Compare commits
85 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 053d1f17ec | |||
| 17ff472577 | |||
| ec94414383 | |||
| 1faae0327e | |||
| 17e3318c3c | |||
| 89b5593abf | |||
| 10eae79a74 | |||
| 0be7080089 | |||
| d3666c6825 | |||
| 4af31ff3ac | |||
| 74187c7023 | |||
| 47ac3095b6 | |||
| dd4638bc93 | |||
| 3ed6fd0f4c | |||
| beb1bd2006 | |||
| 4a83550530 | |||
| 7c54b19b64 | |||
| 173c840121 | |||
| f0f5d686fa | |||
| 536c6e7b26 | |||
| a23bc5e9ee | |||
| 5444f583e5 | |||
| b4ad0a4e61 | |||
| c9961973e1 | |||
| 622338e497 | |||
| dec65ed57c | |||
| 71d1dd884e | |||
| 7a077dabe0 | |||
| 16add8a5b8 | |||
| 1bbbdd23c3 | |||
| 9552ed7703 | |||
| 05fc3455da | |||
| 8f81d10168 | |||
| 9cdab3446d | |||
| d522559277 | |||
| 3e4a17437c | |||
| 447bb621cd | |||
| 32c3f7ab71 | |||
| 7e86574684 | |||
| 4d8f2c57d5 | |||
| b063db8dc1 | |||
| 27eaff7547 | |||
| d7e9f64161 | |||
| 826468fc42 | |||
| 164b59c100 | |||
| 29a9e696a9 | |||
| 6a10eb22cc | |||
| 43c6c940a1 | |||
| 9d5a078320 | |||
| 2ec8fe814c | |||
| 2b041c1cca | |||
| af26559485 | |||
| cb5a5697c1 | |||
| c7a5c7c7e3 | |||
| aca7e557a6 | |||
| f1d20aac80 | |||
| 3b760db6e7 | |||
| 83ddfd4fbf | |||
| 967829d9e4 | |||
| 56ac6eb3b4 | |||
| 283568f72a | |||
| c7a3e617f0 | |||
| 21d0dbefa9 | |||
| 9dad960208 | |||
| 96ff6ba860 | |||
| edd4d2b434 | |||
| 9dcea39df6 | |||
| c765efe99d | |||
| 916a3b475b | |||
| dc53c7694a | |||
| d4efa4c9b3 | |||
| b4481d3f27 | |||
| 315ea4058e | |||
| 7019150433 | |||
| 3bd2b88ecb | |||
| eabbe49ed9 | |||
| 5585c1eb0b | |||
| 37bf447779 | |||
| 41a59a80d9 | |||
| 79a64c670d | |||
| 672b0c03c0 | |||
| 60054a23ab | |||
| 88c54d5b59 | |||
| 7adeb7daee | |||
| 434a40be1e |
11
.cz.yaml
11
.cz.yaml
@ -1,7 +1,8 @@
|
||||
---
|
||||
commitizen:
|
||||
bump_message: "build(version): bump version $current_version \u2192 $new_version"
|
||||
changelog_incremental: false
|
||||
name: cz_conventional_commits
|
||||
tag_format: $major.$minor.$patch$prerelease
|
||||
update_changelog_on_bump: true
|
||||
version: 0.2.0
|
||||
prerelease_offset: 1
|
||||
tag_format: $version
|
||||
update_changelog_on_bump: false
|
||||
version: 1.3.0
|
||||
version_scheme: semver
|
||||
|
||||
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
artifacts/
|
||||
build/
|
||||
*.tar.gz
|
||||
@ -1,24 +1,57 @@
|
||||
---
|
||||
|
||||
variables:
|
||||
ANSIBLE_GALAXY_PACKAGE_NAME: kubernetes
|
||||
MY_PROJECT_ID: "51640029"
|
||||
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/ansible_collection_kubernetes.git"
|
||||
PAGES_ENVIRONMENT_PATH: projects/ansible/collection/kubernetes/
|
||||
RELEASE_ADDITIONAL_ACTIONS_BUMP: ./.gitlab/additional_actions_bump.sh
|
||||
|
||||
|
||||
include:
|
||||
- project: nofusscomputing/projects/gitlab-ci
|
||||
ref: development
|
||||
file:
|
||||
- .gitlab-ci_common.yaml
|
||||
- template/automagic.gitlab-ci.yaml
|
||||
|
||||
variables:
|
||||
MY_PROJECT_ID: "51640029"
|
||||
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/ansible_role_nfc_kubernetes.git"
|
||||
PAGES_ENVIRONMENT_PATH: projects/ansible/roles/kubernetes/
|
||||
- conventional_commits/.gitlab-ci.yml
|
||||
- template/ansible-collection.gitlab-ci.yaml
|
||||
- template/mkdocs-documentation.gitlab-ci.yaml
|
||||
# ToDo: update gitlabCI jobs for collections workflow
|
||||
- git_push_mirror/.gitlab-ci.yml
|
||||
- automation/.gitlab-ci-ansible.yaml
|
||||
|
||||
|
||||
Ansible-roles.Submodule.Deploy:
|
||||
extends: .submodule_update_trigger
|
||||
variables:
|
||||
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible-roles
|
||||
GIT_COMMIT_TYPE: feat
|
||||
GIT_COMMIT_TYPE_CATEGORY: $CI_PROJECT_NAME
|
||||
GIT_CONFIG_SUBMODULE_NAME: nfc_kubernetes
|
||||
Update Git Submodules:
|
||||
extends: .ansible_playbook_git_submodule
|
||||
|
||||
|
||||
Github (Push --mirror):
|
||||
extends:
|
||||
- .git_push_mirror
|
||||
needs: []
|
||||
|
||||
|
||||
Gitlab Release:
|
||||
extends: .ansible_collection_release
|
||||
needs:
|
||||
- Stage Collection
|
||||
release:
|
||||
tag_name: $CI_COMMIT_TAG
|
||||
description: ./artifacts/release_notes.md
|
||||
name: $CI_COMMIT_TAG
|
||||
assets:
|
||||
links:
|
||||
- name: 'Ansible Galaxy'
|
||||
url: https://galaxy.ansible.com/ui/repo/published/${ANSIBLE_GALAXY_NAMESPACE}/${ANSIBLE_GALAXY_PACKAGE_NAME}/?version=${CI_COMMIT_TAG}
|
||||
|
||||
- name: ${ANSIBLE_GALAXY_NAMESPACE}-${ANSIBLE_GALAXY_PACKAGE_NAME}-${CI_COMMIT_TAG}.tar.gz
|
||||
url: https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/${ANSIBLE_GALAXY_NAMESPACE}-${ANSIBLE_GALAXY_PACKAGE_NAME}-${CI_COMMIT_TAG}.tar.gz
|
||||
link_type: package
|
||||
|
||||
- name: Documentation
|
||||
url: https://nofusscomputing.com/${PAGES_ENVIRONMENT_PATH}
|
||||
milestones:
|
||||
- $CI_MERGE_REQUEST_MILESTONE
|
||||
|
||||
|
||||
Website.Submodule.Deploy:
|
||||
|
||||
3
.gitlab/additional_actions_bump.sh
Normal file
3
.gitlab/additional_actions_bump.sh
Normal file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo "Nothing to do here!!";
|
||||
14
.vscode/settings.json
vendored
Normal file
14
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": [
|
||||
"roles/nfc_firewall/tasks/*.yaml",
|
||||
"roles/nfc_firewall/tasks/*/*.yaml",
|
||||
"roles/nfc_firewall/tasks/*/*/*.yaml"
|
||||
],
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/vars.json": [
|
||||
"roles/nfc_kubernetes/variables/**.yaml"
|
||||
]
|
||||
},
|
||||
"gitlab.aiAssistedCodeSuggestions.enabled": false,
|
||||
"gitlab.duoChat.enabled": false,
|
||||
}
|
||||
176
CHANGELOG.md
176
CHANGELOG.md
@ -1,162 +1,76 @@
|
||||
## 0.2.0 (2024-02-03)
|
||||
## 1.3.0 (2024-03-18)
|
||||
|
||||
### Bug Fixes
|
||||
### Feat
|
||||
|
||||
- **config**: [623d1781](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/623d1781960afa81ac62dc4479f52297eb75b721) - set external ip if set or node ip if not set [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **install**: [506385f3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/506385f3d84c9b419f9ae3ad6ec5e3424c922a3f) - don't attempt to reinstall the cluster if already installed [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **prime_install**: [ccf5c03a](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ccf5c03a4c55d626ed3bf009d9111aac823ef51c) - requires cluster init for prime install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **install**: [bed1bf30](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/bed1bf30957f050b2748c2282b123400533c29ee) - only configure network manager if installed [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [9cdc89b1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9cdc89b1ec3961f93d0c656f0b6ef2beae0336a7) - always install and configure regardless of tags [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **common**: [5edfdf4f](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5edfdf4faf71ebccd0d5890e70ef0d9a566ae6f6) - don't run soe task on software install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **new_cluster**: [5ffbd78e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5ffbd78e2b34288d8d93efda1e30ad662653fbfd) - correct config for new cluster install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **node_restart**: [c6ff60bb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c6ff60bb14f8a0820b97d8e5e988fe8da65e7f35) - use correct variables [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **restart_k3s**: [aa2d858e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/aa2d858ede6a426ce0e4885260275b5be1207abe) - use correct group var [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **token_fetch**: [88d57588](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/88d57588fcecbd10d1e058a26711d32e0371b38c) - only fetch token after prime installed [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **handler**: [26120c3e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26120c3e9846c11c45f5c8d2257cf29e63be86a6) - kubernetes restart when clause corrected [ [!15](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/15) [#16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/16) [#21](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/21) [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **audit_log**: [ea38ddf2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ea38ddf22b6e2c6ceda4c1cccb31f3fad126b058) - max age not backup [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **config**: [56bb4557](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/56bb4557b523b24c27ce9c8f2e998f06f768e2c2) - ensure server var is list not csv string [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **handler**: [0fb5e276](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0fb5e27612cc18dcf8027c8e65cac11a9ca607bc) - restart kubernetes implementation was flawed [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) ]
|
||||
- **config**: [301ed9ad](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/301ed9ad3fc269f5b0fd625c30da53e714a70e80) - ensure join token is included in config [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **multi-master**: [4ce5f372](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4ce5f3722365d9584ac7da29a9903d7d8d71f414) - ensure that all master nodes are added during config [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **play**: [86af4606](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/86af4606d76fc007dfdfaa9d84037d8b225ab35d) - k3s download task doen't require content returned [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) ]
|
||||
- **k3s_multi_master**: [c41e1254](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c41e12544b4eff2ce9e62e2209c5b402f7b5a71f) - adjusted config so multi-master install works [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **olm**: [915cdf5e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/915cdf5e1e279a357f4664cc1d0c6dd5d1374c71) - dont fail if already installed [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **cluster_encryption**: [f0cf4cd0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f0cf4cd00ce5184ab5c242059ccd5c8a072c50a5) - use correct variable path to check if required [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **firewall**: [ed1a1acf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ed1a1acf7ece02c2adb2d226f249e84ee0c2016e) - if host value enpty, don't create rule [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **kubelet_args**: [59a5e0aa](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59a5e0aacf8dd1c61ae4d4e6b8aa4a5b3cde3e6a) - ensure correct indentation for kubelet args [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **node_labels**: [20dae6ba](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/20dae6ba4d569eb55479dbe291fb578f48af4029) - ensure correct indentation for label list [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [fac3ace5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/fac3ace5f5907946b5f9b82ad94b07e97fece7c9) - ensure config option servicelb-namespace only deployed to prime node [ [!8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/8) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- dont attempt to install if already installed
|
||||
|
||||
### Code Refactor
|
||||
### Fix
|
||||
|
||||
- **config**: [b350b2e1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b350b2e188cc9b3274d7b04cd3f2dcce8e4cf505) - use jinja to construct data then pretty print it [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [478e4ccf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/478e4ccfa51746e9e34ed9bdc30b8ab2142624e1) - dont show changes for prep work [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **tasks**: [c04b12a7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c04b12a714a998dbe50256fb4f7f0c7f54f56536) - ensure module FQCN is used [ [!15](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/15) [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **node_labels**: [58a95e67](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/58a95e6781c5f16e0453409c9e58c55d6aa41312) - removed from config.yaml and set to be a manifest on prime node [ [!10](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/10) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [1a0407a9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/1a0407a901408caf35d254a6de4a90dadf63769a) - only populate cluster-domain if defined [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- **handler**: add missing 'reboot_host' handler
|
||||
- **firewall**: ensure slave nodes can access ALL masters API point
|
||||
- **firewall**: dont add rules for disabled features
|
||||
|
||||
### Continious Integration
|
||||
## 1.2.0 (2024-03-16)
|
||||
|
||||
- [7a017c4e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7a017c4e2916034dceda51e07cf3f09c7bbf1a2f) - add documentation deployment [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
### Feat
|
||||
|
||||
### Documentaton / Guides
|
||||
- **firewall**: use collection nofusscomputing.firewall to configure kubernetes firewall
|
||||
|
||||
- [3004f998](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3004f998bf95345af90569d5e6741a52f102bf2a) - add release notes [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [6d974083](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/6d974083cf923df6f06fa2a26983b129deac45e0) - fix github badges links [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [b2f9e5d3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b2f9e5d3caf99bf32ca040fd6f0d902309946beb) - update [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [3198b5d2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3198b5d2f9c06bb119d8549eca16bf1c9cd29607) - added recently configurable items [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
### Fix
|
||||
|
||||
### Features
|
||||
- **config**: use correct var name when setting node name
|
||||
|
||||
- **calico**: [abb7042c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/abb7042cbd415ee9692911a5324355a424c70239) - turn bpf off [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **calico**: [a45fe0c9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a45fe0c9f96f8c4b0571829c3a39edb189d12a5e) - set tolerations for typha "CriticalAddonsOnly" [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **config**: [45863ecf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/45863ecff37480d9c45a12efa714c3856eb59f21) - for server self. use internal ip to connect instead of external [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **config**: [b43e1dbb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b43e1dbb80c5edcd1fc18f9674f1fcd0ee4ec00d) - dont set external-ip if it matches node-ip [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **config**: [efba1ff6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/efba1ff6c74a5e57f98f2a9d78a765212f6795df) - set value `node-ip` [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico**: [2e136ee0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/2e136ee08838d16e7695da469bb55e796c7089b1) - use vxlan instead of ipip [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **olm**: [384ef924](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/384ef924ca7a3de51db16b84790e2b3842a7c83c) - uninstall olm if tag `olm_uninstall` specified [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico**: [54f9ec0c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/54f9ec0c950825b0a81fe4b19efe5e8ddc41f88c) - add job tag calico_manifest to enable rollback [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **cni**: [26c0ab12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26c0ab123628898096cf7767298dd16684db173f) - enable eBPF [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **metallb**: [be1ddecc](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/be1ddecc33925f39c860e9d0177eb3bc79941ba6) - MetalLB Installable instead of ServiceLB [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [79d89b3b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/79d89b3b3a094bbea10448c23a979807be7644fb) - once installed or new cluster always run calico operator deploy [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [8d8ba095](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8d8ba0951e173536ae4b3cc708f56c507a349942) - install before prime check as networking is required [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **firewall**: [8919486b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8919486b6b83b3429b30936318e7be8bbff158d3) - add required rules for calico operator [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [5925a26c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5925a26c608d497dc09b4e9cecb1a13b5be5f849) - store ansible manifests on node [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [f48f6454](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f48f645468f82c2c7c9aa62c86e66d52fee9002d) - deploy the operator to configure calico cni [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) [#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3) ]
|
||||
- **networ_manager**: [7049c57b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7049c57bd062a277236fb93c8e3eff4b34e271ac) - setup calico interfaces as unmanaged [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **install**: [e1220b0d](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/e1220b0dac4129169445c30f1e9867cbe5ceff5d) - enable k3s module metrics-server [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **olm**: [681b52b3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/681b52b31a654040cd5e2c23a52f2b8631b3085b) - dont install by default [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [60f7c2d6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60f7c2d6b6de0cbda1b43f08060f87fe2e1dc6ed) - disable vxlan [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [a54fbe26](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a54fbe26f372e2c5cccfc193b71f007ae2e441c9) - use vxlan overlay [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [0bdd5c66](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0bdd5c66c262d9afc0226a8e201170b0b9188ea3) - IP AUTO-detection set to kubernetes-internal-ip [ [!14](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/14) ]
|
||||
- [74cc2079](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/74cc20794764bb2e1b042ceb641b0e515703884a) - feature gate added to prevent restart of kubernetes service [ [!14](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/14) [!13](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/13) ]
|
||||
- **node**: [c28f0b8e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c28f0b8ee301e1c76553476a0808b45efa417bd9) - ability to configure node taints [ [!13](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/13) [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
- **config**: [4a41f7e3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4a41f7e348d00b91a39160aaa9d8c1cd8e338cb4) - set node name to inventory_hostname [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
- **firewall**: [a31837c8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a31837c803902e6bcfd80704286c62ec9536e422) - add vxlan rules [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **audit_logs**: [73691631](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7369163195a06dac4f07a01bd84db64867480561) - keep two days by default [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **firewall**: [59699afb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59699afb4402b518c9bd2103384affd382761ea2) - allow hosts external IP [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **olm**: [021e54f3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/021e54f32864bfb2dff4933d3053aa50a6f20000) - install olm operator [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [c7cd1da4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7cd1da4312092c5afe7b093d39471488100ab1c) - support setting node labels [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- **config**: [cdc06363](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/cdc06363aad63a72cb7287596f4f340b25226f54) - support setting the service [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- **config**: [34432433](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/34432433f3127763d1def38d479b869e1a84d6c8) - support setting the cluster domain [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- [21cef1f4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/21cef1f4c32777245b56edb232cc0528dacb94db) - enable installation for arm64 architectures [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/11) [!29](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/29) [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
## 1.1.2 (2024-03-13)
|
||||
|
||||
## 0.2.0rc1 (2023-11-06)
|
||||
### Fix
|
||||
|
||||
### Bug Fixes
|
||||
- **readme**: update gitlab links to new loc
|
||||
- **configure**: dont attempt to configure firewall if install=false
|
||||
- **handler**: remove old k8s code causing handler to fail
|
||||
- **handler**: kubernetes restart handler now using updated node type vars
|
||||
- **config**: if hostname=localhost use hostname command to fetch hostname
|
||||
- limit the use of master group
|
||||
- add missing dependency ansible.posix
|
||||
- **install**: use correct var type for packages
|
||||
|
||||
- **config**: [f09737b2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f09737b21f1bac4d505207136e9505c83140b4cf) - typo in config template [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **rbac**: [6ab17bdc](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/6ab17bdc3c660e704ce7319a21a517f38907a541) - authorization:namespace:owner ns owner not to remove cluster resources [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **container_registries**: [9936cd44](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9936cd449911a0e9612309690fbca82e8565c2b3) - these are optional, dont attempt to configure if non specified [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **config**: [5278a499](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5278a4996e0370bbe14ba08189879c19f6b1f983) - server attribute not required for prime master node [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
## 1.1.1 (2024-03-13)
|
||||
|
||||
### Documentaton / Guides
|
||||
### Fix
|
||||
|
||||
- [0acc7a3c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0acc7a3cc2b93f94fc92839e34dec02cfe4d5ec2) - added note on config for system resources [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) [#7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/7) ]
|
||||
- don't check hostname for localhost
|
||||
|
||||
### Features
|
||||
## 1.1.0 (2024-03-13)
|
||||
|
||||
- **rbac**: [59f50d53](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59f50d53df4e28ef114d734f652cb25d396a381d) - new cluster role and binding ingress-admin [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **config**: [d2081284](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/d2081284d1d526a57a34082f5ad944dc12671750) - configurabl system reserved cpu,memory,storage [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **install**: [42ac18e0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/42ac18e05768e61f0d960fb3afe2482431bd5fce) - disable swap [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
### Feat
|
||||
|
||||
## 0.2.0rc0 (2023-11-02)
|
||||
- add role readme and fix gitlab release job
|
||||
|
||||
### Bug Fixes
|
||||
## 1.0.1 (2024-03-13)
|
||||
|
||||
- **firewall**: [9c420475](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9c4204751e00c6d8a36c0fcb1ff66f0a87ba574e) - use correct chain name [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **firewall**: [ba59dd30](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ba59dd305728b15801aca3aef81ea8aa35e5d402) - correct rules so that kubernetes hosts are added to firewall allowed hosts [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **wireguard**: [4a9d9839](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4a9d98394e3fd327a0f681e42b5415e25520cff4) - install before k3s [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **templates**: [89b65732](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/89b65732478883a5ccc29c9100c30840bf08d55e) - add clause to filter for prime master only [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [b77cc6a8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b77cc6a8e902739f43519d4e9a0c0dcfca0cc30f) - install prime then wait till ready before install other nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [26f1f2ef](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26f1f2efe63b47f7ab569f99aa0c1b5f28ff461b) - server install to use version variables [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **configure**: [db515d2c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/db515d2c1d921950c034911fad6622f969232895) - move required config files to install portion [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **config**: [1b62a666](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/1b62a6663285b6c62323ca387ba176cc9d7eff74) - cluster-init only required for master nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
### Fix
|
||||
|
||||
### Code Refactor
|
||||
- **ci**: ensure correct package name is used
|
||||
|
||||
- [4d9f9dcd](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4d9f9dcdff5d07bb9f0722ddc22ff061ffa24f20) - use kubernetes_config for cluster config [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **template**: [50f48ab5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/50f48ab5a1a5983ed7465fefda7119df5d4fff96) - config.yaml rearranged orderd, and updated for kube role [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [4465bcd2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4465bcd2c4f4a94cacd0f35025d63f4f858ee58d) - clean wait for k3s to be ready [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
## 1.0.0 (2024-03-13)
|
||||
|
||||
### Features
|
||||
### Feat
|
||||
|
||||
- **install**: [c7907bf5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7907bf585d182b5e68d241428dd69d7c1af1be7) - install additional master nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **install**: [fd547a4c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/fd547a4c0fbfa34fca6ec6860d294c1713594e41) - install worker nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **install**: [76e48fd9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/76e48fd965b9113d7aa69679524bc119f45db6ac) - wait for cluster to be ready before continuing [ [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [abc01ce4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/abc01ce48cbd586dfec067b3fcdbca0d204843d4) - enable configering etc cron and retention [ [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **playbook**: add the install playbook
|
||||
|
||||
## 0.1.0 (2023-10-29)
|
||||
### Refactor
|
||||
|
||||
### Bug Fixes
|
||||
- **nfc_kubernetes**: update meta file
|
||||
- remove dependency on role nfc_common
|
||||
- **nfc_kubernetes**: layout role ingress to install prime -> master -> worker nodes as separate groups
|
||||
- **docs**: restructure docs
|
||||
|
||||
- **k3s**: [9ac52ee1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9ac52ee165fd364c7091ab3f1e14df365270f532) - use correct variables in conditional clauses [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [8272b250](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8272b2507b298ccec05e6dbaa2a526b5136b8d2d) - uncommented hash tasks as they are required [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- **install**: [57d268ec](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/57d268ec3cd990ea21979cbafe7421a0af04ea91) - config files only required for prime master [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- **install**: [0f4a02ca](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0f4a02cadd24dc1890e57bba5266f17dd44e9766) - restructure and uncommented install steps [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [49087753](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4908775367a657867878111ad7e8a75e5203e492) - dont flush handlers [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
## 0.3.0 (2024-03-13)
|
||||
|
||||
### Code Refactor
|
||||
### Feat
|
||||
|
||||
- [93897ea7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/93897ea7d5d8e11725aa1c285fac64388215d00b) - moved config file deploy to be part of install tasks [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- remove old var and update kube version
|
||||
- install helm binary
|
||||
|
||||
### Continious Integration
|
||||
### Refactor
|
||||
|
||||
- [55d5c5d6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/55d5c5d6943a0794bd73f8701667e85dd653c5ea) - add initial jobs [ [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
|
||||
### Documentaton / Guides
|
||||
|
||||
- [779be020](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/779be0200e71956a3125332d57ac6e0dc7a4914a) - add to feature list openid [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [c3843dde](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c3843ddef0a6d4f885a989675b79ac5861e21138) - role workflow [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [b69d5b8a](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b69d5b8a358e6b024b0afda819af0082c0b87a48) - feature list [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [60392a56](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60392a565c53010faca6c6eda15d2c386133a8f7) - restructure for seperate role index and ansible setup [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [bbfbbedd](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/bbfbbedd11ea5b1fde199899b70cd87119e3a989) - initial docs for rbac [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [3e785d7d](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3e785d7db158e41744ad19c4fcab1c11aa23823f) - added other projects to blurb [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [7abfb703](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7abfb70320419ab1e98666a16453bb1b0a48426e) - Ansible setup [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [b588b038](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b588b0383d3e353a8e487d06b787aed2e28de2d8) - added docs layout [ [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
|
||||
### Features
|
||||
|
||||
- **networking**: [60fd25df](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60fd25df8ec897e74c164d9cc0e49ed07d002d0e) - install and configure wireguard encryption [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3) ]
|
||||
|
||||
## 0.0.1 (2023-10-28)
|
||||
- image var update for calico
|
||||
|
||||
24
CONTRIBUTING.md
Normal file
24
CONTRIBUTING.md
Normal file
@ -0,0 +1,24 @@
|
||||
# Contribution Guide
|
||||
|
||||
|
||||
|
||||
## Updating components with a remote source
|
||||
|
||||
Some components within this role are sourced from a remote source. To update them to the latest release use the following commands.
|
||||
|
||||
> Ensure that before committing the update remote files to the repository, that no features have been removed that were added.
|
||||
|
||||
|
||||
### Kubevirt
|
||||
|
||||
``` bash
|
||||
|
||||
export KUBEVIRT_RELEASE='<kubevirt release i.e. v1.2.0>'
|
||||
|
||||
# From within roles/nfc_kubernetes/templates directory
|
||||
wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-operator.yaml -O kubevirt-operator.yaml.j2
|
||||
|
||||
# From within the roles/nfc_kubernetes/templates directory
|
||||
wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-cr.yaml -O kubevirt-cr.yaml.j2
|
||||
|
||||
```
|
||||
@ -1,39 +0,0 @@
|
||||
# Kubernetes Ansible Playbook
|
||||
|
||||
|
||||
## Additional changes
|
||||
|
||||
- `SystemdCgroup = false` -> `SystemdCgroup = true` [See this comment](https://github.com/kubernetes/kubernetes/issues/110177#issuecomment-1161647736)
|
||||
|
||||
## Tags
|
||||
|
||||
This role has been setup to take advantage of Ansible tags. The use of these tags enables finer control over what tasks are run. By design, when you set a task, only what is required for the tag is run.
|
||||
|
||||
available tags are as follows
|
||||
|
||||
- `containerregistry` apply container/docker registry settings
|
||||
- `firewall` apply firewall settings (firewall name/type independent)
|
||||
- `install` Run every task within the role. this is the same as omitting `--tags`
|
||||
- `iptables` apply iptables settings
|
||||
- `manifest` Apply/remove kubernetes manifests
|
||||
- `namespace` Apply/remove kubernetes namespaces
|
||||
- `nodelabels` Apply/remove kubernetes node labels
|
||||
- `taints` Apply/remove kubernetes taints
|
||||
|
||||
!!! tip
|
||||
if you intend on running the `install` tag, you can omit the `--tags` flag from the ansible tag all togther
|
||||
|
||||
!!! alert
|
||||
the first time this playbook is run if cli switch `--extra-vars "init=true"` is used with `init` either a bool true/false, the manifests will not be applied. this is to enable the kubernetes to be fully setup prior to applying manifests that may prevent successful completion of the play.
|
||||
|
||||
## command Cheatsheet
|
||||
|
||||
- `crictl --runtime-endpoint unix:///run/containerd/containerd.sock images` list all container images on the host
|
||||
|
||||
## Links / References
|
||||
|
||||
- ContainerD Configuration
|
||||
|
||||
- [Registry Configuration](https://github.com/containerd/containerd/blob/7cd72cce99c8d3b938c1b763c2744a0b699028ab/docs/cri/config.md#registry-configuration)
|
||||
|
||||
- [Configuring ContainerD registries](https://github.com/containerd/containerd/blob/7cd72cce99c8d3b938c1b763c2744a0b699028ab/docs/hosts.md#cri)
|
||||
27
README.md
27
README.md
@ -1,34 +1,39 @@
|
||||
<div align="center" width="100%">
|
||||
<span style="text-align: center;">
|
||||
|
||||
|
||||
# No Fuss Computing - Ansible Role: nfc_kubernetes
|
||||
# No Fuss Computing - Ansible Collection Kubernetes
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
|
||||
|
||||
[](https://galaxy.ansible.com/ui/repo/published/nofusscomputing/kubernetes/)
|
||||
|
||||
|
||||
----
|
||||
|
||||
<br>
|
||||
|
||||
  [](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues)
|
||||
  [](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues)
|
||||
|
||||
|
||||
|
||||
  
|
||||
  
|
||||
<br>
|
||||
|
||||
This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes) and has a read-only copy hosted on [Github](https://github.com/NofussComputing/ansible_role_nfc_kubernetes).
|
||||
This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes) and has a read-only copy hosted on [Github](https://github.com/NofussComputing/ansible_collection_kubernetes).
|
||||
|
||||
----
|
||||
|
||||
**Stable Branch**
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
----
|
||||
|
||||
**Development Branch**
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
----
|
||||
<br>
|
||||
@ -37,14 +42,14 @@ This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/a
|
||||
|
||||
links:
|
||||
|
||||
- [Issues](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues)
|
||||
- [Issues](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues)
|
||||
|
||||
- [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests)
|
||||
- [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/merge_requests)
|
||||
|
||||
|
||||
|
||||
## Contributing
|
||||
All contributions for this project must conducted from [Gitlab](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes).
|
||||
All contributions for this project must conducted from [Gitlab](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes).
|
||||
|
||||
For further details on contributing please refer to the [contribution guide](CONTRIBUTING.md).
|
||||
|
||||
|
||||
1
docs/projects/ansible/collection/firewall/index.md
Normal file
1
docs/projects/ansible/collection/firewall/index.md
Normal file
@ -0,0 +1 @@
|
||||
linked to
|
||||
67
docs/projects/ansible/collection/kubernetes/index.md
Normal file
67
docs/projects/ansible/collection/kubernetes/index.md
Normal file
@ -0,0 +1,67 @@
|
||||
---
|
||||
title: Kubernetes
|
||||
description: No Fuss Computings Ansible Collection Kubernetes
|
||||
date: 2024-03-13
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
<span style="text-align: center;">
|
||||
|
||||
|
||||
|
||||
|
||||
 
|
||||
|
||||
|
||||
[](https://galaxy.ansible.com/ui/repo/published/nofusscomputing/kubernetes/)
|
||||
|
||||
|
||||
</span>
|
||||
|
||||
This Ansible Collection is for installing a K3s Kubernetes cluster, both single and multi-node cluster deployments are supported. In addition to installing and configuring the firewall for the node. for further information on the firewall config please see the [firewall docs](../firewall/index.md)
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
To install this collection use `ansible-galaxy collection install nofusscomputing.kubernetes`
|
||||
|
||||
|
||||
## Features
|
||||
|
||||
Most of the features of this collection are from the included role `nfc_kubernetes`, please [view its page for feature details](roles/nfc_kubernetes/index.md).
|
||||
|
||||
|
||||
## Using this collection
|
||||
|
||||
This collection has been designed to be a complete and self-contained management tool for a K3s kubernetes cluster.
|
||||
|
||||
## K3s Kubernetes Installation
|
||||
|
||||
By default the install playbook will install to localhost.
|
||||
|
||||
``` bash
|
||||
|
||||
ansible-playbook nofusscomputing.kubernetes.install
|
||||
|
||||
```
|
||||
|
||||
!!! danger
|
||||
By default when the install task is run, The firewall is also configured. The default sets the `FORWARD` and `INPUT` tables to have a policy of `DROP`. Failing to add any required additional rules before installing/configuring kubernetes will cause you to not have remote access to the machine.
|
||||
|
||||
You are encouraged to run `ansible-playbook nofusscomputing.firewall.install` with your rules configured within your inventory first. see the [firewall docs](../firewall/index.md) for more information.
|
||||
|
||||
The install playbook has a dynamic `hosts` key. This has been done to specifically support running the playbook from AWX and being able to populate the field from the survey feature. Order of precedence for the host variable is as follows:
|
||||
|
||||
- `nfc_pb_host` set to any valid value that a playbook `hosts` key can accept
|
||||
|
||||
- `nfc_pb_kubernetes_cluster_name` with the name of the cluster. This variable is appended to string `kubernetes_cluster_` to serve as a group name for the cluster to be installed. i.e. for a cluster called `prime`, the group name would be set to `kubernetes_cluster_prime`
|
||||
|
||||
- `--limit` specified at runtime
|
||||
|
||||
- `localhost`
|
||||
|
||||
For the available variables please view the [nfc_kubernetes role docs](roles/nfc_kubernetes/index.md#default-variables)
|
||||
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ title: Ansible
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes Ansible docs
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This page intends to describe/explain the setup of ansible for this role.
|
||||
@ -25,7 +25,7 @@ There are many ways to layout your inventory within Ansible. To take full advant
|
||||
!!! info Info
|
||||
The nfc_kubernetes role uses this field for any configuration that requires a hostname. You are strongly encouraged to use DNS name and the DNS name be resolveable for each host accessing to the host in question. Using DNS host name is of paramount importance for a host with dynamic DHCP being used.
|
||||
|
||||
- variable `Kubernetes_Master` _boolean_ set for all host that are master nodes.
|
||||
- variable `nfc_role_kubernetes_master` _boolean_ set for all host that are master nodes.
|
||||
|
||||
- hosts that require Kubernetes API access added to variable `kubernetes_config.cluster.access`
|
||||
|
||||
@ -3,14 +3,14 @@ title: Firewall
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This role include logic to generate firewall rules for iptables. Both IPv4 and IPv6 rules are generated. to survive reboots or network cable disconects, a script is created and added to the `if-up.d.` This enables that each time the interface is brought up, the firewall rules are applied. For a list of the firewall rules applied see the [K3s documentation](https://docs.k3s.io/installation/requirements#inbound-rules-for-k3s-server-nodes)
|
||||
|
||||
Rules generation workflow:
|
||||
|
||||
- itertes over all kubernetes hosts
|
||||
- iterates over all kubernetes hosts
|
||||
|
||||
- adds rules if host is masters for worker access
|
||||
|
||||
@ -3,23 +3,40 @@ title: Kubernetes
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This Ansible role is designed to deploy a K3s Kubernetes cluster. After adding your configuration, the cluster will deploy and have a configured CNI (calico) and be in a state ready to use. This role can be used with our [our playbooks](../../playbooks/index.md) or comes included, along with the playbook within our [Ansible Execution Environment](../../execution_environment/index.md).
|
||||
This Ansible role is designed to deploy a K3s Kubernetes cluster. Without adding cluster configuration this role will install K3s as a single node cluster. To deploy a multi-node cluster add your configuration, K3s will be installed on all nodes. On completion you will have fully configured cluster in a state ready to use. This role can be used with our [our playbooks](../../../../playbooks/index.md) or comes included, along with the playbook within our [Ansible Execution Environment](../../../../execution_environment/index.md).
|
||||
|
||||
|
||||
## Role Details
|
||||
|
||||
| Item| Value | Description |
|
||||
|:---|:---:|:---|
|
||||
| Dependent Roles | _None_ | |
|
||||
| Optional Roles | _nfc_firewall_ | Used to setup the firewall for kubernetes. |
|
||||
| Idempotent | _Yes_ | |
|
||||
| Stats Available | _Not Yet_ | |
|
||||
| Tags | _Nil_ | |
|
||||
| Requirements | _Gather Facts_ | |
|
||||
| | _become_ | |
|
||||
|
||||
|
||||
## Features
|
||||
|
||||
- CNI Setup
|
||||
- CNI Setup, calico including `calicoctl` plugin
|
||||
|
||||
> `kubectl calico ....` instead of `calicoctl ....`
|
||||
|
||||
- Configurable:
|
||||
|
||||
- Container Registries
|
||||
|
||||
- etcd snapshot cron schedule
|
||||
- ectd deployment
|
||||
|
||||
- etcd snapshot cron schedule
|
||||
|
||||
- etcd snapshot retention
|
||||
- etcd snapshot retention
|
||||
|
||||
- Cluster Domain
|
||||
|
||||
@ -47,6 +64,12 @@ This Ansible role is designed to deploy a K3s Kubernetes cluster. After adding y
|
||||
|
||||
- Install MetalLB
|
||||
|
||||
- Install KubeVirt including `virtctl` plugin
|
||||
|
||||
> `kubectl virt ....` instead of `virtctl ....`
|
||||
|
||||
- Install the Helm Binary
|
||||
|
||||
|
||||
## Role Workflow
|
||||
|
||||
@ -66,6 +89,8 @@ For a more probable than not success this role first installs/configures prime m
|
||||
|
||||
1. Configure Kubernetes
|
||||
|
||||
1. Install Kubevirt
|
||||
|
||||
If the playbook is setup as per [our recommendation](ansible.md) step 2 onwards is first done on master nodes then worker nodes.
|
||||
|
||||
!!! tip
|
||||
@ -79,11 +104,14 @@ If the playbook is setup as per [our recommendation](ansible.md) step 2 onwards
|
||||
```
|
||||
_See default variables below for explanation of each variable if it's not evident enough._
|
||||
|
||||
|
||||
## Default Variables
|
||||
|
||||
On viewing these variables you will notice there are single dictionary keys prefixed `nfc_role_kubernetes_` and a dictionary of dictionaries `kubernetes_config`. variables prefixed with `nfc_role_kubernetes_` are for single node installs with the `kubernetes_config` dictionary containing all of the information for an entire cluster. The `kubernetes_config` dictionary variables take precedence. Even if you are installing a cluster on multiple nodes, you are still advised to review the variables prefixed with `nfc_role_kubernetes_` as they may still be needed. i.e. setting a node type use keys `nfc_role_kubernetes_prime`, `nfc_role_kubernetes_master` and `nfc_role_kubernetes_worker`.
|
||||
|
||||
|
||||
``` yaml title="defaults/main.yaml" linenums="1"
|
||||
|
||||
--8<-- "defaults/main.yml"
|
||||
--8<-- "roles/nfc_kubernetes/defaults/main.yml"
|
||||
|
||||
```
|
||||
@ -3,7 +3,7 @@ title: RBAC
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes RBAC documentation.
|
||||
date: 2023-10-29
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
|
||||
@ -3,7 +3,7 @@ title: Release Notes
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2024-01-31
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This document details any changes that have occured that may impact users of this role. It's a rolling document and will be amended from time to time.
|
||||
@ -11,6 +11,12 @@ This document details any changes that have occured that may impact users of thi
|
||||
|
||||
## Changes with an impact
|
||||
|
||||
- _**13 Mar 2024**_ Container Images now a dictionary. This role has two images `kubevirt_operator` and `tigera_operator`.
|
||||
|
||||
- All Images are stored in dictionary `nfc_role_kubernetes_container_images` with each image using its own dictionary with mandatory keys `registry`, `image` and `tag`. This change has been made to cater for those whom store their images within their inventory as a dict of dict. For instance to use your inventory image declare variable `nfc_role_kubernetes_container_images.kubevirt_operator: my_images.my_kubevirt_dict` as an example.
|
||||
|
||||
- A lot of variables have been updated. To view what has changed, please see `defaults/main.yaml` in [MR !35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35)
|
||||
|
||||
- _**31 Jan 2024**_ Calico CNI deployment has been migrated to use the calico operator.
|
||||
|
||||
- All new cluster installations will be deployed with the operator
|
||||
86
galaxy.yml
Normal file
86
galaxy.yml
Normal file
@ -0,0 +1,86 @@
|
||||
### REQUIRED
|
||||
# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
|
||||
# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
|
||||
# underscores or numbers and cannot contain consecutive underscores
|
||||
namespace: nofusscomputing
|
||||
|
||||
# The name of the collection. Has the same character restrictions as 'namespace'
|
||||
name: kubernetes
|
||||
|
||||
# The version of the collection. Must be compatible with semantic versioning
|
||||
version: 1.3.0
|
||||
|
||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||
readme: README.md
|
||||
|
||||
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
|
||||
# @nicks:irc/im.site#channel'
|
||||
authors:
|
||||
- No Fuss Computing
|
||||
|
||||
|
||||
### OPTIONAL but strongly recommended
|
||||
# A short summary description of the collection
|
||||
description: Install a K3s Kubernetes Cluster
|
||||
|
||||
# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
|
||||
# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
|
||||
license:
|
||||
- MIT
|
||||
|
||||
# The path to the license file for the collection. This path is relative to the root of the collection. This key is
|
||||
# mutually exclusive with 'license'
|
||||
license_file: ''
|
||||
|
||||
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
|
||||
# requirements as 'namespace' and 'name'
|
||||
tags:
|
||||
- k3s
|
||||
- kubernetes
|
||||
- tools
|
||||
|
||||
# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
|
||||
# collection label 'namespace.name'. The value is a version range
|
||||
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
|
||||
# range specifiers can be set and are separated by ','
|
||||
dependencies:
|
||||
ansible.posix: '1.5.4'
|
||||
kubernetes.core: '3.0.0'
|
||||
nofusscomputing.firewall: '1.0.1'
|
||||
|
||||
|
||||
# The URL of the originating SCM repository
|
||||
repository: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
|
||||
# The URL to any online docs
|
||||
documentation: https://nofusscomputing.com/projects/ansible/collection/kubernetes/
|
||||
|
||||
# The URL to the homepage of the collection/project
|
||||
# homepage: https://example.com
|
||||
|
||||
# The URL to the collection issue tracker
|
||||
issues: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues
|
||||
|
||||
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
|
||||
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
|
||||
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
|
||||
# and '.git' are always filtered. Mutually exclusive with 'manifest'
|
||||
build_ignore:
|
||||
- .vscode
|
||||
- artifacts
|
||||
- docs
|
||||
- .git*
|
||||
- gitlab-ci
|
||||
- website-template
|
||||
- .ansible-lint-ignore
|
||||
- .cz.yaml
|
||||
- .nfc_automation.yaml
|
||||
- dockerfile
|
||||
- mkdocs.yml
|
||||
|
||||
# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
|
||||
# list of MANIFEST.in style
|
||||
# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
|
||||
# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
|
||||
# with 'build_ignore'
|
||||
# manifest: null
|
||||
Submodule gitlab-ci updated: bea398200f...a24f352ca3
@ -1,53 +0,0 @@
|
||||
---
|
||||
- name: "restart ContainerD"
|
||||
service:
|
||||
name: containerd
|
||||
state: restarted
|
||||
when: >
|
||||
containerd_config.changed | default(false) | bool
|
||||
and
|
||||
containerd_installed.rc | default(1) | int == 0
|
||||
and
|
||||
kubernetes_type == 'k8s'
|
||||
tags:
|
||||
- configure
|
||||
- install
|
||||
|
||||
|
||||
- name: Restart Kubernetes
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
{%- if kubernetes_type == 'k3s' -%}
|
||||
{%- if Kubernetes_Master | default(false) | bool -%}
|
||||
k3s
|
||||
{%- else -%}
|
||||
k3s-agent
|
||||
{%- endif -%}
|
||||
{%- else -%}
|
||||
kubelet
|
||||
{%- endif %}
|
||||
state: restarted
|
||||
listen: kubernetes_restart
|
||||
when: |-
|
||||
not (
|
||||
nfc_kubernetes_no_restart
|
||||
or
|
||||
(
|
||||
inventory_hostname in groups['kubernetes_master']
|
||||
and
|
||||
nfc_kubernetes_no_restart_master
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname == kubernetes_config.cluster.prime.name
|
||||
and
|
||||
nfc_kubernetes_no_restart_prime
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname in groups['kubernetes_worker']
|
||||
and
|
||||
nfc_kubernetes_no_restart_slave
|
||||
)
|
||||
)
|
||||
|
||||
52
meta/runtime.yml
Normal file
52
meta/runtime.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
# Collections must specify a minimum required ansible version to upload
|
||||
# to galaxy
|
||||
requires_ansible: '>=2.14.0'
|
||||
|
||||
# Content that Ansible needs to load from another location or that has
|
||||
# been deprecated/removed
|
||||
# plugin_routing:
|
||||
# action:
|
||||
# redirected_plugin_name:
|
||||
# redirect: ns.col.new_location
|
||||
# deprecated_plugin_name:
|
||||
# deprecation:
|
||||
# removal_version: "4.0.0"
|
||||
# warning_text: |
|
||||
# See the porting guide on how to update your playbook to
|
||||
# use ns.col.another_plugin instead.
|
||||
# removed_plugin_name:
|
||||
# tombstone:
|
||||
# removal_version: "2.0.0"
|
||||
# warning_text: |
|
||||
# See the porting guide on how to update your playbook to
|
||||
# use ns.col.another_plugin instead.
|
||||
# become:
|
||||
# cache:
|
||||
# callback:
|
||||
# cliconf:
|
||||
# connection:
|
||||
# doc_fragments:
|
||||
# filter:
|
||||
# httpapi:
|
||||
# inventory:
|
||||
# lookup:
|
||||
# module_utils:
|
||||
# modules:
|
||||
# netconf:
|
||||
# shell:
|
||||
# strategy:
|
||||
# terminal:
|
||||
# test:
|
||||
# vars:
|
||||
|
||||
# Python import statements that Ansible needs to load from another location
|
||||
# import_redirection:
|
||||
# ansible_collections.ns.col.plugins.module_utils.old_location:
|
||||
# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
|
||||
|
||||
# Groups of actions/modules that take a common set of options
|
||||
# action_groups:
|
||||
# group_name:
|
||||
# - module1
|
||||
# - module2
|
||||
24
mkdocs.yml
24
mkdocs.yml
@ -2,9 +2,9 @@ INHERIT: website-template/mkdocs.yml
|
||||
|
||||
docs_dir: 'docs'
|
||||
|
||||
repo_name: Kubernetes Ansible Role
|
||||
repo_url: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes
|
||||
edit_uri: '/-/ide/project/nofusscomputing/projects/ansible/kubernetes/edit/development/-/docs/'
|
||||
repo_name: Kubernetes Ansible Collection
|
||||
repo_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
edit_uri: '/-/ide/project/nofusscomputing/projects/ansible/collections/kubernetes/edit/development/-/docs/'
|
||||
|
||||
nav:
|
||||
- Home: index.md
|
||||
@ -29,21 +29,25 @@ nav:
|
||||
|
||||
- projects/ansible/playbooks/index.md
|
||||
|
||||
- Roles:
|
||||
- Collections:
|
||||
|
||||
- projects/ansible/roles/index.md
|
||||
- projects/ansible/collection/index.md
|
||||
|
||||
- Kubernetes:
|
||||
|
||||
- projects/ansible/roles/kubernetes/index.md
|
||||
- projects/ansible/collection/kubernetes/index.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/ansible.md
|
||||
- Role nfc_kubernetes:
|
||||
|
||||
- projects/ansible/roles/kubernetes/firewall.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/index.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/rbac.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/ansible.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/release_notes.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/firewall.md
|
||||
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/rbac.md
|
||||
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/release_notes.md
|
||||
|
||||
|
||||
- Operations:
|
||||
|
||||
64
playbooks/install.yaml
Normal file
64
playbooks/install.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: Install K3s Kubernetes
|
||||
hosts: |-
|
||||
{%- if nfc_pb_host is defined -%}
|
||||
|
||||
{{ nfc_pb_host }}
|
||||
|
||||
{%- elif nfc_pb_kubernetes_cluster_name is defined -%}
|
||||
|
||||
kubernetes_cluster_{{ nfc_pb_kubernetes_cluster_name | lower }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
{%- if ansible_limit is defined -%}
|
||||
|
||||
{{ ansible_limit }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
localhost
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- endif %}
|
||||
become: true
|
||||
gather_facts: true
|
||||
|
||||
|
||||
tasks:
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_kubernetes
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
# vars:
|
||||
|
||||
#
|
||||
# Future feature, add playbook to import to awx
|
||||
#
|
||||
# nfc_pb_awx_tower_template:
|
||||
|
||||
|
||||
# - name: "Collection/NoFussComputing/Kubernetes/Install"
|
||||
# ask_credential_on_launch: true
|
||||
# ask_job_type_on_launch: true
|
||||
# ask_limit_on_launch: true
|
||||
# ask_tags_on_launch: true
|
||||
# ask_variables_on_launch: true
|
||||
# description: |
|
||||
# Playbook to Install/Configure Kubernetes using configuration
|
||||
# from code.
|
||||
# execution_environment: "No Fuss Computing EE"
|
||||
# job_type: "check"
|
||||
# labels:
|
||||
# - cluster
|
||||
# - k3s
|
||||
# - kubernetes
|
||||
# verbosity: 2
|
||||
# use_fact_cache: true
|
||||
# survey_enabled: false
|
||||
0
plugins/.gitkeep
Normal file
0
plugins/.gitkeep
Normal file
3
roles/nfc_kubernetes/README.md
Normal file
3
roles/nfc_kubernetes/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
## No Fuss Computing - Ansible Role nfc_kubernetes
|
||||
|
||||
Nothing to see here
|
||||
@ -6,10 +6,10 @@
|
||||
calico_image_tag: v3.25.0 # Depreciated
|
||||
# EoF Depreciated
|
||||
# SoF New Variables
|
||||
nfc_kubernetes_calico_version: v3.27.0
|
||||
nfc_kubernetes_tigera_operator_registry: quay.io
|
||||
nfc_kubernetes_tigera_operator_image: tigera/operator
|
||||
nfc_kubernetes_tigera_operator_tag: v1.32.3 # Calico v3.27.0
|
||||
nfc_role_kubernetes_calico_version: v3.27.0
|
||||
# nfc_kubernetes_tigera_operator_registry: quay.io
|
||||
# nfc_kubernetes_tigera_operator_image: tigera/operator
|
||||
# nfc_kubernetes_tigera_operator_tag: v1.32.3 # Calico v3.27.0
|
||||
# EoF New Variables, EEoF Depreciated
|
||||
|
||||
|
||||
@ -17,26 +17,56 @@ nfc_kubernetes_enable_metallb: false
|
||||
nfc_kubernetes_enable_servicelb: false
|
||||
|
||||
|
||||
nfc_role_kubernetes_container_images:
|
||||
|
||||
kubevirt_operator:
|
||||
name: Kubevirt Operator
|
||||
registry: quay.io
|
||||
image: kubevirt/virt-operator
|
||||
tag: v1.2.0
|
||||
|
||||
tigera_operator:
|
||||
name: Tigera Operator
|
||||
registry: quay.io
|
||||
image: tigera/operator
|
||||
tag: v1.32.3 # Calico v3.27.0
|
||||
|
||||
|
||||
nfc_role_kubernetes_cluster_domain: cluster.local
|
||||
|
||||
nfc_role_kubernetes_configure_firewall: true
|
||||
|
||||
nfc_role_kubernetes_etcd_enabled: false
|
||||
|
||||
nfc_role_kubernetes_install_olm: false
|
||||
|
||||
nfc_role_kubernetes_install_helm: true
|
||||
|
||||
nfc_role_kubernetes_install_kubevirt: false
|
||||
|
||||
nfc_role_kubernetes_kubevirt_operator_replicas: 1
|
||||
|
||||
nfc_role_kubernetes_oidc_enabled: false
|
||||
|
||||
nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
|
||||
nfc_role_kubernetes_service_subnet: 172.16.244.0/22
|
||||
|
||||
nfc_role_kubernetes_prime: true # Mandatory for a node designated as the prime master node
|
||||
nfc_role_kubernetes_master: true # Mandatory for a node designated as a master node and the prime master node
|
||||
nfc_role_kubernetes_worker: false # Mandatory for a node designated as a worker node
|
||||
|
||||
############################################################################################################
|
||||
#
|
||||
# Old Vars requiring refactoring
|
||||
#
|
||||
# ############################################################################################################
|
||||
# KubernetesPodSubnet: 10.85.0.0/16
|
||||
# KubernetesServiceSubnet: 10.86.0.0/16
|
||||
|
||||
|
||||
Kubernetes_Prime: false # Optional, Boolean. Is the current host the Prime master?
|
||||
Kubernetes_Master: false # Optional, Boolean. Is the current host a master host?
|
||||
|
||||
ContainerDioVersion: 1.6.20-1
|
||||
KubernetesVersion: '1.26.2' # must match the repository release version
|
||||
kubernetes_version_olm: '0.26.0'
|
||||
KubernetesVersion: '1.26.12' # must match the repository release version
|
||||
kubernetes_version_olm: '0.27.0'
|
||||
|
||||
|
||||
|
||||
|
||||
KubernetesVersion_k8s_prefix: '-00'
|
||||
KubernetesVersion_k3s_prefix: '+k3s1'
|
||||
|
||||
kubernetes_private_container_registry: [] # Optional, Array. if none use `[]`
|
||||
@ -46,19 +76,15 @@ kubernetes_etcd_snapshot_retention: 5
|
||||
|
||||
# host_external_ip: '' # Optional, String. External IP Address for host.
|
||||
|
||||
kubernetes_type: k8s # Mandatory, String. choice K8s | k3s
|
||||
|
||||
kube_apiserver_arg_audit_log_maxage: 2
|
||||
|
||||
kubelet_arg_system_reserved_cpu: 450m
|
||||
kubelet_arg_system_reserved_memory: 512Mi
|
||||
kubelet_arg_system_reserved_storage: 8Gi
|
||||
|
||||
# kubernetes_olm_install: true # optional, boolean. default=true
|
||||
|
||||
|
||||
nfc_kubernetes:
|
||||
enable_firewall: true # Optional, bool enable firewall rules from role 'nfc_firewall'
|
||||
enable_firewall: false # Optional, bool enable firewall rules from role 'nfc_firewall'
|
||||
|
||||
nfc_kubernetes_no_restart: false # Set to true to prevent role from restarting kubernetes on the host(s)
|
||||
nfc_kubernetes_no_restart_master: false # Set to true to prevent role from restarting kubernetes on master host(s)
|
||||
@ -76,7 +102,7 @@ k3s:
|
||||
kind: Policy
|
||||
rules:
|
||||
- level: Request
|
||||
when: "{{ Kubernetes_Master | default(false) }}"
|
||||
when: "{{ nfc_role_kubernetes_master }}"
|
||||
|
||||
- name: 90-kubelet.conf
|
||||
path: /etc/sysctl.d
|
||||
@ -108,7 +134,7 @@ k3s:
|
||||
# usernames: []
|
||||
# runtimeClasses: []
|
||||
# namespaces: [kube-system]
|
||||
when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}"
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
|
||||
|
||||
#############################################################################################
|
||||
@ -123,7 +149,7 @@ k3s:
|
||||
# - 'my.dnshostname.com'
|
||||
# - '2001:4860:4860::8888'
|
||||
# - '192.168.1.1'
|
||||
# Name: earth # Mandatory, String. Cluster Name
|
||||
# domain_name: earth # Mandatory, String. Cluster Domain Name
|
||||
# group_name: # Mandatory, String. name of the ansible inventory group containg all cluster hosts
|
||||
# prime:
|
||||
# name: k3s-prod # Mandatory, String. Ansible inventory_host that will
|
||||
@ -132,10 +158,21 @@ k3s:
|
||||
# encrypt: true # Optional, Boolean. default `false`. Install wireguard for inter-node encryption
|
||||
# podSubnet: 172.16.70.0/24 # Mandatory, String. CIDR
|
||||
# ServiceSubnet: 172.16.72.0/24 # Mandatory, String. CIDR
|
||||
# # Mandatory, String. Token to join nodes to the cluster
|
||||
# node_token: !vault |
|
||||
# $ANSIBLE_VAULT;1.2;AES256;kubernetes/cluster/production
|
||||
# {rest_of encrypted key}
|
||||
#
|
||||
#
|
||||
# helm:
|
||||
# enabled: true # Optional, Boolean. default=false. Install Helm Binary
|
||||
#
|
||||
#
|
||||
# kube_virt:
|
||||
# enabled: false # Optional, Boolean. default=false. Install KubeVirt
|
||||
#
|
||||
# nodes: [] # Optional, List of String. default=inventory_hostname. List of nodes to install kibevirt on.
|
||||
#
|
||||
# operator:
|
||||
# replicas: 2 # Optional, Integer. How many virt_operators to deploy.
|
||||
#
|
||||
#
|
||||
# oidc: # Used to configure Kubernetes with OIDC Authentication.
|
||||
# enabled: true # Mandatory, boolen. speaks for itself.
|
||||
# issuer_url: https://domainname.com/realms/realm-name # Mandatory, String. URL of OIDC Provider
|
||||
@ -144,14 +181,14 @@ k3s:
|
||||
# username_prefix: oidc # Optional, String. What to prefix to username
|
||||
# groups_claim: roles # Mandatory, String. Claim name containing groups
|
||||
# groups_prefix: '' # Optional, String. string to append to groups
|
||||
|
||||
# hosts:
|
||||
|
||||
# my-host-name:
|
||||
# labels:
|
||||
# mylabel: myvalue
|
||||
|
||||
# taints:
|
||||
# - effect: NoSchedule
|
||||
# key: taintkey
|
||||
# value: taintvalue
|
||||
#
|
||||
# hosts:
|
||||
#
|
||||
# my-host-name:
|
||||
# labels:
|
||||
# mylabel: myvalue
|
||||
#
|
||||
# taints:
|
||||
# - effect: NoSchedule
|
||||
# key: taintkey
|
||||
# value: taintvalue
|
||||
41
roles/nfc_kubernetes/handlers/main.yml
Normal file
41
roles/nfc_kubernetes/handlers/main.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
|
||||
- name: Reboot Node
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 300
|
||||
listen: reboot_host
|
||||
when: ansible_connection == 'ssh'
|
||||
|
||||
|
||||
- name: Restart Kubernetes
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
k3s
|
||||
{%- else -%}
|
||||
k3s-agent
|
||||
{%- endif -%}
|
||||
state: restarted
|
||||
listen: kubernetes_restart
|
||||
when: |-
|
||||
not (
|
||||
nfc_kubernetes_no_restart
|
||||
or
|
||||
(
|
||||
nfc_role_kubernetes_master
|
||||
and
|
||||
nfc_kubernetes_no_restart_master
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname == kubernetes_config.cluster.prime.name | default(inventory_hostname)
|
||||
and
|
||||
nfc_kubernetes_no_restart_prime
|
||||
)
|
||||
or
|
||||
(
|
||||
nfc_role_kubernetes_worker
|
||||
and
|
||||
nfc_kubernetes_no_restart_slave
|
||||
)
|
||||
)
|
||||
@ -1,24 +1,29 @@
|
||||
galaxy_info:
|
||||
|
||||
role_name: nfc_kubernetes
|
||||
|
||||
author: No Fuss Computing
|
||||
description: template role to install and configure Kubernetes on a host
|
||||
|
||||
issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes
|
||||
description: Install and configure single and multi-node K3s Kubernetes cluster.
|
||||
|
||||
license: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/blob/master/LICENSE
|
||||
issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
|
||||
license: MIT
|
||||
|
||||
min_ansible_version: '2.15'
|
||||
|
||||
platforms:
|
||||
|
||||
- name: Debian
|
||||
versions:
|
||||
- bullseye
|
||||
- bookworm
|
||||
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 21
|
||||
|
||||
galaxy_tags:
|
||||
- cluster
|
||||
- k3s
|
||||
- k8s
|
||||
- kubernetes
|
||||
- container
|
||||
27
roles/nfc_kubernetes/tasks/helm/main.yaml
Normal file
27
roles/nfc_kubernetes/tasks/helm/main.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
- name: Fetch Helm APT Key
|
||||
ansible.builtin.get_url:
|
||||
url: https://baltocdn.com/helm/signing.asc
|
||||
dest: /usr/share/keyrings/helm.asc
|
||||
mode: 740
|
||||
|
||||
|
||||
- name: Add Helm Repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: >-
|
||||
deb [arch={%- if ansible_architecture == 'aarch64' -%}
|
||||
arm64
|
||||
{%- else -%}
|
||||
amd64
|
||||
{%- endif %} signed-by=/usr/share/keyrings/helm.asc] http://baltocdn.com/helm/stable/{{
|
||||
ansible_os_family | lower }}/ all main
|
||||
state: present
|
||||
filename: helm
|
||||
|
||||
|
||||
- name: Install Helm
|
||||
ansible.builtin.apt:
|
||||
package:
|
||||
- helm
|
||||
state: present
|
||||
93
roles/nfc_kubernetes/tasks/install.yaml
Normal file
93
roles/nfc_kubernetes/tasks/install.yaml
Normal file
@ -0,0 +1,93 @@
|
||||
---
|
||||
|
||||
- name: Get Hostname
|
||||
ansible.builtin.command:
|
||||
cmd: hostname
|
||||
changed_when: false
|
||||
register: hostname_to_check
|
||||
|
||||
|
||||
- name: Hostname Check
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- hostname_to_check.stdout == inventory_hostname
|
||||
msg: The hostname must match the inventory_hostname
|
||||
when: >
|
||||
inventory_hostname != 'localhost'
|
||||
|
||||
|
||||
- name: Check Machine Architecture
|
||||
ansible.builtin.set_fact:
|
||||
nfc_kubernetes_install_architectures: "{{ nfc_kubernetes_install_architectures | default({}) | combine({ansible_architecture: ''}) }}"
|
||||
|
||||
|
||||
- name: Configure Kubernetes Firewall Rules
|
||||
ansible.builtin.include_role:
|
||||
name: nofusscomputing.firewall.nfc_firewall
|
||||
vars:
|
||||
nfc_role_firewall_firewall_type: iptables
|
||||
nfc_role_firewall_additional_rules: "{{ ( lookup('template', 'vars/firewall_rules.yaml') | from_yaml ).kubernetes_chains }}"
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
nfc_role_kubernetes_configure_firewall
|
||||
|
||||
|
||||
- name: K3s Install
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/install.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
not kubernetes_installed | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: K3s Configure
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/configure.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
kubernetes_installed | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Kubevert
|
||||
ansible.builtin.include_tasks:
|
||||
file: kubevirt/main.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
kubernetes_installed | default(false) | bool
|
||||
and
|
||||
kubernetes_config.kube_virt.enabled | default(nfc_role_kubernetes_install_kubevirt)
|
||||
and
|
||||
inventory_hostname in kubernetes_config.kube_virt.nodes | default([ inventory_hostname ]) | list
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Helm
|
||||
ansible.builtin.include_tasks:
|
||||
file: helm/main.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
kubernetes_installed | default(false) | bool
|
||||
and
|
||||
kubernetes_config.helm.enabled | default(nfc_role_kubernetes_install_helm)
|
||||
and
|
||||
nfc_role_kubernetes_master
|
||||
tags:
|
||||
- always
|
||||
@ -12,6 +12,12 @@
|
||||
when: item.when | default(false) | bool
|
||||
|
||||
|
||||
- name: Check if FW dir exists
|
||||
ansible.builtin.stat:
|
||||
name: /etc/iptables-reloader/rules.d
|
||||
register: firewall_rules_dir_metadata
|
||||
|
||||
|
||||
- name: Copy Templates
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
@ -28,11 +34,21 @@
|
||||
|
||||
- src: kubernetes-manifest-rbac.yaml.j2
|
||||
dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml
|
||||
when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}"
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
|
||||
- src: iptables-kubernetes.rules.j2
|
||||
dest: "/etc/iptables.rules.d/iptables-kubernetes.rules"
|
||||
dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules"
|
||||
notify: firewall_reloader
|
||||
when: |-
|
||||
{%- if firewall_installed -%}
|
||||
|
||||
{{ firewall_rules_dir_metadata.stat.exists }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
false
|
||||
|
||||
{%- endif %}
|
||||
|
||||
|
||||
- name: Add Kubernetes Node Labels
|
||||
@ -3,28 +3,28 @@
|
||||
- name: Check for calico deployment manifest
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
become: true
|
||||
register: file_calico_yaml_metadata
|
||||
|
||||
|
||||
- name: Check for calico Operator deployment manifest
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/ansible/deployment-manifest-calico_operator.yaml
|
||||
become: true
|
||||
register: file_calico_operator_yaml_metadata
|
||||
|
||||
|
||||
- name: Install Software
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_common
|
||||
- name: Install dependent packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ package }}"
|
||||
state: present
|
||||
loop: "{{ packages }}"
|
||||
loop_control:
|
||||
loop_var: package
|
||||
vars:
|
||||
common_gather_facts: false
|
||||
initial_common_tasks: true # Don't run init tasks
|
||||
aptInstall:
|
||||
- name: curl
|
||||
- name: iptables
|
||||
- name: jq
|
||||
- name: wireguard
|
||||
packages:
|
||||
- curl
|
||||
- iptables
|
||||
- jq
|
||||
- wireguard
|
||||
|
||||
|
||||
- name: Remove swapfile from /etc/fstab
|
||||
@ -106,6 +106,8 @@
|
||||
value: '524288'
|
||||
- name: fs.inotify.max_user_instances
|
||||
value: '512'
|
||||
- name: net.ipv6.conf.all.disable_ipv6
|
||||
value: '1'
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
|
||||
@ -113,7 +115,6 @@
|
||||
- name: Check for Network Manager Directory
|
||||
ansible.builtin.stat:
|
||||
name: /etc/NetworkManager/conf.d
|
||||
become: true
|
||||
register: directory_network_manager_metadata
|
||||
|
||||
|
||||
@ -133,7 +134,6 @@
|
||||
mode: '770'
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
diff: true
|
||||
when: directory_network_manager_metadata.stat.exists
|
||||
|
||||
@ -146,11 +146,20 @@
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: k3s_installed
|
||||
when: >
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
|
||||
|
||||
- name: Check Machine Architecture
|
||||
ansible.builtin.set_fact:
|
||||
nfc_kubernetes_install_architectures: "{{ nfc_kubernetes_install_architectures | default({}) | combine({ansible_architecture: ''}) }}"
|
||||
- name: Check if K3s Installed
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
if [[ $(service k3s-agent status) ]]; then exit 0; else exit 1; fi
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: k3s_installed
|
||||
when: >
|
||||
not nfc_role_kubernetes_worker | default(false) | bool
|
||||
|
||||
|
||||
- name: Download Install Scripts
|
||||
@ -168,7 +177,10 @@
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
# no_log: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
when: >
|
||||
ansible_os_family == 'Debian'
|
||||
and
|
||||
item.when | default(true) | bool
|
||||
loop: "{{ download_files }}"
|
||||
vars:
|
||||
ansible_connection: local
|
||||
@ -177,6 +189,7 @@
|
||||
url: https://get.k3s.io
|
||||
- dest: /tmp/install_olm.sh
|
||||
url: https://raw.githubusercontent.com/operator-framework/operator-lifecycle-manager/v{{ kubernetes_version_olm }}/scripts/install.sh
|
||||
when: "{{ nfc_role_kubernetes_install_olm }}"
|
||||
|
||||
|
||||
- name: Download K3s Binary
|
||||
@ -228,15 +241,16 @@
|
||||
ansible.builtin.copy:
|
||||
src: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
dest: "/usr/local/bin/k3s"
|
||||
mode: '740'
|
||||
mode: '741'
|
||||
owner: root
|
||||
group: root
|
||||
when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary
|
||||
|
||||
|
||||
- name: Copy install scripts to Host
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ item }}"
|
||||
src: "{{ item.path }}"
|
||||
dest: "{{ item.path }}"
|
||||
mode: '755'
|
||||
owner: root
|
||||
group: root
|
||||
@ -244,9 +258,12 @@
|
||||
loop: "{{ install_scripts }}"
|
||||
vars:
|
||||
install_scripts:
|
||||
- "/tmp/install.sh"
|
||||
- "/tmp/install_olm.sh"
|
||||
# when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary
|
||||
- path: "/tmp/install.sh"
|
||||
- path: "/tmp/install_olm.sh"
|
||||
when: "{{ nfc_role_kubernetes_install_olm }}"
|
||||
when: >
|
||||
item.when | default(true) | bool
|
||||
|
||||
|
||||
- name: Required Initial config files
|
||||
ansible.builtin.copy:
|
||||
@ -283,7 +300,7 @@
|
||||
dest: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
when: >
|
||||
{{
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
(
|
||||
(
|
||||
@ -325,10 +342,10 @@
|
||||
cmd: |
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||
/tmp/install.sh --cluster-init
|
||||
/tmp/install.sh {% if nfc_role_kubernetes_etcd_enabled %}--cluster-init{% endif %}
|
||||
changed_when: false
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
|
||||
@ -352,7 +369,7 @@
|
||||
and
|
||||
'calico_manifest' not in ansible_run_tags
|
||||
and
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
|
||||
|
||||
- name: Install MetalLB Operator
|
||||
@ -371,7 +388,7 @@
|
||||
when: >-
|
||||
nfc_kubernetes_enable_metallb | default(false) | bool
|
||||
and
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
|
||||
|
||||
- name: Wait for kubernetes prime to be ready
|
||||
@ -385,7 +402,7 @@
|
||||
exit 127;
|
||||
fi
|
||||
executable: /bin/bash
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
run_once: true
|
||||
register: kubernetes_ready_check
|
||||
retries: 30
|
||||
@ -409,9 +426,9 @@
|
||||
install_olm.rc == 1
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
kubernetes_olm_install | default(false) | bool
|
||||
nfc_role_kubernetes_install_olm | default(false) | bool
|
||||
|
||||
|
||||
- name: Uninstall OLM
|
||||
@ -422,7 +439,7 @@
|
||||
kubectl delete -n olm deployment olm-operator;
|
||||
|
||||
kubectl delete crd catalogsources.operators.coreos.com;
|
||||
kubectl delete` crd clusterserviceversions.operators.coreos.com;
|
||||
kubectl delete crd clusterserviceversions.operators.coreos.com;
|
||||
kubectl delete crd installplans.operators.coreos.com;
|
||||
kubectl delete crd olmconfigs.operators.coreos.com;
|
||||
kubectl delete crd operatorconditions.operators.coreos.com;
|
||||
@ -437,9 +454,9 @@
|
||||
failed_when: false
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
'olm_uninstall' not in ansible_run_tags
|
||||
'olm_uninstall' in ansible_run_tags
|
||||
|
||||
|
||||
- name: Enable Cluster Encryption
|
||||
@ -448,7 +465,7 @@
|
||||
changed_when: false
|
||||
failed_when: false # New cluster will fail
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
kubernetes_config.cluster.networking.encrypt | default(false) | bool
|
||||
and
|
||||
@ -466,7 +483,7 @@
|
||||
- name: Fetch Join Token
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/rancher/k3s/server/token
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
run_once: true
|
||||
register: k3s_join_token
|
||||
no_log: true # Value is sensitive
|
||||
@ -475,7 +492,7 @@
|
||||
- name: Create Token fact
|
||||
ansible.builtin.set_fact:
|
||||
k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
run_once: true
|
||||
no_log: true # Value is sensitive
|
||||
|
||||
@ -491,9 +508,9 @@
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
when: >
|
||||
Kubernetes_Master | default(false) | bool
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
|
||||
@ -506,12 +523,14 @@
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||
K3S_TOKEN="{{ k3s_join_token }}" \
|
||||
K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443" \
|
||||
K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name | default(inventory_hostname)].ansible_host }}:6443" \
|
||||
/tmp/install.sh -
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
when: >
|
||||
not Kubernetes_Master | default(false) | bool
|
||||
not nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
|
||||
@ -521,4 +540,3 @@
|
||||
kubernetes_installed: true
|
||||
# Clear Token as no llonger required and due to being a sensitive value
|
||||
k3s_join_token: null
|
||||
nfc_kubernetes_install_architectures: {}
|
||||
@ -96,7 +96,7 @@
|
||||
- name: Fetch Calico Kubectl Plugin
|
||||
ansible.builtin.uri:
|
||||
url: |-
|
||||
https://github.com/projectcalico/calico/releases/download/{{ nfc_kubernetes_calico_version }}/calicoctl-linux-
|
||||
https://github.com/projectcalico/calico/releases/download/{{ nfc_role_kubernetes_calico_version }}/calicoctl-linux-
|
||||
{%- if cpu_arch.key == 'aarch64' -%}
|
||||
arm64
|
||||
{%- else -%}
|
||||
@ -127,7 +127,7 @@
|
||||
owner: root
|
||||
group: 'root'
|
||||
become: true
|
||||
when: inventory_hostname in groups['kubernetes_master']
|
||||
when: nfc_role_kubernetes_master
|
||||
|
||||
|
||||
- name: Setup Automagic Host Endpoints
|
||||
@ -150,10 +150,10 @@
|
||||
projectcalico.org/operator-node-migration-
|
||||
executable: bash
|
||||
become: true
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
loop: "{{ groups[kubernetes_config.cluster.group_name] }}"
|
||||
loop: "{{ groups[kubernetes_config.cluster.group_name | default('make_me_optional')] | default([]) }}"
|
||||
|
||||
# kubectl label node ip-10-229-92-202.eu-west-1.compute.internal projectcalico.org/operator-node-migration-
|
||||
# migration started
|
||||
72
roles/nfc_kubernetes/tasks/kubevirt/main.yaml
Normal file
72
roles/nfc_kubernetes/tasks/kubevirt/main.yaml
Normal file
@ -0,0 +1,72 @@
|
||||
---
|
||||
|
||||
- name: Validate Virtualization Support
|
||||
ansible.builtin.include_tasks:
|
||||
file: kubevirt/validate.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Deploy KubeVirt
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}"
|
||||
dest: "/var/lib/rancher/k3s/server/manifests/{{ item | replace('.j2', '') | lower }}"
|
||||
owner: root
|
||||
mode: '700'
|
||||
force: true
|
||||
notify: "{{ item.notify | default(omit) }}"
|
||||
loop: "{{ templates_to_apply }}"
|
||||
diff: true
|
||||
vars:
|
||||
templates_to_apply:
|
||||
- kubevirt-operator.yaml.j2
|
||||
- kubevirt-cr.yaml.j2
|
||||
|
||||
|
||||
- name: Fetch virtctl Kubectl Plugin
|
||||
ansible.builtin.uri:
|
||||
url: |-
|
||||
https://github.com/kubevirt/kubevirt/releases/download/{{
|
||||
nfc_role_kubernetes_container_images.kubevirt_operator.tag }}/virtctl-{{
|
||||
nfc_role_kubernetes_container_images.kubevirt_operator.tag }}-linux-
|
||||
{%- if cpu_arch.key == 'aarch64' -%}
|
||||
arm64
|
||||
{%- else -%}
|
||||
amd64
|
||||
{%- endif %}
|
||||
status_code:
|
||||
- 200
|
||||
- 304
|
||||
dest: "/tmp/kubectl-virtctl.{{ cpu_arch.key }}"
|
||||
mode: '777'
|
||||
owner: root
|
||||
group: 'root'
|
||||
changed_when: false
|
||||
become: true
|
||||
delegate_to: localhost
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
vars:
|
||||
ansible_connection: local
|
||||
|
||||
|
||||
- name: Add virtctl Plugin
|
||||
ansible.builtin.copy:
|
||||
src: "/tmp/kubectl-virtctl.{{ ansible_architecture }}"
|
||||
dest: /usr/local/bin/kubectl-virt
|
||||
mode: '770'
|
||||
owner: root
|
||||
group: 'root'
|
||||
become: true
|
||||
when: nfc_role_kubernetes_master
|
||||
|
||||
|
||||
- name: Wait for KubeVirt to initialize
|
||||
ansible.builtin.command:
|
||||
cmd: kubectl -n kubevirt wait kv kubevirt --for condition=Available
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
25
roles/nfc_kubernetes/tasks/kubevirt/validate.yaml
Normal file
25
roles/nfc_kubernetes/tasks/kubevirt/validate.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
---
|
||||
|
||||
- name: Install LibVirt-Clients
|
||||
ansible.builtin.apt:
|
||||
name: libvirt-clients
|
||||
state: present
|
||||
|
||||
|
||||
- name: Confirm Virtualization Support
|
||||
ansible.builtin.command:
|
||||
cmd: virt-host-validate qemu
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: virt_support_check_command
|
||||
|
||||
|
||||
- name: Confirm No QEMU failures
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- (": FAIL" | string) not in (item | string)
|
||||
- |
|
||||
(": PASS" | string) in (item | string)
|
||||
or
|
||||
(": WARN" | string) in (item | string)
|
||||
loop: "{{ virt_support_check_command.stdout_lines }}"
|
||||
41
roles/nfc_kubernetes/tasks/main.yaml
Normal file
41
roles/nfc_kubernetes/tasks/main.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
|
||||
- name: Install/Configure Kubernetes Prime Master Node
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on remaining Master Nodes
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) != inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on Worker Nodes
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
@ -6,6 +6,6 @@ metadata:
|
||||
namespace: tigera-operator
|
||||
data:
|
||||
KUBERNETES_SERVICE_HOST: "
|
||||
{%- set octet = kubernetes_config.cluster.networking.ServiceSubnet | split('.') -%}
|
||||
{%- set octet = kubernetes_config.cluster.networking.ServiceSubnet | default(nfc_role_kubernetes_service_subnet) | split('.') -%}
|
||||
{{- octet[0] }}.{{- octet[1] }}.{{- octet[2] }}.1"
|
||||
KUBERNETES_SERVICE_PORT: '443'
|
||||
@ -25272,7 +25272,10 @@ spec:
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
containers:
|
||||
- name: tigera-operator
|
||||
image: {{ nfc_kubernetes_tigera_operator_registry }}/{{ nfc_kubernetes_tigera_operator_image}}:{{ nfc_kubernetes_tigera_operator_tag }}
|
||||
image: {{
|
||||
nfc_role_kubernetes_container_images.tigera_operator.registry }}/{{
|
||||
nfc_role_kubernetes_container_images.tigera_operator.image}}:{{
|
||||
nfc_role_kubernetes_container_images.tigera_operator.tag }}
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- operator
|
||||
@ -25290,7 +25293,7 @@ spec:
|
||||
- name: OPERATOR_NAME
|
||||
value: "tigera-operator"
|
||||
- name: TIGERA_OPERATOR_INIT_IMAGE_VERSION
|
||||
value: {{ nfc_kubernetes_tigera_operator_tag }}
|
||||
value: {{ nfc_role_kubernetes_container_images.tigera_operator.tag }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: kubernetes-services-endpoint
|
||||
@ -9,7 +9,7 @@ spec:
|
||||
- Workload
|
||||
- Tunnel
|
||||
blockSize: 26
|
||||
cidr: {{ kubernetes_config.cluster.networking.podSubnet }}
|
||||
cidr: {{ kubernetes_config.cluster.networking.podSubnet | default(nfc_role_kubernetes_pod_subnet) }}
|
||||
ipipMode: Never
|
||||
natOutgoing: true
|
||||
nodeSelector: all()
|
||||
@ -11,7 +11,7 @@ spec:
|
||||
hostPorts: Enabled
|
||||
ipPools:
|
||||
- blockSize: 26
|
||||
cidr: {{ kubernetes_config.cluster.networking.podSubnet }}
|
||||
cidr: {{ kubernetes_config.cluster.networking.podSubnet | default(nfc_role_kubernetes_pod_subnet) }}
|
||||
disableBGPExport: false
|
||||
encapsulation: VXLAN
|
||||
natOutgoing: Enabled
|
||||
@ -41,7 +41,7 @@ spec:
|
||||
type: RollingUpdate
|
||||
nonPrivileged: Disabled
|
||||
serviceCIDRs:
|
||||
- {{ kubernetes_config.cluster.networking.ServiceSubnet }}
|
||||
- {{ kubernetes_config.cluster.networking.ServiceSubnet | default(nfc_role_kubernetes_service_subnet) }}
|
||||
typhaDeployment:
|
||||
spec:
|
||||
template:
|
||||
@ -4810,7 +4810,7 @@ spec:
|
||||
# chosen from this range. Changing this value after installation will have
|
||||
# no effect. This should fall within `--cluster-cidr`.
|
||||
- name: CALICO_IPV4POOL_CIDR
|
||||
value: "{{ KubernetesPodSubnet }}"
|
||||
value: "{{ nfc_role_kubernetes_pod_subnet }}"
|
||||
# Disable file logging so `kubectl logs` works.
|
||||
- name: CALICO_DISABLE_FILE_LOGGING
|
||||
value: "true"
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# IP Tables Firewall Rules for Kubernetes
|
||||
#
|
||||
# Managed By ansible/role/nfc_kubernetes
|
||||
# Managed By ansible/collection/kubernetes
|
||||
#
|
||||
# Dont edit this file directly as it will be overwritten. To grant a host API access
|
||||
# edit the cluster config, adding the hostname/ip to path kubernetes_config.cluster.access
|
||||
@ -31,7 +31,7 @@
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- for kubernetes_host in groups[kubernetes_config.cluster.group_name] -%}
|
||||
{%- for kubernetes_host in groups[kubernetes_config.cluster.group_name | default('me_is_optional')] | default([]) -%}
|
||||
|
||||
{%- set kubernetes_host = hostvars[kubernetes_host].ansible_host -%}
|
||||
|
||||
@ -61,9 +61,9 @@
|
||||
|
||||
{%- if kubernetes_host != '' -%}
|
||||
|
||||
{%- for master_host in groups['kubernetes_master'] -%}
|
||||
{%- for master_host in groups['kubernetes_master'] | default([]) -%}
|
||||
|
||||
{%- if master_host in groups[kubernetes_config.cluster.group_name] -%}
|
||||
{%- if master_host in groups[kubernetes_config.cluster.group_name | default('me_is_optional')] | default([]) -%}
|
||||
|
||||
{%- set master_host = hostvars[master_host].ansible_host -%}
|
||||
|
||||
@ -88,7 +88,7 @@
|
||||
{%- endif -%}
|
||||
|
||||
|
||||
{%- if Kubernetes_Master | default(false) | bool -%}
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
|
||||
{%- if
|
||||
master_host == kubernetes_host
|
||||
@ -149,8 +149,13 @@
|
||||
|
||||
{#- All cluster Hosts -#}
|
||||
|
||||
|
||||
{%- if Kubernetes_Master | default(false) | bool -%}
|
||||
{%- if
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
kubernetes_host not in groups['kubernetes_master']
|
||||
and
|
||||
'-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT' not in data.firewall_rules
|
||||
-%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
@ -162,9 +167,17 @@
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-four -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see IPv6 is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see Installation-manifest-Calico_Cluster.yaml.j2 bgp is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-typha -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
@ -182,7 +195,7 @@
|
||||
|
||||
{%- endfor -%}
|
||||
|
||||
{%- if Kubernetes_Master | default(false) | bool -%}
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
|
||||
{%- if host_external_ip is defined -%}
|
||||
|
||||
@ -6,7 +6,12 @@
|
||||
# Dont edit this file directly as it will be overwritten.
|
||||
#
|
||||
|
||||
{%- if inventory_hostname in groups['kubernetes_master'] -%}
|
||||
{%- if
|
||||
nfc_role_kubernetes_master
|
||||
or
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
-%}
|
||||
|
||||
{%
|
||||
|
||||
set kube_apiserver_arg = [
|
||||
@ -19,31 +24,38 @@
|
||||
-%}
|
||||
{%
|
||||
set servers_config = {
|
||||
"cluster-cidr": KubernetesPodSubnet,
|
||||
"cluster-cidr": nfc_role_kubernetes_pod_subnet,
|
||||
"disable": [
|
||||
"traefik"
|
||||
],
|
||||
"disable-network-policy": true,
|
||||
"etcd-snapshot-retention": kubernetes_etcd_snapshot_retention | int,
|
||||
"etcd-snapshot-schedule-cron": kubernetes_etcd_snapshot_cron_schedule | string,
|
||||
"flannel-backend": "none",
|
||||
"service-cidr": KubernetesServiceSubnet
|
||||
"service-cidr": nfc_role_kubernetes_service_subnet
|
||||
}
|
||||
-%}
|
||||
|
||||
{%- if
|
||||
kubernetes_config.cluster.domain_name is defined
|
||||
and
|
||||
kubernetes_config.cluster.domain_name | default('') != ''
|
||||
-%}
|
||||
{%- if nfc_role_kubernetes_etcd_enabled -%}
|
||||
|
||||
{%- set servers_config = servers_config | combine({
|
||||
"cluster-domain": kubernetes_config.cluster.domain_name
|
||||
"etcd-snapshot-retention": kubernetes_etcd_snapshot_retention | int,
|
||||
"etcd-snapshot-schedule-cron": kubernetes_etcd_snapshot_cron_schedule | string,
|
||||
}) -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- if kubernetes_config.cluster.oidc.enabled | default(false) | bool -%}
|
||||
{%- if
|
||||
kubernetes_config.cluster.domain_name | default(nfc_role_kubernetes_cluster_domain) is defined
|
||||
and
|
||||
kubernetes_config.cluster.domain_name | default(nfc_role_kubernetes_cluster_domain) != ''
|
||||
-%}
|
||||
|
||||
{%- set servers_config = servers_config | combine({
|
||||
"cluster-domain": kubernetes_config.cluster.domain_name | default(nfc_role_kubernetes_cluster_domain)
|
||||
}) -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- if kubernetes_config.cluster.oidc.enabled | default(nfc_role_kubernetes_oidc_enabled) | default(false) | bool -%}
|
||||
|
||||
{%-
|
||||
set kube_apiserver_arg = kube_apiserver_arg + [
|
||||
@ -116,6 +128,16 @@
|
||||
|
||||
{# SoF All Nodes #}
|
||||
|
||||
{%- if inventory_hostname == 'localhost' -%}
|
||||
|
||||
{%- set node_name = hostname_to_check.stdout -%}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
{%- set node_name = inventory_hostname -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%
|
||||
|
||||
set all_nodes_config = {
|
||||
@ -123,13 +145,13 @@
|
||||
"system-reserved=cpu=" + kubelet_arg_system_reserved_cpu + ",memory=" + kubelet_arg_system_reserved_memory +
|
||||
",ephemeral-storage=" + kubelet_arg_system_reserved_storage
|
||||
],
|
||||
"node-name": inventory_hostname,
|
||||
"node-name": node_name,
|
||||
}
|
||||
|
||||
-%}
|
||||
|
||||
|
||||
{%- if groups[kubernetes_config.cluster.group_name] | default([]) | list | length > 0 -%}
|
||||
{%- if groups[kubernetes_config.cluster.group_name | default('make_me_optional')] | default([]) | list | length > 0 -%}
|
||||
|
||||
{%- if k3s_installed.rc == 0 -%}
|
||||
|
||||
@ -137,7 +159,7 @@
|
||||
|
||||
{%- for cluster_node in groups[kubernetes_config.cluster.group_name] -%}
|
||||
|
||||
{%- if cluster_node in groups['kubernetes_master'] -%}
|
||||
{%- if cluster_node in groups['kubernetes_master'] | default([]) -%}
|
||||
|
||||
{%- if hostvars[cluster_node].host_external_ip is defined -%}
|
||||
|
||||
@ -215,7 +237,11 @@
|
||||
{# EoF All Nodes #}
|
||||
|
||||
|
||||
{%- if inventory_hostname in groups['kubernetes_master'] -%}
|
||||
{%- if
|
||||
nfc_role_kubernetes_master
|
||||
or
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
-%}
|
||||
|
||||
{%- set servers_config = servers_config | combine( all_nodes_config ) -%}
|
||||
|
||||
16
roles/nfc_kubernetes/templates/kubevirt-cr.yaml.j2
Normal file
16
roles/nfc_kubernetes/templates/kubevirt-cr.yaml.j2
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: kubevirt.io/v1
|
||||
kind: KubeVirt
|
||||
metadata:
|
||||
name: kubevirt
|
||||
namespace: kubevirt
|
||||
spec:
|
||||
certificateRotateStrategy: {}
|
||||
configuration:
|
||||
developerConfiguration:
|
||||
featureGates: []
|
||||
customizeComponents: {}
|
||||
imagePullPolicy: IfNotPresent
|
||||
workloadUpdateStrategy:
|
||||
workloadUpdateMethods:
|
||||
- LiveMigrate
|
||||
7572
roles/nfc_kubernetes/templates/kubevirt-operator.yaml.j2
Normal file
7572
roles/nfc_kubernetes/templates/kubevirt-operator.yaml.j2
Normal file
File diff suppressed because it is too large
Load Diff
90
roles/nfc_kubernetes/vars/firewall_rules.yaml
Normal file
90
roles/nfc_kubernetes/vars/firewall_rules.yaml
Normal file
@ -0,0 +1,90 @@
|
||||
---
|
||||
|
||||
kubernetes_chains:
|
||||
|
||||
- name: kubernetes-embedded-etcd
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port:
|
||||
- '2379'
|
||||
- '2380'
|
||||
comment: etcd. Servers only
|
||||
when: "{{ nfc_role_kubernetes_etcd_enabled }}"
|
||||
|
||||
- name: kubernetes-api
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '6443'
|
||||
comment: Kubernetes API access. All Cluster hosts and end users
|
||||
|
||||
- name: kubernetes-calico-bgp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '179'
|
||||
comment: Kubernetes Calico BGP. All Cluster hosts and end users
|
||||
when: false # currently hard set to false. see Installation-manifest-Calico_Cluster.yaml.j2
|
||||
|
||||
- name: kubernetes-flannel-vxlan
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '4789'
|
||||
comment: Flannel. All cluster hosts
|
||||
|
||||
- name: kubernetes-kubelet-metrics
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '10250'
|
||||
comment: Kubernetes Metrics. All cluster hosts
|
||||
|
||||
- name: kubernetes-flannel-wg-four
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '51820'
|
||||
comment: Flannel Wiregaurd IPv4. All cluster hosts
|
||||
|
||||
- name: kubernetes-flannel-wg-six
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '51821'
|
||||
comment: Flannel Wiregaurd IPv6. All cluster hosts
|
||||
when: false # ipv6 is disabled. see install.yaml sysctrl
|
||||
|
||||
- name: kubernetes-calico-typha
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '5473'
|
||||
comment: Calico networking with Typha enabled. Typha agent hosts.
|
||||
|
||||
- name: metallb-l2-tcp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '7946'
|
||||
comment: MetalLB Gossip
|
||||
when: "{{ nfc_kubernetes_enable_metallb }}"
|
||||
|
||||
- name: metallb-l2-udp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '7946'
|
||||
comment: MetalLB Gossip
|
||||
when: "{{ nfc_kubernetes_enable_metallb }}"
|
||||
@ -1,303 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "{{ role_name }} Install Software"
|
||||
include_role:
|
||||
name: nfc_common
|
||||
vars:
|
||||
common_gather_facts: false
|
||||
aptSigningKeys:
|
||||
- name: docker
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
save_directory: /usr/share/keyrings
|
||||
file_extension: asc
|
||||
|
||||
- name: kubernetes
|
||||
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||||
save_directory: /usr/share/keyrings
|
||||
file_extension: asc
|
||||
|
||||
aptRepositories:
|
||||
- name: docker
|
||||
repo: deb [arch={{ dynamic_processor_architecture }} signed-by=/usr/share/keyrings/docker.asc] http://download.docker.com/linux/{{ ansible_os_family | lower }} {{ ansible_lsb.codename | lower }} stable
|
||||
- name: kubernetes
|
||||
repo: deb [signed-by=/usr/share/keyrings/kubernetes.asc] http://apt.kubernetes.io/ kubernetes-xenial main
|
||||
|
||||
aptInstall:
|
||||
- name: gnupg2
|
||||
- name: apt-transport-https
|
||||
- name: software-properties-common
|
||||
- name: ca-certificates
|
||||
- name: iptables
|
||||
- name: python3-pip
|
||||
- name: python3-virtualenv
|
||||
|
||||
- name: containerd.io
|
||||
version: "{{ ContainerDioVersion }}"
|
||||
|
||||
- name: kubectl
|
||||
version: "{{ KubernetesVersion }}"
|
||||
- name: kubelet
|
||||
version: "{{ KubernetesVersion }}"
|
||||
- name: kubeadm
|
||||
version: "{{ KubernetesVersion }}"
|
||||
tags:
|
||||
- install
|
||||
|
||||
# containerd.io=1.6.22-1 kubectl=1.26.9-00 kubelet=1.26.9-00 kubeadm=1.26.9-00
|
||||
|
||||
- name: Remove swapfile from /etc/fstab
|
||||
mount:
|
||||
name: "{{ item }}"
|
||||
fstype: swap
|
||||
state: absent
|
||||
with_items:
|
||||
- swap
|
||||
- none
|
||||
when:
|
||||
- ansible_os_family == 'Debian' # ansible_lsb.codename = bullseye, ansible_lsb.major_release = 11
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: Disable swap
|
||||
command: swapoff -a
|
||||
changed_when: true == false
|
||||
when:
|
||||
#- ansible_swaptotal_mb > 0
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: Check an armbian os system
|
||||
stat:
|
||||
path: /etc/default/armbian-zram-config
|
||||
register: armbian_stat_result
|
||||
|
||||
|
||||
- name: Armbian Disable Swap
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
sed -i 's/\# SWAP=false/SWAP=false/g' /etc/default/armbian-zram-config;
|
||||
sed -i 's/ENABLED=true/ENABLED=false/g' /etc/default/armbian-zram-config;
|
||||
args:
|
||||
executable: bash
|
||||
changed_when: false
|
||||
# failed_when: false
|
||||
#notify: RebootHost # doesnt need to reboot as swapoff -a covers the deployment
|
||||
when: armbian_stat_result.stat.exists
|
||||
|
||||
|
||||
- name: Add the overlay module
|
||||
community.general.modprobe:
|
||||
name: overlay
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: Add the br_netfilter module
|
||||
community.general.modprobe:
|
||||
name: br_netfilter
|
||||
state: present
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: check if containerd installed
|
||||
ansible.builtin.shell:
|
||||
cmd: which containerd
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
register: containerd_installed
|
||||
|
||||
|
||||
- name: "Containerd.io Started?"
|
||||
service:
|
||||
name: containerd
|
||||
state: started
|
||||
tags:
|
||||
- configure
|
||||
- install
|
||||
when: >
|
||||
ansible_os_family == 'Debian'
|
||||
and
|
||||
containerd_installed.rc | default(1) | int == 0
|
||||
|
||||
|
||||
- name: containerd load modules config
|
||||
template:
|
||||
src: "etc_module_containerd.conf"
|
||||
dest: /etc/modules-load.d/containerd.conf
|
||||
owner: root
|
||||
mode: 0700
|
||||
notify: "restart ContainerD"
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: Create containerD host directories.
|
||||
become_method: sudo
|
||||
become: yes
|
||||
file:
|
||||
path: /etc/containerd/certs.d/{{ item.name }}
|
||||
state: directory
|
||||
owner: "{{ ansible_user }}"
|
||||
group: "{{ ansible_user }}"
|
||||
mode: 0700
|
||||
with_items: "{{ containerd.repositories }}"
|
||||
tags:
|
||||
- install
|
||||
- containerRegistry
|
||||
|
||||
|
||||
- name: containerD registry host
|
||||
template:
|
||||
src: "containerd-registry-hosts.toml.j2"
|
||||
dest: /etc/containerd/certs.d/{{ item.name }}/hosts.toml
|
||||
owner: root
|
||||
mode: 0700
|
||||
notify: "restart ContainerD"
|
||||
with_items: "{{ containerd.repositories }}"
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
- containerRegistry
|
||||
|
||||
|
||||
- name: containerD default config
|
||||
template:
|
||||
src: "etc_containerd_containerd.toml"
|
||||
dest: /etc/containerd/config.toml
|
||||
owner: root
|
||||
mode: 0700
|
||||
notify: "restart ContainerD"
|
||||
register: containerd_config
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
- containerRegistry
|
||||
|
||||
|
||||
- name: Install required python modules
|
||||
ansible.builtin.pip:
|
||||
name: kubernetes
|
||||
state: forcereinstall
|
||||
#virtualenv: /tmp/venv_ansible
|
||||
when: inventory_hostname != 'op1'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: sysctl net.bridge.bridge-nf-call-ip6tables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-ip6tables
|
||||
value: '1'
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: sysctl net.bridge.bridge-nf-call-iptables
|
||||
sysctl:
|
||||
name: net.bridge.bridge-nf-call-iptables
|
||||
value: '1'
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
- name: sysctl net.ipv4.ip_forward
|
||||
sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: '1'
|
||||
sysctl_set: yes
|
||||
state: present
|
||||
reload: yes
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
# - name: Check if kubernetes has been Initialized
|
||||
# stat:
|
||||
# path: /etc/kubernetes/admin.conf
|
||||
# register: KubernetesInit
|
||||
# when:
|
||||
# - kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
|
||||
|
||||
- name: check if iptables is installed
|
||||
ansible.builtin.shell: |-
|
||||
dpkg -s iptables &> /dev/null
|
||||
changed_when: true == false
|
||||
register: iptables_installed
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
- iptables
|
||||
- firewall
|
||||
|
||||
|
||||
- name: Add kubernetes Firewall Rules - '/etc/iptables-kubernetes.rules'
|
||||
template:
|
||||
src: iptables-kubernetes.rules.j2
|
||||
dest: "/etc/iptables-kubernetes.rules"
|
||||
owner: root
|
||||
mode: 0700
|
||||
force: yes
|
||||
notify: "Apply Firewall Rules"
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- iptables_installed.rc == 0
|
||||
tags:
|
||||
- install
|
||||
- iptables
|
||||
- firewall
|
||||
|
||||
|
||||
- name: File - '/etc/network/if-pre-up.d/firewall-kubernetes'
|
||||
template:
|
||||
src: firewall-kubernetes.j2
|
||||
dest: "/etc/network/if-pre-up.d/firewall-kubernetes"
|
||||
owner: root
|
||||
mode: 0700
|
||||
force: yes
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
- iptables_installed.rc == 0
|
||||
tags:
|
||||
- install
|
||||
- iptables
|
||||
- firewall
|
||||
|
||||
|
||||
- name: Create local workdir
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0700
|
||||
delegate_to: localhost
|
||||
connection: local
|
||||
run_once: true
|
||||
changed_when: true == false
|
||||
with_items:
|
||||
- /tmp/ansible/
|
||||
tags:
|
||||
- always
|
||||
@ -1,29 +0,0 @@
|
||||
---
|
||||
# kubernetes_installed
|
||||
|
||||
- name: K3s Install
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/install.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
not kubernetes_installed | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: K3s Configure
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/configure.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
kubernetes_installed | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
103
tasks/k8s.yaml
103
tasks/k8s.yaml
@ -1,103 +0,0 @@
|
||||
---
|
||||
- name: Common Tasks
|
||||
include_tasks: common.yaml
|
||||
# tags:
|
||||
# - install
|
||||
|
||||
- name: Check if kubernetes has been Initialized
|
||||
stat:
|
||||
path: /etc/kubernetes/admin.conf
|
||||
register: KubernetesInitialized
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: kubernetes prime
|
||||
include_tasks: prime.yaml
|
||||
when: kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
|
||||
|
||||
- name: kubernetes workers
|
||||
include_tasks: workers.yaml
|
||||
when: kubernetes_config.cluster.prime.name != inventory_hostname
|
||||
|
||||
|
||||
- name: Add Kubernetes Node Labels
|
||||
kubernetes.core.k8s:
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Node
|
||||
metadata:
|
||||
name: "{{ inventory_hostname }}"
|
||||
labels:
|
||||
"{{ item | from_yaml_all }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
with_items:
|
||||
- "{{ kubernetes_config.hosts[inventory_hostname].labels }}"
|
||||
when:
|
||||
- ( kubernetes_config.hosts[inventory_hostname].labels is defined and
|
||||
kubernetes_config.hosts[inventory_hostname].labels|default('')|length > 0 )
|
||||
tags:
|
||||
- install
|
||||
- nodelabels
|
||||
|
||||
|
||||
- name: Add Node Taints
|
||||
kubernetes.core.k8s_taint:
|
||||
state: "present"
|
||||
name: "{{ inventory_hostname }}"
|
||||
taints:
|
||||
- "{{ item | from_yaml_all }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
with_items:
|
||||
- "{{ kubernetes_config.hosts[inventory_hostname].taints.present }}"
|
||||
when:
|
||||
- (kubernetes_config.hosts[inventory_hostname].taints.present is defined and
|
||||
kubernetes_config.hosts[inventory_hostname].taints.present|default('')|length > 0 )
|
||||
tags:
|
||||
- install
|
||||
- taints
|
||||
|
||||
|
||||
- name: Remove Node Taints
|
||||
kubernetes.core.k8s_taint:
|
||||
state: "absent"
|
||||
name: "{{ inventory_hostname }}"
|
||||
taints:
|
||||
- "{{ item | from_yaml_all }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
with_items:
|
||||
- "{{ kubernetes_config.hosts[inventory_hostname].taints.absent }}"
|
||||
when:
|
||||
- ( kubernetes_config.hosts[inventory_hostname].taints.absent is defined and
|
||||
kubernetes_config.hosts[inventory_hostname].taints.absent|default('')|length > 0 )
|
||||
tags:
|
||||
- install
|
||||
- taints
|
||||
|
||||
|
||||
|
||||
|
||||
- name: Create Cluster Namespaces
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: "{{ item.name }}"
|
||||
labels:
|
||||
#app.kubernetes.io/version: # App version
|
||||
#app.kubernetes.io/component:
|
||||
#app.kubernetes.io/part-of:
|
||||
app.kubernetes.io/managed-by: Ansible
|
||||
#meta.kubernetes.io/description: "{{ item.description | default('') }}"
|
||||
meta.kubernetes.io/version: "{{ deployment_git_current_short_hash | default('') }}"
|
||||
with_items:
|
||||
- "{{ kubernetes_config.namespaces }}"
|
||||
when:
|
||||
( kubernetes_config.namespaces is defined and
|
||||
kubernetes_config.namespaces | default('') | length > 0 and
|
||||
kubernetes_config.cluster.prime.name == inventory_hostname )
|
||||
tags:
|
||||
- install
|
||||
- namespaces
|
||||
@ -1,38 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Firewall Rules
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_firewall
|
||||
vars:
|
||||
nfc_firewall_enabled_kubernetes: "{{ nfc_kubernetes.enable_firewall | default(false) | bool }}"
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
|
||||
|
||||
# fix, reload firewall `iptables-reloader`
|
||||
- name: Reload iptables
|
||||
ansible.builtin.command:
|
||||
cmd: bash -c /usr/bin/iptables-reloader
|
||||
changed_when: false
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
|
||||
|
||||
- name: K8s Cluster
|
||||
ansible.builtin.include_tasks: k8s.yaml
|
||||
when: kubernetes_type == 'k8s'
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
|
||||
|
||||
- name: K3s Cluster
|
||||
ansible.builtin.include_tasks: k3s.yaml
|
||||
when: kubernetes_type == 'k3s'
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
- operator_calico
|
||||
- operator_migrate_calico
|
||||
146
tasks/prime.yaml
146
tasks/prime.yaml
@ -1,146 +0,0 @@
|
||||
---
|
||||
|
||||
- name: initialize Kubernetes cluster
|
||||
block:
|
||||
- name: Intilizing Kubernetes Cluster
|
||||
#command: kubeadm init --pod-network-cidr "{{ KubernetesPodSubnet }}" --apiserver-advertise-address "{{ ansible_default_ipv4.address }}" --ignore-preflight-errors Mem --cri-socket=unix:///var/run/crio/crio.sock
|
||||
command: kubeadm init --pod-network-cidr "{{ KubernetesPodSubnet }}" --service-cidr "{{ KubernetesServiceSubnet }}" --apiserver-advertise-address "0.0.0.0" --ignore-preflight-errors Mem #--cri-socket=unix:///var/run/containerd/containerd.sock
|
||||
when:
|
||||
- not KubernetesInitialized.stat.exists
|
||||
|
||||
rescue:
|
||||
- name: Reset Kubeadmn
|
||||
ansible.builtin.shell: "{{ item }}"
|
||||
#register: kube_reset
|
||||
failed_when: item.rc != 0
|
||||
with_items:
|
||||
- kubeadm reset --force
|
||||
- rm -Rf /etc/cni/net.d
|
||||
|
||||
|
||||
- name: Check if kubernetes has been Initialized
|
||||
stat:
|
||||
path: /etc/kubernetes/admin.conf
|
||||
register: KubernetesInitialized
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: fetch kubernetes health
|
||||
ansible.builtin.shell: " wget http://localhost:10248/healthz -q -O - || true"
|
||||
register: KubernetesHealth
|
||||
changed_when: true == false
|
||||
when: KubernetesInitialized.stat.exists
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: set kubeernetes health fact
|
||||
set_fact:
|
||||
kube_health: "{{ KubernetesHealth.stdout | default(false) == 'ok' }}"
|
||||
changed_when: true == false
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Create directory for kube config.
|
||||
become_method: sudo
|
||||
become: yes
|
||||
file:
|
||||
#path: /home/{{ ansible_user }}/.kube
|
||||
path: ~/.kube
|
||||
state: directory
|
||||
owner: "{{ ansible_user }}"
|
||||
group: "{{ ansible_user }}"
|
||||
mode: 0700
|
||||
# when: Kubernetes_Master
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Copy Kube config for local user
|
||||
copy:
|
||||
remote_src: yes
|
||||
src: /etc/kubernetes/admin.conf
|
||||
#dest: /home/{{ ansible_user }}/.kube/config
|
||||
dest: ~/.kube/config
|
||||
owner: "{{ ansible_user }}"
|
||||
group: "{{ ansible_user }}"
|
||||
mode: 0700
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Add calico networking.
|
||||
template:
|
||||
src: "calico.yaml.j2"
|
||||
dest: /etc/kubernetes/manifests/calico.yaml
|
||||
owner: root
|
||||
mode: 0744
|
||||
|
||||
|
||||
- name: apply calico manifest
|
||||
command: kubectl apply -f /etc/kubernetes/manifests/calico.yaml
|
||||
tags:
|
||||
- install
|
||||
- manifest
|
||||
|
||||
|
||||
- name: create remote workdir
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0700
|
||||
with_items:
|
||||
- /tmp/ansible/
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Create local workdir
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0700
|
||||
delegate_to: localhost
|
||||
connection: local
|
||||
with_items:
|
||||
- /tmp/ansible/
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: get join command
|
||||
ansible.builtin.shell: kubeadm token create --print-join-command > /tmp/ansible/join_kubernetes.sh
|
||||
changed_when: true == false
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: download join command
|
||||
fetch:
|
||||
src: /tmp/ansible/join_kubernetes.sh
|
||||
dest: /tmp/ansible/
|
||||
flat: yes
|
||||
changed_when: true == false
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
# always:
|
||||
|
||||
# - name: remove remote workdir
|
||||
# file:
|
||||
# path: "{{ item }}"
|
||||
# state: absent
|
||||
# with_items:
|
||||
# - /tmp/ansible/join_kubernetes.sh
|
||||
# changed_when: true == false
|
||||
|
||||
# when:
|
||||
# #- Kubernetes_Prime
|
||||
# #- KubernetesInit.stat.exists
|
||||
# - kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
|
||||
|
||||
|
||||
@ -1,46 +0,0 @@
|
||||
---
|
||||
# - name: configure non-prime nodes - check node health
|
||||
# shell: "curl http://localhost:10248/healthz || true"
|
||||
# register: health
|
||||
# changed_when: true == false
|
||||
|
||||
# - set_fact:
|
||||
# kube_joined: "{{ health.stdout == 'ok' }}"
|
||||
# changed_when: true == false
|
||||
# # when:
|
||||
# # - not Kubernetes_Prime
|
||||
|
||||
- name: configure non-prime nodes - create remote workdir
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0700
|
||||
changed_when: true == false
|
||||
with_items:
|
||||
- /tmp/ansible/
|
||||
|
||||
|
||||
- ansible.builtin.shell: " wget http://localhost:10248/healthz -q -O - || true"
|
||||
register: health
|
||||
changed_when: true == false
|
||||
|
||||
|
||||
- set_fact:
|
||||
kube_joined: "{{ health.stdout == 'ok' }}"
|
||||
changed_when: true == false
|
||||
|
||||
|
||||
- name: get join command from ansible controller
|
||||
copy:
|
||||
src: /tmp/ansible/join_kubernetes.sh
|
||||
dest: /tmp/ansible/join_kubernetes.sh
|
||||
mode: 0700
|
||||
changed_when: true == false
|
||||
when:
|
||||
- not kube_joined
|
||||
|
||||
|
||||
- name: configure non-prime nodes - join node to kubernetes cluster
|
||||
command: sh /tmp/ansible/join_kubernetes.sh
|
||||
when:
|
||||
- not kube_joined
|
||||
@ -1,10 +0,0 @@
|
||||
#
|
||||
# {{ item.name }} Container Registry Configuration
|
||||
# Managed by: Ansible
|
||||
#
|
||||
|
||||
server = "{{ item.server }}"
|
||||
|
||||
[host."{{ item.url }}"]
|
||||
capabilities = {{ item.capabilities | from_yaml_all }}
|
||||
skip_verify = {{ item.skip_verify | default(false) | lower }}
|
||||
@ -1,250 +0,0 @@
|
||||
disabled_plugins = []
|
||||
imports = []
|
||||
oom_score = 0
|
||||
plugin_dir = ""
|
||||
required_plugins = []
|
||||
root = "/var/lib/containerd"
|
||||
state = "/run/containerd"
|
||||
temp = ""
|
||||
version = 2
|
||||
|
||||
[cgroup]
|
||||
path = ""
|
||||
|
||||
[debug]
|
||||
address = ""
|
||||
format = ""
|
||||
gid = 0
|
||||
level = ""
|
||||
uid = 0
|
||||
|
||||
[grpc]
|
||||
address = "/run/containerd/containerd.sock"
|
||||
gid = 0
|
||||
max_recv_message_size = 16777216
|
||||
max_send_message_size = 16777216
|
||||
tcp_address = ""
|
||||
tcp_tls_ca = ""
|
||||
tcp_tls_cert = ""
|
||||
tcp_tls_key = ""
|
||||
uid = 0
|
||||
|
||||
[metrics]
|
||||
address = ""
|
||||
grpc_histogram = false
|
||||
|
||||
[plugins]
|
||||
|
||||
[plugins."io.containerd.gc.v1.scheduler"]
|
||||
deletion_threshold = 0
|
||||
mutation_threshold = 100
|
||||
pause_threshold = 0.02
|
||||
schedule_delay = "0s"
|
||||
startup_delay = "100ms"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
device_ownership_from_security_context = false
|
||||
disable_apparmor = false
|
||||
disable_cgroup = false
|
||||
disable_hugetlb_controller = true
|
||||
disable_proc_mount = false
|
||||
disable_tcp_service = true
|
||||
enable_selinux = false
|
||||
enable_tls_streaming = false
|
||||
enable_unprivileged_icmp = false
|
||||
enable_unprivileged_ports = false
|
||||
ignore_image_defined_volumes = false
|
||||
max_concurrent_downloads = 3
|
||||
max_container_log_line_size = 16384
|
||||
netns_mounts_under_state_dir = false
|
||||
restrict_oom_score_adj = false
|
||||
sandbox_image = "registry.k8s.io/pause:3.6"
|
||||
selinux_category_range = 1024
|
||||
stats_collect_period = 10
|
||||
stream_idle_timeout = "4h0m0s"
|
||||
stream_server_address = "127.0.0.1"
|
||||
stream_server_port = "0"
|
||||
systemd_cgroup = false
|
||||
tolerate_missing_hugetlb_controller = true
|
||||
unset_seccomp_profile = ""
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".cni]
|
||||
bin_dir = "/opt/cni/bin"
|
||||
conf_dir = "/etc/cni/net.d"
|
||||
conf_template = ""
|
||||
ip_pref = ""
|
||||
max_conf_num = 1
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd]
|
||||
default_runtime_name = "runc"
|
||||
disable_snapshot_annotations = true
|
||||
discard_unpacked_layers = false
|
||||
ignore_rdt_not_enabled_errors = false
|
||||
no_pivot = false
|
||||
snapshotter = "overlayfs"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
|
||||
base_runtime_spec = ""
|
||||
cni_conf_dir = ""
|
||||
cni_max_conf_num = 0
|
||||
container_annotations = []
|
||||
pod_annotations = []
|
||||
privileged_without_host_devices = false
|
||||
runtime_engine = ""
|
||||
runtime_path = ""
|
||||
runtime_root = ""
|
||||
runtime_type = ""
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||
base_runtime_spec = ""
|
||||
cni_conf_dir = ""
|
||||
cni_max_conf_num = 0
|
||||
container_annotations = []
|
||||
pod_annotations = []
|
||||
privileged_without_host_devices = false
|
||||
runtime_engine = ""
|
||||
runtime_path = ""
|
||||
runtime_root = ""
|
||||
runtime_type = "io.containerd.runc.v2"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||
BinaryName = ""
|
||||
CriuImagePath = ""
|
||||
CriuPath = ""
|
||||
CriuWorkPath = ""
|
||||
IoGid = 0
|
||||
IoUid = 0
|
||||
NoNewKeyring = false
|
||||
NoPivotRoot = false
|
||||
Root = ""
|
||||
ShimCgroup = ""
|
||||
SystemdCgroup = true
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
|
||||
base_runtime_spec = ""
|
||||
cni_conf_dir = ""
|
||||
cni_max_conf_num = 0
|
||||
container_annotations = []
|
||||
pod_annotations = []
|
||||
privileged_without_host_devices = false
|
||||
runtime_engine = ""
|
||||
runtime_path = ""
|
||||
runtime_root = ""
|
||||
runtime_type = ""
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".image_decryption]
|
||||
key_model = "node"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry]
|
||||
config_path = "/etc/containerd/certs.d"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.auths]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.configs]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.headers]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
|
||||
tls_cert_file = ""
|
||||
tls_key_file = ""
|
||||
|
||||
[plugins."io.containerd.internal.v1.opt"]
|
||||
path = "/opt/containerd"
|
||||
|
||||
[plugins."io.containerd.internal.v1.restart"]
|
||||
interval = "10s"
|
||||
|
||||
[plugins."io.containerd.internal.v1.tracing"]
|
||||
sampling_ratio = 1.0
|
||||
service_name = "containerd"
|
||||
|
||||
[plugins."io.containerd.metadata.v1.bolt"]
|
||||
content_sharing_policy = "shared"
|
||||
|
||||
[plugins."io.containerd.monitor.v1.cgroups"]
|
||||
no_prometheus = false
|
||||
|
||||
[plugins."io.containerd.runtime.v1.linux"]
|
||||
no_shim = false
|
||||
runtime = "runc"
|
||||
runtime_root = ""
|
||||
shim = "containerd-shim"
|
||||
shim_debug = false
|
||||
|
||||
[plugins."io.containerd.runtime.v2.task"]
|
||||
platforms = ["linux/amd64"]
|
||||
sched_core = false
|
||||
|
||||
[plugins."io.containerd.service.v1.diff-service"]
|
||||
default = ["walking"]
|
||||
|
||||
[plugins."io.containerd.service.v1.tasks-service"]
|
||||
rdt_config_file = ""
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.aufs"]
|
||||
root_path = ""
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.btrfs"]
|
||||
root_path = ""
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.devmapper"]
|
||||
async_remove = false
|
||||
base_image_size = ""
|
||||
discard_blocks = false
|
||||
fs_options = ""
|
||||
fs_type = ""
|
||||
pool_name = ""
|
||||
root_path = ""
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.native"]
|
||||
root_path = ""
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.overlayfs"]
|
||||
root_path = ""
|
||||
upperdir_label = false
|
||||
|
||||
[plugins."io.containerd.snapshotter.v1.zfs"]
|
||||
root_path = ""
|
||||
|
||||
[plugins."io.containerd.tracing.processor.v1.otlp"]
|
||||
endpoint = ""
|
||||
insecure = false
|
||||
protocol = ""
|
||||
|
||||
[proxy_plugins]
|
||||
|
||||
[stream_processors]
|
||||
|
||||
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
|
||||
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
|
||||
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
|
||||
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
|
||||
path = "ctd-decoder"
|
||||
returns = "application/vnd.oci.image.layer.v1.tar"
|
||||
|
||||
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
|
||||
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
|
||||
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
|
||||
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
|
||||
path = "ctd-decoder"
|
||||
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
|
||||
|
||||
[timeouts]
|
||||
"io.containerd.timeout.bolt.open" = "0s"
|
||||
"io.containerd.timeout.shim.cleanup" = "5s"
|
||||
"io.containerd.timeout.shim.load" = "5s"
|
||||
"io.containerd.timeout.shim.shutdown" = "3s"
|
||||
"io.containerd.timeout.task.state" = "2s"
|
||||
|
||||
[ttrpc]
|
||||
address = ""
|
||||
gid = 0
|
||||
uid = 0
|
||||
@ -1,2 +0,0 @@
|
||||
overlay
|
||||
br_netfilter
|
||||
Submodule website-template updated: 2bcc17652b...f5a82d3604
Reference in New Issue
Block a user