Merge branch 'fix-node-labels' into 'development'

fix(node_labels): ensure correct indentation for label list See merge request nofusscomputing/projects/ansible/kubernetes!9
2023-11-18 05:30:36 +00:00
parent 1b49969a99 c41e12544b
commit 37a7718043
5 changed files with 45 additions and 19 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,6 +7,7 @@ Kubernetes_Master: false                                   # Optional, Boolean.

 ContainerDioVersion: 1.6.20-1
 KubernetesVersion: '1.26.2'                                # must match the repository release version
+kubernetes_version_olm: '0.26.0'

 KubernetesVersion_k8s_prefix: '-00'
 KubernetesVersion_k3s_prefix: '+k3s1'
@ -25,6 +26,9 @@ kubelet_arg_system_reserved_cpu: 450m
 kubelet_arg_system_reserved_memory: 512Mi
 kubelet_arg_system_reserved_storage: 8Gi

+# kubernetes_olm_install: true # optional, boolean. default=true
+
+
 nfc_kubernetes:
  enable_firewall: true             # Optional, bool enable firewall rules from role 'nfc_firewall'

@ -39,7 +43,7 @@ k3s:
        kind: Policy
        rules:
        - level: Request
-      when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}"
+      when: "{{ Kubernetes_Master | default(false) }}"

    - name: 90-kubelet.conf
      path: /etc/sysctl.d
--- a/docs/projects/ansible/roles/kubernetes/index.md
+++ b/docs/projects/ansible/roles/kubernetes/index.md
@ -43,6 +43,8 @@ This role deploys a K3s cluster. In addition it has the following features:

 - _[ToDo-#5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/5)_ Restore backup on fresh install of a cluster

+- Installs OLM for operator subscriptions
+

 ## Role Workflow

--- a/tasks/k3s/install.yaml
+++ b/tasks/k3s/install.yaml
@ -100,7 +100,7 @@
    nfc_kubernetes_install_architectures: "{{ nfc_kubernetes_install_architectures | default({}) | combine({ansible_architecture: ''}) }}"


- name: Download Install Script
+- name: Download Install Scripts
  ansible.builtin.uri:
    url: "{{ item.url }}"
    method: GET
@ -121,6 +121,8 @@
    download_files:
      - dest: /tmp/install.sh
        url: https://get.k3s.io
+      - dest: /tmp/install_olm.sh
+        url: https://raw.githubusercontent.com/operator-framework/operator-lifecycle-manager/v{{ kubernetes_version_olm }}/scripts/install.sh


 - name: Download K3s Binary
@ -176,13 +178,18 @@
    group: root
  when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary

- name: Copy install script to Host
+- name: Copy install scripts to Host
  ansible.builtin.copy:
-    src: "/tmp/install.sh"
-    dest: "/tmp/install.sh"
+    src: "{{ item }}"
+    dest: "{{ item }}"
    mode: '755'
    owner: root
    group: root
+  loop: "{{ install_scripts }}"
+  vars:
+    install_scripts:
+      - "/tmp/install.sh"
+      - "/tmp/install_olm.sh"
  # when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary

 - name: Required Initial config files
@ -275,6 +282,21 @@
  failed_when: kubernetes_ready_check.rc != 0


+- name: Install olm
+  ansible.builtin.shell:
+    cmd: |
+      /tmp/install_olm.sh v{{ kubernetes_version_olm }}
+  changed_when: false
+  failed_when: >
+    'already installed' not in install_olm.stdout
+      and
+    install_olm.rc == 1
+  register: install_olm
+  when: >
+    kubernetes_config.cluster.prime.name == inventory_hostname
+      and
+    kubernetes_olm_install | default(true) | bool
+
 - name: Enable Cluster Encryption
  ansible.builtin.command:
    cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
@ -282,7 +304,7 @@
  when: >
    kubernetes_config.cluster.prime.name == inventory_hostname
      and
-    kubernetes.networking.encrypt | default(false) | bool
+    kubernetes_config.cluster.networking.encrypt | default(false) | bool


 - name: Fetch Join Token
@ -305,12 +327,12 @@
 - name: Install K3s (master nodes)
  ansible.builtin.shell:
    cmd: |
-      set -o pipefail
      INSTALL_K3S_EXEC="server" \
      INSTALL_K3S_SKIP_DOWNLOAD=true \
      INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
      K3S_TOKEN="{{ k3s_join_token }}" \
      /tmp/install.sh
+    executable: /bin/bash
  changed_when: false
  when: >
    Kubernetes_Master | default(false) | bool
--- a/templates/iptables-kubernetes.rules.j2
+++ b/templates/iptables-kubernetes.rules.j2
@ -54,11 +54,12 @@
        -%} {#- Convert dns lookup to list, and select the first item -#}
        {%- set kubernetes_host = kubernetes_host | from_yaml_all | list -%}

-        {%- set kubernetes_host = kubernetes_host[0] -%} 
+        {%- set kubernetes_host = kubernetes_host[0] | default('') -%} 
      {%- endif -%}

    {%- endif -%}

+  {%- if kubernetes_host != '' -%}

    {%- for master_host in groups['kubernetes_master'] -%}

@ -159,6 +160,8 @@

    {%- endif -%}

+  {%- endif -%}
+
 {%- endfor -%}

 {%- if Kubernetes_Master | default(false) | bool -%}
--- a/templates/k3s-config.yaml.j2
+++ b/templates/k3s-config.yaml.j2
@ -6,8 +6,7 @@
 # Dont edit this file directly as it will be overwritten.
 #

-{% if Kubernetes_Prime | default(false) | bool -%}
-cluster-cidr: "{{ KubernetesPodSubnet }}"
+{% if Kubernetes_Master | default(false) -%}cluster-cidr: "{{ KubernetesPodSubnet }}"

 {% if 
          kubernetes_config.cluster.domain_name is defined
@ -17,9 +16,7 @@ cluster-cidr: "{{ KubernetesPodSubnet }}"
        cluster-domain: {{ kubernetes_config.cluster.domain_name }}
    {%- endif %}

-{%- endif %}
-
-{% if Kubernetes_Master | default(false) -%}cluster-init: true
+cluster-init: true
 disable-network-policy: true
 disable:
  - traefik
@ -39,6 +36,7 @@ kube-apiserver-arg:
 {% if kubernetes_config.cluster.oidc.groups_prefix | default('') != '' %}  - oidc-groups-prefix={{ kubernetes_config.cluster.oidc.groups_prefix }}{% endif %}
 {% endif %}
 {% endif %}
+
 kubelet-arg:
  - system-reserved=cpu={{ kubelet_arg_system_reserved_cpu }},memory={{ kubelet_arg_system_reserved_memory }},ephemeral-storage={{ kubelet_arg_system_reserved_storage }}
 {% if host_external_ip | default('') %}node-external-ip: "{{ host_external_ip }}"{% endif %}
@ -48,9 +46,9 @@ kubelet-arg:
    and
  kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
 -%}
-node-label:
-{% for node_label in kubernetes_config.hosts[inventory_hostname].labels | dict2items %}
+node-label: {%- for node_label in kubernetes_config.hosts[inventory_hostname].labels | dict2items +%}
  - {{ node_label.key }}={{ node_label.value }}
+
 {%- endfor %}
 {%- endif %}

@ -58,10 +56,7 @@ node-label:
 server: https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443
 {%- endif %}

-{% if kubernetes_config.cluster.prime.name == inventory_hostname -%}
-servicelb-namespace: {{ kubernetes_config.cluster.networking.service_load_balancer_namespace | default('kube-system') }}
-{% endif %}
-
 {% if Kubernetes_Master | default(false) | bool -%}
+servicelb-namespace: {{ kubernetes_config.cluster.networking.service_load_balancer_namespace | default('kube-system') }}
 service-cidr: "{{ KubernetesServiceSubnet }}"
 {% endif %}