blob: 27da0bf14177a4a875c86ce85b9520055c0f6b79 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
---
- name: prepare variables and do some sanity checks
hosts: _kubernetes_nodes_
gather_facts: no
run_once: yes
tasks:
- name: sanity checks for kubeguard
when: kubernetes_network_plugin == 'kubeguard'
block:
- name: check whether every node has a node_index assigned
assert:
msg: "There are nodes without an assigned node_index: {{ groups['_kubernetes_nodes_'] | difference(kubeguard.node_index.keys()) | join(', ') }}"
that: groups['_kubernetes_nodes_'] | difference(kubeguard.node_index.keys()) | length == 0
- name: check whether node indizes are unique
assert:
msg: "There are duplicate entries in the node_index table, every node_index is only allowed once"
that: (kubeguard.node_index.keys() | length) == (kubeguard.node_index.values() | unique | length)
- name: check whether node indizes are all > 0
assert:
msg: "At least one node_index is < 1 (indizes start at 1)"
that: (kubeguard.node_index.values() | min) > 0
- name: check whether overlay node io is configured > 0
assert:
msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip"
that: kubernetes_overlay_node_ip is defined
- name: make sure the kubernetes_cri_socket variable is configured correctly
when: kubernetes_container_runtime == 'containerd'
assert:
msg: "The variable kubernetes_cri_socket is not configured correctly for use with containerd!"
that:
- kubernetes_cri_socket == "unix:///run/containerd/containerd.sock"
########
- name: kubernetes base installation
hosts: _kubernetes_nodes_
roles:
- role: apt-repo/spreadspace
when: kubernetes_network_plugin == 'kubeguard'
- role: kubernetes/net/kubeguard
when: kubernetes_network_plugin == 'kubeguard'
- role: kubernetes/base
- role: kubernetes/kubeadm/base
- name: configure kubernetes primary master
hosts: _kubernetes_primary_master_
roles:
- role: kubernetes/kubeadm/master
- name: configure kubernetes secondary masters
hosts: _kubernetes_masters_:!_kubernetes_primary_master_
roles:
- role: kubernetes/kubeadm/master
- name: configure kubernetes non-master nodes
hosts: _kubernetes_nodes_:!_kubernetes_masters_
roles:
- role: kubernetes/kubeadm/node
### TODO: add node labels (ie. for ingress daeomnset)
|
