diff options
Diffstat (limited to 'roles/kubernetes')
5 files changed, 29 insertions, 28 deletions
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index f1802b0c..17251b82 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -31,24 +31,21 @@ - name: update apt cache meta: flush_handlers -- name: install kubelet and utils +- name: install kubelet and common packages apt: name: - - "kubelet{% if kubernetes_version is defined %}={{ kubernetes_version }}-00{% endif %}" - - cri-tools - - bridge-utils + - bridge-utils + - cri-tools + - "kubelet={{ kubernetes_version }}-00" state: present force: yes - name: disable automatic upgrades for kubelet - when: kubernetes_version is defined - loop: - - kubelet dpkg_selections: - name: "{{ item }}" + name: kubelet selection: hold -- name: configure crictl to use containerd +- name: add crictl config for shells loop: - zsh - bash diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml index 8e913560..2d2bd324 100644 --- a/roles/kubernetes/kubeadm/base/tasks/main.yml +++ b/roles/kubernetes/kubeadm/base/tasks/main.yml @@ -1,18 +1,18 @@ --- -- name: install kubeadm and kubectl +- name: install kubeadm packages apt: name: - - haproxy - - hatop - - "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" - - "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}" + - haproxy + - hatop + - "kubeadm={{ kubernetes_version }}-00" + - "kubectl={{ kubernetes_version }}-00" state: present + force: yes -- name: disable automatic upgrades for kubeadm and kubectl - when: kubernetes.pkg_version is defined +- name: disable automatic upgrades for kubeadm/kubectl loop: - - kubeadm - - kubectl + - kubeadm + - kubectl dpkg_selections: name: "{{ item }}" selection: hold @@ -25,7 +25,7 @@ line: 'KUBELET_EXTRA_ARGS=--node-ip={{ kubernetes_overlay_node_ip }}' create: yes -- name: add kubeadm completion for shells +- name: add kubeadm config for shells loop: - zsh - bash @@ -58,3 +58,6 @@ marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###" content: | alias hatop="hatop -s /var/run/haproxy/admin.sock" + +# - name: prepare network plugin +# include_tasks: "net_{{ kubernetes_network_plugin }}.yml" diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 index 319cc1cb..2e0eaf5d 100644 --- a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 +++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 @@ -37,5 +37,5 @@ backend kube_api timeout connect 5s timeout server 3h {% for master in groups['_kubernetes_masters_'] %} - server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none + server {{ master }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none {% endfor %} diff --git a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml index 115c8616..9bbe9ecc 100644 --- a/roles/kubernetes/kubeadm/master/tasks/primary-master.yml +++ b/roles/kubernetes/kubeadm/master/tasks/primary-master.yml @@ -103,6 +103,7 @@ delegate_facts: True loop: "{{ groups['_kubernetes_nodes_'] }}" + ## Network Plugin # - name: install network plugin diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 index f48a34f3..bb7f9a96 100644 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -23,14 +23,14 @@ networking: podSubnet: {{ kubernetes.pod_ip_range }} serviceSubnet: {{ kubernetes.service_ip_range }} apiServer: - # extraArgs: - # encryption-provider-config: /etc/kubernetes/encryption/config - # extraVolumes: - # - name: encryption-config - # hostPath: /etc/kubernetes/encryption - # mountPath: /etc/kubernetes/encryption - # readOnly: true - # pathType: Directory + extraArgs: + encryption-provider-config: /etc/kubernetes/encryption/config + extraVolumes: + - name: encryption-config + hostPath: /etc/kubernetes/encryption + mountPath: /etc/kubernetes/encryption + readOnly: true + pathType: Directory {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %} certSANs: [] {% else %} |