72a4223884
This file should only be updated during kubelet upgrade so that master components are not accidentally restarted first during preinstall stage.
159 lines
3.5 KiB
YAML
159 lines
3.5 KiB
YAML
---
|
|
- import_tasks: facts.yml
|
|
tags:
|
|
- facts
|
|
|
|
- import_tasks: pre_upgrade.yml
|
|
tags:
|
|
- kubelet
|
|
|
|
- name: Ensure /var/lib/cni exists
|
|
file:
|
|
path: /var/lib/cni
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- import_tasks: install.yml
|
|
tags:
|
|
- kubelet
|
|
|
|
- import_tasks: nginx-proxy.yml
|
|
when: is_kube_master == false and loadbalancer_apiserver_localhost
|
|
tags:
|
|
- nginx
|
|
|
|
- name: Write kubelet config file (non-kubeadm)
|
|
template:
|
|
src: kubelet.standard.env.j2
|
|
dest: "{{ kube_config_dir }}/kubelet.env"
|
|
backup: yes
|
|
when: not kubeadm_enabled
|
|
notify: restart kubelet
|
|
tags:
|
|
- kubelet
|
|
|
|
- name: Write kubelet config file (kubeadm)
|
|
template:
|
|
src: kubelet.kubeadm.env.j2
|
|
dest: "{{ kube_config_dir }}/kubelet.env"
|
|
backup: yes
|
|
when: kubeadm_enabled
|
|
notify: restart kubelet
|
|
tags:
|
|
- kubelet
|
|
- kubeadm
|
|
|
|
- name: write the kubecfg (auth) file for kubelet
|
|
template:
|
|
src: "{{ item }}-kubeconfig.yaml.j2"
|
|
dest: "{{ kube_config_dir }}/{{ item }}-kubeconfig.yaml"
|
|
backup: yes
|
|
with_items:
|
|
- node
|
|
- kube-proxy
|
|
when: not kubeadm_enabled
|
|
notify: restart kubelet
|
|
tags:
|
|
- kubelet
|
|
|
|
- name: Ensure nodePort range is reserved
|
|
sysctl:
|
|
name: net.ipv4.ip_local_reserved_ports
|
|
value: "{{ kube_apiserver_node_port_range }}"
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
when: kube_apiserver_node_port_range is defined
|
|
tags:
|
|
- kube-proxy
|
|
|
|
- name: Verify if br_netfilter module exists
|
|
shell: "modinfo br_netfilter"
|
|
register: modinfo_br_netfilter
|
|
failed_when: modinfo_br_netfilter.rc not in [0, 1]
|
|
changed_when: false
|
|
|
|
- name: Enable br_netfilter module
|
|
modprobe:
|
|
name: br_netfilter
|
|
state: present
|
|
when: modinfo_br_netfilter.rc == 0
|
|
|
|
- name: Persist br_netfilter module
|
|
copy:
|
|
dest: /etc/modules-load.d/kubespray-br_netfilter.conf
|
|
content: br_netfilter
|
|
when: modinfo_br_netfilter.rc == 0
|
|
|
|
# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
|
|
- name: Check if bridge-nf-call-iptables key exists
|
|
command: "sysctl net.bridge.bridge-nf-call-iptables"
|
|
failed_when: false
|
|
changed_when: false
|
|
register: sysctl_bridge_nf_call_iptables
|
|
|
|
- name: Enable bridge-nf-call tables
|
|
sysctl:
|
|
name: "{{ item }}"
|
|
state: present
|
|
value: 1
|
|
reload: yes
|
|
when: sysctl_bridge_nf_call_iptables.rc == 0
|
|
with_items:
|
|
- net.bridge.bridge-nf-call-iptables
|
|
- net.bridge.bridge-nf-call-arptables
|
|
- net.bridge.bridge-nf-call-ip6tables
|
|
|
|
- name: Modprode Kernel Module for IPVS
|
|
modprobe:
|
|
name: "{{ item }}"
|
|
state: present
|
|
when: kube_proxy_mode == 'ipvs'
|
|
with_items:
|
|
- ip_vs
|
|
- ip_vs_rr
|
|
- ip_vs_wrr
|
|
- ip_vs_sh
|
|
- nf_conntrack_ipv4
|
|
tags:
|
|
- kube-proxy
|
|
|
|
- name: Write proxy manifest
|
|
template:
|
|
src: manifests/kube-proxy.manifest.j2
|
|
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
|
|
when: not kubeadm_enabled
|
|
tags:
|
|
- kube-proxy
|
|
|
|
- name: Purge proxy manifest for kubeadm
|
|
file:
|
|
path: "{{ kube_manifest_dir }}/kube-proxy.manifest"
|
|
state: absent
|
|
when: kubeadm_enabled
|
|
tags:
|
|
- kube-proxy
|
|
|
|
- name: Write cloud-config
|
|
template:
|
|
src: "{{ cloud_provider }}-cloud-config.j2"
|
|
dest: "{{ kube_config_dir }}/cloud_config"
|
|
group: "{{ kube_cert_group }}"
|
|
mode: 0640
|
|
when:
|
|
- cloud_provider is defined
|
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
|
notify: restart kubelet
|
|
tags:
|
|
- cloud-provider
|
|
|
|
# reload-systemd
|
|
- meta: flush_handlers
|
|
|
|
- name: Enable kubelet
|
|
service:
|
|
name: kubelet
|
|
enabled: yes
|
|
state: started
|
|
tags:
|
|
- kubelet
|