mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2024-11-09 23:13:30 +01:00
Moved to file based config, pre-FQCN, pre-update to documentation
This commit is contained in:
parent
61f706acb9
commit
57b9a2a0be
33 changed files with 89 additions and 498 deletions
|
@ -9,7 +9,7 @@
|
|||
k3s_state: installed
|
||||
|
||||
# Use a specific k3s version, if set to "false" we will get the latest
|
||||
# k3s_release_version: v0.1.0
|
||||
# k3s_release_version: v1.19.3
|
||||
k3s_release_version: false
|
||||
|
||||
# Loction of the k3s configuration file
|
||||
|
@ -32,9 +32,6 @@ k3s_install_dir: /usr/local/bin
|
|||
# Install using hard links rather than symbolic links
|
||||
k3s_install_hard_links: false
|
||||
|
||||
# Use Docker rather than containerd
|
||||
k3s_use_docker: false
|
||||
|
||||
# A list of templates used for preconfigure the cluster.
|
||||
k3s_server_manifests_templates: []
|
||||
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v1.18.6+k3s1
|
||||
k3s_install_hard_links: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_cluster_state: uninstalled
|
||||
k3s_use_docker: true
|
||||
k3s_agent:
|
||||
docker: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -4,11 +4,10 @@
|
|||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: latest
|
||||
k3s_use_docker: true
|
||||
k3s_skip_validation: true
|
||||
k3s_server:
|
||||
https-listen-port: 26443
|
||||
cluster-domain: examplecluster.local
|
||||
k3s_agent:
|
||||
docker: true
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_control_node_address: loadbalancer
|
||||
k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
k3s_server:
|
||||
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
||||
|
|
|
@ -4,10 +4,11 @@
|
|||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: v1.19
|
||||
k3s_etcd_datastore: true
|
||||
k3s_secrets_encryption: true
|
||||
k3s_release_version: latest
|
||||
k3s_use_experimental: true
|
||||
k3s_server:
|
||||
cluster-init: true
|
||||
secrets-encryption: true
|
||||
pre_tasks:
|
||||
- name: Set each node to be a control node
|
||||
set_fact:
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
- reload systemd
|
||||
- restart k3s
|
||||
|
||||
- name: Ensure k3s config file exists on control plane
|
||||
- name: Ensure k3s config file exists
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
|
|
|
@ -37,14 +37,14 @@
|
|||
- restart k3s
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s killall script is present on all nodes
|
||||
- name: Ensure k3s killall script is present
|
||||
template:
|
||||
src: k3s-killall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-killall.sh"
|
||||
mode: 0700
|
||||
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s uninstall script is present on all nodes
|
||||
- name: Ensure k3s uninstall script is present
|
||||
template:
|
||||
src: k3s-uninstall.sh.j2
|
||||
dest: "/usr/local/bin/k3s-uninstall.sh"
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
path: "{{ k3s_config_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
recurse: true
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure systemd unit file directory exists
|
||||
|
|
|
@ -74,3 +74,13 @@
|
|||
|
||||
when: k3s_control_node_address is not defined
|
||||
or k3s_control_delegate is not defined
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for control plane
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}"
|
||||
when: k3s_control_node is defined and k3s_control_node
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for agents
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ k3s_agent | default('None') }}"
|
||||
when: k3s_control_node is not defined or not k3s_control_node
|
||||
|
|
|
@ -14,19 +14,19 @@
|
|||
|
||||
- import_tasks: build/get-systemd-context.yml
|
||||
|
||||
- name: Ensure docker installation tasks are run
|
||||
block:
|
||||
|
||||
- include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
|
||||
- import_tasks: build/install-docker.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
|
||||
|
||||
- include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
|
||||
|
||||
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
|
||||
|
||||
- import_tasks: build/download-k3s.yml
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: operate/stop-k3s.yml
|
||||
|
||||
- import_tasks: operate/start-k3s.yml
|
||||
|
|
|
@ -6,19 +6,19 @@
|
|||
|
||||
- import_tasks: teardown/uninstall-k3s.yml
|
||||
|
||||
- name: Ensure docker uninstall tasks are run
|
||||
block:
|
||||
|
||||
- import_tasks: teardown/uninstall-docker.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
|
||||
|
||||
- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
|
||||
|
||||
- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml
|
||||
when: k3s_use_docker
|
||||
and (k3s_non_root is not defined or not k3s_non_root)
|
||||
|
||||
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
|
||||
|
||||
- import_tasks: validate/check-uninstalled.yml
|
||||
when: not k3s_skip_validation
|
||||
|
|
|
@ -34,4 +34,5 @@
|
|||
|
||||
- name: Clean up Docker
|
||||
command: docker system prune -a --force
|
||||
when: k3s_use_docker and check_k3s_docker_path.rc == 0
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
and check_k3s_docker_path.rc == 0
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
retries: 30
|
||||
delay: 20
|
||||
when: k3s_control_node
|
||||
and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable)
|
||||
and (("disable" not in k3s_runtime_config)
|
||||
or ("disable" in k3s_runtime_config and "flannel" not in k3s_runtime_config.disable))
|
||||
and not ansible_check_mode
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
- name: Check that the control plane to is available to accept connections
|
||||
wait_for:
|
||||
port: "{{ k3s_https_port }}"
|
||||
host: "{{ k3s_bind_address | default('127.0.0.1') }}"
|
||||
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
|
||||
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
|
||||
delay: 5
|
||||
sleep: 5
|
||||
timeout: 300
|
||||
|
|
|
@ -6,9 +6,7 @@
|
|||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
|
||||
when: (k3s_server.rootless is defined and k3s_server.rootless)
|
||||
or (k3s_agent.rootless is defined and k3s_agent.rootless)
|
||||
or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore)
|
||||
or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption)
|
||||
or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption)
|
||||
or (k3s_server.selinux is defined and k3s_server.selinux)
|
||||
when: ("rootless" in k3s_runtime_config and k3s_runtime_config.rootless)
|
||||
or ("etcd-datastore" in k3s_runtime_config and k3s_runtime_config.etcd-datastore)
|
||||
or ("secrets-encryption" in k3s_runtime_config and k3s_runtime_config.secrets-encryption)
|
||||
or ("selinux" in k3s_runtime_config and k3s_runtime_config.selinux)
|
||||
|
|
|
@ -4,9 +4,8 @@
|
|||
assert:
|
||||
that:
|
||||
- (k3s_controller_count | length == 1)
|
||||
and (k3s_datastore_endpoint is not defined or not k3s_datastore_endpoint)
|
||||
and (k3s_dqlite_datastore is not defined or not k3s_dqlite_datastore)
|
||||
and (k3s_etcd_datastore is not defined or not k3s_etcd_datastore)
|
||||
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config.datastore-endpoint)
|
||||
and ("cluster-init" not in k3s_runtime_config or not k3s_runtime_config.cluster-init)
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
|
||||
when: k3s_controller_count | length == 1
|
||||
|
@ -16,9 +15,8 @@
|
|||
assert:
|
||||
that:
|
||||
- (k3s_controller_count | length >= 2)
|
||||
and ((k3s_datastore_endpoint is defined and k3s_datastore_endpoint)
|
||||
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
or (k3s_etcd_datastore is defined and k3s_etcd_datastore))
|
||||
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config.datastore-endpoint)
|
||||
or ("cluster-init" in k3s_runtime_config and k3s_runtime_config.cluster-init))
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
|
||||
when: k3s_controller_count | length >= 2
|
||||
|
@ -30,4 +28,6 @@
|
|||
and (((k3s_controller_count | length) % 2) == 1)
|
||||
success_msg: "Control plane configuration is valid."
|
||||
fail_msg: "Etcd should have a minimum of 3 defined members and the number of members should be odd. Please see notes about HA in README.md"
|
||||
when: k3s_etcd_datastore and not k3s_use_unsupported_config
|
||||
when: ("cluster-init" in k3s_runtime_config)
|
||||
and k3s_runtime_config.cluster-init
|
||||
and not k3s_use_unsupported_config
|
||||
|
|
|
@ -16,12 +16,12 @@
|
|||
ignore_errors: true
|
||||
changed_when: false
|
||||
register: check_k3s_docker_process
|
||||
when: k3s_use_docker is defined and k3s_use_docker
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if docker is still running
|
||||
fail:
|
||||
msg: docker is still running, uninstall script failed. Please investigate.
|
||||
when: k3s_use_docker is defined and k3s_use_docker and check_k3s_docker_process.rc == 0
|
||||
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
|
||||
|
||||
- name: Fail if k3s binaries have not been removed
|
||||
stat:
|
||||
|
|
|
@ -1,288 +1,11 @@
|
|||
---
|
||||
|
||||
- name: Check k3s_no_flannel against k3s version
|
||||
- name: Check that k3s_release_version >= 1.19.0
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--no-flannel is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--no-flannel is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_no_flannel is defined and k3s_no_flannel
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '>=')
|
||||
success_msg: "{{ k3s_release_version }} is supported by this role."
|
||||
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
|
||||
|
||||
- name: Check k3s_service_cidr against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--service-cidr is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--service-cidr is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_service_cidr is defined
|
||||
|
||||
- name: Check k3s_cluster_dns against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--cluster-dns is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-dns is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_cluster_dns is defined and k3s_cluster_dns
|
||||
|
||||
- name: Check k3s_use_docker against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--docker is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--docker is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_use_docker is defined and k3s_use_docker
|
||||
|
||||
- name: Check k3s_no_traefik against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
|
||||
success_msg: "--no-deploy traefik is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--no-deploy traefik is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_no_traefik is defined and k3s_no_traefik
|
||||
|
||||
- name: Check k3s_non_root against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
- ansible_user_id != "root"
|
||||
- play_hosts | length == 1
|
||||
success_msg: "k3s_non_root is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "k3s_non_root only works in >= v0.4.0, on a single node and must not be installed as root."
|
||||
when: k3s_non_root is defined and k3s_non_root
|
||||
|
||||
- name: Check k3s_resolv_conf against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
|
||||
success_msg: "--resolv-conf is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--resolv-conf is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_resolv_conf is defined and k3s_resolv_conf
|
||||
|
||||
- name: Check k3s_tls_san against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
|
||||
success_msg: "--tls-san is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--tls-san is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_tls_san is defined and k3s_tls_san
|
||||
|
||||
- name: Check k3s_flannel_interface against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--flannel-iface is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--flannel-iface is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_interface is defined and k3s_flannel_interface
|
||||
|
||||
- name: Check k3s_cluster_domain against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--cluster-domain is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-domain is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_cluster_domain is defined and k3s_cluster_domain
|
||||
|
||||
- name: Check k3s_bind_address against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "--bind-address is supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--bind-address is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_bind_address is defined and k3s_bind_address
|
||||
|
||||
- name: Check k3s_bind_address against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.5.0', '>=')
|
||||
success_msg: "Auto deploy manifests is supported in {{ k3s_release_version }}"
|
||||
fail_msg: |
|
||||
Auto deploy manifests supported is limited in {{ k3s_release_version }}.
|
||||
To disable this message ensure k3s_use_experimental is set to true.
|
||||
when: k3s_server_manifests_templates is defined
|
||||
and k3s_server_manifests_templates | length > 0
|
||||
and (k3s_use_experimental is not defined or not k3s_use_experimental)
|
||||
|
||||
- name: Check k3s_node_labels against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
|
||||
success_msg: "Node Labels supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Node Labels are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_node_labels is defined and k3s_node_labels
|
||||
|
||||
- name: Check k3s_node_taints against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
|
||||
success_msg: "Node Taints supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Node Taints are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_node_taints is defined and k3s_node_taints
|
||||
|
||||
- name: Check k3s_kubelet_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kubelet args supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kubelet args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kubelet_args is defined and k3s_kubelet_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_proxy_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube proxy args supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube proxy args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_proxy_args is defined and k3s_kube_proxy_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_apiserver_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube API Server supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube API Server args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_scheduler_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube Scheduler supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Scheduler args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_controller_manager_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
|
||||
success_msg: "Kube Controller Manager supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Controller Manager args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args | length > 0
|
||||
|
||||
- name: Check k3s_kube_cloud_controller_manager_args against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "Kube Cloud Controller Manager supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Kube Cloud Controller Manager args are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args | length > 0
|
||||
|
||||
- name: Check k3s_flannel_backend against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "Alternate flannel backends supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Alternate flannel backends are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_backend is defined and k3s_flannel_backend
|
||||
|
||||
- name: Check k3s_flannel_backend 'host-gw' configuration against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.2', '>=')
|
||||
success_msg: "host-gw flannel backend supported in {{ k3s_release_version }}"
|
||||
fail_msg: "host-gw flannel backend is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_flannel_backend is defined and k3s_flannel_backend == 'host-gw'
|
||||
|
||||
- name: Check k3s_disable_network_policy against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "--disable-network-policy supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-network-policy not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_network_policy is defined and k3s_disable_network_policy
|
||||
|
||||
- name: Check k3s_private_registry against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
|
||||
success_msg: "--private-registry supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--private-registry not supported in {{ k3s_release_version }}"
|
||||
when: k3s_private_registry is defined and k3s_private_registry
|
||||
|
||||
- name: Check k3s_disable_cloud_controller against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--disable-cloud-controller supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-cloud-controller not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_cloud_controller is defined and k3s_disable_cloud_controller
|
||||
|
||||
- name: Check k3s_disable_scheduler against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--disable-scheduler supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--disable-scheduler not supported in {{ k3s_release_version }}"
|
||||
when: k3s_disable_scheduler is defined and k3s_disable_scheduler
|
||||
|
||||
- name: Check k3s_datastore_endpoint against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_endpoint is defined and k3s_datastore_endpoint
|
||||
|
||||
- name: Check k3s_dqlite_datastore against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '<')
|
||||
success_msg: "--cluster-init (dqlite) supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-init (dqlite) not supported in {{ k3s_release_version }}"
|
||||
when: k3s_dqlite_datastore is defined and k3s_dqlite_datastore
|
||||
|
||||
- name: Check k3s_etcd_datastore against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.19.1', '>=')
|
||||
success_msg: "--cluster-init (etcd) supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--cluster-init (etcd) not supported in {{ k3s_release_version }}"
|
||||
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
|
||||
|
||||
- name: Check k3s_datastore_cafile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_cafile is defined and k3s_datastore_cafile
|
||||
|
||||
- name: Check k3s_datastore_certfile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_certfile is defined and k3s_datastore_certfile
|
||||
|
||||
- name: Check k3s_datastore_keyfile against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
|
||||
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
|
||||
when: k3s_datastore_keyfile is defined and k3s_datastore_keyfile
|
||||
|
||||
- name: Check k3s_default_local_storage_path against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
|
||||
success_msg: "Local storage path supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Local storage path are not supported in {{ k3s_release_version }}"
|
||||
when: k3s_default_local_storage_path is defined and k3s_default_local_storage_path
|
||||
|
||||
- name: Check k3s_secrets_encryption against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
|
||||
success_msg: "Secrets encryption at rest supported in {{ k3s_release_version }}"
|
||||
fail_msg: "Secrets encryption at rest is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_secrets_encryption is defined and k3s_secrets_encryption
|
||||
|
||||
- name: Check k3s_enable_selinux against k3s version
|
||||
assert:
|
||||
that:
|
||||
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
|
||||
success_msg: "SELinux supported in {{ k3s_release_version }}"
|
||||
fail_msg: "SELinux is not supported in {{ k3s_release_version }}"
|
||||
when: k3s_enable_selinux is defined and k3s_enable_selinux
|
||||
# Due to the v2 role now only supporting k3s v1.19+ - this file is intentionlly
|
||||
# blank until new configuration options are added.
|
||||
|
|
5
tasks/validate/generate-check-config.yml
Normal file
5
tasks/validate/generate-check-config.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Ensure k3s_runtime_config is set for validation
|
||||
set_fact:
|
||||
k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}"
|
|
@ -1,10 +1,13 @@
|
|||
---
|
||||
|
||||
- import_tasks: check-variables.yml
|
||||
|
||||
- import_tasks: check-experimental-variables.yml
|
||||
|
||||
- import_tasks: check-unsupported-rootless.yml
|
||||
when: k3s_non_root is defined
|
||||
and k3s_non_root
|
||||
when: ("rootless" in k3s_runtime_config)
|
||||
and k3s_runtime_config.rootless
|
||||
and k3s_use_unsupported_config
|
||||
|
||||
- import_tasks: check-master-count.yml
|
||||
when: k3s_build_cluster is defined and k3s_build_cluster
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: check-control-plane.yml
|
||||
|
||||
- import_tasks: check-cluster-nodes-ready.yml
|
||||
|
|
|
@ -8,5 +8,7 @@
|
|||
success_msg: "k3s_state is valid."
|
||||
when: k3s_state is defined
|
||||
|
||||
- import_tasks: generate-check-config.yml
|
||||
|
||||
- import_tasks: check-environment.yml
|
||||
when: not k3s_skip_validation
|
||||
|
|
|
@ -1,11 +1,3 @@
|
|||
---
|
||||
|
||||
{% if k3s_control_node %}
|
||||
{% if k3s_server is defined and k3s_server != None %}
|
||||
{{ k3s_server | to_nice_yaml(indent=2) }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if k3s_agent is defined and k3s_agent != None %}
|
||||
{{ k3s_agent | to_nice_yaml(indent=2) }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{{ k3s_runtime_config | to_nice_yaml(indent=2) }}
|
||||
|
|
|
@ -62,7 +62,7 @@ do_unmount() {
|
|||
}
|
||||
|
||||
do_unmount '/run/k3s'
|
||||
do_unmount '{{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}'
|
||||
do_unmount '{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}'
|
||||
do_unmount '/var/lib/kubelet/pods'
|
||||
do_unmount '/run/netns/cni-'
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ for bin in {{ k3s_install_dir }}/k3s*; do
|
|||
done
|
||||
|
||||
[ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s
|
||||
[ -d {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}
|
||||
[ -d {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}
|
||||
[ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet
|
||||
|
||||
[ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh
|
||||
|
|
|
@ -21,7 +21,7 @@ ExecStart={{ k3s_install_dir }}/k3s
|
|||
{% endif %}
|
||||
{% else %}
|
||||
agent
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_runtime_config['https-listen-port'] | default(6443) }}
|
||||
--token-file {{ k3s_token_location }}/cluster-token
|
||||
{% if k3s_agent is defined %}
|
||||
--config {{ k3s_config_file }}
|
||||
|
|
96
vagrant/Vagrantfile
vendored
96
vagrant/Vagrantfile
vendored
|
@ -1,96 +0,0 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
$centos_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo yum clean all > /dev/null 2>&1 && echo "[OK] Cleanup YUM."
|
||||
sudo yum makecache > /dev/null 2>&1 && echo "[OK] Create YUM cache."
|
||||
sudo yum install python libselinux-python -y -q > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
$debian_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo apt update > /dev/null 2>&1 && echo "[OK] Update APT cache."
|
||||
sudo apt-get install python -y > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
$opensuse_provision = <<SCRIPT
|
||||
if [ ! -f .vagrant_provision ] ; then
|
||||
echo "Installing dependencies ..."
|
||||
sudo zypper refresh > /dev/null 2>&1 && echo "[OK] Update Zypper cache."
|
||||
sudo zypper install -y python python-xml > /dev/null 2>&1 && \
|
||||
echo "[OK] Installing Python."
|
||||
touch .vagrant_provision
|
||||
else
|
||||
echo "Already Provisioned."
|
||||
fi
|
||||
SCRIPT
|
||||
|
||||
VAGRANTFILE_API_VERSION = "2"
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
config.vm.define "node1" do |node1|
|
||||
node1.vm.box = "centos/7"
|
||||
node1.vm.hostname = "k3s-node01"
|
||||
node1.vm.network "private_network", ip: "172.16.3.30"
|
||||
node1.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node1"
|
||||
vb.memory = 512
|
||||
end
|
||||
node1.vm.provision "shell", inline: $centos_provision
|
||||
end
|
||||
|
||||
config.vm.define "node2" do |node2|
|
||||
node2.vm.box = "debian/buster64"
|
||||
node2.vm.hostname = "k3s-node02"
|
||||
node2.vm.network "private_network", ip: "172.16.3.31"
|
||||
node2.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node2"
|
||||
vb.memory = 512
|
||||
end
|
||||
node2.vm.provision "shell", inline: $debian_provision
|
||||
end
|
||||
|
||||
config.vm.define "node3" do |node3|
|
||||
node3.vm.box = "bento/opensuse-leap-15.1"
|
||||
node3.vm.hostname = "k3s-node03"
|
||||
node3.vm.network "private_network", ip: "172.16.3.32"
|
||||
node3.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
|
||||
node3.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node3"
|
||||
vb.memory = 512
|
||||
end
|
||||
node3.vm.provision "shell", inline: $opensuse_provision
|
||||
end
|
||||
|
||||
config.vm.define "node4" do |node4|
|
||||
node4.vm.box = "ubuntu/bionic64"
|
||||
node4.vm.hostname = "k3s-node04"
|
||||
node4.vm.network "private_network", ip: "172.16.3.33"
|
||||
node4.vm.provider "virtualbox" do |vb|
|
||||
vb.name = "k3s - node4"
|
||||
vb.memory = 512
|
||||
end
|
||||
node4.vm.provision "shell", inline: $debian_provision
|
||||
node4.vm.provision "ansible" do |a|
|
||||
a.limit = "all"
|
||||
a.config_file = "ansible.cfg"
|
||||
a.inventory_path = "inventory.yml"
|
||||
a.playbook = "test.yml"
|
||||
a.verbose = "vv"
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,4 +0,0 @@
|
|||
[defaults]
|
||||
|
||||
host_key_checking = false
|
||||
roles_path = ../../
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
|
||||
all:
|
||||
vars:
|
||||
ansible_become: true
|
||||
k3s_use_docker: false
|
||||
|
||||
k3s_nodes:
|
||||
hosts:
|
||||
node1:
|
||||
ansible_host: 172.16.3.30
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node1/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node2:
|
||||
ansible_host: 172.16.3.31
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node2/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node3:
|
||||
ansible_host: 172.16.3.32
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node3/virtualbox/private_key'
|
||||
k3s_flannel_interface: eth1
|
||||
node4:
|
||||
ansible_host: 172.16.3.33
|
||||
ansible_user: vagrant
|
||||
ansible_port: 22
|
||||
ansible_ssh_private_key_file: '.vagrant/machines/node4/virtualbox/private_key'
|
||||
k3s_flannel_interface: enp0s8
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- hosts: node1
|
||||
become: true
|
||||
roles:
|
||||
- ansible-role-k3s
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- hosts: k3s_nodes
|
||||
become: true
|
||||
roles:
|
||||
- ansible-role-k3s
|
Loading…
Reference in a new issue