update templates, clean and fixes for both k3s and rke2 deployments
This commit is contained in:
parent
495e79438f
commit
3195c4a3c3
@ -14,9 +14,9 @@ k8s_node_ip: "{{ ansible_host }}"
|
|||||||
# paths
|
# paths
|
||||||
k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh
|
k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh
|
||||||
k8s_config_path: "/etc/rancher/{{ k8s_type }}"
|
k8s_config_path: "/etc/rancher/{{ k8s_type }}"
|
||||||
k8s_cmd_path: /usr/local/bin
|
|
||||||
k8s_nm_path: /etc/NetworkManager/conf.d
|
|
||||||
k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/"
|
k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/"
|
||||||
|
k8s_nm_path: /etc/NetworkManager/conf.d
|
||||||
|
k8s_cmd_path: /usr/local/bin
|
||||||
|
|
||||||
# sysctl set fs.inotify.max_user_instances
|
# sysctl set fs.inotify.max_user_instances
|
||||||
k8s_inotify_max: 1024
|
k8s_inotify_max: 1024
|
||||||
@ -45,9 +45,8 @@ k8s_api_port: 6443
|
|||||||
# misc options
|
# misc options
|
||||||
k8s_debug: false
|
k8s_debug: false
|
||||||
k8s_taint_servers: false
|
k8s_taint_servers: false
|
||||||
k8s_flannel_wireguard: false
|
|
||||||
k8s_disable_kube_proxy: false
|
k8s_disable_kube_proxy: false
|
||||||
k8s_disable_network_policy: false
|
k8s_flannel_wireguard: false
|
||||||
|
|
||||||
# k8s_kubelet_args
|
# k8s_kubelet_args
|
||||||
# - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi"
|
# - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi"
|
||||||
@ -58,6 +57,7 @@ k8s_disable_network_policy: false
|
|||||||
k8s_kubelet_args:
|
k8s_kubelet_args:
|
||||||
- "max-pods={{ k8s_pod_limit }}"
|
- "max-pods={{ k8s_pod_limit }}"
|
||||||
|
|
||||||
|
|
||||||
# Define
|
# Define
|
||||||
|
|
||||||
# you can pre-generate this ina vault with the token.sh script
|
# you can pre-generate this ina vault with the token.sh script
|
||||||
@ -72,10 +72,10 @@ k8s_kubelet_args:
|
|||||||
# bootstrap | server | agent
|
# bootstrap | server | agent
|
||||||
# k8s_node_type: bootstrap
|
# k8s_node_type: bootstrap
|
||||||
|
|
||||||
# if defined, install manifests
|
# if defined, install manifests from the supplied url, currently this task only supports fetching from a url
|
||||||
# k8s_manifests:
|
# k8s_manifests:
|
||||||
# - name: cert-manager
|
# - name: cert-manager
|
||||||
# path: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
|
# url: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
|
||||||
|
|
||||||
# k8s_node_taints
|
# k8s_node_taints
|
||||||
# --node-taint CriticalAddonsOnly=true:NoExecute
|
# --node-taint CriticalAddonsOnly=true:NoExecute
|
||||||
@ -92,6 +92,8 @@ k8s_kubelet_args:
|
|||||||
# k8s_flannel_ipv6_masq: false
|
# k8s_flannel_ipv6_masq: false
|
||||||
# k8s_flannel_external_ip: false
|
# k8s_flannel_external_ip: false
|
||||||
|
|
||||||
|
# k8s_disable_network_policy: true
|
||||||
|
|
||||||
# disable builtin services
|
# disable builtin services
|
||||||
# k8s_disable:
|
# k8s_disable:
|
||||||
# - traefik
|
# - traefik
|
||||||
@ -103,6 +105,13 @@ k8s_kubelet_args:
|
|||||||
# canal, cilium, calico, flannel
|
# canal, cilium, calico, flannel
|
||||||
# k8s_cni_type: canal
|
# k8s_cni_type: canal
|
||||||
|
|
||||||
|
# apply manifest overrides
|
||||||
|
# k8s_cni_manifest_overrides: true
|
||||||
|
|
||||||
|
# cilium
|
||||||
|
# k8s_cilium_hubble: true
|
||||||
|
# k8s_cilium_eni: true
|
||||||
|
|
||||||
# disable builtin services
|
# disable builtin services
|
||||||
# k8s_disable:
|
# k8s_disable:
|
||||||
# - rke2-coredns
|
# - rke2-coredns
|
||||||
|
@ -100,6 +100,20 @@
|
|||||||
- k8s-get-kubeconf
|
- k8s-get-kubeconf
|
||||||
|
|
||||||
# DEPLOY MANIFESTS
|
# DEPLOY MANIFESTS
|
||||||
|
- name: apply manifests
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ item.url }}"
|
||||||
|
timeout: 120
|
||||||
|
dest: "{{ k8s_manifests_path }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
loop: "{{ k8s_manifests }}"
|
||||||
|
when:
|
||||||
|
- k8s_node_type == "bootstrap"
|
||||||
|
- k8s_manifests is defined
|
||||||
|
tags:
|
||||||
|
- k8s-apply-manifests
|
||||||
|
|
||||||
# END Cluster Creation
|
# END Cluster Creation
|
||||||
when:
|
when:
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf"
|
dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
when:
|
when:
|
||||||
- k8s_cni_type == "canal" or k8s_cni_type is not defined
|
- k8s_cni_type is not defined or k8s_cni_type == "canal"
|
||||||
- k8s_has_nm
|
- k8s_has_nm
|
||||||
tags:
|
tags:
|
||||||
- k8s-config
|
- k8s-config
|
||||||
|
@ -7,12 +7,13 @@
|
|||||||
when:
|
when:
|
||||||
- k8s_node_type == "bootstrap"
|
- k8s_node_type == "bootstrap"
|
||||||
|
|
||||||
- name: rke2 template cni manifests
|
- name: rke2 template cni manifest override
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "templates/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml.j2"
|
src: "templates/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml.j2"
|
||||||
dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml"
|
dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
when:
|
when:
|
||||||
|
- k8s_cni_manifest_overrides is defined and k8s_cni_manifest_overrides
|
||||||
- k8s_node_type == "bootstrap"
|
- k8s_node_type == "bootstrap"
|
||||||
|
|
||||||
- name: rke2 start bootstrap node
|
- name: rke2 start bootstrap node
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
|
|
||||||
token: {{ k8s_cluster_token }}
|
token: {{ k8s_cluster_token }}
|
||||||
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
||||||
@ -25,9 +25,9 @@ selinux: true
|
|||||||
{% if k8s_disable_kube_proxy and k8s_node_type != "agent" -%}
|
{% if k8s_disable_kube_proxy and k8s_node_type != "agent" -%}
|
||||||
disable-kube-proxy: true
|
disable-kube-proxy: true
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
{% if k8s_disable_network_policy and k8s_node_type != "agent" -%}
|
{% if k8s_disable_network_policy is defined and k8s_disable_network_policy and k8s_node_type != "agent" -%}
|
||||||
disable-network-policy: true
|
disable-network-policy: true
|
||||||
{% endif -%}
|
{% endif %}
|
||||||
|
|
||||||
{% if k8s_disable is defined and k8s_node_type != "agent" %}
|
{% if k8s_disable is defined and k8s_node_type != "agent" %}
|
||||||
# disable builtin services
|
# disable builtin services
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
|
|
||||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||||
kind: KubeletConfiguration
|
kind: KubeletConfiguration
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
# /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml
|
# /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml
|
||||||
---
|
---
|
||||||
apiVersion: helm.cattle.io/v1
|
apiVersion: helm.cattle.io/v1
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
# /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml
|
# /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml
|
||||||
---
|
---
|
||||||
apiVersion: helm.cattle.io/v1
|
apiVersion: helm.cattle.io/v1
|
||||||
@ -13,5 +13,7 @@ spec:
|
|||||||
{% if k8s_flannel_wireguard %}
|
{% if k8s_flannel_wireguard %}
|
||||||
backend: "wireguard"
|
backend: "wireguard"
|
||||||
{% else %}
|
{% else %}
|
||||||
|
{% if k8s_cni_interface is defined %}
|
||||||
iface: "{{ k8s_cni_interface }}"
|
iface: "{{ k8s_cni_interface }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
@ -1,2 +1,4 @@
|
|||||||
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
|
|
||||||
[keyfile]
|
[keyfile]
|
||||||
unmanaged-devices=interface-name:cali*;interface-name:flannel*
|
unmanaged-devices=interface-name:cali*;interface-name:flannel*
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
# /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
|
# /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
|
||||||
---
|
---
|
||||||
apiVersion: helm.cattle.io/v1
|
apiVersion: helm.cattle.io/v1
|
||||||
@ -8,18 +8,20 @@ metadata:
|
|||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
valuesContent: |-
|
valuesContent: |-
|
||||||
|
{% if k8s_cilium_eni is defined and k8s_cilium_eni %}
|
||||||
eni:
|
eni:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
{% endif -%}
|
||||||
{% if k8s_disable_kube_proxy %}
|
{% if k8s_disable_kube_proxy %}
|
||||||
kubeProxyReplacement: true
|
kubeProxyReplacement: true
|
||||||
k8sServiceHost: {{ k8s_cluster_url }}
|
k8sServiceHost: {{ k8s_cluster_url }}
|
||||||
k8sServicePort: {{ k8s_api_port }}
|
k8sServicePort: {{ k8s_api_port }}
|
||||||
{% endif %}
|
{% endif -%}
|
||||||
{% if k8s_cilium_hubble %}
|
{% if k8s_cilium_hubble is defined and k8s_cilium_hubble %}
|
||||||
hubble:
|
hubble:
|
||||||
enabled: true
|
enabled: true
|
||||||
relay:
|
relay:
|
||||||
enabled: true
|
enabled: true
|
||||||
ui:
|
ui:
|
||||||
enabled: true
|
enabled: true
|
||||||
{% endif %}
|
{% endif -%}
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
|
|
||||||
token: {{ k8s_cluster_token }}
|
token: {{ k8s_cluster_token }}
|
||||||
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
||||||
@ -41,13 +41,6 @@ node-ip: {{ k8s_node_ip }}
|
|||||||
node-external-ip: {{ k8s_external_ip }}
|
node-external-ip: {{ k8s_external_ip }}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
{% if k8s_flannel_backend is defined and k8s_node_type != "agent" -%}
|
|
||||||
# cofigure or disable flannel cni
|
|
||||||
flannel-backend: {{ k8s_flannel_backend }}
|
|
||||||
flannel-ipv6-masq: {{ k8s_flannel_ipv6_masq }}
|
|
||||||
flannel-external-ip: {{ k8s_flannel_external_ip }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if k8s_node_taints is defined -%}
|
{% if k8s_node_taints is defined -%}
|
||||||
# initial node taints
|
# initial node taints
|
||||||
{% for taint in k8s_node_taints -%}
|
{% for taint in k8s_node_taints -%}
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||||
|
|
||||||
HTTP_PROXY={{ k8s_http_proxy | d() }}
|
HTTP_PROXY={{ k8s_http_proxy | d() }}
|
||||||
HTTPS_PROXY={{ k8s_https_proxy | d() }}
|
HTTPS_PROXY={{ k8s_https_proxy | d() }}
|
||||||
NO_PROXY={{ k8s_no_proxy | d() }}
|
NO_PROXY={{ k8s_no_proxy | d() }}
|
@ -1,4 +1,4 @@
|
|||||||
---
|
---
|
||||||
k8s_selinux: true
|
k8s_selinux: true
|
||||||
k8s_has_nm: true
|
k8s_has_nm: true
|
||||||
k8s_cmd_path: /usr/bin
|
k8s_cmd_path: /bin
|
||||||
|
@ -5,9 +5,8 @@ k8s_default_install_url: https://get.k3s.io
|
|||||||
k8s_default_channel_url: https://update.k3s.io/v1-release/channels
|
k8s_default_channel_url: https://update.k3s.io/v1-release/channels
|
||||||
|
|
||||||
k8s_env:
|
k8s_env:
|
||||||
#K3S_KUBECONFIG_MODE: "{{ k8s_config_mode }}"
|
|
||||||
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"
|
|
||||||
INSTALL_K3S_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
INSTALL_K3S_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
||||||
INSTALL_K3S_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
INSTALL_K3S_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
||||||
INSTALL_K3S_VERSION: "{{ k8s_version | d() }}"
|
INSTALL_K3S_VERSION: "{{ k8s_version | d() }}"
|
||||||
INSTALL_K3S_EXEC: "{{ node_type }} {{ node_install_args | d() }}"
|
INSTALL_K3S_EXEC: "{{ node_type | d('server') }}"
|
||||||
|
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"
|
||||||
|
@ -8,4 +8,4 @@ k8s_env:
|
|||||||
INSTALL_RKE2_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
INSTALL_RKE2_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
||||||
INSTALL_RKE2_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
INSTALL_RKE2_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
||||||
INSTALL_RKE2_VERSION: "{{ k8s_version | d() }}"
|
INSTALL_RKE2_VERSION: "{{ k8s_version | d() }}"
|
||||||
INSTALL_RKE2_TYPE: "{{ node_type }} {{ node_install_args | d() }}"
|
INSTALL_RKE2_TYPE: "{{ node_type | d('server') }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user