Fix proxy usage when *_PROXY are present in environment (#7309)

Since a790935d02 all proxy users
should be properly configured

Now when you have *_PROXY vars in your environment it can leads to failure
if NO_PROXY is not correct, or to persistent configuration changes
as seen with kubeadm in 1c5391dda7

Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere
at the play level, and override at the task level when needed

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
Etienne Champetier 2021-02-23 12:44:02 -05:00 committed by GitHub
parent ed2b4b805e
commit 067db686f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 51 additions and 13 deletions

View file

@ -4,6 +4,7 @@
- hosts: bastion[0] - hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bastion-ssh-config, tags: ["localhost", "bastion"] } - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
@ -12,6 +13,7 @@
strategy: linear strategy: linear
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false gather_facts: false
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bootstrap-os, tags: bootstrap-os} - { role: bootstrap-os, tags: bootstrap-os}
@ -23,6 +25,7 @@
- hosts: k8s-cluster:etcd - hosts: k8s-cluster:etcd
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, tags: preinstall } - { role: kubernetes/preinstall, tags: preinstall }
@ -32,6 +35,7 @@
- hosts: etcd - hosts: etcd
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- role: etcd - role: etcd
@ -44,6 +48,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- role: etcd - role: etcd
@ -56,6 +61,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
@ -63,6 +69,7 @@
- hosts: kube-master - hosts: kube-master
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/control-plane, tags: master } - { role: kubernetes/control-plane, tags: master }
@ -72,6 +79,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/kubeadm, tags: kubeadm} - { role: kubernetes/kubeadm, tags: kubeadm}
@ -81,6 +89,7 @@
- hosts: calico-rr - hosts: calico-rr
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] } - { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] }
@ -88,6 +97,7 @@
- hosts: kube-master[0] - hosts: kube-master[0]
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" } - { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
@ -96,6 +106,7 @@
- hosts: kube-master - hosts: kube-master
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller } - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller }
@ -107,6 +118,7 @@
- hosts: kube-master - hosts: kube-master
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps, tags: apps } - { role: kubernetes-apps, tags: apps }
@ -114,6 +126,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true } - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }

View file

@ -4,22 +4,26 @@
- hosts: bastion[0] - hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]} - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
- hosts: "{{ groups['etcd'] | first }}" - hosts: "{{ groups['etcd'] | first }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: recover_control_plane/etcd } - { role: recover_control_plane/etcd }
- hosts: "{{ groups['kube-master'] | first }}" - hosts: "{{ groups['kube-master'] | first }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: recover_control_plane/control-plane } - { role: recover_control_plane/control-plane }
- include: cluster.yml - include: cluster.yml
- hosts: "{{ groups['kube-master'] }}" - hosts: "{{ groups['kube-master'] }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: recover_control_plane/post-recover } - { role: recover_control_plane/post-recover }

View file

@ -4,6 +4,7 @@
- hosts: "{{ node | default('etcd:k8s-cluster:calico-rr') }}" - hosts: "{{ node | default('etcd:k8s-cluster:calico-rr') }}"
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}"
vars_prompt: vars_prompt:
name: "delete_nodes_confirmation" name: "delete_nodes_confirmation"
prompt: "Are you sure you want to delete nodes state? Type 'yes' to delete nodes." prompt: "Are you sure you want to delete nodes state? Type 'yes' to delete nodes."
@ -18,6 +19,7 @@
- hosts: kube-master[0] - hosts: kube-master[0]
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bootstrap-os, tags: bootstrap-os } - { role: bootstrap-os, tags: bootstrap-os }
@ -25,6 +27,7 @@
- hosts: "{{ node | default('kube-node') }}" - hosts: "{{ node | default('kube-node') }}"
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults, when: reset_nodes|default(True)|bool } - { role: kubespray-defaults, when: reset_nodes|default(True)|bool }
- { role: bootstrap-os, tags: bootstrap-os, when: reset_nodes|default(True)|bool } - { role: bootstrap-os, tags: bootstrap-os, when: reset_nodes|default(True)|bool }
@ -34,6 +37,7 @@
# Currently cannot remove first master or etcd # Currently cannot remove first master or etcd
- hosts: "{{ node | default('kube-master[1:]:etcd[1:]') }}" - hosts: "{{ node | default('kube-master[1:]:etcd[1:]') }}"
gather_facts: no gather_facts: no
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults, when: reset_nodes|default(True)|bool } - { role: kubespray-defaults, when: reset_nodes|default(True)|bool }
- { role: bootstrap-os, tags: bootstrap-os, when: reset_nodes|default(True)|bool } - { role: bootstrap-os, tags: bootstrap-os, when: reset_nodes|default(True)|bool }

View file

@ -4,6 +4,7 @@
- hosts: bastion[0] - hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]} - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
@ -25,6 +26,7 @@
msg: "Reset confirmation failed" msg: "Reset confirmation failed"
when: reset_confirmation != "yes" when: reset_confirmation != "yes"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults} - { role: kubespray-defaults}
- { role: reset, tags: reset } - { role: reset, tags: reset }

View file

@ -38,7 +38,6 @@
shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'" shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'"
args: args:
executable: /bin/bash executable: /bin/bash
environment: "{{ proxy_disable_env }}"
register: kubeadm_images_raw register: kubeadm_images_raw
run_once: true run_once: true
changed_when: false changed_when: false

View file

@ -20,7 +20,6 @@
{{ bin_dir }}/kubeadm init phase kubeconfig all {{ bin_dir }}/kubeadm init phase kubeconfig all
--config {{ kube_config_dir }}/kubeadm-config.yaml --config {{ kube_config_dir }}/kubeadm-config.yaml
--kubeconfig-dir {{ kubeconfig_temp_dir.path }} --kubeconfig-dir {{ kubeconfig_temp_dir.path }}
environment: "{{ proxy_disable_env }}"
when: kubeconfig_correct_apiserver.rc != 0 when: kubeconfig_correct_apiserver.rc != 0
- name: Copy new kubeconfigs to kube config dir - name: Copy new kubeconfigs to kube config dir

View file

@ -16,7 +16,6 @@
--config {{ kube_config_dir }}/kubeadm-config.yaml --config {{ kube_config_dir }}/kubeadm-config.yaml
upload-certs upload-certs
--upload-certs --upload-certs
environment: "{{ proxy_disable_env }}"
register: kubeadm_upload_cert register: kubeadm_upload_cert
when: when:
- inventory_hostname == groups['kube-master']|first - inventory_hostname == groups['kube-master']|first
@ -58,7 +57,8 @@
{{ bin_dir }}/kubeadm join {{ bin_dir }}/kubeadm join
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml --config {{ kube_config_dir }}/kubeadm-controlplane.yaml
--ignore-preflight-errors=all --ignore-preflight-errors=all
environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}' environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
register: kubeadm_join_control_plane register: kubeadm_join_control_plane
retries: 3 retries: 3
throttle: 1 throttle: 1

View file

@ -165,7 +165,8 @@
until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}' environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
notify: Master | restart kubelet notify: Master | restart kubelet
- name: set kubeadm certificate key - name: set kubeadm certificate key
@ -180,7 +181,6 @@
shell: >- shell: >-
{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token delete {{ kubeadm_token }} || :; {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token delete {{ kubeadm_token }} || :;
{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }} {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }}
environment: "{{ proxy_disable_env }}"
changed_when: false changed_when: false
when: when:
- inventory_hostname == groups['kube-master']|first - inventory_hostname == groups['kube-master']|first
@ -191,7 +191,6 @@
- name: Create kubeadm token for joining nodes with 24h expiration (default) - name: Create kubeadm token for joining nodes with 24h expiration (default)
command: "{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create" command: "{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create"
environment: "{{ proxy_disable_env }}"
changed_when: false changed_when: false
register: temp_token register: temp_token
retries: 5 retries: 5

View file

@ -1,7 +1,6 @@
--- ---
- name: Get the kubeadm version - name: Get the kubeadm version
command: "{{ bin_dir }}/kubeadm version -o short" command: "{{ bin_dir }}/kubeadm version -o short"
environment: "{{ proxy_disable_env }}"
register: kubeadm_output register: kubeadm_output
changed_when: false changed_when: false

View file

@ -22,7 +22,6 @@
{{ kubeadm_discovery_address }} {{ kubeadm_discovery_address }}
args: args:
creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key" creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key"
environment: "{{ proxy_disable_env }}"
- name: Delete unneeded certificates - name: Delete unneeded certificates
file: file:

View file

@ -42,7 +42,6 @@
- name: Create kubeadm token for joining nodes with 24h expiration (default) - name: Create kubeadm token for joining nodes with 24h expiration (default)
command: "{{ bin_dir }}/kubeadm token create" command: "{{ bin_dir }}/kubeadm token create"
environment: "{{ proxy_disable_env }}"
register: temp_token register: temp_token
delegate_to: "{{ groups['kube-master'][0] }}" delegate_to: "{{ groups['kube-master'][0] }}"
when: kubeadm_token is not defined when: kubeadm_token is not defined
@ -55,7 +54,6 @@
- name: Get the kubeadm version - name: Get the kubeadm version
command: "{{ bin_dir }}/kubeadm version -o short" command: "{{ bin_dir }}/kubeadm version -o short"
environment: "{{ proxy_disable_env }}"
register: kubeadm_output register: kubeadm_output
changed_when: false changed_when: false
@ -71,7 +69,8 @@
when: not is_kube_master when: not is_kube_master
- name: Join to cluster if needed - name: Join to cluster if needed
environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"}) }}' environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
when: not is_kube_master and (not kubelet_conf.stat.exists) when: not is_kube_master and (not kubelet_conf.stat.exists)
block: block:

View file

@ -8,7 +8,6 @@
- name: Get the kubeadm version - name: Get the kubeadm version
command: "{{ bin_dir }}/kubeadm version -o short" command: "{{ bin_dir }}/kubeadm version -o short"
environment: "{{ proxy_disable_env }}"
register: kubeadm_output register: kubeadm_output
changed_when: false changed_when: false

View file

@ -4,6 +4,7 @@
- hosts: bastion[0] - hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bastion-ssh-config, tags: ["localhost", "bastion"] } - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
@ -13,6 +14,7 @@
strategy: linear strategy: linear
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false gather_facts: false
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bootstrap-os, tags: bootstrap-os } - { role: bootstrap-os, tags: bootstrap-os }
@ -25,6 +27,7 @@
hosts: etcd hosts: etcd
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: etcd, tags: etcd, etcd_cluster_setup: false } - { role: etcd, tags: etcd, etcd_cluster_setup: false }
@ -33,6 +36,7 @@
hosts: kube-master[0] hosts: kube-master[0]
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost" } - { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost" }
- { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" } - { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" }
@ -42,6 +46,7 @@
hosts: kube-node hosts: kube-node
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, tags: preinstall } - { role: kubernetes/preinstall, tags: preinstall }
@ -53,12 +58,14 @@
hosts: kube-node hosts: kube-node
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
- name: Upload control plane certs and retrieve encryption key - name: Upload control plane certs and retrieve encryption key
hosts: kube-master | first hosts: kube-master | first
environment: "{{ proxy_disable_env }}"
tags: kubeadm tags: kubeadm
tasks: tasks:
- name: include needed vars - name: include needed vars
@ -81,6 +88,7 @@
hosts: kube-node hosts: kube-node
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/kubeadm, tags: kubeadm } - { role: kubernetes/kubeadm, tags: kubeadm }

View file

@ -4,6 +4,7 @@
- hosts: bastion[0] - hosts: bastion[0]
gather_facts: False gather_facts: False
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: bastion-ssh-config, tags: ["localhost", "bastion"] } - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
@ -12,6 +13,7 @@
strategy: linear strategy: linear
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false gather_facts: false
environment: "{{ proxy_disable_env }}"
vars: vars:
# Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining # Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
# fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled. # fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
@ -28,6 +30,7 @@
hosts: kube-master[0] hosts: kube-master[0]
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost"} - { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost"}
- { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" } - { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" }
@ -37,6 +40,7 @@
hosts: k8s-cluster:etcd:calico-rr hosts: k8s-cluster:etcd:calico-rr
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, tags: preinstall } - { role: kubernetes/preinstall, tags: preinstall }
@ -46,6 +50,7 @@
hosts: etcd:calico-rr:!k8s-cluster hosts: etcd:calico-rr:!k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
serial: "{{ serial | default('20%') }}" serial: "{{ serial | default('20%') }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
@ -54,6 +59,7 @@
- hosts: etcd - hosts: etcd
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- role: etcd - role: etcd
@ -66,6 +72,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- role: etcd - role: etcd
@ -79,6 +86,7 @@
gather_facts: False gather_facts: False
hosts: kube-master hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
serial: 1 serial: 1
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
@ -97,6 +105,7 @@
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
serial: "{{ serial | default('20%') }}" serial: "{{ serial | default('20%') }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller } - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller }
@ -108,6 +117,7 @@
hosts: kube-node:calico-rr:!kube-master hosts: kube-node:calico-rr:!kube-master
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
serial: "{{ serial | default('20%') }}" serial: "{{ serial | default('20%') }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
@ -121,6 +131,7 @@
- hosts: kube-master[0] - hosts: kube-master[0]
gather_facts: False gather_facts: False
any_errors_fatal: true any_errors_fatal: true
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" } - { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
@ -129,6 +140,7 @@
- hosts: calico-rr - hosts: calico-rr
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: network_plugin/calico/rr, tags: network } - { role: network_plugin/calico/rr, tags: network }
@ -136,6 +148,7 @@
- hosts: kube-master - hosts: kube-master
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes-apps, tags: apps } - { role: kubernetes-apps, tags: apps }
@ -143,6 +156,7 @@
- hosts: k8s-cluster - hosts: k8s-cluster
gather_facts: False gather_facts: False
any_errors_fatal: "{{ any_errors_fatal | default(true) }}" any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
environment: "{{ proxy_disable_env }}"
roles: roles:
- { role: kubespray-defaults } - { role: kubespray-defaults }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf } - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }