diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-03-17 15:07:43 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-03-17 15:07:43 +0100 |
commit | caea61f4fb8b66aa2a0dc7aa2d2b8a06477d9706 (patch) | |
tree | 46e799c4b39a0c3afee1459821ced62e49e858a3 /roles/kubernetes/kubeadm | |
parent | remove xro dns zones (diff) |
kubernetes role, cleanup and harmonization
Diffstat (limited to 'roles/kubernetes/kubeadm')
4 files changed, 23 insertions, 19 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 8e913560..2d2bd324 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -1,18 +1,18 @@ --- -- name: install kubeadm and kubectl +- name: install kubeadm packages apt: name: - - haproxy - - hatop - - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" - - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - haproxy + - hatop + - "kubeadm={{ kubernetes_version }}-00" + - "kubectl={{ kubernetes_version }}-00" state: present + force: yes -- name: disable automatic upgrades for kubeadm and kubectl - when: kubernetes.pkg_version is defined +- name: disable automatic upgrades for kubeadm/kubectl loop: - - kubeadm - - kubectl + - kubeadm + - kubectl dpkg_selections: name: "{{ item }}" selection: hold @@ -25,7 +25,7 @@ line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}' create: yes -- name: add kubeadm completion for shells +- name: add kubeadm config for shells loop: - zsh - bash @@ -58,3 +58,6 @@ marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###" content: | alias hatop="hatop -s /var/run/haproxy/admin.sock" + +# - name: prepare network plugin +# include_tasks: "net_{{ kubernetes_network_plugin }}.yml" diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 index 319cc1cb..2e0eaf5d 100644 --- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 +++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 @@ -37,5 +37,5 @@ backend kube_api timeout connect 5s timeout server 3h {% for master in groups['_kubernetes_masters_'] %} - server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none + server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none {% endfor %} diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 115c8616..9bbe9ecc 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -103,6 +103,7 @@ delegate_facts: True loop: "{{ groups['_kubernetes_nodes_'] }}" + ## Network Plugin # - name: install network plugin diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 index f48a34f3..bb7f9a96 100644 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -23,14 +23,14 @@ networking: podSubnet: {{ kubernetes.pod_ip_range }} serviceSubnet: {{ kubernetes.service_ip_range }} apiServer: - # extraArgs: - # encryption-provider-config: /etc/kubernetes/encryption/config - # extraVolumes: - # - name: encryption-config - # hostPath: /etc/kubernetes/encryption - # mountPath: /etc/kubernetes/encryption - # readOnly: true - # pathType: Directory + extraArgs: + encryption-provider-config: /etc/kubernetes/encryption/config + extraVolumes: + - name: encryption-config + hostPath: /etc/kubernetes/encryption + mountPath: /etc/kubernetes/encryption + readOnly: true + pathType: Directory {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %} certSANs: [] {% else %} |