From 4af66462fb1e8630aed482552322fa4ebfcd53b6 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 13:38:37 +0200 Subject: split up standalone kubelet role into base and pod --- roles/kubernetes/standalone/base/defaults/main.yml | 14 +++++++++ roles/kubernetes/standalone/base/handlers/main.yml | 6 ++++ roles/kubernetes/standalone/base/tasks/main.yml | 34 ++++++++++++++++++++++ .../base/templates/cni-no-portmap.conflist.j2 | 17 +++++++++++ .../cni-with-localonly-portmap.conflist.j2 | 25 ++++++++++++++++ .../base/templates/cni-with-portmap.conflist.j2 | 23 +++++++++++++++ .../base/templates/kubelet-config.yml.j2 | 25 ++++++++++++++++ .../base/templates/kubelet.service.override.j2 | 10 +++++++ roles/kubernetes/standalone/defaults/main.yml | 14 --------- roles/kubernetes/standalone/handlers/main.yml | 6 ---- roles/kubernetes/standalone/tasks/main.yml | 34 ---------------------- .../templates/cni-no-portmap.conflist.j2 | 17 ----------- .../cni-with-localonly-portmap.conflist.j2 | 25 ---------------- .../templates/cni-with-portmap.conflist.j2 | 23 --------------- .../standalone/templates/kubelet-config.yml.j2 | 25 ---------------- .../templates/kubelet.service.override.j2 | 10 ------- 16 files changed, 154 insertions(+), 154 deletions(-) create mode 100644 roles/kubernetes/standalone/base/defaults/main.yml create mode 100644 roles/kubernetes/standalone/base/handlers/main.yml create mode 100644 roles/kubernetes/standalone/base/tasks/main.yml create mode 100644 roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 create mode 100644 roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 create mode 100644 roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 delete mode 100644 roles/kubernetes/standalone/defaults/main.yml delete mode 100644 roles/kubernetes/standalone/handlers/main.yml delete mode 100644 roles/kubernetes/standalone/tasks/main.yml delete mode 100644 roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 delete mode 100644 roles/kubernetes/standalone/templates/kubelet-config.yml.j2 delete mode 100644 roles/kubernetes/standalone/templates/kubelet.service.override.j2 (limited to 'roles/kubernetes') diff --git a/roles/kubernetes/standalone/base/defaults/main.yml b/roles/kubernetes/standalone/base/defaults/main.yml new file mode 100644 index 00000000..b0c14b11 --- /dev/null +++ b/roles/kubernetes/standalone/base/defaults/main.yml @@ -0,0 +1,14 @@ +--- +kubernetes_standalone_address: 127.0.0.1 +kubernetes_standalone_port: 10250 +kubernetes_standalone_readonly_port: 0 + +kubernetes_standalone_healthz_address: 127.0.0.1 +kubernetes_standalone_healthz_port: 0 + +kubernetes_standalone_max_pods: 10 + +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_resolv_conf: /etc/resolv.conf + +kubernetes_standalone_cni_variant: with-portmap diff --git a/roles/kubernetes/standalone/base/handlers/main.yml b/roles/kubernetes/standalone/base/handlers/main.yml new file mode 100644 index 00000000..26438551 --- /dev/null +++ b/roles/kubernetes/standalone/base/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart kubelet + systemd: + name: kubelet.service + state: restarted + daemon_reload: yes diff --git a/roles/kubernetes/standalone/base/tasks/main.yml b/roles/kubernetes/standalone/base/tasks/main.yml new file mode 100644 index 00000000..241c3136 --- /dev/null +++ b/roles/kubernetes/standalone/base/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: create systemd override directory for kubelet + file: + path: /etc/systemd/system/kubelet.service.d + state: directory + +- name: install systemd override for kubelet + template: + src: kubelet.service.override.j2 + dest: /etc/systemd/system/kubelet.service.d/standalone.conf + notify: restart kubelet + +- name: install kubelet config + template: + src: kubelet-config.yml.j2 + dest: /etc/kubernetes/kubelet.yml + notify: restart kubelet + +- name: make sure kubelet is enabled and running + systemd: + name: kubelet.service + state: started + enabled: yes + daemon_reload: yes + +- name: create cni config directory + file: + name: /etc/cni/net.d + state: directory + +- name: install cni config + template: + src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2" + dest: /etc/cni/net.d/kube-standalone.conflist diff --git a/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 new file mode 100644 index 00000000..be47f216 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-no-portmap.conflist.j2 @@ -0,0 +1,17 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 new file mode 100644 index 00000000..acaf7eba --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-with-localonly-portmap.conflist.j2 @@ -0,0 +1,25 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + }, { + "type": "portmap", + "capabilities": { + "portMappings": true + }, + "snat": true, + "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"], + "conditionsV6": ["-s", "::1", "-d", "::1"] + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 new file mode 100644 index 00000000..9f9b2b9a --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/cni-with-portmap.conflist.j2 @@ -0,0 +1,23 @@ +{ + "cniVersion": "0.3.1", + "name": "kube-standalone", + "plugins": [ + { + "type": "bridge", + "bridge": "kube-bridge", + "isDefaultGateway": true, + "ipMasq": true, + "hairpinMode": false, + "ipam": { + "type": "host-local", + "subnet": "{{ kubernetes_standalone_pod_cidr }}" + } + }, { + "type": "portmap", + "capabilities": { + "portMappings": true + }, + "snat": true + } + ] +} diff --git a/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 new file mode 100644 index 00000000..d6af0f24 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kubelet-config.yml.j2 @@ -0,0 +1,25 @@ +{# https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration #} +{# #} +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +staticPodPath: /etc/kubernetes/manifests +address: {{ kubernetes_standalone_address }} +port: {{ kubernetes_standalone_port }} +readOnlyPort: {{ kubernetes_standalone_readonly_port }} +healthzBindAddress: {{ kubernetes_standalone_healthz_address }} +healthzPort: {{ kubernetes_standalone_healthz_port }} +authentication: + anonymous: + enabled: true + webhook: + enabled: false +authorization: + mode: AlwaysAllow +maxPods: {{ kubernetes_standalone_max_pods }} +makeIPTablesUtilChains: false +hairpinMode: none +resolvConf: {{ kubernetes_standalone_resolv_conf }} +cgroupDriver: systemd +enableControllerAttachDetach: false +featureGates: + RuntimeClass: false diff --git a/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 new file mode 100644 index 00000000..fe8bfb4c --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kubelet.service.override.j2 @@ -0,0 +1,10 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/kubelet \ + --config=/etc/kubernetes/kubelet.yml \ +{% if kubernetes_cri_socket %} + --container-runtime=remote \ + --container-runtime-endpoint={{ kubernetes_cri_socket }} \ +{% endif %} + --network-plugin=cni \ + --cloud-provider= diff --git a/roles/kubernetes/standalone/defaults/main.yml b/roles/kubernetes/standalone/defaults/main.yml deleted file mode 100644 index b0c14b11..00000000 --- a/roles/kubernetes/standalone/defaults/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -kubernetes_standalone_address: 127.0.0.1 -kubernetes_standalone_port: 10250 -kubernetes_standalone_readonly_port: 0 - -kubernetes_standalone_healthz_address: 127.0.0.1 -kubernetes_standalone_healthz_port: 0 - -kubernetes_standalone_max_pods: 10 - -kubernetes_standalone_pod_cidr: 192.168.255.0/24 -kubernetes_standalone_resolv_conf: /etc/resolv.conf - -kubernetes_standalone_cni_variant: with-portmap diff --git a/roles/kubernetes/standalone/handlers/main.yml b/roles/kubernetes/standalone/handlers/main.yml deleted file mode 100644 index 26438551..00000000 --- a/roles/kubernetes/standalone/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: restart kubelet - systemd: - name: kubelet.service - state: restarted - daemon_reload: yes diff --git a/roles/kubernetes/standalone/tasks/main.yml b/roles/kubernetes/standalone/tasks/main.yml deleted file mode 100644 index 241c3136..00000000 --- a/roles/kubernetes/standalone/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: create systemd override directory for kubelet - file: - path: /etc/systemd/system/kubelet.service.d - state: directory - -- name: install systemd override for kubelet - template: - src: kubelet.service.override.j2 - dest: /etc/systemd/system/kubelet.service.d/standalone.conf - notify: restart kubelet - -- name: install kubelet config - template: - src: kubelet-config.yml.j2 - dest: /etc/kubernetes/kubelet.yml - notify: restart kubelet - -- name: make sure kubelet is enabled and running - systemd: - name: kubelet.service - state: started - enabled: yes - daemon_reload: yes - -- name: create cni config directory - file: - name: /etc/cni/net.d - state: directory - -- name: install cni config - template: - src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2" - dest: /etc/cni/net.d/kube-standalone.conflist diff --git a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 deleted file mode 100644 index be47f216..00000000 --- a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - } - ] -} diff --git a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 deleted file mode 100644 index acaf7eba..00000000 --- a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - }, { - "type": "portmap", - "capabilities": { - "portMappings": true - }, - "snat": true, - "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"], - "conditionsV6": ["-s", "::1", "-d", "::1"] - } - ] -} diff --git a/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 deleted file mode 100644 index 9f9b2b9a..00000000 --- a/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{ - "cniVersion": "0.3.1", - "name": "kube-standalone", - "plugins": [ - { - "type": "bridge", - "bridge": "kube-bridge", - "isDefaultGateway": true, - "ipMasq": true, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "subnet": "{{ kubernetes_standalone_pod_cidr }}" - } - }, { - "type": "portmap", - "capabilities": { - "portMappings": true - }, - "snat": true - } - ] -} diff --git a/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 b/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 deleted file mode 100644 index d6af0f24..00000000 --- a/roles/kubernetes/standalone/templates/kubelet-config.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ -{# https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration #} -{# #} -kind: KubeletConfiguration -apiVersion: kubelet.config.k8s.io/v1beta1 -staticPodPath: /etc/kubernetes/manifests -address: {{ kubernetes_standalone_address }} -port: {{ kubernetes_standalone_port }} -readOnlyPort: {{ kubernetes_standalone_readonly_port }} -healthzBindAddress: {{ kubernetes_standalone_healthz_address }} -healthzPort: {{ kubernetes_standalone_healthz_port }} -authentication: - anonymous: - enabled: true - webhook: - enabled: false -authorization: - mode: AlwaysAllow -maxPods: {{ kubernetes_standalone_max_pods }} -makeIPTablesUtilChains: false -hairpinMode: none -resolvConf: {{ kubernetes_standalone_resolv_conf }} -cgroupDriver: systemd -enableControllerAttachDetach: false -featureGates: - RuntimeClass: false diff --git a/roles/kubernetes/standalone/templates/kubelet.service.override.j2 b/roles/kubernetes/standalone/templates/kubelet.service.override.j2 deleted file mode 100644 index fe8bfb4c..00000000 --- a/roles/kubernetes/standalone/templates/kubelet.service.override.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/bin/kubelet \ - --config=/etc/kubernetes/kubelet.yml \ -{% if kubernetes_cri_socket %} - --container-runtime=remote \ - --container-runtime-endpoint={{ kubernetes_cri_socket }} \ -{% endif %} - --network-plugin=cni \ - --cloud-provider= -- cgit v1.2.3 From 3cecd307f9d93809ab3408115d046c3371ac57e1 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 15:55:30 +0200 Subject: kubernetes: add standalone/pod role --- roles/kubernetes/standalone/pod/defaults/main.yml | 23 ++++++++ roles/kubernetes/standalone/pod/tasks/main.yml | 72 +++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 roles/kubernetes/standalone/pod/defaults/main.yml create mode 100644 roles/kubernetes/standalone/pod/tasks/main.yml (limited to 'roles/kubernetes') diff --git a/roles/kubernetes/standalone/pod/defaults/main.yml b/roles/kubernetes/standalone/pod/defaults/main.yml new file mode 100644 index 00000000..87e849d8 --- /dev/null +++ b/roles/kubernetes/standalone/pod/defaults/main.yml @@ -0,0 +1,23 @@ +--- +# kubernetes_standalone_pod: +# name: example +# labels: +# foo: bar +# annotations: +# hello: world +# spec: | +# containers: +# - name: test +# image: "debian:stable" +# command: +# - /bin/bash +# - -c +# - "sleep inf" + +# config_hash_items: +# - path: /path/to/configfile +# properties: +# - checksum +# - mode +# - uid +# - gid diff --git a/roles/kubernetes/standalone/pod/tasks/main.yml b/roles/kubernetes/standalone/pod/tasks/main.yml new file mode 100644 index 00000000..b59e4f38 --- /dev/null +++ b/roles/kubernetes/standalone/pod/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: generate config-hash + when: "'config_hash_items' in kubernetes_standalone_pod" + block: + - name: create directory for config-hash files + file: + path: /etc/kubernetes/config-hashes + state: directory + + - name: gather stats for config-hash items + loop: "{{ kubernetes_standalone_pod.config_hash_items }}" + loop_control: + label: "{{ item.path }} ({{ item.properties | sort | join(', ') }})" + stat: + path: "{{ item.path }}" + get_checksum: yes + checksum_algorithm: sha256 + register: config_hash_items_stat + + - assert: + msg: "at least one config-hash item does not exist" + that: false not in (config_hash_items_stat.results | map(attribute='stat.exists')) + + - name: generate config-hash file + copy: + content: | + {% for result in config_hash_items_stat.results %} + {{ result.item.path }}: + {% for property in (result.item.properties | sort) %} + {{ property }}: {{ result.stat[property] }} + {% endfor %} + {% endfor %} + dest: "/etc/kubernetes/config-hashes/{{ kubernetes_standalone_pod.name }}.yml" + + - name: compute config-hash value from file + stat: + path: "/etc/kubernetes/config-hashes/{{ kubernetes_standalone_pod.name }}.yml" + get_checksum: yes + checksum_algorithm: sha256 + register: config_hash_file_stat + + - name: set config-hash value + set_fact: + config_hash_value: "{{ config_hash_file_stat.stat.checksum }}" + +- name: remove config-hash file + when: "'config_hash_items' not in kubernetes_standalone_pod" + file: + path: "/etc/kubernetes/config-hashes/{{ kubernetes_standalone_pod.name }}.yml" + state: absent + +- name: generate pod manifest + copy: + content: | + apiVersion: v1 + kind: Pod + metadata: + name: {{ kubernetes_standalone_pod.name }} + {% if 'labels' in kubernetes_standalone_pod %} + labels: + {{ kubernetes_standalone_pod.labels | to_nice_yaml(indent=2) | indent(4) }}{% endif %} + {% if config_hash_value is defined or'annotations' in kubernetes_standalone_pod %} + annotations: + {% if config_hash_value is defined %} + config-hash: {{ config_hash_value }} + {% endif %} + {% if 'annotations' in kubernetes_standalone_pod %} + {{ kubernetes_standalone_pod.annotations | default({}) | to_nice_yaml(indent=2) | indent(4) }}{% endif %} + {% endif %} + spec: + {{ kubernetes_standalone_pod.spec | indent(2) }} + dest: "/etc/kubernetes/manifests/{{ kubernetes_standalone_pod.name }}.yml" -- cgit v1.2.3 From b8a5b98ee991669ef16eed50b9fa221eecf27d87 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 16:09:52 +0200 Subject: apps/coturn: migrate to new standalone pod role --- roles/apps/coturn/tasks/main.yml | 17 ++++++++--- roles/apps/coturn/templates/pod-spec.yml.j2 | 32 ++++++++++++++++++++ roles/apps/coturn/templates/pod.yml.j2 | 37 ----------------------- roles/kubernetes/standalone/pod/defaults/main.yml | 2 +- roles/kubernetes/standalone/pod/tasks/main.yml | 5 +-- 5 files changed, 48 insertions(+), 45 deletions(-) create mode 100644 roles/apps/coturn/templates/pod-spec.yml.j2 delete mode 100644 roles/apps/coturn/templates/pod.yml.j2 (limited to 'roles/kubernetes') diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml index 132e4847..9971b428 100644 --- a/roles/apps/coturn/tasks/main.yml +++ b/roles/apps/coturn/tasks/main.yml @@ -68,8 +68,15 @@ include_role: name: nginx/vhost -- name: generate pod manifests - template: - src: "pod.yml.j2" - dest: "/etc/kubernetes/manifests/coturn-{{ coturn_realm }}.yml" - mode: 0600 +- name: install pod manifest + vars: + kubernetes_standalone_pod: + name: "coturn-{{ coturn_realm }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + mode: 0600 + config_hash_items: + - path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf" + properties: + - checksum + include_role: + name: kubernetes/standalone/pod diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..d157af37 --- /dev/null +++ b/roles/apps/coturn/templates/pod-spec.yml.j2 @@ -0,0 +1,32 @@ +securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ coturn_uid }} + runAsGroup: {{ coturn_gid }} +hostNetwork: true +containers: +- name: coturn + image: "instrumentisto/coturn:{{ coturn_version }}" + args: + - --log-file=stdout + resources: + limits: + memory: "1Gi" + volumeMounts: + - name: config + mountPath: /etc/coturn/ + readOnly: true + - name: run + mountPath: /var/run + - name: lib + mountPath: /var/lib/coturn +volumes: +- name: config + hostPath: + path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/" + type: Directory +- name: run + emptyDir: + medium: Memory +- name: lib + emptyDir: + medium: Memory diff --git a/roles/apps/coturn/templates/pod.yml.j2 b/roles/apps/coturn/templates/pod.yml.j2 deleted file mode 100644 index 7c127c13..00000000 --- a/roles/apps/coturn/templates/pod.yml.j2 +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "coturn-{{ coturn_realm }}" -spec: - securityContext: - allowPrivilegeEscalation: false - runAsUser: {{ coturn_uid }} - runAsGroup: {{ coturn_gid }} - hostNetwork: true - containers: - - name: coturn - image: "instrumentisto/coturn:{{ coturn_version }}" - args: - - --log-file=stdout - resources: - limits: - memory: "1Gi" - volumeMounts: - - name: config - mountPath: /etc/coturn/ - readOnly: true - - name: run - mountPath: /var/run - - name: lib - mountPath: /var/lib/coturn - volumes: - - name: config - hostPath: - path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/" - type: Directory - - name: run - emptyDir: - medium: Memory - - name: lib - emptyDir: - medium: Memory diff --git a/roles/kubernetes/standalone/pod/defaults/main.yml b/roles/kubernetes/standalone/pod/defaults/main.yml index 87e849d8..c20d37cf 100644 --- a/roles/kubernetes/standalone/pod/defaults/main.yml +++ b/roles/kubernetes/standalone/pod/defaults/main.yml @@ -13,7 +13,7 @@ # - /bin/bash # - -c # - "sleep inf" - +# mode: 0600 # config_hash_items: # - path: /path/to/configfile # properties: diff --git a/roles/kubernetes/standalone/pod/tasks/main.yml b/roles/kubernetes/standalone/pod/tasks/main.yml index b59e4f38..73048a81 100644 --- a/roles/kubernetes/standalone/pod/tasks/main.yml +++ b/roles/kubernetes/standalone/pod/tasks/main.yml @@ -55,14 +55,14 @@ apiVersion: v1 kind: Pod metadata: - name: {{ kubernetes_standalone_pod.name }} + name: "{{ kubernetes_standalone_pod.name }}" {% if 'labels' in kubernetes_standalone_pod %} labels: {{ kubernetes_standalone_pod.labels | to_nice_yaml(indent=2) | indent(4) }}{% endif %} {% if config_hash_value is defined or'annotations' in kubernetes_standalone_pod %} annotations: {% if config_hash_value is defined %} - config-hash: {{ config_hash_value }} + config-hash: "{{ config_hash_value }}" {% endif %} {% if 'annotations' in kubernetes_standalone_pod %} {{ kubernetes_standalone_pod.annotations | default({}) | to_nice_yaml(indent=2) | indent(4) }}{% endif %} @@ -70,3 +70,4 @@ spec: {{ kubernetes_standalone_pod.spec | indent(2) }} dest: "/etc/kubernetes/manifests/{{ kubernetes_standalone_pod.name }}.yml" + mode: "{{ kubernetes_standalone_pod.mode | default(omit) }}" -- cgit v1.2.3 From db5874224893ea999af8558c1d5ead7f0d7223b0 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 16:23:20 +0200 Subject: apps/collabora/code: migrate to new standalone pod role --- roles/apps/collabora/code/tasks/main.yml | 23 ++++++++++++----- .../apps/collabora/code/templates/pod-spec.yml.j2 | 25 ++++++++++++++++++ roles/apps/collabora/code/templates/pod.yml.j2 | 30 ---------------------- roles/kubernetes/standalone/pod/tasks/main.yml | 9 ++++--- 4 files changed, 46 insertions(+), 41 deletions(-) create mode 100644 roles/apps/collabora/code/templates/pod-spec.yml.j2 delete mode 100644 roles/apps/collabora/code/templates/pod.yml.j2 (limited to 'roles/kubernetes') diff --git a/roles/apps/collabora/code/tasks/main.yml b/roles/apps/collabora/code/tasks/main.yml index 57bdfa34..6b41bf5a 100644 --- a/roles/apps/collabora/code/tasks/main.yml +++ b/roles/apps/collabora/code/tasks/main.yml @@ -21,19 +21,26 @@ when: "'custom_image' in item.value" include_tasks: custom-image.yml -- name: generate pod manifests +- name: install pod manifest loop: "{{ collabora_code_instances | dict2items }}" loop_control: label: "{{ item.key }}" - template: - src: "pod.yml.j2" - dest: "/etc/kubernetes/manifests/collabora-code-{{ item.key }}.yml" - mode: 0600 + vars: + kubernetes_standalone_pod: + name: "collabora-code-{{ item.key }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + mode: 0600 + config_hash_items: + - path: "{{ collabora_code_base_path }}/{{ item.key }}/config/loolwsd.xml" + properties: + - checksum + include_role: + name: kubernetes/standalone/pod - name: configure nginx vhost loop: "{{ collabora_code_instances | dict2items }}" - include_role: - name: nginx/vhost + loop_control: + label: "{{ item.key }}" vars: nginx_vhost: name: "collabora-code-{{ item.key }}" @@ -41,3 +48,5 @@ acme: true hostnames: - "{{ item.value.hostname }}" + include_role: + name: nginx/vhost diff --git a/roles/apps/collabora/code/templates/pod-spec.yml.j2 b/roles/apps/collabora/code/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..04d2d25a --- /dev/null +++ b/roles/apps/collabora/code/templates/pod-spec.yml.j2 @@ -0,0 +1,25 @@ +containers: +- name: collabora-code + image: "collabora/code{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" + resources: + limits: + memory: "4Gi" + env: + - name: "DONT_GEN_SSL_CERT" + value: "1" + - name: "extra_params" + value: "--o:ssl.enable=false --o:ssl.termination=true" + volumeMounts: + - name: config + mountPath: /etc/loolwsd/loolwsd.xml + subPath: loolwsd.xml + readOnly: true + ports: + - containerPort: 9980 + hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 +volumes: +- name: config + hostPath: + path: "{{ collabora_code_base_path }}/{{ item.key }}/config/" + type: Directory diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2 deleted file mode 100644 index 53fb4c0d..00000000 --- a/roles/apps/collabora/code/templates/pod.yml.j2 +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "collabora-code-{{ item.key }}" -spec: - containers: - - name: collabora-code - image: "collabora/code{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" - resources: - limits: - memory: "4Gi" - env: - - name: "DONT_GEN_SSL_CERT" - value: "1" - - name: "extra_params" - value: "--o:ssl.enable=false --o:ssl.termination=true" - volumeMounts: - - name: config - mountPath: /etc/loolwsd/loolwsd.xml - subPath: loolwsd.xml - readOnly: true - ports: - - containerPort: 9980 - hostPort: {{ item.value.port }} - hostIP: 127.0.0.1 - volumes: - - name: config - hostPath: - path: "{{ collabora_code_base_path }}/{{ item.key }}/config/" - type: Directory diff --git a/roles/kubernetes/standalone/pod/tasks/main.yml b/roles/kubernetes/standalone/pod/tasks/main.yml index 73048a81..7f87cf3f 100644 --- a/roles/kubernetes/standalone/pod/tasks/main.yml +++ b/roles/kubernetes/standalone/pod/tasks/main.yml @@ -10,9 +10,10 @@ - name: gather stats for config-hash items loop: "{{ kubernetes_standalone_pod.config_hash_items }}" loop_control: - label: "{{ item.path }} ({{ item.properties | sort | join(', ') }})" + loop_var: config_hash_item + label: "{{ config_hash_item.path }} ({{ config_hash_item.properties | sort | join(', ') }})" stat: - path: "{{ item.path }}" + path: "{{ config_hash_item.path }}" get_checksum: yes checksum_algorithm: sha256 register: config_hash_items_stat @@ -25,8 +26,8 @@ copy: content: | {% for result in config_hash_items_stat.results %} - {{ result.item.path }}: - {% for property in (result.item.properties | sort) %} + {{ result.config_hash_item.path }}: + {% for property in (result.config_hash_item.properties | sort) %} {{ property }}: {{ result.stat[property] }} {% endfor %} {% endfor %} -- cgit v1.2.3 From 6025dcf6f3dd7df02284dd6b3a37dd186879196c Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 Jun 2020 21:46:04 +0200 Subject: fix pod manifest permissions --- roles/apps/collabora/code/tasks/main.yml | 2 +- roles/apps/coturn/tasks/main.yml | 2 +- roles/apps/etherpad-lite/tasks/main.yml | 2 +- roles/apps/jitsi/meet/tasks/main.yml | 2 +- roles/apps/nextcloud/tasks/main.yml | 2 +- roles/kubernetes/standalone/pod/defaults/main.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) (limited to 'roles/kubernetes') diff --git a/roles/apps/collabora/code/tasks/main.yml b/roles/apps/collabora/code/tasks/main.yml index 6b41bf5a..74f3240a 100644 --- a/roles/apps/collabora/code/tasks/main.yml +++ b/roles/apps/collabora/code/tasks/main.yml @@ -29,7 +29,7 @@ kubernetes_standalone_pod: name: "collabora-code-{{ item.key }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" - mode: 0600 + mode: "0600" config_hash_items: - path: "{{ collabora_code_base_path }}/{{ item.key }}/config/loolwsd.xml" properties: diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml index 9971b428..176be664 100644 --- a/roles/apps/coturn/tasks/main.yml +++ b/roles/apps/coturn/tasks/main.yml @@ -73,7 +73,7 @@ kubernetes_standalone_pod: name: "coturn-{{ coturn_realm }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" - mode: 0600 + mode: "0600" config_hash_items: - path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/turnserver.conf" properties: diff --git a/roles/apps/etherpad-lite/tasks/main.yml b/roles/apps/etherpad-lite/tasks/main.yml index 416ab7ff..105b89d9 100644 --- a/roles/apps/etherpad-lite/tasks/main.yml +++ b/roles/apps/etherpad-lite/tasks/main.yml @@ -100,7 +100,7 @@ kubernetes_standalone_pod: name: "etherpad-lite-{{ item.key }}" spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}" - mode: 0600 + mode: "0600" config_hash_items: - path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/settings.json" properties: diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml index f5bcbd21..16e05ced 100644 --- a/roles/apps/jitsi/meet/tasks/main.yml +++ b/roles/apps/jitsi/meet/tasks/main.yml @@ -22,7 +22,7 @@ kubernetes_standalone_pod: name: "jitsi-meet-{{ jitsi_meet_inst_name }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" - mode: 0600 + mode: "0600" config_hash_items: - path: "{{ jitsi_meet_base_path }}/{{ jitsi_meet_inst_name }}/scripts/prosody/cont-init.sh" properties: diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index d2ed558a..325fa15d 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -110,7 +110,7 @@ kubernetes_standalone_pod: name: "nextcloud-{{ item.key }}" spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}" - mode: 0600 + mode: "0600" config_hash_items: - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/apache-site.conf" properties: diff --git a/roles/kubernetes/standalone/pod/defaults/main.yml b/roles/kubernetes/standalone/pod/defaults/main.yml index c20d37cf..2eae33a3 100644 --- a/roles/kubernetes/standalone/pod/defaults/main.yml +++ b/roles/kubernetes/standalone/pod/defaults/main.yml @@ -13,7 +13,7 @@ # - /bin/bash # - -c # - "sleep inf" -# mode: 0600 +# mode: "0600" # config_hash_items: # - path: /path/to/configfile # properties: -- cgit v1.2.3