Compare commits
99 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| aeb1bcc048 | |||
| bcc870a87c | |||
| c2c0a9fe7d | |||
| 1f90af4eac | |||
| a01af004a7 | |||
| e002ff3749 | |||
| ece10c7ee0 | |||
| cbd2ec7ef8 | |||
| 43ddb13bdd | |||
| 310d7a1c48 | |||
| 2ebeb805e8 | |||
| 0d0d1862cc | |||
| b4c06b9f91 | |||
| 3d0dda7277 | |||
| 1a11014420 | |||
| ad55d3e874 | |||
| e0035d88df | |||
| 52c4ee12fa | |||
| b4d5031b0a | |||
| 3cf2a2e169 | |||
| 358891e1cc | |||
| 9fa3b233a9 | |||
| 9ec1ba4c51 | |||
| bb707149f6 | |||
| f622228493 | |||
| 5efd9807f6 | |||
| f09a71ef77 | |||
| 9d9cffb03a | |||
| 50c89c9f00 | |||
| 325b0e51d0 | |||
| 1068223abd | |||
| 241c737647 | |||
| 33a40d0ba9 | |||
| 0ce3ed1245 | |||
| 0097556730 | |||
| 6faee04b39 | |||
| ef8255cca6 | |||
| 725e8dbfec | |||
| c5b9420ed9 | |||
| c5b4add4c7 | |||
| aa3735f271 | |||
| 0ccb121955 | |||
| 98a9e6dcdf | |||
| 7271e28c76 | |||
| 70a350bf56 | |||
| af10814791 | |||
| f139827554 | |||
| 5980123e7a | |||
| 7ef739d063 | |||
| 4d44c01b32 | |||
| c5371b8ff4 | |||
| 7c20146660 | |||
| 6c4616873e | |||
| 3243578951 | |||
| 0fd15f2195 | |||
| 03e48c7031 | |||
| 11756037a3 | |||
| 6498a48e82 | |||
| 053d1f17ec | |||
| 17ff472577 | |||
| ec94414383 | |||
| 1faae0327e | |||
| 17e3318c3c | |||
| 89b5593abf | |||
| 10eae79a74 | |||
| 0be7080089 | |||
| d3666c6825 | |||
| 4af31ff3ac | |||
| 74187c7023 | |||
| 47ac3095b6 | |||
| dd4638bc93 | |||
| 3ed6fd0f4c | |||
| beb1bd2006 | |||
| 4a83550530 | |||
| 7c54b19b64 | |||
| 173c840121 | |||
| f0f5d686fa | |||
| 536c6e7b26 | |||
| a23bc5e9ee | |||
| 5444f583e5 | |||
| b4ad0a4e61 | |||
| c9961973e1 | |||
| 622338e497 | |||
| dec65ed57c | |||
| 71d1dd884e | |||
| 7a077dabe0 | |||
| 16add8a5b8 | |||
| 1bbbdd23c3 | |||
| 9552ed7703 | |||
| 05fc3455da | |||
| 8f81d10168 | |||
| 9cdab3446d | |||
| d522559277 | |||
| 3e4a17437c | |||
| 447bb621cd | |||
| 32c3f7ab71 | |||
| 7e86574684 | |||
| 4d8f2c57d5 | |||
| b063db8dc1 |
11
.cz.yaml
11
.cz.yaml
@ -1,7 +1,8 @@
|
||||
---
|
||||
commitizen:
|
||||
bump_message: "build(version): bump version $current_version \u2192 $new_version"
|
||||
changelog_incremental: false
|
||||
name: cz_conventional_commits
|
||||
tag_format: $major.$minor.$patch$prerelease
|
||||
update_changelog_on_bump: true
|
||||
version: 0.3.0
|
||||
prerelease_offset: 1
|
||||
tag_format: $version
|
||||
update_changelog_on_bump: false
|
||||
version: 1.10.1
|
||||
version_scheme: semver
|
||||
|
||||
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
artifacts/
|
||||
build/
|
||||
test_results/
|
||||
test_results.json
|
||||
*.tar.gz
|
||||
@ -1,24 +1,92 @@
|
||||
---
|
||||
|
||||
variables:
|
||||
ANSIBLE_GALAXY_PACKAGE_NAME: kubernetes
|
||||
MY_PROJECT_ID: "51640029"
|
||||
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/ansible_collection_kubernetes.git"
|
||||
PAGES_ENVIRONMENT_PATH: projects/ansible/collection/kubernetes/
|
||||
RELEASE_ADDITIONAL_ACTIONS_BUMP: ./.gitlab/additional_actions_bump.sh
|
||||
|
||||
|
||||
include:
|
||||
- local: .gitlab/integration_test.gitlab-ci.yml
|
||||
- project: nofusscomputing/projects/gitlab-ci
|
||||
ref: development
|
||||
file:
|
||||
- .gitlab-ci_common.yaml
|
||||
- template/automagic.gitlab-ci.yaml
|
||||
|
||||
variables:
|
||||
MY_PROJECT_ID: "51640029"
|
||||
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/ansible_role_nfc_kubernetes.git"
|
||||
PAGES_ENVIRONMENT_PATH: projects/ansible/roles/kubernetes/
|
||||
- conventional_commits/.gitlab-ci.yml
|
||||
- template/ansible-collection.gitlab-ci.yaml
|
||||
- template/mkdocs-documentation.gitlab-ci.yaml
|
||||
# ToDo: update gitlabCI jobs for collections workflow
|
||||
- git_push_mirror/.gitlab-ci.yml
|
||||
- automation/.gitlab-ci-ansible.yaml
|
||||
|
||||
|
||||
Ansible-roles.Submodule.Deploy:
|
||||
extends: .submodule_update_trigger
|
||||
variables:
|
||||
SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/ansible/ansible-roles
|
||||
GIT_COMMIT_TYPE: feat
|
||||
GIT_COMMIT_TYPE_CATEGORY: $CI_PROJECT_NAME
|
||||
GIT_CONFIG_SUBMODULE_NAME: nfc_kubernetes
|
||||
Build Collection:
|
||||
extends: .ansible_collection_build
|
||||
needs:
|
||||
- job: Ansible Lint
|
||||
optional: true
|
||||
- job: Ansible Lint (galaxy.yml)
|
||||
optional: true
|
||||
|
||||
rules:
|
||||
|
||||
- if: $CI_COMMIT_TAG
|
||||
when: always
|
||||
|
||||
# Needs to run, even by bot as the test results need to be available
|
||||
# - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
|
||||
# when: never
|
||||
|
||||
- if: # Occur on merge
|
||||
$CI_COMMIT_BRANCH
|
||||
&&
|
||||
$CI_PIPELINE_SOURCE == "push"
|
||||
when: always
|
||||
|
||||
# - if:
|
||||
# $CI_COMMIT_BRANCH != "development"
|
||||
# &&
|
||||
# $CI_COMMIT_BRANCH != "master"
|
||||
# &&
|
||||
# $CI_PIPELINE_SOURCE == "push"
|
||||
# when: always
|
||||
|
||||
- when: never
|
||||
|
||||
|
||||
Update Git Submodules:
|
||||
extends: .ansible_playbook_git_submodule
|
||||
|
||||
|
||||
Github (Push --mirror):
|
||||
extends:
|
||||
- .git_push_mirror
|
||||
needs: []
|
||||
|
||||
|
||||
Gitlab Release:
|
||||
extends: .ansible_collection_release
|
||||
needs:
|
||||
- Stage Collection
|
||||
release:
|
||||
tag_name: $CI_COMMIT_TAG
|
||||
description: ./artifacts/release_notes.md
|
||||
name: $CI_COMMIT_TAG
|
||||
assets:
|
||||
links:
|
||||
- name: 'Ansible Galaxy'
|
||||
url: https://galaxy.ansible.com/ui/repo/published/${ANSIBLE_GALAXY_NAMESPACE}/${ANSIBLE_GALAXY_PACKAGE_NAME}/?version=${CI_COMMIT_TAG}
|
||||
|
||||
- name: ${ANSIBLE_GALAXY_NAMESPACE}-${ANSIBLE_GALAXY_PACKAGE_NAME}-${CI_COMMIT_TAG}.tar.gz
|
||||
url: https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/${ANSIBLE_GALAXY_NAMESPACE}-${ANSIBLE_GALAXY_PACKAGE_NAME}-${CI_COMMIT_TAG}.tar.gz
|
||||
link_type: package
|
||||
|
||||
- name: Documentation
|
||||
url: https://nofusscomputing.com/${PAGES_ENVIRONMENT_PATH}
|
||||
milestones:
|
||||
- $CI_MERGE_REQUEST_MILESTONE
|
||||
|
||||
|
||||
Website.Submodule.Deploy:
|
||||
|
||||
3
.gitlab/additional_actions_bump.sh
Normal file
3
.gitlab/additional_actions_bump.sh
Normal file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo "Nothing to do here!!";
|
||||
219
.gitlab/integration_test.gitlab-ci.yml
Normal file
219
.gitlab/integration_test.gitlab-ci.yml
Normal file
@ -0,0 +1,219 @@
|
||||
|
||||
.integration_test:
|
||||
|
||||
stage: test
|
||||
|
||||
needs:
|
||||
- "Build Collection"
|
||||
|
||||
image:
|
||||
name: nofusscomputing/docker-buildx-qemu:dev
|
||||
pull_policy: always
|
||||
|
||||
variables:
|
||||
DOCKER_HOST: tcp://docker:2375/
|
||||
DOCKER_DRIVER: overlay2
|
||||
# GIT_STRATEGY: none
|
||||
|
||||
services:
|
||||
- name: docker:23-dind
|
||||
entrypoint: ["env", "-u", "DOCKER_HOST"]
|
||||
command: ["dockerd-entrypoint.sh"]
|
||||
before_script:
|
||||
- | # start test container
|
||||
docker run -d \
|
||||
--privileged \
|
||||
-v ${PWD}:/workdir \
|
||||
-v ${PWD}/artifacts/galaxy:/collection \
|
||||
--workdir /workdir \
|
||||
--rm \
|
||||
--env "ANSIBLE_FORCE_COLOR=true" \
|
||||
--env "CI_COMMIT_SHA=${CI_COMMIT_SHA}" \
|
||||
--env "ANSIBLE_LOG_PATH=/workdir/ansible.log" \
|
||||
--env "PIP_BREAK_SYSTEM_PACKAGES=1" \
|
||||
--name test_image_${CI_JOB_ID} \
|
||||
nofusscomputing/ansible-docker-os:dev-${test_image}
|
||||
|
||||
- | # enter test container
|
||||
docker exec -i test_image_${CI_JOB_ID} ps aux
|
||||
- docker ps
|
||||
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
|
||||
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
|
||||
- docker exec -i test_image_${CI_JOB_ID} apt update
|
||||
- docker exec -i test_image_${CI_JOB_ID} apt install -y --no-install-recommends python3-pip net-tools dnsutils iptables
|
||||
- |
|
||||
if [ "${test_image}" == 'debian-12' ]; then
|
||||
|
||||
echo "Debian 12":
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} pip install ansible-core --break-system-packages;
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} mkdir -p /etc/iptables;
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} touch /etc/iptables/rules.v6;
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} update-alternatives --set iptables /usr/sbin/iptables-legacy;
|
||||
|
||||
else
|
||||
|
||||
echo " Not Debian 12":
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} pip install ansible-core;
|
||||
|
||||
fi
|
||||
|
||||
- docker exec -i test_image_${CI_JOB_ID} cat /etc/hosts
|
||||
- docker exec -i test_image_${CI_JOB_ID} cat /etc/resolv.conf
|
||||
- | # check if DNS working
|
||||
docker exec -i test_image_${CI_JOB_ID} nslookup google.com
|
||||
script:
|
||||
- | # inside container?
|
||||
docker exec -i test_image_${CI_JOB_ID} ls -l /collection;
|
||||
docker exec -i test_image_${CI_JOB_ID} echo $PWD;
|
||||
|
||||
- | # Show Network Interfaces
|
||||
docker exec -i test_image_${CI_JOB_ID} ifconfig;
|
||||
|
||||
- | # Install the collection
|
||||
docker exec -i test_image_${CI_JOB_ID} bash -c 'ansible-galaxy collection install $(ls /collection/*.tar.gz)'
|
||||
|
||||
- | # output ansible vars
|
||||
docker exec -i test_image_${CI_JOB_ID} ansible -m setup localhost
|
||||
|
||||
- | # run the collection
|
||||
docker exec -i test_image_${CI_JOB_ID} \
|
||||
${test_command} \
|
||||
--extra-vars "nfc_role_firewall_policy_input=ACCEPT" \
|
||||
--extra-vars "nfc_role_firewall_policy_forward=ACCEPT" \
|
||||
-vv
|
||||
|
||||
- | # Create test.yaml
|
||||
mkdir -p test_results;
|
||||
cat <<EOF > test_results/${test_image}.json
|
||||
{
|
||||
"$( echo ${test_image} | sed -e 's/\./_/')": "Pass"
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
after_script:
|
||||
- | # Create test.yaml if not exists
|
||||
if [ ! -f test_results/${test_image}.json ]; then
|
||||
|
||||
echo "[TRACE] Test has failed"
|
||||
|
||||
mkdir -p test_results;
|
||||
|
||||
cat <<EOF > test_results/${test_image}.json
|
||||
{
|
||||
"$( echo ${test_image} | sed -e 's/\./_/')": "Fail"
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
- | # Run trace script for debugging
|
||||
chmod +x ./.gitlab/integration_test_trace.sh;
|
||||
|
||||
./.gitlab/integration_test_trace.sh;
|
||||
|
||||
artifacts:
|
||||
untracked: false
|
||||
paths:
|
||||
- ansible.log
|
||||
- test_results/*
|
||||
when: always
|
||||
|
||||
rules:
|
||||
|
||||
- if: $CI_COMMIT_TAG
|
||||
allow_failure: true
|
||||
when: on_success
|
||||
|
||||
# Needs to run, even by bot as the test results need to be available
|
||||
# - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
|
||||
# when: never
|
||||
|
||||
- if: # Occur on merge
|
||||
$CI_COMMIT_BRANCH
|
||||
&&
|
||||
$CI_PIPELINE_SOURCE == "push"
|
||||
allow_failure: true
|
||||
when: on_success
|
||||
|
||||
# - if:
|
||||
# $CI_COMMIT_BRANCH != "development"
|
||||
# &&
|
||||
# $CI_COMMIT_BRANCH != "master"
|
||||
# &&
|
||||
# $CI_PIPELINE_SOURCE == "push"
|
||||
# allow_failure: true
|
||||
# when: always
|
||||
|
||||
- when: never
|
||||
|
||||
|
||||
|
||||
Playbook - Install:
|
||||
extends: .integration_test
|
||||
parallel:
|
||||
matrix:
|
||||
- test_image: debian-11
|
||||
test_command: ansible-playbook nofusscomputing.kubernetes.install
|
||||
- test_image: debian-12
|
||||
test_command: ansible-playbook nofusscomputing.kubernetes.install
|
||||
- test_image: ubuntu-20.04
|
||||
test_command: ansible-playbook nofusscomputing.kubernetes.install
|
||||
- test_image: ubuntu-22.04
|
||||
test_command: ansible-playbook nofusscomputing.kubernetes.install
|
||||
|
||||
|
||||
|
||||
test_results:
|
||||
stage: test
|
||||
|
||||
extends: .ansible_playbook
|
||||
|
||||
variables:
|
||||
ansible_playbook: .gitlab/test_results.yaml
|
||||
ANSIBLE_PLAYBOOK_DIR: $CI_PROJECT_DIR
|
||||
|
||||
needs:
|
||||
- Playbook - Install
|
||||
|
||||
artifacts:
|
||||
untracked: false
|
||||
when: always
|
||||
access: all
|
||||
expire_in: "3 days"
|
||||
paths:
|
||||
- test_results.json
|
||||
|
||||
rules:
|
||||
|
||||
- if: $CI_COMMIT_TAG
|
||||
allow_failure: true
|
||||
when: on_success
|
||||
|
||||
# Needs to run, even by bot as the test results need to be available
|
||||
# - if: "$CI_COMMIT_AUTHOR =='nfc_bot <helpdesk@nofusscomputing.com>'"
|
||||
# when: never
|
||||
|
||||
- if: # Occur on merge
|
||||
$CI_COMMIT_BRANCH
|
||||
&&
|
||||
$CI_PIPELINE_SOURCE == "push"
|
||||
allow_failure: true
|
||||
when: on_success
|
||||
|
||||
# - if:
|
||||
# $CI_COMMIT_BRANCH != "development"
|
||||
# &&
|
||||
# $CI_COMMIT_BRANCH != "master"
|
||||
# &&
|
||||
# $CI_PIPELINE_SOURCE == "push"
|
||||
# allow_failure: true
|
||||
# when: always
|
||||
|
||||
- when: never
|
||||
42
.gitlab/integration_test_trace.sh
Normal file
42
.gitlab/integration_test_trace.sh
Normal file
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
|
||||
# colour ref: https://stackoverflow.com/a/28938235
|
||||
|
||||
NC='\033[0m' # Text Reset
|
||||
|
||||
# Regular Colors
|
||||
Black='\033[0;30m' # Black
|
||||
Red='\033[0;31m' # Red
|
||||
Green='\033[0;32m' # Green
|
||||
Yellow='\033[0;33m' # Yellow
|
||||
Blue='\033[0;34m' # Blue
|
||||
Purple='\033[0;35m' # Purple
|
||||
Cyan='\033[0;36m' # Cyan
|
||||
|
||||
|
||||
cmd() {
|
||||
|
||||
echo -e "${Yellow}[TRACE] ${Green}executing ${Cyan}'$1'${NC}"
|
||||
|
||||
docker exec -i test_image_${CI_JOB_ID} $1 || true
|
||||
|
||||
}
|
||||
|
||||
|
||||
cmd "journalctl -xeu netfilter-persistent.service";
|
||||
|
||||
cmd "journalctl -xeu iptables.service"
|
||||
|
||||
cmd "journalctl -xeu k3s.service"
|
||||
|
||||
cmd "systemctl status netfilter-persistent.service"
|
||||
|
||||
cmd "systemctl status iptables.service"
|
||||
|
||||
cmd "systemctl status k3s.service"
|
||||
|
||||
cmd "kubectl get po -A -o wide"
|
||||
|
||||
cmd "kubectl get no -o wide"
|
||||
|
||||
cmd "iptables -nvL --line-numbers"
|
||||
22
.gitlab/merge_request_templates/default.md
Normal file
22
.gitlab/merge_request_templates/default.md
Normal file
@ -0,0 +1,22 @@
|
||||
### :books: Summary
|
||||
<!-- your summary here emojis ref: https://github.com/yodamad/gitlab-emoji -->
|
||||
|
||||
|
||||
|
||||
### :link: Links / References
|
||||
<!-- using a list as any links to other references or links as required. if relevent, describe the link/reference -->
|
||||
|
||||
|
||||
### :construction_worker: Tasks
|
||||
|
||||
- [ ] Add your tasks here if required (delete)
|
||||
|
||||
<!-- dont remove tasks below strike through including the checkbox by enclosing in double tidle '~~' -->
|
||||
|
||||
- [ ] Playbook Update
|
||||
|
||||
This collection has a [corresponding playbook](https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks/-/blob/development/role.yaml) that may need to be updated (Ansible Role), specifically [Role Validation](https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks/-/blob/development/tasks/role/validation/nfc_kubernetes.yaml).
|
||||
|
||||
- [ ] NetBox Rendered Config Update
|
||||
|
||||
This Collection has a [NetBox Rendered Config template](https://gitlab.com/nofusscomputing/infrastructure/configuration-management/netbox/-/blob/development/templates/cluster.json.j2) that may need to be updated. Specifically Section `cluster.type == 'kubernetes'`
|
||||
19
.gitlab/test_results.yaml
Normal file
19
.gitlab/test_results.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
- name: Create Test Results File
|
||||
hosts: localhost
|
||||
gather_facts: false
|
||||
|
||||
|
||||
tasks:
|
||||
|
||||
|
||||
- name: Load Test Results
|
||||
ansible.builtin.include_vars:
|
||||
dir: ../test_results
|
||||
name: test_results
|
||||
|
||||
- name: Create Results file
|
||||
ansible.builtin.copy:
|
||||
content: "{{ (test_results) | to_nice_json }}"
|
||||
dest: ../test_results.json
|
||||
15
.vscode/settings.json
vendored
Normal file
15
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/tasks": [
|
||||
"roles/nfc_kubernetes/tasks/*.yaml",
|
||||
"roles/nfc_kubernetes/tasks/*/*.yaml",
|
||||
"roles/nfc_kubernetes/tasks/*/*/*.yaml"
|
||||
],
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/vars.json": [
|
||||
"roles/nfc_kubernetes/variables/**.yaml"
|
||||
],
|
||||
"https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/playbook": ".gitlab/test_results.yaml"
|
||||
},
|
||||
"gitlab.aiAssistedCodeSuggestions.enabled": false,
|
||||
"gitlab.duoChat.enabled": false,
|
||||
}
|
||||
202
CHANGELOG.md
202
CHANGELOG.md
@ -1,195 +1,85 @@
|
||||
## 0.3.0 (2024-03-13)
|
||||
## 1.10.1 (2024-05-03)
|
||||
|
||||
### Bug Fixes
|
||||
### Fix
|
||||
|
||||
- [cb5a5697](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/cb5a5697c11a9420be51292ca0db8370b512ea25) - remove depreciated worker var [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **configure**: [83ddfd4f](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/83ddfd4fbf54fa3febca5d3c8f740be4c5ed74b0) - if firewall rules dir does not exist, dont add firewall rules [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **install**: [c7a3e617](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7a3e617f00b36d74a6d7183d48a0e61198b5081) - installed check is different for master/slave [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **nfc_kubernetes**: set default for var so when clause doesn't fail task with undefined var
|
||||
|
||||
### Code Refactor
|
||||
## 1.10.0 (2024-05-03)
|
||||
|
||||
- [826468fc](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/826468fc42182ceca50fe7be3f9cc49532136e35) - image var update for calico [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
### Feat
|
||||
|
||||
### Documentaton / Guides
|
||||
- **nfc_kubernetes**: new variable 'nfc_role_kubernetes_node_prime' to denote the hostname of the prime node
|
||||
|
||||
- [6a10eb22](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/6a10eb22ccc0a8531858e67c8de030d80e7fc303) - update index [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- [aca7e557](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/aca7e557a6a7394af581e7ca0f73d632f947ff68) - update latest feat changes [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
### Fix
|
||||
|
||||
### Features
|
||||
- **nfc_kubernetes**: correct 'Create Required directories' when logic
|
||||
- **nfc_kubernetes**: only run tasks on master nodes
|
||||
- **nfc_kubernetes**: only run tasks on prime node
|
||||
- **nfc_kubernetes**: ensure correct node type selection for installation
|
||||
|
||||
- [164b59c1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/164b59c100977c3cbac860b8239daca893bdc5e5) - remove old var and update kube version [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- [29a9e696](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/29a9e696a9d4734e1e60925a3f7d54a47c3b5127) - install helm binary [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- [43c6c940](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/43c6c940a1c03806681e137c7178ffb26476369a) - disable node ipv6 support [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **kubevirt**: [9d5a0783](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9d5a0783203f22bbb95bd242424e20e6abc27a29) - install virtctl plugin [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **kubevirt**: [2b041c1c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/2b041c1cca854ac018f65b1de02aa56ca774043c) - optionally specify which nodes within a cluster to install kubeviirt [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **kubevirt**: [af265594](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/af265594851542b00e3e09449e25d5fa1aca79b4) - Default to live migration for update strategy [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- [c7a5c7c7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7a5c7c7e37ea11be19dfa6f6b1a04e6b5974192) - Optionally Install KubeVirt [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **install**: [f1d20aac](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f1d20aac806be2d3fb267ff4b0366f7852b698c3) - dont allow installation to continue if the hostname does not match inventory_hostname [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **variables**: [3b760db6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3b760db6e76a41bdf26a4770c80d0a54898d2873) - remove depreciated variables [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **install**: [967829d9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/967829d9e42debc5a97d105d31ab449baebc1b76) - etcd deployment now optional [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- [56ac6eb3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/56ac6eb3b4baea7e49fd234250e31736f2f624f9) - By default conduct single node install [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **install**: [283568f7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/283568f72a6ee625c5453c91efdece13cb106cb3) - OLM install now optional default=false [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
- **k8s**: [21d0dbef](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/21d0dbefa95f70e3b97c4eb10db1cc1b051a8c1c) - remove k8s cluster install [ [!35](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/35) ]
|
||||
### Refactor
|
||||
|
||||
## 0.2.0 (2024-02-03)
|
||||
- **nfc_kubernetes**: remove usage of prime node name over is_prime var
|
||||
|
||||
### Bug Fixes
|
||||
## 1.9.0 (2024-05-03)
|
||||
|
||||
- **config**: [623d1781](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/623d1781960afa81ac62dc4479f52297eb75b721) - set external ip if set or node ip if not set [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **install**: [506385f3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/506385f3d84c9b419f9ae3ad6ec5e3424c922a3f) - don't attempt to reinstall the cluster if already installed [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **prime_install**: [ccf5c03a](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ccf5c03a4c55d626ed3bf009d9111aac823ef51c) - requires cluster init for prime install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **install**: [bed1bf30](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/bed1bf30957f050b2748c2282b123400533c29ee) - only configure network manager if installed [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [9cdc89b1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9cdc89b1ec3961f93d0c656f0b6ef2beae0336a7) - always install and configure regardless of tags [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **common**: [5edfdf4f](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5edfdf4faf71ebccd0d5890e70ef0d9a566ae6f6) - don't run soe task on software install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **new_cluster**: [5ffbd78e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5ffbd78e2b34288d8d93efda1e30ad662653fbfd) - correct config for new cluster install [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **node_restart**: [c6ff60bb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c6ff60bb14f8a0820b97d8e5e988fe8da65e7f35) - use correct variables [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **restart_k3s**: [aa2d858e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/aa2d858ede6a426ce0e4885260275b5be1207abe) - use correct group var [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **token_fetch**: [88d57588](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/88d57588fcecbd10d1e058a26711d32e0371b38c) - only fetch token after prime installed [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **handler**: [26120c3e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26120c3e9846c11c45f5c8d2257cf29e63be86a6) - kubernetes restart when clause corrected [ [!15](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/15) [#16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/16) [#21](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/21) [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **audit_log**: [ea38ddf2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ea38ddf22b6e2c6ceda4c1cccb31f3fad126b058) - max age not backup [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **config**: [56bb4557](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/56bb4557b523b24c27ce9c8f2e998f06f768e2c2) - ensure server var is list not csv string [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **handler**: [0fb5e276](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0fb5e27612cc18dcf8027c8e65cac11a9ca607bc) - restart kubernetes implementation was flawed [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) ]
|
||||
- **config**: [301ed9ad](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/301ed9ad3fc269f5b0fd625c30da53e714a70e80) - ensure join token is included in config [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **multi-master**: [4ce5f372](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4ce5f3722365d9584ac7da29a9903d7d8d71f414) - ensure that all master nodes are added during config [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **play**: [86af4606](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/86af4606d76fc007dfdfaa9d84037d8b225ab35d) - k3s download task doen't require content returned [ [!11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/11) ]
|
||||
- **k3s_multi_master**: [c41e1254](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c41e12544b4eff2ce9e62e2209c5b402f7b5a71f) - adjusted config so multi-master install works [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **olm**: [915cdf5e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/915cdf5e1e279a357f4664cc1d0c6dd5d1374c71) - dont fail if already installed [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **cluster_encryption**: [f0cf4cd0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f0cf4cd00ce5184ab5c242059ccd5c8a072c50a5) - use correct variable path to check if required [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **firewall**: [ed1a1acf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ed1a1acf7ece02c2adb2d226f249e84ee0c2016e) - if host value enpty, don't create rule [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **kubelet_args**: [59a5e0aa](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59a5e0aacf8dd1c61ae4d4e6b8aa4a5b3cde3e6a) - ensure correct indentation for kubelet args [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **node_labels**: [20dae6ba](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/20dae6ba4d569eb55479dbe291fb578f48af4029) - ensure correct indentation for label list [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [fac3ace5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/fac3ace5f5907946b5f9b82ad94b07e97fece7c9) - ensure config option servicelb-namespace only deployed to prime node [ [!8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/8) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
### Feat
|
||||
|
||||
### Code Refactor
|
||||
- **nfc_kubernetes**: add debug out to k3s download on failure
|
||||
|
||||
- **config**: [b350b2e1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b350b2e188cc9b3274d7b04cd3f2dcce8e4cf505) - use jinja to construct data then pretty print it [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [478e4ccf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/478e4ccfa51746e9e34ed9bdc30b8ab2142624e1) - dont show changes for prep work [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **tasks**: [c04b12a7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c04b12a714a998dbe50256fb4f7f0c7f54f56536) - ensure module FQCN is used [ [!15](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/15) [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **node_labels**: [58a95e67](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/58a95e6781c5f16e0453409c9e58c55d6aa41312) - removed from config.yaml and set to be a manifest on prime node [ [!10](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/10) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [1a0407a9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/1a0407a901408caf35d254a6de4a90dadf63769a) - only populate cluster-domain if defined [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
### Fix
|
||||
|
||||
### Continious Integration
|
||||
- **nfc_kubernetes**: cast url var as list
|
||||
- **nfc_kubernetes**: correct url build to loop through all cpu arch
|
||||
|
||||
- [7a017c4e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7a017c4e2916034dceda51e07cf3f09c7bbf1a2f) - add documentation deployment [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
## 1.8.0 (2024-05-02)
|
||||
|
||||
### Documentaton / Guides
|
||||
### Feat
|
||||
|
||||
- [3004f998](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3004f998bf95345af90569d5e6741a52f102bf2a) - add release notes [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [6d974083](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/6d974083cf923df6f06fa2a26983b129deac45e0) - fix github badges links [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [b2f9e5d3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b2f9e5d3caf99bf32ca040fd6f0d902309946beb) - update [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- [3198b5d2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3198b5d2f9c06bb119d8549eca16bf1c9cd29607) - added recently configurable items [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
- **nfc_kubernetes**: build url and on use cast as string
|
||||
|
||||
### Features
|
||||
## 1.7.2 (2024-04-25)
|
||||
|
||||
- **calico**: [abb7042c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/abb7042cbd415ee9692911a5324355a424c70239) - turn bpf off [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **calico**: [a45fe0c9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a45fe0c9f96f8c4b0571829c3a39edb189d12a5e) - set tolerations for typha "CriticalAddonsOnly" [ [!23](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/23) ]
|
||||
- **config**: [45863ecf](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/45863ecff37480d9c45a12efa714c3856eb59f21) - for server self. use internal ip to connect instead of external [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **config**: [b43e1dbb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b43e1dbb80c5edcd1fc18f9674f1fcd0ee4ec00d) - dont set external-ip if it matches node-ip [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **config**: [efba1ff6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/efba1ff6c74a5e57f98f2a9d78a765212f6795df) - set value `node-ip` [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico**: [2e136ee0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/2e136ee08838d16e7695da469bb55e796c7089b1) - use vxlan instead of ipip [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **olm**: [384ef924](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/384ef924ca7a3de51db16b84790e2b3842a7c83c) - uninstall olm if tag `olm_uninstall` specified [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico**: [54f9ec0c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/54f9ec0c950825b0a81fe4b19efe5e8ddc41f88c) - add job tag calico_manifest to enable rollback [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **cni**: [26c0ab12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26c0ab123628898096cf7767298dd16684db173f) - enable eBPF [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **metallb**: [be1ddecc](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/be1ddecc33925f39c860e9d0177eb3bc79941ba6) - MetalLB Installable instead of ServiceLB [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [79d89b3b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/79d89b3b3a094bbea10448c23a979807be7644fb) - once installed or new cluster always run calico operator deploy [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [8d8ba095](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8d8ba0951e173536ae4b3cc708f56c507a349942) - install before prime check as networking is required [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **firewall**: [8919486b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8919486b6b83b3429b30936318e7be8bbff158d3) - add required rules for calico operator [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [5925a26c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5925a26c608d497dc09b4e9cecb1a13b5be5f849) - store ansible manifests on node [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **calico_operator**: [f48f6454](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f48f645468f82c2c7c9aa62c86e66d52fee9002d) - deploy the operator to configure calico cni [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) [#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3) ]
|
||||
- **networ_manager**: [7049c57b](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7049c57bd062a277236fb93c8e3eff4b34e271ac) - setup calico interfaces as unmanaged [ [!17](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/17) ]
|
||||
- **install**: [e1220b0d](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/e1220b0dac4129169445c30f1e9867cbe5ceff5d) - enable k3s module metrics-server [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **olm**: [681b52b3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/681b52b31a654040cd5e2c23a52f2b8631b3085b) - dont install by default [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [60f7c2d6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60f7c2d6b6de0cbda1b43f08060f87fe2e1dc6ed) - disable vxlan [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [a54fbe26](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a54fbe26f372e2c5cccfc193b71f007ae2e441c9) - use vxlan overlay [ [!16](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/16) ]
|
||||
- **calico**: [0bdd5c66](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0bdd5c66c262d9afc0226a8e201170b0b9188ea3) - IP AUTO-detection set to kubernetes-internal-ip [ [!14](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/14) ]
|
||||
- [74cc2079](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/74cc20794764bb2e1b042ceb641b0e515703884a) - feature gate added to prevent restart of kubernetes service [ [!14](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/14) [!13](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/13) ]
|
||||
- **node**: [c28f0b8e](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c28f0b8ee301e1c76553476a0808b45efa417bd9) - ability to configure node taints [ [!13](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/13) [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
- **config**: [4a41f7e3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4a41f7e348d00b91a39160aaa9d8c1cd8e338cb4) - set node name to inventory_hostname [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) ]
|
||||
- **firewall**: [a31837c8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/a31837c803902e6bcfd80704286c62ec9536e422) - add vxlan rules [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **audit_logs**: [73691631](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7369163195a06dac4f07a01bd84db64867480561) - keep two days by default [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **firewall**: [59699afb](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59699afb4402b518c9bd2103384affd382761ea2) - allow hosts external IP [ [!12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/12) ]
|
||||
- **olm**: [021e54f3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/021e54f32864bfb2dff4933d3053aa50a6f20000) - install olm operator [ [!9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/9) [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [c7cd1da4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7cd1da4312092c5afe7b093d39471488100ab1c) - support setting node labels [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- **config**: [cdc06363](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/cdc06363aad63a72cb7287596f4f340b25226f54) - support setting the service [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- **config**: [34432433](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/34432433f3127763d1def38d479b869e1a84d6c8) - support setting the cluster domain [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#12](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/12) ]
|
||||
- [21cef1f4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/21cef1f4c32777245b56edb232cc0528dacb94db) - enable installation for arm64 architectures [ [!7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/7) [#11](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/11) [!29](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/29) [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
### Fix
|
||||
|
||||
## 0.2.0rc1 (2023-11-06)
|
||||
- **nfc_kubernetes**: adjust some tasks to run during checkmode
|
||||
|
||||
### Bug Fixes
|
||||
## 1.7.1 (2024-04-24)
|
||||
|
||||
- **config**: [f09737b2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/f09737b21f1bac4d505207136e9505c83140b4cf) - typo in config template [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **rbac**: [6ab17bdc](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/6ab17bdc3c660e704ce7319a21a517f38907a541) - authorization:namespace:owner ns owner not to remove cluster resources [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **container_registries**: [9936cd44](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9936cd449911a0e9612309690fbca82e8565c2b3) - these are optional, dont attempt to configure if non specified [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **config**: [5278a499](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/5278a4996e0370bbe14ba08189879c19f6b1f983) - server attribute not required for prime master node [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
### Fix
|
||||
|
||||
### Documentaton / Guides
|
||||
- add role readme
|
||||
|
||||
- [0acc7a3c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0acc7a3cc2b93f94fc92839e34dec02cfe4d5ec2) - added note on config for system resources [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) [#7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/7) ]
|
||||
## 1.7.0 (2024-04-24)
|
||||
|
||||
### Features
|
||||
### Feat
|
||||
|
||||
- **rbac**: [59f50d53](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/59f50d53df4e28ef114d734f652cb25d396a381d) - new cluster role and binding ingress-admin [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **config**: [d2081284](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/d2081284d1d526a57a34082f5ad944dc12671750) - configurabl system reserved cpu,memory,storage [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **install**: [42ac18e0](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/42ac18e05768e61f0d960fb3afe2482431bd5fce) - disable swap [ [!6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/6) ]
|
||||
- **kubernetes_netbox**: custom field bug work around
|
||||
|
||||
## 0.2.0rc0 (2023-11-02)
|
||||
### Fix
|
||||
|
||||
### Bug Fixes
|
||||
- **nfc_kubernetes**: ensure install tasks run when job_tags specified
|
||||
- **facts**: gather required facts if not already available
|
||||
|
||||
- **firewall**: [9c420475](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9c4204751e00c6d8a36c0fcb1ff66f0a87ba574e) - use correct chain name [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **firewall**: [ba59dd30](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/ba59dd305728b15801aca3aef81ea8aa35e5d402) - correct rules so that kubernetes hosts are added to firewall allowed hosts [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **wireguard**: [4a9d9839](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4a9d98394e3fd327a0f681e42b5415e25520cff4) - install before k3s [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **templates**: [89b65732](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/89b65732478883a5ccc29c9100c30840bf08d55e) - add clause to filter for prime master only [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [b77cc6a8](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b77cc6a8e902739f43519d4e9a0c0dcfca0cc30f) - install prime then wait till ready before install other nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [26f1f2ef](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/26f1f2efe63b47f7ab569f99aa0c1b5f28ff461b) - server install to use version variables [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **configure**: [db515d2c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/db515d2c1d921950c034911fad6622f969232895) - move required config files to install portion [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **config**: [1b62a666](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/1b62a6663285b6c62323ca387ba176cc9d7eff74) - cluster-init only required for master nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
## 1.6.0 (2024-03-29)
|
||||
|
||||
### Code Refactor
|
||||
### Feat
|
||||
|
||||
- [4d9f9dcd](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4d9f9dcdff5d07bb9f0722ddc22ff061ffa24f20) - use kubernetes_config for cluster config [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **template**: [50f48ab5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/50f48ab5a1a5983ed7465fefda7119df5d4fff96) - config.yaml rearranged orderd, and updated for kube role [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **install**: [4465bcd2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4465bcd2c4f4a94cacd0f35025d63f4f858ee58d) - clean wait for k3s to be ready [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) ]
|
||||
- **test**: add integration test. playbook install
|
||||
- add retry=3 delay=10 secs to all ansible url modules
|
||||
|
||||
### Features
|
||||
### Fix
|
||||
|
||||
- **install**: [c7907bf5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c7907bf585d182b5e68d241428dd69d7c1af1be7) - install additional master nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **install**: [fd547a4c](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/fd547a4c0fbfa34fca6ec6860d294c1713594e41) - install worker nodes [ [!5](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/5) [#2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/2) ]
|
||||
- **install**: [76e48fd9](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/76e48fd965b9113d7aa69679524bc119f45db6ac) - wait for cluster to be ready before continuing [ [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **config**: [abc01ce4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/abc01ce48cbd586dfec067b3fcdbca0d204843d4) - enable configering etc cron and retention [ [!4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/4) ]
|
||||
- **docs**: use correct badge query url
|
||||
|
||||
## 0.1.0 (2023-10-29)
|
||||
### Refactor
|
||||
|
||||
### Bug Fixes
|
||||
- **galaxy**: for dependent collections prefix with `>=` so as to not cause version lock
|
||||
|
||||
- **k3s**: [9ac52ee1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/9ac52ee165fd364c7091ab3f1e14df365270f532) - use correct variables in conditional clauses [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [8272b250](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/8272b2507b298ccec05e6dbaa2a526b5136b8d2d) - uncommented hash tasks as they are required [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- **install**: [57d268ec](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/57d268ec3cd990ea21979cbafe7421a0af04ea91) - config files only required for prime master [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- **install**: [0f4a02ca](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/0f4a02cadd24dc1890e57bba5266f17dd44e9766) - restructure and uncommented install steps [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [49087753](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/4908775367a657867878111ad7e8a75e5203e492) - dont flush handlers [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
## 1.5.0 (2024-03-21)
|
||||
|
||||
### Code Refactor
|
||||
### Feat
|
||||
|
||||
- [93897ea7](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/93897ea7d5d8e11725aa1c285fac64388215d00b) - moved config file deploy to be part of install tasks [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- **collection**: nofusscomputing.firewall update 1.0.1 -> 1.1.0
|
||||
|
||||
### Continious Integration
|
||||
|
||||
- [55d5c5d6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/55d5c5d6943a0794bd73f8701667e85dd653c5ea) - add initial jobs [ [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
|
||||
### Documentaton / Guides
|
||||
|
||||
- [779be020](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/779be0200e71956a3125332d57ac6e0dc7a4914a) - add to feature list openid [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) ]
|
||||
- [c3843dde](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/c3843ddef0a6d4f885a989675b79ac5861e21138) - role workflow [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [b69d5b8a](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b69d5b8a358e6b024b0afda819af0082c0b87a48) - feature list [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [60392a56](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60392a565c53010faca6c6eda15d2c386133a8f7) - restructure for seperate role index and ansible setup [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [bbfbbedd](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/bbfbbedd11ea5b1fde199899b70cd87119e3a989) - initial docs for rbac [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [3e785d7d](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/3e785d7db158e41744ad19c4fcab1c11aa23823f) - added other projects to blurb [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [7abfb703](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/7abfb70320419ab1e98666a16453bb1b0a48426e) - Ansible setup [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#4](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/4) ]
|
||||
- [b588b038](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/b588b0383d3e353a8e487d06b787aed2e28de2d8) - added docs layout [ [!1](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/1) ]
|
||||
|
||||
### Features
|
||||
|
||||
- **networking**: [60fd25df](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/commit/60fd25df8ec897e74c164d9cc0e49ed07d002d0e) - install and configure wireguard encryption [ [!2](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests/2) [#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3) ]
|
||||
|
||||
## 0.0.1 (2023-10-28)
|
||||
## 1.4.0 (2024-03-20)
|
||||
|
||||
@ -15,10 +15,10 @@ Some components within this role are sourced from a remote source. To update the
|
||||
|
||||
export KUBEVIRT_RELEASE='<kubevirt release i.e. v1.2.0>'
|
||||
|
||||
# From within the templates directory
|
||||
# From within roles/nfc_kubernetes/templates directory
|
||||
wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-operator.yaml -O kubevirt-operator.yaml.j2
|
||||
|
||||
# From within the templates directory
|
||||
# From within the roles/nfc_kubernetes/templates directory
|
||||
wget https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_RELEASE}/kubevirt-cr.yaml -O kubevirt-cr.yaml.j2
|
||||
|
||||
```
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
# Kubernetes Ansible Playbook
|
||||
|
||||
|
||||
## Additional changes
|
||||
|
||||
- `SystemdCgroup = false` -> `SystemdCgroup = true` [See this comment](https://github.com/kubernetes/kubernetes/issues/110177#issuecomment-1161647736)
|
||||
|
||||
## Tags
|
||||
|
||||
This role has been setup to take advantage of Ansible tags. The use of these tags enables finer control over what tasks are run. By design, when you set a task, only what is required for the tag is run.
|
||||
|
||||
available tags are as follows
|
||||
|
||||
- `containerregistry` apply container/docker registry settings
|
||||
- `firewall` apply firewall settings (firewall name/type independent)
|
||||
- `install` Run every task within the role. this is the same as omitting `--tags`
|
||||
- `iptables` apply iptables settings
|
||||
- `manifest` Apply/remove kubernetes manifests
|
||||
- `namespace` Apply/remove kubernetes namespaces
|
||||
- `nodelabels` Apply/remove kubernetes node labels
|
||||
- `taints` Apply/remove kubernetes taints
|
||||
|
||||
!!! tip
|
||||
if you intend on running the `install` tag, you can omit the `--tags` flag from the ansible tag all togther
|
||||
|
||||
!!! alert
|
||||
the first time this playbook is run if cli switch `--extra-vars "init=true"` is used with `init` either a bool true/false, the manifests will not be applied. this is to enable the kubernetes to be fully setup prior to applying manifests that may prevent successful completion of the play.
|
||||
|
||||
## command Cheatsheet
|
||||
|
||||
- `crictl --runtime-endpoint unix:///run/containerd/containerd.sock images` list all container images on the host
|
||||
|
||||
## Links / References
|
||||
|
||||
- ContainerD Configuration
|
||||
|
||||
- [Registry Configuration](https://github.com/containerd/containerd/blob/7cd72cce99c8d3b938c1b763c2744a0b699028ab/docs/cri/config.md#registry-configuration)
|
||||
|
||||
- [Configuring ContainerD registries](https://github.com/containerd/containerd/blob/7cd72cce99c8d3b938c1b763c2744a0b699028ab/docs/hosts.md#cri)
|
||||
32
README.md
32
README.md
@ -1,34 +1,44 @@
|
||||
<div align="center" width="100%">
|
||||
<span style="text-align: center;">
|
||||
|
||||
|
||||
# No Fuss Computing - Ansible Role: nfc_kubernetes
|
||||
# No Fuss Computing - Ansible Collection Kubernetes
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
|
||||
|
||||
[](https://galaxy.ansible.com/ui/repo/published/nofusscomputing/kubernetes/)
|
||||
|
||||
|
||||
----
|
||||
|
||||
<br>
|
||||
|
||||
  [](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues)
|
||||
  [](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues)
|
||||
|
||||
|
||||
|
||||
  
|
||||
  
|
||||
<br>
|
||||
|
||||
This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes) and has a read-only copy hosted on [Github](https://github.com/NofussComputing/ansible_role_nfc_kubernetes).
|
||||
This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes) and has a read-only copy hosted on [Github](https://github.com/NofussComputing/ansible_collection_kubernetes).
|
||||
|
||||
----
|
||||
|
||||
**Stable Branch**
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
   
|
||||
|
||||
|
||||
----
|
||||
|
||||
**Development Branch**
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
   
|
||||
|
||||
----
|
||||
<br>
|
||||
@ -37,14 +47,14 @@ This project is hosted on [gitlab](https://gitlab.com/nofusscomputing/projects/a
|
||||
|
||||
links:
|
||||
|
||||
- [Issues](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues)
|
||||
- [Issues](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues)
|
||||
|
||||
- [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/merge_requests)
|
||||
- [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/merge_requests)
|
||||
|
||||
|
||||
|
||||
## Contributing
|
||||
All contributions for this project must conducted from [Gitlab](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes).
|
||||
All contributions for this project must conducted from [Gitlab](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes).
|
||||
|
||||
For further details on contributing please refer to the [contribution guide](CONTRIBUTING.md).
|
||||
|
||||
|
||||
1
docs/projects/ansible/collection/firewall/index.md
Normal file
1
docs/projects/ansible/collection/firewall/index.md
Normal file
@ -0,0 +1 @@
|
||||
linked to
|
||||
0
docs/projects/ansible/collection/index.md
Normal file
0
docs/projects/ansible/collection/index.md
Normal file
83
docs/projects/ansible/collection/kubernetes/index.md
Normal file
83
docs/projects/ansible/collection/kubernetes/index.md
Normal file
@ -0,0 +1,83 @@
|
||||
---
|
||||
title: Kubernetes
|
||||
description: No Fuss Computings Ansible Collection Kubernetes
|
||||
date: 2024-03-13
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
<span style="text-align: center;">
|
||||
|
||||
|
||||
|
||||
|
||||
 
|
||||
|
||||
   
|
||||
|
||||
|
||||
[](https://galaxy.ansible.com/ui/repo/published/nofusscomputing/kubernetes/)
|
||||
|
||||
|
||||
</span>
|
||||
|
||||
This Ansible Collection is for installing a K3s Kubernetes cluster, both single and multi-node cluster deployments are supported. In addition to installing and configuring the firewall for the node. for further information on the firewall config please see the [firewall docs](../firewall/index.md)
|
||||
|
||||
|
||||
## Installation
|
||||
|
||||
To install this collection use `ansible-galaxy collection install nofusscomputing.kubernetes`
|
||||
|
||||
|
||||
## Features
|
||||
|
||||
- Install k3s cluster. Both Single and multi-node clusters
|
||||
|
||||
- Configure the cluster
|
||||
|
||||
- Upgrade a cluster
|
||||
|
||||
For a more detailed list of featured checkout the roles [documentation](roles/nfc_kubernetes/index.md).
|
||||
|
||||
|
||||
## Using this collection
|
||||
|
||||
This collection has been designed to be a complete and self-contained management tool for a K3s kubernetes cluster.
|
||||
|
||||
## Cluster Installation
|
||||
|
||||
By default the install playbook will install to localhost.
|
||||
|
||||
``` bash
|
||||
|
||||
ansible-playbook nofusscomputing.kubernetes.install
|
||||
|
||||
```
|
||||
|
||||
!!! danger
|
||||
By default when the install task is run, The firewall is also configured. The default sets the `FORWARD` and `INPUT` tables to have a policy of `DROP`. Failing to add any required additional rules before installing/configuring kubernetes will cause you to not have remote access to the machine.
|
||||
|
||||
You are encouraged to run `ansible-playbook nofusscomputing.firewall.install` with your rules configured within your inventory first. see the [firewall docs](../firewall/index.md) for more information.
|
||||
|
||||
The install playbook has a dynamic `hosts` key. This has been done to specifically support running the playbook from AWX and being able to populate the field from the survey feature. Order of precedence for the host variable is as follows:
|
||||
|
||||
- `nfc_pb_host` set to any valid value that a playbook `hosts` key can accept
|
||||
|
||||
- `nfc_pb_kubernetes_cluster_name` with the name of the cluster. This variable is appended to string `kubernetes_cluster_` to serve as a group name for the cluster to be installed. i.e. for a cluster called `prime`, the group name would be set to `kubernetes_cluster_prime`
|
||||
|
||||
- `--limit` specified at runtime
|
||||
|
||||
- `localhost`
|
||||
|
||||
For the available variables please view the [nfc_kubernetes role docs](roles/nfc_kubernetes/index.md#default-variables)
|
||||
|
||||
|
||||
## Cluster Upgrade
|
||||
|
||||
[In place cluster upgrades](https://docs.k3s.io/upgrades/manual#upgrade-k3s-using-the-binary) is the method used to conduct the cluster upgrades. The logic for the upgrades first confirms that K3s is installed and that the local binary and running k3s version are the desired versions. If they are not, they will be updated to the desired version. On completion of this the node has its `k3s` service restarted which completes the upgrade process.
|
||||
|
||||
!!! info
|
||||
If an upgrade occurs, no other task within the play will run. This is by design. if you have further tasks to be run in addition to the upgrade, run the play again.
|
||||
|
||||
!!! danger
|
||||
not following the [Kubernetes version skew policy](https://kubernetes.io/releases/version-skew-policy/) when upgrading your cluster may break your cluster.
|
||||
@ -0,0 +1,46 @@
|
||||
---
|
||||
title: NetBox Kubernetes
|
||||
description: No Fuss Computings Ansible role kubernetes_netbox
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This Ansible role as part of our collection `nofusscomputing.kubernetes` is intended to be used to setup NetBox so that the settings for deploying a kubernetes cluster can be stored within NetBox.
|
||||
|
||||
|
||||
## Role Details
|
||||
|
||||
| Item| Value | Description |
|
||||
|:---|:---:|:---|
|
||||
| Dependent Roles | _None_ | |
|
||||
| Optional Roles | _None_ | |
|
||||
| Idempotent | _Yes_ | |
|
||||
| Stats Available | _Not Yet_ | |
|
||||
| Tags | _Nil_ | |
|
||||
| Requirements | _None_ | |
|
||||
|
||||
|
||||
## Features
|
||||
|
||||
- Adds custom fields to `cluster` object within NetBox that this collection can use to deploy a kubernetes cluster.
|
||||
|
||||
!!! info
|
||||
Due to a bug in ansible module `netbox.netbox.netbox_custom_field` The fields are not created as they should be. For example, the fields are supposed to be set to only display when not empty. for more information see [Github #1210](https://github.com/netbox-community/ansible_modules/issues/1210). We have [added a workaround](https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/merge_requests/56#note_1876912267) so the fields are created.
|
||||
|
||||
Other than that, the fields are created as they should.
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To configure NetBox, ensure that the NetBox Access variables are set and run playbook `nofusscomputing.netbox.kubernetes_netbox`. This will setup NetBox with the required fields that role [nfc_kubernetes](../nfc_kubernetes/index.md) uses.
|
||||
|
||||
|
||||
## Default Variables
|
||||
|
||||
|
||||
``` yaml title="defaults/main.yaml" linenums="1"
|
||||
|
||||
--8<-- "roles/kubernetes_netbox/defaults/main.yaml"
|
||||
|
||||
```
|
||||
@ -3,7 +3,7 @@ title: Ansible
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes Ansible docs
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This page intends to describe/explain the setup of ansible for this role.
|
||||
@ -3,14 +3,14 @@ title: Firewall
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This role include logic to generate firewall rules for iptables. Both IPv4 and IPv6 rules are generated. to survive reboots or network cable disconects, a script is created and added to the `if-up.d.` This enables that each time the interface is brought up, the firewall rules are applied. For a list of the firewall rules applied see the [K3s documentation](https://docs.k3s.io/installation/requirements#inbound-rules-for-k3s-server-nodes)
|
||||
|
||||
Rules generation workflow:
|
||||
|
||||
- itertes over all kubernetes hosts
|
||||
- iterates over all kubernetes hosts
|
||||
|
||||
- adds rules if host is masters for worker access
|
||||
|
||||
@ -3,10 +3,10 @@ title: Kubernetes
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2023-10-24
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This Ansible role is designed to deploy a K3s Kubernetes cluster. Without adding cluster configuration this role will install K3s as a single node cluster. To deploy a multi-node cluster add your configuration, K3s will be installed on all nodes. On completion you will have fully configured cluster in a state ready to use. This role can be used with our [our playbooks](../../playbooks/index.md) or comes included, along with the playbook within our [Ansible Execution Environment](../../execution_environment/index.md).
|
||||
This Ansible role is designed to deploy a K3s Kubernetes cluster. Without adding cluster configuration this role will install K3s as a single node cluster. To deploy a multi-node cluster add your configuration, K3s will be installed on all nodes. On completion you will have fully configured cluster in a state ready to use. This role can be used with our [our playbooks](../../../../playbooks/index.md) or comes included, along with the playbook within our [Ansible Execution Environment](../../../../execution_environment/index.md).
|
||||
|
||||
|
||||
## Role Details
|
||||
@ -70,6 +70,8 @@ This Ansible role is designed to deploy a K3s Kubernetes cluster. Without adding
|
||||
|
||||
- Install the Helm Binary
|
||||
|
||||
- Upgrade cluster
|
||||
|
||||
|
||||
## Role Workflow
|
||||
|
||||
@ -107,9 +109,11 @@ If the playbook is setup as per [our recommendation](ansible.md) step 2 onwards
|
||||
|
||||
## Default Variables
|
||||
|
||||
On viewing these variables you will notice there are single dictionary keys prefixed `nfc_role_kubernetes_` and a dictionary of dictionaries `kubernetes_config`. variables prefixed with `nfc_role_kubernetes_` are for single node installs with the `kubernetes_config` dictionary containing all of the information for an entire cluster. The `kubernetes_config` dictionary variables take precedence. Even if you are installing a cluster on multiple nodes, you are still advised to review the variables prefixed with `nfc_role_kubernetes_` as they may still be needed. i.e. setting a node type use keys `nfc_role_kubernetes_prime`, `nfc_role_kubernetes_master` and `nfc_role_kubernetes_worker`.
|
||||
|
||||
|
||||
``` yaml title="defaults/main.yaml" linenums="1"
|
||||
|
||||
--8<-- "defaults/main.yml"
|
||||
--8<-- "roles/nfc_kubernetes/defaults/main.yml"
|
||||
|
||||
```
|
||||
@ -3,7 +3,7 @@ title: RBAC
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes RBAC documentation.
|
||||
date: 2023-10-29
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
|
||||
@ -3,7 +3,7 @@ title: Release Notes
|
||||
description: No Fuss Computings Ansible role nfc_kubernetes
|
||||
date: 2024-01-31
|
||||
template: project.html
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
|
||||
about: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
---
|
||||
|
||||
This document details any changes that have occured that may impact users of this role. It's a rolling document and will be amended from time to time.
|
||||
87
galaxy.yml
Normal file
87
galaxy.yml
Normal file
@ -0,0 +1,87 @@
|
||||
### REQUIRED
|
||||
# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
|
||||
# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
|
||||
# underscores or numbers and cannot contain consecutive underscores
|
||||
namespace: nofusscomputing
|
||||
|
||||
# The name of the collection. Has the same character restrictions as 'namespace'
|
||||
name: kubernetes
|
||||
|
||||
# The version of the collection. Must be compatible with semantic versioning
|
||||
version: 1.10.1
|
||||
|
||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||
readme: README.md
|
||||
|
||||
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
|
||||
# @nicks:irc/im.site#channel'
|
||||
authors:
|
||||
- No Fuss Computing
|
||||
|
||||
|
||||
### OPTIONAL but strongly recommended
|
||||
# A short summary description of the collection
|
||||
description: Install a K3s Kubernetes Cluster
|
||||
|
||||
# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
|
||||
# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
|
||||
license:
|
||||
- MIT
|
||||
|
||||
# The path to the license file for the collection. This path is relative to the root of the collection. This key is
|
||||
# mutually exclusive with 'license'
|
||||
license_file: ''
|
||||
|
||||
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
|
||||
# requirements as 'namespace' and 'name'
|
||||
tags:
|
||||
- k3s
|
||||
- kubernetes
|
||||
- tools
|
||||
|
||||
# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
|
||||
# collection label 'namespace.name'. The value is a version range
|
||||
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
|
||||
# range specifiers can be set and are separated by ','
|
||||
dependencies:
|
||||
ansible.posix: '>=1.5.4'
|
||||
kubernetes.core: '>=3.0.0'
|
||||
nofusscomputing.firewall: '>=1.1.0'
|
||||
netbox.netbox: '>=3.16.0'
|
||||
|
||||
|
||||
# The URL of the originating SCM repository
|
||||
repository: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
|
||||
# The URL to any online docs
|
||||
documentation: https://nofusscomputing.com/projects/ansible/collection/kubernetes/
|
||||
|
||||
# The URL to the homepage of the collection/project
|
||||
# homepage: https://example.com
|
||||
|
||||
# The URL to the collection issue tracker
|
||||
issues: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes/-/issues
|
||||
|
||||
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
|
||||
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
|
||||
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
|
||||
# and '.git' are always filtered. Mutually exclusive with 'manifest'
|
||||
build_ignore:
|
||||
- .vscode
|
||||
- artifacts
|
||||
- docs
|
||||
- .git*
|
||||
- gitlab-ci
|
||||
- website-template
|
||||
- .ansible-lint-ignore
|
||||
- .cz.yaml
|
||||
- .nfc_automation.yaml
|
||||
- dockerfile
|
||||
- mkdocs.yml
|
||||
|
||||
# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
|
||||
# list of MANIFEST.in style
|
||||
# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
|
||||
# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
|
||||
# with 'build_ignore'
|
||||
# manifest: null
|
||||
Submodule gitlab-ci updated: 41eeb7badd...a24f352ca3
@ -1,53 +0,0 @@
|
||||
---
|
||||
- name: "restart ContainerD"
|
||||
service:
|
||||
name: containerd
|
||||
state: restarted
|
||||
when: >
|
||||
containerd_config.changed | default(false) | bool
|
||||
and
|
||||
containerd_installed.rc | default(1) | int == 0
|
||||
and
|
||||
kubernetes_type == 'k8s'
|
||||
tags:
|
||||
- configure
|
||||
- install
|
||||
|
||||
|
||||
- name: Restart Kubernetes
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
{%- if kubernetes_type == 'k3s' -%}
|
||||
{%- if Kubernetes_Master | default(false) | bool -%}
|
||||
k3s
|
||||
{%- else -%}
|
||||
k3s-agent
|
||||
{%- endif -%}
|
||||
{%- else -%}
|
||||
kubelet
|
||||
{%- endif %}
|
||||
state: restarted
|
||||
listen: kubernetes_restart
|
||||
when: |-
|
||||
not (
|
||||
nfc_kubernetes_no_restart
|
||||
or
|
||||
(
|
||||
inventory_hostname in groups['kubernetes_master']
|
||||
and
|
||||
nfc_kubernetes_no_restart_master
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname == kubernetes_config.cluster.prime.name
|
||||
and
|
||||
nfc_kubernetes_no_restart_prime
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname in groups['kubernetes_worker']
|
||||
and
|
||||
nfc_kubernetes_no_restart_slave
|
||||
)
|
||||
)
|
||||
|
||||
52
meta/runtime.yml
Normal file
52
meta/runtime.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
# Collections must specify a minimum required ansible version to upload
|
||||
# to galaxy
|
||||
requires_ansible: '>=2.14.0'
|
||||
|
||||
# Content that Ansible needs to load from another location or that has
|
||||
# been deprecated/removed
|
||||
# plugin_routing:
|
||||
# action:
|
||||
# redirected_plugin_name:
|
||||
# redirect: ns.col.new_location
|
||||
# deprecated_plugin_name:
|
||||
# deprecation:
|
||||
# removal_version: "4.0.0"
|
||||
# warning_text: |
|
||||
# See the porting guide on how to update your playbook to
|
||||
# use ns.col.another_plugin instead.
|
||||
# removed_plugin_name:
|
||||
# tombstone:
|
||||
# removal_version: "2.0.0"
|
||||
# warning_text: |
|
||||
# See the porting guide on how to update your playbook to
|
||||
# use ns.col.another_plugin instead.
|
||||
# become:
|
||||
# cache:
|
||||
# callback:
|
||||
# cliconf:
|
||||
# connection:
|
||||
# doc_fragments:
|
||||
# filter:
|
||||
# httpapi:
|
||||
# inventory:
|
||||
# lookup:
|
||||
# module_utils:
|
||||
# modules:
|
||||
# netconf:
|
||||
# shell:
|
||||
# strategy:
|
||||
# terminal:
|
||||
# test:
|
||||
# vars:
|
||||
|
||||
# Python import statements that Ansible needs to load from another location
|
||||
# import_redirection:
|
||||
# ansible_collections.ns.col.plugins.module_utils.old_location:
|
||||
# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
|
||||
|
||||
# Groups of actions/modules that take a common set of options
|
||||
# action_groups:
|
||||
# group_name:
|
||||
# - module1
|
||||
# - module2
|
||||
27
mkdocs.yml
27
mkdocs.yml
@ -2,9 +2,9 @@ INHERIT: website-template/mkdocs.yml
|
||||
|
||||
docs_dir: 'docs'
|
||||
|
||||
repo_name: Kubernetes Ansible Role
|
||||
repo_url: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes
|
||||
edit_uri: '/-/ide/project/nofusscomputing/projects/ansible/kubernetes/edit/development/-/docs/'
|
||||
repo_name: Kubernetes Ansible Collection
|
||||
repo_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
edit_uri: '/-/ide/project/nofusscomputing/projects/ansible/collections/kubernetes/edit/development/-/docs/'
|
||||
|
||||
nav:
|
||||
- Home: index.md
|
||||
@ -29,22 +29,29 @@ nav:
|
||||
|
||||
- projects/ansible/playbooks/index.md
|
||||
|
||||
- Roles:
|
||||
- Collections:
|
||||
|
||||
- projects/ansible/roles/index.md
|
||||
- projects/ansible/collection/index.md
|
||||
|
||||
- Kubernetes:
|
||||
|
||||
- projects/ansible/roles/kubernetes/index.md
|
||||
- projects/ansible/collection/kubernetes/index.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/ansible.md
|
||||
- Role nfc_kubernetes:
|
||||
|
||||
- projects/ansible/roles/kubernetes/firewall.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/index.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/rbac.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/ansible.md
|
||||
|
||||
- projects/ansible/roles/kubernetes/release_notes.md
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/firewall.md
|
||||
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/rbac.md
|
||||
|
||||
- projects/ansible/collection/kubernetes/roles/nfc_kubernetes/release_notes.md
|
||||
|
||||
- Role kubernetes_netbox:
|
||||
|
||||
- projects/ansible/collection/kubernetes/roles/kubernetes_netbox/index.md
|
||||
|
||||
- Operations:
|
||||
|
||||
|
||||
64
playbooks/install.yaml
Normal file
64
playbooks/install.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: Install K3s Kubernetes
|
||||
hosts: |-
|
||||
{%- if nfc_pb_host is defined -%}
|
||||
|
||||
{{ nfc_pb_host }}
|
||||
|
||||
{%- elif nfc_pb_kubernetes_cluster_name is defined -%}
|
||||
|
||||
kubernetes_cluster_{{ nfc_pb_kubernetes_cluster_name | lower }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
{%- if ansible_limit is defined -%}
|
||||
|
||||
{{ ansible_limit }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
localhost
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- endif %}
|
||||
become: true
|
||||
gather_facts: true
|
||||
|
||||
|
||||
tasks:
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_kubernetes
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
# vars:
|
||||
|
||||
#
|
||||
# Future feature, add playbook to import to awx
|
||||
#
|
||||
# nfc_pb_awx_tower_template:
|
||||
|
||||
|
||||
# - name: "Collection/NoFussComputing/Kubernetes/Install"
|
||||
# ask_credential_on_launch: true
|
||||
# ask_job_type_on_launch: true
|
||||
# ask_limit_on_launch: true
|
||||
# ask_tags_on_launch: true
|
||||
# ask_variables_on_launch: true
|
||||
# description: |
|
||||
# Playbook to Install/Configure Kubernetes using configuration
|
||||
# from code.
|
||||
# execution_environment: "No Fuss Computing EE"
|
||||
# job_type: "check"
|
||||
# labels:
|
||||
# - cluster
|
||||
# - k3s
|
||||
# - kubernetes
|
||||
# verbosity: 2
|
||||
# use_fact_cache: true
|
||||
# survey_enabled: false
|
||||
64
playbooks/netbox.yaml
Normal file
64
playbooks/netbox.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
- name: Install K3s Kubernetes
|
||||
hosts: |-
|
||||
{%- if nfc_pb_host is defined -%}
|
||||
|
||||
{{ nfc_pb_host }}
|
||||
|
||||
{%- elif nfc_pb_kubernetes_cluster_name is defined -%}
|
||||
|
||||
kubernetes_cluster_{{ nfc_pb_kubernetes_cluster_name | lower }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
{%- if ansible_limit is defined -%}
|
||||
|
||||
{{ ansible_limit }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
localhost
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- endif %}
|
||||
become: false
|
||||
gather_facts: false
|
||||
|
||||
|
||||
tasks:
|
||||
|
||||
|
||||
- name: Configure NetBox for Kubernetes Deployment(s)
|
||||
ansible.builtin.include_role:
|
||||
name: kubernetes_netbox
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
# vars:
|
||||
|
||||
#
|
||||
# Future feature, add playbook to import to awx
|
||||
#
|
||||
# nfc_pb_awx_tower_template:
|
||||
|
||||
|
||||
# - name: "Collection/NoFussComputing/Kubernetes/NetBox/Configure"
|
||||
# ask_credential_on_launch: true
|
||||
# ask_job_type_on_launch: true
|
||||
# ask_limit_on_launch: true
|
||||
# ask_tags_on_launch: true
|
||||
# ask_variables_on_launch: true
|
||||
# description: |
|
||||
# Playbook to Install/Configure Kubernetes using configuration
|
||||
# from code.
|
||||
# execution_environment: "No Fuss Computing EE"
|
||||
# job_type: "check"
|
||||
# labels:
|
||||
# - cluster
|
||||
# - k3s
|
||||
# - kubernetes
|
||||
# verbosity: 2
|
||||
# use_fact_cache: true
|
||||
# survey_enabled: false
|
||||
0
plugins/.gitkeep
Normal file
0
plugins/.gitkeep
Normal file
2
requirements.txt
Normal file
2
requirements.txt
Normal file
@ -0,0 +1,2 @@
|
||||
pynetbox
|
||||
pytz
|
||||
9
roles/defaults/main.yaml
Normal file
9
roles/defaults/main.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
#
|
||||
# NetBox Access Variables. Required
|
||||
#
|
||||
|
||||
# nfc_pb_api_netbox_url: # ENV [NETBOX_API]
|
||||
# nfc_pb_api_netbox_token: # ENV [NETBOX_TOKEN]
|
||||
# nfc_pb_api_netbox_validate_cert: true # ENV [NETBOX_VALIDATE_CERT]
|
||||
3
roles/kubernetes_netbox/README.md
Normal file
3
roles/kubernetes_netbox/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
## No Fuss Computing - Ansible Role kubernetes_netbox
|
||||
|
||||
Nothing to see here
|
||||
30
roles/kubernetes_netbox/meta/main.yaml
Normal file
30
roles/kubernetes_netbox/meta/main.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
galaxy_info:
|
||||
|
||||
role_name: kubernetes_netbox
|
||||
|
||||
author: No Fuss Computing
|
||||
|
||||
description: Configure the required items within Netbox to support deploying kubernetes from Netbox configuration.
|
||||
|
||||
issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
|
||||
license: MIT
|
||||
|
||||
min_ansible_version: '2.15'
|
||||
|
||||
platforms:
|
||||
|
||||
- name: Debian
|
||||
versions:
|
||||
- bullseye
|
||||
- bookworm
|
||||
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 21
|
||||
|
||||
galaxy_tags:
|
||||
- cluster
|
||||
- k3s
|
||||
- kubernetes
|
||||
- netbox
|
||||
255
roles/kubernetes_netbox/tasks/cluster.yaml
Normal file
255
roles/kubernetes_netbox/tasks/cluster.yaml
Normal file
@ -0,0 +1,255 @@
|
||||
---
|
||||
|
||||
# add cluster type kubernetes
|
||||
|
||||
- name: Create Custom Field - Configure Firewall
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Configure Firewall
|
||||
name: nfc_role_kubernetes_configure_firewall
|
||||
type: boolean
|
||||
ui_visibility: 'hidden-ifunset'
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - ETCD Enabled
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: ETCD Enabled
|
||||
name: nfc_role_kubernetes_etcd_enabled
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Install OLM
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Install OLM
|
||||
name: nfc_role_kubernetes_install_olm
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Install Helm
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Install Helm
|
||||
name: nfc_role_kubernetes_install_helm
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Install KubeVirt
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Install KubeVirt
|
||||
name: nfc_role_kubernetes_install_kubevirt
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - KubeVirt Operator Replicas
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: KubeVirt Operator Replicas
|
||||
name: nfc_role_kubernetes_kubevirt_operator_replicas
|
||||
type: integer
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
validation_minimum: 1
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Enable MetalLB
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Enable MetalLB
|
||||
name: nfc_kubernetes_enable_metallb
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Enable ServiceLB (klipper)
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Enable ServiceLB (klipper)
|
||||
name: nfc_kubernetes_enable_servicelb
|
||||
type: boolean
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Pod Subnet
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Pod Subnet
|
||||
name: nfc_role_kubernetes_pod_subnet
|
||||
object_type: ipam.prefix
|
||||
type: object
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Service Subnet
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- virtualization.cluster
|
||||
default: null
|
||||
group_name: Kubernetes
|
||||
label: Service Subnet
|
||||
name: nfc_role_kubernetes_service_subnet
|
||||
object_type: ipam.prefix
|
||||
type: object
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: false
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
21
roles/kubernetes_netbox/tasks/main.yaml
Normal file
21
roles/kubernetes_netbox/tasks/main.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
---
|
||||
|
||||
- name: Setup NetBox for Kubernetes Cluster Deployments
|
||||
ansible.builtin.include_tasks:
|
||||
file: cluster.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Setup NetBox for Kubernetes Service Deployments
|
||||
ansible.builtin.include_tasks:
|
||||
file: services.yaml
|
||||
apply:
|
||||
tags:
|
||||
- always
|
||||
tags:
|
||||
- never
|
||||
- services
|
||||
50
roles/kubernetes_netbox/tasks/services.yaml
Normal file
50
roles/kubernetes_netbox/tasks/services.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
|
||||
- name: Create Custom Field - Instance
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- ipam.service
|
||||
group_name: Kubernetes
|
||||
label: Instance Name
|
||||
description: "Name of the Instance to be deployed"
|
||||
name: service_kubernetes_instance
|
||||
type: text
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: true
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
|
||||
|
||||
- name: Create Custom Field - Namespace
|
||||
netbox.netbox.netbox_custom_field:
|
||||
netbox_url: "{{ lookup('env', 'NETBOX_API') | default(nfc_pb_api_netbox_url) }}"
|
||||
netbox_token: "{{ lookup('env', 'NETBOX_TOKEN') | default(nfc_pb_api_netbox_token) }}"
|
||||
data:
|
||||
content_types:
|
||||
- ipam.service
|
||||
group_name: Kubernetes
|
||||
label: Service Namespace
|
||||
description: "Deployment Namespace"
|
||||
name: service_kubernetes_namespace
|
||||
type: text
|
||||
ui_visibility: hidden-ifunset
|
||||
# is_cloneable: true
|
||||
weight: 100
|
||||
state: present
|
||||
validate_certs: "{{ lookup('env', 'NETBOX_VALIDATE_CERT') | default(nfc_pb_api_netbox_validate_cert) | default(true) | bool }}"
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
custom_field_tmp.msg != 'ui_visibility does not exist on existing object. Check to make sure valid field.'
|
||||
and
|
||||
custom_field_tmp.diff is not defined
|
||||
register: custom_field_tmp
|
||||
3
roles/nfc_kubernetes/README.md
Normal file
3
roles/nfc_kubernetes/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
## No Fuss Computing - Ansible Role nfc_kubernetes
|
||||
|
||||
Nothing to see here
|
||||
@ -34,6 +34,8 @@ nfc_role_kubernetes_container_images:
|
||||
|
||||
nfc_role_kubernetes_cluster_domain: cluster.local
|
||||
|
||||
nfc_role_kubernetes_configure_firewall: true
|
||||
|
||||
nfc_role_kubernetes_etcd_enabled: false
|
||||
|
||||
nfc_role_kubernetes_install_olm: false
|
||||
@ -44,14 +46,18 @@ nfc_role_kubernetes_install_kubevirt: false
|
||||
|
||||
nfc_role_kubernetes_kubevirt_operator_replicas: 1
|
||||
|
||||
# nfc_role_kubernetes_node_prime: '' # Mandatory*, string. the inventory_hostname of the prime node. ONLY required for multi-node deployments
|
||||
|
||||
nfc_role_kubernetes_oidc_enabled: false
|
||||
|
||||
nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
|
||||
|
||||
nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
|
||||
nfc_role_kubernetes_service_subnet: 172.16.244.0/22
|
||||
|
||||
nfc_role_kubernetes_prime: true
|
||||
nfc_role_kubernetes_master: true
|
||||
nfc_role_kubernetes_worker: false
|
||||
nfc_role_kubernetes_prime: false # Mandatory for a node designated as the prime master node
|
||||
nfc_role_kubernetes_master: false # Mandatory for a node designated as a master node and the prime master node
|
||||
nfc_role_kubernetes_worker: false # Mandatory for a node designated as a worker node
|
||||
|
||||
############################################################################################################
|
||||
#
|
||||
@ -82,7 +88,7 @@ kubelet_arg_system_reserved_storage: 8Gi
|
||||
|
||||
|
||||
nfc_kubernetes:
|
||||
enable_firewall: true # Optional, bool enable firewall rules from role 'nfc_firewall'
|
||||
enable_firewall: false # Optional, bool enable firewall rules from role 'nfc_firewall'
|
||||
|
||||
nfc_kubernetes_no_restart: false # Set to true to prevent role from restarting kubernetes on the host(s)
|
||||
nfc_kubernetes_no_restart_master: false # Set to true to prevent role from restarting kubernetes on master host(s)
|
||||
@ -132,7 +138,7 @@ k3s:
|
||||
# usernames: []
|
||||
# runtimeClasses: []
|
||||
# namespaces: [kube-system]
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
when: "{{ nfc_role_kubernetes_prime | bool }}"
|
||||
|
||||
|
||||
#############################################################################################
|
||||
41
roles/nfc_kubernetes/handlers/main.yml
Normal file
41
roles/nfc_kubernetes/handlers/main.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
|
||||
- name: Reboot Node
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 300
|
||||
listen: reboot_host
|
||||
when: ansible_connection == 'ssh'
|
||||
|
||||
|
||||
- name: Restart Kubernetes
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
k3s
|
||||
{%- else -%}
|
||||
k3s-agent
|
||||
{%- endif -%}
|
||||
state: restarted
|
||||
listen: kubernetes_restart
|
||||
when: |-
|
||||
not (
|
||||
nfc_kubernetes_no_restart
|
||||
or
|
||||
(
|
||||
nfc_role_kubernetes_master
|
||||
and
|
||||
nfc_kubernetes_no_restart_master
|
||||
)
|
||||
or
|
||||
(
|
||||
inventory_hostname == kubernetes_config.cluster.prime.name | default(inventory_hostname)
|
||||
and
|
||||
nfc_kubernetes_no_restart_prime
|
||||
)
|
||||
or
|
||||
(
|
||||
nfc_role_kubernetes_worker
|
||||
and
|
||||
nfc_kubernetes_no_restart_slave
|
||||
)
|
||||
)
|
||||
@ -1,24 +1,29 @@
|
||||
galaxy_info:
|
||||
|
||||
role_name: nfc_kubernetes
|
||||
|
||||
author: No Fuss Computing
|
||||
description: template role to install and configure Kubernetes on a host
|
||||
|
||||
issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes
|
||||
description: Install and configure single and multi-node K3s Kubernetes cluster.
|
||||
|
||||
license: https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/blob/master/LICENSE
|
||||
issue_tracker_url: https://gitlab.com/nofusscomputing/projects/ansible/collections/kubernetes
|
||||
|
||||
license: MIT
|
||||
|
||||
min_ansible_version: '2.15'
|
||||
|
||||
platforms:
|
||||
|
||||
- name: Debian
|
||||
versions:
|
||||
- bullseye
|
||||
- bookworm
|
||||
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- 21
|
||||
|
||||
galaxy_tags:
|
||||
- cluster
|
||||
- k3s
|
||||
- k8s
|
||||
- kubernetes
|
||||
- container
|
||||
@ -5,6 +5,9 @@
|
||||
url: https://baltocdn.com/helm/signing.asc
|
||||
dest: /usr/share/keyrings/helm.asc
|
||||
mode: 740
|
||||
changed_when: not ansible_check_mode
|
||||
delay: 10
|
||||
retries: 3
|
||||
|
||||
|
||||
- name: Add Helm Repository
|
||||
@ -4,7 +4,10 @@
|
||||
ansible.builtin.command:
|
||||
cmd: hostname
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
register: hostname_to_check
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Hostname Check
|
||||
@ -12,35 +15,72 @@
|
||||
that:
|
||||
- hostname_to_check.stdout == inventory_hostname
|
||||
msg: The hostname must match the inventory_hostname
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
inventory_hostname != 'localhost'
|
||||
|
||||
|
||||
- name: Testing Env Variables
|
||||
ansible.builtin.set_fact:
|
||||
ansible_default_ipv4: {
|
||||
"address": "127.0.0.1"
|
||||
}
|
||||
check_mode: false
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
lookup('ansible.builtin.env', 'CI_COMMIT_SHA') | default('') != ''
|
||||
|
||||
|
||||
- name: Gather Facts required by role
|
||||
ansible.builtin.setup:
|
||||
gather_subset:
|
||||
- all_ipv4_addresses
|
||||
- os_family
|
||||
- processor
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
ansible_architecture is not defined
|
||||
or
|
||||
ansible_default_ipv4 is not defined
|
||||
or
|
||||
ansible_os_family is not defined
|
||||
|
||||
|
||||
- name: Check Machine Architecture
|
||||
ansible.builtin.set_fact:
|
||||
nfc_kubernetes_install_architectures: "{{ nfc_kubernetes_install_architectures | default({}) | combine({ansible_architecture: ''}) }}"
|
||||
tags:
|
||||
- always
|
||||
|
||||
|
||||
- name: Firewall Rules
|
||||
- name: Configure Kubernetes Firewall Rules
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_firewall
|
||||
name: nofusscomputing.firewall.nfc_firewall
|
||||
vars:
|
||||
nfc_firewall_enabled_kubernetes: "{{ nfc_kubernetes.enable_firewall | default(false) | bool }}"
|
||||
nfc_role_firewall_firewall_type: iptables
|
||||
nfc_role_firewall_additional_rules: "{{ ( lookup('template', 'vars/firewall_rules.yaml') | from_yaml ).kubernetes_chains }}"
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
- always
|
||||
when: >
|
||||
nfc_role_kubernetes_configure_firewall
|
||||
|
||||
|
||||
# fix, reload firewall `iptables-reloader`
|
||||
- name: Reload iptables
|
||||
ansible.builtin.command:
|
||||
cmd: bash -c /usr/bin/iptables-reloader
|
||||
changed_when: false
|
||||
- name: Install required software
|
||||
ansible.builtin.apt:
|
||||
name: python3-pip
|
||||
install_recommends: false
|
||||
state: present
|
||||
when: >
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
not kubernetes_installed | default(false) | bool
|
||||
tags:
|
||||
- never
|
||||
- install
|
||||
- always
|
||||
|
||||
|
||||
# kubernetes_installed
|
||||
|
||||
- name: K3s Install
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/install.yaml
|
||||
@ -65,6 +105,8 @@
|
||||
install_kubernetes | default(true) | bool
|
||||
and
|
||||
kubernetes_installed | default(false) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
@ -81,6 +123,8 @@
|
||||
kubernetes_config.kube_virt.enabled | default(nfc_role_kubernetes_install_kubevirt)
|
||||
and
|
||||
inventory_hostname in kubernetes_config.kube_virt.nodes | default([ inventory_hostname ]) | list
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
@ -97,5 +141,7 @@
|
||||
kubernetes_config.helm.enabled | default(nfc_role_kubernetes_install_helm)
|
||||
and
|
||||
nfc_role_kubernetes_master
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
tags:
|
||||
- always
|
||||
@ -14,7 +14,7 @@
|
||||
|
||||
- name: Check if FW dir exists
|
||||
ansible.builtin.stat:
|
||||
name: /etc/iptables.rules.d
|
||||
name: /etc/iptables-reloader/rules.d
|
||||
register: firewall_rules_dir_metadata
|
||||
|
||||
|
||||
@ -34,12 +34,21 @@
|
||||
|
||||
- src: kubernetes-manifest-rbac.yaml.j2
|
||||
dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
when: "{{ nfc_role_kubernetes_prime | bool }}"
|
||||
|
||||
- src: iptables-kubernetes.rules.j2
|
||||
dest: "/etc/iptables.rules.d/iptables-kubernetes.rules"
|
||||
dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules"
|
||||
notify: firewall_reloader
|
||||
when: "{{ firewall_rules_dir_metadata.stat.exists }}"
|
||||
when: |-
|
||||
{%- if firewall_installed -%}
|
||||
|
||||
{{ firewall_rules_dir_metadata.stat.exists }}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
false
|
||||
|
||||
{%- endif %}
|
||||
|
||||
|
||||
- name: Add Kubernetes Node Labels
|
||||
@ -62,7 +71,7 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '700'
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
when:
|
||||
kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
|
||||
or
|
||||
@ -1,28 +1,46 @@
|
||||
---
|
||||
|
||||
- name: Install required python modules
|
||||
ansible.builtin.pip:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ pip_packages }}"
|
||||
vars:
|
||||
pip_packages:
|
||||
- kubernetes>=12.0.0
|
||||
- PyYAML>=3.11
|
||||
|
||||
|
||||
- name: Check for calico deployment manifest
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
register: file_calico_yaml_metadata
|
||||
when: >
|
||||
nfc_role_kubernetes_prime | bool
|
||||
|
||||
|
||||
- name: Check for calico Operator deployment manifest
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/ansible/deployment-manifest-calico_operator.yaml
|
||||
register: file_calico_operator_yaml_metadata
|
||||
when: >
|
||||
nfc_role_kubernetes_prime | bool
|
||||
|
||||
|
||||
- name: Install Software
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_common
|
||||
- name: Install dependent packages
|
||||
ansible.builtin.apt:
|
||||
name: "{{ package }}"
|
||||
state: present
|
||||
loop: "{{ packages }}"
|
||||
loop_control:
|
||||
loop_var: package
|
||||
vars:
|
||||
common_gather_facts: false
|
||||
initial_common_tasks: true # Don't run init tasks
|
||||
aptInstall:
|
||||
- name: curl
|
||||
- name: iptables
|
||||
- name: jq
|
||||
- name: wireguard
|
||||
packages:
|
||||
- wget
|
||||
- curl
|
||||
- iptables
|
||||
- jq
|
||||
- wireguard
|
||||
|
||||
|
||||
- name: Remove swapfile from /etc/fstab
|
||||
@ -39,14 +57,29 @@
|
||||
- install
|
||||
|
||||
|
||||
- name: Disable swap
|
||||
ansible.builtin.command:
|
||||
cmd: swapoff -a
|
||||
changed_when: false
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
- name: Testing Environment try/catch
|
||||
block:
|
||||
|
||||
|
||||
- name: Disable swap
|
||||
ansible.builtin.command:
|
||||
cmd: swapoff -a
|
||||
changed_when: false
|
||||
when:
|
||||
- ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
|
||||
|
||||
rescue:
|
||||
|
||||
- name: Check if inside Gitlab CI
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- lookup('ansible.builtin.env', 'CI_COMMIT_SHA') | default('') != ''
|
||||
success_msg: "Inside testing enviroment, 'Disable swap' error OK"
|
||||
fail_msg: "You should figure out what went wrong"
|
||||
|
||||
|
||||
- name: Check an armbian os system
|
||||
ansible.builtin.stat:
|
||||
@ -79,12 +112,20 @@
|
||||
- name: /var/lib/rancher/k3s/server/logs
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
- name: /var/lib/rancher/k3s/server/manifests
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
- name: /var/lib/rancher/k3s/ansible
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
when: >
|
||||
item.when | default(true)
|
||||
|
||||
|
||||
- name: Add sysctl net.ipv4.ip_forward
|
||||
@ -136,28 +177,245 @@
|
||||
when: directory_network_manager_metadata.stat.exists
|
||||
|
||||
|
||||
- name: Check if K3s Installed
|
||||
- name: File Metadata - k3s binary
|
||||
ansible.builtin.stat:
|
||||
checksum_algorithm: sha256
|
||||
name: /usr/local/bin/k3s
|
||||
register: metadata_file_k3s_existing_binary
|
||||
|
||||
|
||||
- name: File Metadata - k3s[-agent].service
|
||||
ansible.builtin.stat:
|
||||
checksum_algorithm: sha256
|
||||
name: |-
|
||||
/etc/systemd/system/k3s
|
||||
{%- if not nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
-agent
|
||||
{%- endif -%}
|
||||
.service
|
||||
register: metadata_file_k3s_service
|
||||
|
||||
|
||||
- name: Directory Metadata - /etc/rancher/k3s/k3s.yaml
|
||||
ansible.builtin.stat:
|
||||
name: /etc/rancher/k3s/k3s.yaml
|
||||
register: metadata_dir_etc_k3s
|
||||
|
||||
|
||||
- name: File Metadata - /var/lib/rancher/k3s/server/token
|
||||
ansible.builtin.stat:
|
||||
checksum_algorithm: sha256
|
||||
name: /var/lib/rancher/k3s/server/token
|
||||
register: metadata_file_var_k3s_token
|
||||
|
||||
|
||||
- name: Config Link
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
if [[ $(service k3s status) ]]; then exit 0; else exit 1; fi
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: k3s_installed
|
||||
cmd: >
|
||||
ln -s /etc/rancher/k3s/k3s.yaml ~/.kube/config
|
||||
executable: bash
|
||||
creates: ~/.kube/config
|
||||
when: >
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
metadata_dir_etc_k3s.stat.exists | default(false) | bool
|
||||
|
||||
|
||||
- name: Check if K3s Installed
|
||||
- name: Fetch Kubernetes Node Object
|
||||
kubernetes.core.k8s_info:
|
||||
kind: Node
|
||||
name: "{{ inventory_hostname }}"
|
||||
register: kubernetes_node
|
||||
when: >
|
||||
metadata_file_k3s_existing_binary.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_file_k3s_service.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_dir_etc_k3s.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_file_var_k3s_token.stat.exists | default(false) | bool
|
||||
|
||||
|
||||
- name: Fetch Installed K3s Metadata
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
if [[ $(service k3s-agent status) ]]; then exit 0; else exit 1; fi
|
||||
export installed_version=$(k3s --version | grep k3s | awk '{print $3}');
|
||||
export installed="
|
||||
{%- if
|
||||
metadata_file_k3s_existing_binary.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_file_k3s_service.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_dir_etc_k3s.stat.exists | default(false) | bool
|
||||
and
|
||||
metadata_file_var_k3s_token.stat.exists | default(false) | bool
|
||||
-%}
|
||||
true
|
||||
{%- else -%}
|
||||
false
|
||||
{%- endif -%}";
|
||||
|
||||
if ! service k3s status > /dev/null; then
|
||||
|
||||
export installed='false';
|
||||
|
||||
fi
|
||||
|
||||
export running_version="{{ kubernetes_node.resources[0].status.nodeInfo.kubeletVersion | default('0') }}";
|
||||
|
||||
export correct_hash=$(wget -q https://github.com/k3s-io/k3s/releases/download/v
|
||||
{{-KubernetesVersion + KubernetesVersion_k3s_prefix | urlencode -}}
|
||||
/sha256sum-
|
||||
{%- if ansible_architecture | lower == 'x86_64' -%}
|
||||
amd64
|
||||
{%- elif ansible_architecture | lower == 'aarch64' -%}
|
||||
arm64
|
||||
{%- endif %}.txt -O - | grep -v 'images' | awk '{print $1}');
|
||||
|
||||
cat <<EOF
|
||||
{
|
||||
"current_hash": "{{ metadata_file_k3s_existing_binary.stat.checksum | default('') }}",
|
||||
"current_version": "${installed_version}",
|
||||
"desired_hash": "${correct_hash}",
|
||||
"desired_version": "v{{ KubernetesVersion + KubernetesVersion_k3s_prefix | default('') }}",
|
||||
"installed": ${installed},
|
||||
"running_version": "${running_version}"
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
failed_when: false
|
||||
register: k3s_installed
|
||||
register: k3s_metadata
|
||||
|
||||
|
||||
- name: K3s Metadata Fact
|
||||
ansible.builtin.set_fact:
|
||||
node_k3s: "{{ k3s_metadata.stdout | from_yaml }}"
|
||||
|
||||
|
||||
- name: Cached K3s Binary Details
|
||||
ansible.builtin.stat:
|
||||
path: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
checksum_algorithm: sha256
|
||||
delegate_to: localhost
|
||||
register: file_cached_k3s_binary
|
||||
vars:
|
||||
ansible_connection: local
|
||||
|
||||
|
||||
- name: Remove Cached K3s Binaries
|
||||
ansible.builtin.file:
|
||||
path: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
vars:
|
||||
ansible_connection: local
|
||||
when: >
|
||||
not nfc_role_kubernetes_worker | default(false) | bool
|
||||
file_cached_k3s_binary.stat.checksum | default('0') != node_k3s.desired_hash
|
||||
|
||||
- name: Try / Catch
|
||||
block:
|
||||
|
||||
|
||||
- name: Download K3s Binary
|
||||
ansible.builtin.uri:
|
||||
url: |-
|
||||
https://github.com/k3s-io/k3s/releases/download/
|
||||
{{- node_k3s.desired_version | urlencode -}}
|
||||
/k3s
|
||||
{%- if cpu_arch.key == 'aarch64' -%}
|
||||
-arm64
|
||||
{%- endif %}
|
||||
method: GET
|
||||
return_content: false
|
||||
status_code:
|
||||
- 200
|
||||
- 304
|
||||
dest: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
mode: "744"
|
||||
changed_when: not ansible_check_mode
|
||||
check_mode: false
|
||||
delay: 10
|
||||
retries: 3
|
||||
register: k3s_download_files
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
(lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) != node_k3s.desired_hash
|
||||
and
|
||||
(
|
||||
k3s_download_files.status | int != 200
|
||||
or
|
||||
k3s_download_files.status | int != 304
|
||||
)
|
||||
run_once: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
vars:
|
||||
ansible_connection: local
|
||||
|
||||
rescue:
|
||||
|
||||
|
||||
- name: TRACE - Debug out
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "Download file hash: {{ (lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) }}"
|
||||
|
||||
|
||||
- name: Fail task
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- false
|
||||
msg: "Task failed, review previous task for error"
|
||||
|
||||
|
||||
- name: Copy K3s binary to Host
|
||||
ansible.builtin.copy:
|
||||
src: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
dest: "/usr/local/bin/k3s"
|
||||
mode: '741'
|
||||
owner: root
|
||||
group: root
|
||||
register: k3s_binary_copy
|
||||
when: >
|
||||
node_k3s.current_hash != node_k3s.desired_hash
|
||||
|
||||
|
||||
- name: K3s Binary Upgrade
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
k3s
|
||||
{%- else -%}
|
||||
k3s-agent
|
||||
{%- endif %}
|
||||
state: restarted
|
||||
register: k3s_upgrade_service_restart
|
||||
when: >
|
||||
(
|
||||
k3s_binary_copy.changed | default(false) | bool
|
||||
and
|
||||
node_k3s.installed | default(false) | bool
|
||||
)
|
||||
or
|
||||
(
|
||||
node_k3s.running_version != node_k3s.desired_version
|
||||
and
|
||||
node_k3s.installed | default(false) | bool
|
||||
)
|
||||
|
||||
|
||||
- name: Create Fact - cluster_upgraded
|
||||
ansible.builtin.set_fact:
|
||||
nfc_role_kubernetes_cluster_upgraded: true
|
||||
cacheable: true
|
||||
when: >
|
||||
k3s_upgrade_service_restart.changed | default(false) | bool
|
||||
|
||||
|
||||
- name: Download Install Scripts
|
||||
@ -170,7 +428,10 @@
|
||||
- 304
|
||||
dest: "{{ item.dest }}"
|
||||
mode: "744"
|
||||
check_mode: false
|
||||
changed_when: false
|
||||
delay: 10
|
||||
retries: 3
|
||||
register: k3s_download_script
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
@ -179,6 +440,8 @@
|
||||
ansible_os_family == 'Debian'
|
||||
and
|
||||
item.when | default(true) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
loop: "{{ download_files }}"
|
||||
vars:
|
||||
ansible_connection: local
|
||||
@ -190,61 +453,6 @@
|
||||
when: "{{ nfc_role_kubernetes_install_olm }}"
|
||||
|
||||
|
||||
- name: Download K3s Binary
|
||||
ansible.builtin.uri:
|
||||
url: |-
|
||||
https://github.com/k3s-io/k3s/releases/download/v
|
||||
{{- KubernetesVersion + KubernetesVersion_k3s_prefix | urlencode -}}
|
||||
/k3s
|
||||
{%- if cpu_arch.key == 'aarch64' -%}
|
||||
-arm64
|
||||
{%- endif %}
|
||||
method: GET
|
||||
return_content: false
|
||||
status_code:
|
||||
- 200
|
||||
- 304
|
||||
dest: "/tmp/k3s.{{ cpu_arch.key }}"
|
||||
mode: "744"
|
||||
changed_when: false
|
||||
register: k3s_download_files
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
# no_log: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
vars:
|
||||
ansible_connection: local
|
||||
|
||||
|
||||
- name: "[TRACE] Downloaded File SHA256"
|
||||
ansible.builtin.set_fact:
|
||||
hash_sha256_k3s_downloaded_binary: "{{ lookup('ansible.builtin.file', '/tmp/k3s.' + cpu_arch.key) | hash('sha256') | string }}"
|
||||
delegate_to: localhost
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
|
||||
|
||||
- name: Existing k3s File hash
|
||||
ansible.builtin.stat:
|
||||
checksum_algorithm: sha256
|
||||
name: /usr/local/bin/k3s
|
||||
register: hash_sha256_k3s_existing_binary
|
||||
|
||||
|
||||
- name: Copy K3s binary to Host
|
||||
ansible.builtin.copy:
|
||||
src: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
dest: "/usr/local/bin/k3s"
|
||||
mode: '741'
|
||||
owner: root
|
||||
group: root
|
||||
when: hash_sha256_k3s_existing_binary.stat.checksum | default('0') != hash_sha256_k3s_downloaded_binary
|
||||
|
||||
|
||||
- name: Copy install scripts to Host
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item.path }}"
|
||||
@ -261,6 +469,8 @@
|
||||
when: "{{ nfc_role_kubernetes_install_olm }}"
|
||||
when: >
|
||||
item.when | default(true) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Required Initial config files
|
||||
@ -274,7 +484,8 @@
|
||||
loop: "{{ k3s.files }}"
|
||||
when: >
|
||||
item.when | default(true) | bool
|
||||
# kubernetes_config.cluster.prime.name == inventory_hostname
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Copy Intial required templates
|
||||
@ -289,6 +500,8 @@
|
||||
diff: true
|
||||
when: >
|
||||
item.when | default(true) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
vars:
|
||||
templates_to_apply:
|
||||
- src: k3s-config.yaml.j2
|
||||
@ -298,7 +511,7 @@
|
||||
dest: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
when: >
|
||||
{{
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
(
|
||||
(
|
||||
@ -306,7 +519,7 @@
|
||||
and
|
||||
file_calico_yaml_metadata.stat.exists
|
||||
and
|
||||
k3s_installed.rc == 0
|
||||
not node_k3s.installed | bool
|
||||
)
|
||||
or
|
||||
'calico_manifest' in ansible_run_tags
|
||||
@ -333,19 +546,23 @@
|
||||
ansible.builtin.command:
|
||||
cmd: update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||
changed_when: false
|
||||
when: >
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install K3s (prime master)
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||
INSTALL_K3S_VERSION="{{ node_k3s.desired_version }}" \
|
||||
/tmp/install.sh {% if nfc_role_kubernetes_etcd_enabled %}--cluster-init{% endif %}
|
||||
changed_when: false
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install Calico Operator
|
||||
@ -362,12 +579,14 @@
|
||||
'operator_calico' in ansible_run_tags
|
||||
)
|
||||
or
|
||||
not file_calico_yaml_metadata.stat.exists
|
||||
not file_calico_yaml_metadata.stat.exists | default(false)
|
||||
)
|
||||
and
|
||||
'calico_manifest' not in ansible_run_tags
|
||||
and
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install MetalLB Operator
|
||||
@ -386,7 +605,9 @@
|
||||
when: >-
|
||||
nfc_kubernetes_enable_metallb | default(false) | bool
|
||||
and
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Wait for kubernetes prime to be ready
|
||||
@ -400,7 +621,7 @@
|
||||
exit 127;
|
||||
fi
|
||||
executable: /bin/bash
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
register: kubernetes_ready_check
|
||||
retries: 30
|
||||
@ -411,6 +632,22 @@
|
||||
kubernetes_ready_check.rc != 0
|
||||
changed_when: false
|
||||
failed_when: kubernetes_ready_check.rc != 0
|
||||
when: >
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
and
|
||||
not ansible_check_mode
|
||||
|
||||
|
||||
- name: Config Link
|
||||
ansible.builtin.shell:
|
||||
cmd: >
|
||||
ln -s /etc/rancher/k3s/k3s.yaml ~/.kube/config
|
||||
executable: bash
|
||||
creates: ~/.kube/config
|
||||
when: >
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install olm
|
||||
@ -424,9 +661,11 @@
|
||||
install_olm.rc == 1
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
nfc_role_kubernetes_install_olm | default(false) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Uninstall OLM
|
||||
@ -452,9 +691,11 @@
|
||||
failed_when: false
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
'olm_uninstall' in ansible_run_tags
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Enable Cluster Encryption
|
||||
@ -463,10 +704,12 @@
|
||||
changed_when: false
|
||||
failed_when: false # New cluster will fail
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
kubernetes_config.cluster.networking.encrypt | default(false) | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
and
|
||||
(
|
||||
'calico_manifest' in ansible_run_tags
|
||||
or
|
||||
@ -481,18 +724,22 @@
|
||||
- name: Fetch Join Token
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/rancher/k3s/server/token
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
register: k3s_join_token
|
||||
no_log: true # Value is sensitive
|
||||
when: >
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Create Token fact
|
||||
ansible.builtin.set_fact:
|
||||
k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
no_log: true # Value is sensitive
|
||||
when: >
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install K3s (master nodes)
|
||||
@ -500,7 +747,7 @@
|
||||
cmd: |
|
||||
INSTALL_K3S_EXEC="server" \
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||
INSTALL_K3S_VERSION="{{ node_k3s.desired_version }}" \
|
||||
K3S_TOKEN="{{ k3s_join_token }}" \
|
||||
/tmp/install.sh
|
||||
executable: /bin/bash
|
||||
@ -508,9 +755,11 @@
|
||||
when: >
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Install K3s (worker nodes)
|
||||
@ -519,18 +768,20 @@
|
||||
set -o pipefail
|
||||
INSTALL_K3S_EXEC="agent" \
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ KubernetesVersion }}{{ KubernetesVersion_k3s_prefix }}" \
|
||||
INSTALL_K3S_VERSION="v{{ node_k3s.desired_version }}" \
|
||||
K3S_TOKEN="{{ k3s_join_token }}" \
|
||||
K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name | default(inventory_hostname)].ansible_host }}:6443" \
|
||||
K3S_URL="https://{{ hostvars[nfc_role_kubernetes_node_prime].ansible_host }}:6443" \
|
||||
/tmp/install.sh -
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
when: >
|
||||
not nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
|
||||
- name: Set Kubernetes Final Install Fact
|
||||
@ -110,6 +110,7 @@
|
||||
owner: root
|
||||
group: 'root'
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
become: true
|
||||
delegate_to: localhost
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
57
roles/nfc_kubernetes/tasks/main.yaml
Normal file
57
roles/nfc_kubernetes/tasks/main.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
|
||||
- name: Default Variable adjustment [Probable Single Node Install]
|
||||
ansible.builtin.set_fact:
|
||||
cacheable: false
|
||||
nfc_role_kubernetes_prime: true
|
||||
nfc_role_kubernetes_master: true
|
||||
nfc_role_kubernetes_node_prime: "{{ inventory_hostname }}"
|
||||
when: >
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_master | bool
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes Prime Master Node
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on remaining Master Nodes
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on Worker Nodes
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when: >
|
||||
nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# IP Tables Firewall Rules for Kubernetes
|
||||
#
|
||||
# Managed By ansible/role/nfc_kubernetes
|
||||
# Managed By ansible/collection/kubernetes
|
||||
#
|
||||
# Dont edit this file directly as it will be overwritten. To grant a host API access
|
||||
# edit the cluster config, adding the hostname/ip to path kubernetes_config.cluster.access
|
||||
@ -61,7 +61,7 @@
|
||||
|
||||
{%- if kubernetes_host != '' -%}
|
||||
|
||||
{%- for master_host in groups['kubernetes_master'] -%}
|
||||
{%- for master_host in groups['kubernetes_master'] | default([]) -%}
|
||||
|
||||
{%- if master_host in groups[kubernetes_config.cluster.group_name | default('me_is_optional')] | default([]) -%}
|
||||
|
||||
@ -149,8 +149,13 @@
|
||||
|
||||
{#- All cluster Hosts -#}
|
||||
|
||||
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
{%- if
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
kubernetes_host not in groups['kubernetes_master']
|
||||
and
|
||||
'-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT' not in data.firewall_rules
|
||||
-%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
@ -162,9 +167,17 @@
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-four -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see IPv6 is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see Installation-manifest-Calico_Cluster.yaml.j2 bgp is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-typha -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
#
|
||||
|
||||
{%- if
|
||||
inventory_hostname in groups['kubernetes_master']
|
||||
nfc_role_kubernetes_master
|
||||
or
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
-%}
|
||||
@ -128,6 +128,16 @@
|
||||
|
||||
{# SoF All Nodes #}
|
||||
|
||||
{%- if inventory_hostname == 'localhost' -%}
|
||||
|
||||
{%- set node_name = hostname_to_check.stdout -%}
|
||||
|
||||
{%- else -%}
|
||||
|
||||
{%- set node_name = inventory_hostname -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%
|
||||
|
||||
set all_nodes_config = {
|
||||
@ -135,7 +145,8 @@
|
||||
"system-reserved=cpu=" + kubelet_arg_system_reserved_cpu + ",memory=" + kubelet_arg_system_reserved_memory +
|
||||
",ephemeral-storage=" + kubelet_arg_system_reserved_storage
|
||||
],
|
||||
"node-name": inventory_hostname,
|
||||
"node-name": node_name,
|
||||
"resolv-conf": nfc_role_kubernetes_resolv_conf_file,
|
||||
}
|
||||
|
||||
-%}
|
||||
@ -143,13 +154,13 @@
|
||||
|
||||
{%- if groups[kubernetes_config.cluster.group_name | default('make_me_optional')] | default([]) | list | length > 0 -%}
|
||||
|
||||
{%- if k3s_installed.rc == 0 -%}
|
||||
{%- if node_k3s.installed -%}
|
||||
|
||||
{%- set ns = namespace(server=[]) -%}
|
||||
|
||||
{%- for cluster_node in groups[kubernetes_config.cluster.group_name] -%}
|
||||
|
||||
{%- if cluster_node in groups['kubernetes_master'] -%}
|
||||
{%- if cluster_node in groups['kubernetes_master'] | default([]) -%}
|
||||
|
||||
{%- if hostvars[cluster_node].host_external_ip is defined -%}
|
||||
|
||||
@ -188,7 +199,7 @@
|
||||
{%- elif
|
||||
kubernetes_config.cluster.prime.name != inventory_hostname
|
||||
and
|
||||
k3s_installed.rc == 1
|
||||
not node_k3s.installed
|
||||
-%}
|
||||
|
||||
{%- set server = (server | default([])) + [
|
||||
@ -228,7 +239,7 @@
|
||||
|
||||
|
||||
{%- if
|
||||
inventory_hostname in groups['kubernetes_master']
|
||||
nfc_role_kubernetes_master
|
||||
or
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
-%}
|
||||
90
roles/nfc_kubernetes/vars/firewall_rules.yaml
Normal file
90
roles/nfc_kubernetes/vars/firewall_rules.yaml
Normal file
@ -0,0 +1,90 @@
|
||||
---
|
||||
|
||||
kubernetes_chains:
|
||||
|
||||
- name: kubernetes-embedded-etcd
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port:
|
||||
- '2379'
|
||||
- '2380'
|
||||
comment: etcd. Servers only
|
||||
when: "{{ nfc_role_kubernetes_etcd_enabled }}"
|
||||
|
||||
- name: kubernetes-api
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '6443'
|
||||
comment: Kubernetes API access. All Cluster hosts and end users
|
||||
|
||||
- name: kubernetes-calico-bgp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '179'
|
||||
comment: Kubernetes Calico BGP. All Cluster hosts and end users
|
||||
when: false # currently hard set to false. see Installation-manifest-Calico_Cluster.yaml.j2
|
||||
|
||||
- name: kubernetes-flannel-vxlan
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '4789'
|
||||
comment: Flannel. All cluster hosts
|
||||
|
||||
- name: kubernetes-kubelet-metrics
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '10250'
|
||||
comment: Kubernetes Metrics. All cluster hosts
|
||||
|
||||
- name: kubernetes-flannel-wg-four
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '51820'
|
||||
comment: Flannel Wiregaurd IPv4. All cluster hosts
|
||||
|
||||
- name: kubernetes-flannel-wg-six
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '51821'
|
||||
comment: Flannel Wiregaurd IPv6. All cluster hosts
|
||||
when: false # ipv6 is disabled. see install.yaml sysctrl
|
||||
|
||||
- name: kubernetes-calico-typha
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '5473'
|
||||
comment: Calico networking with Typha enabled. Typha agent hosts.
|
||||
|
||||
- name: metallb-l2-tcp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: tcp
|
||||
dest:
|
||||
port: '7946'
|
||||
comment: MetalLB Gossip
|
||||
when: "{{ nfc_kubernetes_enable_metallb }}"
|
||||
|
||||
- name: metallb-l2-udp
|
||||
chain: true
|
||||
table: INPUT
|
||||
protocol: udp
|
||||
dest:
|
||||
port: '7946'
|
||||
comment: MetalLB Gossip
|
||||
when: "{{ nfc_kubernetes_enable_metallb }}"
|
||||
Reference in New Issue
Block a user