diff options
| -rw-r--r-- | group_vars/k8s-stream/vars.yml | 4 | ||||
| -rw-r--r-- | playbooks/k8s-stream.yaml | 8 | ||||
| -rw-r--r-- | roles/docker/tasks/main.yaml | 9 | ||||
| -rw-r--r-- | roles/kubernetes-base/tasks/main.yaml | 14 | ||||
| -rw-r--r-- | roles/kubernetes-net/tasks/main.yaml | 7 | ||||
| -rw-r--r-- | roles/upgrade/tasks/main.yaml | 14 |
6 files changed, 44 insertions, 12 deletions
diff --git a/group_vars/k8s-stream/vars.yml b/group_vars/k8s-stream/vars.yml index c295948b..ef5f7a28 100644 --- a/group_vars/k8s-stream/vars.yml +++ b/group_vars/k8s-stream/vars.yml @@ -1,4 +1,8 @@ +docker_pkg_version: 17.03.2~ce-0~debian-stretch + kubernetes: + pkg_version: 1.9.2-00 + pod_ip_range: 172.18.0.0/16 pod_ip_range_size: 24 service_ip_range: 172.18.192.0/18 diff --git a/playbooks/k8s-stream.yaml b/playbooks/k8s-stream.yaml index 6292f24a..ff369435 100644 --- a/playbooks/k8s-stream.yaml +++ b/playbooks/k8s-stream.yaml @@ -2,8 +2,14 @@ - name: install kubernetes and overlay network hosts: k8s-stream roles: - - role: kubernetes-base + ## Since `base` has a dependency for docker it would install and start the daemon + ## without the docker daemon config file generated by `net`. + ## This means that the docker daemon will create a bridge and install iptables rules + ## upon first startup (the first time this playbook runs on a specific host). + ## Since it is a tedious task to remove the interface and the firewall rules it is much + ## easier to just run `net` before `base` as `net` does not need anything from `base`. - role: kubernetes-net + - role: kubernetes-base - name: configure kubernetes master hosts: k8s-stream-master diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml index c07888f7..2604dead 100644 --- a/roles/docker/tasks/main.yaml +++ b/roles/docker/tasks/main.yaml @@ -39,5 +39,12 @@ - name: install docker apt: - name: docker-ce + name: "docker-ce{% if docker_pkg_version is defined %}={{ docker_pkg_version }}{% endif %}" state: present + force: yes + +- name: disable automatic upgrades for docker package + when: docker_pkg_version is defined + dpkg_selections: + name: docker-ce + selection: hold diff --git a/roles/kubernetes-base/tasks/main.yaml b/roles/kubernetes-base/tasks/main.yaml index e217b9c1..8badf984 100644 --- a/roles/kubernetes-base/tasks/main.yaml +++ b/roles/kubernetes-base/tasks/main.yaml @@ -39,12 +39,22 @@ - name: install basic kubernetes components with_items: + - "kubelet{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + apt: + name: "{{ item }}" + state: present + +- name: disable automatic upgrades for kubernetes components + when: kubernetes.pkg_version is defined + with_items: - kubelet - kubeadm - kubectl - apt: + dpkg_selections: name: "{{ item }}" - state: present + selection: hold - name: add dummy group with gid 998 group: diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml index 13384204..88f50fd8 100644 --- a/roles/kubernetes-net/tasks/main.yaml +++ b/roles/kubernetes-net/tasks/main.yaml @@ -1,4 +1,10 @@ --- +- name: create docker config directory + file: + name: /etc/docker + state: directory + mode: 0700 + - name: disable docker iptales and bridge copy: src: daemon.json @@ -77,6 +83,7 @@ template: src: kubenet-peer.service.j2 dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service" + # TODO: notify restart for peers that change... - name: make sure kubenet peer services are started and enabled with_items: "{{ kubenet_peers_to_add }}" diff --git a/roles/upgrade/tasks/main.yaml b/roles/upgrade/tasks/main.yaml index 60a921b7..df7360de 100644 --- a/roles/upgrade/tasks/main.yaml +++ b/roles/upgrade/tasks/main.yaml @@ -4,7 +4,8 @@ update_cache: yes - name: List packages to upgrade (1/2) - command: aptitude -q -F%p --disable-columns search "~U" + command: aptitude -q -F%p --disable-columns search '~U !~ahold' + check_mode: no register: updates changed_when: False failed_when: updates.rc != 0 and updates.rc != 1 @@ -16,10 +17,11 @@ - name: Upgrade packages apt: - upgrade: safe + upgrade: safe - name: List services to restart (1/2) shell: checkrestart | grep ^service | awk '{print $2}' + check_mode: no register: services changed_when: False @@ -28,11 +30,7 @@ msg: "{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})" when: services.stdout_lines -- name: clean apt-cache - command: apt-get clean - args: - warn: False - -- name: remove stale packages +- name: clean apt-cache and remove stale packages apt: + autoclean: yes autoremove: yes |