kubernetes: fix sanity checks

3 files changed, 42 insertions, 16 deletions

diff --git a/common/kubernetes-cluster.yml b/common/kubernetes-cluster.yml
index d6860f60..fcb66fac 100644
--- a/common/kubernetes-cluster.yml
+++ b/common/kubernetes-cluster.yml
@@ -23,11 +23,14 @@
         that: (kubeguard.node_index.values() | min) > 0
 
     - name: check whether overlay node ip is configured
+      run_once: no
+      any_errors_fatal: yes
       assert:
         msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip"
         that: kubernetes_overlay_node_ip is defined
 
   - name: make sure all nodes do belong to the kubernetes-cluster group
+    any_errors_fatal: yes
     assert:
       msg: "The host '{{ inventory_hostname }}' does not belong to the group 'kubernetes-cluster'"
       that: "'kubernetes-cluster' in group_names"
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml
index 154d2d70..2aa63de7 100644
--- a/inventory/group_vars/k8s-chtest/vars.yml
+++ b/inventory/group_vars/k8s-chtest/vars.yml
@@ -6,29 +6,56 @@ kubernetes_cri_tools_pkg_version: 1.26.0-00
 kubernetes_container_runtime: containerd
 containerd_pkg_provider: docker-com
 
+### Kube-Router
+#
 #kubernetes_network_plugin: kube-router
 #kubernetes_network_plugin_version: 1.5.1
 #kubernetes_network_plugin_replaces_kube_proxy: yes
 #kubernetes_enable_nodelocal_dnscache: yes
 
-kubernetes_network_plugin: cilium
-kubernetes_network_plugin_version: 1.13.2
-kubernetes_network_plugin_replaces_kube_proxy: yes
-kubernetes_enable_nodelocal_dnscache: no
-kubernetes_cilium_config:
-  ipam: kubernetes
-  tunnel: disabled
-  ipv4-native-routing-cidr: 192.168.28.0/24
-  auto-direct-node-routes: yes
-base_sysctl_config_user:
-  net.ipv4.conf.all.rp_filter: 0
-  net.ipv4.conf.default.rp_filter: 0
 
+### kubeguard
+#
+kubernetes_network_plugin: kubeguard
+kubernetes_network_plugin_replaces_kube_proxy: no
+kubernetes_enable_nodelocal_dnscache: yes
+kubeguard:
+  ## node_index must be in the range between 1 and 190 -> 189 hosts possible
+  ##
+  ## hardcoded hostnames are not nice but if we do this via host_vars
+  ## the info is spread over multiple files and this makes it more diffcult
+  ## to find mistakes, so it is nicer to keep it in one place...
+  node_index:
+    ch-calypso: 125
+    ch-thetys: 126
+    ch-k8s-ctrl: 127
+kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
+
+
+### Cilium
+#
+# kubernetes_network_plugin: cilium
+# kubernetes_network_plugin_version: 1.13.2
+# kubernetes_network_plugin_replaces_kube_proxy: yes
+# kubernetes_enable_nodelocal_dnscache: no
+# kubernetes_cilium_config:
+#   ipam: kubernetes
+#   tunnel: disabled
+#   ipv4-native-routing-cidr: 192.168.28.0/24
+#   auto-direct-node-routes: yes
+# base_sysctl_config_user:
+#   net.ipv4.conf.all.rp_filter: 0
+#   net.ipv4.conf.default.rp_filter: 0
+
+
+#### None
+#
 # kubernetes_network_plugin: none
 # kubernetes_network_plugin_replaces_kube_proxy: yes
 # kubernetes_enable_nodelocal_dnscache: no
 
 
+
 kubernetes:
   cluster_name: chtest
 
diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml
index 83708b7e..9a6f8b56 100644
--- a/inventory/group_vars/k8s-emc/vars.yml
+++ b/inventory/group_vars/k8s-emc/vars.yml
@@ -25,10 +25,6 @@ kubernetes_secrets:
 
 kubeguard:
   ## node_index must be in the range between 1 and 190 -> 189 hosts possible
-  ##
-  ## hardcoded hostnames are not nice but if we do this via host_vars
-  ## the info is spread over multiple files and this makes it more diffcult
-  ## to find mistakes, so it is nicer to keep it in one place...
   node_index:
     ele-emc-e01: 1
     ele-emc-e02: 2