diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-01-17 19:53:12 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-01-31 22:31:22 +0100 |
| commit | bb9a03e136bd8d1029bfb2c1cf0be22d28df1576 (patch) | |
| tree | a78801ff7ecc784e06c2ab9c70620ebaa7ea82b0 | |
| parent | single master kubernetes cluster works now (diff) | |
kubernetes: node cleanup works now
| -rw-r--r-- | common/kubernetes-cleanup.yml | 7 | ||||
| -rw-r--r-- | common/kubernetes.yml | 2 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/primary-master.yml | 4 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml | 4 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/node/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/kubernetes/kubeadm/reset/tasks/main.yml | 10 | ||||
| -rw-r--r-- | spreadspace/k8s-test.yml | 5 |
8 files changed, 24 insertions, 16 deletions
diff --git a/common/kubernetes-cleanup.yml b/common/kubernetes-cleanup.yml index a320e0f8..be55d11e 100644 --- a/common/kubernetes-cleanup.yml +++ b/common/kubernetes-cleanup.yml @@ -1,7 +1,4 @@ --- -- import_playbook: kubernetes-cluster-layout.yml - -######## - name: check for nodes to be removed hosts: _kubernetes_primary_master_ tasks: @@ -15,7 +12,7 @@ loop: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(groups['_kubernetes_nodes_']) }}" add_host: name: "{{ item }}" - inventory_dir: "{{ inventory_dir }}" + inventory_dir: "{{ hostvars[item].inventory_dir }}" group: _kubernetes_nodes_remove_ changed_when: False @@ -28,7 +25,7 @@ roles: - role: kubernetes/kubeadm/reset - role: kubernetes/net/kubeguard - when: kubernetes_network_plugin == 'kubeguard' + when: hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_network_plugin == 'kubeguard' vars: kubeguard_action: remove diff --git a/common/kubernetes.yml b/common/kubernetes.yml index aaf23219..4fc8cef2 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -1,6 +1,4 @@ --- -- import_playbook: kubernetes-cluster-layout.yml - - name: prepare variables and do some sanity checks hosts: _kubernetes_nodes_ gather_facts: no diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/master/tasks/main.yml index 7f96ff6a..9af041b2 100644 --- a/roles/kubernetes/kubeadm/master/tasks/main.yml +++ b/roles/kubernetes/kubeadm/master/tasks/main.yml @@ -22,7 +22,7 @@ - name: check if master is tainted (1/2) - command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ host_name }} -o json" + command: "kubectl --kubeconfig /etc/kubernetes/admin.conf get node {{ inventory_hostname }} -o json" check_mode: no register: kubectl_get_node changed_when: False @@ -33,11 +33,11 @@ - name: remove taint from master node when: not kubernetes.dedicated_master and 'node-role.kubernetes.io/master' in kube_node_taints - command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ host_name }} node-role.kubernetes.io/master-" + command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master-" - name: add taint for master node when: kubernetes.dedicated_master and 'node-role.kubernetes.io/master' not in kube_node_taints - command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ host_name }} node-role.kubernetes.io/master='':NoSchedule" + command: "kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes {{ inventory_hostname }} node-role.kubernetes.io/master='':NoSchedule" - name: prepare kubectl (1/2) diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 5efc91b5..e814e847 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -25,7 +25,7 @@ # register: kubeadm_token_generate - name: initialize kubernetes master - command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" + command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" # command: "kubeadm init --config /etc/kubernetes/kubeadm.config{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %}{% if kubernetes_network_plugin == 'kube-router' %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" args: creates: /etc/kubernetes/pki/ca.crt @@ -70,7 +70,7 @@ kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}" - name: create bootstrap token for existing cluster - when: "groups['_kubernetes_nodes_'] | map('extract', hostvars) | map(attribute='host_name') | difference(kubernetes_current_nodes) | length > 0" + when: "groups['_kubernetes_nodes_'] | difference(kubernetes_current_nodes) | length > 0" command: kubeadm token create --ttl 42m check_mode: no register: kubeadm_token_create diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml index fc85a37d..7025ace0 100644 --- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml +++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml @@ -15,7 +15,7 @@ kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}" - name: upload certs - when: "groups['_kubernetes_masters_'] | map('extract', hostvars) | map(attribute='host_name') | difference(kubernetes_current_nodes) | length > 0" + when: "groups['_kubernetes_masters_'] | difference(kubernetes_current_nodes) | length > 0" command: kubeadm init phase upload-certs --upload-certs check_mode: no register: kubeadm_upload_certs @@ -26,7 +26,7 @@ kubeadm_upload_certs_key: "{% if kubeadm_upload_certs.stdout is defined %}{{ kubeadm_upload_certs.stdout_lines | last }}{% endif %}" - name: join kubernetes secondary master node - command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" + command: "kubeadm join {{ host_vars[groups['_kubernetes_primary_master_']].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml index dba2ce30..f7efdd81 100644 --- a/roles/kubernetes/kubeadm/node/tasks/main.yml +++ b/roles/kubernetes/kubeadm/node/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: join kubernetes node - command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" + command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_kubelet_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'" args: creates: /etc/kubernetes/kubelet.conf register: kubeadm_join diff --git a/roles/kubernetes/kubeadm/reset/tasks/main.yml b/roles/kubernetes/kubeadm/reset/tasks/main.yml index a6d64c7d..f0e88e53 100644 --- a/roles/kubernetes/kubeadm/reset/tasks/main.yml +++ b/roles/kubernetes/kubeadm/reset/tasks/main.yml @@ -1,3 +1,13 @@ --- - name: clean up settings and files created by kubeadm command: kubeadm reset -f + +- name: clean up extra configs and logs + loop: + - /etc/kubernetes/kubeadm.config + - /etc/kubernetes/kubeadm-init.log + - /etc/kubernetes/kubeadm-join.log + - /etc/kubernetes/pki + file: + path: "{{ item }}" + state: absent diff --git a/spreadspace/k8s-test.yml b/spreadspace/k8s-test.yml index ed56cb78..97daa5b0 100644 --- a/spreadspace/k8s-test.yml +++ b/spreadspace/k8s-test.yml @@ -6,9 +6,12 @@ # - role: sshd # - role: zsh -- import_playbook: ../common/kubernetes.yml +- import_playbook: ../common/kubernetes-cluster-layout.yml vars: kubernetes_cluster_layout: nodes_group: k8s-test masters: - s2-k8s-test0 + +- import_playbook: ../common/kubernetes.yml +- import_playbook: ../common/kubernetes-cleanup.yml |