moving to file-based config

This commit is contained in:
Xan Manning 2020-10-19 20:26:12 +01:00
parent 36a2f24a9d
commit 9b800d9fba
13 changed files with 83 additions and 212 deletions

View file

@ -32,6 +32,9 @@ k3s_install_dir: /usr/local/bin
# Install using hard links rather than symbolic links
k3s_install_hard_links: false
# Use Docker rather than containerd
k3s_use_docker: false
# A list of templates used for preconfigure the cluster.
k3s_server_manifests_templates: []
@ -49,6 +52,7 @@ k3s_use_unsupported_config: false
# k3s_server:
# listen-port: 6443
k3s_server: null
##
# Agent Configuration
@ -59,6 +63,8 @@ k3s_use_unsupported_config: false
# - "foo=bar"
# - "bish=bosh"
k3s_agent: null
##
# Ansible Controller configuration
##

View file

@ -4,8 +4,11 @@
become: true
vars:
molecule_is_test: true
k3s_release_version: latest
k3s_use_docker: true
k3s_https_port: 26443
k3s_cluster_domain: examplecluster.local
k3s_skip_validation: true
k3s_server:
https-listen-port: 26443
cluster-domain: examplecluster.local
roles:
- role: xanmanning.k3s

View file

@ -31,7 +31,7 @@
src: cluster-token.j2
dest: "{{ k3s_token_location }}/cluster-token"
mode: 0600
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
when: (k3s_control_node and not k3s_primary_control_node)
or not k3s_control_node
notify:
@ -47,6 +47,16 @@
- reload systemd
- restart k3s
- name: Ensure k3s config file exists on control plane
template:
src: config.yaml.j2
dest: "{{ k3s_config_file }}"
mode: 0644
notify:
- reload systemd
- restart k3s
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure secondary masters are started
service:
name: k3s

View file

@ -18,11 +18,32 @@
- restart k3s
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure config directory exists
file:
path: "{{ k3s_config_file | dirname }}"
state: directory
mode: 0755
recurse: true
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure systemd unit file directory exists
file:
path: "{{ k3s_systemd_unit_directory }}"
state: directory
mode: 0755
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s config file exists on control plane
template:
src: config.yaml.j2
dest: "{{ k3s_config_file }}"
mode: 0644
when: (k3s_control_node and k3s_controller_count | length == 1)
or (k3s_primary_control_node and k3s_controller_count | length > 1)
notify:
- reload systemd
- restart k3s
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
- name: Ensure k3s service unit file is present on control plane
template:

View file

@ -1,11 +1,5 @@
---
- name: Check to see if k3s_state is a supported value
assert:
that:
- k3s_state in k3s_valid_states
fail_msg: "k3s_state not valid. Check README.md for details."
success_msg: "k3s_state is valid."
when: k3s_state is defined
- import_tasks: validate/pre-flight.yml
- include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml

View file

@ -1,8 +1,5 @@
---
- import_tasks: validate/check-environment.yml
when: not k3s_skip_validation
- import_tasks: build/preconfigure-k3s.yml
- import_tasks: teardown/drain-and-remove-nodes.yml

View file

@ -1,6 +1,6 @@
---
- import_tasks: validate/check-environment.yml
- import_tasks: validate/pre-flight.yml
- import_tasks: validate/main.yml

View file

@ -10,5 +10,7 @@
and kubectl_get_nodes_result.stdout.find("NotReady") == -1
retries: 30
delay: 20
when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode
when: k3s_control_node
and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable)
and not ansible_check_mode
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"

View file

@ -6,19 +6,9 @@
- k3s_use_experimental is defined and k3s_use_experimental
success_msg: "Experimental variables are defined and enabled."
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
when: (k3s_non_root is defined and k3s_non_root)
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
or (k3s_etcd_datastore is defined and k3s_etcd_datastore)
or (k3s_secrets_encryption is defined and k3s_secrets_encryption)
or (k3s_enable_selinux is defined and k3s_enable_selinux)
- name: Check if experimental dqlite is being used and k3s_use_unsupported_config is configured
assert:
that:
- k3s_use_unsupported_config is defined and k3s_use_unsupported_config
success_msg: "Unsupported use of dqlite backend is enabled."
fail_msg: |
Embedded DQLite is no longer supported and there is no upgrade path to use Etcd!
If you're sure you want to use it set k3s_use_unsupported_config. This will break in v1.19!
when: k3s_use_experimental
and (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
when: (k3s_server.rootless is defined and k3s_server.rootless)
or (k3s_agent.rootless is defined and k3s_agent.rootless)
or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore)
or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption)
or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption)
or (k3s_server.selinux is defined and k3s_server.selinux)

View file

@ -1,4 +1,4 @@
---
- import_tasks: check-control-plane.yml
- import_tasks: check-clustr-nodes-ready.yml
- import_tasks: check-cluster-nodes-ready.yml

View file

@ -0,0 +1,12 @@
---
- name: Check to see if k3s_state is a supported value
assert:
that:
- k3s_state in k3s_valid_states
fail_msg: "k3s_state not valid. Check README.md for details."
success_msg: "k3s_state is valid."
when: k3s_state is defined
- import_tasks: check-environment.yml
when: not k3s_skip_validation

11
templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,11 @@
---
{% if k3s_control_node %}
{% if k3s_server is defined and k3s_server != None %}
{{ k3s_server | to_nice_yaml(indent=2) }}
{% endif %}
{% else %}
{% if k3s_agent is defined and k3s_agent != None %}
{{ k3s_agent | to_nice_yaml(indent=2) }}
{% endif %}
{% endif %}

View file

@ -16,192 +16,17 @@ ExecStart={{ k3s_install_dir }}/k3s
{% endif %}
{% if k3s_control_node %}
server
{% if k3s_bind_address is defined %}
--bind-address {{ k3s_bind_address }}
{% endif %}
{% if k3s_non_root is defined and k3s_non_root %}
--rootless
{% endif %}
{% if k3s_https_port != 6443 %}
--https-listen-port {{ k3s_https_port }}
{% endif %}
{% if k3s_disable_scheduler %}
--disable-scheduler
{% endif %}
{% if k3s_disable_cloud_controller %}
--disable-cloud-controller
{% endif %}
{% if k3s_disable_network_policy %}
--disable-network-policy
{% endif %}
{% if k3s_disable_kube_proxy %}
--disable-kube-proxy
{% endif %}
{% if k3s_no_flannel %}
{% if (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') %}
--flannel-backend none
{% else %}
--no-flannel
{% endif %}
{% endif %}
{% if k3s_cluster_cidr is defined %}
--cluster-cidr {{ k3s_cluster_cidr }}
{% endif %}
{% if k3s_service_cidr is defined %}
--service-cidr {{ k3s_service_cidr }}
{% endif %}
{% if k3s_flannel_backend is defined and not k3s_no_flannel %}
--flannel-backend {{ k3s_flannel_backend }}
{% endif %}
{% if k3s_private_registry is defined and k3s_private_registry %}
--private-registry {{ k3s_private_registry }}
{% endif %}
{{ ' --disable coredns' if k3s_no_coredns else '' }}{{ ' --disable servicelb' if k3s_no_servicelb else '' }}{{ ' --disable traefik' if k3s_no_traefik else '' }}{{ ' --disable local-storage' if k3s_no_local_storage else '' }}{{ ' --disable metrics-server' if k3s_no_metrics_server else '' }}
{% if not k3s_no_local_storage and k3s_default_local_storage_path is defined and k3s_default_local_storage_path %}
--default-local-storage-path {{ k3s_default_local_storage_path }}
{% endif %}
{% if k3s_cluster_dns is defined and k3s_cluster_dns %}
--cluster-dns {{ k3s_cluster_dns }}
{% endif %}
{% if k3s_cluster_domain is defined and k3s_cluster_domain != "cluster.local" %}
--cluster-domain {{ k3s_cluster_domain }}
{% endif %}
{% if k3s_datastore_endpoint is defined and k3s_datastore_endpoint %}
--datastore-endpoint "{{ k3s_datastore_endpoint }}"
{% if k3s_datastore_cafile is defined and k3s_datastore_cafile %}
--datastore-cafile {{ k3s_datastore_cafile }}
{% endif %}
{% if k3s_datastore_certfile is defined and k3s_datastore_certfile %}
--datastore-certfile {{ k3s_datastore_certfile }}
{% endif %}
{% if k3s_datastore_keyfile is defined and k3s_datastore_keyfile %}
--datastore-keyfile {{ k3s_datastore_keyfile }}
{% endif %}
{% endif %}
{% if (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) or (k3s_etcd_datastore is defined and k3s_etcd_datastore) %}
{% if k3s_primary_control_node is defined and k3s_primary_control_node %}
--cluster-init
{% else %}
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
--token-file {{ k3s_token_location }}/cluster-token
{% endif %}
{% if k3s_etcd_disable_snapshots %}
--etcd-disable-snapshots
{% else %}
{% if k3s_etcd_snapshot_schedule_cron is defined %}
--etcd-snapshot-schedule-cron "{{ k3s_etcd_snapshot_schedule_cron }}"
{% endif %}
{% if k3s_etcd_snapshot_retention is defined %}
--etcd-snapshot-retention {{ k3s_etcd_snapshot_retention }}
{% endif %}
{% if k3s_etcd_snapshot_directory is defined %}
--etcd-snapshot-dir {{ k3s_etcd_snapshot_directory }}
{% endif %}
{% endif %}
{% endif %}
{% if k3s_secrets_encryption is defined and k3s_secrets_encryption %}
--secrets-encryption
{% endif %}
{% if k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args is iterable %}
{% for arg in k3s_kube_apiserver_args %}
{% for key, value in arg.items() %}
--kube-apiserver-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args is iterable %}
{% for arg in k3s_kube_scheduler_args %}
{% for key, value in arg.items() %}
--kube-scheduler-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args is iterable %}
{% for arg in k3s_kube_controller_manager_args %}
{% for key, value in arg.items() %}
--kube-controller-manager-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args is iterable %}
{% for arg in k3s_kube_cloud_controller_manager_args %}
{% for key, value in arg.items() %}
--kube-cloud-controller-manager-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% if k3s_server is defined %}
--config {{ k3s_config_file }}
{% endif %}
{% else %}
agent
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
--server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }}
--token-file {{ k3s_token_location }}/cluster-token
{% endif %}
{% if k3s_enable_selinux %}
--selinux
{% endif %}
{% if k3s_resolv_conf is defined and k3s_resolv_conf %}
--resolv-conf {{ k3s_resolv_conf }}
{% endif %}
{% if k3s_tls_san is defined and k3s_tls_san is iterable %}
{% for san in k3s_tls_san %}
--tls-san {{ san }}
{% endfor %}
{% else %}
{% if k3s_tls_san is defined and k3s_tls_san %}
--tls-san {{ k3s_tls_san }}
{% if k3s_agent is defined %}
--config {{ k3s_config_file }}
{% endif %}
{% endif %}
{% if k3s_node_data_dir is defined %}
--data-dir {{ k3s_node_data_dir }}
{% endif %}
{% if k3s_use_docker %}
--docker
{% endif %}
{% if k3s_flannel_interface is defined and not k3s_no_flannel %}
--flannel-iface {{ k3s_flannel_interface }}
{% endif %}
{% if k3s_node_name is defined %}
--node-name {{ k3s_node_name }}
{% endif %}
{% if k3s_node_id is defined %}
--with-node-id {{ k3s_node_id }}
{% endif %}
{% if k3s_node_ip_address is defined %}
--node-ip {{ k3s_node_ip_address }}
{% endif %}
{% if k3s_node_external_address is defined %}
--node-external-ip {{ k3s_node_external_address }}
{% endif %}
{% if k3s_write_kubeconfig_mode is defined %}
--write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }}
{% endif %}
{% if k3s_node_labels is defined and k3s_node_labels is iterable %}
{% for label in k3s_node_labels %}
{% for key, value in label.items() %}
--node-label {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_node_taints is defined and k3s_node_taints is iterable %}
{% for taint in k3s_node_taints %}
{% for key, value in taint.items() %}
--node-taint {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_kubelet_args is defined and k3s_kubelet_args is iterable %}
{% for arg in k3s_kubelet_args %}
{% for key, value in arg.items() %}
--kubelet-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% if k3s_kube_proxy_args is defined and k3s_kube_proxy_args is iterable %}
{% for arg in k3s_kube_proxy_args %}
{% for key, value in arg.items() %}
--kube-proxy-arg {{ key }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
{% endfilter %}
{% endfilter %}