Merge pull request #700 from bogdando/tags

Add tags
This commit is contained in:
Bogdan Dobrelya 2016-12-09 13:23:56 +01:00 committed by GitHub
commit c032d20962
35 changed files with 205 additions and 10 deletions

View file

@ -48,3 +48,63 @@ etcd
Group vars
--------------
The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
Ansible tags
------------
The following tags are defined in playbooks:
| Tag name | Used for
|--------------------------|---------
| apps | K8s apps definitions
| azure | Cloud-provider Azure
| bootstrap-os | Anything related to host OS configuration
| calico | Network plugin Calico
| canal | Network plugin Canal
| cloud-provider | Cloud-provider related tasks
| dnsmasq | Configuring DNS stack for hosts and K8s apps
| download | Fetching container images
| etcd | Configuring etcd cluster
| etcd-pre-upgrade | Upgrading etcd cluster
| etcd-secrets | Configuring etcd certs/keys
| etchosts | Configuring /etc/hosts entries for hosts
| facts | Gathering facts and misc check results
| flannel | Network plugin flannel
| gce | Cloud-provider GCP
| hyperkube | Manipulations with K8s hyperkube image
| k8s-pre-upgrade | Upgrading K8s cluster
| k8s-secrets | Configuring K8s certs/keys
| kpm | Installing K8s apps definitions with KPM
| kube-apiserver | Configuring self-hosted kube-apiserver
| kube-controller-manager | Configuring self-hosted kube-controller-manager
| kubectl | Installing kubectl and bash completion
| kubelet | Configuring kubelet service
| kube-proxy | Configuring self-hosted kube-proxy
| kube-scheduler | Configuring self-hosted kube-scheduler
| master | Configuring K8s master node role
| netchecker | Installing netchecker K8s app
| network | Configuring networking plugins for K8s
| nginx | Configuring LB for kube-apiserver instances
| node | Configuring K8s minion (compute) node role
| openstack | Cloud-provider OpenStack
| preinstall | Preliminary configuration steps
| resolvconf | Configuring /etc/resolv.conf for hosts/apps
| upgrade | Upgrading, f.e. container images/binaries
| weave | Network plugin Weave
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
tags found in the codebase. New tags will be listed with the empty "Used for"
field.
Example command to filter and apply only DNS configuration tasks and skip
everything else related to host OS configuration and downloading images of containers:
```
ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
```
And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
```
ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
```
Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.

View file

@ -3,7 +3,7 @@
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
ignore_errors: True
tags: facts
- name: Bootstrap | Run bootstrap.sh
script: bootstrap.sh
@ -11,6 +11,7 @@
- set_fact:
ansible_python_interpreter: "/opt/bin/python"
tags: facts
- name: Bootstrap | Check if we need to install pip
shell: "{{ansible_python_interpreter}} -m pip --version"
@ -18,6 +19,7 @@
ignore_errors: True
changed_when: false
when: (need_bootstrap | failed)
tags: facts
- name: Bootstrap | Copy get-pip.py
copy: src=get-pip.py dest=~/get-pip.py

View file

@ -5,6 +5,7 @@
raw: which python
register: need_bootstrap
ignore_errors: True
tags: facts
- name: Bootstrap | Install python 2.x
raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal
@ -12,3 +13,4 @@
- set_fact:
ansible_python_interpreter: "/usr/bin/python"
tags: facts

View file

@ -3,3 +3,4 @@ dependencies:
- role: download
file: "{{ downloads.dnsmasq }}"
when: not skip_dnsmasq|default(false) and download_localhost|default(false)
tags: [download, dnsmasq]

View file

@ -1,5 +1,7 @@
---
- include: dnsmasq.yml
when: "{{ not skip_dnsmasq_k8s|bool }}"
tags: dnsmasq
- include: resolvconf.yml
tags: resolvconf

View file

@ -12,6 +12,7 @@
paths:
- ../vars
skip: true
tags: facts
- name: check for minimum kernel version
fail:
@ -20,6 +21,7 @@
{{ docker_kernel_min_version }} on
{{ ansible_distribution }}-{{ ansible_distribution_version }}
when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
tags: facts
- name: ensure docker repository public key is installed
action: "{{ docker_repo_key_info.pkg_key }}"
@ -76,4 +78,4 @@
enabled: yes
state: started
with_items:
- docker
- docker

View file

@ -4,19 +4,23 @@
set_fact:
docker_options_file: >-
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
tags: facts
- name: Set docker options config variable name
set_fact:
docker_options_name: >-
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
tags: facts
- name: Set docker options config value to be written
set_fact:
docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"'
tags: facts
- name: Set docker options config line to be written
set_fact:
docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}"
tags: facts
- name: Set docker proxy lines to be written
set_fact:
@ -24,6 +28,7 @@
- { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' }
- { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' }
- { name: "NO_PROXY", value: '"{{ no_proxy }}"' }
tags: facts
- name: Remove docker daemon proxy config lines that don't match desired lines
lineinfile:
@ -58,4 +63,4 @@
mode: 0644
notify: restart docker
- meta: flush_handlers
- meta: flush_handlers

View file

@ -45,6 +45,7 @@
- set_fact:
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
tags: facts
- name: Create dest directory for saved/loaded container images
file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}}
@ -78,6 +79,7 @@
- set_fact:
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar"
tags: facts
- name: "Set default value for 'container_changed' to false"
set_fact:
@ -89,6 +91,7 @@
when: "{{ download.enabled|bool and download.container|bool }}"
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
run_once: "{{ download_run_once|bool }}"
tags: facts
- name: Stat saved container image
stat: path="{{fname}}"

View file

@ -7,3 +7,4 @@ dependencies:
when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster'])
- role: download
file: "{{ downloads.etcd }}"
tags: download

View file

@ -5,6 +5,7 @@
ignore_errors: true
changed_when: false
when: is_etcd_master
tags: facts
- name: Configure | Add member to the cluster if it is not there
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0

View file

@ -42,6 +42,7 @@
- set_fact:
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem']
node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
tags: facts
- name: Gen_certs | Gather etcd master certs
shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0"
@ -78,6 +79,7 @@
state=directory
owner=kube
recurse=yes
tags: facts
- name: Gen_certs | set permissions on keys
shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem
@ -94,6 +96,7 @@
{%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs/etcd-ca.pem
{%- endif %}
tags: facts
- name: Gen_certs | add CA to trusted CA dir
copy:

View file

@ -1,9 +1,13 @@
---
- include: pre_upgrade.yml
tags: etcd-pre-upgrade
- include: check_certs.yml
tags: [etcd-secrets, facts]
- include: gen_certs.yml
tags: etcd-secrets
- include: install.yml
when: is_etcd_master
tags: upgrade
- include: set_cluster_health.yml
when: is_etcd_master
- include: configure.yml

View file

@ -2,11 +2,13 @@
stat:
path: /etc/systemd/system/etcd-proxy.service
register: kube_apiserver_service_file
tags: facts
- name: "Pre-upgrade | check for etcd-proxy init script"
stat:
path: /etc/init.d/etcd-proxy
register: kube_apiserver_init_script
tags: facts
- name: "Pre-upgrade | stop etcd-proxy if service defined"
service:

View file

@ -5,3 +5,4 @@
ignore_errors: true
changed_when: false
when: is_etcd_master
tags: facts

View file

@ -6,6 +6,7 @@
- {file: kubedns-svc.yml, type: svc}
register: manifests
when: inventory_hostname == groups['kube-master'][0]
tags: dnsmasq
- name: Kubernetes Apps | Start Resources
kube:
@ -17,11 +18,14 @@
state: "{{item.changed | ternary('latest','present') }}"
with_items: "{{ manifests.results }}"
when: inventory_hostname == groups['kube-master'][0]
tags: dnsmasq
- include: tasks/calico-policy-controller.yml
when: ( enable_network_policy is defined and enable_network_policy == True ) or
( kube_network_plugin == 'canal' )
tags: [network, canal]
- name: Kubernetes Apps | Netchecker
include: tasks/netchecker.yml
when: deploy_netchecker
tags: netchecker

View file

@ -2,3 +2,4 @@
dependencies:
- role: kubernetes-apps/network_plugin/canal
when: kube_network_plugin == 'canal'
tags: canal

View file

@ -2,3 +2,4 @@
dependencies:
- role: download
file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube]

View file

@ -1,6 +1,6 @@
---
- include: pre-upgrade.yml
tags: k8s-pre-upgrade
- name: Copy kubectl from hyperkube container
command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
@ -9,12 +9,14 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, kubectl, upgrade]
- name: Gather kubectl bash completion
command: "{{ bin_dir }}/kubectl completion bash"
no_log: true
register: kubectl_bash_completion
when: ansible_os_family in ["Debian","RedHat"]
tags: kubectl
- name: Write kubectl bash completion
copy:
@ -24,12 +26,14 @@
group: root
mode: 0755
when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed
tags: [kubectl, upgrade]
- name: Write kube-apiserver manifest
template:
src: manifests/kube-apiserver.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
notify: Master | wait for the apiserver to be running
tags: kube-apiserver
- meta: flush_handlers
# Create kube-system namespace
@ -37,6 +41,7 @@
copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml
run_once: yes
when: inventory_hostname == groups['kube-master'][0]
tags: apps
- name: Check if kube-system exists
command: "{{ bin_dir }}/kubectl get ns kube-system"
@ -44,11 +49,13 @@
changed_when: False
failed_when: False
run_once: yes
tags: apps
- name: Create 'kube-system' namespace
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
changed_when: False
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
tags: apps
# Write other manifests
- name: Write kube-controller-manager manifest
@ -56,9 +63,11 @@
src: manifests/kube-controller-manager.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
notify: Master | wait for kube-controller-manager
tags: kube-controller-manager
- name: Write kube-scheduler manifest
template:
src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
notify: Master | wait for kube-scheduler
tags: kube-scheduler

View file

@ -3,17 +3,20 @@
stat:
path: /etc/systemd/system/kube-apiserver.service
register: kube_apiserver_service_file
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | check for kube-apiserver init script"
stat:
path: /etc/init.d/kube-apiserver
register: kube_apiserver_init_script
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | stop kube-apiserver if service defined"
service:
name: kube-apiserver
state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
tags: kube-apiserver
- name: "Pre-upgrade | remove kube-apiserver service definition"
file:
@ -23,3 +26,4 @@
with_items:
- /etc/systemd/system/kube-apiserver.service
- /etc/init.d/kube-apiserver
tags: kube-apiserver

View file

@ -2,28 +2,39 @@
dependencies:
- role: download
file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
- role: download
file: "{{ downloads.pod_infra }}"
tags: [download, kubelet]
- role: kubernetes/secrets
tags: k8s-secrets
- role: download
file: "{{ downloads.nginx }}"
tags: [download, nginx]
- role: download
file: "{{ downloads.testbox }}"
tags: download
- role: download
file: "{{ downloads.netcheck_server }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.kubednsmasq }}"
when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]
- role: download
file: "{{ downloads.kubedns }}"
when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]
- role: download
file: "{{ downloads.exechealthz }}"
when: not skip_dnsmasq_k8s|default(false)
tags: [download, dnsmasq]

View file

@ -1,23 +1,26 @@
---
- include: install.yml
tags: kubelet
- include: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
tags: nginx
- name: Write kubelet config file
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
notify:
- restart kubelet
notify: restart kubelet
tags: kubelet
- name: write the kubecfg (auth) file for kubelet
template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
notify:
- restart kubelet
notify: restart kubelet
tags: kubelet
- name: Write proxy manifest
template:
src: manifests/kube-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
tags: kube-proxy
# reload-systemd
- meta: flush_handlers
@ -27,3 +30,4 @@
name: kubelet
enabled: yes
state: started
tags: kubelet

View file

@ -2,3 +2,4 @@
dependencies:
- role: adduser
user: "{{ addusers.kube }}"
tags: kubelet

View file

@ -3,6 +3,7 @@
set_fact:
bin_dir: "/opt/bin"
when: ansible_os_family == "CoreOS"
tags: facts
- name: check bin dir exists
file:
@ -10,11 +11,14 @@
state: directory
owner: root
become: true
tags: bootstrap-os
- include: gitinfos.yml
when: run_gitinfos
tags: facts
- include: set_facts.yml
tags: facts
- name: gather os specific variables
include_vars: "{{ item }}"
@ -29,6 +33,7 @@
paths:
- ../vars
skip: true
tags: facts
- name: Create kubernetes config directory
file:
@ -36,6 +41,7 @@
state: directory
owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
- name: Create kubernetes script directory
file:
@ -43,6 +49,7 @@
state: directory
owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [k8s-secrets, bootstrap-os]
- name: Create kubernetes manifests directory
file:
@ -50,6 +57,7 @@
state: directory
owner: kube
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [kubelet, bootstrap-os, master, node]
- name: Create kubernetes logs directory
file:
@ -57,17 +65,21 @@
state: directory
owner: kube
when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [bootstrap-os, master, node]
- name: check cloud_provider value
fail:
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
tags: [cloud-provider, facts]
- include: openstack-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'openstack'
tags: [cloud-provider, openstack, facts]
- include: azure-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'azure'
tags: [cloud-provider, azure, facts]
- name: Fix ipv4 forward rule in GCE security policy
lineinfile:
@ -79,6 +91,7 @@
backup: yes
validate: 'sysctl -f %s'
when: cloud_provider is defined and cloud_provider == 'gce'
tags: [cloud-provider, gce, bootstrap-os]
- name: Create cni directories
file:
@ -89,26 +102,31 @@
- "/etc/cni/net.d"
- "/opt/cni/bin"
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
tags: [network, calico, weave, canal, bootstrap-os]
- name: Update package management cache (YUM)
yum: update_cache=yes name='*'
when: ansible_pkg_mgr == 'yum'
tags: bootstrap-os
- name: Install latest version of python-apt for Debian distribs
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
when: ansible_os_family == "Debian"
tags: bootstrap-os
- name: Install python-dnf for latest RedHat versions
command: dnf install -y python-dnf yum
when: ansible_distribution == "Fedora" and
ansible_distribution_major_version > 21
changed_when: False
tags: bootstrap-os
- name: Install epel-release on RedHat/CentOS
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
when: ansible_distribution in ["CentOS","RedHat"] and
ansible_distribution_major_version >= 7
changed_when: False
tags: bootstrap-os
- name: Install packages requirements
action:
@ -121,6 +139,7 @@
delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: ansible_os_family != "CoreOS"
tags: bootstrap-os
- name: Disable IPv6 DNS lookup
lineinfile:
@ -129,12 +148,14 @@
state: present
backup: yes
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
tags: bootstrap-os
# Todo : selinux configuration
- name: Set selinux policy to permissive
selinux: policy=targeted state=permissive
when: ansible_os_family == "RedHat"
changed_when: False
tags: bootstrap-os
- name: Write openstack cloud-config
template:
@ -143,6 +164,7 @@
group: "{{ kube_cert_group }}"
mode: 0640
when: cloud_provider is defined and cloud_provider == "openstack"
tags: [cloud-provider, openstack]
- name: Write azure cloud-config
template:
@ -151,5 +173,7 @@
group: "{{ kube_cert_group }}"
mode: 0640
when: cloud_provider is defined and cloud_provider == "azure"
tags: [cloud-provider, azure]
- include: etchosts.yml
tags: [bootstrap-os, etchosts]

View file

@ -26,6 +26,7 @@
- set_fact:
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
tags: facts
- name: Gen_certs | Gather master certs
shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0"
@ -75,6 +76,7 @@
{%- elif ansible_os_family == "CoreOS" -%}
/etc/ssl/certs/kube-ca.pem
{%- endif %}
tags: facts
- name: Gen_certs | add CA to trusted CA dir
copy:

View file

@ -1,6 +1,8 @@
---
- include: check-certs.yml
tags: [k8s-secrets, facts]
- include: check-tokens.yml
tags: [k8s-secrets, facts]
- name: Make sure the certificate directory exits
file:
@ -34,5 +36,6 @@
notify: set secret_changed
- include: gen_certs.yml
tags: k8s-secrets
- include: gen_tokens.yml
tags: k8s-secrets

View file

@ -2,9 +2,13 @@
dependencies:
- role: download
file: "{{ downloads.calico_cni }}"
tags: download
- role: download
file: "{{ downloads.calico_node }}"
tags: download
- role: download
file: "{{ downloads.calicoctl }}"
tags: download
- role: download
file: "{{ downloads.hyperkube }}"
tags: download

View file

@ -3,6 +3,7 @@
run_once: true
set_fact:
legacy_calicoctl: "{{ calicoctl_image_tag | version_compare('v1.0.0', '<') }}"
tags: facts
- name: Calico | Write Calico cni config
template:
@ -46,6 +47,7 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, upgrade]
- name: Calico | Copy cni plugins from calico/cni container
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
@ -55,6 +57,7 @@
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
when: "{{ overwrite_hyperkube_cni|bool }}"
tags: [hyperkube, upgrade]
- name: Calico | wait for etcd
uri: url=https://localhost:2379/health validate_certs=no
@ -75,6 +78,7 @@
register: calico_conf
delegate_to: "{{groups['etcd'][0]}}"
run_once: true
tags: facts
- name: Calico | Configure calico network pool
shell: >
@ -98,6 +102,7 @@
ipip_arg: "--ipip"
when: (legacy_calicoctl and
cloud_provider is defined or ipip)
tags: facts
- name: Calico (old) | Define nat-outgoing pool argument
run_once: true
@ -105,12 +110,14 @@
nat_arg: "--nat-outgoing"
when: (legacy_calicoctl and
nat_outgoing|default(false) and not peer_with_router|default(false))
tags: facts
- name: Calico (old) | Define calico pool task name
run_once: true
set_fact:
pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
when: (legacy_calicoctl and ipip_arg|default(false) or nat_arg|default(false))
tags: facts
- name: Calico (old) | Configure calico network pool {{ pool_task_name|default('') }}
command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
@ -134,6 +141,7 @@
- set_fact:
calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
run_once: true
tags: facts
- name: Calico | Check if calico pool is properly configured
fail:
@ -142,6 +150,7 @@
when: ( calico_pools['node']['nodes'] | length > 1 ) or
( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
run_once: true
tags: facts
- name: Calico | Write /etc/network-environment
template: src=network-environment.j2 dest=/etc/network-environment

View file

@ -2,11 +2,16 @@
dependencies:
- role: download
file: "{{ downloads.flannel }}"
tags: download
- role: download
file: "{{ downloads.calico_node }}"
tags: download
- role: download
file: "{{ downloads.calicoctl }}"
tags: download
- role: download
file: "{{ downloads.calico_cni }}"
tags: download
- role: download
file: "{{ downloads.calico_policy }}"
tags: download

View file

@ -49,6 +49,7 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, upgrade]
- name: Canal | Copy cni plugins from calico/cni
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
@ -57,3 +58,4 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, upgrade]

View file

@ -2,3 +2,4 @@
dependencies:
- role: download
file: "{{ downloads.flannel }}"
tags: download

View file

@ -26,6 +26,7 @@
- set_fact:
flannel_subnet: "{{ flannel_subnet_output.stdout }}"
tags: facts
- name: Flannel | Get flannel_mtu from subnet.env
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
@ -34,17 +35,21 @@
- set_fact:
flannel_mtu: "{{ flannel_mtu_output.stdout }}"
tags: facts
- set_fact:
docker_options_file: >-
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
tags: facts
- set_fact:
docker_options_name: >-
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
tags: facts
- set_fact:
docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"'
tags: facts
- name: Flannel | Remove non-systemd docker daemon network options that don't match desired line
lineinfile:
@ -73,4 +78,4 @@
- restart docker
when: ansible_service_mgr == "systemd"
- meta: flush_handlers
- meta: flush_handlers

View file

@ -2,9 +2,13 @@
dependencies:
- role: network_plugin/calico
when: kube_network_plugin == 'calico'
tags: calico
- role: network_plugin/flannel
when: kube_network_plugin == 'flannel'
tags: flannel
- role: network_plugin/weave
when: kube_network_plugin == 'weave'
tags: weave
- role: network_plugin/canal
when: kube_network_plugin == 'canal'
tags: canal

View file

@ -2,3 +2,4 @@
dependencies:
- role: download
file: "{{ downloads.weave }}"
tags: download

View file

@ -6,6 +6,7 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, upgrade]
- name: Weave | Install weave
command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"

10
scripts/gen_tags.sh Normal file
View file

@ -0,0 +1,10 @@
#!/bin/sh -eo pipefail
#Generate MD formatted tags from roles and cluster yaml files
printf "|%25s |%9s\n" "Tag name" "Used for"
echo "|--------------------------|---------"
tags=$(grep -r tags: . | perl -ne '/tags:\s\[?(([\w\-_]+,?\s?)+)/ && printf "%s ", "$1"'|\
perl -ne 'print join "\n", split /\s|,/' | sort -u)
for tag in $tags; do
match=$(cat docs/ansible.md | perl -ne "/^\|\s+${tag}\s\|\s+((\S+\s?)+)/ && printf \$1")
printf "|%25s |%s\n" "${tag}" " ${match}"
done