From 4af66462fb1e8630aed482552322fa4ebfcd53b6 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 13:38:37 +0200 Subject: split up standalone kubelet role into base and pod --- chaos-at-home/ch-hroottest.yml | 8 +++-- dan/ele-thetys.yml | 2 +- dan/sk-cloudia.yml | 2 +- dan/sk-tomnext-nc.yml | 2 +- inventory/host_vars/ch-hroottest.yml | 28 ++++++++++++++---- inventory/hosts.ini | 1 + roles/kubernetes/standalone/base/defaults/main.yml | 14 +++++++++ roles/kubernetes/standalone/base/handlers/main.yml | 6 ++++ roles/kubernetes/standalone/base/tasks/main.yml | 34 ++++++++++++++++++++++ .../base/templates/cni-no-portmap.conflist.j2 | 17 +++++++++++ .../cni-with-localonly-portmap.conflist.j2 | 25 ++++++++++++++++ .../base/templates/cni-with-portmap.conflist.j2 | 23 +++++++++++++++ .../base/templates/kubelet-config.yml.j2 | 25 ++++++++++++++++ .../base/templates/kubelet.service.override.j2 | 10 +++++++ roles/kubernetes/standalone/defaults/main.yml | 14 --------- roles/kubernetes/standalone/handlers/main.yml | 6 ---- roles/kubernetes/standalone/tasks/main.yml | 34 ---------------------- .../templates/cni-no-portmap.conflist.j2 | 17 ----------- .../cni-with-localonly-portmap.conflist.j2 | 25 ---------------- .../templates/cni-with-portmap.conflist.j2 | 23 --------------- .../standalone/templates/kubelet-config.yml.j2 | 25 ---------------- .../templates/kubelet.service.override.j2 | 10 ------- spreadspace/lw-thetys.yml | 2 +- 23 files changed, 187 insertions(+), 166 deletions(-) create mode 100644 roles/kubernetes/standalone/base/defaults/main.yml create mode 100644 roles/kubernetes/standalone/base/handlers/main.yml create mode 100644 roles/kubernetes/standalone/base/tasks/main.yml create mode 100644 roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 create mode 100644 roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 delete mode 100644 roles/kubernetes/standalone/defaults/main.yml delete mode 100644 roles/kubernetes/standalone/handlers/main.yml delete mode 100644 roles/kubernetes/standalone/tasks/main.yml delete mode 100644 roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/kubelet-config.yml.j2 delete mode 100644 roles/kubernetes/standalone/templates/kubelet.service.override.j2 diff --git a/chaos-at-home/ch-hroottest.yml b/chaos-at-home/ch-hroottest.yml index 064bea36..d8bc019a 100644 --- a/chaos-at-home/ch-hroottest.yml +++ b/chaos-at-home/ch-hroottest.yml @@ -10,6 +10,8 @@ - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid - - role: vm/host - - role: installer/debian/base - - role: installer/openbsd/base + # - role: vm/host + # - role: installer/debian/base + # - role: installer/openbsd/base + - role: kubernetes/base + - role: kubernetes/standalone/base diff --git a/dan/ele-thetys.yml b/dan/ele-thetys.yml index 60e8555e..66ca1d76 100644 --- a/dan/ele-thetys.yml +++ b/dan/ele-thetys.yml @@ -11,4 +11,4 @@ - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: kubernetes/base - - role: kubernetes/standalone + - role: kubernetes/standalone/base diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml index f3a46e7c..e58669d1 100644 --- a/dan/sk-cloudia.yml +++ b/dan/sk-cloudia.yml @@ -13,7 +13,7 @@ # - role: core/admin-users # - role: zfs/base # - role: kubernetes/base - # - role: kubernetes/standalone + # - role: kubernetes/standalone/base # - role: apt-repo/spreadspace # - role: acmetool/base # - role: nginx/base diff --git a/dan/sk-tomnext-nc.yml b/dan/sk-tomnext-nc.yml index 326dcf4b..3924551a 100644 --- a/dan/sk-tomnext-nc.yml +++ b/dan/sk-tomnext-nc.yml @@ -11,7 +11,7 @@ - role: apt-repo/spreadspace - role: zfs/sanoid - role: kubernetes/base - - role: kubernetes/standalone + - role: kubernetes/standalone/base - role: acmetool/base - role: nginx/base - role: postfix/simple diff --git a/inventory/host_vars/ch-hroottest.yml b/inventory/host_vars/ch-hroottest.yml index f07198b1..7c08fe04 100644 --- a/inventory/host_vars/ch-hroottest.yml +++ b/inventory/host_vars/ch-hroottest.yml @@ -30,8 +30,26 @@ zfs_zpools: mountpoint: /srv/storage create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD753LJ_S13UJ1LS801071-part3 /dev/disk/by-id/ata-SAMSUNG_HD753LJ_S13UJ1BQ802393-part3 -zfs_sanoid_modules: - storage/vm: - use_template: production - recursive: yes - process_children_only: yes +# zfs_sanoid_modules: +# storage/vm: +# use_template: production +# recursive: yes +# process_children_only: yes + +docker_zfs: + pool: storage + name: docker + properties: + quota: 15G + +kubelet_zfs: + pool: storage + name: kubelet + properties: + quota: 15G + +kubernetes_version: 1.18.5 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 15 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/hosts.ini b/inventory/hosts.ini index c3f1c7ee..3718d7d2 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -357,6 +357,7 @@ sk-cloudia ele-thetys lw-thetys sk-tomnext-nc +ch-hroottest [kubernetes:children] kubernetes-cluster diff --git a/roles/kubernetes/standalone/base/defaults/main.yml b/roles/kubernetes/standalone/base/defaults/main.yml new file mode 100644 index 00000000..b0c14b11 --- /dev/null +++ b/roles/kubernetes/standalone/base/defaults/main.yml @@ -0,0 +1,14 @@ +--- +kubernetes_standalone_address: 127.0.0.1 +kubernetes_standalone_port: 10250 +kubernetes_standalone_readonly_port: 0 + +kubernetes_standalone_healthz_address: 127.0.0.1 +kubernetes_standalone_healthz_port: 0 + +kubernetes_standalone_max_pods: 10 + +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_resolv_conf: /etc/resolv.conf + +kubernetes_standalone_cni_variant: with-portmap diff --git a/roles/kubernetes/standalone/base/handlers/main.yml b/roles/kubernetes/standalone/base/handlers/main.yml new file mode 100644 index 00000000..26438551 --- /dev/null +++ b/roles/kubernetes/standalone/base/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart kubelet + systemd: + name: kubelet.service + state: restarted + daemon_reload: yes diff --git a/roles/kubernetes/standalone/base/tasks/main.yml b/roles/kubernetes/standalone/base/tasks/main.yml new file mode 100644 index 00000000..241c3136 --- /dev/null +++ b/roles/kubernetes/standalone/base/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: create systemd override directory for kubelet + file: + path: /etc/systemd/system/kubelet.service.d + state: directory + +- name: install systemd override for kubelet + template: + src: kubelet.service.override.j2 + dest: /etc/systemd/system/kubelet.service.d/standalone.conf + notify: restart kubelet + +- name: install kubelet config + template: + src: kubelet-config.yml.j2 + dest: /etc/kubernetes/kubelet.yml + notify: restart kubelet + +- name: make sure kubelet is enabled and running + systemd: + name: kubelet.service + state: started + enabled: yes + daemon_reload: yes + +- name: create cni config directory + file: + name: /etc/cni/net.d + state: directory + +- name: install cni config + template: + src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2" + dest: /etc/cni/net.d/kube-standalone.conflist diff --git a/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 new file mode 100644 index 00000000..be47f216 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 @@ -0,0 +1,17 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 new file mode 100644 index 00000000..acaf7eba --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 @@ -0,0 +1,25 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + }, { + "type": "portmap", + "capabilities": { + "portMappings": true + }, + "snat": true, + "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"], + "conditionsV6": ["-s", "::1", "-d", "::1"] + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 new file mode 100644 index 00000000..9f9b2b9a --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 @@ -0,0 +1,23 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + }, { + "type": "portmap", + "capabilities": { + "portMappings": true + }, + "snat": true + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 new file mode 100644 index 00000000..d6af0f24 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 @@ -0,0 +1,25 @@ +{# https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration #} +{# #} +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +staticPodPath: /etc/kubernetes/manifests +address: {{ kubernetes_standalone_address }} +port: {{ kubernetes_standalone_port }} +readOnlyPort: {{ kubernetes_standalone_readonly_port }} +healthzBindAddress: {{ kubernetes_standalone_healthz_address }} +healthzPort: {{ kubernetes_standalone_healthz_port }} +authentication: + anonymous: + enabled: true + webhook: + enabled: false +authorization: + mode: AlwaysAllow +maxPods: {{ kubernetes_standalone_max_pods }} +makeIPTablesUtilChains: false +hairpinMode: none +resolvConf: {{ kubernetes_standalone_resolv_conf }} +cgroupDriver: systemd +enableControllerAttachDetach: false +featureGates: + RuntimeClass: false diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 new file mode 100644 index 00000000..fe8bfb4c --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 @@ -0,0 +1,10 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/kubelet \ + --config=/etc/kubernetes/kubelet.yml \ +{% if kubernetes_cri_socket %} + --container-runtime=remote \ + --container-runtime-endpoint={{ kubernetes_cri_socket }} \ +{% endif %} + --network-plugin=cni \ + --cloud-provider= diff --git a/roles/kubernetes/standalone/defaults/main.yml b/roles/kubernetes/standalone/defaults/main.yml deleted file mode 100644 index b0c14b11..00000000 --- a/roles/kubernetes/standalone/defaults/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -kubernetes_standalone_address: 127.0.0.1 -kubernetes_standalone_port: 10250 -kubernetes_standalone_readonly_port: 0 - -kubernetes_standalone_healthz_address: 127.0.0.1 -kubernetes_standalone_healthz_port: 0 - -kubernetes_standalone_max_pods: 10 - -kubernetes_standalone_pod_cidr: 192.168.255.0/24 -kubernetes_standalone_resolv_conf: /etc/resolv.conf - -kubernetes_standalone_cni_variant: with-portmap diff --git a/roles/kubernetes/standalone/handlers/main.yml b/roles/kubernetes/standalone/handlers/main.yml deleted file mode 100644 index 26438551..00000000 --- a/roles/kubernetes/standalone/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: restart kubelet - systemd: - name: kubelet.service - state: restarted - daemon_reload: yes diff --git a/roles/kubernetes/standalone/tasks/main.yml b/roles/kubernetes/standalone/tasks/main.yml deleted file mode 100644 index 241c3136..00000000 --- a/roles/kubernetes/standalone/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: create systemd override directory for kubelet - file: - path: /etc/systemd/system/kubelet.service.d - state: directory - -- name: install systemd override for kubelet - template: - src: kubelet.service.override.j2 - dest: /etc/systemd/system/kubelet.service.d/standalone.conf - notify: restart kubelet - -- name: install kubelet config - template: - src: kubelet-config.yml.j2 - dest: /etc/kubernetes/kubelet.yml - notify: restart kubelet - -- name: make sure kubelet is enabled and running - systemd: - name: kubelet.service - state: started - enabled: yes - daemon_reload: yes - -- name: create cni config directory - file: - name: /etc/cni/net.d - state: directory - -- name: install cni config - template: - src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2" - dest: /etc/cni/net.d/kube-standalone.conflist diff --git a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 deleted file mode 100644 index be47f216..00000000 --- a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - } - ] -} diff --git a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 deleted file mode 100644 index acaf7eba..00000000 --- a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - }, { - "type": "portmap", - "capabilities": { - "portMappings": true - }, - "snat": true, - "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"], - "conditionsV6": ["-s", "::1", "-d", "::1"] - } - ] -} diff --git a/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 deleted file mode 100644 index 9f9b2b9a..00000000 --- a/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - }, { - "type": "portmap", - "capabilities": { - "portMappings": true - }, - "snat": true - } - ] -} diff --git a/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 deleted file mode 100644 index d6af0f24..00000000 --- a/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{# https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration #} -{# #} -kind: KubeletConfiguration -apiVersion: kubelet.config.k8s.io/v1beta1 -staticPodPath: /etc/kubernetes/manifests -address: {{ kubernetes_standalone_address }} -port: {{ kubernetes_standalone_port }} -readOnlyPort: {{ kubernetes_standalone_readonly_port }} -healthzBindAddress: {{ kubernetes_standalone_healthz_address }} -healthzPort: {{ kubernetes_standalone_healthz_port }} -authentication: - anonymous: - enabled: true - webhook: - enabled: false -authorization: - mode: AlwaysAllow -maxPods: {{ kubernetes_standalone_max_pods }} -makeIPTablesUtilChains: false -hairpinMode: none -resolvConf: {{ kubernetes_standalone_resolv_conf }} -cgroupDriver: systemd -enableControllerAttachDetach: false -featureGates: - RuntimeClass: false diff --git a/roles/kubernetes/standalone/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/templates/kubelet.service.override.j2 deleted file mode 100644 index fe8bfb4c..00000000 --- a/roles/kubernetes/standalone/templates/kubelet.service.override.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/bin/kubelet \ - --config=/etc/kubernetes/kubelet.yml \ -{% if kubernetes_cri_socket %} - --container-runtime=remote \ - --container-runtime-endpoint={{ kubernetes_cri_socket }} \ -{% endif %} - --network-plugin=cni \ - --cloud-provider= diff --git a/spreadspace/lw-thetys.yml b/spreadspace/lw-thetys.yml index 4adbb893..3c177627 100644 --- a/spreadspace/lw-thetys.yml +++ b/spreadspace/lw-thetys.yml @@ -11,5 +11,5 @@ - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: kubernetes/base - - role: kubernetes/standalone + - role: kubernetes/standalone/base - role: wireguard/base -- cgit v1.2.3