Added experimental options to ansible role:

1. Ability to specify control host address, for connecting to a control plane
     provisioned outside of the role.
  2. Ability to specify the control host token, again for connecting to
     a control plane provisioned outside of the role.
  3. Included upstream changes from @nolte to define KubeConfig file
     permissions.
This commit is contained in:
Xan Manning 2019-12-04 17:17:15 +00:00
parent 2b8f354a88
commit 8f3b2428c8
3 changed files with 26 additions and 2 deletions

View file

@ -41,6 +41,8 @@ consistency.
| `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s | | `k3s_github_url` | Set the GitHub URL to install k3s from. | https://github.com/rancher/k3s |
| `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` | | `k3s_install_dir` | Installation directory for k3s. | `/usr/local/bin` |
| `k3s_control_workers` | Are control hosts also workers? | `true` | | `k3s_control_workers` | Are control hosts also workers? | `true` |
| `k3s_control_node_address` | Use a specific control node address. IP or FQDN. | _NULL_ |
| `k3s_control_token` | Use a specific control token, please read notes below. | _NULL_ |
| `k3s_https_port` | HTTPS port listening port. | 6443 | | `k3s_https_port` | HTTPS port listening port. | 6443 |
| `k3s_use_docker` | Use Docker rather than Containerd? | `false` | | `k3s_use_docker` | Use Docker rather than Containerd? | `false` |
| `k3s_no_flannel` | Do not use Flannel | `false` | | `k3s_no_flannel` | Do not use Flannel | `false` |
@ -53,6 +55,7 @@ consistency.
| `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` | | `k3s_disable_scheduler` | Disable Kubernetes default scheduler | `false` |
| `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` | | `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager. | `false` |
| `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` | | `k3s_disable_network_policy` | Disable k3s default network policy controller. | `false` |
| `k3s_write_kubeconfig_mode` | Define the file mode from the generated KubeConfig, eg. `644` | _NULL_ |
#### Important note about `k3s_release_version` #### Important note about `k3s_release_version`
@ -64,6 +67,16 @@ ensure this is set in your Ansible configuration, eg:
k3s_release_version: v0.2.0 k3s_release_version: v0.2.0
``` ```
#### Important notes about `k3s_control_node_address` and `k3s_control_token`
If you set this, you are explicitly specifying the control host that agents
should connect to, the value should be an IP address or FQDN.
If the control host is not configured by this role, then you need to also
specify the `k3s_control_token`.
Please note that this may potentially break setting up agents.
### Host Variables ### Host Variables
Below are variables that are set against specific hosts in your inventory. Below are variables that are set against specific hosts in your inventory.

View file

@ -20,16 +20,24 @@
- name: Ensure control node is delegated to for obtaining a token - name: Ensure control node is delegated to for obtaining a token
set_fact: set_fact:
k3s_control_delegate: "{{ k3s_control_delegate_raw.stdout.split(' @@@ ')[0] }}" k3s_control_delegate: "{{ k3s_control_delegate_raw.stdout.split(' @@@ ')[0] }}"
when: k3s_control_node_address is not defined
- name: Ensure the control node address is registered in Ansible - name: Ensure the control node address is registered in Ansible
set_fact: set_fact:
k3s_control_node_address: "{{ hostvars[k3s_control_delegate].ansible_host | default(hostvars[k3s_control_delegate].ansible_fqdn) }}" k3s_control_node_address: "{{ hostvars[k3s_control_delegate].ansible_host | default(hostvars[k3s_control_delegate].ansible_fqdn) }}"
when: k3s_control_node_address is not defined
- name: Ensure NODE_TOKEN is captured from control node - name: Ensure NODE_TOKEN is captured from control node
slurp: slurp:
path: "/var/lib/rancher/k3s/server/node-token" path: "/var/lib/rancher/k3s/server/node-token"
register: k3s_control_token register: k3s_slurped_control_token
delegate_to: "{{ k3s_control_delegate }}" delegate_to: "{{ k3s_control_delegate }}"
when: k3s_control_token is not defined
- name: Ensure NODE_TOKEN is formatted correctly for use in templates
set_fact:
k3s_control_token: "{{ k3s_slurped_control_token.content | b64decode }}"
when: k3s_control_token is not defined
- name: Ensure k3s service unit file is present - name: Ensure k3s service unit file is present
template: template:

View file

@ -44,7 +44,7 @@ ExecStart={{ k3s_install_dir }}/k3s
{% else %} {% else %}
agent agent
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
--token {{ k3s_control_token.content | b64decode }} --token {{ k3s_control_token }}
{% endif %} {% endif %}
{% if k3s_use_docker %} {% if k3s_use_docker %}
--docker --docker
@ -64,6 +64,9 @@ ExecStart={{ k3s_install_dir }}/k3s
{% if k3s_node_external_address is defined %} {% if k3s_node_external_address is defined %}
--node-external-ip {{ k3s_node_external_address }} --node-external-ip {{ k3s_node_external_address }}
{% endif %} {% endif %}
{% if k3s_write_kubeconfig_mode is defined %}
--write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }}
{% endif %}
{% if k3s_node_labels is defined and k3s_node_labels is iterable %} {% if k3s_node_labels is defined and k3s_node_labels is iterable %}
{% for label in k3s_node_labels %} {% for label in k3s_node_labels %}
{% for key, value in label.items() %} {% for key, value in label.items() %}