From 8f3b2428c8a68089939bf59e87fad57de371b69b Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Wed, 4 Dec 2019 17:17:15 +0000 Subject: [PATCH] Added experimental options to ansible role: 1. Ability to specify control host address, for connecting to a control plane provisioned outside of the role. 2. Ability to specify the control host token, again for connecting to a control plane provisioned outside of the role. 3. Included upstream changes from @nolte to define KubeConfig file permissions. --- README.md | 13 +++++++++++++ tasks/configure-k3s-cluster.yml | 10 +++++++++- templates/k3s.service.j2 | 5 ++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0169643..fc5757c 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,8 @@ consistency. | `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | | `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | | `k3s_control_workers` | Are control hosts also workers? | `true` | +| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ | +| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ | | `k3s_https_port` | HTTPS port listening port. | 6443 | | `k3s_use_docker` | Use Docker rather than Containerd? | `false` | | `k3s_no_flannel` | Do not use Flannel | `false` | @@ -53,6 +55,7 @@ consistency. | `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | | `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | | `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | +| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ | #### Important note about `k3s_release_version` @@ -64,6 +67,16 @@ ensure this is set in your Ansible configuration, eg: k3s_release_version: v0.2.0 ``` +#### Important notes about `k3s_control_node_address` and `k3s_control_token` + +If you set this, you are explicitly specifying the control host that agents +should connect to, the value should be an IP address or FQDN. + +If the control host is not configured by this role, then you need to also +specify the `k3s_control_token`. + +Please note that this may potentially break setting up agents. + ### Host Variables Below are variables that are set against specific hosts in your inventory. diff --git a/tasks/configure-k3s-cluster.yml b/tasks/configure-k3s-cluster.yml index ff42ae1..b886a50 100644 --- a/tasks/configure-k3s-cluster.yml +++ b/tasks/configure-k3s-cluster.yml @@ -20,16 +20,24 @@ - name: Ensure control node is delegated to for obtaining a token set_fact: k3s_control_delegate: "{{ k3s_control_delegate_raw.stdout.split(' @@@ ')[0] }}" + when: k3s_control_node_address is not defined - name: Ensure the control node address is registered in Ansible set_fact: k3s_control_node_address: "{{ hostvars[k3s_control_delegate].ansible_host | default(hostvars[k3s_control_delegate].ansible_fqdn) }}" + when: k3s_control_node_address is not defined - name: Ensure NODE_TOKEN is captured from control node slurp: path: "/var/lib/rancher/k3s/server/node-token" - register: k3s_control_token + register: k3s_slurped_control_token delegate_to: "{{ k3s_control_delegate }}" + when: k3s_control_token is not defined + +- name: Ensure NODE_TOKEN is formatted correctly for use in templates + set_fact: + k3s_control_token: "{{ k3s_slurped_control_token.content | b64decode }}" + when: k3s_control_token is not defined - name: Ensure k3s service unit file is present template: diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index 58af00d..870eaa1 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -44,7 +44,7 @@ ExecStart={{ k3s_install_dir }}/k3s {% else %} agent --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} - --token {{ k3s_control_token.content | b64decode }} + --token {{ k3s_control_token }} {% endif %} {% if k3s_use_docker %} --docker @@ -64,6 +64,9 @@ ExecStart={{ k3s_install_dir }}/k3s {% if k3s_node_external_address is defined %} --node-external-ip {{ k3s_node_external_address }} {% endif %} +{% if k3s_write_kubeconfig_mode is defined %} + --write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }} +{% endif %} {% if k3s_node_labels is defined and k3s_node_labels is iterable %} {% for label in k3s_node_labels %} {% for key, value in label.items() %}