diff options
-rw-r--r-- | inventory/group_vars/k8s-chtest/vars.yml | 52 | ||||
-rw-r--r-- | inventory/host_vars/ch-dione.yml | 19 | ||||
-rw-r--r-- | inventory/host_vars/ch-helene.yml | 19 | ||||
-rw-r--r-- | inventory/host_vars/ch-k8s-master.yml | 6 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/base/tasks/main.yml | 8 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/upgrade | 12 |
6 files changed, 82 insertions, 34 deletions
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 93678de5..578a3371 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -1,12 +1,12 @@ --- -docker_pkg_provider: docker-com - -kubernetes_version: 1.22.5 -kubernetes_container_runtime: docker -kubernetes_network_plugin: kubeguard +kubernetes_version: 1.23.1 +kubernetes_cri_tools_pkg_version: 1.22.0-1 +kubernetes_container_runtime: containerd +# kubernetes_network_plugin: kubeguard # kubernetes_network_plugin_variant: with-kube-router -# kubernetes_network_plugin_version: 0.4.0 -# kubernetes_network_plugin_replaces_kube_proxy: true +kubernetes_network_plugin: kube-router +kubernetes_network_plugin_version: 0.4.0 +kubernetes_network_plugin_replaces_kube_proxy: true kubernetes: @@ -25,24 +25,24 @@ kubernetes_secrets: encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}" -kubeguard: - ## node_index must be in the range between 1 and 190 -> 189 hosts possible - ## - ## hardcoded hostnames are not nice but if we do this via host_vars - ## the info is spread over multiple files and this makes it more diffcult - ## to find mistakes, so it is nicer to keep it in one place... - node_index: - ch-dione: 111 - ch-helene: 112 - ch-k8s-master: 127 - - direct_net_zones: - encoder: - transfer_net: 172.18.191.0/24 - node_interface: - ch-dione: eno2 - ch-helene: eno2 - -kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" +# kubeguard: +# ## node_index must be in the range between 1 and 190 -> 189 hosts possible +# ## +# ## hardcoded hostnames are not nice but if we do this via host_vars +# ## the info is spread over multiple files and this makes it more diffcult +# ## to find mistakes, so it is nicer to keep it in one place... +# node_index: +# ch-dione: 111 +# ch-helene: 112 +# ch-k8s-master: 127 + +# direct_net_zones: +# encoder: +# transfer_net: 172.18.191.0/24 +# node_interface: +# ch-dione: eno2 +# ch-helene: eno2 + +# kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" kubernetes_metrics_server_version: 0.5.0 diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml index 3b543db5..bc8ef463 100644 --- a/inventory/host_vars/ch-dione.yml +++ b/inventory/host_vars/ch-dione.yml @@ -3,6 +3,24 @@ install: efi: true disks: primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NY0HC29501 + system_lvm: + volumes: + - name: root + size: 3G + filesystem: ext4 + mountpoint: / + - name: var + size: 1280M + filesystem: ext4 + mountpoint: /var + - name: var+log + size: 768M + filesystem: ext4 + mountpoint: /var/log + mount_options: + - noatime + - nodev + - noexec kernel_cmdline: - "consoleblank=0" - "nomodeset" @@ -26,6 +44,7 @@ apt_repo_components: spreadspace_apt_repo_components: - container + containerd_storage: type: lvm vg: "{{ host_name }}" diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml index 080ac6cd..2223f56c 100644 --- a/inventory/host_vars/ch-helene.yml +++ b/inventory/host_vars/ch-helene.yml @@ -3,6 +3,24 @@ install: efi: true disks: primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NB0J803346 + system_lvm: + volumes: + - name: root + size: 3G + filesystem: ext4 + mountpoint: / + - name: var + size: 1280M + filesystem: ext4 + mountpoint: /var + - name: var+log + size: 768M + filesystem: ext4 + mountpoint: /var/log + mount_options: + - noatime + - nodev + - noexec kernel_cmdline: - "consoleblank=0" - "nomodeset" @@ -26,6 +44,7 @@ apt_repo_components: spreadspace_apt_repo_components: - container + containerd_storage: type: lvm vg: "{{ host_name }}" diff --git a/inventory/host_vars/ch-k8s-master.yml b/inventory/host_vars/ch-k8s-master.yml index 71795c5d..63723000 100644 --- a/inventory/host_vars/ch-k8s-master.yml +++ b/inventory/host_vars/ch-k8s-master.yml @@ -13,6 +13,8 @@ install: type: zfs name: root size: 20g + properties: + 'syncoid:sync': 'false' system_lvm: volumes: - name: root @@ -55,10 +57,10 @@ spreadspace_apt_repo_components: - container -docker_storage: +containerd_storage: type: lvm vg: "{{ host_name }}" - lv: docker + lv: containerd size: 7G fs: ext4 diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 7e48bd5b..56d7f8d2 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -59,5 +59,13 @@ state: present changed_when: false +- name: enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + state: present + reload: yes + - name: prepare network plugin include_tasks: "net_{{ kubernetes_network_plugin }}.yml" diff --git a/roles/kubernetes/kubeadm/upgrade b/roles/kubernetes/kubeadm/upgrade index 52fe1a5d..c2f97d40 100644 --- a/roles/kubernetes/kubeadm/upgrade +++ b/roles/kubernetes/kubeadm/upgrade @@ -4,7 +4,7 @@ Cluster Upgrades: primary master: --------------- -VERSION=1.22.2 +VERSION=1.23.1 apt-get update @@ -13,7 +13,7 @@ apt-get install -y "kubeadm=$VERSION-00" kubeadm version kubeadm upgrade plan -kubectl drain $(hostname) --ignore-daemonsets --delete-local-data +kubectl drain $(hostname) --ignore-daemonsets --delete-emptydir-data kubeadm upgrade apply "v$VERSION" sed "s/^kubernetesVersion: .*$/kubernetesVersion: $VERSION/" -i /etc/kubernetes/kubeadm.config @@ -29,13 +29,13 @@ kubectl uncordon $(hostname) secondary master: ----------------- -VERSION=1.22.2 +VERSION=1.23.1 apt-get update sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" -kubectl drain $(hostname) --ignore-daemonsets --delete-local-data +kubectl drain $(hostname) --ignore-daemonsets --delete-emptydir-data kubeadm upgrade node sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref @@ -49,13 +49,13 @@ kubectl uncordon $(hostname) worker nodes: ------------- -VERSION=1.22.2 +VERSION=1.23.1 apt-get update sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref apt-get install -y "kubeadm=$VERSION-00" -@primary master: kubectl drain <node> --ignore-daemonsets --delete-local-data +@primary master: kubectl drain <node> --ignore-daemonsets --delete-emptydir-data kubeadm upgrade node sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref |