97ebbb9672
Based on #718 introduced by rsmitty. Includes all roles and all options to support deployment of new hosts in case they were added to inventory. Main difference here is that master role is evaluated first so that master components get upgraded first. Fixes #694
92 lines
2.7 KiB
YAML
92 lines
2.7 KiB
YAML
---
|
|
- hosts: localhost
|
|
gather_facts: False
|
|
roles:
|
|
- bastion-ssh-config
|
|
tags: [localhost, bastion]
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: true
|
|
gather_facts: false
|
|
vars:
|
|
# Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
|
|
# fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
|
|
ansible_ssh_pipelining: false
|
|
roles:
|
|
- bootstrap-os
|
|
tags:
|
|
- bootstrap-os
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: true
|
|
vars:
|
|
ansible_ssh_pipelining: true
|
|
gather_facts: true
|
|
|
|
- hosts: k8s-cluster:etcd:calico-rr
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: kernel-upgrade, tags: kernel-upgrade, when: kernel_upgrade is defined and kernel_upgrade }
|
|
- { role: kubernetes/preinstall, tags: preinstall }
|
|
- { role: docker, tags: docker }
|
|
- role: rkt
|
|
tags: rkt
|
|
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
|
|
|
|
- hosts: etcd:k8s-cluster:vault
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
|
|
|
|
- hosts: etcd:!k8s-cluster
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: etcd, tags: etcd }
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: etcd, tags: etcd }
|
|
|
|
- hosts: etcd:k8s-cluster:vault
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
|
|
|
|
#Handle upgrades to master components first to maintain backwards compat.
|
|
- hosts: kube-master
|
|
any_errors_fatal: true
|
|
serial: 1
|
|
roles:
|
|
- { role: upgrade/pre-upgrade, tags: pre-upgrade }
|
|
- { role: kubernetes/node, tags: node }
|
|
- { role: kubernetes/master, tags: master }
|
|
- { role: network_plugin, tags: network }
|
|
- { role: upgrade/post-upgrade, tags: post-upgrade }
|
|
|
|
#Finally handle worker upgrades, based on given batch size
|
|
- hosts: kube-node:!kube-master
|
|
any_errors_fatal: true
|
|
serial: "{{ serial | default('20%') }}"
|
|
roles:
|
|
- { role: upgrade/pre-upgrade, tags: pre-upgrade }
|
|
- { role: kubernetes/node, tags: node }
|
|
- { role: network_plugin, tags: network }
|
|
- { role: upgrade/post-upgrade, tags: post-upgrade }
|
|
- { role: kubernetes-apps/network_plugin, tags: network }
|
|
|
|
- hosts: calico-rr
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: network_plugin/calico/rr, tags: network }
|
|
|
|
- hosts: k8s-cluster
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
|
|
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
|
|
|
|
- hosts: kube-master[0]
|
|
any_errors_fatal: true
|
|
roles:
|
|
- { role: kubernetes-apps, tags: apps }
|