kubernetes: kubernetes_overlay_node_ip

author: Christian Pointner <equinox@spreadspace.org> 2020-01-17 22:42:27 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-01-31 22:31:22 +0100
commit: b64058268b377cc78057b8ba8d3190e520d33053 (patch)
tree: 5d5ad15b922902f77e34edb04a86680864d893aa
parent: kubernetes: multi master cluster works now (diff)
6 files changed, 15 insertions, 11 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml
index 4fc8cef2..d5b58767 100644
--- a/common/kubernetes.yml
+++ b/common/kubernetes.yml
@@ -22,6 +22,11 @@
         msg: "At least one node_index is < 1 (indizes start at 1)"
         that: (kubeguard.node_index.values() | min) > 0
 
+    - name: check whether overlay node io is configured > 0
+      assert:
+        msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip"
+        that: kubernetes_overlay_node_ip is defined
+
   - name: make sure the kubernetes_cri_socket variable is configured correctly
     when: kubernetes_container_runtime == 'containerd'
     assert:
diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml
index b5863ad1..60d381ec 100644
--- a/inventory/group_vars/k8s-test/main.yml
+++ b/inventory/group_vars/k8s-test/main.yml
@@ -8,6 +8,7 @@ containerd_lvm:
 kubernetes_version: 1.17.1
 kubernetes_container_runtime: containerd
 kubernetes_network_plugin: kubeguard
+kubernetes_cri_socket: "unix:///run/containerd/containerd.sock"
 
 kubernetes:
   cluster_name: k8s-test
@@ -45,6 +46,4 @@ kubeguard:
         s2-k8s-test0: direct0
         s2-k8s-test1: direct0
 
-
-kubernetes_kubelet_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"
-kubernetes_cri_socket: "unix:///run/containerd/containerd.sock"
+kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 37944915..69a09811 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -16,11 +16,11 @@
     selection: hold
 
 - name: set kubelet node-ip
-  when: kubernetes_kubelet_node_ip is defined
+  when: kubernetes_overlay_node_ip is defined
   lineinfile:
     name: "/etc/default/kubelet"
     regexp: '^KUBELET_EXTRA_ARGS='
-    line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_kubelet_node_ip }}'
+    line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}'
     create: yes
 
 - name: add kubeadm completion for shells
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index ffe1b4b2..3c800a87 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -28,7 +28,7 @@
 - name: join kubernetes secondary master node and store log
   block:
   - name: join kubernetes secondary master node
-    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_kubelet_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_kubelet_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index 869c809f..06d59ced 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -6,9 +6,9 @@ kind: InitConfiguration
 {# better control it's lifetime #}
 bootstrapTokens:
 - ttl: "1s"
-{% if kubernetes_kubelet_node_ip is defined %}
+{% if kubernetes_overlay_node_ip is defined %}
 localAPIEndpoint:
-  advertiseAddress: {{ kubernetes_kubelet_node_ip }}
+  advertiseAddress: {{ kubernetes_overlay_node_ip }}
 {% endif %}
 ---
 apiVersion: kubeadm.k8s.io/v1beta2
@@ -16,8 +16,8 @@ kind: ClusterConfiguration
 kubernetesVersion: {{ kubernetes_version }}
 clusterName: {{ kubernetes.cluster_name }}
 imageRepository: k8s.gcr.io
-{% if kubernetes_kubelet_node_ip is defined %}
-controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443"
+{% if kubernetes_overlay_node_ip is defined %}
+controlPlaneEndpoint: "{{ kubernetes_overlay_node_ip }}:6443"
 {% endif %}
 networking:
   dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index 61d47111..e4fff98b 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: join kubernetes node and store log
   block:
   - name: join kubernetes node
-    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+    command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
     args:
       creates: /etc/kubernetes/kubelet.conf
     register: kubeadm_join
author	Christian Pointner <equinox@spreadspace.org>	2020-01-17 22:42:27 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-01-31 22:31:22 +0100
commit	b64058268b377cc78057b8ba8d3190e520d33053 (patch)
tree	5d5ad15b922902f77e34edb04a86680864d893aa
parent	kubernetes: multi master cluster works now (diff)