improved proxy support
This commit is contained in:
parent
4470ee4ccf
commit
b27453d8d8
9 changed files with 32 additions and 12 deletions
12
cluster.yml
12
cluster.yml
|
@ -32,36 +32,42 @@
|
||||||
tags: rkt
|
tags: rkt
|
||||||
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
|
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
|
||||||
- { role: download, tags: download, skip_downloads: false }
|
- { role: download, tags: download, skip_downloads: false }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: etcd:k8s-cluster:vault
|
- hosts: etcd:k8s-cluster:vault
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults, when: "cert_management == 'vault'" }
|
- { role: kubespray-defaults, when: "cert_management == 'vault'" }
|
||||||
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
|
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: etcd
|
- hosts: etcd
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
|
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
|
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: etcd:k8s-cluster:vault
|
- hosts: etcd:k8s-cluster:vault
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
|
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes/node, tags: node }
|
- { role: kubernetes/node, tags: node }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
@ -70,6 +76,7 @@
|
||||||
- { role: kubernetes/master, tags: master }
|
- { role: kubernetes/master, tags: master }
|
||||||
- { role: kubernetes/client, tags: client }
|
- { role: kubernetes/client, tags: client }
|
||||||
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
|
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
@ -77,6 +84,7 @@
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
|
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
|
||||||
- { role: network_plugin, tags: network }
|
- { role: network_plugin, tags: network }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
@ -85,12 +93,14 @@
|
||||||
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
|
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
|
||||||
- { role: kubernetes-apps/network_plugin, tags: network }
|
- { role: kubernetes-apps/network_plugin, tags: network }
|
||||||
- { role: kubernetes-apps/policy_controller, tags: policy-controller }
|
- { role: kubernetes-apps/policy_controller, tags: policy-controller }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: calico-rr
|
- hosts: calico-rr
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: network_plugin/calico/rr, tags: network }
|
- { role: network_plugin/calico/rr, tags: network }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: k8s-cluster
|
- hosts: k8s-cluster
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
@ -98,9 +108,11 @@
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
|
- { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
|
||||||
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
|
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
||||||
- hosts: kube-master[0]
|
- hosts: kube-master[0]
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes-apps, tags: apps }
|
- { role: kubernetes-apps, tags: apps }
|
||||||
|
environment: "{{proxy_env}}"
|
||||||
|
|
|
@ -40,7 +40,6 @@
|
||||||
until: keyserver_task_result|succeeded
|
until: keyserver_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
||||||
|
|
||||||
|
@ -68,7 +67,6 @@
|
||||||
until: docker_task_result|succeeded
|
until: docker_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
with_items: "{{ docker_package_info.pkgs }}"
|
with_items: "{{ docker_package_info.pkgs }}"
|
||||||
notify: restart docker
|
notify: restart docker
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
|
||||||
|
|
|
@ -16,7 +16,6 @@
|
||||||
until: pull_task_result|succeeded
|
until: pull_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when:
|
when:
|
||||||
- download.enabled
|
- download.enabled
|
||||||
- download.container
|
- download.container
|
||||||
|
|
|
@ -25,7 +25,6 @@
|
||||||
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when:
|
when:
|
||||||
- download.enabled
|
- download.enabled
|
||||||
- download.file
|
- download.file
|
||||||
|
|
|
@ -6,6 +6,11 @@
|
||||||
-v {{ helm_home_dir }}:{{ helm_home_dir }}:rw \
|
-v {{ helm_home_dir }}:{{ helm_home_dir }}:rw \
|
||||||
{% for dir in ssl_ca_dirs -%}
|
{% for dir in ssl_ca_dirs -%}
|
||||||
-v {{ dir }}:{{ dir }}:ro \
|
-v {{ dir }}:{{ dir }}:ro \
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
{% if proxy_env is defined -%}
|
||||||
|
-e http_proxy="{{proxy_env.http_proxy}}" \
|
||||||
|
-e https_proxy="{{proxy_env.https_proxy}}" \
|
||||||
|
-e no_proxy="{{proxy_env.no_proxy}}" \
|
||||||
|
{% endif -%}
|
||||||
{{ helm_image_repo }}:{{ helm_image_tag}} \
|
{{ helm_image_repo }}:{{ helm_image_tag}} \
|
||||||
"$@"
|
"$@"
|
||||||
|
|
|
@ -113,7 +113,6 @@
|
||||||
until: yum_task_result|succeeded
|
until: yum_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when:
|
when:
|
||||||
- ansible_pkg_mgr == 'yum'
|
- ansible_pkg_mgr == 'yum'
|
||||||
- not is_atomic
|
- not is_atomic
|
||||||
|
@ -126,7 +125,6 @@
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
cache_valid_time: 3600
|
cache_valid_time: 3600
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when: ansible_os_family == "Debian"
|
when: ansible_os_family == "Debian"
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
@ -137,7 +135,6 @@
|
||||||
until: dnf_task_result|succeeded
|
until: dnf_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when:
|
when:
|
||||||
- ansible_distribution == "Fedora"
|
- ansible_distribution == "Fedora"
|
||||||
- ansible_distribution_major_version > 21
|
- ansible_distribution_major_version > 21
|
||||||
|
@ -152,7 +149,6 @@
|
||||||
until: epel_task_result|succeeded
|
until: epel_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when:
|
when:
|
||||||
- ansible_distribution in ["CentOS","RedHat"]
|
- ansible_distribution in ["CentOS","RedHat"]
|
||||||
|
@ -172,7 +168,6 @@
|
||||||
until: pkgs_task_result|succeeded
|
until: pkgs_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||||
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -23,7 +23,6 @@
|
||||||
until: rkt_task_result|succeeded
|
until: rkt_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when: ansible_os_family == "Debian"
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
- name: install rkt pkg on centos
|
- name: install rkt pkg on centos
|
||||||
|
@ -34,5 +33,4 @@
|
||||||
until: rkt_task_result|succeeded
|
until: rkt_task_result|succeeded
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
environment: "{{ proxy_env }}"
|
|
||||||
when: ansible_os_family == "RedHat"
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
|
@ -28,6 +28,18 @@
|
||||||
backup: yes
|
backup: yes
|
||||||
register: vault_systemd_placement
|
register: vault_systemd_placement
|
||||||
|
|
||||||
|
- name: Create vault service systemd directory
|
||||||
|
file:
|
||||||
|
path: /etc/systemd/system/vault.service.d
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: cluster/systemd | Add vault proxy env vars
|
||||||
|
template:
|
||||||
|
src: "http-proxy.conf.j2"
|
||||||
|
dest: /etc/systemd/system/vault.service.d/http-proxy.conf
|
||||||
|
backup: yes
|
||||||
|
when: http_proxy is defined or https_proxy is defined or no_proxy is defined
|
||||||
|
|
||||||
- name: cluster/systemd | Enable vault.service
|
- name: cluster/systemd | Enable vault.service
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
|
|
2
roles/vault/templates/http-proxy.conf.j2
Normal file
2
roles/vault/templates/http-proxy.conf.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
[Service]
|
||||||
|
Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %}
|
Loading…
Reference in a new issue