diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/apt-repo/github-containers/files/repo.gpg | bin | 0 -> 723 bytes | |||
| -rw-r--r-- | roles/apt-repo/github-containers/tasks/main.yml | 20 | ||||
| -rw-r--r-- | roles/containerd/defaults/main.yml | 7 | ||||
| -rw-r--r-- | roles/containerd/handlers/main.yml | 5 | ||||
| -rw-r--r-- | roles/containerd/tasks/lvm.yml | 18 | ||||
| -rw-r--r-- | roles/containerd/tasks/main.yml | 47 | ||||
| -rw-r--r-- | roles/containerd/tasks/zfs.yml | 21 | ||||
| -rw-r--r-- | roles/kubernetes/base/tasks/cri_containerd.yml | 24 | ||||
| -rw-r--r-- | roles/kubernetes/base/tasks/cri_docker.yml | 12 | ||||
| -rw-r--r-- | roles/kubernetes/base/tasks/main.yml | 32 |
10 files changed, 126 insertions, 60 deletions
diff --git a/roles/apt-repo/github-containers/files/repo.gpg b/roles/apt-repo/github-containers/files/repo.gpg Binary files differnew file mode 100644 index 00000000..9b827ee8 --- /dev/null +++ b/roles/apt-repo/github-containers/files/repo.gpg diff --git a/roles/apt-repo/github-containers/tasks/main.yml b/roles/apt-repo/github-containers/tasks/main.yml new file mode 100644 index 00000000..fae56380 --- /dev/null +++ b/roles/apt-repo/github-containers/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: add repository key + copy: + src: repo.gpg + dest: /etc/apt/trusted.gpg.d/github-containers.gpg + register: apt_repo_github_containers_key + +- name: add repository entry + copy: + content: | + deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ (ansible_distribution == 'Ubuntu') | ternary('xUbuntu', ansible_distribution) }}_{{ ansible_distribution_version }}/ / + dest: /etc/apt/sources.list.d/github-containers.list + register: apt_repo_github_containers_sources + +- name: update apt cache + when: apt_repo_github_containers_key is changed or + apt_repo_github_containers_sources is changed + command: apt-get update + args: + warn: false diff --git a/roles/containerd/defaults/main.yml b/roles/containerd/defaults/main.yml new file mode 100644 index 00000000..b1ad9368 --- /dev/null +++ b/roles/containerd/defaults/main.yml @@ -0,0 +1,7 @@ +--- +containerd_pkg_provider: docker-com +containerd_pkg_name: containerd.io + +# containerd_pkg_version: + +# containerd_config: {} diff --git a/roles/containerd/handlers/main.yml b/roles/containerd/handlers/main.yml new file mode 100644 index 00000000..99f4d8e9 --- /dev/null +++ b/roles/containerd/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart containerd + service: + name: containerd + state: restarted diff --git a/roles/containerd/tasks/lvm.yml b/roles/containerd/tasks/lvm.yml deleted file mode 100644 index 93be2656..00000000 --- a/roles/containerd/tasks/lvm.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: create logical volume - lvol: - vg: "{{ containerd_storage.vg }}" - lv: "{{ containerd_storage.lv }}" - size: "{{ containerd_storage.size }}" - -- name: create filesystem - filesystem: - fstype: "{{ containerd_storage.fs }}" - dev: "/dev/mapper/{{ containerd_storage.vg | replace('-', '--') }}-{{ containerd_storage.lv | replace('-', '--') }}" - -- name: mount filesytem - mount: - src: "/dev/mapper/{{ containerd_storage.vg | replace('-', '--') }}-{{ containerd_storage.lv | replace('-', '--') }}" - path: /var/lib/containerd - fstype: "{{ containerd_storage.fs }}" - state: mounted diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml index f0d29a4a..10371243 100644 --- a/roles/containerd/tasks/main.yml +++ b/roles/containerd/tasks/main.yml @@ -1,15 +1,48 @@ --- -- name: check for supported platform - when: ansible_distribution != "Ubuntu" - fail: - msg: "currenty this only works with ubuntu" - - name: prepare storage volume for /var/lib/containerd when: containerd_storage is defined - import_tasks: "{{ containerd_storage.type }}.yml" + vars: + storage_volume: "{{ containerd_storage | combine({'dest': '/var/lib/containerd'}) }}" + include_role: + name: "storage/{{ containerd_storage.type }}/volume" + +- name: create child-dataset for zfs-snapshotter + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + zfs: + name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}/io.containerd.snapshotter.v1.zfs" + state: present + +- name: prepare package provider + when: containerd_pkg_provider != 'distro' + include_role: + name: "apt-repo/{{ containerd_pkg_provider }}" - name: install containerd apt: - name: containerd + name: "{{ containerd_pkg_name }}{% if containerd_pkg_version is defined %}={{ containerd_pkg_version }}{% endif %}" state: present force: yes + +- name: fetch containerd default config + check_mode: no + command: containerd config default + register: containerd_config_default + changed_when: false + +- name: fetch containerd default config + copy: + content: "{{ containerd_config_default.stdout | from_toml | combine(containerd_config, recursive=True) | to_toml }}\n" + dest: /etc/containerd/config.toml + notify: restart containerd + +- name: disable automatic upgrades for containerd package + when: containerd_pkg_version is defined + dpkg_selections: + name: "{{ containerd_pkg_name }}" + selection: hold + +- name: start and enable containerd + service: + name: containerd + enabled: true + state: started diff --git a/roles/containerd/tasks/zfs.yml b/roles/containerd/tasks/zfs.yml deleted file mode 100644 index 7cf33639..00000000 --- a/roles/containerd/tasks/zfs.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -## containerd from ubuntu doesn't support zfs directly -## we need to create a volume and an ext4 fs on top of that... -- name: create zfs volume - zfs: - name: "{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - state: present - extra_zfs_properties: "{{ containerd_storage.properties | default({}) | combine({'volsize': item.value.size}) }}" - -- name: create and ext4 filesystem on the zfs volume - filesystem: - fstype: ext4 - dev: "/dev/zvol/{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - -- name: mount filesytem - mount: - src: "/dev/zvol/{{ containerd_storage.pool }}/{{ containerd_storage.name }}" - path: /var/lib/containerd - fstype: ext4 - opts: defaults,x-systemd.automount,nofail - state: mounted diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml index 66398ef2..97775b14 100644 --- a/roles/kubernetes/base/tasks/cri_containerd.yml +++ b/roles/kubernetes/base/tasks/cri_containerd.yml @@ -5,6 +5,30 @@ that: - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock" +- name: switch to systemd cgroup driver + set_fact: + containerd_config_override: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + runtimes: + runc: + options: + SystemdCgroup: true + +- name: switch to zfs-snapshotter for cri + when: "containerd_storage is defined and containerd_storage.type == 'zfs'" + set_fact: + containerd_config_override_zfs: + plugins: + "io.containerd.grpc.v1.cri": + containerd: + snapshotter: "zfs" + +- name: override mandatory settings in containerd_config + set_fact: + containerd_config: "{{ containerd_config | default({}) | combine(containerd_config_override, recursive=True) | combine((containerd_config_override_zfs | default({})), recursive=True) }}" + - name: install containerd include_role: name: containerd diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 187d5893..88b35508 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -17,9 +17,17 @@ After=docker.service dest: /etc/systemd/system/kubelet.service.d/after-docker.conf -- name: disable bridge and iptables in docker daemon config +- name: disable bridge and iptables in docker daemon config and switch to systemd cgroup driver set_fact: - docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}" + docker_daemon_config_override: + exec-opts: + - "native.cgroupdriver=systemd" + bridge: "none" + iptables: false + +- name: override mandatory settings in docker_daemon_config + set_fact: + docker_daemon_config: "{{ docker_daemon_config | default({}) | combine(docker_daemon_config_override, recursive=True, list_merge='append') }}" - name: install docker include_role: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index a104b660..a13f04fa 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -9,24 +9,39 @@ include_role: name: "storage/{{ kubelet_storage.type }}/volume" -- name: add apt repository +- name: add apt repository for kubernetes packages include_role: name: apt-repo/kubernetes +- name: add apt repository for cri-tools + include_role: + name: apt-repo/github-containers + - name: install kubelet and common packages apt: name: - bridge-utils - - cri-tools + - "cri-tools={{ ([0, 1] | map('extract', kubernetes_version.split('.'))) | join('.') }}.0~1" - "kubelet={{ kubernetes_version }}-00" state: present force: yes -- name: disable automatic upgrades for kubelet +- name: disable automatic upgrades for kubelet and cri-tools + loop: + - kubelet + - cri-tools dpkg_selections: - name: kubelet + name: "{{ item }}" selection: hold +- name: configure endpoints for crictl + when: kubernetes_cri_socket + copy: + dest: /etc/crictl.yaml + content: | + runtime-endpoint: "{{ kubernetes_cri_socket }}" + image-endpoint: "{{ kubernetes_cri_socket }}" + - name: add crictl config for shells loop: - zsh @@ -36,14 +51,7 @@ create: yes marker: "### {mark} ANSIBLE MANAGED BLOCK for crictl ###" content: | - {% if kubernetes_cri_socket %} - alias crictl="crictl --runtime-endpoint {{ kubernetes_cri_socket }}" - {% endif %} - {% if item == 'zsh' %} - ## TODO: see https://github.com/kubernetes-sigs/cri-tools/issues/435 - autoload -U +X bashcompinit && bashcompinit - {% endif %} - source <(crictl completion) + source <(crictl completion {{ item }}) - name: add dummy group with gid 990 group: |