update templates, clean and fixes for both k3s and rke2 deployments

This commit is contained in:
srwadleigh 2024-05-05 17:02:27 +00:00
parent 495e79438f
commit 3195c4a3c3
15 changed files with 58 additions and 34 deletions

View File

@ -14,9 +14,9 @@ k8s_node_ip: "{{ ansible_host }}"
# paths # paths
k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh
k8s_config_path: "/etc/rancher/{{ k8s_type }}" k8s_config_path: "/etc/rancher/{{ k8s_type }}"
k8s_cmd_path: /usr/local/bin
k8s_nm_path: /etc/NetworkManager/conf.d
k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/" k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/"
k8s_nm_path: /etc/NetworkManager/conf.d
k8s_cmd_path: /usr/local/bin
# sysctl set fs.inotify.max_user_instances # sysctl set fs.inotify.max_user_instances
k8s_inotify_max: 1024 k8s_inotify_max: 1024
@ -45,9 +45,8 @@ k8s_api_port: 6443
# misc options # misc options
k8s_debug: false k8s_debug: false
k8s_taint_servers: false k8s_taint_servers: false
k8s_flannel_wireguard: false
k8s_disable_kube_proxy: false k8s_disable_kube_proxy: false
k8s_disable_network_policy: false k8s_flannel_wireguard: false
# k8s_kubelet_args # k8s_kubelet_args
# - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi" # - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi"
@ -58,6 +57,7 @@ k8s_disable_network_policy: false
k8s_kubelet_args: k8s_kubelet_args:
- "max-pods={{ k8s_pod_limit }}" - "max-pods={{ k8s_pod_limit }}"
# Define # Define
# you can pre-generate this ina vault with the token.sh script # you can pre-generate this ina vault with the token.sh script
@ -72,10 +72,10 @@ k8s_kubelet_args:
# bootstrap | server | agent # bootstrap | server | agent
# k8s_node_type: bootstrap # k8s_node_type: bootstrap
# if defined, install manifests # if defined, install manifests from the supplied url, currently this task only supports fetching from a url
# k8s_manifests: # k8s_manifests:
# - name: cert-manager # - name: cert-manager
# path: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml # url: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
# k8s_node_taints # k8s_node_taints
# --node-taint CriticalAddonsOnly=true:NoExecute # --node-taint CriticalAddonsOnly=true:NoExecute
@ -92,6 +92,8 @@ k8s_kubelet_args:
# k8s_flannel_ipv6_masq: false # k8s_flannel_ipv6_masq: false
# k8s_flannel_external_ip: false # k8s_flannel_external_ip: false
# k8s_disable_network_policy: true
# disable builtin services # disable builtin services
# k8s_disable: # k8s_disable:
# - traefik # - traefik
@ -103,6 +105,13 @@ k8s_kubelet_args:
# canal, cilium, calico, flannel # canal, cilium, calico, flannel
# k8s_cni_type: canal # k8s_cni_type: canal
# apply manifest overrides
# k8s_cni_manifest_overrides: true
# cilium
# k8s_cilium_hubble: true
# k8s_cilium_eni: true
# disable builtin services # disable builtin services
# k8s_disable: # k8s_disable:
# - rke2-coredns # - rke2-coredns

View File

@ -100,6 +100,20 @@
- k8s-get-kubeconf - k8s-get-kubeconf
# DEPLOY MANIFESTS # DEPLOY MANIFESTS
- name: apply manifests
ansible.builtin.get_url:
url: "{{ item.url }}"
timeout: 120
dest: "{{ k8s_manifests_path }}"
owner: root
group: root
mode: 0644
loop: "{{ k8s_manifests }}"
when:
- k8s_node_type == "bootstrap"
- k8s_manifests is defined
tags:
- k8s-apply-manifests
# END Cluster Creation # END Cluster Creation
when: when:

View File

@ -13,7 +13,7 @@
dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf" dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf"
mode: 0600 mode: 0600
when: when:
- k8s_cni_type == "canal" or k8s_cni_type is not defined - k8s_cni_type is not defined or k8s_cni_type == "canal"
- k8s_has_nm - k8s_has_nm
tags: tags:
- k8s-config - k8s-config

View File

@ -7,12 +7,13 @@
when: when:
- k8s_node_type == "bootstrap" - k8s_node_type == "bootstrap"
- name: rke2 template cni manifests - name: rke2 template cni manifest override
ansible.builtin.template: ansible.builtin.template:
src: "templates/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml.j2" src: "templates/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml.j2"
dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml" dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml"
mode: 0600 mode: 0600
when: when:
- k8s_cni_manifest_overrides is defined and k8s_cni_manifest_overrides
- k8s_node_type == "bootstrap" - k8s_node_type == "bootstrap"
- name: rke2 start bootstrap node - name: rke2 start bootstrap node

View File

@ -1,4 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
token: {{ k8s_cluster_token }} token: {{ k8s_cluster_token }}
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%} {% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
@ -25,9 +25,9 @@ selinux: true
{% if k8s_disable_kube_proxy and k8s_node_type != "agent" -%} {% if k8s_disable_kube_proxy and k8s_node_type != "agent" -%}
disable-kube-proxy: true disable-kube-proxy: true
{% endif -%} {% endif -%}
{% if k8s_disable_network_policy and k8s_node_type != "agent" -%} {% if k8s_disable_network_policy is defined and k8s_disable_network_policy and k8s_node_type != "agent" -%}
disable-network-policy: true disable-network-policy: true
{% endif -%} {% endif %}
{% if k8s_disable is defined and k8s_node_type != "agent" %} {% if k8s_disable is defined and k8s_node_type != "agent" %}
# disable builtin services # disable builtin services

View File

@ -1,4 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
apiVersion: kubelet.config.k8s.io/v1beta1 apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration kind: KubeletConfiguration

View File

@ -1,4 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
# /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml # /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml
--- ---
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1

View File

@ -1,5 +1,5 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
# /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml # /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml
--- ---
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
@ -13,5 +13,7 @@ spec:
{% if k8s_flannel_wireguard %} {% if k8s_flannel_wireguard %}
backend: "wireguard" backend: "wireguard"
{% else %} {% else %}
{% if k8s_cni_interface is defined %}
iface: "{{ k8s_cni_interface }}" iface: "{{ k8s_cni_interface }}"
{% endif %} {% endif %}
{% endif %}

View File

@ -1,2 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
[keyfile] [keyfile]
unmanaged-devices=interface-name:cali*;interface-name:flannel* unmanaged-devices=interface-name:cali*;interface-name:flannel*

View File

@ -1,4 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
# /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml # /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
--- ---
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
@ -8,18 +8,20 @@ metadata:
namespace: kube-system namespace: kube-system
spec: spec:
valuesContent: |- valuesContent: |-
{% if k8s_cilium_eni is defined and k8s_cilium_eni %}
eni: eni:
enabled: true enabled: true
{% endif -%}
{% if k8s_disable_kube_proxy %} {% if k8s_disable_kube_proxy %}
kubeProxyReplacement: true kubeProxyReplacement: true
k8sServiceHost: {{ k8s_cluster_url }} k8sServiceHost: {{ k8s_cluster_url }}
k8sServicePort: {{ k8s_api_port }} k8sServicePort: {{ k8s_api_port }}
{% endif %} {% endif -%}
{% if k8s_cilium_hubble %} {% if k8s_cilium_hubble is defined and k8s_cilium_hubble %}
hubble: hubble:
enabled: true enabled: true
relay: relay:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
{% endif %} {% endif -%}

View File

@ -1,4 +1,4 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }} # template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
token: {{ k8s_cluster_token }} token: {{ k8s_cluster_token }}
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%} {% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
@ -41,13 +41,6 @@ node-ip: {{ k8s_node_ip }}
node-external-ip: {{ k8s_external_ip }} node-external-ip: {{ k8s_external_ip }}
{% endif -%} {% endif -%}
{% if k8s_flannel_backend is defined and k8s_node_type != "agent" -%}
# cofigure or disable flannel cni
flannel-backend: {{ k8s_flannel_backend }}
flannel-ipv6-masq: {{ k8s_flannel_ipv6_masq }}
flannel-external-ip: {{ k8s_flannel_external_ip }}
{% endif %}
{% if k8s_node_taints is defined -%} {% if k8s_node_taints is defined -%}
# initial node taints # initial node taints
{% for taint in k8s_node_taints -%} {% for taint in k8s_node_taints -%}

View File

@ -1,3 +1,5 @@
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
HTTP_PROXY={{ k8s_http_proxy | d() }} HTTP_PROXY={{ k8s_http_proxy | d() }}
HTTPS_PROXY={{ k8s_https_proxy | d() }} HTTPS_PROXY={{ k8s_https_proxy | d() }}
NO_PROXY={{ k8s_no_proxy | d() }} NO_PROXY={{ k8s_no_proxy | d() }}

View File

@ -1,4 +1,4 @@
--- ---
k8s_selinux: true k8s_selinux: true
k8s_has_nm: true k8s_has_nm: true
k8s_cmd_path: /usr/bin k8s_cmd_path: /bin

View File

@ -5,9 +5,8 @@ k8s_default_install_url: https://get.k3s.io
k8s_default_channel_url: https://update.k3s.io/v1-release/channels k8s_default_channel_url: https://update.k3s.io/v1-release/channels
k8s_env: k8s_env:
#K3S_KUBECONFIG_MODE: "{{ k8s_config_mode }}"
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"
INSTALL_K3S_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}" INSTALL_K3S_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
INSTALL_K3S_CHANNEL: "{{ k8s_channel | d('stable') }}" INSTALL_K3S_CHANNEL: "{{ k8s_channel | d('stable') }}"
INSTALL_K3S_VERSION: "{{ k8s_version | d() }}" INSTALL_K3S_VERSION: "{{ k8s_version | d() }}"
INSTALL_K3S_EXEC: "{{ node_type }} {{ node_install_args | d() }}" INSTALL_K3S_EXEC: "{{ node_type | d('server') }}"
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"

View File

@ -8,4 +8,4 @@ k8s_env:
INSTALL_RKE2_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}" INSTALL_RKE2_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
INSTALL_RKE2_CHANNEL: "{{ k8s_channel | d('stable') }}" INSTALL_RKE2_CHANNEL: "{{ k8s_channel | d('stable') }}"
INSTALL_RKE2_VERSION: "{{ k8s_version | d() }}" INSTALL_RKE2_VERSION: "{{ k8s_version | d() }}"
INSTALL_RKE2_TYPE: "{{ node_type }} {{ node_install_args | d() }}" INSTALL_RKE2_TYPE: "{{ node_type | d('server') }}"