diff options
32 files changed, 295 insertions, 101 deletions
diff --git a/chaos-at-home/ch-equinox-t450s.yml b/chaos-at-home/ch-equinox-t450s.yml index ed3d1c3a..389a39ed 100644 --- a/chaos-at-home/ch-equinox-t450s.yml +++ b/chaos-at-home/ch-equinox-t450s.yml @@ -10,6 +10,7 @@ - role: apt-repo/backports - role: apt-repo/spreadspace - role: apt-repo/tor-project + - role: apt-repo/github-containers - role: apt-repo/kubernetes - role: apt-repo/riot - role: apt-repo/nordvpn diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml index 34b10659..3cabbaeb 100644 --- a/chaos-at-home/ch-equinox-ws.yml +++ b/chaos-at-home/ch-equinox-ws.yml @@ -11,6 +11,7 @@ - role: apt-repo/backports - role: apt-repo/spreadspace - role: apt-repo/tor-project + - role: apt-repo/github-containers - role: apt-repo/kubernetes - role: apt-repo/riot - role: ws/base diff --git a/chaos-at-home/ch-testvm-prometheus.yml b/chaos-at-home/ch-testvm-prometheus.yml new file mode 100644 index 00000000..a34d58e3 --- /dev/null +++ b/chaos-at-home/ch-testvm-prometheus.yml @@ -0,0 +1,11 @@ +--- +- name: Basic Setup + hosts: ch-testvm-prometheus + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: kubernetes/base + - role: kubernetes/standalone/base diff --git a/filter_plugins/config-parser.py b/filter_plugins/config-parser.py deleted file mode 100644 index c052a7ec..00000000 --- a/filter_plugins/config-parser.py +++ /dev/null @@ -1,28 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -from functools import partial - -from ansible import errors - - -def from_ini(data): - try: - import configparser - config = configparser.ConfigParser() - config.optionxform = lambda option: option - config.read_string(data) - return {s: dict(config.items(s)) for s in config.sections()} - except Exception as e: - raise errors.AnsibleFilterError("from_ini(): %s" % str(e)) - - -class FilterModule(object): - - ''' config parser filters ''' - filter_map = { - 'from_ini': from_ini, - } - - def filters(self): - return self.filter_map diff --git a/filter_plugins/ini.py b/filter_plugins/ini.py new file mode 100644 index 00000000..f4f596bc --- /dev/null +++ b/filter_plugins/ini.py @@ -0,0 +1,59 @@ +# this is from: https://github.com/sivel/toiletwater/tree/master/plugins/filter +# +# (c) 2017, Matt Martz <matt@sivel.net> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# Make coding more python3-ish +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import copy + + +from functools import partial + +from ansible.errors import AnsibleFilterError +from ansible.module_utils._text import to_text +from ansible.module_utils.common._collections_compat import MutableMapping +from ansible.module_utils.six import string_types +from ansible.module_utils.six.moves import configparser, StringIO + + +def from_ini(o): + if not isinstance(o, string_types): + raise AnsibleFilterError('from_ini requires a string, got %s' % type(o)) + parser = configparser.RawConfigParser() + parser.optionxform = partial(to_text, errors='surrogate_or_strict') + parser.readfp(StringIO(o)) + d = dict(parser._sections) + for k in d: + d[k] = dict(d[k]) + d[k].pop('__name__', None) + if parser._defaults: + d['DEFAULT'] = dict(parser._defaults) + return d + + +def to_ini(o): + if not isinstance(o, MutableMapping): + raise AnsibleFilterError('to_ini requires a dict, got %s' % type(o)) + data = copy.deepcopy(o) + defaults = configparser.RawConfigParser(data.pop('DEFAULT', {})) + parser = configparser.RawConfigParser() + parser.optionxform = partial(to_text, errors='surrogate_or_strict') + for section, items in data.items(): + parser.add_section(section) + for k, v in items.items(): + parser.set(section, k, v) + out = StringIO() + defaults.write(out) + parser.write(out) + return out.getvalue().rstrip() + + +class FilterModule(object): + def filters(self): + return { + 'to_ini': to_ini, + 'from_ini': from_ini + } diff --git a/filter_plugins/toml.py b/filter_plugins/toml.py new file mode 100644 index 00000000..c169a3a6 --- /dev/null +++ b/filter_plugins/toml.py @@ -0,0 +1,52 @@ +# this is from: https://github.com/sivel/toiletwater/tree/master/plugins/filter +# +# (c) 2017, Matt Martz <matt@sivel.net> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# Make coding more python3-ish +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import functools + +from ansible.plugins.inventory.toml import HAS_TOML, toml_dumps +try: + from ansible.plugins.inventory.toml import toml +except ImportError: + pass + +from ansible.errors import AnsibleFilterError +from ansible.module_utils._text import to_text +from ansible.module_utils.common._collections_compat import MutableMapping +from ansible.module_utils.six import string_types + + +def _check_toml(func): + @functools.wraps(func) + def inner(o): + if not HAS_TOML: + raise AnsibleFilterError('The %s filter plugin requires the python "toml" library' % func.__name__) + return func(o) + return inner + + +@_check_toml +def from_toml(o): + if not isinstance(o, string_types): + raise AnsibleFilterError('from_toml requires a string, got %s' % type(o)) + return toml.loads(to_text(o, errors='surrogate_or_strict')) + + +@_check_toml +def to_toml(o): + if not isinstance(o, MutableMapping): + raise AnsibleFilterError('to_toml requires a dict, got %s' % type(o)) + return to_text(toml_dumps(o), errors='surrogate_or_strict') + + +class FilterModule(object): + def filters(self): + return { + 'to_toml': to_toml, + 'from_toml': from_toml + } diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index 4266c3bf..14773889 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -183,6 +183,7 @@ ws_base_extra_packages: - python3-ruamel.yaml - python3-sphinx - python3-sphinx-rtd-theme + - python3-toml - qemu-kvm - qemu-utils - quilt @@ -241,6 +242,10 @@ ws_base_extra_packages: # needs apt-repo/tor-project - tor - tor-geoipdb + # needs apt-repo/github-containers + - buildah + - containernetworking-plugins + - podman # needs apt-repo/kubernetes - kubectl # needs apt-repo/riot diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index 0799bbfe..8f4b709e 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -180,6 +180,7 @@ ws_base_extra_packages: - python3-ruamel.yaml - python3-sphinx - python3-sphinx-rtd-theme + - python3-toml - qemu-kvm - qemu-utils - quilt @@ -240,6 +241,10 @@ ws_base_extra_packages: # needs apt-repo/tor-project - tor - tor-geoipdb + # needs apt-repo/github-containers + - buildah + - containernetworking-plugins + - podman # needs apt-repo/kubernetes - kubectl # needs apt-repo/riot diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index 597cd134..d11d565c 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -12,7 +12,7 @@ install: sda: type: zfs name: root - size: 5g + size: 50g interfaces: - bridge: br-svc name: svc0 @@ -31,3 +31,24 @@ network: gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" interfaces: - *_network_primary_ + + + +containerd_storage: + type: lvm + vg: "{{ host_name }}" + lv: containerd + size: 20G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 15G + fs: ext4 + +kubernetes_version: 1.21.1 +kubernetes_container_runtime: containerd +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ch-thetys.yml b/inventory/host_vars/ch-thetys.yml index 5ebc387a..77e9470c 100644 --- a/inventory/host_vars/ch-thetys.yml +++ b/inventory/host_vars/ch-thetys.yml @@ -47,7 +47,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml index 73807915..7901beda 100644 --- a/inventory/host_vars/ele-thetys.yml +++ b/inventory/host_vars/ele-thetys.yml @@ -42,7 +42,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-calypso.yml b/inventory/host_vars/glt-calypso.yml index 3f6a42dd..bdd377cc 100644 --- a/inventory/host_vars/glt-calypso.yml +++ b/inventory/host_vars/glt-calypso.yml @@ -72,7 +72,7 @@ kubelet_storage: size: 10G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-coturn.yml b/inventory/host_vars/glt-coturn.yml index f3f814d0..f598384d 100644 --- a/inventory/host_vars/glt-coturn.yml +++ b/inventory/host_vars/glt-coturn.yml @@ -13,7 +13,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/glt-datacop.yml b/inventory/host_vars/glt-datacop.yml index 47982c29..e66eba05 100644 --- a/inventory/host_vars/glt-datacop.yml +++ b/inventory/host_vars/glt-datacop.yml @@ -67,7 +67,7 @@ kubelet_storage: size: 10G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-dione.yml b/inventory/host_vars/glt-dione.yml index 4e41ef41..c860d301 100644 --- a/inventory/host_vars/glt-dione.yml +++ b/inventory/host_vars/glt-dione.yml @@ -62,7 +62,7 @@ kubelet_storage: size: 10G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-helene.yml b/inventory/host_vars/glt-helene.yml index 4a927036..c016b0a7 100644 --- a/inventory/host_vars/glt-helene.yml +++ b/inventory/host_vars/glt-helene.yml @@ -62,7 +62,7 @@ kubelet_storage: size: 10G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-jitsi.yml b/inventory/host_vars/glt-jitsi.yml index 15a27ffb..966f3a74 100644 --- a/inventory/host_vars/glt-jitsi.yml +++ b/inventory/host_vars/glt-jitsi.yml @@ -13,7 +13,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/glt-telesto.yml b/inventory/host_vars/glt-telesto.yml index ed38a7b2..3ce9154c 100644 --- a/inventory/host_vars/glt-telesto.yml +++ b/inventory/host_vars/glt-telesto.yml @@ -72,7 +72,7 @@ kubelet_storage: size: 10G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/glt-thetys.yml b/inventory/host_vars/glt-thetys.yml index a80ebabe..51aaee89 100644 --- a/inventory/host_vars/glt-thetys.yml +++ b/inventory/host_vars/glt-thetys.yml @@ -67,7 +67,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/lw-thetys.yml b/inventory/host_vars/lw-thetys.yml index 2c5d998c..706557f7 100644 --- a/inventory/host_vars/lw-thetys.yml +++ b/inventory/host_vars/lw-thetys.yml @@ -43,7 +43,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml index de2afaa5..957abfb0 100644 --- a/inventory/host_vars/s2-thetys.yml +++ b/inventory/host_vars/s2-thetys.yml @@ -49,7 +49,7 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 4c31b999..8d03b7b1 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -457,6 +457,7 @@ glt-telesto glt-datacop glt-thetys sgg-icecast +ch-testvm-prometheus [kubernetes:children] kubernetes-cluster diff --git a/roles/apt-repo/github-containers/files/repo.gpg b/roles/apt-repo/github-containers/files/repo.gpg Binary files differnew file mode 100644 index 00000000..9b827ee8 --- /dev/null +++ b/roles/apt-repo/github-containers/files/repo.gpg diff --git a/roles/apt-repo/github-containers/tasks/main.yml b/roles/apt-repo/github-containers/tasks/main.yml new file mode 100644 index 00000000..fae56380 --- /dev/null +++ b/roles/apt-repo/github-containers/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: add repository key + copy: + src: repo.gpg + dest: /etc/apt/trusted.gpg.d/github-containers.gpg + register: apt_repo_github_containers_key + +- name: add repository entry + copy: + content: | + deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ (ansible_distribution == 'Ubuntu') | ternary('xUbuntu', ansible_distribution) }}_{{ ansible_distribution_version }}/ / + dest: /etc/apt/sources.list.d/github-containers.list + register: apt_repo_github_containers_sources + +- name: update apt cache + when: apt_repo_github_containers_key is changed or + apt_repo_github_containers_sources is changed + command: apt-get update + args: + warn: false diff --git a/roles/containerd/defaults/main.yml b/roles/containerd/defaults/main.yml new file mode 100644 index 00000000..b1ad9368 --- /dev/null +++ b/roles/containerd/defaults/main.yml @@ -0,0 +1,7 @@ +--- +containerd_pkg_provider: docker-com +containerd_pkg_name: containerd.io + +# containerd_pkg_version: + +# containerd_config: {} diff --git a/roles/containerd/handlers/main.yml b/roles/containerd/handlers/main.yml new file mode 100644 index 00000000..99f4d8e9 --- /dev/null +++ b/roles/containerd/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart containerd + service: + name: containerd + state: restarted diff --git a/roles/containerd/tasks/lvm.yml b/roles/containerd/tasks/lvm.yml deleted file mode 100644 index 93be2656..00000000 --- a/roles/containerd/tasks/lvm.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: create logical volume - lvol: - vg: "{{ containerd_storage.vg }}" - lv: "{{ containerd_storage.lv }}" - size: "{{ containerd_storage.size }}" - -- name: create filesystem - filesystem: - fstype: "{{ containerd_storage.fs }}" - dev: "/dev/mapper/{{ containerd_storage.vg | replace('-', '--') }}-{{ containerd_storage.lv | replace('-', '--') }}" - -- name: mount filesytem - mount: - src: "/dev/mapper/{{ containerd_storage.vg | replace('-', '--') }}-{{ containerd_storage.lv | replace('-', '--') }}" - path: /var/lib/containerd - fstype: "{{ containerd_storage.fs }}" - state: mounted diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index f0d29a4a..10371243 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -1,15 +1,48 @@ --- -- name: check for supported platform - when: ansible_distribution != "Ubuntu" - fail: - msg: "currenty this only works with ubuntu" - - name: prepare storage volume for /var/lib/containerd when: containerd_storage is defined - import_tasks: "{{ containerd_storage.type }}.yml" + vars: + storage_volume: "{{ containerd_storage | combine({'dest': '/var/lib/containerd'}) }}" + include_role: + name: "storage/{{ containerd_storage.type }}/volume" + +- name: create child-dataset for zfs-snapshotter + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + zfs: + name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}/io.containerd.snapshotter.v1.zfs" + state: present + +- name: prepare package provider + when: containerd_pkg_provider != 'distro' + include_role: + name: "apt-repo/{{ containerd_pkg_provider }}" - name: install containerd apt: - name: containerd + name: "{{ containerd_pkg_name }}{% if containerd_pkg_version is defined %}={{ containerd_pkg_version }}{% endif %}" state: present force: yes + +- name: fetch containerd default config + check_mode: no + command: containerd config default + register: containerd_config_default + changed_when: false + +- name: fetch containerd default config + copy: + content: "{{ containerd_config_default.stdout | from_toml | combine(containerd_config, recursive=True) | to_toml }}\n" + dest: /etc/containerd/config.toml + notify: restart containerd + +- name: disable automatic upgrades for containerd package + when: containerd_pkg_version is defined + dpkg_selections: + name: "{{ containerd_pkg_name }}" + selection: hold + +- name: start and enable containerd + service: + name: containerd + enabled: true + state: started diff --git a/roles/containerd/tasks/zfs.yml b/roles/containerd/tasks/zfs.yml deleted file mode 100644 index 7cf33639..00000000 --- a/roles/containerd/tasks/zfs.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -## containerd from ubuntu doesn't support zfs directly -## we need to create a volume and an ext4 fs on top of that... -- name: create zfs volume - zfs: - name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - state: present - extra_zfs_properties: "{{ containerd_storage.properties | default({}) | combine({'volsize': item.value.size}) }}" - -- name: create and ext4 filesystem on the zfs volume - filesystem: - fstype: ext4 - dev: "/dev/zvol/{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - -- name: mount filesytem - mount: - src: "/dev/zvol/{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - path: /var/lib/containerd - fstype: ext4 - opts: defaults,x-systemd.automount,nofail - state: mounted diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 66398ef2..97775b14 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -5,6 +5,30 @@ that: - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock" +- name: switch to systemd cgroup driver + set_fact: + containerd_config_override: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + runtimes: + runc: + options: + SystemdCgroup: true + +- name: switch to zfs-snapshotter for cri + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + set_fact: + containerd_config_override_zfs: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + snapshotter: "zfs" + +- name: override mandatory settings in containerd_config + set_fact: + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) | combine((containerd_config_override_zfs | default({})), recursive=True) }}" + - name: install containerd include_role: name: containerd diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 187d5893..88b35508 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -17,9 +17,17 @@ After=docker.service dest: /etc/systemd/system/kubelet.service.d/after-docker.conf -- name: disable bridge and iptables in docker daemon config +- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver set_fact: - docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}" + docker_daemon_config_override: + exec-opts: + - "native.cgroupdriver=systemd" + bridge: "none" + iptables: false + +- name: override mandatory settings in docker_daemon_config + set_fact: + docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}" - name: install docker include_role: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index a104b660..a13f04fa 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -9,24 +9,39 @@ include_role: name: "storage/{{ kubelet_storage.type }}/volume" -- name: add apt repository +- name: add apt repository for kubernetes packages include_role: name: apt-repo/kubernetes +- name: add apt repository for cri-tools + include_role: + name: apt-repo/github-containers + - name: install kubelet and common packages apt: name: - bridge-utils - - cri-tools + - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1" - "kubelet={{ kubernetes_version }}-00" state: present force: yes -- name: disable automatic upgrades for kubelet +- name: disable automatic upgrades for kubelet and cri-tools + loop: + - kubelet + - cri-tools dpkg_selections: - name: kubelet + name: "{{ item }}" selection: hold +- name: configure endpoints for crictl + when: kubernetes_cri_socket + copy: + dest: /etc/crictl.yaml + content: | + runtime-endpoint: "{{ kubernetes_cri_socket }}" + image-endpoint: "{{ kubernetes_cri_socket }}" + - name: add crictl config for shells loop: - zsh @@ -36,14 +51,7 @@ create: yes marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###" content: | - {% if kubernetes_cri_socket %} - alias crictl="crictl --runtime-endpoint {{ kubernetes_cri_socket }}" - {% endif %} - {% if item == 'zsh' %} - ## TODO: see https://github.com/kubernetes-sigs/cri-tools/issues/435 - autoload -U +X bashcompinit && bashcompinit - {% endif %} - source <(crictl completion) + source <(crictl completion {{ item }}) - name: add dummy group with gid 990 group: |