update templates, clean and fixes for both k3s and rke2 deployments
This commit is contained in:
parent
495e79438f
commit
3195c4a3c3
@ -14,9 +14,9 @@ k8s_node_ip: "{{ ansible_host }}"
|
||||
# paths
|
||||
k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh
|
||||
k8s_config_path: "/etc/rancher/{{ k8s_type }}"
|
||||
k8s_cmd_path: /usr/local/bin
|
||||
k8s_nm_path: /etc/NetworkManager/conf.d
|
||||
k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/"
|
||||
k8s_nm_path: /etc/NetworkManager/conf.d
|
||||
k8s_cmd_path: /usr/local/bin
|
||||
|
||||
# sysctl set fs.inotify.max_user_instances
|
||||
k8s_inotify_max: 1024
|
||||
@ -45,9 +45,8 @@ k8s_api_port: 6443
|
||||
# misc options
|
||||
k8s_debug: false
|
||||
k8s_taint_servers: false
|
||||
k8s_flannel_wireguard: false
|
||||
k8s_disable_kube_proxy: false
|
||||
k8s_disable_network_policy: false
|
||||
k8s_flannel_wireguard: false
|
||||
|
||||
# k8s_kubelet_args
|
||||
# - "kube-reserved=cpu=500m,memory=1Gi,ephemeral-storage=2Gi"
|
||||
@ -58,6 +57,7 @@ k8s_disable_network_policy: false
|
||||
k8s_kubelet_args:
|
||||
- "max-pods={{ k8s_pod_limit }}"
|
||||
|
||||
|
||||
# Define
|
||||
|
||||
# you can pre-generate this ina vault with the token.sh script
|
||||
@ -72,10 +72,10 @@ k8s_kubelet_args:
|
||||
# bootstrap | server | agent
|
||||
# k8s_node_type: bootstrap
|
||||
|
||||
# if defined, install manifests
|
||||
# if defined, install manifests from the supplied url, currently this task only supports fetching from a url
|
||||
# k8s_manifests:
|
||||
# - name: cert-manager
|
||||
# path: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
|
||||
# url: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
|
||||
|
||||
# k8s_node_taints
|
||||
# --node-taint CriticalAddonsOnly=true:NoExecute
|
||||
@ -92,6 +92,8 @@ k8s_kubelet_args:
|
||||
# k8s_flannel_ipv6_masq: false
|
||||
# k8s_flannel_external_ip: false
|
||||
|
||||
# k8s_disable_network_policy: true
|
||||
|
||||
# disable builtin services
|
||||
# k8s_disable:
|
||||
# - traefik
|
||||
@ -103,6 +105,13 @@ k8s_kubelet_args:
|
||||
# canal, cilium, calico, flannel
|
||||
# k8s_cni_type: canal
|
||||
|
||||
# apply manifest overrides
|
||||
# k8s_cni_manifest_overrides: true
|
||||
|
||||
# cilium
|
||||
# k8s_cilium_hubble: true
|
||||
# k8s_cilium_eni: true
|
||||
|
||||
# disable builtin services
|
||||
# k8s_disable:
|
||||
# - rke2-coredns
|
||||
|
@ -100,6 +100,20 @@
|
||||
- k8s-get-kubeconf
|
||||
|
||||
# DEPLOY MANIFESTS
|
||||
- name: apply manifests
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ item.url }}"
|
||||
timeout: 120
|
||||
dest: "{{ k8s_manifests_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
loop: "{{ k8s_manifests }}"
|
||||
when:
|
||||
- k8s_node_type == "bootstrap"
|
||||
- k8s_manifests is defined
|
||||
tags:
|
||||
- k8s-apply-manifests
|
||||
|
||||
# END Cluster Creation
|
||||
when:
|
||||
|
@ -13,7 +13,7 @@
|
||||
dest: "{{ k8s_nm_path }}/{{ k8s_type }}-canal.conf"
|
||||
mode: 0600
|
||||
when:
|
||||
- k8s_cni_type == "canal" or k8s_cni_type is not defined
|
||||
- k8s_cni_type is not defined or k8s_cni_type == "canal"
|
||||
- k8s_has_nm
|
||||
tags:
|
||||
- k8s-config
|
||||
|
@ -7,12 +7,13 @@
|
||||
when:
|
||||
- k8s_node_type == "bootstrap"
|
||||
|
||||
- name: rke2 template cni manifests
|
||||
- name: rke2 template cni manifest override
|
||||
ansible.builtin.template:
|
||||
src: "templates/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml.j2"
|
||||
dest: "{{ k8s_manifests_path }}/{{ k8s_type }}-{{ k8s_cni_type | d('canal') }}-config.yaml"
|
||||
mode: 0600
|
||||
when:
|
||||
- k8s_cni_manifest_overrides is defined and k8s_cni_manifest_overrides
|
||||
- k8s_node_type == "bootstrap"
|
||||
|
||||
- name: rke2 start bootstrap node
|
||||
|
@ -1,4 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
token: {{ k8s_cluster_token }}
|
||||
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
||||
@ -25,9 +25,9 @@ selinux: true
|
||||
{% if k8s_disable_kube_proxy and k8s_node_type != "agent" -%}
|
||||
disable-kube-proxy: true
|
||||
{% endif -%}
|
||||
{% if k8s_disable_network_policy and k8s_node_type != "agent" -%}
|
||||
{% if k8s_disable_network_policy is defined and k8s_disable_network_policy and k8s_node_type != "agent" -%}
|
||||
disable-network-policy: true
|
||||
{% endif -%}
|
||||
{% endif %}
|
||||
|
||||
{% if k8s_disable is defined and k8s_node_type != "agent" %}
|
||||
# disable builtin services
|
||||
|
@ -1,4 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||
kind: KubeletConfiguration
|
||||
|
@ -1,4 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
# /var/lib/rancher/rke2/server/manifests/rke2-calico-config.yaml
|
||||
---
|
||||
apiVersion: helm.cattle.io/v1
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
# /var/lib/rancher/rke2/server/manifests/rke2-canal-config.yaml
|
||||
---
|
||||
apiVersion: helm.cattle.io/v1
|
||||
@ -13,5 +13,7 @@ spec:
|
||||
{% if k8s_flannel_wireguard %}
|
||||
backend: "wireguard"
|
||||
{% else %}
|
||||
{% if k8s_cni_interface is defined %}
|
||||
iface: "{{ k8s_cni_interface }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
@ -1,2 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
[keyfile]
|
||||
unmanaged-devices=interface-name:cali*;interface-name:flannel*
|
||||
|
@ -1,4 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
# /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
|
||||
---
|
||||
apiVersion: helm.cattle.io/v1
|
||||
@ -8,18 +8,20 @@ metadata:
|
||||
namespace: kube-system
|
||||
spec:
|
||||
valuesContent: |-
|
||||
{% if k8s_cilium_eni is defined and k8s_cilium_eni %}
|
||||
eni:
|
||||
enabled: true
|
||||
{% endif -%}
|
||||
{% if k8s_disable_kube_proxy %}
|
||||
kubeProxyReplacement: true
|
||||
k8sServiceHost: {{ k8s_cluster_url }}
|
||||
k8sServicePort: {{ k8s_api_port }}
|
||||
{% endif %}
|
||||
{% if k8s_cilium_hubble %}
|
||||
{% endif -%}
|
||||
{% if k8s_cilium_hubble is defined and k8s_cilium_hubble %}
|
||||
hubble:
|
||||
enabled: true
|
||||
relay:
|
||||
enabled: true
|
||||
ui:
|
||||
enabled: true
|
||||
{% endif %}
|
||||
{% endif -%}
|
||||
|
@ -1,4 +1,4 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.date }} {{ ansible_date_time.time }}
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
token: {{ k8s_cluster_token }}
|
||||
{% if k8s_cluster_url is defined and k8s_node_type != "bootstrap" -%}
|
||||
@ -41,13 +41,6 @@ node-ip: {{ k8s_node_ip }}
|
||||
node-external-ip: {{ k8s_external_ip }}
|
||||
{% endif -%}
|
||||
|
||||
{% if k8s_flannel_backend is defined and k8s_node_type != "agent" -%}
|
||||
# cofigure or disable flannel cni
|
||||
flannel-backend: {{ k8s_flannel_backend }}
|
||||
flannel-ipv6-masq: {{ k8s_flannel_ipv6_masq }}
|
||||
flannel-external-ip: {{ k8s_flannel_external_ip }}
|
||||
{% endif %}
|
||||
|
||||
{% if k8s_node_taints is defined -%}
|
||||
# initial node taints
|
||||
{% for taint in k8s_node_taints -%}
|
||||
|
@ -1,3 +1,5 @@
|
||||
# template generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
HTTP_PROXY={{ k8s_http_proxy | d() }}
|
||||
HTTPS_PROXY={{ k8s_https_proxy | d() }}
|
||||
NO_PROXY={{ k8s_no_proxy | d() }}
|
@ -1,4 +1,4 @@
|
||||
---
|
||||
k8s_selinux: true
|
||||
k8s_has_nm: true
|
||||
k8s_cmd_path: /usr/bin
|
||||
k8s_cmd_path: /bin
|
||||
|
@ -5,9 +5,8 @@ k8s_default_install_url: https://get.k3s.io
|
||||
k8s_default_channel_url: https://update.k3s.io/v1-release/channels
|
||||
|
||||
k8s_env:
|
||||
#K3S_KUBECONFIG_MODE: "{{ k8s_config_mode }}"
|
||||
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"
|
||||
INSTALL_K3S_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
||||
INSTALL_K3S_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
||||
INSTALL_K3S_VERSION: "{{ k8s_version | d() }}"
|
||||
INSTALL_K3S_EXEC: "{{ node_type }} {{ node_install_args | d() }}"
|
||||
INSTALL_K3S_EXEC: "{{ node_type | d('server') }}"
|
||||
INSTALL_K3S_SKIP_START: "{{ k8s_skip_start | d('false') }}"
|
||||
|
@ -8,4 +8,4 @@ k8s_env:
|
||||
INSTALL_RKE2_CHANNEL_URL: "{{ k8s_channel_url | d(k8s_default_channel_url) }}"
|
||||
INSTALL_RKE2_CHANNEL: "{{ k8s_channel | d('stable') }}"
|
||||
INSTALL_RKE2_VERSION: "{{ k8s_version | d() }}"
|
||||
INSTALL_RKE2_TYPE: "{{ node_type }} {{ node_install_args | d() }}"
|
||||
INSTALL_RKE2_TYPE: "{{ node_type | d('server') }}"
|
||||
|
Loading…
Reference in New Issue
Block a user