2016-11-03 15:57:11 +00:00
|
|
|
---
|
2016-11-14 12:03:54 +00:00
|
|
|
- name: Canal | Write Canal cni config
|
|
|
|
|
template:
|
2017-10-16 06:11:38 +00:00
|
|
|
src: "cni-canal.conflist.j2"
|
2020-09-24 16:04:06 +00:00
|
|
|
dest: "/etc/cni/net.d/canal.conflist.template"
|
2022-01-09 09:51:12 +00:00
|
|
|
mode: 0644
|
2017-02-06 12:58:54 +00:00
|
|
|
owner: kube
|
2019-07-22 07:50:53 +00:00
|
|
|
register: canal_conflist
|
|
|
|
|
notify: reset_canal_cni
|
2016-11-14 12:03:54 +00:00
|
|
|
|
|
|
|
|
- name: Canal | Create canal certs directory
|
|
|
|
|
file:
|
|
|
|
|
dest: "{{ canal_cert_dir }}"
|
|
|
|
|
state: directory
|
|
|
|
|
mode: 0750
|
2017-02-06 12:58:54 +00:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
2016-11-14 12:03:54 +00:00
|
|
|
|
|
|
|
|
- name: Canal | Link etcd certificates for canal-node
|
|
|
|
|
file:
|
|
|
|
|
src: "{{ etcd_cert_dir }}/{{ item.s }}"
|
|
|
|
|
dest: "{{ canal_cert_dir }}/{{ item.d }}"
|
|
|
|
|
state: hard
|
2021-04-28 18:26:52 +00:00
|
|
|
mode: 0640
|
2016-12-07 16:03:04 +00:00
|
|
|
force: yes
|
2016-11-14 12:03:54 +00:00
|
|
|
with_items:
|
2019-04-19 13:01:54 +00:00
|
|
|
- {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
|
|
|
|
|
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
|
|
|
|
|
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
|
2016-11-14 12:03:54 +00:00
|
|
|
|
2020-07-20 14:26:51 +00:00
|
|
|
# Flannel need etcd v2 API
|
2016-11-10 09:49:47 +00:00
|
|
|
- name: Canal | Set Flannel etcd configuration
|
|
|
|
|
command: |-
|
2020-07-20 14:26:51 +00:00
|
|
|
{{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config \
|
2016-11-10 09:49:47 +00:00
|
|
|
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
|
2020-04-21 14:20:56 +00:00
|
|
|
register: output
|
2017-11-28 16:39:55 +00:00
|
|
|
retries: 4
|
2020-04-21 14:20:56 +00:00
|
|
|
until: output.rc == 0
|
2017-11-28 16:39:55 +00:00
|
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
2019-05-02 21:24:21 +00:00
|
|
|
delegate_to: "{{ groups['etcd'][0] }}"
|
2017-10-25 20:19:40 +00:00
|
|
|
changed_when: false
|
2016-11-10 09:49:47 +00:00
|
|
|
run_once: true
|
2017-11-07 14:06:16 +00:00
|
|
|
environment:
|
2020-07-20 14:26:51 +00:00
|
|
|
ETCDCTL_API: 2
|
2022-02-23 14:46:18 +00:00
|
|
|
ETCDCTL_CA_FILE: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_deployment_type == 'kubeadm' else etcd_cert_dir + '/ca.pem' }}"
|
|
|
|
|
ETCDCTL_CERT_FILE: "{{ kube_cert_dir + '/etcd/server.crt' if etcd_deployment_type == 'kubeadm' else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '.pem' }}"
|
|
|
|
|
ETCDCTL_KEY_FILE: "{{ kube_cert_dir + '/etcd/server.key' if etcd_deployment_type == 'kubeadm' else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '-key.pem' }}"
|
2020-07-20 14:26:51 +00:00
|
|
|
ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
|
2016-11-03 15:57:11 +00:00
|
|
|
|
2017-09-04 08:29:40 +00:00
|
|
|
- name: Canal | Create canal node manifests
|
2016-11-08 11:13:20 +00:00
|
|
|
template:
|
2019-05-02 21:24:21 +00:00
|
|
|
src: "{{ item.file }}.j2"
|
|
|
|
|
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
2022-01-09 09:51:12 +00:00
|
|
|
mode: 0644
|
2017-09-04 08:29:40 +00:00
|
|
|
with_items:
|
|
|
|
|
- {name: canal-config, file: canal-config.yaml, type: cm}
|
|
|
|
|
- {name: canal-node, file: canal-node.yaml, type: ds}
|
|
|
|
|
- {name: canal, file: canal-node-sa.yml, type: sa}
|
|
|
|
|
- {name: calico, file: canal-cr-calico.yml, type: clusterrole}
|
|
|
|
|
- {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
|
|
|
|
|
- {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
|
|
|
|
|
- {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
|
|
|
|
|
register: canal_manifests
|
|
|
|
|
when:
|
2021-03-24 00:26:05 +00:00
|
|
|
- inventory_hostname in groups['kube_control_plane']
|
2016-11-03 15:57:11 +00:00
|
|
|
|
2019-04-15 11:24:04 +00:00
|
|
|
- name: Canal | Install calicoctl wrapper script
|
2017-01-04 22:46:00 +00:00
|
|
|
template:
|
2019-04-15 11:24:04 +00:00
|
|
|
src: calicoctl.sh.j2
|
|
|
|
|
dest: "{{ bin_dir }}/calicoctl.sh"
|
2017-01-04 22:46:00 +00:00
|
|
|
mode: 0755
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
2017-01-04 22:51:11 +00:00
|
|
|
|
|
|
|
|
- name: Canal | Create network policy directory
|
|
|
|
|
file:
|
|
|
|
|
path: "{{ canal_policy_dir }}"
|
|
|
|
|
state: directory
|
2022-01-09 09:51:12 +00:00
|
|
|
mode: 0755
|
