summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/main.yml25
-rw-r--r--roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j236
-rw-r--r--roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml2
-rw-r--r--roles/kubernetes/kubeadm/master/templates/kubeadm.config.j29
-rw-r--r--roles/kubernetes/kubeadm/node/tasks/main.yml2
5 files changed, 67 insertions, 7 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 69a09811..8e913560 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -2,6 +2,8 @@
- name: install kubeadm and kubectl
apt:
name:
+ - haproxy
+ - hatop
- "kubeadm{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
- "kubectl{% if kubernetes.pkg_version is defined %}={{ kubernetes.pkg_version }}{% endif %}"
state: present
@@ -33,3 +35,26 @@
marker: "### {mark} ANSIBLE MANAGED BLOCK for kubeadm ###"
content: |
source <(kubeadm completion {{ item }})
+
+- name: configure haproxy
+ template:
+ src: haproxy.cfg.j2
+ dest: /etc/haproxy/haproxy.cfg
+ register: haproxy_config
+
+- name: (re)start haproxy
+ systemd:
+ name: haproxy
+ state: "{% if haproxy_config is changed %}restarted{% else %}started{% endif %}"
+ enabled: yes
+
+- name: add hatop config for shells
+ loop:
+ - zsh
+ - bash
+ blockinfile:
+ path: "/root/.{{ item }}rc"
+ create: yes
+ marker: "### {mark} ANSIBLE MANAGED BLOCK for hatop ###"
+ content: |
+ alias hatop="hatop -s /var/run/haproxy/admin.sock"
diff --git a/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2 b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
new file mode 100644
index 00000000..3de6ac00
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/templates/haproxy.cfg.j2
@@ -0,0 +1,36 @@
+global
+ log /dev/log local0
+ log /dev/log local1 notice
+ chroot /var/lib/haproxy
+ stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+ stats timeout 30s
+ user haproxy
+ group haproxy
+ daemon
+
+frontend kube_api
+{% if '_kubernetes_masters_' in group_names %}
+ bind *:6443
+{% else %}
+ bind 127.0.0.1:6443
+{% endif %}
+ mode tcp
+ timeout client 3h
+ default_backend kube_api
+
+backend kube_api
+ mode tcp
+{% if '_kubernetes_masters_' in group_names %}
+ balance first
+{% else %}
+ balance roundrobin
+{% endif %}
+ option log-health-checks
+ option httpchk GET /healthz
+ http-check expect string ok
+ default-server inter 5s fall 3 rise 2
+ timeout connect 5s
+ timeout server 3h
+{% for master in groups['_kubernetes_masters_'] %}
+ server {{ hostvars[master].inventory_hostname }} {{ hostvars[master].kubernetes_overlay_node_ip | default(hostvars[master].ansible_default_ipv4.address) }}:6442 {% if master == inventory_hostname %}id 1{% endif %} check check-ssl verify none
+{% endfor %}
diff --git a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
index 3c800a87..c00c3203 100644
--- a/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/secondary-masters.yml
@@ -28,7 +28,7 @@
- name: join kubernetes secondary master node and store log
block:
- name: join kubernetes secondary master node
- command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
+ command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }} --apiserver-bind-port 6442{% if kubernetes_overlay_node_ip is defined %} --apiserver-advertise-address {{ kubernetes_overlay_node_ip }}{% endif %}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}' --control-plane --certificate-key {{ kubeadm_upload_certs_key }}"
args:
creates: /etc/kubernetes/kubelet.conf
register: kubeadm_join
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index 06d59ced..f48a34f3 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -6,8 +6,9 @@ kind: InitConfiguration
{# better control it's lifetime #}
bootstrapTokens:
- ttl: "1s"
-{% if kubernetes_overlay_node_ip is defined %}
localAPIEndpoint:
+ bindPort: 6442
+{% if kubernetes_overlay_node_ip is defined %}
advertiseAddress: {{ kubernetes_overlay_node_ip }}
{% endif %}
---
@@ -16,15 +17,13 @@ kind: ClusterConfiguration
kubernetesVersion: {{ kubernetes_version }}
clusterName: {{ kubernetes.cluster_name }}
imageRepository: k8s.gcr.io
-{% if kubernetes_overlay_node_ip is defined %}
-controlPlaneEndpoint: "{{ kubernetes_overlay_node_ip }}:6443"
-{% endif %}
+controlPlaneEndpoint: 127.0.0.1:6443
networking:
dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
podSubnet: {{ kubernetes.pod_ip_range }}
serviceSubnet: {{ kubernetes.service_ip_range }}
apiServer:
- #extraArgs:
+ # extraArgs:
# encryption-provider-config: /etc/kubernetes/encryption/config
# extraVolumes:
# - name: encryption-config
diff --git a/roles/kubernetes/kubeadm/node/tasks/main.yml b/roles/kubernetes/kubeadm/node/tasks/main.yml
index e4fff98b..1d5178ea 100644
--- a/roles/kubernetes/kubeadm/node/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/node/tasks/main.yml
@@ -2,7 +2,7 @@
- name: join kubernetes node and store log
block:
- name: join kubernetes node
- command: "kubeadm join {{ hostvars[groups['_kubernetes_primary_master_'][0]].kubernetes_overlay_node_ip }}:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
+ command: "kubeadm join 127.0.0.1:6443 --node-name {{ inventory_hostname }}{% if kubernetes_cri_socket is defined %} --cri-socket {{ kubernetes_cri_socket }}{% endif %} --token '{{ kube_bootstrap_token }}' --discovery-token-ca-cert-hash '{{ kube_bootstrap_ca_cert_hash }}'"
args:
creates: /etc/kubernetes/kubelet.conf
register: kubeadm_join
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 08:41:52 +0000