C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add ipwrap to relevant places to wrap potential IPv6 addresses in [ ]

Browse source
This commit is contained in:
Citrullin 2022-06-16 15:17:44 +02:00
parent 24c8ba832a
commit 8174f7ebf6
11 changed files with 32 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/etcd/handlers/main.yml
View file

@ -34,7 +34,7 @@
- name: wait for etcd up - name: wait for etcd up
uri: uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health" url: "https://{% if is_etcd_master %}{{ etcd_address | ipwrap }}{% else %}127.0.0.1{% endif %}:2379/health"
validate_certs: no validate_certs: no
client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"
@ -45,7 +45,7 @@
- name: wait for etcd-events up - name: wait for etcd-events up
uri: uri:
url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health" url: "https://{% if is_etcd_master %}{{ etcd_address | ipwrap }}{% else %}127.0.0.1{% endif %}:2383/health"
validate_certs: no validate_certs: no
client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem"
client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem"

2
roles/etcd/tasks/join_etcd-events_member.yml
View file

@ -17,7 +17,7 @@
etcd_events_peer_addresses: >- etcd_events_peer_addresses: >-
{% for host in groups['etcd'] -%} {% for host in groups['etcd'] -%}
{%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%} {%- if hostvars[host]['etcd_events_member_in_cluster'].rc == 0 -%}
{{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host].ip | default(fallback_ips[host])) }}:2382, {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_events_access_address | default(hostvars[host].ip | default(fallback_ips[host])) | ipwrap }}:2382,
{%- endif -%} {%- endif -%}
{%- if loop.last -%} {%- if loop.last -%}
{{ etcd_member_name }}={{ etcd_events_peer_url }} {{ etcd_member_name }}={{ etcd_events_peer_url }}

2
roles/etcd/tasks/join_etcd_member.yml
View file

@ -18,7 +18,7 @@
etcd_peer_addresses: >- etcd_peer_addresses: >-
{% for host in groups['etcd'] -%} {% for host in groups['etcd'] -%}
{%- if hostvars[host]['etcd_member_in_cluster'].rc == 0 -%} {%- if hostvars[host]['etcd_member_in_cluster'].rc == 0 -%}
{{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_access_address | default(hostvars[host].ip | default(fallback_ips[host])) }}:2380, {{ "etcd"+loop.index|string }}=https://{{ hostvars[host].etcd_access_address | default(hostvars[host].ip | default(fallback_ips[host])) | ipwrap }}:2380,
{%- endif -%} {%- endif -%}
{%- if loop.last -%} {%- if loop.last -%}
{{ etcd_member_name }}={{ etcd_peer_url }} {{ etcd_member_name }}={{ etcd_peer_url }}

4
roles/etcd/templates/etcd-events.env.j2
View file

@ -4,11 +4,11 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_events_peer_url }}
ETCD_INITIAL_CLUSTER_STATE={% if etcd_events_cluster_is_healthy.rc == 0 | bool %}existing{% else %}new{% endif %} ETCD_INITIAL_CLUSTER_STATE={% if etcd_events_cluster_is_healthy.rc == 0 | bool %}existing{% else %}new{% endif %}
ETCD_METRICS={{ etcd_metrics }} ETCD_METRICS={{ etcd_metrics }}
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2383,https://127.0.0.1:2383 ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address | ipwrap }}:2383,https://127.0.0.1:2383
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }} ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }} ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
ETCD_INITIAL_CLUSTER_TOKEN=k8s_events_etcd ETCD_INITIAL_CLUSTER_TOKEN=k8s_events_etcd
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2382 ETCD_LISTEN_PEER_URLS=https://{{ etcd_address | ipwrap }}:2382
ETCD_NAME={{ etcd_member_name }}-events ETCD_NAME={{ etcd_member_name }}-events
ETCD_PROXY=off ETCD_PROXY=off
ETCD_INITIAL_CLUSTER={{ etcd_events_peer_addresses }} ETCD_INITIAL_CLUSTER={{ etcd_events_peer_addresses }}

6
roles/etcd/templates/etcd.env.j2
View file

@ -6,13 +6,13 @@ ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc == 0 | bool %}existi
ETCD_METRICS={{ etcd_metrics }} ETCD_METRICS={{ etcd_metrics }}
{% if etcd_metrics_port is defined %} {% if etcd_metrics_port is defined %}
ETCD_LISTEN_METRICS_URLS=http://{{ etcd_address }}:{{ etcd_metrics_port }},http://127.0.0.1:{{ etcd_metrics_port }} ETCD_LISTEN_METRICS_URLS=http://{{ etcd_address | ipwrap }}:{{ etcd_metrics_port }},http://127.0.0.1:{{ etcd_metrics_port }}
{% endif %} {% endif %}
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379 ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address | ipwrap }}:2379,https://127.0.0.1:2379
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }} ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }} ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380 ETCD_LISTEN_PEER_URLS=https://{{ etcd_address | ipwrap }}:2380
ETCD_NAME={{ etcd_member_name }} ETCD_NAME={{ etcd_member_name }}
ETCD_PROXY=off ETCD_PROXY=off
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }} ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}

4
roles/kubernetes/control-plane/handlers/main.yml
View file

@ -95,7 +95,7 @@
vars: vars:
endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}" endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}"
uri: uri:
url: https://{{ endpoint }}:10259/healthz url: https://{{ endpoint | ipwrap }}:10259/healthz
validate_certs: no validate_certs: no
register: scheduler_result register: scheduler_result
until: scheduler_result.status == 200 until: scheduler_result.status == 200
@ -106,7 +106,7 @@
vars: vars:
endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}" endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}"
uri: uri:
url: https://{{ endpoint }}:10257/healthz url: https://{{ endpoint | ipwrap }}:10257/healthz
validate_certs: no validate_certs: no
register: controller_manager_result register: controller_manager_result
until: controller_manager_result.status == 200 until: controller_manager_result.status == 200

2
roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
View file

@ -1,7 +1,7 @@
--- ---
- name: kubeadm | Check api is up - name: kubeadm | Check api is up
uri: uri:
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz" url: "https://{{ ip | default(fallback_ips[inventory_hostname]) | ipwrap }}:{{ kube_apiserver_port }}/healthz"
validate_certs: false validate_certs: false
when: inventory_hostname in groups['kube_control_plane'] when: inventory_hostname in groups['kube_control_plane']
register: _result register: _result

32
roles/kubespray-defaults/defaults/main.yaml
View file

@ -536,21 +536,21 @@ loadbalancer_apiserver_type: "nginx"
apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local" apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
kube_apiserver_global_endpoint: |- kube_apiserver_global_endpoint: |-
{% if loadbalancer_apiserver is defined -%} {% if loadbalancer_apiserver is defined -%}
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} https://{{ apiserver_loadbalancer_domain_name | ipwrap }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{%- elif use_localhost_as_kubeapi_loadbalancer|default(False)|bool -%} {%- elif use_localhost_as_kubeapi_loadbalancer|default(False)|bool -%}
https://127.0.0.1:{{ kube_apiserver_port }} https://127.0.0.1:{{ kube_apiserver_port }}
{%- else -%} {%- else -%}
https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }} https://{{ first_kube_control_plane_address | ipwrap }}:{{ kube_apiserver_port }}
{%- endif %} {%- endif %}
kube_apiserver_endpoint: |- kube_apiserver_endpoint: |-
{% if loadbalancer_apiserver is defined -%} {% if loadbalancer_apiserver is defined -%}
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }} https://{{ apiserver_loadbalancer_domain_name | ipwrap }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
{%- elif not is_kube_master and loadbalancer_apiserver_localhost -%} {%- elif not is_kube_master and loadbalancer_apiserver_localhost -%}
https://localhost:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }} https://localhost:{{ loadbalancer_apiserver_port|default(kube_apiserver_port) }}
{%- elif is_kube_master -%} {%- elif is_kube_master -%}
https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_port }} https://{{ kube_apiserver_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') | ipwrap }}:{{ kube_apiserver_port }}
{%- else -%} {%- else -%}
https://{{ first_kube_control_plane_address }}:{{ kube_apiserver_port }} https://{{ first_kube_control_plane_address | ipwrap }}:{{ kube_apiserver_port }}
{%- endif %} {%- endif %}
kube_apiserver_client_cert: "{{ kube_cert_dir }}/ca.crt" kube_apiserver_client_cert: "{{ kube_cert_dir }}/ca.crt"
kube_apiserver_client_key: "{{ kube_cert_dir }}/ca.key" kube_apiserver_client_key: "{{ kube_cert_dir }}/ca.key"
@ -564,25 +564,25 @@ etcd_hosts: "{{ groups['etcd'] | default(groups['kube_control_plane']) }}"
# Vars for pointing to etcd endpoints # Vars for pointing to etcd endpoints
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}" is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
etcd_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}" etcd_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}"
etcd_access_address: "{{ access_ip | default(etcd_address) }}" etcd_access_address: "{{ access_ip | default(etcd_address) | ipwrap }}"
etcd_events_access_address: "{{ access_ip | default(etcd_address) }}" etcd_events_access_address: "{{ access_ip | default(etcd_address) | ipwrap }}"
etcd_peer_url: "https://{{ etcd_access_address }}:2380" etcd_peer_url: "https://{{ etcd_access_address | ipwrap }}:2380"
etcd_client_url: "https://{{ etcd_access_address }}:2379" etcd_client_url: "https://{{ etcd_access_address | ipwrap }}:2379"
etcd_events_peer_url: "https://{{ etcd_events_access_address }}:2382" etcd_events_peer_url: "https://{{ etcd_events_access_address | ipwrap }}:2382"
etcd_events_client_url: "https://{{ etcd_events_access_address }}:2383" etcd_events_client_url: "https://{{ etcd_events_access_address | ipwrap }}:2383"
etcd_access_addresses: |- etcd_access_addresses: |-
{% for item in etcd_hosts -%} {% for item in etcd_hosts -%}
https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2379{% if not loop.last %},{% endif %} https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:2379{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
etcd_events_access_addresses_list: |- etcd_events_access_addresses_list: |-
[ [
{% for item in etcd_hosts -%} {% for item in etcd_hosts -%}
'https://{{ hostvars[item]['etcd_events_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:2383'{% if not loop.last %},{% endif %} 'https://{{ hostvars[item]['etcd_events_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:2383'{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
] ]
etcd_metrics_addresses: |- etcd_metrics_addresses: |-
{% for item in etcd_hosts -%} {% for item in etcd_hosts -%}
https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}:{{ etcd_metrics_port | default(2381) }}{% if not loop.last %},{% endif %} https://{{ hostvars[item]['etcd_access_address'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) | ipwrap }}:{{ etcd_metrics_port | default(2381) }}{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
etcd_events_access_addresses: "{{etcd_events_access_addresses_list | join(',')}}" etcd_events_access_addresses: "{{etcd_events_access_addresses_list | join(',')}}"
etcd_events_access_addresses_semicolon: "{{etcd_events_access_addresses_list | join(';')}}" etcd_events_access_addresses_semicolon: "{{etcd_events_access_addresses_list | join(';')}}"
@ -593,11 +593,11 @@ etcd_member_name: |-
{% endfor %} {% endfor %}
etcd_peer_addresses: |- etcd_peer_addresses: |-
{% for item in groups['etcd'] -%} {% for item in groups['etcd'] -%}
{{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}=https://{{ hostvars[item].etcd_access_address | default(hostvars[item].ip | default(fallback_ips[item])) }}:2380{% if not loop.last %},{% endif %} {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}=https://{{ hostvars[item].etcd_access_address | default(hostvars[item].ip | default(fallback_ips[item])) | ipwrap }}:2380{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
etcd_events_peer_addresses: |- etcd_events_peer_addresses: |-
{% for item in groups['etcd'] -%} {% for item in groups['etcd'] -%}
{{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}-events=https://{{ hostvars[item].etcd_events_access_address | default(hostvars[item].ip | default(fallback_ips[item])) }}:2382{% if not loop.last %},{% endif %} {{ hostvars[item].etcd_member_name | default("etcd" + loop.index|string) }}-events=https://{{ hostvars[item].etcd_events_access_address | default(hostvars[item].ip | default(fallback_ips[item])) | ipwrap }}:2382{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
podsecuritypolicy_enabled: false podsecuritypolicy_enabled: false

4
roles/recover_control_plane/post-recover/tasks/main.yml
View file

@ -5,10 +5,10 @@
etcd_servers: >- etcd_servers: >-
{% for host in groups['etcd'] -%} {% for host in groups['etcd'] -%}
{% if not loop.last -%} {% if not loop.last -%}
https://{{ hostvars[host].access_ip | default(hostvars[host].ip | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379, https://{{ hostvars[host].access_ip | default(hostvars[host].ip | ipwrap | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379,
{%- endif -%} {%- endif -%}
{%- if loop.last -%} {%- if loop.last -%}
https://{{ hostvars[host].access_ip | default(hostvars[host].ip | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379 https://{{ hostvars[host].access_ip | default(hostvars[host].ip | ipwrap | default(hostvars[host].ansible_default_ipv4['address'])) }}:2379
{%- endif -%} {%- endif -%}
{%- endfor -%} {%- endfor -%}

2
scripts/collect-info.yaml
View file

@ -108,7 +108,7 @@
set_fact: set_fact:
etcd_access_addresses: |- etcd_access_addresses: |-
{% for item in groups['etcd'] -%} {% for item in groups['etcd'] -%}
https://{{ item }}:2379{% if not loop.last %},{% endif %} https://{{ item | ipwrap }}:2379{% if not loop.last %},{% endif %}
{%- endfor %} {%- endfor %}
when: "'etcd' in groups" when: "'etcd' in groups"

2
tests/testcases/010_check-apiserver.yml
View file

@ -4,7 +4,7 @@
tasks: tasks:
- name: Check the API servers are responding - name: Check the API servers are responding
uri: uri:
url: "https://{{ access_ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port | default(6443) }}/version" url: "https://{{ access_ip | ipwrap | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port | default(6443) }}/version"
validate_certs: no validate_certs: no
status_code: 200 status_code: 200
register: apiserver_response register: apiserver_response