernetes/tasks/main.yml
Normal file
@@ -0,0 +1,59 @@
|
||||
---
|
||||
- name: Include OS-specific variables.
|
||||
include_vars: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- include_tasks: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- include_tasks: setup-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
|
||||
- name: Ensure dependencies are installed.
|
||||
package: name=curl state=present
|
||||
|
||||
- name: Install Kubernetes packages.
|
||||
package:
|
||||
name: "{{ item.name | default(item) }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
notify: restart kubelet
|
||||
with_items: "{{ kubernetes_packages }}"
|
||||
|
||||
- include_tasks: sysctl-setup.yml
|
||||
|
||||
- include_tasks: kubelet-setup.yml # deprecated
|
||||
when: kubernetes_kubelet_extra_args|length > 0
|
||||
|
||||
- name: Ensure kubelet is started and enabled at boot.
|
||||
service:
|
||||
name: kubelet
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Check if Kubernetes has already been initialized.
|
||||
stat:
|
||||
path: /etc/kubernetes/admin.conf
|
||||
register: kubernetes_init_stat
|
||||
|
||||
# Set up control plane.
|
||||
- include_tasks: control-plane-setup.yml
|
||||
when: kubernetes_role == 'control_plane'
|
||||
|
||||
# Set up nodes.
|
||||
- name: Get the kubeadm join command from the Kubernetes control plane.
|
||||
command: kubeadm token create --print-join-command
|
||||
changed_when: false
|
||||
when: kubernetes_role == 'control_plane'
|
||||
register: kubernetes_join_command_result
|
||||
|
||||
- name: Set the kubeadm join command globally.
|
||||
set_fact:
|
||||
kubernetes_join_command: >
|
||||
{{ kubernetes_join_command_result.stdout }}
|
||||
{{ kubernetes_join_command_extra_opts }}
|
||||
when: kubernetes_join_command_result.stdout is defined
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
with_items: "{{ groups['all'] }}"
|
||||
|
||||
- include_tasks: node-setup.yml
|
||||
when: kubernetes_role == 'node'
|
||||
6
roles/geerlingguy.kubernetes/tasks/node-setup.yml
Normal file
6
roles/geerlingguy.kubernetes/tasks/node-setup.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: Join node to Kubernetes control plane.
|
||||
shell: >
|
||||
{{ kubernetes_join_command }}
|
||||
creates=/etc/kubernetes/kubelet.conf
|
||||
tags: ['skip_ansible_lint']
|
||||
38
roles/geerlingguy.kubernetes/tasks/setup-Debian.yml
Normal file
38
roles/geerlingguy.kubernetes/tasks/setup-Debian.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
---
|
||||
- name: Ensure dependencies are installed.
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
state: present
|
||||
|
||||
- name: Prepare apt keyring directory.
|
||||
ansible.builtin.file:
|
||||
path: "{{ kubernetes_apt_keyring_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Get Kubernetes apt key.
|
||||
ansible.builtin.get_url:
|
||||
url: "https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/Release.key"
|
||||
dest: "{{ kubernetes_apt_keyring_file }}"
|
||||
mode: '0644'
|
||||
force: true
|
||||
|
||||
- name: Be sure deprecated Kubernetes repository is absent.
|
||||
file:
|
||||
path: "/etc/apt/sources.list.d/apt_kubernetes_io.list"
|
||||
state: absent
|
||||
|
||||
- name: Add Kubernetes repository.
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ kubernetes_apt_repository }}"
|
||||
filename: pkgs_k8s_io
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Add Kubernetes apt preferences file to pin a version.
|
||||
template:
|
||||
src: apt-preferences-kubernetes.j2
|
||||
dest: /etc/apt/preferences.d/kubernetes
|
||||
mode: 0644
|
||||
20
roles/geerlingguy.kubernetes/tasks/setup-RedHat.yml
Normal file
20
roles/geerlingguy.kubernetes/tasks/setup-RedHat.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Ensure Kubernetes repository exists.
|
||||
yum_repository:
|
||||
name: kubernetes
|
||||
description: Kubernetes
|
||||
enabled: true
|
||||
gpgcheck: "{{ kubernetes_yum_gpg_check }}"
|
||||
repo_gpgcheck: "{{ kubernetes_yum_repo_gpg_check }}"
|
||||
baseurl: "{{ kubernetes_yum_base_url }}"
|
||||
gpgkey: "{{ kubernetes_yum_gpg_key }}"
|
||||
|
||||
- name: Add Kubernetes GPG keys.
|
||||
rpm_key:
|
||||
key: "{{ kubernetes_yum_gpg_key }}"
|
||||
state: present
|
||||
register: kubernetes_rpm_key
|
||||
|
||||
- name: Make cache if Kubernetes GPG key changed.
|
||||
command: "yum -q makecache -y --disablerepo='*' --enablerepo='kubernetes'"
|
||||
when: kubernetes_rpm_key is changed
|
||||
21
roles/geerlingguy.kubernetes/tasks/sysctl-setup.yml
Normal file
21
roles/geerlingguy.kubernetes/tasks/sysctl-setup.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Ensure procps is installed.
|
||||
package:
|
||||
name: "{{ procps_package }}"
|
||||
state: present
|
||||
when: >
|
||||
ansible_distribution != 'Debian'
|
||||
or ansible_distribution_major_version | int < 10
|
||||
|
||||
# See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
|
||||
- name: Let iptables see bridged traffic.
|
||||
sysctl:
|
||||
name: "{{ item }}"
|
||||
value: '1'
|
||||
state: present
|
||||
loop:
|
||||
- net.bridge.bridge-nf-call-iptables
|
||||
- net.bridge.bridge-nf-call-ip6tables
|
||||
when: >
|
||||
ansible_distribution != 'Debian'
|
||||
or ansible_distribution_major_version | int < 10
|
||||
Reference in New Issue
Block a user