summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-05-26 18:08:10 +0200
committerChristian Pointner <equinox@spreadspace.org>2020-06-17 00:04:40 +0200
commit4fd722c4c12b441d0857c5bc29d1cd43df64b9b7 (patch)
tree4a4fd150d9faebc3358fcaf7d608178550e65e0f
parentadd ch-equinox-ws to managment vlan (diff)
finalize handling of network plugins. (needs testing)
-rw-r--r--inventory/group_vars/kubernetes-cluster/vars.yml2
-rw-r--r--roles/kubernetes/base/tasks/main.yml4
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/main.yml12
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml7
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/net_none.yml7
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml3
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/net_none.yml2
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/primary-master.yml14
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml6
-rw-r--r--roles/kubernetes/kubeadm/node/tasks/main.yml6
-rw-r--r--roles/kubernetes/kubeadm/reset/tasks/main.yml4
11 files changed, 59 insertions, 8 deletions
diff --git a/inventory/group_vars/kubernetes-cluster/vars.yml b/inventory/group_vars/kubernetes-cluster/vars.yml
index c1149988..2d7a696f 100644
--- a/inventory/group_vars/kubernetes-cluster/vars.yml
+++ b/inventory/group_vars/kubernetes-cluster/vars.yml
@@ -1,2 +1,4 @@
---
+kubernetes_network_plugin_replaces_kube_proxy: false
+
kubernetes_nodelocal_dnscache_ip: 169.254.20.10
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index 602266d5..da5f7408 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -46,12 +46,12 @@
{% endif %}
source <(crictl completion)
-- name: add dummy group with gid 998
+- name: add dummy group with gid 990
group:
name: app
gid: 990
-- name: add dummy user with uid 998
+- name: add dummy user with uid 990
user:
name: app
uid: 990
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 2d2bd324..7f2e02c2 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -59,5 +59,13 @@
content: |
alias hatop="hatop -s /var/run/haproxy/admin.sock"
-# - name: prepare network plugin
-# include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
+## loading the modules temporarly because kubeadm will complain if they are not there
+# but i don't think it is necessary to make this persistent, also ignoring changes here
+- name: load module br_netfilter to satisfy kubeadm init/join
+ modprobe:
+ name: br_netfilter
+ state: present
+ changed_when: false
+
+- name: prepare network plugin
+ include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
new file mode 100644
index 00000000..0924c458
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
@@ -0,0 +1,7 @@
+---
+- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set
+ run_once: yes
+ assert:
+ msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false."
+ that:
+ - not kubernetes_network_plugin_replaces_kube_proxy
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_none.yml b/roles/kubernetes/kubeadm/base/tasks/net_none.yml
new file mode 100644
index 00000000..0924c458
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/tasks/net_none.yml
@@ -0,0 +1,7 @@
+---
+- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set
+ run_once: yes
+ assert:
+ msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false."
+ that:
+ - not kubernetes_network_plugin_replaces_kube_proxy
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
new file mode 100644
index 00000000..95fee7c8
--- /dev/null
+++ b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml
@@ -0,0 +1,3 @@
+---
+### kubeguard needs to be deployed before the cluster has been initialized.
+### there is nothing more todo here.
diff --git a/roles/kubernetes/kubeadm/master/tasks/net_none.yml b/roles/kubernetes/kubeadm/master/tasks/net_none.yml
new file mode 100644
index 00000000..bf1a16d5
--- /dev/null
+++ b/roles/kubernetes/kubeadm/master/tasks/net_none.yml
@@ -0,0 +1,2 @@
+---
+## this "plugin" is for testing purposes only
diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
index f24e9ac1..432f7479 100644
--- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml
@@ -27,8 +27,8 @@
- name: initialize kubernetes master and store log
block:
- name: initialize kubernetes master
- command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
- # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
+ command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print"
+ # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print"
args:
creates: /etc/kubernetes/pki/ca.crt
register: kubeadm_init
@@ -40,6 +40,12 @@
content: "{{ kubeadm_init.stdout }}\n"
dest: /etc/kubernetes/kubeadm-init.log
+ - name: dump error output of kubeadm init to log file
+ when: kubeadm_init.changed and kubeadm_init.stderr
+ copy:
+ content: "{{ kubeadm_init.stderr }}\n"
+ dest: /etc/kubernetes/kubeadm-init.errors
+
- name: create bootstrap token for existing cluster
command: kubeadm token create --ttl 42m
check_mode: no
@@ -119,5 +125,5 @@
## Network Plugin
-# - name: install network plugin
-# include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
+- name: install network plugin
+ include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index 31fb31d6..37f108a7 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -42,6 +42,12 @@
content: "{{ kubeadm_join.stdout }}\n"
dest: /etc/kubernetes/kubeadm-join.log
+ - name: dump error output of kubeadm join to log file
+ when: kubeadm_join.changed and kubeadm_join.stderr
+ copy:
+ content: "{{ kubeadm_join.stderr }}\n"
+ dest: /etc/kubernetes/kubeadm-join.errors
+
# TODO: acutally check if node has registered
- name: give the new master(s) a moment to register
when: kubeadm_join is changed
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 655b1b18..6b3d18ae 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -14,3 +14,9 @@
copy: # noqa 503
content: "{{ kubeadm_join.stdout }}\n"
dest: /etc/kubernetes/kubeadm-join.log
+
+ - name: dump error output of kubeadm join to log file
+ when: kubeadm_join.changed and kubeadm_join.stderr
+ copy:
+ content: "{{ kubeadm_join.stderr }}\n"
+ dest: /etc/kubernetes/kubeadm-join.errors
diff --git a/roles/kubernetes/kubeadm/reset/tasks/main.yml b/roles/kubernetes/kubeadm/reset/tasks/main.yml
index c35e2bfc..1ecf1c1e 100644
--- a/roles/kubernetes/kubeadm/reset/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/reset/tasks/main.yml
@@ -6,9 +6,13 @@
loop:
- /etc/kubernetes/kubeadm.config
- /etc/kubernetes/kubeadm-init.log
+ - /etc/kubernetes/kubeadm-init.errors
- /etc/kubernetes/kubeadm-join.log
+ - /etc/kubernetes/kubeadm-join.errors
- /etc/kubernetes/pki
- /etc/kubernetes/encryption
+ - /etc/kubernetes/network-plugin.yml
+ - /etc/kubernetes/node-local-dns.yml
file:
path: "{{ item }}"
state: absent