split up standalone kubelet role into base and pod

author: Christian Pointner <equinox@spreadspace.org> 2020-06-30 13:38:37 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-06-30 13:38:37 +0200
commit: 4af66462fb1e8630aed482552322fa4ebfcd53b6 (patch)
tree: a0747b0d2836752964ce865170905b32cc95083c /roles/kubernetes/standalone/base
parent: resync preseed files (diff)
8 files changed, 154 insertions, 0 deletions
diff --git a/roles/kubernetes/standalone/base/defaults/main.yml b/roles/kubernetes/standalone/base/defaults/main.yml
new file mode 100644
index 00000000..b0c14b11
--- /dev/null
+++ b/roles/kubernetes/standalone/base/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+kubernetes_standalone_address: 127.0.0.1
+kubernetes_standalone_port: 10250
+kubernetes_standalone_readonly_port: 0
+
+kubernetes_standalone_healthz_address: 127.0.0.1
+kubernetes_standalone_healthz_port: 0
+
+kubernetes_standalone_max_pods: 10
+
+kubernetes_standalone_pod_cidr: 192.168.255.0/24
+kubernetes_standalone_resolv_conf: /etc/resolv.conf
+
+kubernetes_standalone_cni_variant: with-portmap
diff --git a/roles/kubernetes/standalone/base/handlers/main.yml b/roles/kubernetes/standalone/base/handlers/main.yml
new file mode 100644
index 00000000..26438551
--- /dev/null
+++ b/roles/kubernetes/standalone/base/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart kubelet
+  systemd:
+    name: kubelet.service
+    state: restarted
+    daemon_reload: yes
diff --git a/roles/kubernetes/standalone/base/tasks/main.yml b/roles/kubernetes/standalone/base/tasks/main.yml
new file mode 100644
index 00000000..241c3136
--- /dev/null
+++ b/roles/kubernetes/standalone/base/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: create systemd override directory for kubelet
+  file:
+    path: /etc/systemd/system/kubelet.service.d
+    state: directory
+
+- name: install systemd override for kubelet
+  template:
+    src: kubelet.service.override.j2
+    dest: /etc/systemd/system/kubelet.service.d/standalone.conf
+  notify: restart kubelet
+
+- name: install kubelet config
+  template:
+    src: kubelet-config.yml.j2
+    dest: /etc/kubernetes/kubelet.yml
+  notify: restart kubelet
+
+- name: make sure kubelet is enabled and running
+  systemd:
+    name: kubelet.service
+    state: started
+    enabled: yes
+    daemon_reload: yes
+
+- name: create cni config directory
+  file:
+    name: /etc/cni/net.d
+    state: directory
+
+- name: install cni config
+  template:
+    src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2"
+    dest: /etc/cni/net.d/kube-standalone.conflist
diff --git a/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2
new file mode 100644
index 00000000..be47f216
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2
@@ -0,0 +1,17 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2
new file mode 100644
index 00000000..acaf7eba
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2
@@ -0,0 +1,25 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }, {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true,
+      "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"],
+      "conditionsV6": ["-s", "::1", "-d", "::1"]
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2
new file mode 100644
index 00000000..9f9b2b9a
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2
@@ -0,0 +1,23 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }, {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
new file mode 100644
index 00000000..d6af0f24
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2
@@ -0,0 +1,25 @@
+{# https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration #}
+{#  #}
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+staticPodPath: /etc/kubernetes/manifests
+address: {{ kubernetes_standalone_address }}
+port: {{ kubernetes_standalone_port }}
+readOnlyPort: {{ kubernetes_standalone_readonly_port }}
+healthzBindAddress: {{ kubernetes_standalone_healthz_address }}
+healthzPort: {{ kubernetes_standalone_healthz_port }}
+authentication:
+  anonymous:
+    enabled: true
+  webhook:
+    enabled: false
+authorization:
+  mode: AlwaysAllow
+maxPods: {{ kubernetes_standalone_max_pods }}
+makeIPTablesUtilChains: false
+hairpinMode: none
+resolvConf: {{ kubernetes_standalone_resolv_conf }}
+cgroupDriver: systemd
+enableControllerAttachDetach: false
+featureGates:
+  RuntimeClass: false
diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
new file mode 100644
index 00000000..fe8bfb4c
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2
@@ -0,0 +1,10 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/kubelet \
+  --config=/etc/kubernetes/kubelet.yml \
+{% if kubernetes_cri_socket %}
+  --container-runtime=remote \
+  --container-runtime-endpoint={{ kubernetes_cri_socket }} \
+{% endif %}
+  --network-plugin=cni \
+  --cloud-provider=
author	Christian Pointner <equinox@spreadspace.org>	2020-06-30 13:38:37 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-06-30 13:38:37 +0200
commit	4af66462fb1e8630aed482552322fa4ebfcd53b6 (patch)
tree	a0747b0d2836752964ce865170905b32cc95083c /roles/kubernetes/standalone/base
parent	resync preseed files (diff)