From bcc30f0cb4e298e581586b0f8d0437969461792b Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 13 May 2023 03:50:53 +0200 Subject: kubernetes: fix sanity checks --- common/kubernetes-cluster.yml | 3 ++ inventory/group_vars/k8s-chtest/vars.yml | 51 ++++++++++++++++++++++++-------- inventory/group_vars/k8s-emc/vars.yml | 4 --- 3 files changed, 42 insertions(+), 16 deletions(-) diff --git a/common/kubernetes-cluster.yml b/common/kubernetes-cluster.yml index d6860f60..fcb66fac 100644 --- a/common/kubernetes-cluster.yml +++ b/common/kubernetes-cluster.yml @@ -23,11 +23,14 @@ that: (kubeguard.node_index.values() | min) > 0 - name: check whether overlay node ip is configured + run_once: no + any_errors_fatal: yes assert: msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip" that: kubernetes_overlay_node_ip is defined - name: make sure all nodes do belong to the kubernetes-cluster group + any_errors_fatal: yes assert: msg: "The host '{{ inventory_hostname }}' does not belong to the group 'kubernetes-cluster'" that: "'kubernetes-cluster' in group_names" diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 154d2d70..2aa63de7 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -6,29 +6,56 @@ kubernetes_cri_tools_pkg_version: 1.26.0-00 kubernetes_container_runtime: containerd containerd_pkg_provider: docker-com +### Kube-Router +# #kubernetes_network_plugin: kube-router #kubernetes_network_plugin_version: 1.5.1 #kubernetes_network_plugin_replaces_kube_proxy: yes #kubernetes_enable_nodelocal_dnscache: yes -kubernetes_network_plugin: cilium -kubernetes_network_plugin_version: 1.13.2 -kubernetes_network_plugin_replaces_kube_proxy: yes -kubernetes_enable_nodelocal_dnscache: no -kubernetes_cilium_config: - ipam: kubernetes - tunnel: disabled - ipv4-native-routing-cidr: 192.168.28.0/24 - auto-direct-node-routes: yes -base_sysctl_config_user: - net.ipv4.conf.all.rp_filter: 0 - net.ipv4.conf.default.rp_filter: 0 +### kubeguard +# +kubernetes_network_plugin: kubeguard +kubernetes_network_plugin_replaces_kube_proxy: no +kubernetes_enable_nodelocal_dnscache: yes +kubeguard: + ## node_index must be in the range between 1 and 190 -> 189 hosts possible + ## + ## hardcoded hostnames are not nice but if we do this via host_vars + ## the info is spread over multiple files and this makes it more diffcult + ## to find mistakes, so it is nicer to keep it in one place... + node_index: + ch-calypso: 125 + ch-thetys: 126 + ch-k8s-ctrl: 127 +kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}" + + +### Cilium +# +# kubernetes_network_plugin: cilium +# kubernetes_network_plugin_version: 1.13.2 +# kubernetes_network_plugin_replaces_kube_proxy: yes +# kubernetes_enable_nodelocal_dnscache: no +# kubernetes_cilium_config: +# ipam: kubernetes +# tunnel: disabled +# ipv4-native-routing-cidr: 192.168.28.0/24 +# auto-direct-node-routes: yes +# base_sysctl_config_user: +# net.ipv4.conf.all.rp_filter: 0 +# net.ipv4.conf.default.rp_filter: 0 + + +#### None +# # kubernetes_network_plugin: none # kubernetes_network_plugin_replaces_kube_proxy: yes # kubernetes_enable_nodelocal_dnscache: no + kubernetes: cluster_name: chtest diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml index 83708b7e..9a6f8b56 100644 --- a/inventory/group_vars/k8s-emc/vars.yml +++ b/inventory/group_vars/k8s-emc/vars.yml @@ -25,10 +25,6 @@ kubernetes_secrets: kubeguard: ## node_index must be in the range between 1 and 190 -> 189 hosts possible - ## - ## hardcoded hostnames are not nice but if we do this via host_vars - ## the info is spread over multiple files and this makes it more diffcult - ## to find mistakes, so it is nicer to keep it in one place... node_index: ele-emc-e01: 1 ele-emc-e02: 2 -- cgit v1.2.3