Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 053d1f17ec | |||
| 17ff472577 | |||
| ec94414383 | |||
| 1faae0327e | |||
| 17e3318c3c | |||
| 89b5593abf | |||
| 10eae79a74 |
2
.cz.yaml
2
.cz.yaml
@ -4,5 +4,5 @@ commitizen:
|
||||
prerelease_offset: 1
|
||||
tag_format: $version
|
||||
update_changelog_on_bump: false
|
||||
version: 1.2.0
|
||||
version: 1.3.0
|
||||
version_scheme: semver
|
||||
|
||||
19
CHANGELOG.md
19
CHANGELOG.md
@ -1,3 +1,15 @@
|
||||
## 1.3.0 (2024-03-18)
|
||||
|
||||
### Feat
|
||||
|
||||
- dont attempt to install if already installed
|
||||
|
||||
### Fix
|
||||
|
||||
- **handler**: add missing 'reboot_host' handler
|
||||
- **firewall**: ensure slave nodes can access ALL masters API point
|
||||
- **firewall**: dont add rules for disabled features
|
||||
|
||||
## 1.2.0 (2024-03-16)
|
||||
|
||||
### Feat
|
||||
@ -41,14 +53,9 @@
|
||||
|
||||
## 1.0.0 (2024-03-13)
|
||||
|
||||
### BREAKING CHANGE
|
||||
|
||||
- Repository restructure from Ansible Role to Ansible Collection
|
||||
|
||||
### Feat
|
||||
|
||||
- **playbook**: add the install playbook
|
||||
- restructure repository as ansible collection
|
||||
|
||||
### Refactor
|
||||
|
||||
@ -63,8 +70,6 @@
|
||||
|
||||
- remove old var and update kube version
|
||||
- install helm binary
|
||||
- disable node ipv6 support
|
||||
- **kubevirt**: install virtctl plugin
|
||||
|
||||
### Refactor
|
||||
|
||||
|
||||
@ -46,6 +46,11 @@ ansible-playbook nofusscomputing.kubernetes.install
|
||||
|
||||
```
|
||||
|
||||
!!! danger
|
||||
By default when the install task is run, The firewall is also configured. The default sets the `FORWARD` and `INPUT` tables to have a policy of `DROP`. Failing to add any required additional rules before installing/configuring kubernetes will cause you to not have remote access to the machine.
|
||||
|
||||
You are encouraged to run `ansible-playbook nofusscomputing.firewall.install` with your rules configured within your inventory first. see the [firewall docs](../firewall/index.md) for more information.
|
||||
|
||||
The install playbook has a dynamic `hosts` key. This has been done to specifically support running the playbook from AWX and being able to populate the field from the survey feature. Order of precedence for the host variable is as follows:
|
||||
|
||||
- `nfc_pb_host` set to any valid value that a playbook `hosts` key can accept
|
||||
|
||||
@ -8,7 +8,7 @@ namespace: nofusscomputing
|
||||
name: kubernetes
|
||||
|
||||
# The version of the collection. Must be compatible with semantic versioning
|
||||
version: 1.2.0
|
||||
version: 1.3.0
|
||||
|
||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||
readme: README.md
|
||||
|
||||
@ -1,5 +1,12 @@
|
||||
---
|
||||
|
||||
- name: Reboot Node
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 300
|
||||
listen: reboot_host
|
||||
when: ansible_connection == 'ssh'
|
||||
|
||||
|
||||
- name: Restart Kubernetes
|
||||
ansible.builtin.service:
|
||||
name: |-
|
||||
@ -32,4 +39,3 @@
|
||||
nfc_kubernetes_no_restart_slave
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
@ -9,6 +9,8 @@
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on remaining Master Nodes
|
||||
@ -20,6 +22,8 @@
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) != inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes on Worker Nodes
|
||||
@ -33,3 +37,5 @@
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
@ -149,8 +149,13 @@
|
||||
|
||||
{#- All cluster Hosts -#}
|
||||
|
||||
|
||||
{%- if nfc_role_kubernetes_master | default(false) | bool -%}
|
||||
{%- if
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
kubernetes_host not in groups['kubernetes_master']
|
||||
and
|
||||
'-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT' not in data.firewall_rules
|
||||
-%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
@ -162,9 +167,17 @@
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-four -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see IPv6 is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
{%- if false -%}{# see Installation-manifest-Calico_Cluster.yaml.j2 bgp is disabled #}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
{%- endif -%}
|
||||
|
||||
{%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-typha -s ' + kubernetes_host + ' -j ACCEPT'] -%}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user