Moved to file based config, pre-FQCN, pre-update to documentation

This commit is contained in:
Xan Manning 2020-10-22 19:26:15 +01:00
parent 61f706acb9
commit 57b9a2a0be
33 changed files with 89 additions and 498 deletions

View file

@ -9,7 +9,7 @@
k3s_state: installed
# Use a specific k3s version, if set to "false" we will get the latest
# k3s_release_version: v0.1.0
# k3s_release_version: v1.19.3
k3s_release_version: false
# Loction of the k3s configuration file
@ -32,9 +32,6 @@ k3s_install_dir: /usr/local/bin
# Install using hard links rather than symbolic links
k3s_install_hard_links: false
# Use Docker rather than containerd
k3s_use_docker: false
# A list of templates used for preconfigure the cluster.
k3s_server_manifests_templates: []

View file

@ -4,7 +4,6 @@
become: true
vars:
molecule_is_test: true
k3s_release_version: v1.18.6+k3s1
k3s_install_hard_links: true
roles:
- role: xanmanning.k3s

View file

@ -5,6 +5,7 @@
vars:
molecule_is_test: true
k3s_cluster_state: uninstalled
k3s_use_docker: true
k3s_agent:
docker: true
roles:
- role: xanmanning.k3s

View file

@ -4,11 +4,10 @@
become: true
vars:
molecule_is_test: true
k3s_release_version: latest
k3s_use_docker: true
k3s_skip_validation: true
k3s_server:
https-listen-port: 26443
cluster-domain: examplecluster.local
k3s_agent:
docker: true
roles:
- role: xanmanning.k3s

View file

@ -5,7 +5,8 @@
vars:
molecule_is_test: true
k3s_control_node_address: loadbalancer
k3s_datastore_endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
k3s_server:
datastore-endpoint: "postgres://postgres:verybadpass@database:5432/postgres?sslmode=disable"
pre_tasks:
- name: Set each node to be a control node
set_fact:

View file

@ -4,10 +4,11 @@
become: true
vars:
molecule_is_test: true
k3s_release_version: v1.19
k3s_etcd_datastore: true
k3s_secrets_encryption: true
k3s_release_version: latest
k3s_use_experimental: true
k3s_server:
cluster-init: true
secrets-encryption: true
pre_tasks:
- name: Set each node to be a control node
set_fact:

View file

@ -47,7 +47,7 @@
- reload systemd
- restart k3s
- name: Ensure k3s config file exists on control plane
- name: Ensure k3s config file exists
template:
src: config.yaml.j2
dest: "{{ k3s_config_file }}"

View file

@ -37,14 +37,14 @@
- restart k3s
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s killall script is present on all nodes
- name: Ensure k3s killall script is present
template:
src: k3s-killall.sh.j2
dest: "/usr/local/bin/k3s-killall.sh"
mode: 0700
become: "{{ k3s_become_for_usr_local_bin | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s uninstall script is present on all nodes
- name: Ensure k3s uninstall script is present
template:
src: k3s-uninstall.sh.j2
dest: "/usr/local/bin/k3s-uninstall.sh"

View file

@ -5,7 +5,6 @@
path: "{{ k3s_config_file | dirname }}"
state: directory
mode: 0755
recurse: true
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure systemd unit file directory exists

View file

@ -74,3 +74,13 @@
when: k3s_control_node_address is not defined
or k3s_control_delegate is not defined
- name: Ensure k3s_runtime_config is set for control plane
set_fact:
k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}"
when: k3s_control_node is defined and k3s_control_node
- name: Ensure k3s_runtime_config is set for agents
set_fact:
k3s_runtime_config: "{{ k3s_agent | default('None') }}"
when: k3s_control_node is not defined or not k3s_control_node

View file

@ -14,19 +14,19 @@
- import_tasks: build/get-systemd-context.yml
- include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml
when: k3s_use_docker
and (k3s_non_root is not defined or not k3s_non_root)
- name: Ensure docker installation tasks are run
block:
- import_tasks: build/install-docker.yml
when: k3s_use_docker
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
and (k3s_non_root is not defined or not k3s_non_root)
- include_tasks: build/install-docker-prerequisites-{{ ansible_os_family | lower }}.yml
- include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
when: k3s_use_docker
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
and (k3s_non_root is not defined or not k3s_non_root)
- import_tasks: build/install-docker.yml
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
- include_tasks: build/install-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
- import_tasks: build/download-k3s.yml

View file

@ -1,4 +1,5 @@
---
- import_tasks: operate/stop-k3s.yml
- import_tasks: operate/start-k3s.yml

View file

@ -6,19 +6,19 @@
- import_tasks: teardown/uninstall-k3s.yml
- import_tasks: teardown/uninstall-docker.yml
when: k3s_use_docker
and ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
and (k3s_non_root is not defined or not k3s_non_root)
- name: Ensure docker uninstall tasks are run
block:
- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
when: k3s_use_docker
and ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
and (k3s_non_root is not defined or not k3s_non_root)
- import_tasks: teardown/uninstall-docker.yml
when: ansible_distribution | replace(" ", "-") | lower not in ['amazon', 'suse', 'opensuse-leap']
- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml
when: k3s_use_docker
and (k3s_non_root is not defined or not k3s_non_root)
- include_tasks: teardown/uninstall-docker-{{ ansible_distribution | replace(" ", "-") | lower }}.yml
when: ansible_distribution | replace(" ", "-") | lower in ['amazon', 'suse', 'opensuse-leap']
- include_tasks: teardown/uninstall-docker-prerequisites-{{ ansible_os_family | lower }}.yml
when: ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
and ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
- import_tasks: validate/check-uninstalled.yml
when: not k3s_skip_validation

View file

@ -34,4 +34,5 @@
- name: Clean up Docker
command: docker system prune -a --force
when: k3s_use_docker and check_k3s_docker_path.rc == 0
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
and check_k3s_docker_path.rc == 0

View file

@ -11,6 +11,7 @@
retries: 30
delay: 20
when: k3s_control_node
and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable)
and (("disable" not in k3s_runtime_config)
or ("disable" in k3s_runtime_config and "flannel" not in k3s_runtime_config.disable))
and not ansible_check_mode
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

View file

@ -2,8 +2,8 @@
- name: Check that the control plane to is available to accept connections
wait_for:
port: "{{ k3s_https_port }}"
host: "{{ k3s_bind_address | default('127.0.0.1') }}"
port: "{{ k3s_runtime_config['https-listen-port'] | default('6443') }}"
host: "{{ k3s_runtime_config['bind-address'] | default('127.0.0.1') }}"
delay: 5
sleep: 5
timeout: 300

View file

@ -6,9 +6,7 @@
- k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled."
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
when: (k3s_server.rootless is defined and k3s_server.rootless)
or (k3s_agent.rootless is defined and k3s_agent.rootless)
or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore)
or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption)
or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption)
or (k3s_server.selinux is defined and k3s_server.selinux)
when: ("rootless" in k3s_runtime_config and k3s_runtime_config.rootless)
or ("etcd-datastore" in k3s_runtime_config and k3s_runtime_config.etcd-datastore)
or ("secrets-encryption" in k3s_runtime_config and k3s_runtime_config.secrets-encryption)
or ("selinux" in k3s_runtime_config and k3s_runtime_config.selinux)

View file

@ -4,9 +4,8 @@
assert:
that:
- (k3s_controller_count | length == 1)
and (k3s_datastore_endpoint is not defined or not k3s_datastore_endpoint)
and (k3s_dqlite_datastore is not defined or not k3s_dqlite_datastore)
and (k3s_etcd_datastore is not defined or not k3s_etcd_datastore)
and ("datastore-endpoint" not in k3s_runtime_config or not k3s_runtime_config.datastore-endpoint)
and ("cluster-init" not in k3s_runtime_config or not k3s_runtime_config.cluster-init)
success_msg: "Control plane configuration is valid."
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
when: k3s_controller_count | length == 1
@ -16,9 +15,8 @@
assert:
that:
- (k3s_controller_count | length >= 2)
and ((k3s_datastore_endpoint is defined and k3s_datastore_endpoint)
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
or (k3s_etcd_datastore is defined and k3s_etcd_datastore))
and (("datastore-endpoint" in k3s_runtime_config and k3s_runtime_config.datastore-endpoint)
or ("cluster-init" in k3s_runtime_config and k3s_runtime_config.cluster-init))
success_msg: "Control plane configuration is valid."
fail_msg: "Control plane configuration is invalid. Please see notes about k3s_control_node and HA in README.md."
when: k3s_controller_count | length >= 2
@ -30,4 +28,6 @@
and (((k3s_controller_count | length) % 2) == 1)
success_msg: "Control plane configuration is valid."
fail_msg: "Etcd should have a minimum of 3 defined members and the number of members should be odd. Please see notes about HA in README.md"
when: k3s_etcd_datastore and not k3s_use_unsupported_config
when: ("cluster-init" in k3s_runtime_config)
and k3s_runtime_config.cluster-init
and not k3s_use_unsupported_config

View file

@ -16,12 +16,12 @@
ignore_errors: true
changed_when: false
register: check_k3s_docker_process
when: k3s_use_docker is defined and k3s_use_docker
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if docker is still running
fail:
msg: docker is still running, uninstall script failed. Please investigate.
when: k3s_use_docker is defined and k3s_use_docker and check_k3s_docker_process.rc == 0
when: ("docker" in k3s_runtime_config and k3s_runtime_config.docker)
- name: Fail if k3s binaries have not been removed
stat:

View file

@ -1,288 +1,11 @@
---
- name: Check k3s_no_flannel against k3s version
- name: Check that k3s_release_version >= 1.19.0
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
success_msg: "--no-flannel is supported in {{ k3s_release_version }}"
fail_msg: "--no-flannel is not supported in {{ k3s_release_version }}"
when: k3s_no_flannel is defined and k3s_no_flannel
- (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '>=')
success_msg: "{{ k3s_release_version }} is supported by this role."
fail_msg: "{{ k3s_release_version }} is not supported by this role, please use xanmanning.k3s v1.x."
- name: Check k3s_service_cidr against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
success_msg: "--service-cidr is supported in {{ k3s_release_version }}"
fail_msg: "--service-cidr is not supported in {{ k3s_release_version }}"
when: k3s_service_cidr is defined
- name: Check k3s_cluster_dns against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
success_msg: "--cluster-dns is supported in {{ k3s_release_version }}"
fail_msg: "--cluster-dns is not supported in {{ k3s_release_version }}"
when: k3s_cluster_dns is defined and k3s_cluster_dns
- name: Check k3s_use_docker against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
success_msg: "--docker is supported in {{ k3s_release_version }}"
fail_msg: "--docker is not supported in {{ k3s_release_version }}"
when: k3s_use_docker is defined and k3s_use_docker
- name: Check k3s_no_traefik against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.2.0', '>=')
success_msg: "--no-deploy traefik is supported in {{ k3s_release_version }}"
fail_msg: "--no-deploy traefik is not supported in {{ k3s_release_version }}"
when: k3s_no_traefik is defined and k3s_no_traefik
- name: Check k3s_non_root against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
- ansible_user_id != "root"
- play_hosts | length == 1
success_msg: "k3s_non_root is supported in {{ k3s_release_version }}"
fail_msg: "k3s_non_root only works in >= v0.4.0, on a single node and must not be installed as root."
when: k3s_non_root is defined and k3s_non_root
- name: Check k3s_resolv_conf against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
success_msg: "--resolv-conf is supported in {{ k3s_release_version }}"
fail_msg: "--resolv-conf is not supported in {{ k3s_release_version }}"
when: k3s_resolv_conf is defined and k3s_resolv_conf
- name: Check k3s_tls_san against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.3.0', '>=')
success_msg: "--tls-san is supported in {{ k3s_release_version }}"
fail_msg: "--tls-san is not supported in {{ k3s_release_version }}"
when: k3s_tls_san is defined and k3s_tls_san
- name: Check k3s_flannel_interface against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "--flannel-iface is supported in {{ k3s_release_version }}"
fail_msg: "--flannel-iface is not supported in {{ k3s_release_version }}"
when: k3s_flannel_interface is defined and k3s_flannel_interface
- name: Check k3s_cluster_domain against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "--cluster-domain is supported in {{ k3s_release_version }}"
fail_msg: "--cluster-domain is not supported in {{ k3s_release_version }}"
when: k3s_cluster_domain is defined and k3s_cluster_domain
- name: Check k3s_bind_address against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "--bind-address is supported in {{ k3s_release_version }}"
fail_msg: "--bind-address is not supported in {{ k3s_release_version }}"
when: k3s_bind_address is defined and k3s_bind_address
- name: Check k3s_bind_address against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.5.0', '>=')
success_msg: "Auto deploy manifests is supported in {{ k3s_release_version }}"
fail_msg: |
Auto deploy manifests supported is limited in {{ k3s_release_version }}.
To disable this message ensure k3s_use_experimental is set to true.
when: k3s_server_manifests_templates is defined
and k3s_server_manifests_templates | length > 0
and (k3s_use_experimental is not defined or not k3s_use_experimental)
- name: Check k3s_node_labels against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
success_msg: "Node Labels supported in {{ k3s_release_version }}"
fail_msg: "Node Labels are not supported in {{ k3s_release_version }}"
when: k3s_node_labels is defined and k3s_node_labels
- name: Check k3s_node_taints against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.6.0', '>=')
success_msg: "Node Taints supported in {{ k3s_release_version }}"
fail_msg: "Node Taints are not supported in {{ k3s_release_version }}"
when: k3s_node_taints is defined and k3s_node_taints
- name: Check k3s_kubelet_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "Kubelet args supported in {{ k3s_release_version }}"
fail_msg: "Kubelet args are not supported in {{ k3s_release_version }}"
when: k3s_kubelet_args is defined and k3s_kubelet_args | length > 0
- name: Check k3s_kube_proxy_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "Kube proxy args supported in {{ k3s_release_version }}"
fail_msg: "Kube proxy args are not supported in {{ k3s_release_version }}"
when: k3s_kube_proxy_args is defined and k3s_kube_proxy_args | length > 0
- name: Check k3s_kube_apiserver_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "Kube API Server supported in {{ k3s_release_version }}"
fail_msg: "Kube API Server args are not supported in {{ k3s_release_version }}"
when: k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args | length > 0
- name: Check k3s_kube_scheduler_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "Kube Scheduler supported in {{ k3s_release_version }}"
fail_msg: "Kube Scheduler args are not supported in {{ k3s_release_version }}"
when: k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args | length > 0
- name: Check k3s_kube_controller_manager_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.4.0', '>=')
success_msg: "Kube Controller Manager supported in {{ k3s_release_version }}"
fail_msg: "Kube Controller Manager args are not supported in {{ k3s_release_version }}"
when: k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args | length > 0
- name: Check k3s_kube_cloud_controller_manager_args against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "Kube Cloud Controller Manager supported in {{ k3s_release_version }}"
fail_msg: "Kube Cloud Controller Manager args are not supported in {{ k3s_release_version }}"
when: k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args | length > 0
- name: Check k3s_flannel_backend against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
success_msg: "Alternate flannel backends supported in {{ k3s_release_version }}"
fail_msg: "Alternate flannel backends are not supported in {{ k3s_release_version }}"
when: k3s_flannel_backend is defined and k3s_flannel_backend
- name: Check k3s_flannel_backend 'host-gw' configuration against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.17.2', '>=')
success_msg: "host-gw flannel backend supported in {{ k3s_release_version }}"
fail_msg: "host-gw flannel backend is not supported in {{ k3s_release_version }}"
when: k3s_flannel_backend is defined and k3s_flannel_backend == 'host-gw'
- name: Check k3s_disable_network_policy against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
success_msg: "--disable-network-policy supported in {{ k3s_release_version }}"
fail_msg: "--disable-network-policy not supported in {{ k3s_release_version }}"
when: k3s_disable_network_policy is defined and k3s_disable_network_policy
- name: Check k3s_private_registry against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('0.10.0', '>=')
success_msg: "--private-registry supported in {{ k3s_release_version }}"
fail_msg: "--private-registry not supported in {{ k3s_release_version }}"
when: k3s_private_registry is defined and k3s_private_registry
- name: Check k3s_disable_cloud_controller against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--disable-cloud-controller supported in {{ k3s_release_version }}"
fail_msg: "--disable-cloud-controller not supported in {{ k3s_release_version }}"
when: k3s_disable_cloud_controller is defined and k3s_disable_cloud_controller
- name: Check k3s_disable_scheduler against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--disable-scheduler supported in {{ k3s_release_version }}"
fail_msg: "--disable-scheduler not supported in {{ k3s_release_version }}"
when: k3s_disable_scheduler is defined and k3s_disable_scheduler
- name: Check k3s_datastore_endpoint against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
when: k3s_datastore_endpoint is defined and k3s_datastore_endpoint
- name: Check k3s_dqlite_datastore against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
- (k3s_release_version | replace('v', '')) is version_compare('1.19.0', '<')
success_msg: "--cluster-init (dqlite) supported in {{ k3s_release_version }}"
fail_msg: "--cluster-init (dqlite) not supported in {{ k3s_release_version }}"
when: k3s_dqlite_datastore is defined and k3s_dqlite_datastore
- name: Check k3s_etcd_datastore against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.19.1', '>=')
success_msg: "--cluster-init (etcd) supported in {{ k3s_release_version }}"
fail_msg: "--cluster-init (etcd) not supported in {{ k3s_release_version }}"
when: k3s_etcd_datastore is defined and k3s_etcd_datastore
- name: Check k3s_datastore_cafile against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
when: k3s_datastore_cafile is defined and k3s_datastore_cafile
- name: Check k3s_datastore_certfile against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
when: k3s_datastore_certfile is defined and k3s_datastore_certfile
- name: Check k3s_datastore_keyfile against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "--datastore-endpoint supported in {{ k3s_release_version }}"
fail_msg: "--datastore-endpoint not supported in {{ k3s_release_version }}"
when: k3s_datastore_keyfile is defined and k3s_datastore_keyfile
- name: Check k3s_default_local_storage_path against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=')
success_msg: "Local storage path supported in {{ k3s_release_version }}"
fail_msg: "Local storage path are not supported in {{ k3s_release_version }}"
when: k3s_default_local_storage_path is defined and k3s_default_local_storage_path
- name: Check k3s_secrets_encryption against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
success_msg: "Secrets encryption at rest supported in {{ k3s_release_version }}"
fail_msg: "Secrets encryption at rest is not supported in {{ k3s_release_version }}"
when: k3s_secrets_encryption is defined and k3s_secrets_encryption
- name: Check k3s_enable_selinux against k3s version
assert:
that:
- (k3s_release_version | replace('v', '')) is version_compare('1.17.4', '>=')
success_msg: "SELinux supported in {{ k3s_release_version }}"
fail_msg: "SELinux is not supported in {{ k3s_release_version }}"
when: k3s_enable_selinux is defined and k3s_enable_selinux
# Due to the v2 role now only supporting k3s v1.19+ - this file is intentionlly
# blank until new configuration options are added.

View file

@ -0,0 +1,5 @@
---
- name: Ensure k3s_runtime_config is set for validation
set_fact:
k3s_runtime_config: "{{ (k3s_server | default('None')) | combine (k3s_agent | default('None')) }}"

View file

@ -1,10 +1,13 @@
---
- import_tasks: check-variables.yml
- import_tasks: check-experimental-variables.yml
- import_tasks: check-unsupported-rootless.yml
when: k3s_non_root is defined
and k3s_non_root
when: ("rootless" in k3s_runtime_config)
and k3s_runtime_config.rootless
and k3s_use_unsupported_config
- import_tasks: check-master-count.yml
when: k3s_build_cluster is defined and k3s_build_cluster

View file

@ -1,4 +1,5 @@
---
- import_tasks: check-control-plane.yml
- import_tasks: check-cluster-nodes-ready.yml

View file

@ -8,5 +8,7 @@
success_msg: "k3s_state is valid."
when: k3s_state is defined
- import_tasks: generate-check-config.yml
- import_tasks: check-environment.yml
when: not k3s_skip_validation

View file

@ -1,11 +1,3 @@
---
{% if k3s_control_node %}
{% if k3s_server is defined and k3s_server != None %}
{{ k3s_server | to_nice_yaml(indent=2) }}
{% endif %}
{% else %}
{% if k3s_agent is defined and k3s_agent != None %}
{{ k3s_agent | to_nice_yaml(indent=2) }}
{% endif %}
{% endif %}
{{ k3s_runtime_config | to_nice_yaml(indent=2) }}

View file

@ -62,7 +62,7 @@ do_unmount() {
}
do_unmount '/run/k3s'
do_unmount '{{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}'
do_unmount '{{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}'
do_unmount '/var/lib/kubelet/pods'
do_unmount '/run/netns/cni-'

View file

@ -55,7 +55,7 @@ for bin in {{ k3s_install_dir }}/k3s*; do
done
[ -d /etc/rancher/k3s ] && rm -rf /etc/rancher/k3s
[ -d {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_node_data_dir | default('/var/lib/rancher/k3s') }}
[ -d {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }} ] && rm -rf {{ k3s_runtime_config['data-dir'] | default('/var/lib/rancher/k3s') }}
[ -d /var/lib/kubelet ] && rm -rf /var/lib/kubelet
[ -f /usr/local/bin/k3s-killall.sh ] && rm -f /usr/local/bin/k3s-killall.sh

View file

@ -21,7 +21,7 @@ ExecStart={{ k3s_install_dir }}/k3s
{% endif %}
{% else %}
agent
--server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }}
--server https://{{ k3s_control_node_address }}:{{ k3s_runtime_config['https-listen-port'] | default(6443) }}
--token-file {{ k3s_token_location }}/cluster-token
{% if k3s_agent is defined %}
--config {{ k3s_config_file }}

96
vagrant/Vagrantfile vendored
View file

@ -1,96 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
$centos_provision = <<SCRIPT
if [ ! -f .vagrant_provision ] ; then
echo "Installing dependencies ..."
sudo yum clean all > /dev/null 2>&1 && echo "[OK] Cleanup YUM."
sudo yum makecache > /dev/null 2>&1 && echo "[OK] Create YUM cache."
sudo yum install python libselinux-python -y -q > /dev/null 2>&1 && \
echo "[OK] Installing Python."
touch .vagrant_provision
else
echo "Already Provisioned."
fi
SCRIPT
$debian_provision = <<SCRIPT
if [ ! -f .vagrant_provision ] ; then
echo "Installing dependencies ..."
sudo apt update > /dev/null 2>&1 && echo "[OK] Update APT cache."
sudo apt-get install python -y > /dev/null 2>&1 && \
echo "[OK] Installing Python."
touch .vagrant_provision
else
echo "Already Provisioned."
fi
SCRIPT
$opensuse_provision = <<SCRIPT
if [ ! -f .vagrant_provision ] ; then
echo "Installing dependencies ..."
sudo zypper refresh > /dev/null 2>&1 && echo "[OK] Update Zypper cache."
sudo zypper install -y python python-xml > /dev/null 2>&1 && \
echo "[OK] Installing Python."
touch .vagrant_provision
else
echo "Already Provisioned."
fi
SCRIPT
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.define "node1" do |node1|
node1.vm.box = "centos/7"
node1.vm.hostname = "k3s-node01"
node1.vm.network "private_network", ip: "172.16.3.30"
node1.vm.provider "virtualbox" do |vb|
vb.name = "k3s - node1"
vb.memory = 512
end
node1.vm.provision "shell", inline: $centos_provision
end
config.vm.define "node2" do |node2|
node2.vm.box = "debian/buster64"
node2.vm.hostname = "k3s-node02"
node2.vm.network "private_network", ip: "172.16.3.31"
node2.vm.provider "virtualbox" do |vb|
vb.name = "k3s - node2"
vb.memory = 512
end
node2.vm.provision "shell", inline: $debian_provision
end
config.vm.define "node3" do |node3|
node3.vm.box = "bento/opensuse-leap-15.1"
node3.vm.hostname = "k3s-node03"
node3.vm.network "private_network", ip: "172.16.3.32"
node3.vm.synced_folder ".", "/vagrant", disabled: true
node3.vm.provider "virtualbox" do |vb|
vb.name = "k3s - node3"
vb.memory = 512
end
node3.vm.provision "shell", inline: $opensuse_provision
end
config.vm.define "node4" do |node4|
node4.vm.box = "ubuntu/bionic64"
node4.vm.hostname = "k3s-node04"
node4.vm.network "private_network", ip: "172.16.3.33"
node4.vm.provider "virtualbox" do |vb|
vb.name = "k3s - node4"
vb.memory = 512
end
node4.vm.provision "shell", inline: $debian_provision
node4.vm.provision "ansible" do |a|
a.limit = "all"
a.config_file = "ansible.cfg"
a.inventory_path = "inventory.yml"
a.playbook = "test.yml"
a.verbose = "vv"
end
end
end

View file

@ -1,4 +0,0 @@
[defaults]
host_key_checking = false
roles_path = ../../

View file

@ -1,33 +0,0 @@
---
all:
vars:
ansible_become: true
k3s_use_docker: false
k3s_nodes:
hosts:
node1:
ansible_host: 172.16.3.30
ansible_user: vagrant
ansible_port: 22
ansible_ssh_private_key_file: '.vagrant/machines/node1/virtualbox/private_key'
k3s_flannel_interface: eth1
node2:
ansible_host: 172.16.3.31
ansible_user: vagrant
ansible_port: 22
ansible_ssh_private_key_file: '.vagrant/machines/node2/virtualbox/private_key'
k3s_flannel_interface: eth1
node3:
ansible_host: 172.16.3.32
ansible_user: vagrant
ansible_port: 22
ansible_ssh_private_key_file: '.vagrant/machines/node3/virtualbox/private_key'
k3s_flannel_interface: eth1
node4:
ansible_host: 172.16.3.33
ansible_user: vagrant
ansible_port: 22
ansible_ssh_private_key_file: '.vagrant/machines/node4/virtualbox/private_key'
k3s_flannel_interface: enp0s8

View file

@ -1,5 +0,0 @@
---
- hosts: node1
become: true
roles:
- ansible-role-k3s

View file

@ -1,5 +0,0 @@
---
- hosts: k3s_nodes
become: true
roles:
- ansible-role-k3s