diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-05-26 18:08:10 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-06-17 00:04:40 +0200 |
commit | 4fd722c4c12b441d0857c5bc29d1cd43df64b9b7 (patch) | |
tree | 4a4fd150d9faebc3358fcaf7d608178550e65e0f | |
parent | add ch-equinox-ws to managment vlan (diff) |
finalize handling of network plugins. (needs testing)
11 files changed, 59 insertions, 8 deletions
diff --git a/inventory/group_vars/kubernetes-cluster/vars.yml b/inventory/group_vars/kubernetes-cluster/vars.yml index c1149988..2d7a696f 100644 --- a/inventory/group_vars/kubernetes-cluster/vars.yml +++ b/inventory/group_vars/kubernetes-cluster/vars.yml @@ -1,2 +1,4 @@ --- +kubernetes_network_plugin_replaces_kube_proxy: false + kubernetes_nodelocal_dnscache_ip: 169.254.20.10 diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index 602266d5..da5f7408 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -46,12 +46,12 @@ {% endif %} source <(crictl completion) -- name: add dummy group with gid 998 +- name: add dummy group with gid 990 group: name: app gid: 990 -- name: add dummy user with uid 998 +- name: add dummy user with uid 990 user: name: app uid: 990 diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 2d2bd324..7f2e02c2 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -59,5 +59,13 @@ content: | alias hatop="hatop -s /var/run/haproxy/admin.sock" -# - name: prepare network plugin -# include_tasks: "net_{{ kubernetes_network_plugin }}.yml" +## loading the modules temporarly because kubeadm will complain if they are not there +# but i don't think it is necessary to make this persistent, also ignoring changes here +- name: load module br_netfilter to satisfy kubeadm init/join + modprobe: + name: br_netfilter + state: present + changed_when: false + +- name: prepare network plugin + include_tasks: "net_{{ kubernetes_network_plugin }}.yml" diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml new file mode 100644 index 00000000..0924c458 --- /dev/null +++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml @@ -0,0 +1,7 @@ +--- +- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set + run_once: yes + assert: + msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false." + that: + - not kubernetes_network_plugin_replaces_kube_proxy diff --git a/roles/kubernetes/kubeadm/base/tasks/net_none.yml b/roles/kubernetes/kubeadm/base/tasks/net_none.yml new file mode 100644 index 00000000..0924c458 --- /dev/null +++ b/roles/kubernetes/kubeadm/base/tasks/net_none.yml @@ -0,0 +1,7 @@ +--- +- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set + run_once: yes + assert: + msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false." + that: + - not kubernetes_network_plugin_replaces_kube_proxy diff --git a/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml new file mode 100644 index 00000000..95fee7c8 --- /dev/null +++ b/roles/kubernetes/kubeadm/master/tasks/net_kubeguard.yml @@ -0,0 +1,3 @@ +--- +### kubeguard needs to be deployed before the cluster has been initialized. +### there is nothing more todo here. diff --git a/roles/kubernetes/kubeadm/master/tasks/net_none.yml b/roles/kubernetes/kubeadm/master/tasks/net_none.yml new file mode 100644 index 00000000..bf1a16d5 --- /dev/null +++ b/roles/kubernetes/kubeadm/master/tasks/net_none.yml @@ -0,0 +1,2 @@ +--- +## this "plugin" is for testing purposes only diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index f24e9ac1..432f7479 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -27,8 +27,8 @@ - name: initialize kubernetes master and store log block: - name: initialize kubernetes master - command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" - # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" + command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" + # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" args: creates: /etc/kubernetes/pki/ca.crt register: kubeadm_init @@ -40,6 +40,12 @@ content: "{{ kubeadm_init.stdout }}\n" dest: /etc/kubernetes/kubeadm-init.log + - name: dump error output of kubeadm init to log file + when: kubeadm_init.changed and kubeadm_init.stderr + copy: + content: "{{ kubeadm_init.stderr }}\n" + dest: /etc/kubernetes/kubeadm-init.errors + - name: create bootstrap token for existing cluster command: kubeadm token create --ttl 42m check_mode: no @@ -119,5 +125,5 @@ ## Network Plugin -# - name: install network plugin -# include_tasks: "net_{{ kubernetes_network_plugin }}.yml" +- name: install network plugin + include_tasks: "net_{{ kubernetes_network_plugin }}.yml" diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml index 31fb31d6..37f108a7 100644 --- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml +++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml @@ -42,6 +42,12 @@ content: "{{ kubeadm_join.stdout }}\n" dest: /etc/kubernetes/kubeadm-join.log + - name: dump error output of kubeadm join to log file + when: kubeadm_join.changed and kubeadm_join.stderr + copy: + content: "{{ kubeadm_join.stderr }}\n" + dest: /etc/kubernetes/kubeadm-join.errors + # TODO: acutally check if node has registered - name: give the new master(s) a moment to register when: kubeadm_join is changed diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index 655b1b18..6b3d18ae 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -14,3 +14,9 @@ copy: # noqa 503 content: "{{ kubeadm_join.stdout }}\n" dest: /etc/kubernetes/kubeadm-join.log + + - name: dump error output of kubeadm join to log file + when: kubeadm_join.changed and kubeadm_join.stderr + copy: + content: "{{ kubeadm_join.stderr }}\n" + dest: /etc/kubernetes/kubeadm-join.errors diff --git a/roles/kubernetes/kubeadm/reset/tasks/main.yml b/roles/kubernetes/kubeadm/reset/tasks/main.yml index c35e2bfc..1ecf1c1e 100644 --- a/roles/kubernetes/kubeadm/reset/tasks/main.yml +++ b/roles/kubernetes/kubeadm/reset/tasks/main.yml @@ -6,9 +6,13 @@ loop: - /etc/kubernetes/kubeadm.config - /etc/kubernetes/kubeadm-init.log + - /etc/kubernetes/kubeadm-init.errors - /etc/kubernetes/kubeadm-join.log + - /etc/kubernetes/kubeadm-join.errors - /etc/kubernetes/pki - /etc/kubernetes/encryption + - /etc/kubernetes/network-plugin.yml + - /etc/kubernetes/node-local-dns.yml file: path: "{{ item }}" state: absent |