mirror of
https://github.com/PyratLabs/ansible-role-k3s
synced 2025-01-07 18:20:19 +01:00
moving to file-based config
This commit is contained in:
parent
36a2f24a9d
commit
9b800d9fba
13 changed files with 83 additions and 212 deletions
|
@ -32,6 +32,9 @@ k3s_install_dir: /usr/local/bin
|
|||
# Install using hard links rather than symbolic links
|
||||
k3s_install_hard_links: false
|
||||
|
||||
# Use Docker rather than containerd
|
||||
k3s_use_docker: false
|
||||
|
||||
# A list of templates used for preconfigure the cluster.
|
||||
k3s_server_manifests_templates: []
|
||||
|
||||
|
@ -49,6 +52,7 @@ k3s_use_unsupported_config: false
|
|||
# k3s_server:
|
||||
# listen-port: 6443
|
||||
|
||||
k3s_server: null
|
||||
|
||||
##
|
||||
# Agent Configuration
|
||||
|
@ -59,6 +63,8 @@ k3s_use_unsupported_config: false
|
|||
# - "foo=bar"
|
||||
# - "bish=bosh"
|
||||
|
||||
k3s_agent: null
|
||||
|
||||
##
|
||||
# Ansible Controller configuration
|
||||
##
|
||||
|
|
|
@ -4,8 +4,11 @@
|
|||
become: true
|
||||
vars:
|
||||
molecule_is_test: true
|
||||
k3s_release_version: latest
|
||||
k3s_use_docker: true
|
||||
k3s_https_port: 26443
|
||||
k3s_cluster_domain: examplecluster.local
|
||||
k3s_skip_validation: true
|
||||
k3s_server:
|
||||
https-listen-port: 26443
|
||||
cluster-domain: examplecluster.local
|
||||
roles:
|
||||
- role: xanmanning.k3s
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
src: cluster-token.j2
|
||||
dest: "{{ k3s_token_location }}/cluster-token"
|
||||
mode: 0600
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
when: (k3s_control_node and not k3s_primary_control_node)
|
||||
or not k3s_control_node
|
||||
notify:
|
||||
|
@ -47,6 +47,16 @@
|
|||
- reload systemd
|
||||
- restart k3s
|
||||
|
||||
- name: Ensure k3s config file exists on control plane
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure secondary masters are started
|
||||
service:
|
||||
name: k3s
|
||||
|
|
|
@ -18,11 +18,32 @@
|
|||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure config directory exists
|
||||
file:
|
||||
path: "{{ k3s_config_file | dirname }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
recurse: true
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure systemd unit file directory exists
|
||||
file:
|
||||
path: "{{ k3s_systemd_unit_directory }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s config file exists on control plane
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: "{{ k3s_config_file }}"
|
||||
mode: 0644
|
||||
when: (k3s_control_node and k3s_controller_count | length == 1)
|
||||
or (k3s_primary_control_node and k3s_controller_count | length > 1)
|
||||
notify:
|
||||
- reload systemd
|
||||
- restart k3s
|
||||
become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
||||
- name: Ensure k3s service unit file is present on control plane
|
||||
template:
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s_state is a supported value
|
||||
assert:
|
||||
that:
|
||||
- k3s_state in k3s_valid_states
|
||||
fail_msg: "k3s_state not valid. Check README.md for details."
|
||||
success_msg: "k3s_state is valid."
|
||||
when: k3s_state is defined
|
||||
- import_tasks: validate/pre-flight.yml
|
||||
|
||||
- include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
---
|
||||
|
||||
- import_tasks: validate/check-environment.yml
|
||||
when: not k3s_skip_validation
|
||||
|
||||
- import_tasks: build/preconfigure-k3s.yml
|
||||
|
||||
- import_tasks: teardown/drain-and-remove-nodes.yml
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
- import_tasks: validate/check-environment.yml
|
||||
- import_tasks: validate/pre-flight.yml
|
||||
|
||||
- import_tasks: validate/main.yml
|
||||
|
||||
|
|
|
@ -10,5 +10,7 @@
|
|||
and kubectl_get_nodes_result.stdout.find("NotReady") == -1
|
||||
retries: 30
|
||||
delay: 20
|
||||
when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode
|
||||
when: k3s_control_node
|
||||
and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable)
|
||||
and not ansible_check_mode
|
||||
become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}"
|
||||
|
|
|
@ -6,19 +6,9 @@
|
|||
- k3s_use_experimental is defined and k3s_use_experimental
|
||||
success_msg: "Experimental variables are defined and enabled."
|
||||
fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental"
|
||||
when: (k3s_non_root is defined and k3s_non_root)
|
||||
or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
or (k3s_etcd_datastore is defined and k3s_etcd_datastore)
|
||||
or (k3s_secrets_encryption is defined and k3s_secrets_encryption)
|
||||
or (k3s_enable_selinux is defined and k3s_enable_selinux)
|
||||
|
||||
- name: Check if experimental dqlite is being used and k3s_use_unsupported_config is configured
|
||||
assert:
|
||||
that:
|
||||
- k3s_use_unsupported_config is defined and k3s_use_unsupported_config
|
||||
success_msg: "Unsupported use of dqlite backend is enabled."
|
||||
fail_msg: |
|
||||
Embedded DQLite is no longer supported and there is no upgrade path to use Etcd!
|
||||
If you're sure you want to use it set k3s_use_unsupported_config. This will break in v1.19!
|
||||
when: k3s_use_experimental
|
||||
and (k3s_dqlite_datastore is defined and k3s_dqlite_datastore)
|
||||
when: (k3s_server.rootless is defined and k3s_server.rootless)
|
||||
or (k3s_agent.rootless is defined and k3s_agent.rootless)
|
||||
or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore)
|
||||
or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption)
|
||||
or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption)
|
||||
or (k3s_server.selinux is defined and k3s_server.selinux)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
|
||||
- import_tasks: check-control-plane.yml
|
||||
- import_tasks: check-clustr-nodes-ready.yml
|
||||
- import_tasks: check-cluster-nodes-ready.yml
|
||||
|
|
12
tasks/validate/pre-flight.yml
Normal file
12
tasks/validate/pre-flight.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Check to see if k3s_state is a supported value
|
||||
assert:
|
||||
that:
|
||||
- k3s_state in k3s_valid_states
|
||||
fail_msg: "k3s_state not valid. Check README.md for details."
|
||||
success_msg: "k3s_state is valid."
|
||||
when: k3s_state is defined
|
||||
|
||||
- import_tasks: check-environment.yml
|
||||
when: not k3s_skip_validation
|
11
templates/config.yaml.j2
Normal file
11
templates/config.yaml.j2
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
{% if k3s_control_node %}
|
||||
{% if k3s_server is defined and k3s_server != None %}
|
||||
{{ k3s_server | to_nice_yaml(indent=2) }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if k3s_agent is defined and k3s_agent != None %}
|
||||
{{ k3s_agent | to_nice_yaml(indent=2) }}
|
||||
{% endif %}
|
||||
{% endif %}
|
|
@ -16,192 +16,17 @@ ExecStart={{ k3s_install_dir }}/k3s
|
|||
{% endif %}
|
||||
{% if k3s_control_node %}
|
||||
server
|
||||
{% if k3s_bind_address is defined %}
|
||||
--bind-address {{ k3s_bind_address }}
|
||||
{% endif %}
|
||||
{% if k3s_non_root is defined and k3s_non_root %}
|
||||
--rootless
|
||||
{% endif %}
|
||||
{% if k3s_https_port != 6443 %}
|
||||
--https-listen-port {{ k3s_https_port }}
|
||||
{% endif %}
|
||||
{% if k3s_disable_scheduler %}
|
||||
--disable-scheduler
|
||||
{% endif %}
|
||||
{% if k3s_disable_cloud_controller %}
|
||||
--disable-cloud-controller
|
||||
{% endif %}
|
||||
{% if k3s_disable_network_policy %}
|
||||
--disable-network-policy
|
||||
{% endif %}
|
||||
{% if k3s_disable_kube_proxy %}
|
||||
--disable-kube-proxy
|
||||
{% endif %}
|
||||
{% if k3s_no_flannel %}
|
||||
{% if (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') %}
|
||||
--flannel-backend none
|
||||
{% else %}
|
||||
--no-flannel
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_cidr is defined %}
|
||||
--cluster-cidr {{ k3s_cluster_cidr }}
|
||||
{% endif %}
|
||||
{% if k3s_service_cidr is defined %}
|
||||
--service-cidr {{ k3s_service_cidr }}
|
||||
{% endif %}
|
||||
{% if k3s_flannel_backend is defined and not k3s_no_flannel %}
|
||||
--flannel-backend {{ k3s_flannel_backend }}
|
||||
{% endif %}
|
||||
{% if k3s_private_registry is defined and k3s_private_registry %}
|
||||
--private-registry {{ k3s_private_registry }}
|
||||
{% endif %}
|
||||
{{ ' --disable coredns' if k3s_no_coredns else '' }}{{ ' --disable servicelb' if k3s_no_servicelb else '' }}{{ ' --disable traefik' if k3s_no_traefik else '' }}{{ ' --disable local-storage' if k3s_no_local_storage else '' }}{{ ' --disable metrics-server' if k3s_no_metrics_server else '' }}
|
||||
{% if not k3s_no_local_storage and k3s_default_local_storage_path is defined and k3s_default_local_storage_path %}
|
||||
--default-local-storage-path {{ k3s_default_local_storage_path }}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_dns is defined and k3s_cluster_dns %}
|
||||
--cluster-dns {{ k3s_cluster_dns }}
|
||||
{% endif %}
|
||||
{% if k3s_cluster_domain is defined and k3s_cluster_domain != "cluster.local" %}
|
||||
--cluster-domain {{ k3s_cluster_domain }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_endpoint is defined and k3s_datastore_endpoint %}
|
||||
--datastore-endpoint "{{ k3s_datastore_endpoint }}"
|
||||
{% if k3s_datastore_cafile is defined and k3s_datastore_cafile %}
|
||||
--datastore-cafile {{ k3s_datastore_cafile }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_certfile is defined and k3s_datastore_certfile %}
|
||||
--datastore-certfile {{ k3s_datastore_certfile }}
|
||||
{% endif %}
|
||||
{% if k3s_datastore_keyfile is defined and k3s_datastore_keyfile %}
|
||||
--datastore-keyfile {{ k3s_datastore_keyfile }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) or (k3s_etcd_datastore is defined and k3s_etcd_datastore) %}
|
||||
{% if k3s_primary_control_node is defined and k3s_primary_control_node %}
|
||||
--cluster-init
|
||||
{% else %}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
|
||||
--token-file {{ k3s_token_location }}/cluster-token
|
||||
{% endif %}
|
||||
{% if k3s_etcd_disable_snapshots %}
|
||||
--etcd-disable-snapshots
|
||||
{% else %}
|
||||
{% if k3s_etcd_snapshot_schedule_cron is defined %}
|
||||
--etcd-snapshot-schedule-cron "{{ k3s_etcd_snapshot_schedule_cron }}"
|
||||
{% endif %}
|
||||
{% if k3s_etcd_snapshot_retention is defined %}
|
||||
--etcd-snapshot-retention {{ k3s_etcd_snapshot_retention }}
|
||||
{% endif %}
|
||||
{% if k3s_etcd_snapshot_directory is defined %}
|
||||
--etcd-snapshot-dir {{ k3s_etcd_snapshot_directory }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_secrets_encryption is defined and k3s_secrets_encryption %}
|
||||
--secrets-encryption
|
||||
{% endif %}
|
||||
{% if k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args is iterable %}
|
||||
{% for arg in k3s_kube_apiserver_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-apiserver-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args is iterable %}
|
||||
{% for arg in k3s_kube_scheduler_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-scheduler-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args is iterable %}
|
||||
{% for arg in k3s_kube_controller_manager_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-controller-manager-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args is iterable %}
|
||||
{% for arg in k3s_kube_cloud_controller_manager_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-cloud-controller-manager-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% if k3s_server is defined %}
|
||||
--config {{ k3s_config_file }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
agent
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
|
||||
--server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }}
|
||||
--token-file {{ k3s_token_location }}/cluster-token
|
||||
{% endif %}
|
||||
{% if k3s_enable_selinux %}
|
||||
--selinux
|
||||
{% endif %}
|
||||
{% if k3s_resolv_conf is defined and k3s_resolv_conf %}
|
||||
--resolv-conf {{ k3s_resolv_conf }}
|
||||
{% endif %}
|
||||
{% if k3s_tls_san is defined and k3s_tls_san is iterable %}
|
||||
{% for san in k3s_tls_san %}
|
||||
--tls-san {{ san }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% if k3s_tls_san is defined and k3s_tls_san %}
|
||||
--tls-san {{ k3s_tls_san }}
|
||||
{% if k3s_agent is defined %}
|
||||
--config {{ k3s_config_file }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if k3s_node_data_dir is defined %}
|
||||
--data-dir {{ k3s_node_data_dir }}
|
||||
{% endif %}
|
||||
{% if k3s_use_docker %}
|
||||
--docker
|
||||
{% endif %}
|
||||
{% if k3s_flannel_interface is defined and not k3s_no_flannel %}
|
||||
--flannel-iface {{ k3s_flannel_interface }}
|
||||
{% endif %}
|
||||
{% if k3s_node_name is defined %}
|
||||
--node-name {{ k3s_node_name }}
|
||||
{% endif %}
|
||||
{% if k3s_node_id is defined %}
|
||||
--with-node-id {{ k3s_node_id }}
|
||||
{% endif %}
|
||||
{% if k3s_node_ip_address is defined %}
|
||||
--node-ip {{ k3s_node_ip_address }}
|
||||
{% endif %}
|
||||
{% if k3s_node_external_address is defined %}
|
||||
--node-external-ip {{ k3s_node_external_address }}
|
||||
{% endif %}
|
||||
{% if k3s_write_kubeconfig_mode is defined %}
|
||||
--write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }}
|
||||
{% endif %}
|
||||
{% if k3s_node_labels is defined and k3s_node_labels is iterable %}
|
||||
{% for label in k3s_node_labels %}
|
||||
{% for key, value in label.items() %}
|
||||
--node-label {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_node_taints is defined and k3s_node_taints is iterable %}
|
||||
{% for taint in k3s_node_taints %}
|
||||
{% for key, value in taint.items() %}
|
||||
--node-taint {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kubelet_args is defined and k3s_kubelet_args is iterable %}
|
||||
{% for arg in k3s_kubelet_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kubelet-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if k3s_kube_proxy_args is defined and k3s_kube_proxy_args is iterable %}
|
||||
{% for arg in k3s_kube_proxy_args %}
|
||||
{% for key, value in arg.items() %}
|
||||
--kube-proxy-arg {{ key }}={{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endfilter %}
|
||||
{% endfilter %}
|
||||
|
||||
|
|
Loading…
Reference in a new issue