c12s-kubespray/roles/kubernetes/node/tasks/main.yml

---
- set_fact:
    standalone_kubelet: >-
      {%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
  tags: facts

- include: pre_upgrade.yml
  tags: kubelet

- name: Ensure /var/lib/cni exists
  file:
    path: /var/lib/cni
    state: directory
    mode: 0755

- include: install.yml
  tags: kubelet

- include: nginx-proxy.yml
  when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true)
  tags: nginx

- name: Write kubelet config file
  template:
    src: kubelet.j2
    dest: "{{ kube_config_dir }}/kubelet.env"
    backup: yes
  notify: restart kubelet
  tags: kubelet

- name: write the kubecfg (auth) file for kubelet
  template:
    src: "{{ item }}-kubeconfig.yaml.j2"
    dest: "{{ kube_config_dir }}/{{ item }}-kubeconfig.yaml"
    backup: yes
  with_items:
    - node
    - kube-proxy
  notify: restart kubelet
  tags: kubelet

- name: Ensure nodePort range is reserved
  sysctl:
    name: net.ipv4.ip_local_reserved_ports
    value: "{{ kube_apiserver_node_port_range }}"
    sysctl_set: yes
    state: present
    reload: yes
  when: kube_apiserver_node_port_range is defined
  tags: kube-proxy

- name: Verify if br_netfilter module exists
  shell: "modinfo br_netfilter"
  register: modinfo_br_netfilter
  failed_when: modinfo_br_netfilter.rc not in [0, 1]
  changed_when: false

- name: Enable br_netfilter module
  modprobe:
    name: br_netfilter
    state: present
  when: modinfo_br_netfilter.rc == 0

# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
- name: Check if bridge-nf-call-iptables key exists
  command: "sysctl net.bridge.bridge-nf-call-iptables"
  failed_when: false
  changed_when: false
  register: sysctl_bridge_nf_call_iptables

- name: Enable bridge-nf-call tables
  sysctl:
    name: "{{ item }}"
    state: present
    value: 1
    reload: yes
  when: modinfo_br_netfilter.rc == 1 and sysctl_bridge_nf_call_iptables.rc == 0
  with_items:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-arptables
    - net.bridge.bridge-nf-call-ip6tables

- name: Write proxy manifest
  template:
    src: manifests/kube-proxy.manifest.j2
    dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
  tags: kube-proxy

# reload-systemd
- meta: flush_handlers

- name: Enable kubelet
  service:
    name: kubelet
    enabled: yes
    state: started
  tags: kubelet
Initial commit 2015-10-03 20:19:50 +00:00			`---`
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-13 10:43:06 +00:00			`- set_fact:`
			`standalone_kubelet: >-`
			`{%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}`
			`tags: facts`

Add /var/lib/cni to kubelet Necessary to persist this directory for host-local IPAM used by Canal Add pre-upgrade task to copy /var/lib/cni out of old kubelet. 2017-04-03 13:50:17 +00:00			`- include: pre_upgrade.yml`
			`tags: kubelet`

Explicitly create cni bin dir If this path doesnt exist, it will cause kubelet to fail to start when using rkt 2017-04-19 16:00:44 +00:00			`- name: Ensure /var/lib/cni exists`
			`file:`
			`path: /var/lib/cni`
			`state: directory`
			`mode: 0755`

generate secrets on deployment machine test travis with sudo=true instead of required 2016-02-11 22:08:16 +00:00			`- include: install.yml`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`tags: kubelet`
generate secrets on deployment machine test travis with sudo=true instead of required 2016-02-11 22:08:16 +00:00
use nginx proxy on non-master nodes to proxy apiserver traffic Also adds all masters by hostname and localhost/127.0.0.1 to apiserver SSL certificate. Includes documentation update on how localhost loadbalancer works. 2016-09-28 11:05:08 +00:00			`- include: nginx-proxy.yml`
Align LB defaults with the HA docs Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru> 2017-02-10 10:23:19 +00:00			`when: is_kube_master == false and loadbalancer_apiserver_localhost\|default(true)`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`tags: nginx`
use nginx proxy on non-master nodes to proxy apiserver traffic Also adds all masters by hostname and localhost/127.0.0.1 to apiserver SSL certificate. Includes documentation update on how localhost loadbalancer works. 2016-09-28 11:05:08 +00:00
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00			`- name: Write kubelet config file`
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy 2017-02-17 21:22:34 +00:00			`template:`
			`src: kubelet.j2`
			`dest: "{{ kube_config_dir }}/kubelet.env"`
			`backup: yes`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`notify: restart kubelet`
			`tags: kubelet`
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00
			`- name: write the kubecfg (auth) file for kubelet`
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy 2017-02-17 21:22:34 +00:00			`template:`
basic rbac support 2017-06-27 04:27:25 +00:00			`src: "{{ item }}-kubeconfig.yaml.j2"`
			`dest: "{{ kube_config_dir }}/{{ item }}-kubeconfig.yaml"`
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy 2017-02-17 21:22:34 +00:00			`backup: yes`
basic rbac support 2017-06-27 04:27:25 +00:00			`with_items:`
			`- node`
			`- kube-proxy`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`notify: restart kubelet`
			`tags: kubelet`
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00
Prevent dynamic port allocation in nodePort range kube_apiserver_node_port_range should be accessible only to kube-proxy and not be taken by a dynamic port allocation. Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920 gets fixed. 2017-02-03 15:26:30 +00:00			`- name: Ensure nodePort range is reserved`
			`sysctl:`
			`name: net.ipv4.ip_local_reserved_ports`
			`value: "{{ kube_apiserver_node_port_range }}"`
			`sysctl_set: yes`
			`state: present`
			`reload: yes`
			`when: kube_apiserver_node_port_range is defined`
			`tags: kube-proxy`

Consolidate kube-proxy module and sysctl loading (#1586) This sets br_netfilter and net.bridge.bridge-nf-call-iptables sysctl from a single play before kube-proxy is first ran instead of from the flannel and weave network_plugin roles after kube-proxy is started 2017-09-06 12:11:51 +00:00			`- name: Verify if br_netfilter module exists`
			`shell: "modinfo br_netfilter"`
			`register: modinfo_br_netfilter`
			`failed_when: modinfo_br_netfilter.rc not in [0, 1]`
			`changed_when: false`

			`- name: Enable br_netfilter module`
			`modprobe:`
			`name: br_netfilter`
			`state: present`
			`when: modinfo_br_netfilter.rc == 0`

			`# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module`
			`- name: Check if bridge-nf-call-iptables key exists`
			`command: "sysctl net.bridge.bridge-nf-call-iptables"`
			`failed_when: false`
			`changed_when: false`
			`register: sysctl_bridge_nf_call_iptables`

			`- name: Enable bridge-nf-call tables`
			`sysctl:`
			`name: "{{ item }}"`
			`state: present`
			`value: 1`
			`reload: yes`
			`when: modinfo_br_netfilter.rc == 1 and sysctl_bridge_nf_call_iptables.rc == 0`
			`with_items:`
			`- net.bridge.bridge-nf-call-iptables`
			`- net.bridge.bridge-nf-call-arptables`
			`- net.bridge.bridge-nf-call-ip6tables`

Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00			`- name: Write proxy manifest`
Fix systemd reload and calico unit 2016-01-25 01:01:25 +00:00			`template:`
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00			`src: manifests/kube-proxy.manifest.j2`
			`dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`tags: kube-proxy`
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00
Fix systemd reload and calico unit 2016-01-25 01:01:25 +00:00			`# reload-systemd`
			`- meta: flush_handlers`

Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-11 10:32:13 +00:00			`- name: Enable kubelet`
			`service:`
			`name: kubelet`
			`enabled: yes`
			`state: started`
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-12-08 13:36:00 +00:00			`tags: kubelet`