summaryrefslogtreecommitdiff
path: root/roles/kubernetes/kubeadm/base
diff options
context:
space:
mode:
Diffstat (limited to 'roles/kubernetes/kubeadm/base')
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/main.yml25
-rw-r--r--roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j236
2 files changed, 61 insertions, 0 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 69a09811..8e913560 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -2,6 +2,8 @@
- name: install kubeadm and kubectl
apt:
name:
+ - haproxy
+ - hatop
- "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
- "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
state: present
@@ -33,3 +35,26 @@
marker: "### {mark} ANSIBLE MANAGED BLOCK for kubeadm ###"
content: |
source <(kubeadm completion {{ item }})
+
+- name: configure haproxy
+ template:
+ src: haproxy.cfg.j2
+ dest: /etc/haproxy/haproxy.cfg
+ register: haproxy_config
+
+- name: (re)start haproxy
+ systemd:
+ name: haproxy
+ state: "{% if haproxy_config is changed %}restarted{% else %}started{% endif %}"
+ enabled: yes
+
+- name: add hatop config for shells
+ loop:
+ - zsh
+ - bash
+ blockinfile:
+ path: "/root/.{{ item }}rc"
+ create: yes
+ marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###"
+ content: |
+ alias hatop="hatop -s /var/run/haproxy/admin.sock"
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
new file mode 100644
index 00000000..3de6ac00
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -0,0 +1,36 @@
+global
+ log /dev/log local0
+ log /dev/log local1 notice
+ chroot /var/lib/haproxy
+ stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+ stats timeout 30s
+ user haproxy
+ group haproxy
+ daemon
+
+frontend kube_api
+{% if '_kubernetes_masters_' in group_names %}
+ bind *:6443
+{% else %}
+ bind 127.0.0.1:6443
+{% endif %}
+ mode tcp
+ timeout client 3h
+ default_backend kube_api
+
+backend kube_api
+ mode tcp
+{% if '_kubernetes_masters_' in group_names %}
+ balance first
+{% else %}
+ balance roundrobin
+{% endif %}
+ option log-health-checks
+ option httpchk GET /healthz
+ http-check expect string ok
+ default-server inter 5s fall 3 rise 2
+ timeout connect 5s
+ timeout server 3h
+{% for master in groups['_kubernetes_masters_'] %}
+ server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+{% endfor %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 23:40:04 +0000