c12s-kubespray/roles/kubernetes/node/tasks/main.yml
Matthew Mosesohn f3a0f73588 Prevent dynamic port allocation in nodePort range
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00

48 lines
1.3 KiB
YAML

---
- set_fact:
standalone_kubelet: >-
{%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
tags: facts
- include: install.yml
tags: kubelet
- include: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(false)
tags: nginx
- name: Write kubelet config file
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
notify: restart kubelet
tags: kubelet
- name: write the kubecfg (auth) file for kubelet
template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
notify: restart kubelet
tags: kubelet
- name: Ensure nodePort range is reserved
sysctl:
name: net.ipv4.ip_local_reserved_ports
value: "{{ kube_apiserver_node_port_range }}"
sysctl_set: yes
state: present
reload: yes
when: kube_apiserver_node_port_range is defined
tags: kube-proxy
- name: Write proxy manifest
template:
src: manifests/kube-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
tags: kube-proxy
# reload-systemd
- meta: flush_handlers
- name: Enable kubelet
service:
name: kubelet
enabled: yes
state: started
tags: kubelet