f80fd24a55
When running ansible-lint directly, we can see a lot of warning message like risky-file-permissions File permissions unset or incorrect This fixes the warning messages.
80 lines
2.5 KiB
YAML
80 lines
2.5 KiB
YAML
---
|
|
- name: Canal | Write Canal cni config
|
|
template:
|
|
src: "cni-canal.conflist.j2"
|
|
dest: "/etc/cni/net.d/canal.conflist.template"
|
|
mode: 0644
|
|
owner: kube
|
|
register: canal_conflist
|
|
notify: reset_canal_cni
|
|
|
|
- name: Canal | Create canal certs directory
|
|
file:
|
|
dest: "{{ canal_cert_dir }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Canal | Link etcd certificates for canal-node
|
|
file:
|
|
src: "{{ etcd_cert_dir }}/{{ item.s }}"
|
|
dest: "{{ canal_cert_dir }}/{{ item.d }}"
|
|
state: hard
|
|
mode: 0640
|
|
force: yes
|
|
with_items:
|
|
- {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
|
|
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
|
|
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
|
|
|
|
# Flannel need etcd v2 API
|
|
- name: Canal | Set Flannel etcd configuration
|
|
command: |-
|
|
{{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config \
|
|
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
|
|
register: output
|
|
retries: 4
|
|
until: output.rc == 0
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
delegate_to: "{{ groups['etcd'][0] }}"
|
|
changed_when: false
|
|
run_once: true
|
|
environment:
|
|
ETCDCTL_API: 2
|
|
ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
|
|
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
|
|
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
|
|
ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
|
|
|
|
- name: Canal | Create canal node manifests
|
|
template:
|
|
src: "{{ item.file }}.j2"
|
|
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
|
mode: 0644
|
|
with_items:
|
|
- {name: canal-config, file: canal-config.yaml, type: cm}
|
|
- {name: canal-node, file: canal-node.yaml, type: ds}
|
|
- {name: canal, file: canal-node-sa.yml, type: sa}
|
|
- {name: calico, file: canal-cr-calico.yml, type: clusterrole}
|
|
- {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
|
|
- {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
|
|
- {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
|
|
register: canal_manifests
|
|
when:
|
|
- inventory_hostname in groups['kube_control_plane']
|
|
|
|
- name: Canal | Install calicoctl wrapper script
|
|
template:
|
|
src: calicoctl.sh.j2
|
|
dest: "{{ bin_dir }}/calicoctl.sh"
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Canal | Create network policy directory
|
|
file:
|
|
path: "{{ canal_policy_dir }}"
|
|
state: directory
|
|
mode: 0755
|