a15d626771
In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
111 lines
4.2 KiB
Markdown
111 lines
4.2 KiB
Markdown
Ansible variables
|
|
===============
|
|
|
|
|
|
Inventory
|
|
-------------
|
|
The inventory is composed of 3 groups:
|
|
|
|
* **kube-node** : list of kubernetes nodes where the pods will run.
|
|
* **kube-master** : list of servers where kubernetes master components (apiserver, scheduler, controller) will run.
|
|
Note: if you want the server to act both as master and node the server must be defined on both groups _kube-master_ and _kube-node_
|
|
* **etcd**: list of server to compose the etcd server. you should have at least 3 servers for failover purposes.
|
|
|
|
Below is a complete inventory example:
|
|
|
|
```
|
|
## Configure 'ip' variable to bind kubernetes services on a
|
|
## different ip than the default iface
|
|
node1 ansible_ssh_host=95.54.0.12 # ip=10.3.0.1
|
|
node2 ansible_ssh_host=95.54.0.13 # ip=10.3.0.2
|
|
node3 ansible_ssh_host=95.54.0.14 # ip=10.3.0.3
|
|
node4 ansible_ssh_host=95.54.0.15 # ip=10.3.0.4
|
|
node5 ansible_ssh_host=95.54.0.16 # ip=10.3.0.5
|
|
node6 ansible_ssh_host=95.54.0.17 # ip=10.3.0.6
|
|
|
|
[kube-master]
|
|
node1
|
|
node2
|
|
|
|
[etcd]
|
|
node1
|
|
node2
|
|
node3
|
|
|
|
[kube-node]
|
|
node2
|
|
node3
|
|
node4
|
|
node5
|
|
node6
|
|
|
|
[k8s-cluster:children]
|
|
kube-node
|
|
kube-master
|
|
etcd
|
|
```
|
|
|
|
Group vars
|
|
--------------
|
|
The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
|
|
|
|
Ansible tags
|
|
------------
|
|
|
|
The following tags are defined in playbooks:
|
|
|
|
| Tag name | Used for
|
|
|--------------------------|---------
|
|
| apps | K8s apps definitions
|
|
| azure | Cloud-provider Azure
|
|
| bootstrap-os | Anything related to host OS configuration
|
|
| calico | Network plugin Calico
|
|
| canal | Network plugin Canal
|
|
| cloud-provider | Cloud-provider related tasks
|
|
| dnsmasq | Configuring DNS stack for hosts and K8s apps
|
|
| docker | Configuring docker for hosts
|
|
| download | Fetching container images
|
|
| etcd | Configuring etcd cluster
|
|
| etcd-pre-upgrade | Upgrading etcd cluster
|
|
| etcd-secrets | Configuring etcd certs/keys
|
|
| etchosts | Configuring /etc/hosts entries for hosts
|
|
| facts | Gathering facts and misc check results
|
|
| flannel | Network plugin flannel
|
|
| gce | Cloud-provider GCP
|
|
| hyperkube | Manipulations with K8s hyperkube image
|
|
| k8s-pre-upgrade | Upgrading K8s cluster
|
|
| k8s-secrets | Configuring K8s certs/keys
|
|
| kpm | Installing K8s apps definitions with KPM
|
|
| kube-apiserver | Configuring self-hosted kube-apiserver
|
|
| kube-controller-manager | Configuring self-hosted kube-controller-manager
|
|
| kubectl | Installing kubectl and bash completion
|
|
| kubelet | Configuring kubelet service
|
|
| kube-proxy | Configuring self-hosted kube-proxy
|
|
| kube-scheduler | Configuring self-hosted kube-scheduler
|
|
| master | Configuring K8s master node role
|
|
| netchecker | Installing netchecker K8s app
|
|
| network | Configuring networking plugins for K8s
|
|
| nginx | Configuring LB for kube-apiserver instances
|
|
| node | Configuring K8s minion (compute) node role
|
|
| openstack | Cloud-provider OpenStack
|
|
| preinstall | Preliminary configuration steps
|
|
| resolvconf | Configuring /etc/resolv.conf for hosts/apps
|
|
| upgrade | Upgrading, f.e. container images/binaries
|
|
| weave | Network plugin Weave
|
|
|
|
Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
|
|
tags found in the codebase. New tags will be listed with the empty "Used for"
|
|
field.
|
|
|
|
Example command to filter and apply only DNS configuration tasks and skip
|
|
everything else related to host OS configuration and downloading images of containers:
|
|
|
|
```
|
|
ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
|
|
```
|
|
And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
|
|
```
|
|
ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
|
|
```
|
|
|
|
Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
|