summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-01-17 22:42:27 +0100
committerChristian Pointner <equinox@spreadspace.org>2020-01-31 22:31:22 +0100
commitb64058268b377cc78057b8ba8d3190e520d33053 (patch)
tree5d5ad15b922902f77e34edb04a86680864d893aa
parentkubernetes: multi master cluster works now (diff)
kubernetes: kubernetes_overlay_node_ip
-rw-r--r--common/kubernetes.yml5
-rw-r--r--inventory/group_vars/k8s-test/main.yml5
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/main.yml4
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml2
-rw-r--r--roles/kubernetes/kubeadm/master/templates/kubeadm.config.j28
-rw-r--r--roles/kubernetes/kubeadm/node/tasks/main.yml2
6 files changed, 15 insertions, 11 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index 4fc8cef2..d5b58767 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -22,6 +22,11 @@
msg: "At least one node_index is < 1 (indizes start at 1)"
that: (kubeguard.node_index.values() | min) > 0
+ - name: check whether overlay node io is configured > 0
+ assert:
+ msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip"
+ that: kubernetes_overlay_node_ip is defined
+
- name: make sure the kubernetes_cri_socket variable is configured correctly
when: kubernetes_container_runtime == 'containerd'
assert:
diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml
index b5863ad1..60d381ec 100644
--- a/inventory/group_vars/k8s-test/main.yml
+++ b/inventory/group_vars/k8s-test/main.yml
@@ -8,6 +8,7 @@ containerd_lvm:
kubernetes_version: 1.17.1
kubernetes_container_runtime: containerd
kubernetes_network_plugin: kubeguard
+kubernetes_cri_socket: "unix:///run/containerd/containerd.sock"
kubernetes:
cluster_name: k8s-test
@@ -45,6 +46,4 @@ kubeguard:
s2-k8s-test0: direct0
s2-k8s-test1: direct0
-
-kubernetes_kubelet_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"
-kubernetes_cri_socket: "unix:///run/containerd/containerd.sock"
+kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 37944915..69a09811 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -16,11 +16,11 @@
selection: hold
- name: set kubelet node-ip
- when: kubernetes_kubelet_node_ip is defined
+ when: kubernetes_overlay_node_ip is defined
lineinfile:
name: "/etc/default/kubelet"
regexp: '^KUBELET_EXTRA_ARGS='
- line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_kubelet_node_ip }}'
+ line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}'
create: yes
- name: add kubeadm completion for shells
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index ffe1b4b2..3c800a87 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -28,7 +28,7 @@
- name: join kubernetes secondary master node and store log
block:
- name: join kubernetes secondary master node
- command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_kubelet_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_kubelet_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+ command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
args:
creates: /etc/kubernetes/kubelet.conf
register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index 869c809f..06d59ced 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -6,9 +6,9 @@ kind: InitConfiguration
{# better control it's lifetime #}
bootstrapTokens:
- ttl: "1s"
-{% if kubernetes_kubelet_node_ip is defined %}
+{% if kubernetes_overlay_node_ip is defined %}
localAPIEndpoint:
- advertiseAddress: {{ kubernetes_kubelet_node_ip }}
+ advertiseAddress: {{ kubernetes_overlay_node_ip }}
{% endif %}
---
apiVersion: kubeadm.k8s.io/v1beta2
@@ -16,8 +16,8 @@ kind: ClusterConfiguration
kubernetesVersion: {{ kubernetes_version }}
clusterName: {{ kubernetes.cluster_name }}
imageRepository: k8s.gcr.io
-{% if kubernetes_kubelet_node_ip is defined %}
-controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443"
+{% if kubernetes_overlay_node_ip is defined %}
+controlPlaneEndpoint: "{{ kubernetes_overlay_node_ip }}:6443"
{% endif %}
networking:
dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 61d47111..e4fff98b 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -2,7 +2,7 @@
- name: join kubernetes node and store log
block:
- name: join kubernetes node
- command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+ command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
args:
creates: /etc/kubernetes/kubelet.conf
register: kubeadm_join