move scripts back to files for ease of calling via tasks, update labels and taints, add generic agent labels, smooth out rke2 cni templates, update task labeling

2024-06-04 00:12:30 +00:00 · 2024-06-04 00:12:30 +00:00 · 11e482ae39
commit 11e482ae39
parent 18859e1700
15 changed files with 30 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -7,6 +7,7 @@ Ansible role for configuring k3s and rke2 kubernetes clusters
 - https://kube-vip.io/
 - https://github.com/sbstp/kubie
 - https://kubernetes.io/docs/tasks/tools/
+- https://helm.sh/

 ## Requirements

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -33,6 +33,9 @@ k8s_helm_install_script: "{{ k8s_install_path }}/get_helm.sh"
 # apply CriticalAddonsOnly:NoExecute to control plane nodes
 k8s_taint_servers: false

+# apply label role=agent to agent nodes
+k8s_label_agents: false
+
 # shared k8s api port
 k8s_api_port: 6443

@ -139,8 +142,9 @@ k8s_kubelet_args:
 # canal, cilium, calico, flannel
 # k8s_cni_type: canal

-# apply manifest overrides
-# k8s_cni_manifest_overrides: true
+# apply cni custom template
+# canal-config.yaml | cilium-config.yaml | calico-config.yaml
+# k8s_cni_custom_template: canal-config.yaml

 # when using canal enable wg backend
 # k8s_canal_wireguard: true
--- a/scripts/get-kube-tools.sh
+++ b/scripts/get-kube-tools.sh
--- a/scripts/get-secret.sh
+++ b/scripts/get-secret.sh
--- a/scripts/token-vault.sh
+++ b/scripts/token-vault.sh
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -37,12 +37,18 @@
    - k8s
  block:
  
-  - name: load server node taints
+  - name: add generic server taint
    ansible.builtin.include_vars:
      file:  "server-taint.yml"
    when:
      - k8s_taint_servers and k8s_node_type != "agent"
  
+  - name: add generic agent label
+    ansible.builtin.include_vars:
+      file:  "agent-label.yml"
+    when:
+      - k8s_label_agents and k8s_node_type == "agent"
+  
  - name: increase open file limit
    ansible.posix.sysctl:
      name: fs.inotify.max_user_instances
--- a/tasks/rke2/config.yml
+++ b/tasks/rke2/config.yml
@ -7,7 +7,7 @@
      - k8s-config

  # CANAL NM CONFIG
-  - name: template nm canal config
+  - name: template canal network-manager config
    ansible.builtin.template:
      src: "templates/{{ k8s_type }}/canal.conf.j2"
      dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf"
--- a/tasks/rke2/main.yml
+++ b/tasks/rke2/main.yml
@ -7,13 +7,13 @@
    when:
      - k8s_node_type == "bootstrap"

-  - name: rke2 template cni manifest override
+  - name: rke2 cni custom template
    ansible.builtin.template:
-      src: "templates/{{ k8s_type }}/{{ k8s_cni_type | d('canal') }}-config.yaml.j2"
-      dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml"
+      src: "templates/{{ k8s_type }}/cni/{{ k8s_cni_custom_template }}.j2"
+      dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_custom_template }}"
      mode: 0600
    when:
-      - k8s_cni_manifest_overrides is defined and k8s_cni_manifest_overrides
+      - k8s_cni_custom_template is defined
      - k8s_node_type == "bootstrap"

  - name: rke2 start bootstrap node
--- a/templates/k3s/config.yaml.j2
+++ b/templates/k3s/config.yaml.j2
@ -56,7 +56,7 @@ node-external-ip: {{ k8s_external_ip }}
 # initial node taints
 {% for taint in k8s_node_taints -%}
 node-taint:
-  - "{{ taint.name }}={{ taint.value }}:{{ taint.effect }}"
+  - "{{ taint.key }}={{ taint.value }}:{{ taint.effect }}"
 {% endfor -%}
 {% endif %}

@ -64,7 +64,7 @@ node-taint:
 # initial node labels
 {% for label in k8s_node_lables -%}
 node-label:
-  - "{{ label.name }}={{ label.value }}"
+  - "{{ label.key }}={{ label.value }}"
 {% endfor -%}
 {% endif %}

@ -79,7 +79,7 @@ kubelet-arg:

 {% if k8s_additional_configs is defined %}
 {% for k8s_config in k8s_additional_configs %}
-{{ k8s_config.name }}:
+{{ k8s_config.key }}:
  - "{{ k8s_config.value }}"
 {% endfor -%}
 {% endif %}
--- a/templates/rke2/cni/calico-config.yaml.j2
+++ b/templates/rke2/cni/calico-config.yaml.j2
--- a/templates/rke2/cni/canal-config.yaml.j2
+++ b/templates/rke2/cni/canal-config.yaml.j2
--- a/templates/rke2/cni/cilium-config.yaml.j2
+++ b/templates/rke2/cni/cilium-config.yaml.j2
--- a/templates/rke2/config.yaml.j2
+++ b/templates/rke2/config.yaml.j2
@ -45,7 +45,7 @@ node-external-ip: {{ k8s_external_ip }}
 # initial node taints
 {% for taint in k8s_node_taints -%}
 node-taint:
-  - "{{ taint.name }}={{ taint.value }}:{{ taint.effect }}"
+  - "{{ taint.key }}={{ taint.value }}:{{ taint.effect }}"
 {% endfor -%}
 {% endif %}

@ -53,7 +53,7 @@ node-taint:
 # initial node labels
 {% for label in k8s_node_lables -%}
 node-label:
-  - "{{ label.name }}={{ label.value }}"
+  - "{{ label.key }}={{ label.value }}"
 {% endfor -%}
 {% endif %}

@ -68,7 +68,7 @@ kubelet-arg:

 {% if k8s_additional_configs is defined %}
 {% for k8s_config in k8s_additional_configs %}
-{{ k8s_config.name }}:
+{{ k8s_config.key }}:
  - "{{ k8s_config.value }}"
 {% endfor -%}
 {% endif %}
--- a/vars/agent-label.yml
+++ b/vars/agent-label.yml
@ -0,0 +1,4 @@
+---
+k8s_node_lables:
+  - key: role
+    value: agent
--- a/vars/server-taint.yml
+++ b/vars/server-taint.yml
@ -1,5 +1,5 @@
 ---
 k8s_node_taints:
-  - name: CriticalAddonsOnly
+  - key: CriticalAddonsOnly
    value: true
    effect: NoExecute