Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance boost. Also cleaned up duplicate etcd var names.
This commit is contained in:
parent
da61b8e7c9
commit
a56738324a
15 changed files with 57 additions and 103 deletions
|
@ -2,7 +2,7 @@
|
||||||
- name: Install | Copy etcdctl binary from docker container
|
- name: Install | Copy etcdctl binary from docker container
|
||||||
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
||||||
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
||||||
{{ docker_bin_dir }}/docker cp etcdctl-binarycopy:{{ etcd_container_bin_dir }}etcdctl {{ bin_dir }}/etcdctl &&
|
{{ docker_bin_dir }}/docker cp etcdctl-binarycopy:/usr/local/bin/etcdctl {{ bin_dir }}/etcdctl &&
|
||||||
{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy"
|
{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy"
|
||||||
when: etcd_deployment_type == "docker"
|
when: etcd_deployment_type == "docker"
|
||||||
register: etcd_task_result
|
register: etcd_task_result
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
--mount=volume=bin-dir,target=/host/bin
|
--mount=volume=bin-dir,target=/host/bin
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }}
|
{{ etcd_image_repo }}:{{ etcd_image_tag }}
|
||||||
--name=etcdctl-binarycopy
|
--name=etcdctl-binarycopy
|
||||||
--exec=/bin/cp -- {{ etcd_container_bin_dir }}/etcdctl /host/bin/etcdctl
|
--exec=/bin/cp -- /usr/local/bin/etcdctl /host/bin/etcdctl
|
||||||
register: etcd_task_result
|
register: etcd_task_result
|
||||||
until: etcd_task_result.rc == 0
|
until: etcd_task_result.rc == 0
|
||||||
retries: 4
|
retries: 4
|
||||||
|
|
|
@ -17,7 +17,5 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--name={{ etcd_member_name | default("etcd") }} \
|
--name={{ etcd_member_name | default("etcd") }} \
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
||||||
{% if etcd_after_v3 %}
|
/usr/local/bin/etcd \
|
||||||
{{ etcd_container_bin_dir }}etcd \
|
|
||||||
{% endif %}
|
|
||||||
"$@"
|
"$@"
|
||||||
|
|
|
@ -40,7 +40,7 @@ spec:
|
||||||
memory: {{ calico_policy_controller_memory_requests }}
|
memory: {{ calico_policy_controller_memory_requests }}
|
||||||
env:
|
env:
|
||||||
- name: ETCD_ENDPOINTS
|
- name: ETCD_ENDPOINTS
|
||||||
value: "{{ etcd_access_endpoint }}"
|
value: "{{ etcd_access_addresses }}"
|
||||||
- name: ETCD_CA_CERT_FILE
|
- name: ETCD_CA_CERT_FILE
|
||||||
value: "{{ calico_cert_dir }}/ca_cert.crt"
|
value: "{{ calico_cert_dir }}/ca_cert.crt"
|
||||||
- name: ETCD_CERT_FILE
|
- name: ETCD_CERT_FILE
|
||||||
|
|
|
@ -5,7 +5,7 @@ api:
|
||||||
bindPort: {{ kube_apiserver_port }}
|
bindPort: {{ kube_apiserver_port }}
|
||||||
etcd:
|
etcd:
|
||||||
endpoints:
|
endpoints:
|
||||||
{% for endpoint in etcd_access_endpoint.split(',') %}
|
{% for endpoint in etcd_access_addresses.split(',') %}
|
||||||
- {{ endpoint }}
|
- {{ endpoint }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem
|
caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem
|
||||||
|
|
|
@ -29,7 +29,7 @@ spec:
|
||||||
- /hyperkube
|
- /hyperkube
|
||||||
- apiserver
|
- apiserver
|
||||||
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --etcd-servers={{ etcd_access_endpoint }}
|
- --etcd-servers={{ etcd_access_addresses }}
|
||||||
- --etcd-quorum-read=true
|
- --etcd-quorum-read=true
|
||||||
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem
|
- --etcd-cafile={{ etcd_cert_dir }}/ca.pem
|
||||||
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
|
- --etcd-certfile={{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem
|
||||||
|
|
|
@ -1,92 +1,4 @@
|
||||||
---
|
---
|
||||||
- set_fact:
|
|
||||||
kube_apiserver_count: "{{ groups['kube-master'] | length }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
loadbalancer_apiserver_localhost: false
|
|
||||||
when: loadbalancer_apiserver is defined
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kube_apiserver_endpoint: |-
|
|
||||||
{% if not is_kube_master and loadbalancer_apiserver_localhost|default(true) -%}
|
|
||||||
https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
|
|
||||||
{%- elif is_kube_master -%}
|
|
||||||
https://127.0.0.1:{{ kube_apiserver_port }}
|
|
||||||
{%- else -%}
|
|
||||||
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
|
|
||||||
https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
|
||||||
{%- else -%}
|
|
||||||
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
kube_apiserver_insecure_endpoint: >-
|
|
||||||
http://{{ kube_apiserver_insecure_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_insecure_port }}
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_access_address: "{{ access_ip | default(etcd_address) }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_peer_url: "https://{{ etcd_access_address }}:2380"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_client_url: "https://{{ etcd_access_address }}:2379"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_authority: "127.0.0.1:2379"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_endpoint: "https://{{ etcd_authority }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_access_addresses: |-
|
|
||||||
{% for item in groups['etcd'] -%}
|
|
||||||
https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_access_endpoint: "{% if etcd_multiaccess|default(true) %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_member_name: |-
|
|
||||||
{% for host in groups['etcd'] %}
|
|
||||||
{% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_peer_addresses: |-
|
|
||||||
{% for item in groups['etcd'] -%}
|
|
||||||
{{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_after_v3: etcd_version | version_compare("v3.0.0", ">=")
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
etcd_container_bin_dir: "{% if etcd_after_v3 %}/usr/local/bin/{% else %}/{% endif %}"
|
|
||||||
|
|
||||||
- set_fact:
|
|
||||||
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"
|
|
||||||
|
|
||||||
- name: check if atomic host
|
- name: check if atomic host
|
||||||
stat:
|
stat:
|
||||||
path: /run/ostree-booted
|
path: /run/ostree-booted
|
||||||
|
|
|
@ -77,6 +77,9 @@ kube_users:
|
||||||
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
|
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
|
||||||
kube_network_plugin: calico
|
kube_network_plugin: calico
|
||||||
|
|
||||||
|
# Determines if calico-rr group exists
|
||||||
|
peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"
|
||||||
|
|
||||||
# Kubernetes internal network for services, unused block of space.
|
# Kubernetes internal network for services, unused block of space.
|
||||||
kube_service_addresses: 10.233.0.0/18
|
kube_service_addresses: 10.233.0.0/18
|
||||||
|
|
||||||
|
@ -158,3 +161,44 @@ vault_cert_dir: "{{ vault_base_dir }}/ssl"
|
||||||
vault_config_dir: "{{ vault_base_dir }}/config"
|
vault_config_dir: "{{ vault_base_dir }}/config"
|
||||||
vault_roles_dir: "{{ vault_base_dir }}/roles"
|
vault_roles_dir: "{{ vault_base_dir }}/roles"
|
||||||
vault_secrets_dir: "{{ vault_base_dir }}/secrets"
|
vault_secrets_dir: "{{ vault_base_dir }}/secrets"
|
||||||
|
|
||||||
|
# Vars for pointing to kubernetes api endpoints
|
||||||
|
is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
|
||||||
|
kube_apiserver_count: "{{ groups['kube-master'] | length }}"
|
||||||
|
kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
|
||||||
|
kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
|
||||||
|
first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
|
||||||
|
loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
|
||||||
|
kube_apiserver_endpoint: |-
|
||||||
|
{% if not is_kube_master and loadbalancer_apiserver_localhost|default(true) -%}
|
||||||
|
https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
|
||||||
|
{%- elif is_kube_master -%}
|
||||||
|
https://127.0.0.1:{{ kube_apiserver_port }}
|
||||||
|
{%- else -%}
|
||||||
|
{%- if loadbalancer_apiserver is defined and loadbalancer_apiserver.port is defined -%}
|
||||||
|
https://{{ apiserver_loadbalancer_domain_name|default('lb-apiserver.kubernetes.local') }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
||||||
|
{%- else -%}
|
||||||
|
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
|
||||||
|
{%- endif -%}
|
||||||
|
{%- endif %}
|
||||||
|
kube_apiserver_insecure_endpoint: >-
|
||||||
|
http://{{ kube_apiserver_insecure_bind_address | regex_replace('0\.0\.0\.0','127.0.0.1') }}:{{ kube_apiserver_insecure_port }}
|
||||||
|
|
||||||
|
# Vars for pointing to etcd endpoints
|
||||||
|
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
|
||||||
|
etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
|
||||||
|
etcd_access_address: "{{ access_ip | default(etcd_address) }}"
|
||||||
|
etcd_peer_url: "https://{{ etcd_access_address }}:2380"
|
||||||
|
etcd_client_url: "https://{{ etcd_access_address }}:2379"
|
||||||
|
etcd_access_addresses: |-
|
||||||
|
{% for item in groups['etcd'] -%}
|
||||||
|
https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
|
||||||
|
{%- endfor %}
|
||||||
|
etcd_member_name: |-
|
||||||
|
{% for host in groups['etcd'] %}
|
||||||
|
{% if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
etcd_peer_addresses: |-
|
||||||
|
{% for item in groups['etcd'] -%}
|
||||||
|
{{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
|
||||||
|
{%- endfor %}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
ETCD_ENDPOINTS="{{ etcd_access_endpoint }}"
|
ETCD_ENDPOINTS="{{ etcd_access_addresses }}"
|
||||||
ETCD_CA_CERT_FILE="{{ calico_cert_dir }}/ca_cert.crt"
|
ETCD_CA_CERT_FILE="{{ calico_cert_dir }}/ca_cert.crt"
|
||||||
ETCD_CERT_FILE="{{ calico_cert_dir }}/cert.crt"
|
ETCD_CERT_FILE="{{ calico_cert_dir }}/cert.crt"
|
||||||
ETCD_KEY_FILE="{{ calico_cert_dir }}/key.pem"
|
ETCD_KEY_FILE="{{ calico_cert_dir }}/key.pem"
|
||||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
||||||
name: calico-config
|
name: calico-config
|
||||||
namespace: {{ system_namespace }}
|
namespace: {{ system_namespace }}
|
||||||
data:
|
data:
|
||||||
etcd_endpoints: "{{ etcd_access_endpoint }}"
|
etcd_endpoints: "{{ etcd_access_addresses }}"
|
||||||
etcd_ca: "/calico-secrets/ca_cert.crt"
|
etcd_ca: "/calico-secrets/ca_cert.crt"
|
||||||
etcd_cert: "/calico-secrets/cert.crt"
|
etcd_cert: "/calico-secrets/cert.crt"
|
||||||
etcd_key: "/calico-secrets/key.pem"
|
etcd_key: "/calico-secrets/key.pem"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
{{ docker_bin_dir }}/docker run -i --privileged --rm \
|
{{ docker_bin_dir }}/docker run -i --privileged --rm \
|
||||||
--net=host --pid=host \
|
--net=host --pid=host \
|
||||||
-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \
|
-e ETCD_ENDPOINTS={{ etcd_access_addresses }} \
|
||||||
-e ETCD_CA_CERT_FILE={{ calico_cert_dir }}/ca_cert.crt \
|
-e ETCD_CA_CERT_FILE={{ calico_cert_dir }}/ca_cert.crt \
|
||||||
-e ETCD_CERT_FILE={{ calico_cert_dir }}/cert.crt \
|
-e ETCD_CERT_FILE={{ calico_cert_dir }}/cert.crt \
|
||||||
-e ETCD_KEY_FILE={{ calico_cert_dir }}/key.pem \
|
-e ETCD_KEY_FILE={{ calico_cert_dir }}/key.pem \
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
"nodename": "{{ ansible_hostname }}",
|
"nodename": "{{ ansible_hostname }}",
|
||||||
{% endif %}
|
{% endif %}
|
||||||
"type": "calico",
|
"type": "calico",
|
||||||
"etcd_endpoints": "{{ etcd_access_endpoint }}",
|
"etcd_endpoints": "{{ etcd_access_addresses }}",
|
||||||
"etcd_cert_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem",
|
"etcd_cert_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem",
|
||||||
"etcd_key_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem",
|
"etcd_key_file": "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem",
|
||||||
"etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem",
|
"etcd_ca_cert_file": "{{ etcd_cert_dir }}/ca.pem",
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
{{ docker_bin_dir }}/docker run -i --privileged --rm \
|
{{ docker_bin_dir }}/docker run -i --privileged --rm \
|
||||||
--net=host --pid=host \
|
--net=host --pid=host \
|
||||||
-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \
|
-e ETCD_ENDPOINTS={{ etcd_access_addresses }} \
|
||||||
-e ETCD_CA_CERT_FILE={{ canal_cert_dir }}/ca_cert.crt \
|
-e ETCD_CA_CERT_FILE={{ canal_cert_dir }}/ca_cert.crt \
|
||||||
-e ETCD_CERT_FILE={{ canal_cert_dir }}/cert.crt \
|
-e ETCD_CERT_FILE={{ canal_cert_dir }}/cert.crt \
|
||||||
-e ETCD_KEY_FILE={{ canal_cert_dir }}/key.pem \
|
-e ETCD_KEY_FILE={{ canal_cert_dir }}/key.pem \
|
||||||
|
|
|
@ -7,7 +7,7 @@ metadata:
|
||||||
name: canal-config
|
name: canal-config
|
||||||
data:
|
data:
|
||||||
# Configure this with the location of your etcd cluster.
|
# Configure this with the location of your etcd cluster.
|
||||||
etcd_endpoints: "{{ etcd_access_endpoint }}"
|
etcd_endpoints: "{{ etcd_access_addresses }}"
|
||||||
|
|
||||||
# The interface used by canal for host <-> host communication.
|
# The interface used by canal for host <-> host communication.
|
||||||
# If left blank, then the interface is chosing using the node's
|
# If left blank, then the interface is chosing using the node's
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
"type": "flannel",
|
"type": "flannel",
|
||||||
"delegate": {
|
"delegate": {
|
||||||
"type": "calico",
|
"type": "calico",
|
||||||
"etcd_endpoints": "{{ etcd_access_endpoint }}",
|
"etcd_endpoints": "{{ etcd_access_addresses }}",
|
||||||
"log_level": "info",
|
"log_level": "info",
|
||||||
"policy": {
|
"policy": {
|
||||||
"type": "k8s"
|
"type": "k8s"
|
||||||
|
|
Loading…
Reference in a new issue