diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-01-17 22:42:27 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-01-31 22:31:22 +0100 |
commit | b64058268b377cc78057b8ba8d3190e520d33053 (patch) | |
tree | 5d5ad15b922902f77e34edb04a86680864d893aa | |
parent | kubernetes: multi master cluster works now (diff) |
kubernetes: kubernetes_overlay_node_ip
-rw-r--r-- | common/kubernetes.yml | 5 | ||||
-rw-r--r-- | inventory/group_vars/k8s-test/main.yml | 5 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/base/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml | 2 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 | 8 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/node/tasks/main.yml | 2 |
6 files changed, 15 insertions, 11 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml index 4fc8cef2..d5b58767 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -22,6 +22,11 @@ msg: "At least one node_index is < 1 (indizes start at 1)" that: (kubeguard.node_index.values() | min) > 0 + - name: check whether overlay node io is configured > 0 + assert: + msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip" + that: kubernetes_overlay_node_ip is defined + - name: make sure the kubernetes_cri_socket variable is configured correctly when: kubernetes_container_runtime == 'containerd' assert: diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml index b5863ad1..60d381ec 100644 --- a/inventory/group_vars/k8s-test/main.yml +++ b/inventory/group_vars/k8s-test/main.yml @@ -8,6 +8,7 @@ containerd_lvm: kubernetes_version: 1.17.1 kubernetes_container_runtime: containerd kubernetes_network_plugin: kubeguard +kubernetes_cri_socket: "unix:///run/containerd/containerd.sock" kubernetes: cluster_name: k8s-test @@ -45,6 +46,4 @@ kubeguard: s2-k8s-test0: direct0 s2-k8s-test1: direct0 - -kubernetes_kubelet_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" -kubernetes_cri_socket: "unix:///run/containerd/containerd.sock" +kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 37944915..69a09811 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -16,11 +16,11 @@ selection: hold - name: set kubelet node-ip - when: kubernetes_kubelet_node_ip is defined + when: kubernetes_overlay_node_ip is defined lineinfile: name: "/etc/default/kubelet" regexp: '^KUBELET_EXTRA_ARGS=' - line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_kubelet_node_ip }}' + line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}' create: yes - name: add kubeadm completion for shells diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml index ffe1b4b2..3c800a87 100644 --- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml +++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml @@ -28,7 +28,7 @@ - name: join kubernetes secondary master node and store log block: - name: join kubernetes secondary master node - command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_kubelet_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_kubelet_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" + command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 index 869c809f..06d59ced 100644 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -6,9 +6,9 @@ kind: InitConfiguration {# better control it's lifetime #} bootstrapTokens: - ttl: "1s" -{% if kubernetes_kubelet_node_ip is defined %} +{% if kubernetes_overlay_node_ip is defined %} localAPIEndpoint: - advertiseAddress: {{ kubernetes_kubelet_node_ip }} + advertiseAddress: {{ kubernetes_overlay_node_ip }} {% endif %} --- apiVersion: kubeadm.k8s.io/v1beta2 @@ -16,8 +16,8 @@ kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: {{ kubernetes.cluster_name }} imageRepository: k8s.gcr.io -{% if kubernetes_kubelet_node_ip is defined %} -controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443" +{% if kubernetes_overlay_node_ip is defined %} +controlPlaneEndpoint: "{{ kubernetes_overlay_node_ip }}:6443" {% endif %} networking: dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }} diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index 61d47111..e4fff98b 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -2,7 +2,7 @@ - name: join kubernetes node and store log block: - name: join kubernetes node - command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" + command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join |