commit
c032d20962
35 changed files with 205 additions and 10 deletions
|
@ -48,3 +48,63 @@ etcd
|
|||
Group vars
|
||||
--------------
|
||||
The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
|
||||
|
||||
Ansible tags
|
||||
------------
|
||||
|
||||
The following tags are defined in playbooks:
|
||||
|
||||
| Tag name | Used for
|
||||
|--------------------------|---------
|
||||
| apps | K8s apps definitions
|
||||
| azure | Cloud-provider Azure
|
||||
| bootstrap-os | Anything related to host OS configuration
|
||||
| calico | Network plugin Calico
|
||||
| canal | Network plugin Canal
|
||||
| cloud-provider | Cloud-provider related tasks
|
||||
| dnsmasq | Configuring DNS stack for hosts and K8s apps
|
||||
| download | Fetching container images
|
||||
| etcd | Configuring etcd cluster
|
||||
| etcd-pre-upgrade | Upgrading etcd cluster
|
||||
| etcd-secrets | Configuring etcd certs/keys
|
||||
| etchosts | Configuring /etc/hosts entries for hosts
|
||||
| facts | Gathering facts and misc check results
|
||||
| flannel | Network plugin flannel
|
||||
| gce | Cloud-provider GCP
|
||||
| hyperkube | Manipulations with K8s hyperkube image
|
||||
| k8s-pre-upgrade | Upgrading K8s cluster
|
||||
| k8s-secrets | Configuring K8s certs/keys
|
||||
| kpm | Installing K8s apps definitions with KPM
|
||||
| kube-apiserver | Configuring self-hosted kube-apiserver
|
||||
| kube-controller-manager | Configuring self-hosted kube-controller-manager
|
||||
| kubectl | Installing kubectl and bash completion
|
||||
| kubelet | Configuring kubelet service
|
||||
| kube-proxy | Configuring self-hosted kube-proxy
|
||||
| kube-scheduler | Configuring self-hosted kube-scheduler
|
||||
| master | Configuring K8s master node role
|
||||
| netchecker | Installing netchecker K8s app
|
||||
| network | Configuring networking plugins for K8s
|
||||
| nginx | Configuring LB for kube-apiserver instances
|
||||
| node | Configuring K8s minion (compute) node role
|
||||
| openstack | Cloud-provider OpenStack
|
||||
| preinstall | Preliminary configuration steps
|
||||
| resolvconf | Configuring /etc/resolv.conf for hosts/apps
|
||||
| upgrade | Upgrading, f.e. container images/binaries
|
||||
| weave | Network plugin Weave
|
||||
|
||||
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
|
||||
tags found in the codebase. New tags will be listed with the empty "Used for"
|
||||
field.
|
||||
|
||||
Example command to filter and apply only DNS configuration tasks and skip
|
||||
everything else related to host OS configuration and downloading images of containers:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
|
||||
```
|
||||
And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
|
||||
```
|
||||
ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
|
||||
```
|
||||
|
||||
Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
raw: stat /opt/bin/.bootstrapped
|
||||
register: need_bootstrap
|
||||
ignore_errors: True
|
||||
|
||||
tags: facts
|
||||
|
||||
- name: Bootstrap | Run bootstrap.sh
|
||||
script: bootstrap.sh
|
||||
|
@ -11,6 +11,7 @@
|
|||
|
||||
- set_fact:
|
||||
ansible_python_interpreter: "/opt/bin/python"
|
||||
tags: facts
|
||||
|
||||
- name: Bootstrap | Check if we need to install pip
|
||||
shell: "{{ansible_python_interpreter}} -m pip --version"
|
||||
|
@ -18,6 +19,7 @@
|
|||
ignore_errors: True
|
||||
changed_when: false
|
||||
when: (need_bootstrap | failed)
|
||||
tags: facts
|
||||
|
||||
- name: Bootstrap | Copy get-pip.py
|
||||
copy: src=get-pip.py dest=~/get-pip.py
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
raw: which python
|
||||
register: need_bootstrap
|
||||
ignore_errors: True
|
||||
tags: facts
|
||||
|
||||
- name: Bootstrap | Install python 2.x
|
||||
raw: apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal
|
||||
|
@ -12,3 +13,4 @@
|
|||
|
||||
- set_fact:
|
||||
ansible_python_interpreter: "/usr/bin/python"
|
||||
tags: facts
|
||||
|
|
|
@ -3,3 +3,4 @@ dependencies:
|
|||
- role: download
|
||||
file: "{{ downloads.dnsmasq }}"
|
||||
when: not skip_dnsmasq|default(false) and download_localhost|default(false)
|
||||
tags: [download, dnsmasq]
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
---
|
||||
- include: dnsmasq.yml
|
||||
when: "{{ not skip_dnsmasq_k8s|bool }}"
|
||||
tags: dnsmasq
|
||||
|
||||
- include: resolvconf.yml
|
||||
tags: resolvconf
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
tags: facts
|
||||
|
||||
- name: check for minimum kernel version
|
||||
fail:
|
||||
|
@ -20,6 +21,7 @@
|
|||
{{ docker_kernel_min_version }} on
|
||||
{{ ansible_distribution }}-{{ ansible_distribution_version }}
|
||||
when: (ansible_os_family != "CoreOS") and (ansible_kernel|version_compare(docker_kernel_min_version, "<"))
|
||||
tags: facts
|
||||
|
||||
- name: ensure docker repository public key is installed
|
||||
action: "{{ docker_repo_key_info.pkg_key }}"
|
||||
|
@ -76,4 +78,4 @@
|
|||
enabled: yes
|
||||
state: started
|
||||
with_items:
|
||||
- docker
|
||||
- docker
|
||||
|
|
|
@ -4,19 +4,23 @@
|
|||
set_fact:
|
||||
docker_options_file: >-
|
||||
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
|
||||
tags: facts
|
||||
|
||||
- name: Set docker options config variable name
|
||||
set_fact:
|
||||
docker_options_name: >-
|
||||
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
|
||||
tags: facts
|
||||
|
||||
- name: Set docker options config value to be written
|
||||
set_fact:
|
||||
docker_options_value: '"{{ docker_options }} $DOCKER_NETWORK_OPTIONS $DOCKER_STORAGE_OPTIONS $INSECURE_REGISTRY"'
|
||||
tags: facts
|
||||
|
||||
- name: Set docker options config line to be written
|
||||
set_fact:
|
||||
docker_options_line: "{{ docker_options_name }}={{ docker_options_value }}"
|
||||
tags: facts
|
||||
|
||||
- name: Set docker proxy lines to be written
|
||||
set_fact:
|
||||
|
@ -24,6 +28,7 @@
|
|||
- { name: "HTTP_PROXY", value: '"{{ http_proxy }}"' }
|
||||
- { name: "HTTPS_PROXY", value: '"{{ https_proxy }}"' }
|
||||
- { name: "NO_PROXY", value: '"{{ no_proxy }}"' }
|
||||
tags: facts
|
||||
|
||||
- name: Remove docker daemon proxy config lines that don't match desired lines
|
||||
lineinfile:
|
||||
|
@ -58,4 +63,4 @@
|
|||
mode: 0644
|
||||
notify: restart docker
|
||||
|
||||
- meta: flush_handlers
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
|
||||
- set_fact:
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
tags: facts
|
||||
|
||||
- name: Create dest directory for saved/loaded container images
|
||||
file: path="{{local_release_dir}}/containers" state=directory recurse=yes mode=0755 owner={{ansible_ssh_user|default(ansible_user_id)}}
|
||||
|
@ -78,6 +79,7 @@
|
|||
|
||||
- set_fact:
|
||||
fname: "{{local_release_dir}}/containers/{{download.repo|regex_replace('/|\0|:', '_')}}:{{download.tag|regex_replace('/|\0|:', '_')}}.tar"
|
||||
tags: facts
|
||||
|
||||
- name: "Set default value for 'container_changed' to false"
|
||||
set_fact:
|
||||
|
@ -89,6 +91,7 @@
|
|||
when: "{{ download.enabled|bool and download.container|bool }}"
|
||||
delegate_to: "{{ download_delegate if download_run_once|bool else inventory_hostname }}"
|
||||
run_once: "{{ download_run_once|bool }}"
|
||||
tags: facts
|
||||
|
||||
- name: Stat saved container image
|
||||
stat: path="{{fname}}"
|
||||
|
|
|
@ -7,3 +7,4 @@ dependencies:
|
|||
when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster'])
|
||||
- role: download
|
||||
file: "{{ downloads.etcd }}"
|
||||
tags: download
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
ignore_errors: true
|
||||
changed_when: false
|
||||
when: is_etcd_master
|
||||
tags: facts
|
||||
|
||||
- name: Configure | Add member to the cluster if it is not there
|
||||
when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
- set_fact:
|
||||
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'member.pem', 'member-key.pem']
|
||||
node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
|
||||
tags: facts
|
||||
|
||||
- name: Gen_certs | Gather etcd master certs
|
||||
shell: "tar cfz - -C {{ etcd_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }}| base64 --wrap=0"
|
||||
|
@ -78,6 +79,7 @@
|
|||
state=directory
|
||||
owner=kube
|
||||
recurse=yes
|
||||
tags: facts
|
||||
|
||||
- name: Gen_certs | set permissions on keys
|
||||
shell: chmod 0600 {{ etcd_cert_dir}}/*key.pem
|
||||
|
@ -94,6 +96,7 @@
|
|||
{%- elif ansible_os_family == "CoreOS" -%}
|
||||
/etc/ssl/certs/etcd-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
|
||||
- name: Gen_certs | add CA to trusted CA dir
|
||||
copy:
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
---
|
||||
- include: pre_upgrade.yml
|
||||
tags: etcd-pre-upgrade
|
||||
- include: check_certs.yml
|
||||
tags: [etcd-secrets, facts]
|
||||
- include: gen_certs.yml
|
||||
tags: etcd-secrets
|
||||
- include: install.yml
|
||||
when: is_etcd_master
|
||||
tags: upgrade
|
||||
- include: set_cluster_health.yml
|
||||
when: is_etcd_master
|
||||
- include: configure.yml
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
stat:
|
||||
path: /etc/systemd/system/etcd-proxy.service
|
||||
register: kube_apiserver_service_file
|
||||
tags: facts
|
||||
|
||||
- name: "Pre-upgrade | check for etcd-proxy init script"
|
||||
stat:
|
||||
path: /etc/init.d/etcd-proxy
|
||||
register: kube_apiserver_init_script
|
||||
tags: facts
|
||||
|
||||
- name: "Pre-upgrade | stop etcd-proxy if service defined"
|
||||
service:
|
||||
|
|
|
@ -5,3 +5,4 @@
|
|||
ignore_errors: true
|
||||
changed_when: false
|
||||
when: is_etcd_master
|
||||
tags: facts
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
- {file: kubedns-svc.yml, type: svc}
|
||||
register: manifests
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
tags: dnsmasq
|
||||
|
||||
- name: Kubernetes Apps | Start Resources
|
||||
kube:
|
||||
|
@ -17,11 +18,14 @@
|
|||
state: "{{item.changed | ternary('latest','present') }}"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
tags: dnsmasq
|
||||
|
||||
- include: tasks/calico-policy-controller.yml
|
||||
when: ( enable_network_policy is defined and enable_network_policy == True ) or
|
||||
( kube_network_plugin == 'canal' )
|
||||
tags: [network, canal]
|
||||
|
||||
- name: Kubernetes Apps | Netchecker
|
||||
include: tasks/netchecker.yml
|
||||
when: deploy_netchecker
|
||||
tags: netchecker
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: kubernetes-apps/network_plugin/canal
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: canal
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: [download, hyperkube]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- include: pre-upgrade.yml
|
||||
|
||||
tags: k8s-pre-upgrade
|
||||
|
||||
- name: Copy kubectl from hyperkube container
|
||||
command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
|
||||
|
@ -9,12 +9,14 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, kubectl, upgrade]
|
||||
|
||||
- name: Gather kubectl bash completion
|
||||
command: "{{ bin_dir }}/kubectl completion bash"
|
||||
no_log: true
|
||||
register: kubectl_bash_completion
|
||||
when: ansible_os_family in ["Debian","RedHat"]
|
||||
tags: kubectl
|
||||
|
||||
- name: Write kubectl bash completion
|
||||
copy:
|
||||
|
@ -24,12 +26,14 @@
|
|||
group: root
|
||||
mode: 0755
|
||||
when: ansible_os_family in ["Debian","RedHat"] and kubectl_bash_completion.changed
|
||||
tags: [kubectl, upgrade]
|
||||
|
||||
- name: Write kube-apiserver manifest
|
||||
template:
|
||||
src: manifests/kube-apiserver.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
|
||||
notify: Master | wait for the apiserver to be running
|
||||
tags: kube-apiserver
|
||||
|
||||
- meta: flush_handlers
|
||||
# Create kube-system namespace
|
||||
|
@ -37,6 +41,7 @@
|
|||
copy: src=namespace.yml dest=/etc/kubernetes/kube-system-ns.yml
|
||||
run_once: yes
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
tags: apps
|
||||
|
||||
- name: Check if kube-system exists
|
||||
command: "{{ bin_dir }}/kubectl get ns kube-system"
|
||||
|
@ -44,11 +49,13 @@
|
|||
changed_when: False
|
||||
failed_when: False
|
||||
run_once: yes
|
||||
tags: apps
|
||||
|
||||
- name: Create 'kube-system' namespace
|
||||
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
|
||||
changed_when: False
|
||||
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
|
||||
tags: apps
|
||||
|
||||
# Write other manifests
|
||||
- name: Write kube-controller-manager manifest
|
||||
|
@ -56,9 +63,11 @@
|
|||
src: manifests/kube-controller-manager.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
|
||||
notify: Master | wait for kube-controller-manager
|
||||
tags: kube-controller-manager
|
||||
|
||||
- name: Write kube-scheduler manifest
|
||||
template:
|
||||
src: manifests/kube-scheduler.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
|
||||
notify: Master | wait for kube-scheduler
|
||||
tags: kube-scheduler
|
||||
|
|
|
@ -3,17 +3,20 @@
|
|||
stat:
|
||||
path: /etc/systemd/system/kube-apiserver.service
|
||||
register: kube_apiserver_service_file
|
||||
tags: [facts, kube-apiserver]
|
||||
|
||||
- name: "Pre-upgrade | check for kube-apiserver init script"
|
||||
stat:
|
||||
path: /etc/init.d/kube-apiserver
|
||||
register: kube_apiserver_init_script
|
||||
tags: [facts, kube-apiserver]
|
||||
|
||||
- name: "Pre-upgrade | stop kube-apiserver if service defined"
|
||||
service:
|
||||
name: kube-apiserver
|
||||
state: stopped
|
||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||
tags: kube-apiserver
|
||||
|
||||
- name: "Pre-upgrade | remove kube-apiserver service definition"
|
||||
file:
|
||||
|
@ -23,3 +26,4 @@
|
|||
with_items:
|
||||
- /etc/systemd/system/kube-apiserver.service
|
||||
- /etc/init.d/kube-apiserver
|
||||
tags: kube-apiserver
|
||||
|
|
|
@ -2,28 +2,39 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
|
||||
- role: download
|
||||
file: "{{ downloads.pod_infra }}"
|
||||
tags: [download, kubelet]
|
||||
- role: kubernetes/secrets
|
||||
tags: k8s-secrets
|
||||
- role: download
|
||||
file: "{{ downloads.nginx }}"
|
||||
tags: [download, nginx]
|
||||
- role: download
|
||||
file: "{{ downloads.testbox }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_server }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_agent }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
- role: download
|
||||
file: "{{ downloads.netcheck_kubectl }}"
|
||||
when: deploy_netchecker
|
||||
tags: [download, netchecker]
|
||||
- role: download
|
||||
file: "{{ downloads.kubednsmasq }}"
|
||||
when: not skip_dnsmasq_k8s|default(false)
|
||||
tags: [download, dnsmasq]
|
||||
- role: download
|
||||
file: "{{ downloads.kubedns }}"
|
||||
when: not skip_dnsmasq_k8s|default(false)
|
||||
tags: [download, dnsmasq]
|
||||
- role: download
|
||||
file: "{{ downloads.exechealthz }}"
|
||||
when: not skip_dnsmasq_k8s|default(false)
|
||||
tags: [download, dnsmasq]
|
||||
|
|
|
@ -1,23 +1,26 @@
|
|||
---
|
||||
- include: install.yml
|
||||
tags: kubelet
|
||||
|
||||
- include: nginx-proxy.yml
|
||||
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
|
||||
tags: nginx
|
||||
|
||||
- name: Write kubelet config file
|
||||
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
|
||||
notify:
|
||||
- restart kubelet
|
||||
notify: restart kubelet
|
||||
tags: kubelet
|
||||
|
||||
- name: write the kubecfg (auth) file for kubelet
|
||||
template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
|
||||
notify:
|
||||
- restart kubelet
|
||||
notify: restart kubelet
|
||||
tags: kubelet
|
||||
|
||||
- name: Write proxy manifest
|
||||
template:
|
||||
src: manifests/kube-proxy.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
|
||||
tags: kube-proxy
|
||||
|
||||
# reload-systemd
|
||||
- meta: flush_handlers
|
||||
|
@ -27,3 +30,4 @@
|
|||
name: kubelet
|
||||
enabled: yes
|
||||
state: started
|
||||
tags: kubelet
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: adduser
|
||||
user: "{{ addusers.kube }}"
|
||||
tags: kubelet
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
tags: facts
|
||||
|
||||
- name: check bin dir exists
|
||||
file:
|
||||
|
@ -10,11 +11,14 @@
|
|||
state: directory
|
||||
owner: root
|
||||
become: true
|
||||
tags: bootstrap-os
|
||||
|
||||
- include: gitinfos.yml
|
||||
when: run_gitinfos
|
||||
tags: facts
|
||||
|
||||
- include: set_facts.yml
|
||||
tags: facts
|
||||
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
|
@ -29,6 +33,7 @@
|
|||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
tags: facts
|
||||
|
||||
- name: Create kubernetes config directory
|
||||
file:
|
||||
|
@ -36,6 +41,7 @@
|
|||
state: directory
|
||||
owner: kube
|
||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
|
||||
|
||||
- name: Create kubernetes script directory
|
||||
file:
|
||||
|
@ -43,6 +49,7 @@
|
|||
state: directory
|
||||
owner: kube
|
||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||
tags: [k8s-secrets, bootstrap-os]
|
||||
|
||||
- name: Create kubernetes manifests directory
|
||||
file:
|
||||
|
@ -50,6 +57,7 @@
|
|||
state: directory
|
||||
owner: kube
|
||||
when: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||
tags: [kubelet, bootstrap-os, master, node]
|
||||
|
||||
- name: Create kubernetes logs directory
|
||||
file:
|
||||
|
@ -57,17 +65,21 @@
|
|||
state: directory
|
||||
owner: kube
|
||||
when: ansible_service_mgr in ["sysvinit","upstart"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||
tags: [bootstrap-os, master, node]
|
||||
|
||||
- name: check cloud_provider value
|
||||
fail:
|
||||
msg: "If set the 'cloud_provider' var must be set either to 'generic', 'gce', 'aws', 'azure' or 'openstack'"
|
||||
when: cloud_provider is defined and cloud_provider not in ['generic', 'gce', 'aws', 'openstack', 'azure']
|
||||
tags: [cloud-provider, facts]
|
||||
|
||||
- include: openstack-credential-check.yml
|
||||
when: cloud_provider is defined and cloud_provider == 'openstack'
|
||||
tags: [cloud-provider, openstack, facts]
|
||||
|
||||
- include: azure-credential-check.yml
|
||||
when: cloud_provider is defined and cloud_provider == 'azure'
|
||||
tags: [cloud-provider, azure, facts]
|
||||
|
||||
- name: Fix ipv4 forward rule in GCE security policy
|
||||
lineinfile:
|
||||
|
@ -79,6 +91,7 @@
|
|||
backup: yes
|
||||
validate: 'sysctl -f %s'
|
||||
when: cloud_provider is defined and cloud_provider == 'gce'
|
||||
tags: [cloud-provider, gce, bootstrap-os]
|
||||
|
||||
- name: Create cni directories
|
||||
file:
|
||||
|
@ -89,26 +102,31 @@
|
|||
- "/etc/cni/net.d"
|
||||
- "/opt/cni/bin"
|
||||
when: kube_network_plugin in ["calico", "weave", "canal"] and "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
||||
tags: [network, calico, weave, canal, bootstrap-os]
|
||||
|
||||
- name: Update package management cache (YUM)
|
||||
yum: update_cache=yes name='*'
|
||||
when: ansible_pkg_mgr == 'yum'
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Install latest version of python-apt for Debian distribs
|
||||
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
||||
when: ansible_os_family == "Debian"
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Install python-dnf for latest RedHat versions
|
||||
command: dnf install -y python-dnf yum
|
||||
when: ansible_distribution == "Fedora" and
|
||||
ansible_distribution_major_version > 21
|
||||
changed_when: False
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Install epel-release on RedHat/CentOS
|
||||
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
|
||||
when: ansible_distribution in ["CentOS","RedHat"] and
|
||||
ansible_distribution_major_version >= 7
|
||||
changed_when: False
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Install packages requirements
|
||||
action:
|
||||
|
@ -121,6 +139,7 @@
|
|||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Disable IPv6 DNS lookup
|
||||
lineinfile:
|
||||
|
@ -129,12 +148,14 @@
|
|||
state: present
|
||||
backup: yes
|
||||
when: disable_ipv6_dns and ansible_os_family != "CoreOS"
|
||||
tags: bootstrap-os
|
||||
|
||||
# Todo : selinux configuration
|
||||
- name: Set selinux policy to permissive
|
||||
selinux: policy=targeted state=permissive
|
||||
when: ansible_os_family == "RedHat"
|
||||
changed_when: False
|
||||
tags: bootstrap-os
|
||||
|
||||
- name: Write openstack cloud-config
|
||||
template:
|
||||
|
@ -143,6 +164,7 @@
|
|||
group: "{{ kube_cert_group }}"
|
||||
mode: 0640
|
||||
when: cloud_provider is defined and cloud_provider == "openstack"
|
||||
tags: [cloud-provider, openstack]
|
||||
|
||||
- name: Write azure cloud-config
|
||||
template:
|
||||
|
@ -151,5 +173,7 @@
|
|||
group: "{{ kube_cert_group }}"
|
||||
mode: 0640
|
||||
when: cloud_provider is defined and cloud_provider == "azure"
|
||||
tags: [cloud-provider, azure]
|
||||
|
||||
- include: etchosts.yml
|
||||
tags: [bootstrap-os, etchosts]
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
- set_fact:
|
||||
master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
|
||||
node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
|
||||
tags: facts
|
||||
|
||||
- name: Gen_certs | Gather master certs
|
||||
shell: "tar cfz - -C {{ kube_cert_dir }} {{ master_certs|join(' ') }} {{ node_certs|join(' ') }} | base64 --wrap=0"
|
||||
|
@ -75,6 +76,7 @@
|
|||
{%- elif ansible_os_family == "CoreOS" -%}
|
||||
/etc/ssl/certs/kube-ca.pem
|
||||
{%- endif %}
|
||||
tags: facts
|
||||
|
||||
- name: Gen_certs | add CA to trusted CA dir
|
||||
copy:
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
- include: check-certs.yml
|
||||
tags: [k8s-secrets, facts]
|
||||
- include: check-tokens.yml
|
||||
tags: [k8s-secrets, facts]
|
||||
|
||||
- name: Make sure the certificate directory exits
|
||||
file:
|
||||
|
@ -34,5 +36,6 @@
|
|||
notify: set secret_changed
|
||||
|
||||
- include: gen_certs.yml
|
||||
|
||||
tags: k8s-secrets
|
||||
- include: gen_tokens.yml
|
||||
tags: k8s-secrets
|
||||
|
|
|
@ -2,9 +2,13 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.hyperkube }}"
|
||||
tags: download
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
run_once: true
|
||||
set_fact:
|
||||
legacy_calicoctl: "{{ calicoctl_image_tag | version_compare('v1.0.0', '<') }}"
|
||||
tags: facts
|
||||
|
||||
- name: Calico | Write Calico cni config
|
||||
template:
|
||||
|
@ -46,6 +47,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
|
||||
- name: Calico | Copy cni plugins from calico/cni container
|
||||
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
|
||||
|
@ -55,6 +57,7 @@
|
|||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
when: "{{ overwrite_hyperkube_cni|bool }}"
|
||||
tags: [hyperkube, upgrade]
|
||||
|
||||
- name: Calico | wait for etcd
|
||||
uri: url=https://localhost:2379/health validate_certs=no
|
||||
|
@ -75,6 +78,7 @@
|
|||
register: calico_conf
|
||||
delegate_to: "{{groups['etcd'][0]}}"
|
||||
run_once: true
|
||||
tags: facts
|
||||
|
||||
- name: Calico | Configure calico network pool
|
||||
shell: >
|
||||
|
@ -98,6 +102,7 @@
|
|||
ipip_arg: "--ipip"
|
||||
when: (legacy_calicoctl and
|
||||
cloud_provider is defined or ipip)
|
||||
tags: facts
|
||||
|
||||
- name: Calico (old) | Define nat-outgoing pool argument
|
||||
run_once: true
|
||||
|
@ -105,12 +110,14 @@
|
|||
nat_arg: "--nat-outgoing"
|
||||
when: (legacy_calicoctl and
|
||||
nat_outgoing|default(false) and not peer_with_router|default(false))
|
||||
tags: facts
|
||||
|
||||
- name: Calico (old) | Define calico pool task name
|
||||
run_once: true
|
||||
set_fact:
|
||||
pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
|
||||
when: (legacy_calicoctl and ipip_arg|default(false) or nat_arg|default(false))
|
||||
tags: facts
|
||||
|
||||
- name: Calico (old) | Configure calico network pool {{ pool_task_name|default('') }}
|
||||
command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}"
|
||||
|
@ -134,6 +141,7 @@
|
|||
- set_fact:
|
||||
calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
|
||||
run_once: true
|
||||
tags: facts
|
||||
|
||||
- name: Calico | Check if calico pool is properly configured
|
||||
fail:
|
||||
|
@ -142,6 +150,7 @@
|
|||
when: ( calico_pools['node']['nodes'] | length > 1 ) or
|
||||
( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
|
||||
run_once: true
|
||||
tags: facts
|
||||
|
||||
- name: Calico | Write /etc/network-environment
|
||||
template: src=network-environment.j2 dest=/etc/network-environment
|
||||
|
|
|
@ -2,11 +2,16 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calico_node }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calicoctl }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calico_cni }}"
|
||||
tags: download
|
||||
- role: download
|
||||
file: "{{ downloads.calico_policy }}"
|
||||
tags: download
|
||||
|
|
|
@ -49,6 +49,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
|
||||
- name: Canal | Copy cni plugins from calico/cni
|
||||
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
|
||||
|
@ -57,3 +58,4 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.flannel }}"
|
||||
tags: download
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
|
||||
- set_fact:
|
||||
flannel_subnet: "{{ flannel_subnet_output.stdout }}"
|
||||
tags: facts
|
||||
|
||||
- name: Flannel | Get flannel_mtu from subnet.env
|
||||
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
|
||||
|
@ -34,17 +35,21 @@
|
|||
|
||||
- set_fact:
|
||||
flannel_mtu: "{{ flannel_mtu_output.stdout }}"
|
||||
tags: facts
|
||||
|
||||
- set_fact:
|
||||
docker_options_file: >-
|
||||
{%- if ansible_os_family == "Debian" -%}/etc/default/docker{%- elif ansible_os_family == "RedHat" -%}/etc/sysconfig/docker{%- endif -%}
|
||||
tags: facts
|
||||
|
||||
- set_fact:
|
||||
docker_options_name: >-
|
||||
{%- if ansible_os_family == "Debian" -%}DOCKER_OPTS{%- elif ansible_os_family == "RedHat" -%}other_args{%- endif -%}
|
||||
tags: facts
|
||||
|
||||
- set_fact:
|
||||
docker_network_options: '"--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"'
|
||||
tags: facts
|
||||
|
||||
- name: Flannel | Remove non-systemd docker daemon network options that don't match desired line
|
||||
lineinfile:
|
||||
|
@ -73,4 +78,4 @@
|
|||
- restart docker
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- meta: flush_handlers
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -2,9 +2,13 @@
|
|||
dependencies:
|
||||
- role: network_plugin/calico
|
||||
when: kube_network_plugin == 'calico'
|
||||
tags: calico
|
||||
- role: network_plugin/flannel
|
||||
when: kube_network_plugin == 'flannel'
|
||||
tags: flannel
|
||||
- role: network_plugin/weave
|
||||
when: kube_network_plugin == 'weave'
|
||||
tags: weave
|
||||
- role: network_plugin/canal
|
||||
when: kube_network_plugin == 'canal'
|
||||
tags: canal
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
dependencies:
|
||||
- role: download
|
||||
file: "{{ downloads.weave }}"
|
||||
tags: download
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
retries: 4
|
||||
delay: "{{ retry_stagger | random + 3 }}"
|
||||
changed_when: false
|
||||
tags: [hyperkube, upgrade]
|
||||
|
||||
- name: Weave | Install weave
|
||||
command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"
|
||||
|
|
10
scripts/gen_tags.sh
Normal file
10
scripts/gen_tags.sh
Normal file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh -eo pipefail
|
||||
#Generate MD formatted tags from roles and cluster yaml files
|
||||
printf "|%25s |%9s\n" "Tag name" "Used for"
|
||||
echo "|--------------------------|---------"
|
||||
tags=$(grep -r tags: . | perl -ne '/tags:\s\[?(([\w\-_]+,?\s?)+)/ && printf "%s ", "$1"'|\
|
||||
perl -ne 'print join "\n", split /\s|,/' | sort -u)
|
||||
for tag in $tags; do
|
||||
match=$(cat docs/ansible.md | perl -ne "/^\|\s+${tag}\s\|\s+((\S+\s?)+)/ && printf \$1")
|
||||
printf "|%25s |%s\n" "${tag}" " ${match}"
|
||||
done
|
Loading…
Reference in a new issue