Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c2c0a9fe7d | |||
| 1f90af4eac | |||
| a01af004a7 | |||
| e002ff3749 | |||
| ece10c7ee0 | |||
| cbd2ec7ef8 | |||
| 43ddb13bdd | |||
| 310d7a1c48 | |||
| 2ebeb805e8 | |||
| 0d0d1862cc | |||
| b4c06b9f91 | |||
| 3d0dda7277 |
2
.cz.yaml
2
.cz.yaml
@ -4,5 +4,5 @@ commitizen:
|
||||
prerelease_offset: 1
|
||||
tag_format: $version
|
||||
update_changelog_on_bump: false
|
||||
version: 1.8.1-a2
|
||||
version: 1.10.0
|
||||
version_scheme: semver
|
||||
|
||||
@ -37,6 +37,8 @@
|
||||
- | # enter test container
|
||||
docker exec -i test_image_${CI_JOB_ID} ps aux
|
||||
- docker ps
|
||||
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
|
||||
- docker exec -i test_image_${CI_JOB_ID} bash -c 'apt update || true'
|
||||
- docker exec -i test_image_${CI_JOB_ID} apt update
|
||||
- docker exec -i test_image_${CI_JOB_ID} apt install -y --no-install-recommends python3-pip net-tools dnsutils iptables
|
||||
- |
|
||||
|
||||
47
CHANGELOG.md
47
CHANGELOG.md
@ -1,13 +1,29 @@
|
||||
## 1.8.1-a2 (2024-05-02)
|
||||
## 1.10.0 (2024-05-03)
|
||||
|
||||
### Feat
|
||||
|
||||
- **nfc_kubernetes**: new variable 'nfc_role_kubernetes_node_prime' to denote the hostname of the prime node
|
||||
|
||||
### Fix
|
||||
|
||||
- **nfc_kubernetes**: correct 'Create Required directories' when logic
|
||||
- **nfc_kubernetes**: only run tasks on master nodes
|
||||
- **nfc_kubernetes**: only run tasks on prime node
|
||||
- **nfc_kubernetes**: ensure correct node type selection for installation
|
||||
|
||||
### Refactor
|
||||
|
||||
- **nfc_kubernetes**: remove usage of prime node name over is_prime var
|
||||
|
||||
## 1.9.0 (2024-05-03)
|
||||
|
||||
### Feat
|
||||
|
||||
- **nfc_kubernetes**: add debug out to k3s download on failure
|
||||
|
||||
### Fix
|
||||
|
||||
- **nfc_kubernetes**: cast url var as list
|
||||
|
||||
## 1.8.1-a1 (2024-05-02)
|
||||
|
||||
### Fix
|
||||
|
||||
- **nfc_kubernetes**: correct url build to loop through all cpu arch
|
||||
|
||||
## 1.8.0 (2024-05-02)
|
||||
@ -33,8 +49,6 @@
|
||||
### Feat
|
||||
|
||||
- **kubernetes_netbox**: custom field bug work around
|
||||
- **services**: add netbox service fields
|
||||
- **role**: New role kubernetes_netbox
|
||||
|
||||
### Fix
|
||||
|
||||
@ -50,7 +64,6 @@
|
||||
- **test**: add integration test. playbook install
|
||||
- add retry=3 delay=10 secs to all ansible url modules
|
||||
- **upgrade**: If upgrade occurs, dont run remaining tasks
|
||||
- support upgrading cluster
|
||||
|
||||
### Fix
|
||||
|
||||
@ -73,19 +86,3 @@
|
||||
- **install**: "ansible_check_mode=true" no hostname check
|
||||
|
||||
## 1.3.0 (2024-03-18)
|
||||
|
||||
### Fix
|
||||
|
||||
- **handler**: add missing 'reboot_host' handler
|
||||
- **firewall**: ensure slave nodes can access ALL masters API point
|
||||
- **firewall**: dont add rules for disabled features
|
||||
|
||||
## 1.2.0 (2024-03-16)
|
||||
|
||||
### Feat
|
||||
|
||||
- **firewall**: use collection nofusscomputing.firewall to configure kubernetes firewall
|
||||
|
||||
### Fix
|
||||
|
||||
- **config**: use correct var name when setting node name
|
||||
|
||||
@ -8,7 +8,7 @@ namespace: nofusscomputing
|
||||
name: kubernetes
|
||||
|
||||
# The version of the collection. Must be compatible with semantic versioning
|
||||
version: 1.8.1-a2
|
||||
version: 1.10.0
|
||||
|
||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||
readme: README.md
|
||||
|
||||
@ -46,6 +46,8 @@ nfc_role_kubernetes_install_kubevirt: false
|
||||
|
||||
nfc_role_kubernetes_kubevirt_operator_replicas: 1
|
||||
|
||||
# nfc_role_kubernetes_node_prime: '' # Mandatory*, string. the inventory_hostname of the prime node. ONLY required for multi-node deployments
|
||||
|
||||
nfc_role_kubernetes_oidc_enabled: false
|
||||
|
||||
nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
|
||||
@ -53,8 +55,8 @@ nfc_role_kubernetes_resolv_conf_file: /etc/resolv.conf
|
||||
nfc_role_kubernetes_pod_subnet: 172.16.248.0/21
|
||||
nfc_role_kubernetes_service_subnet: 172.16.244.0/22
|
||||
|
||||
nfc_role_kubernetes_prime: true # Mandatory for a node designated as the prime master node
|
||||
nfc_role_kubernetes_master: true # Mandatory for a node designated as a master node and the prime master node
|
||||
nfc_role_kubernetes_prime: false # Mandatory for a node designated as the prime master node
|
||||
nfc_role_kubernetes_master: false # Mandatory for a node designated as a master node and the prime master node
|
||||
nfc_role_kubernetes_worker: false # Mandatory for a node designated as a worker node
|
||||
|
||||
############################################################################################################
|
||||
@ -136,7 +138,7 @@ k3s:
|
||||
# usernames: []
|
||||
# runtimeClasses: []
|
||||
# namespaces: [kube-system]
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
when: "{{ nfc_role_kubernetes_prime | bool }}"
|
||||
|
||||
|
||||
#############################################################################################
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
|
||||
- src: kubernetes-manifest-rbac.yaml.j2
|
||||
dest: /var/lib/rancher/k3s/server/manifests/rbac-authorization-common.yaml
|
||||
when: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname }}"
|
||||
when: "{{ nfc_role_kubernetes_prime | bool }}"
|
||||
|
||||
- src: iptables-kubernetes.rules.j2
|
||||
dest: "/etc/iptables-reloader/rules.d/iptables-kubernetes.rules"
|
||||
@ -71,7 +71,7 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '700'
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
when:
|
||||
kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
|
||||
or
|
||||
|
||||
@ -15,12 +15,16 @@
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
register: file_calico_yaml_metadata
|
||||
when: >
|
||||
nfc_role_kubernetes_prime | bool
|
||||
|
||||
|
||||
- name: Check for calico Operator deployment manifest
|
||||
ansible.builtin.stat:
|
||||
name: /var/lib/rancher/k3s/ansible/deployment-manifest-calico_operator.yaml
|
||||
register: file_calico_operator_yaml_metadata
|
||||
when: >
|
||||
nfc_role_kubernetes_prime | bool
|
||||
|
||||
|
||||
- name: Install dependent packages
|
||||
@ -108,12 +112,20 @@
|
||||
- name: /var/lib/rancher/k3s/server/logs
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
- name: /var/lib/rancher/k3s/server/manifests
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
- name: /var/lib/rancher/k3s/ansible
|
||||
state: directory
|
||||
mode: 700
|
||||
when: >
|
||||
{{ nfc_role_kubernetes_master | bool }}
|
||||
when: >
|
||||
item.when | default(true)
|
||||
|
||||
|
||||
- name: Add sysctl net.ipv4.ip_forward
|
||||
@ -304,62 +316,62 @@
|
||||
when: >
|
||||
file_cached_k3s_binary.stat.checksum | default('0') != node_k3s.desired_hash
|
||||
|
||||
# Workaround. See: https://github.com/ansible/awx/issues/15161
|
||||
- name: Build K3s Download URL
|
||||
ansible.builtin.set_fact:
|
||||
cacheable: false
|
||||
url_download_k3s: |-
|
||||
[
|
||||
{%- for key, value in nfc_kubernetes_install_architectures | dict2items -%}
|
||||
"https://github.com/k3s-io/k3s/releases/download/
|
||||
{{- node_k3s.desired_version | urlencode -}}
|
||||
/k3s
|
||||
{%- if key == 'aarch64' -%}
|
||||
-arm64
|
||||
{%- endif %}",
|
||||
{%- endfor -%}
|
||||
]
|
||||
changed_when: false
|
||||
check_mode: false
|
||||
delegate_to: localhost
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
vars:
|
||||
ansible_connection: local
|
||||
- name: Try / Catch
|
||||
block:
|
||||
|
||||
|
||||
- name: Download K3s Binary
|
||||
ansible.builtin.uri:
|
||||
url: "{{ url | string }}"
|
||||
method: GET
|
||||
return_content: false
|
||||
status_code:
|
||||
- 200
|
||||
- 304
|
||||
dest: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
mode: "744"
|
||||
changed_when: not ansible_check_mode
|
||||
check_mode: false
|
||||
delay: 10
|
||||
retries: 3
|
||||
register: k3s_download_files
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
(lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) != node_k3s.desired_hash
|
||||
and
|
||||
(
|
||||
k3s_download_files.status | int != 200
|
||||
or
|
||||
k3s_download_files.status | int != 304
|
||||
)
|
||||
run_once: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
loop: "{{ url_download_k3s | from_yaml }}"
|
||||
loop_control:
|
||||
loop_var: url
|
||||
vars:
|
||||
ansible_connection: local
|
||||
- name: Download K3s Binary
|
||||
ansible.builtin.uri:
|
||||
url: |-
|
||||
https://github.com/k3s-io/k3s/releases/download/
|
||||
{{- node_k3s.desired_version | urlencode -}}
|
||||
/k3s
|
||||
{%- if cpu_arch.key == 'aarch64' -%}
|
||||
-arm64
|
||||
{%- endif %}
|
||||
method: GET
|
||||
return_content: false
|
||||
status_code:
|
||||
- 200
|
||||
- 304
|
||||
dest: "/tmp/k3s.{{ ansible_architecture }}"
|
||||
mode: "744"
|
||||
changed_when: not ansible_check_mode
|
||||
check_mode: false
|
||||
delay: 10
|
||||
retries: 3
|
||||
register: k3s_download_files
|
||||
delegate_to: localhost
|
||||
failed_when: >
|
||||
(lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) != node_k3s.desired_hash
|
||||
and
|
||||
(
|
||||
k3s_download_files.status | int != 200
|
||||
or
|
||||
k3s_download_files.status | int != 304
|
||||
)
|
||||
run_once: true
|
||||
when: ansible_os_family == 'Debian'
|
||||
loop: "{{ nfc_kubernetes_install_architectures | dict2items }}"
|
||||
loop_control:
|
||||
loop_var: cpu_arch
|
||||
vars:
|
||||
ansible_connection: local
|
||||
|
||||
rescue:
|
||||
|
||||
|
||||
- name: TRACE - Debug out
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "Download file hash: {{ (lookup('ansible.builtin.file', '/tmp/k3s.' + ansible_architecture) | hash('sha256') | string) }}"
|
||||
|
||||
|
||||
- name: Fail task
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- false
|
||||
msg: "Task failed, review previous task for error"
|
||||
|
||||
|
||||
- name: Copy K3s binary to Host
|
||||
@ -499,7 +511,7 @@
|
||||
dest: /var/lib/rancher/k3s/server/manifests/calico.yaml
|
||||
when: >
|
||||
{{
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
(
|
||||
(
|
||||
@ -546,7 +558,7 @@
|
||||
/tmp/install.sh {% if nfc_role_kubernetes_etcd_enabled %}--cluster-init{% endif %}
|
||||
changed_when: false
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
@ -572,7 +584,7 @@
|
||||
and
|
||||
'calico_manifest' not in ansible_run_tags
|
||||
and
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
@ -593,7 +605,7 @@
|
||||
when: >-
|
||||
nfc_kubernetes_enable_metallb | default(false) | bool
|
||||
and
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_cluster_upgraded | default(false) | bool
|
||||
|
||||
@ -609,7 +621,7 @@
|
||||
exit 127;
|
||||
fi
|
||||
executable: /bin/bash
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
register: kubernetes_ready_check
|
||||
retries: 30
|
||||
@ -649,7 +661,7 @@
|
||||
install_olm.rc == 1
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
nfc_role_kubernetes_install_olm | default(false) | bool
|
||||
and
|
||||
@ -679,7 +691,7 @@
|
||||
failed_when: false
|
||||
register: install_olm
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
'olm_uninstall' in ansible_run_tags
|
||||
and
|
||||
@ -692,7 +704,7 @@
|
||||
changed_when: false
|
||||
failed_when: false # New cluster will fail
|
||||
when: >
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
kubernetes_config.cluster.networking.encrypt | default(false) | bool
|
||||
and
|
||||
@ -712,7 +724,7 @@
|
||||
- name: Fetch Join Token
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/rancher/k3s/server/token
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
register: k3s_join_token
|
||||
no_log: true # Value is sensitive
|
||||
@ -723,7 +735,7 @@
|
||||
- name: Create Token fact
|
||||
ansible.builtin.set_fact:
|
||||
k3s_join_token: "{{ k3s_join_token.content | b64decode | replace('\n', '') }}"
|
||||
delegate_to: "{{ kubernetes_config.cluster.prime.name | default(inventory_hostname) }}"
|
||||
delegate_to: "{{ nfc_role_kubernetes_node_prime }}"
|
||||
run_once: true
|
||||
no_log: true # Value is sensitive
|
||||
when: >
|
||||
@ -743,7 +755,7 @@
|
||||
when: >
|
||||
nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
@ -758,14 +770,14 @@
|
||||
INSTALL_K3S_SKIP_DOWNLOAD=true \
|
||||
INSTALL_K3S_VERSION="v{{ node_k3s.desired_version }}" \
|
||||
K3S_TOKEN="{{ k3s_join_token }}" \
|
||||
K3S_URL="https://{{ hostvars[kubernetes_config.cluster.prime.name | default(inventory_hostname)].ansible_host }}:6443" \
|
||||
K3S_URL="https://{{ hostvars[nfc_role_kubernetes_node_prime].ansible_host }}:6443" \
|
||||
/tmp/install.sh -
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
when: >
|
||||
not nfc_role_kubernetes_master | default(false) | bool
|
||||
and
|
||||
not kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not node_k3s.installed | bool
|
||||
and
|
||||
|
||||
@ -1,15 +1,29 @@
|
||||
---
|
||||
|
||||
- name: Default Variable adjustment [Probable Single Node Install]
|
||||
ansible.builtin.set_fact:
|
||||
cacheable: false
|
||||
nfc_role_kubernetes_prime: true
|
||||
nfc_role_kubernetes_master: true
|
||||
nfc_role_kubernetes_node_prime: "{{ inventory_hostname }}"
|
||||
when: >
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_master | bool
|
||||
|
||||
|
||||
- name: Install/Configure Kubernetes Prime Master Node
|
||||
ansible.builtin.include_tasks:
|
||||
file: install.yaml
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) == inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
@ -19,10 +33,12 @@
|
||||
tags:
|
||||
- always
|
||||
when:
|
||||
kubernetes_config.cluster.prime.name | default(inventory_hostname) != inventory_hostname
|
||||
and
|
||||
nfc_role_kubernetes_master | bool
|
||||
and
|
||||
not nfc_role_kubernetes_prime | bool
|
||||
and
|
||||
not nfc_role_kubernetes_worker | bool
|
||||
and
|
||||
not kubernetes_installed | default(false)
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user