Normalize tags in all places to prepare for tag fixing in future (#1739)
This commit is contained in:
parent
cb611b5ed0
commit
9c86da1403
48 changed files with 501 additions and 189 deletions
|
@ -3,7 +3,8 @@
|
|||
raw: stat /opt/bin/.bootstrapped
|
||||
register: need_bootstrap
|
||||
failed_when: false
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Bootstrap | Run bootstrap.sh
|
||||
script: bootstrap.sh
|
||||
|
@ -11,7 +12,8 @@
|
|||
|
||||
- set_fact:
|
||||
ansible_python_interpreter: "/opt/bin/python"
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Bootstrap | Check if we need to install pip
|
||||
shell: "{{ansible_python_interpreter}} -m pip --version"
|
||||
|
@ -20,7 +22,8 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
when: need_bootstrap.rc != 0
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Bootstrap | Copy get-pip.py
|
||||
copy:
|
||||
|
|
|
@ -8,7 +8,8 @@
|
|||
with_items:
|
||||
- python
|
||||
- pip
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Bootstrap | Install python 2.x and pip
|
||||
raw:
|
||||
|
@ -19,4 +20,5 @@
|
|||
|
||||
- set_fact:
|
||||
ansible_python_interpreter: "/usr/bin/python"
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
|
|
@ -3,4 +3,6 @@ dependencies:
|
|||
- role: download
|
||||
file: "{{ downloads.dnsmasq }}"
|
||||
when: dns_mode == 'dnsmasq_kubedns' and download_localhost|default(false)
|
||||
tags: [download, dnsmasq]
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
|
|
@ -3,13 +3,15 @@
|
|||
file:
|
||||
path: /etc/dnsmasq.d
|
||||
state: directory
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: ensure dnsmasq.d-available directory exists
|
||||
file:
|
||||
path: /etc/dnsmasq.d-available
|
||||
state: directory
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: check system nameservers
|
||||
shell: awk '/^nameserver/ {print $NF}' /etc/resolv.conf
|
||||
|
|
|
@ -12,11 +12,13 @@
|
|||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- include: set_facts_dns.yml
|
||||
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: check for minimum kernel version
|
||||
fail:
|
||||
|
@ -25,7 +27,8 @@
|
|||
{{ docker_kernel_min_version }} on
|
||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||
when: (not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]) and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: ensure docker repository public key is installed
|
||||
action: "{{ docker_repo_key_info.pkg_key }}"
|
||||
|
|
|
@ -7,7 +7,8 @@
|
|||
when:
|
||||
- download.enabled|bool
|
||||
- not download.container|bool
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: file_download | Download item
|
||||
get_url:
|
||||
|
@ -50,7 +51,8 @@
|
|||
- set_fact:
|
||||
download_delegate: "{% if download_localhost|bool %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
run_once: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Create dest directory for saved/loaded container images
|
||||
file:
|
||||
|
@ -62,7 +64,8 @@
|
|||
when:
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
# This is required for the download_localhost delegate to work smooth with Container Linux by CoreOS cluster nodes
|
||||
- name: container_download | Hack python binary path for localhost
|
||||
|
@ -70,7 +73,8 @@
|
|||
delegate_to: localhost
|
||||
when: download_delegate == 'localhost'
|
||||
failed_when: false
|
||||
tags: localhost
|
||||
tags:
|
||||
- localhost
|
||||
|
||||
- name: container_download | create local directory for saved/loaded container images
|
||||
file:
|
||||
|
@ -85,7 +89,8 @@
|
|||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
- download_delegate == 'localhost'
|
||||
tags: localhost
|
||||
tags:
|
||||
- localhost
|
||||
|
||||
- name: container_download | Make download decision if pull is required by tag or sha256
|
||||
include: set_docker_image_facts.yml
|
||||
|
@ -94,7 +99,8 @@
|
|||
- download.container|bool
|
||||
delegate_to: "{{ download_delegate if download_run_once|bool or omit }}"
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Download containers if pull is required or told to always pull
|
||||
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
|
||||
|
@ -112,7 +118,8 @@
|
|||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|default(download.sha256)|regex_replace('/|\0|:', '_')}}.tar"
|
||||
run_once: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: "container_download | Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
|
@ -126,7 +133,8 @@
|
|||
- download.container|bool
|
||||
- pull_required|bool|default(download_always_pull)
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | Stat saved container image
|
||||
stat:
|
||||
|
@ -140,7 +148,8 @@
|
|||
delegate_to: "{{ download_delegate }}"
|
||||
become: false
|
||||
run_once: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: container_download | save container images
|
||||
shell: "{{ docker_bin_dir }}/docker save {{ pull_args }} | gzip -{{ download_compress }} > {{ fname }}"
|
||||
|
@ -188,7 +197,9 @@
|
|||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags: [upload, upgrade]
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
||||
|
||||
- name: container_download | load container images
|
||||
shell: "{{ docker_bin_dir }}/docker load < {{ fname }}"
|
||||
|
@ -198,4 +209,6 @@
|
|||
- download_run_once|bool
|
||||
- download.enabled|bool
|
||||
- download.container|bool
|
||||
tags: [upload, upgrade]
|
||||
tags:
|
||||
- upload
|
||||
- upgrade
|
||||
|
|
|
@ -3,8 +3,10 @@ dependencies:
|
|||
- role: adduser
|
||||
user: "{{ addusers.etcd }}"
|
||||
when: not (ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] or is_atomic)
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.etcd }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
# NOTE: Dynamic task dependency on Vault Role if cert_management == "vault"
|
||||
|
|
|
@ -6,7 +6,8 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
when: is_etcd_master
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Configure | Add member to the cluster if it is not there
|
||||
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
|
||||
|
|
|
@ -83,7 +83,8 @@
|
|||
'node-{{ node }}-key.pem',
|
||||
{% endfor %}]"
|
||||
my_node_certs: ['ca.pem', 'node-{{ inventory_hostname }}.pem', 'node-{{ inventory_hostname }}-key.pem']
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Gen_certs | Gather etcd master certs
|
||||
shell: "tar cfz - -C {{ etcd_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0"
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
---
|
||||
- include: sync_etcd_master_certs.yml
|
||||
when: inventory_hostname in groups.etcd
|
||||
tags: etcd-secrets
|
||||
tags:
|
||||
- etcd-secrets
|
||||
|
||||
- include: sync_etcd_node_certs.yml
|
||||
when: inventory_hostname in etcd_node_cert_hosts
|
||||
tags: etcd-secrets
|
||||
tags:
|
||||
- etcd-secrets
|
||||
|
||||
# Issue master certs to Etcd nodes
|
||||
- include: ../../vault/tasks/shared/issue_cert.yml
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
---
|
||||
- include: check_certs.yml
|
||||
when: cert_management == "script"
|
||||
tags: [etcd-secrets, facts]
|
||||
tags:
|
||||
- etcd-secrets
|
||||
- facts
|
||||
|
||||
- include: "gen_certs_{{ cert_management }}.yml"
|
||||
tags: etcd-secrets
|
||||
tags:
|
||||
- etcd-secrets
|
||||
|
||||
- include: upd_ca_trust.yml
|
||||
tags: etcd-secrets
|
||||
tags:
|
||||
- etcd-secrets
|
||||
|
||||
- name: "Gen_certs | Get etcd certificate serials"
|
||||
shell: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial | cut -d= -f2"
|
||||
|
@ -16,7 +20,8 @@
|
|||
|
||||
- include: "install_{{ etcd_deployment_type }}.yml"
|
||||
when: is_etcd_master
|
||||
tags: upgrade
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- include: set_cluster_health.yml
|
||||
when: is_etcd_master and etcd_cluster_setup
|
||||
|
|
|
@ -6,4 +6,5 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
when: is_etcd_master
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
|
|
@ -9,7 +9,8 @@
|
|||
{%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%}
|
||||
/etc/ssl/certs/etcd-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Gen_certs | add CA to trusted CA dir
|
||||
copy:
|
||||
|
|
|
@ -16,7 +16,8 @@
|
|||
resource: "{{ item }}"
|
||||
state: absent
|
||||
with_items: ['deploy', 'svc']
|
||||
tags: upgrade
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: Kubernetes Apps | Delete kubeadm kubedns
|
||||
kube:
|
||||
|
@ -46,7 +47,8 @@
|
|||
when:
|
||||
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
||||
- rbac_enabled or item.type not in rbac_resources
|
||||
tags: dnsmasq
|
||||
tags:
|
||||
- dnsmasq
|
||||
|
||||
# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
|
||||
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
|
||||
|
@ -64,7 +66,8 @@
|
|||
when:
|
||||
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
||||
- rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
|
||||
tags: dnsmasq
|
||||
tags:
|
||||
- dnsmasq
|
||||
|
||||
- name: Kubernetes Apps | Start Resources
|
||||
kube:
|
||||
|
@ -79,14 +82,17 @@
|
|||
- dns_mode != 'none'
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
- not item|skipped
|
||||
tags: dnsmasq
|
||||
tags:
|
||||
- dnsmasq
|
||||
|
||||
- name: Kubernetes Apps | Netchecker
|
||||
include: tasks/netchecker.yml
|
||||
when: deploy_netchecker
|
||||
tags: netchecker
|
||||
tags:
|
||||
- netchecker
|
||||
|
||||
- name: Kubernetes Apps | Dashboard
|
||||
include: tasks/dashboard.yml
|
||||
when: dashboard_enabled
|
||||
tags: dashboard
|
||||
tags:
|
||||
- dashboard
|
||||
|
|
|
@ -4,7 +4,9 @@
|
|||
stat:
|
||||
path: "{{ kube_config_dir }}/netchecker-server-deployment.yml.j2"
|
||||
register: netchecker_server_manifest
|
||||
tags: ['facts', 'upgrade']
|
||||
tags:
|
||||
- facts
|
||||
- upgrade
|
||||
|
||||
- name: Kubernetes Apps | Apply netchecker-server manifest to update annotations
|
||||
kube:
|
||||
|
@ -15,7 +17,8 @@
|
|||
resource: "deploy"
|
||||
state: latest
|
||||
when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists
|
||||
tags: upgrade
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: Kubernetes Apps | Lay Down Netchecker Template
|
||||
template:
|
||||
|
|
|
@ -3,16 +3,34 @@ dependencies:
|
|||
- role: download
|
||||
file: "{{ downloads.netcheck_server }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_agent }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
- {role: kubernetes-apps/ansible, tags: apps}
|
||||
- {role: kubernetes-apps/kpm, tags: [apps, kpm]}
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: kubernetes-apps/ansible
|
||||
tags:
|
||||
- apps
|
||||
|
||||
- role: kubernetes-apps/kpm
|
||||
tags:
|
||||
- apps
|
||||
- kpm
|
||||
|
||||
- role: kubernetes-apps/efk
|
||||
when: efk_enabled
|
||||
tags: [ apps, efk ]
|
||||
tags:
|
||||
- apps
|
||||
- efk
|
||||
|
||||
- role: kubernetes-apps/helm
|
||||
when: helm_enabled
|
||||
tags: [ apps, helm ]
|
||||
tags:
|
||||
- apps
|
||||
- helm
|
||||
|
|
|
@ -2,13 +2,20 @@
|
|||
dependencies:
|
||||
- role: kubernetes-apps/network_plugin/calico
|
||||
when: kube_network_plugin == 'calico'
|
||||
tags: calico
|
||||
tags:
|
||||
- calico
|
||||
|
||||
- role: kubernetes-apps/network_plugin/canal
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: canal
|
||||
tags:
|
||||
- canal
|
||||
|
||||
- role: kubernetes-apps/network_plugin/flannel
|
||||
when: kube_network_plugin == 'flannel'
|
||||
tags: flannel
|
||||
tags:
|
||||
- flannel
|
||||
|
||||
- role: kubernetes-apps/network_plugin/weave
|
||||
when: kube_network_plugin == 'weave'
|
||||
tags: weave
|
||||
tags:
|
||||
- weave
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
set_fact:
|
||||
calico_cert_dir: "{{ canal_cert_dir }}"
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: [facts, canal]
|
||||
tags:
|
||||
- facts
|
||||
- canal
|
||||
|
||||
- name: Get calico-policy-controller version if running
|
||||
shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
|
||||
|
|
|
@ -2,13 +2,23 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.calico_policy }}"
|
||||
when: enable_network_policy and
|
||||
kube_network_plugin in ['calico', 'canal']
|
||||
tags: [download, canal, policy-controller]
|
||||
when:
|
||||
- enable_network_policy
|
||||
- kube_network_plugin in ['calico', 'canal']
|
||||
tags:
|
||||
- download
|
||||
- canal
|
||||
- policy-controller
|
||||
|
||||
- role: policy_controller/calico
|
||||
when: kube_network_plugin == 'calico' and
|
||||
enable_network_policy
|
||||
tags: policy-controller
|
||||
when:
|
||||
- kube_network_plugin == 'calico'
|
||||
- enable_network_policy
|
||||
tags:
|
||||
- policy-controller
|
||||
|
||||
- role: policy_controller/calico
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: policy-controller
|
||||
when:
|
||||
- kube_network_plugin == 'canal'
|
||||
tags:
|
||||
- policy-controller
|
||||
|
|
|
@ -11,7 +11,8 @@
|
|||
{%- else -%}
|
||||
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
|
||||
{%- endif -%}
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Gather certs for admin kubeconfig
|
||||
slurp:
|
||||
|
|
|
@ -8,7 +8,8 @@
|
|||
{{ kube_apiserver_endpoint }}
|
||||
{%- endif %}
|
||||
when: not is_kube_master
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Check if kubelet.conf exists
|
||||
stat:
|
||||
|
|
|
@ -2,4 +2,6 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: [download, hyperkube]
|
||||
tags:
|
||||
- download
|
||||
- hyperkube
|
||||
|
|
|
@ -48,7 +48,8 @@
|
|||
{%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %}
|
||||
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
||||
{%- endfor %}
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: kubeadm | Copy etcd cert dir under k8s cert dir
|
||||
command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd"
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
- include: pre-upgrade.yml
|
||||
tags: k8s-pre-upgrade
|
||||
tags:
|
||||
- k8s-pre-upgrade
|
||||
|
||||
# upstream bug: https://github.com/kubernetes/kubeadm/issues/441
|
||||
- name: Disable kube_basic_auth until kubeadm/441 is fixed
|
||||
|
@ -18,12 +19,16 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, kubectl, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- kubectl
|
||||
- upgrade
|
||||
|
||||
- name: Install kubectl bash completion
|
||||
shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
|
||||
when: ansible_os_family in ["Debian","RedHat"]
|
||||
tags: kubectl
|
||||
tags:
|
||||
- kubectl
|
||||
|
||||
- name: Set kubectl bash completion file
|
||||
file:
|
||||
|
@ -32,7 +37,9 @@
|
|||
group: root
|
||||
mode: 0755
|
||||
when: ansible_os_family in ["Debian","RedHat"]
|
||||
tags: [kubectl, upgrade]
|
||||
tags:
|
||||
- kubectl
|
||||
- upgrade
|
||||
|
||||
- task: Include kubeadm setup if enabled
|
||||
include: kubeadm-setup.yml
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
src: manifests/kube-apiserver.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
|
||||
notify: Master | wait for the apiserver to be running
|
||||
tags: kube-apiserver
|
||||
tags:
|
||||
- kube-apiserver
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
@ -13,7 +14,8 @@
|
|||
src: namespace.j2
|
||||
dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
tags: apps
|
||||
tags:
|
||||
- apps
|
||||
|
||||
- name: Check if kube system namespace exists
|
||||
command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
|
||||
|
@ -21,7 +23,8 @@
|
|||
changed_when: False
|
||||
failed_when: False
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
tags: apps
|
||||
tags:
|
||||
- apps
|
||||
|
||||
- name: Create kube system namespace
|
||||
command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
|
||||
|
@ -31,30 +34,35 @@
|
|||
until: create_system_ns.rc == 0
|
||||
changed_when: False
|
||||
when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0
|
||||
tags: apps
|
||||
tags:
|
||||
- apps
|
||||
|
||||
- name: Write kube-scheduler kubeconfig
|
||||
template:
|
||||
src: kube-scheduler-kubeconfig.yaml.j2
|
||||
dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
|
||||
tags: kube-scheduler
|
||||
tags:
|
||||
- kube-scheduler
|
||||
|
||||
- name: Write kube-scheduler manifest
|
||||
template:
|
||||
src: manifests/kube-scheduler.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
|
||||
notify: Master | wait for kube-scheduler
|
||||
tags: kube-scheduler
|
||||
tags:
|
||||
- kube-scheduler
|
||||
|
||||
- name: Write kube-controller-manager kubeconfig
|
||||
template:
|
||||
src: kube-controller-manager-kubeconfig.yaml.j2
|
||||
dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
|
||||
tags: kube-controller-manager
|
||||
tags:
|
||||
- kube-controller-manager
|
||||
|
||||
- name: Write kube-controller-manager manifest
|
||||
template:
|
||||
src: manifests/kube-controller-manager.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
|
||||
notify: Master | wait for kube-controller-manager
|
||||
tags: kube-controller-manager
|
||||
tags:
|
||||
- kube-controller-manager
|
||||
|
|
|
@ -2,44 +2,90 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
|
||||
tags:
|
||||
- download
|
||||
- hyperkube
|
||||
- kubelet
|
||||
- network
|
||||
- canal
|
||||
- calico
|
||||
- weave
|
||||
- kube-controller-manager
|
||||
- kube-scheduler
|
||||
- kube-apiserver
|
||||
- kube-proxy
|
||||
- kubectl
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.pod_infra }}"
|
||||
tags: [download, kubelet]
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.install_socat }}"
|
||||
tags: [download, kubelet]
|
||||
when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS']
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubeadm }}"
|
||||
tags: [download, kubelet, kubeadm]
|
||||
when: kubeadm_enabled
|
||||
tags:
|
||||
- download
|
||||
- kubelet
|
||||
- kubeadm
|
||||
|
||||
- role: kubernetes/secrets
|
||||
when: not kubeadm_enabled
|
||||
tags: k8s-secrets
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- role: download
|
||||
file: "{{ downloads.nginx }}"
|
||||
tags: [download, nginx]
|
||||
tags:
|
||||
- download
|
||||
- nginx
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.testbox }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_server }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_agent }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
tags:
|
||||
- download
|
||||
- netchecker
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubedns }}"
|
||||
tags: [download, dnsmasq]
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.dnsmasq_nanny }}"
|
||||
tags: [download, dnsmasq]
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.dnsmasq_sidecar }}"
|
||||
tags: [download, dnsmasq]
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.kubednsautoscaler }}"
|
||||
tags: [download, dnsmasq]
|
||||
tags:
|
||||
- download
|
||||
- dnsmasq
|
||||
|
|
|
@ -11,19 +11,22 @@
|
|||
'/usr/share/ca-certificates',
|
||||
{% endif -%}
|
||||
]"
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Set kubelet deployment to host if kubeadm is enabled
|
||||
set_fact:
|
||||
kubelet_deployment_type: host
|
||||
when: kubeadm_enabled
|
||||
tags: kubeadm
|
||||
tags:
|
||||
- kubeadm
|
||||
|
||||
- name: install | Copy kubeadm binary from download dir
|
||||
command: rsync -piu "{{ local_release_dir }}/kubeadm" "{{ bin_dir }}/kubeadm"
|
||||
changed_when: false
|
||||
when: kubeadm_enabled
|
||||
tags: kubeadm
|
||||
tags:
|
||||
- kubeadm
|
||||
|
||||
- name: install | Set kubeadm binary permissions
|
||||
file:
|
||||
|
@ -31,7 +34,8 @@
|
|||
mode: "0755"
|
||||
state: file
|
||||
when: kubeadm_enabled
|
||||
tags: kubeadm
|
||||
tags:
|
||||
- kubeadm
|
||||
|
||||
- include: "install_{{ kubelet_deployment_type }}.yml"
|
||||
|
||||
|
|
|
@ -6,7 +6,9 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
notify: restart kubelet
|
||||
|
||||
- name: install | Copy socat wrapper for Container Linux
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
---
|
||||
- include: facts.yml
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- include: pre_upgrade.yml
|
||||
tags: kubelet
|
||||
tags:
|
||||
- kubelet
|
||||
|
||||
- name: Ensure /var/lib/cni exists
|
||||
file:
|
||||
|
@ -12,11 +14,13 @@
|
|||
mode: 0755
|
||||
|
||||
- include: install.yml
|
||||
tags: kubelet
|
||||
tags:
|
||||
- kubelet
|
||||
|
||||
- include: nginx-proxy.yml
|
||||
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true)
|
||||
tags: nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: Write kubelet config file (non-kubeadm)
|
||||
template:
|
||||
|
@ -25,7 +29,8 @@
|
|||
backup: yes
|
||||
when: not kubeadm_enabled
|
||||
notify: restart kubelet
|
||||
tags: kubelet
|
||||
tags:
|
||||
- kubelet
|
||||
|
||||
- name: Write kubelet config file (kubeadm)
|
||||
template:
|
||||
|
@ -34,7 +39,9 @@
|
|||
backup: yes
|
||||
when: kubeadm_enabled
|
||||
notify: restart kubelet
|
||||
tags: ['kubelet', 'kubeadm']
|
||||
tags:
|
||||
- kubelet
|
||||
- kubeadm
|
||||
|
||||
- name: write the kubecfg (auth) file for kubelet
|
||||
template:
|
||||
|
@ -46,7 +53,8 @@
|
|||
- kube-proxy
|
||||
when: not kubeadm_enabled
|
||||
notify: restart kubelet
|
||||
tags: kubelet
|
||||
tags:
|
||||
- kubelet
|
||||
|
||||
- name: Ensure nodePort range is reserved
|
||||
sysctl:
|
||||
|
@ -56,7 +64,8 @@
|
|||
state: present
|
||||
reload: yes
|
||||
when: kube_apiserver_node_port_range is defined
|
||||
tags: kube-proxy
|
||||
tags:
|
||||
- kube-proxy
|
||||
|
||||
- name: Verify if br_netfilter module exists
|
||||
shell: "modinfo br_netfilter"
|
||||
|
@ -94,14 +103,16 @@
|
|||
src: manifests/kube-proxy.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
|
||||
when: not kubeadm_enabled
|
||||
tags: kube-proxy
|
||||
tags:
|
||||
- kube-proxy
|
||||
|
||||
- name: Purge proxy manifest for kubeadm
|
||||
file:
|
||||
path: "{{ kube_manifest_dir }}/kube-proxy.manifest"
|
||||
state: absent
|
||||
when: kubeadm_enabled
|
||||
tags: kube-proxy
|
||||
tags:
|
||||
- kube-proxy
|
||||
|
||||
# reload-systemd
|
||||
- meta: flush_handlers
|
||||
|
@ -111,4 +122,5 @@
|
|||
name: kubelet
|
||||
enabled: yes
|
||||
state: started
|
||||
tags: kubelet
|
||||
tags:
|
||||
- kubelet
|
||||
|
|
|
@ -8,4 +8,4 @@
|
|||
- name: "Pre-upgrade | ensure kubelet container is stopped if using host deployment"
|
||||
command: docker stop kubelet
|
||||
failed_when: false
|
||||
when: kubelet_deployment_type == "host"
|
||||
when: kubelet_deployment_type == 'host'
|
||||
|
|
|
@ -2,5 +2,6 @@
|
|||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ addusers.kube }}"
|
||||
tags: kubelet
|
||||
when: not is_atomic
|
||||
when: not is_atomic
|
||||
tags:
|
||||
- kubelet
|
|
@ -1,12 +1,14 @@
|
|||
---
|
||||
- include: verify-settings.yml
|
||||
tags: asserts
|
||||
tags:
|
||||
- asserts
|
||||
|
||||
- name: Force binaries directory for Container Linux by CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: check bin dir exists
|
||||
file:
|
||||
|
@ -14,10 +16,12 @@
|
|||
state: directory
|
||||
owner: root
|
||||
become: true
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- include: set_facts.yml
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
|
@ -32,7 +36,8 @@
|
|||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Create kubernetes directories
|
||||
file:
|
||||
|
@ -40,7 +45,16 @@
|
|||
state: directory
|
||||
owner: kube
|
||||
when: inventory_hostname in groups['k8s-cluster']
|
||||
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||
tags:
|
||||
- kubelet
|
||||
- k8s-secrets
|
||||
- kube-controller-manager
|
||||
- kube-apiserver
|
||||
- bootstrap-os
|
||||
- apps
|
||||
- network
|
||||
- master
|
||||
- node
|
||||
with_items:
|
||||
- "{{ kube_config_dir }}"
|
||||
- "{{ kube_config_dir }}/ssl"
|
||||
|
@ -53,13 +67,17 @@
|
|||
when:
|
||||
- cloud_provider is defined
|
||||
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
|
||||
tags: [cloud-provider, facts]
|
||||
tags:
|
||||
- cloud-provider
|
||||
- facts
|
||||
|
||||
- include: "{{ cloud_provider }}-credential-check.yml"
|
||||
when:
|
||||
- cloud_provider is defined
|
||||
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||
tags: [cloud-provider, facts]
|
||||
tags:
|
||||
- cloud-provider
|
||||
- facts
|
||||
|
||||
- name: Create cni directories
|
||||
file:
|
||||
|
@ -72,7 +90,12 @@
|
|||
when:
|
||||
- kube_network_plugin in ["calico", "weave", "canal", "flannel"]
|
||||
- inventory_hostname in groups['k8s-cluster']
|
||||
tags: [network, calico, weave, canal, bootstrap-os]
|
||||
tags:
|
||||
- network
|
||||
- calico
|
||||
- weave
|
||||
- canal
|
||||
- bootstrap-os
|
||||
|
||||
- name: Update package management cache (YUM)
|
||||
yum:
|
||||
|
@ -85,7 +108,8 @@
|
|||
when:
|
||||
- ansible_pkg_mgr == 'yum'
|
||||
- not is_atomic
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Install latest version of python-apt for Debian distribs
|
||||
apt:
|
||||
|
@ -94,7 +118,8 @@
|
|||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
when: ansible_os_family == "Debian"
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Install python-dnf for latest RedHat versions
|
||||
command: dnf install -y python-dnf yum
|
||||
|
@ -106,7 +131,8 @@
|
|||
- ansible_distribution == "Fedora"
|
||||
- ansible_distribution_major_version > 21
|
||||
changed_when: False
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Install epel-release on RedHat/CentOS
|
||||
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
||||
|
@ -121,7 +147,8 @@
|
|||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Install packages requirements
|
||||
action:
|
||||
|
@ -134,7 +161,8 @@
|
|||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
# Todo : selinux configuration
|
||||
- name: Confirm selinux deployed
|
||||
|
@ -151,7 +179,8 @@
|
|||
- ansible_os_family == "RedHat"
|
||||
- slc.stat.exists == True
|
||||
changed_when: False
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Disable IPv6 DNS lookup
|
||||
lineinfile:
|
||||
|
@ -162,18 +191,21 @@
|
|||
when:
|
||||
- disable_ipv6_dns
|
||||
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: set default sysctl file path
|
||||
set_fact:
|
||||
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Stat sysctl file configuration
|
||||
stat:
|
||||
path: "{{sysctl_file_path}}"
|
||||
register: sysctl_file_stat
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Change sysctl file path to link source if linked
|
||||
set_fact:
|
||||
|
@ -181,7 +213,8 @@
|
|||
when:
|
||||
- sysctl_file_stat.stat.islnk is defined
|
||||
- sysctl_file_stat.stat.islnk
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Enable ip forwarding
|
||||
sysctl:
|
||||
|
@ -189,7 +222,8 @@
|
|||
name: net.ipv4.ip_forward
|
||||
value: 1
|
||||
state: present
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- name: Write cloud-config
|
||||
template:
|
||||
|
@ -201,39 +235,50 @@
|
|||
- inventory_hostname in groups['k8s-cluster']
|
||||
- cloud_provider is defined
|
||||
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||
tags: [cloud-provider]
|
||||
tags:
|
||||
- cloud-provider
|
||||
|
||||
- include: etchosts.yml
|
||||
tags: [bootstrap-os, etchosts]
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- etchosts
|
||||
|
||||
- include: resolvconf.yml
|
||||
when:
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
tags: [bootstrap-os, resolvconf]
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- resolvconf
|
||||
|
||||
- include: dhclient-hooks.yml
|
||||
when:
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode == 'host_resolvconf'
|
||||
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
tags: [bootstrap-os, resolvconf]
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- resolvconf
|
||||
|
||||
- include: dhclient-hooks-undo.yml
|
||||
when:
|
||||
- dns_mode != 'none'
|
||||
- resolvconf_mode != 'host_resolvconf'
|
||||
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
|
||||
tags: [bootstrap-os, resolvconf]
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- resolvconf
|
||||
|
||||
- name: Check if we are running inside a Azure VM
|
||||
stat:
|
||||
path: /var/lib/waagent/
|
||||
register: azure_check
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
||||
- include: growpart-azure-centos-7.yml
|
||||
when:
|
||||
- azure_check.stat.exists
|
||||
- ansible_distribution in ["CentOS","RedHat"]
|
||||
tags: bootstrap-os
|
||||
tags:
|
||||
- bootstrap-os
|
||||
|
|
|
@ -12,4 +12,7 @@
|
|||
when: is_atomic
|
||||
|
||||
- include: set_resolv_facts.yml
|
||||
tags: [bootstrap-os, resolvconf, facts]
|
||||
tags:
|
||||
- bootstrap-os
|
||||
- resolvconf
|
||||
- facts
|
||||
|
|
|
@ -6,8 +6,17 @@
|
|||
owner: kube
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||
when: gen_certs|default(false)
|
||||
tags:
|
||||
- kubelet
|
||||
- k8s-secrets
|
||||
- kube-controller-manager
|
||||
- kube-apiserver
|
||||
- bootstrap-os
|
||||
- apps
|
||||
- network
|
||||
- master
|
||||
- node
|
||||
|
||||
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
|
||||
file:
|
||||
|
@ -16,8 +25,10 @@
|
|||
owner: kube
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
tags: [k8s-secrets, bootstrap-os]
|
||||
when: gen_certs|default(false)
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- bootstrap-os
|
||||
|
||||
- name: Gen_certs | write openssl config
|
||||
template:
|
||||
|
@ -87,7 +98,8 @@
|
|||
'node-{{ inventory_hostname }}-key.pem',
|
||||
'kube-proxy-{{ inventory_hostname }}.pem',
|
||||
'kube-proxy-{{ inventory_hostname }}-key.pem']
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Gen_certs | Gather master certs
|
||||
shell: "tar cfz - -C {{ kube_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0"
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
---
|
||||
- include: check-certs.yml
|
||||
tags: [k8s-secrets, facts]
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- facts
|
||||
|
||||
- include: check-tokens.yml
|
||||
tags: [k8s-secrets, facts]
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- facts
|
||||
|
||||
- name: Make sure the certificate directory exits
|
||||
file:
|
||||
|
@ -31,8 +35,17 @@
|
|||
owner: kube
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||
when: gen_certs|default(false) or gen_tokens|default(false)
|
||||
tags:
|
||||
- kubelet
|
||||
- k8s-secrets
|
||||
- kube-controller-manager
|
||||
- kube-apiserver
|
||||
- bootstrap-os
|
||||
- apps
|
||||
- network
|
||||
- master
|
||||
- node
|
||||
|
||||
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
|
||||
file:
|
||||
|
@ -41,8 +54,10 @@
|
|||
owner: kube
|
||||
run_once: yes
|
||||
delegate_to: "{{groups['kube-master'][0]}}"
|
||||
tags: [k8s-secrets, bootstrap-os]
|
||||
when: gen_certs|default(false) or gen_tokens|default(false)
|
||||
tags:
|
||||
- k8s-secrets
|
||||
- bootstrap-os
|
||||
|
||||
- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
|
||||
file:
|
||||
|
@ -55,10 +70,12 @@
|
|||
when: gen_tokens|default(false)
|
||||
|
||||
- include: "gen_certs_{{ cert_management }}.yml"
|
||||
tags: k8s-secrets
|
||||
tags:
|
||||
- k8s-secrets
|
||||
|
||||
- include: upd_ca_trust.yml
|
||||
tags: k8s-secrets
|
||||
tags:
|
||||
- k8s-secrets
|
||||
|
||||
- name: "Gen_certs | Get certificate serials on kube masters"
|
||||
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
|
||||
|
@ -93,4 +110,5 @@
|
|||
when: inventory_hostname in groups['k8s-cluster']
|
||||
|
||||
- include: gen_tokens.yml
|
||||
tags: k8s-secrets
|
||||
tags:
|
||||
- k8s-secrets
|
||||
|
|
|
@ -9,7 +9,8 @@
|
|||
{%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%}
|
||||
/etc/ssl/certs/kube-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: Gen_certs | add CA to trusted CA dir
|
||||
copy:
|
||||
|
|
|
@ -2,13 +2,20 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
|
|
@ -54,7 +54,9 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
|
||||
- name: Calico | Copy cni plugins from calico/cni container
|
||||
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
|
||||
|
@ -64,7 +66,9 @@
|
|||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
when: overwrite_hyperkube_cni|bool
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
|
||||
- name: Calico | Set cni directory permissions
|
||||
file:
|
||||
|
|
|
@ -2,16 +2,25 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.calico_policy }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
|
|
@ -56,7 +56,9 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
|
||||
- name: Canal | Copy cni plugins from calico/cni
|
||||
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
|
||||
|
@ -65,7 +67,9 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
|
||||
- name: Canal | Set cni directory permissions
|
||||
file:
|
||||
|
|
|
@ -2,7 +2,10 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.flannel_cni }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
|
|
@ -2,15 +2,23 @@
|
|||
dependencies:
|
||||
- role: network_plugin/calico
|
||||
when: kube_network_plugin == 'calico'
|
||||
tags: calico
|
||||
tags:
|
||||
- calico
|
||||
|
||||
- role: network_plugin/flannel
|
||||
when: kube_network_plugin == 'flannel'
|
||||
tags: flannel
|
||||
tags:
|
||||
- flannel
|
||||
|
||||
- role: network_plugin/weave
|
||||
when: kube_network_plugin == 'weave'
|
||||
tags: weave
|
||||
tags:
|
||||
- weave
|
||||
|
||||
- role: network_plugin/canal
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: canal
|
||||
tags:
|
||||
- canal
|
||||
|
||||
- role: network_plugin/cloud
|
||||
when: kube_network_plugin == 'cloud'
|
||||
|
|
|
@ -2,7 +2,10 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.weave_kube }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
||||
- role: download
|
||||
file: "{{ downloads.weave_npc }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
|
|
@ -9,7 +9,9 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
tags:
|
||||
- hyperkube
|
||||
- upgrade
|
||||
|
||||
- name: Weave | Create weave-net manifest
|
||||
template:
|
||||
|
|
|
@ -4,28 +4,32 @@
|
|||
seed: '{% for host in groups["k8s-cluster"] %}{{ hostvars[host]["ansible_default_ipv4"]["macaddress"] }}{% if not loop.last %},{% endif %}{% endfor %}'
|
||||
when: "weave_seed == 'uninitialized'"
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
||||
|
||||
- name: Weave seed | Set seed if not first time
|
||||
set_fact:
|
||||
seed: '{{ weave_seed }}'
|
||||
when: "weave_seed != 'uninitialized'"
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
||||
|
||||
- name: Weave seed | Set peers if fist time
|
||||
set_fact:
|
||||
peers: '{{ weave_ip_current_cluster }}'
|
||||
when: "weave_peers == 'uninitialized'"
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
||||
|
||||
- name: Weave seed | Set peers if existing peers
|
||||
set_fact:
|
||||
peers: '{{ weave_peers }}{% for ip in weave_ip_current_cluster.split(" ") %}{% if ip not in weave_peers.split(" ") %} {{ ip }}{% endif %}{% endfor %}'
|
||||
when: "weave_peers != 'uninitialized'"
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
||||
|
||||
- name: Weave seed | Save seed
|
||||
lineinfile:
|
||||
|
@ -36,7 +40,8 @@
|
|||
become: no
|
||||
delegate_to: 127.0.0.1
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
||||
|
||||
- name: Weave seed | Save peers
|
||||
lineinfile:
|
||||
|
@ -47,4 +52,5 @@
|
|||
become: no
|
||||
delegate_to: 127.0.0.1
|
||||
run_once: true
|
||||
tags: confweave
|
||||
tags:
|
||||
- confweave
|
|
@ -9,7 +9,8 @@
|
|||
- vault
|
||||
- etcd
|
||||
failed_when: false
|
||||
tags: ['services']
|
||||
tags:
|
||||
- services
|
||||
|
||||
- name: reset | remove services
|
||||
file:
|
||||
|
@ -21,7 +22,8 @@
|
|||
- vault
|
||||
- calico-node
|
||||
register: services_removed
|
||||
tags: ['services']
|
||||
tags:
|
||||
- services
|
||||
|
||||
- name: reset | remove docker dropins
|
||||
file:
|
||||
|
@ -31,7 +33,8 @@
|
|||
- docker-dns.conf
|
||||
- docker-options.conf
|
||||
register: docker_dropins_removed
|
||||
tags: ['docker']
|
||||
tags:
|
||||
- docker
|
||||
|
||||
- name: reset | systemctl daemon-reload
|
||||
command: systemctl daemon-reload
|
||||
|
@ -43,31 +46,36 @@
|
|||
retries: 4
|
||||
until: remove_all_containers.rc == 0
|
||||
delay: 5
|
||||
tags: ['docker']
|
||||
tags:
|
||||
- docker
|
||||
|
||||
- name: reset | restart docker if needed
|
||||
service:
|
||||
name: docker
|
||||
state: restarted
|
||||
when: docker_dropins_removed.changed
|
||||
tags: ['docker']
|
||||
tags:
|
||||
- docker
|
||||
|
||||
- name: reset | gather mounted kubelet dirs
|
||||
shell: mount | grep /var/lib/kubelet | awk '{print $3}' | tac
|
||||
check_mode: no
|
||||
register: mounted_dirs
|
||||
tags: ['mounts']
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
- name: reset | unmount kubelet dirs
|
||||
command: umount {{item}}
|
||||
with_items: '{{ mounted_dirs.stdout_lines }}'
|
||||
tags: ['mounts']
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
- name: flush iptables
|
||||
iptables:
|
||||
flush: yes
|
||||
when: flush_iptables|bool
|
||||
tags: ['iptables']
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
- name: reset | delete some files and directories
|
||||
file:
|
||||
|
@ -115,7 +123,8 @@
|
|||
- "{{ bin_dir }}/helm"
|
||||
- "{{ bin_dir }}/calicoctl"
|
||||
- "{{ bin_dir }}/weave"
|
||||
tags: ['files']
|
||||
tags:
|
||||
- files
|
||||
|
||||
- name: reset | remove dns settings from dhclient.conf
|
||||
blockinfile:
|
||||
|
@ -127,7 +136,9 @@
|
|||
with_items:
|
||||
- /etc/dhclient.conf
|
||||
- /etc/dhcp/dhclient.conf
|
||||
tags: ['files', 'dns']
|
||||
tags:
|
||||
- files
|
||||
- dns
|
||||
|
||||
- name: reset | remove host entries from /etc/hosts
|
||||
blockinfile:
|
||||
|
@ -135,7 +146,9 @@
|
|||
state: absent
|
||||
follow: yes
|
||||
marker: "# Ansible inventory hosts {mark}"
|
||||
tags: ['files', 'dns']
|
||||
tags:
|
||||
- files
|
||||
- dns
|
||||
|
||||
- name: reset | Restart network
|
||||
service:
|
||||
|
@ -147,4 +160,6 @@
|
|||
{%- endif %}
|
||||
state: restarted
|
||||
when: ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"]
|
||||
tags: ['services', 'network']
|
||||
tags:
|
||||
- services
|
||||
- network
|
||||
|
|
|
@ -12,7 +12,8 @@
|
|||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
tags: facts
|
||||
tags:
|
||||
- facts
|
||||
|
||||
- name: install rkt pkg on ubuntu
|
||||
apt:
|
||||
|
|
|
@ -3,6 +3,8 @@
|
|||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ vault_adduser_vars }}"
|
||||
|
||||
- role: download
|
||||
file: "{{ vault_download_vars }}"
|
||||
tags: download
|
||||
tags:
|
||||
- download
|
||||
|
|
Loading…
Reference in a new issue