From c09b07327b688a6a47f523a15c1a5c29d4f476d0 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 7 May 2022 22:45:49 +0200 Subject: k8s: rename masters to control-plane nodes --- inventory/group_vars/chaos-at-home/network.yml | 2 +- inventory/group_vars/k8s-chtest/vars.yml | 6 +- inventory/group_vars/k8s-emc/vars.yml | 6 +- inventory/group_vars/vmhost-sk-2019vm/vars.yml | 6 +- inventory/host_vars/ch-dione.yml | 33 ++++++---- inventory/host_vars/ch-helene.yml | 33 ++++++---- inventory/host_vars/ch-k8s-ctrl.yml | 72 +++++++++++++++++++++ inventory/host_vars/ch-k8s-master.yml | 72 --------------------- inventory/host_vars/emc-ctrl.yml | 86 ++++++++++++++++++++++++++ inventory/host_vars/emc-master.yml | 86 -------------------------- inventory/hosts.ini | 22 +++---- 11 files changed, 218 insertions(+), 206 deletions(-) create mode 100644 inventory/host_vars/ch-k8s-ctrl.yml delete mode 100644 inventory/host_vars/ch-k8s-master.yml create mode 100644 inventory/host_vars/emc-ctrl.yml delete mode 100644 inventory/host_vars/emc-master.yml (limited to 'inventory') diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index 2957a24a..46564977 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -68,7 +68,7 @@ network_zones: ch-http-proxy: 8 ch-imap-proxy: 9 ch-vpn: 10 - ch-k8s-master: 20 + ch-k8s-ctrl: 20 ch-jump: 22 ch-gw-lan: 28 ch-iot: 30 diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index e01b996d..66824314 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -1,15 +1,15 @@ --- -kubernetes_version: 1.23.1 +kubernetes_version: 1.23.6 kubernetes_container_runtime: containerd kubernetes_network_plugin: kube-router kubernetes_network_plugin_version: 1.4.0 -kubernetes_network_plugin_replaces_kube_proxy: true +kubernetes_network_plugin_replaces_kube_proxy: yes kubernetes: cluster_name: chtest - dedicated_master: True + dedicated_controlplane_nodes: yes api_extra_sans: - 192.168.32.20 diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml index c13e610c..b2a8fe39 100644 --- a/inventory/group_vars/k8s-emc/vars.yml +++ b/inventory/group_vars/k8s-emc/vars.yml @@ -6,10 +6,10 @@ kubernetes_network_plugin: kubeguard kubernetes: cluster_name: emc - dedicated_master: False + dedicated_controlplane_nodes: yes api_extra_sans: - 178.63.180.137 - - emc-master.elev8.at + - emc-ctrl.elev8.at pod_ip_range: 172.18.0.0/16 pod_ip_range_size: 24 @@ -37,7 +37,7 @@ kubeguard: emc-dist0: 110 ele-dione: 111 ele-helene: 112 - emc-master: 127 + emc-ctrl: 127 direct_net_zones: encoder: diff --git a/inventory/group_vars/vmhost-sk-2019vm/vars.yml b/inventory/group_vars/vmhost-sk-2019vm/vars.yml index 221fa581..41f8b9db 100644 --- a/inventory/group_vars/vmhost-sk-2019vm/vars.yml +++ b/inventory/group_vars/vmhost-sk-2019vm/vars.yml @@ -11,8 +11,7 @@ vm_host: prefix: 192.168.250.0/24 offsets: sk-torrent: 136 - emc-master: 137 -# lw-master: 137 + emc-ctrl: 137 ele-gwhetzner: 138 sgg-icecast: 141 ch-mimas: 142 @@ -24,8 +23,7 @@ vm_host: prefix: 178.63.180.136/29 offsets: sk-torrent: 0 - emc-master: 1 -# lw-master: 1 + emc-ctrl: 1 ele-gwhetzner: 2 sgg-icecast: 5 ch-mimas: 6 diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml index a3cbbe68..ef9d8657 100644 --- a/inventory/host_vars/ch-dione.yml +++ b/inventory/host_vars/ch-dione.yml @@ -48,11 +48,18 @@ blackmagic_desktopvideo_version: 12.2.2a6 blackmagic_desktopvideo_include_gui: yes -docker_pkg_provider: docker-com -docker_storage: +# docker_pkg_provider: docker-com +# docker_storage: +# type: lvm +# vg: "{{ host_name }}" +# lv: docker +# size: 10G +# fs: ext4 + +containerd_storage: type: lvm vg: "{{ host_name }}" - lv: docker + lv: containerd size: 10G fs: ext4 @@ -63,15 +70,15 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.24.0 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap +# kubernetes_version: 1.24.0 +# kubernetes_container_runtime: docker +# kubernetes_standalone_max_pods: 42 +# kubernetes_standalone_cni_variant: with-portmap -rtmp_streamer_base_path: /srv/storage/streamer -rtmp_streamer_inst_name: feed -rtmp_streamer_nginx_image_version: 2022-04-29.23 -rtmp_streamer_decklink_card: "DeckLink 8K Pro (1)" -rtmp_streamer_config: - input_params: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp50', '-ac', '2', '-i'] +# rtmp_streamer_base_path: /srv/storage/streamer +# rtmp_streamer_inst_name: feed +# rtmp_streamer_nginx_image_version: 2022-04-29.23 +# rtmp_streamer_decklink_card: "DeckLink 8K Pro (1)" +# rtmp_streamer_config: +# input_params: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp50', '-ac', '2', '-i'] diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml index c524bf6a..816b38f8 100644 --- a/inventory/host_vars/ch-helene.yml +++ b/inventory/host_vars/ch-helene.yml @@ -48,11 +48,18 @@ blackmagic_desktopvideo_version: 12.2.2a6 blackmagic_desktopvideo_include_gui: yes -docker_pkg_provider: docker-com -docker_storage: +# docker_pkg_provider: docker-com +# docker_storage: +# type: lvm +# vg: "{{ host_name }}" +# lv: docker +# size: 10G +# fs: ext4 + +containerd_storage: type: lvm vg: "{{ host_name }}" - lv: docker + lv: containerd size: 10G fs: ext4 @@ -63,15 +70,15 @@ kubelet_storage: size: 5G fs: ext4 -kubernetes_version: 1.24.0 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap +# kubernetes_version: 1.24.0 +# kubernetes_container_runtime: docker +# kubernetes_standalone_max_pods: 42 +# kubernetes_standalone_cni_variant: with-portmap -rtmp_streamer_base_path: /srv/storage/streamer -rtmp_streamer_inst_name: feed -rtmp_streamer_nginx_image_version: 2022-04-29.23 -rtmp_streamer_decklink_card: "DeckLink SDI 4K" -rtmp_streamer_config: - input_params: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp50', '-ac', '2', '-i'] +# rtmp_streamer_base_path: /srv/storage/streamer +# rtmp_streamer_inst_name: feed +# rtmp_streamer_nginx_image_version: 2022-04-29.23 +# rtmp_streamer_decklink_card: "DeckLink SDI 4K" +# rtmp_streamer_config: +# input_params: ['-f', 'decklink', '-video_input', 'sdi', '-format_code', 'Hp50', '-ac', '2', '-i'] diff --git a/inventory/host_vars/ch-k8s-ctrl.yml b/inventory/host_vars/ch-k8s-ctrl.yml new file mode 100644 index 00000000..63723000 --- /dev/null +++ b/inventory/host_vars/ch-k8s-ctrl.yml @@ -0,0 +1,72 @@ +--- +install_jumphost: ch-jump + +install: + vm: + memory: 4G + numcpus: 4 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 20g + properties: + 'syncoid:sync': 'false' + system_lvm: + volumes: + - name: root + size: 3G + filesystem: ext4 + mountpoint: / + - name: var + size: 1280M + filesystem: ext4 + mountpoint: /var + - name: var+log + size: 768M + filesystem: ext4 + mountpoint: /var/log + mount_options: + - noatime + - nodev + - noexec + interfaces: + - bridge: br-svc + name: svc0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: svc0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ + + +spreadspace_apt_repo_components: + - container + + +containerd_storage: + type: lvm + vg: "{{ host_name }}" + lv: containerd + size: 7G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 diff --git a/inventory/host_vars/ch-k8s-master.yml b/inventory/host_vars/ch-k8s-master.yml deleted file mode 100644 index 63723000..00000000 --- a/inventory/host_vars/ch-k8s-master.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -install_jumphost: ch-jump - -install: - vm: - memory: 4G - numcpus: 4 - autostart: True - disks: - primary: /dev/sda - scsi: - sda: - type: zfs - name: root - size: 20g - properties: - 'syncoid:sync': 'false' - system_lvm: - volumes: - - name: root - size: 3G - filesystem: ext4 - mountpoint: / - - name: var - size: 1280M - filesystem: ext4 - mountpoint: /var - - name: var+log - size: 768M - filesystem: ext4 - mountpoint: /var/log - mount_options: - - noatime - - nodev - - noexec - interfaces: - - bridge: br-svc - name: svc0 - -network: - nameservers: "{{ network_zones.svc.dns }}" - domain: "{{ host_domain }}" - systemd_link: - interfaces: "{{ install.interfaces }}" - primary: &_network_primary_ - name: svc0 - address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" - gateway: "{{ network_zones.svc.gateway }}" - static_routes: - - destination: "{{ network_zones.lan.prefix }}" - gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" - interfaces: - - *_network_primary_ - - -spreadspace_apt_repo_components: - - container - - -containerd_storage: - type: lvm - vg: "{{ host_name }}" - lv: containerd - size: 7G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 diff --git a/inventory/host_vars/emc-ctrl.yml b/inventory/host_vars/emc-ctrl.yml new file mode 100644 index 00000000..1ca011ec --- /dev/null +++ b/inventory/host_vars/emc-ctrl.yml @@ -0,0 +1,86 @@ +--- +install: + vm: + memory: 10G + numcpus: 6 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 20g + sdb: + type: blockdev + path: /dev/zvol/storage/streamstats + system_lvm: + volumes: + - name: root + size: 3G + filesystem: ext4 + mountpoint: / + - name: var + size: 1280M + filesystem: ext4 + mountpoint: /var + - name: var+log + size: 768M + filesystem: ext4 + mountpoint: /var/log + mount_options: + - noatime + - nodev + - noexec + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" + + +spreadspace_apt_repo_components: + - prometheus + - container + + +containerd_storage: + type: lvm + vg: "{{ host_name }}" + lv: containerd + size: 7G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +lvm_groups: + streamstats: + pvs: + - /dev/sdb + +emc_stats_storage: + type: lvm + vg: streamstats + lv: stats + size: 42G + fs: ext4 diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml deleted file mode 100644 index 1ca011ec..00000000 --- a/inventory/host_vars/emc-master.yml +++ /dev/null @@ -1,86 +0,0 @@ ---- -install: - vm: - memory: 10G - numcpus: 6 - autostart: True - disks: - primary: /dev/sda - scsi: - sda: - type: zfs - name: root - size: 20g - sdb: - type: blockdev - path: /dev/zvol/storage/streamstats - system_lvm: - volumes: - - name: root - size: 3G - filesystem: ext4 - mountpoint: / - - name: var - size: 1280M - filesystem: ext4 - mountpoint: /var - - name: var+log - size: 768M - filesystem: ext4 - mountpoint: /var/log - mount_options: - - noatime - - nodev - - noexec - interfaces: - - bridge: br-public - name: primary0 - -network: - nameservers: "{{ vm_host.network.dns }}" - domain: "{{ host_domain }}" - systemd_link: - interfaces: "{{ install.interfaces }}" - primary: &_network_primary_ - name: primary0 - address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" - gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}" - template: overlay - overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" - interfaces: - - *_network_primary_ - -external_ip: "{{ network.primary.overlay }}" - - -spreadspace_apt_repo_components: - - prometheus - - container - - -containerd_storage: - type: lvm - vg: "{{ host_name }}" - lv: containerd - size: 7G - fs: ext4 - -kubelet_storage: - type: lvm - vg: "{{ host_name }}" - lv: kubelet - size: 5G - fs: ext4 - - -lvm_groups: - streamstats: - pvs: - - /dev/sdb - -emc_stats_storage: - type: lvm - vg: streamstats - lv: stats - size: 42G - fs: ext4 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 74e37925..581913b6 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -51,7 +51,7 @@ ch-calypso host_name=calypso ch-thetys host_name=thetys ch-dione host_name=dione ch-helene host_name=helene -ch-k8s-master host_name=k8s-master +ch-k8s-ctrl host_name=k8s-ctrl ch-hpws-maxi ch-hpws-mini1 ch-alix1d @@ -246,7 +246,7 @@ host_domain=elev8.at env_group=dan [emc] -emc-master +emc-ctrl [emc:children] emc-dist @@ -342,7 +342,7 @@ ch-iot ch-vpn ch-mon ch-omd -ch-k8s-master +ch-k8s-ctrl ch-installsmb [vmhost-ch-prometheus] ch-prometheus @@ -364,7 +364,7 @@ sk-testvm sk-torrent ch-mimas ele-gwhetzner -emc-master +emc-ctrl sgg-icecast [vmhost-sk-2019vm] sk-2019vm @@ -468,7 +468,7 @@ emc-dist emc-xx [hetzner] -emc-master +emc-ctrl sk-testvm sk-torrent sgg-icecast @@ -548,11 +548,11 @@ emc-dist [k8s-emc-streamer:children] emc-xx -[k8s-emc-master] -emc-master +[k8s-emc-ctrl] +emc-ctrl [k8s-emc:children] -k8s-emc-master +k8s-emc-ctrl k8s-emc-encoder k8s-emc-distribution k8s-emc-streamer @@ -563,9 +563,9 @@ k8s-emc-streamer ch-dione ch-helene -[k8s-chtest-master] -ch-k8s-master +[k8s-chtest-ctrl] +ch-k8s-ctrl [k8s-chtest:children] -k8s-chtest-master +k8s-chtest-ctrl k8s-chtest-encoder -- cgit v1.2.3 From 09c8120540735c22316a55593f4c56bcd6ae7e88 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 8 May 2022 01:08:36 +0200 Subject: add support for cluster with kubernetes 1.24 --- inventory/group_vars/k8s-chtest/vars.yml | 2 +- roles/kubernetes/kubeadm/control-plane/tasks/primary.yml | 6 +++--- .../kubeadm/control-plane/templates/kubeadm.config.j2 | 12 +++++++----- 3 files changed, 11 insertions(+), 9 deletions(-) (limited to 'inventory') diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 66824314..939d93da 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -1,5 +1,5 @@ --- -kubernetes_version: 1.23.6 +kubernetes_version: 1.24.0 kubernetes_container_runtime: containerd kubernetes_network_plugin: kube-router kubernetes_network_plugin_version: 1.4.0 diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml index 22a5af42..450c3a1a 100644 --- a/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml +++ b/roles/kubernetes/kubeadm/control-plane/tasks/primary.yml @@ -28,8 +28,8 @@ - name: initialize kubernetes primary control-plane node and store log block: - name: initialize kubernetes primary control-plane node - command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --skip-token-print" - # command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }}{% if kubernetes_network_plugin_replaces_kube_proxy %} --skip-phases addon/kube-proxy{% endif %} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" + command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --skip-token-print" + # command: "kubeadm init --config /etc/kubernetes/kubeadm.config --node-name {{ inventory_hostname }} --token '{{ kubeadm_token_generate.stdout }}' --token-ttl 42m --skip-token-print" args: creates: /etc/kubernetes/pki/ca.crt register: kubeadm_init @@ -47,7 +47,7 @@ content: "{{ kubeadm_init.stderr }}\n" dest: /etc/kubernetes/kubeadm-init.errors - - name: create bootstrap token for existing cluster + - name: create bootstrap token for new cluster command: kubeadm token create --ttl 42m check_mode: no register: kubeadm_token_generate diff --git a/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 index 2fa98ed6..a0f3efe7 100644 --- a/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 @@ -1,6 +1,6 @@ -{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 #} +{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3 #} {# #} -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration {# TODO: this is ugly but we want to create our own token so we can #} {# better control it's lifetime #} @@ -11,10 +11,14 @@ localAPIEndpoint: {% if kubernetes_overlay_node_ip is defined %} advertiseAddress: {{ kubernetes_overlay_node_ip }} {% endif %} +{% if kubernetes_network_plugin_replaces_kube_proxy %} +skipPhases: +- addon/kube-proxy +{% endif %} nodeRegistration: criSocket: {{ kubernetes_cri_socket }} --- -apiVersion: kubeadm.k8s.io/v1beta2 +apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: {{ kubernetes.cluster_name }} @@ -43,8 +47,6 @@ controllerManager: extraArgs: node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}" scheduler: {} -dns: - type: CoreDNS --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration -- cgit v1.2.3 From 92344ddc3e2181623f77f3118605323dba659c1a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 8 May 2022 01:16:07 +0200 Subject: upgrade kubernetes cluster addon: metrics-server --- inventory/group_vars/k8s-chtest/vars.yml | 2 +- .../templates/components.0.6.1.yml.j2 | 197 +++++++++++++++++++++ 2 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 roles/kubernetes/addons/metrics-server/templates/components.0.6.1.yml.j2 (limited to 'inventory') diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 939d93da..ac1a3991 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -21,4 +21,4 @@ kubernetes: kubernetes_secrets: encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}" -kubernetes_metrics_server_version: 0.5.2 +kubernetes_metrics_server_version: 0.6.1 diff --git a/roles/kubernetes/addons/metrics-server/templates/components.0.6.1.yml.j2 b/roles/kubernetes/addons/metrics-server/templates/components.0.6.1.yml.j2 new file mode 100644 index 00000000..7b427254 --- /dev/null +++ b/roles/kubernetes/addons/metrics-server/templates/components.0.6.1.yml.j2 @@ -0,0 +1,197 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 4443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 -- cgit v1.2.3 From 40f958ce64fc08b5fb35aac3f05941fe4b514ec5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 8 May 2022 02:17:33 +0200 Subject: kubernetes/kubeadm: fix kubeguard network plugin --- inventory/group_vars/k8s-emc/vars.yml | 4 ++-- roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml | 4 ++-- .../kubeadm/base/templates/net_kubeguard/cni.conflist.j2 | 16 ++++++++++++++++ .../kubeadm/base/templates/net_kubeguard/cni.json.j2 | 12 ------------ 4 files changed, 20 insertions(+), 16 deletions(-) create mode 100644 roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.conflist.j2 delete mode 100644 roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.json.j2 (limited to 'inventory') diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml index b2a8fe39..be1c4818 100644 --- a/inventory/group_vars/k8s-emc/vars.yml +++ b/inventory/group_vars/k8s-emc/vars.yml @@ -1,5 +1,5 @@ --- -kubernetes_version: 1.23.1 +kubernetes_version: 1.24.0 kubernetes_container_runtime: containerd kubernetes_network_plugin: kubeguard @@ -48,4 +48,4 @@ kubeguard: kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" -kubernetes_metrics_server_version: 0.5.2 +kubernetes_metrics_server_version: 0.6.1 diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml index 40cee3b7..350ecdee 100644 --- a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml +++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml @@ -87,8 +87,8 @@ - name: install cni config template: - src: net_kubeguard/cni.json.j2 - dest: /etc/cni/net.d/kubeguard.conf + src: net_kubeguard/cni.conflist.j2 + dest: /etc/cni/net.d/kubeguard.conflist - name: install packages needed for debugging kube-router when: kubernetes_network_plugin_variant == 'with-kube-router' diff --git a/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.conflist.j2 b/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.conflist.j2 new file mode 100644 index 00000000..240d86ef --- /dev/null +++ b/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.conflist.j2 @@ -0,0 +1,16 @@ +{ + "cniVersion": "0.3.1", + "name": "kubeguard", + "plugins": [ + { + "type": "bridge", + "bridge": "kubeguard-br0", + "isDefaultGateway": true, + "hairpinMode": true, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) }}" + } + } + ] +} diff --git a/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.json.j2 b/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.json.j2 deleted file mode 100644 index eb9e3d61..00000000 --- a/roles/kubernetes/kubeadm/base/templates/net_kubeguard/cni.json.j2 +++ /dev/null @@ -1,12 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kubeguard", - "type": "bridge", - "bridge": "kubeguard-br0", - "isDefaultGateway": true, - "hairpinMode": true, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) }}" - } -} -- cgit v1.2.3