c12s-kubespray/roles/kubernetes/node/tasks/main.yml
Jiri Stransky dbbe9419e5 Allow setting cgroup driver for kubelet
Red Hat family platforms run docker daemon with `--exec-opt
native.cgroupdriver=systemd`. When kubespray tried to start kubelet
service, it failed with:

Error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

Setting kubelet's cgroup driver to the correct value for the platform
fixes this issue. The code utilizes autodetection of docker's cgroup
driver, as different RPMs for the same distro may vary in that regard.
2017-09-21 11:58:11 +02:00

107 lines
2.6 KiB
YAML

---
- include: facts.yml
tags: facts
- include: pre_upgrade.yml
tags: kubelet
- name: Ensure /var/lib/cni exists
file:
path: /var/lib/cni
state: directory
mode: 0755
- include: install.yml
tags: kubelet
- include: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true)
tags: nginx
- name: Write kubelet config file (non-kubeadm)
template:
src: kubelet.standard.env.j2
dest: "{{ kube_config_dir }}/kubelet.env"
backup: yes
when: not kubeadm_enabled
notify: restart kubelet
tags: kubelet
- name: Write kubelet config file (kubeadm)
template:
src: kubelet.kubeadm.env.j2
dest: "{{ kube_config_dir }}/kubelet.env"
backup: yes
when: kubeadm_enabled
notify: restart kubelet
tags: ['kubelet', 'kubeadm']
- name: write the kubecfg (auth) file for kubelet
template:
src: "{{ item }}-kubeconfig.yaml.j2"
dest: "{{ kube_config_dir }}/{{ item }}-kubeconfig.yaml"
backup: yes
with_items:
- node
- kube-proxy
when: not kubeadm_enabled
notify: restart kubelet
tags: kubelet
- name: Ensure nodePort range is reserved
sysctl:
name: net.ipv4.ip_local_reserved_ports
value: "{{ kube_apiserver_node_port_range }}"
sysctl_set: yes
state: present
reload: yes
when: kube_apiserver_node_port_range is defined
tags: kube-proxy
- name: Verify if br_netfilter module exists
shell: "modinfo br_netfilter"
register: modinfo_br_netfilter
failed_when: modinfo_br_netfilter.rc not in [0, 1]
changed_when: false
- name: Enable br_netfilter module
modprobe:
name: br_netfilter
state: present
when: modinfo_br_netfilter.rc == 0
# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
- name: Check if bridge-nf-call-iptables key exists
command: "sysctl net.bridge.bridge-nf-call-iptables"
failed_when: false
changed_when: false
register: sysctl_bridge_nf_call_iptables
- name: Enable bridge-nf-call tables
sysctl:
name: "{{ item }}"
state: present
value: 1
reload: yes
when: modinfo_br_netfilter.rc == 1 and sysctl_bridge_nf_call_iptables.rc == 0
with_items:
- net.bridge.bridge-nf-call-iptables
- net.bridge.bridge-nf-call-arptables
- net.bridge.bridge-nf-call-ip6tables
- name: Write proxy manifest
template:
src: manifests/kube-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
when: not kubeadm_enabled
tags: kube-proxy
# reload-systemd
- meta: flush_handlers
- name: Enable kubelet
service:
name: kubelet
enabled: yes
state: started
tags: kubelet