mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2025-12-13 21:34:40 +03:00
Compare commits
16 Commits
v2.15.1
...
release-2.
| Author | SHA1 | Date | |
|---|---|---|---|
|
82e9009147 | ||
|
|
9be0304e37 | ||
|
|
e7fad8224d | ||
|
|
6f9f450cce | ||
|
|
65fafae2c5 | ||
|
|
2100d33b78 | ||
|
|
7cf6f3f3e1 | ||
|
|
383b2fcb4e | ||
|
|
ce1fdb8db1 | ||
|
|
3e8e92b51a | ||
|
|
5cf0de61a3 | ||
|
|
16c750b20a | ||
|
|
0e67e2810a | ||
|
|
45a92e406d | ||
|
|
58b926561e | ||
|
|
0bb0f4dcc5 |
@@ -1,7 +1,7 @@
|
||||
# Use imutable image tags rather than mutable tags (like ubuntu:18.04)
|
||||
FROM ubuntu:bionic-20200807
|
||||
|
||||
ENV KUBE_VERSION=v1.19.9
|
||||
ENV KUBE_VERSION=v1.19.10
|
||||
|
||||
RUN mkdir /kubespray
|
||||
WORKDIR /kubespray
|
||||
|
||||
@@ -116,7 +116,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||
## Supported Components
|
||||
|
||||
- Core
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.19.9
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.19.10
|
||||
- [etcd](https://github.com/coreos/etcd) v3.4.13
|
||||
- [docker](https://www.docker.com/) v19.03 (see note)
|
||||
- [containerd](https://containerd.io/) v1.3.9
|
||||
|
||||
@@ -15,3 +15,18 @@
|
||||
- ansible_version.string is version(maximal_ansible_version, "<")
|
||||
tags:
|
||||
- check
|
||||
|
||||
- name: "Check that python netaddr is installed"
|
||||
assert:
|
||||
msg: "Python netaddr is not present"
|
||||
that: "'127.0.0.1' | ipaddr"
|
||||
tags:
|
||||
- check
|
||||
|
||||
# CentOS 7 provides too old jinja version
|
||||
- name: "Check that jinja is not too old (install via pip)"
|
||||
assert:
|
||||
msg: "Your Jinja version is too old, install via pip"
|
||||
that: "{% set test %}It works{% endset %}{{ test == 'It works' }}"
|
||||
tags:
|
||||
- check
|
||||
|
||||
@@ -12,4 +12,3 @@ node1
|
||||
[k8s-cluster:children]
|
||||
kube-node
|
||||
kube-master
|
||||
calico-rr
|
||||
|
||||
@@ -17,7 +17,7 @@ kube_token_dir: "{{ kube_config_dir }}/tokens"
|
||||
kube_api_anonymous_auth: true
|
||||
|
||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||
kube_version: v1.19.9
|
||||
kube_version: v1.19.10
|
||||
|
||||
# Where the binaries will be downloaded.
|
||||
# Note: ensure that you've enough disk space (about 1G)
|
||||
@@ -313,3 +313,5 @@ event_ttl_duration: "1h0m0s"
|
||||
|
||||
## Automatically renew K8S control plane certificates on first Monday of each month
|
||||
auto_renew_certificates: false
|
||||
# First Monday of each month
|
||||
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00"
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
until: apt_key_download is succeeded
|
||||
retries: 4
|
||||
delay: "{{ retry_stagger | d(3) }}"
|
||||
environment: "{{ proxy_env }}"
|
||||
|
||||
- name: Add CRI-O kubic apt repo
|
||||
apt_repository:
|
||||
|
||||
@@ -118,12 +118,15 @@ crictl_checksums:
|
||||
# Kubernetes versions above Kubespray's current target version are untested and should be used with caution.
|
||||
kubelet_checksums:
|
||||
arm:
|
||||
v1.21.0: c2a3c926842c892ca3a124fb0526970e6ce1d92cb3ac35028b251a5672bb1af1
|
||||
v1.20.6: a7f89bc0810ad0cfcf8b8235b88ed84f0eb39a164ea536595d7fe461548e985b
|
||||
v1.20.5: cd04519bc8271a990380b62bd5b397ed5e21f9d81d731792b53453baea3d7cd5
|
||||
v1.20.4: 6c2dbd275d0413124bb56f347821aa11003749c3e5d31ebddec64b14dc74ea18
|
||||
v1.20.3: 64a2f413987483e131a6cbbf641c3f8a4d506d5373c04d0765ccf96b4886597d
|
||||
v1.20.2: fa4e9891c25830cd2b5ed52b524878d04554094a0578e039c2b3c28ea85a5b12
|
||||
v1.20.1: 576d89284c8fa758d7d34d789444e9a5a03f24b6400cc94bf103c1c796898dc7
|
||||
v1.20.0: 132ea2f821ec1537af34b3a1414071416149972ce93619f71730c8dd741e357c
|
||||
v1.19.10: 8512a832424dead065b28092d9e66eca17d1c8eba7af0994e7f7b287f5a76805
|
||||
v1.19.9: 0c2c22f226189764b7f4a73614e12ff0be150640f64b691327e925db125d8950
|
||||
v1.19.8: 0a68c72574a96e7ca899610084659f156c1eeb312af7fc59aa549d47411d1dab
|
||||
v1.19.7: 59284dcf4ee3f62475d0d6d1070c64e0e5362280e8d70884513e1e1cee918cb0
|
||||
@@ -152,12 +155,15 @@ kubelet_checksums:
|
||||
v1.18.1: 04d8e0a080dcb23d579c69e769e75bd5abaa1977d43550ec891560d76f1f7f37
|
||||
v1.18.0: 985c1a1b492ccc6e46e1cd454790dae539d5b93208efb05e35114f66a183de99
|
||||
arm64:
|
||||
v1.21.0: 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4
|
||||
v1.20.6: 6e7b44d1ca65f970b0646f7d093dcf0cfefc44d4a67f29d542fe1b7ca6dcf715
|
||||
v1.20.5: 2d1b6f73fd0373687c7dc6582fe5ebddfa26c3b9ef128ec3955517b9db4746f2
|
||||
v1.20.4: 66bcdc7521e226e4acaa93c08e5ea7b2f57829e1a5b9decfd2b91d237e216e1d
|
||||
v1.20.3: 29fa80790edcdfc7389b4b88cf963ce29d82e5de39bdb70f7c6dff551299b6f3
|
||||
v1.20.2: 2b2d8e567439500daa9be88c4b10ee6db7126be942ac94259b506152ee38da1e
|
||||
v1.20.1: 359025e549ec6e16ffa1aead7312934233a983a918f54686a2c34ff9a6ba6016
|
||||
v1.20.0: 47ab6c4273fc3bb0cb8ec9517271d915890c5a6b0e54b2991e7a8fbbe77b06e4
|
||||
v1.19.10: c57a464df1e0a56bcade6863f1f80def416eba5d06892644c633eb8c95444840
|
||||
v1.19.9: 796f080c53ec50b11152558b4a744432349b800e37b80516bcdc459152766a4f
|
||||
v1.19.8: a00146c16266d54f961c40fc67f92c21967596c2d730fa3dc95868d4efb44559
|
||||
v1.19.7: 473016cf1165ab5c705bd29c65451984e48deade6ff96bf861c46e15fc52ba3f
|
||||
@@ -186,12 +192,15 @@ kubelet_checksums:
|
||||
v1.18.1: 2181cde9e6b24055d262b78758b365363273896968df673eb13d4f17a4f69c4a
|
||||
v1.18.0: db91a26f8baa2bce017172305e717e77be5cfc4272592be8cb0155e1cfa7719e
|
||||
amd64:
|
||||
v1.21.0: 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35
|
||||
v1.20.6: 7688a663dd06222d337c8fdb5b05e1d9377e6d64aa048c6acf484bc3f2a596a8
|
||||
v1.20.5: 8a07891153398585a749285bb3caa2e16f0802d03ffdd5054a7ef1ef32989bea
|
||||
v1.20.4: a9f28ac492b3cbf75dee284576b2e1681e67170cd36f3f5cdc31495f1bdbf809
|
||||
v1.20.3: 8efddc4a7cc63c18f1d14bcb0879b460bbbc7358304ca10dff50907c03f04c81
|
||||
v1.20.2: 2447da8e0729ac6e4bdcb1ea7d41c8ae6e5c8565edea189434286697ccdc8d85
|
||||
v1.20.1: 2970974fa56ee90b76c7f3f8b0075f0719bb9d645aacfcef85238b68972aa9c3
|
||||
v1.20.0: ff2422571c4c1e9696e367f5f25466b96fb6e501f28aed29f414b1524a52dea0
|
||||
v1.19.10: cf2f038f1012d5883407bd82e8f0d5cd0e27c8074ab821b296c6a3214aec917e
|
||||
v1.19.9: 296e72c395f030209e712167fc5f6d2fdfe3530ca4c01bcd9bfb8c5e727c3d8d
|
||||
v1.19.8: f5cad5260c29584dd370ec13e525c945866957b1aaa719f1b871c31dc30bcb3f
|
||||
v1.19.7: d8b296825f6dd7a17287b73cd6604d32210abbba86c88fb68c1b1c5016906c54
|
||||
@@ -221,12 +230,15 @@ kubelet_checksums:
|
||||
v1.18.0: 3a90e7abf9910aebf9ef5845918c665afd4136a8832604ccfabca2defb35ce0f
|
||||
kubectl_checksums:
|
||||
arm:
|
||||
v1.21.0: 6d79f6ebec2eda45b0808a895fa5d06bd8611c02d34b584eaa94857f365b25aa
|
||||
v1.20.6: f5451e6d0e586d3643c83cfb1366b6a1fed0e8e575fa95153710af53a58cc1e1
|
||||
v1.20.5: b0b0e008dde7af257f97668620dc7b265f113833930ee03af190e7f4c4e8e545
|
||||
v1.20.4: 459bfa4f35beb3496a2685f883c105a43321288619533ec7684dce922b926f60
|
||||
v1.20.3: 72ad82d16b64dbb8c4f8eb61d710d062fe0f1ce7da94e457780948ad2e3ea9dc
|
||||
v1.20.2: a8d5b7e974200ae94a0eb3873773ec4ceffa99283f1843960d0a1b4448c2aa42
|
||||
v1.20.1: f164e6efd49a6c4a278d1317f00ee1691e7cf8531a49d10ea069f5180d3540ed
|
||||
v1.20.0: bec2b30e37056ae354ec5a86d77634a9b832ade8d9aeea7a4514cee21cb7821e
|
||||
v1.19.10: a35602edcd94d243d5c4c5ea7f75da0b0658cb8e429cb073e901d022538e14ab
|
||||
v1.19.9: 697e0c4ce9a5511705abe252c717f7d84be9eadb3dbb905bd624d31870f62f45
|
||||
v1.19.8: 4d3cba1a8005eabbf939577253cdf593be575d0e73ac47acc5090049d8a96781
|
||||
v1.19.7: 11d49f87bf8b557066c339eea4775b32dd463fc61ce24b24744f82cb412e9277
|
||||
@@ -255,12 +267,15 @@ kubectl_checksums:
|
||||
v1.18.1: 896c90b1b9d88e121876d93718591f3ecbab880b304767806c6c9fcb3b145805
|
||||
v1.18.0: 34fc6d16c2f535ed381b5fd3a4d40b642fff4f9ff95f8250b8043a29b8c062b9
|
||||
arm64:
|
||||
v1.21.0: a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d
|
||||
v1.20.6: 1d0a29420c4488b15adb44044b193588989b95515cd6c8c03907dafe9b3d53f3
|
||||
v1.20.5: bafb8af51eaacea782bf6c3574c2a531aaf14637980bfa09c43ab5023773f70c
|
||||
v1.20.4: 0fd64b3e5d3fda4637c174a5aea0119b46d6cbede591a4dc9130a81481fc952f
|
||||
v1.20.3: 5bd714a08410dbe7c69e61f0209973ccdffe6fe93de5a12d1707f9a40abec60d
|
||||
v1.20.2: 37fdba9fcd43cafba11ac4f82692e41aca41b59f44fd968fd84c263d71af580f
|
||||
v1.20.1: 1ed8762306d4d09574150ffc666a04e5a79ca08e53570cd34977fab4fc7c4611
|
||||
v1.20.0: 25e4465870c99167e6c466623ed8f05a1d20fbcb48cab6688109389b52d87623
|
||||
v1.19.10: 343ba2807f167ded0672fed23e5d7b34d8c5bbddbe1998d09a8198a65d8ec8b5
|
||||
v1.19.9: 628627d01c9eaf624ffe3cf1195947a256ea5f842851e42682057e4233a9e283
|
||||
v1.19.8: 8f037ab2aa798bbc66ebd1d52653f607f223b07813bcf98d9c1d0c0e136910ec
|
||||
v1.19.7: a0f58222e8d62b86b1148746531fa0c3b91fa208586cb068883550fc3dcd498b
|
||||
@@ -289,12 +304,15 @@ kubectl_checksums:
|
||||
v1.18.1: 39e9645c6bed1e7340b3d764db983b9fc35326b11325fd509c3660c9f55469ed
|
||||
v1.18.0: 0de307f90502cd58e5785cdcbebeb552df81fa2399190f8a662afea9e30bc74d
|
||||
amd64:
|
||||
v1.21.0: 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0
|
||||
v1.20.6: 89ae000df6bbdf38ae4307cc4ecc0347d5c871476862912c0a765db9bf05284e
|
||||
v1.20.5: 7f9dbb80190945a5077dc5f4230202c22f68f9bd7f20c213c3cf5a74abf55e56
|
||||
v1.20.4: 98e8aea149b00f653beeb53d4bd27edda9e73b48fed156c4a0aa1dabe4b1794c
|
||||
v1.20.3: 9124ace617387fdb78b95a9b2551d1b447bc8007caea68359743895784262fc8
|
||||
v1.20.2: 2583b1c9fbfc5443a722fb04cf0cc83df18e45880a2cf1f6b52d9f595c5beb88
|
||||
v1.20.1: 3f4b52a8072013e4cd34c9ea07e3c0c4e0350b227e00507fb1ae44a9adbf6785
|
||||
v1.20.0: a5895007f331f08d2e082eb12458764949559f30bcc5beae26c38f3e2724262c
|
||||
v1.19.10: dbacc1a372f00e2d15ad9a39925191c4e314e39b37dcac3e5b2f5e98f4be0d47
|
||||
v1.19.9: 7128c9e38ab9c445a3b02d3d0b3f0f15fe7fbca56fd87b84e575d7b29e999ad9
|
||||
v1.19.8: a0737d3a15ca177816b6fb1fd59bdd5a3751bfdc66de4e08dffddba84e38bf3f
|
||||
v1.19.7: d46eb3bbe2575e5b6bedbc6d3519424b4f2f57929d7da1ef7e11c09068f37297
|
||||
@@ -324,12 +342,15 @@ kubectl_checksums:
|
||||
v1.18.0: bb16739fcad964c197752200ff89d89aad7b118cb1de5725dc53fe924c40e3f7
|
||||
kubeadm_checksums:
|
||||
arm:
|
||||
v1.21.0: 878e4c848412c3d6ac35323e6be1bd09f9648069ea1caa8e618fd2a6a6925b2f
|
||||
v1.20.6: 8a299ce1cc63e51eb126217916fd2f57fb61bd9638467ee1219f4a81999800ce
|
||||
v1.20.5: e8f9be7ffa4eac3bd8dc32229025a17da5b4fbd527b37272b890920377406db4
|
||||
v1.20.4: 53759f7b62e465adc8bddcc11b23b87ceb263d83a965669dc4fc62bd6fdd228c
|
||||
v1.20.3: 35c78f4a86f9c3a791b3ecaf669734f790df1391e6bf310c3b2c51c3b97be05c
|
||||
v1.20.2: 83bcc176672ad55525ae87111f502d3d0cfec5bebb805634191063387298811c
|
||||
v1.20.1: 0e63af77d148e64cd1710f98d56967d5490df6a978658f6d5e2cd6b9cbf3c61a
|
||||
v1.20.0: 38829599cfcab3274e9cf1aff942db06d7ec091510399722159fa3fa49a6fef0
|
||||
v1.19.10: 9c2491590f34d8af5d1bc29569394d8ed96d88947f54c9a00d16bda486bc95f0
|
||||
v1.19.9: b60a386bbfbf2feb74cb94a62b32d47b2a85086deebc3127d62126c170077f5b
|
||||
v1.19.8: 6761f93e6983c4d7b924209a50a8664a2a78ac5dbb8c33e8e3ba898f11d49773
|
||||
v1.19.7: 48722b7c93d18a13e734200de202912a324769139d0d434ff1dfff82af164814
|
||||
@@ -358,12 +379,15 @@ kubeadm_checksums:
|
||||
v1.18.1: 4f919ad7215209dee97ea4c61668e44a2cce8f575b9cf4032e47f0c377924854
|
||||
v1.18.0: 0f05bd526bb38be11459675c69bc882a2d3e583e48339fab49b620d292c2433e
|
||||
arm64:
|
||||
v1.21.0: 50bb95d1827455346b5643dcf83a52520733c3a582b8b1ffb50f04a8e66f00e7
|
||||
v1.20.6: 33837e290bd76fcb16af27db0e814ec023c25e6c41f25a0907b48756d4a2ffc2
|
||||
v1.20.5: d3d587bb1db1411b662d4ede0305d39725a68b8453423e76b2195fa01c4f2a37
|
||||
v1.20.4: c3ff7f944826889a23a002c85e8f9f9d9a8bc95e9083fbdda59831e3e34245a7
|
||||
v1.20.3: d4699a79e99c4603adb13f87825ce1109fffefd803966f8187baeb8e25cd0060
|
||||
v1.20.2: 50f16984e4fc5681ba1fa7fb8a19fc1ca72e79ff5c16e97f5b500228efcf9a75
|
||||
v1.20.1: 91eb63944e9a033bb40dfc638913ca76e07d6877a24d25636bf833459ae90010
|
||||
v1.20.0: 16faf8bf3c94cb21dcae131cbfbd0961fc5fef37cb7e37f872ff249e235e0f46
|
||||
v1.19.10: 69bd90bb93e5560996549cf93c89b8c0a2a75d8e24504d896b303cc64018de91
|
||||
v1.19.9: 403c767bef0d681aebc45d5643787fc8c0b9344866cbd339368637a05ea1d11c
|
||||
v1.19.8: dfb838ffb88d79e4d881326f611ae5e5999accb54cdd666c75664da264b5d58e
|
||||
v1.19.7: 43615e65092de34dcaf34725d8adc0af91b660fa54a885421fdb29f743478911
|
||||
@@ -392,12 +416,15 @@ kubeadm_checksums:
|
||||
v1.18.1: 0cb6589d9b4c09b007eae977ab8a185fc4140eda886408dced4f500a508e4e83
|
||||
v1.18.0: 2ef1785159c80a9acd454a1c8be3c6b8db2260200b22e4359426e709ff786d01
|
||||
amd64:
|
||||
v1.21.0: 7bdaf0d58f0d286538376bc40b50d7e3ab60a3fe7a0709194f53f1605129550f
|
||||
v1.20.6: ff6fca46edeccd8a4dbf162079d0b3d27841b04885b3f47f80377b3a93ab1533
|
||||
v1.20.5: eecb68547f0f99951b0ed910dcb0cfa32766587cc79a53960766164a56d6aed0
|
||||
v1.20.4: dcc5629da2c31a000b9b50db077b1cd51a6840e08233fd64b67e37f3f098c392
|
||||
v1.20.3: 768896db3163d9926f1a0dcf6a7dd9eeeca64a3e162758425ec43e524ada4a5a
|
||||
v1.20.2: e0fce64f3afd3a84bce0996ccdb483812607a91f03e726231f2aaeb622bb9519
|
||||
v1.20.1: c5abaf7db925d1303866c8da6cb20ac2d4404588bc503805ef43c3cebf5ce7b9
|
||||
v1.20.0: b0ef92da9901670437af869e88c2799512bcb858b886207a081882795567e807
|
||||
v1.19.10: aff5ed83e2e3c9466f4b97b53426d9267b51b8cf5466cd375414eaa300c40ad7
|
||||
v1.19.9: 917712bbd38b625aca456ffa78bf134d64f0efb186cc5772c9844ba6d74fd920
|
||||
v1.19.8: 9c6646cdf03efc3194afc178647205195da4a43f58d0b70954953f566fa15c76
|
||||
v1.19.7: c63ef1842533cd7888c7452cab9f320dcf45fc1c173e9d40abb712d45992db24
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
|
||||
- name: download | Download files / images
|
||||
include_tasks: "{{ include_file }}"
|
||||
with_dict: "{{ downloads | combine(kubeadm_images) }}"
|
||||
loop: "{{ downloads | combine(kubeadm_images) | dict2items }}"
|
||||
vars:
|
||||
download: "{{ download_defaults | combine(item.value) }}"
|
||||
include_file: "download_{% if download.container %}container{% else %}file{% endif %}.yml"
|
||||
|
||||
@@ -7,6 +7,7 @@ local_volume_provisioner_nodelabels: []
|
||||
# - topology.kubernetes.io/zone
|
||||
# Levarages Ansibles string to Python datatype casting. Otherwise the dict_key isn't substituted
|
||||
# see https://github.com/ansible/ansible/issues/17324
|
||||
local_volume_provisioner_use_node_name_only: false
|
||||
local_volume_provisioner_storage_classes: |
|
||||
{
|
||||
"{{ local_volume_provisioner_storage_class | default('local-storage') }}": {
|
||||
|
||||
@@ -21,6 +21,9 @@ data:
|
||||
{% for nodelabel in local_volume_provisioner_nodelabels %}
|
||||
- {{ nodelabel }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if local_volume_provisioner_use_node_name_only %}
|
||||
useNodeNameOnly: "true"
|
||||
{% endif %}
|
||||
storageClassMap: |
|
||||
{% for class_name, storage_class in local_volume_provisioner_storage_classes.items() %}
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
vars:
|
||||
download: "{{ download_defaults | combine(downloads.helm) }}"
|
||||
|
||||
- name: Copy helm binary from download dir
|
||||
- name: Helm | Copy helm binary from download dir
|
||||
synchronize:
|
||||
src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm"
|
||||
dest: "{{ bin_dir }}/helm"
|
||||
@@ -14,7 +14,7 @@
|
||||
group: no
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
|
||||
- name: Check if bash_completion.d folder exists # noqa 503
|
||||
- name: Helm | Check if bash_completion.d folder exists # noqa 503
|
||||
stat:
|
||||
path: "/etc/bash_completion.d/"
|
||||
get_attributes: no
|
||||
@@ -22,14 +22,14 @@
|
||||
get_mime: no
|
||||
register: stat_result
|
||||
|
||||
- name: Get helm completion
|
||||
- name: Helm | Get helm completion
|
||||
command: "{{ bin_dir }}/helm completion bash"
|
||||
changed_when: False
|
||||
register: helm_completion
|
||||
check_mode: False
|
||||
when: stat_result.stat.exists
|
||||
|
||||
- name: Install helm completion
|
||||
- name: Helm | Install helm completion
|
||||
copy:
|
||||
dest: /etc/bash_completion.d/helm.sh
|
||||
content: "{{ helm_completion.stdout }}"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "Kubernetes Apps | Check cluster settings for MetalLB"
|
||||
- name: Kubernetes Apps | Check cluster settings for MetalLB
|
||||
fail:
|
||||
msg: "MetalLB require kube_proxy_strict_arp = true, see https://github.com/danderson/metallb/issues/153#issuecomment-518651132"
|
||||
when:
|
||||
@@ -32,7 +32,7 @@
|
||||
- podsecuritypolicy_enabled
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: "Kubernetes Apps | Lay Down MetalLB"
|
||||
- name: Kubernetes Apps | Lay Down MetalLB
|
||||
become: true
|
||||
template: { src: "{{ item }}.j2", dest: "{{ kube_config_dir }}/{{ item }}" }
|
||||
with_items: ["metallb.yml", "metallb-config.yml"]
|
||||
@@ -40,7 +40,7 @@
|
||||
when:
|
||||
- "inventory_hostname == groups['kube-master'][0]"
|
||||
|
||||
- name: "Kubernetes Apps | Install and configure MetalLB"
|
||||
- name: Kubernetes Apps | Install and configure MetalLB
|
||||
kube:
|
||||
name: "MetalLB"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
|
||||
@@ -197,3 +197,5 @@ event_ttl_duration: "1h0m0s"
|
||||
|
||||
## Automatically renew K8S control plane certificates on first Monday of each month
|
||||
auto_renew_certificates: false
|
||||
# First Monday of each month
|
||||
auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00"
|
||||
|
||||
@@ -12,20 +12,6 @@
|
||||
tags:
|
||||
- network
|
||||
|
||||
- name: Ensure etcdctl binary is installed
|
||||
include_tasks: "{{ role_path }}/../../etcd/tasks/install_host.yml"
|
||||
vars:
|
||||
etcd_cluster_setup: true
|
||||
when: etcd_deployment_type == "host" and not etcd_kubeadm_enabled
|
||||
|
||||
- name: Ensure etcdctl binary is installed
|
||||
include_tasks: "{{ role_path }}/../../etcd/tasks/install_etcdctl_docker.yml"
|
||||
vars:
|
||||
etcd_cluster_setup: true
|
||||
etcd_retries: 4
|
||||
when:
|
||||
- etcd_deployment_type == "docker" and not etcd_kubeadm_enabled
|
||||
|
||||
- name: Ensure etcdctl script is installed
|
||||
import_role:
|
||||
name: etcdctl
|
||||
|
||||
@@ -81,12 +81,22 @@
|
||||
mode: 0640
|
||||
|
||||
- name: kubeadm | Check if apiserver.crt contains all needed SANs
|
||||
command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
|
||||
with_items: "{{ apiserver_sans }}"
|
||||
shell: |
|
||||
set -o pipefail
|
||||
for IP in {{ apiserver_ips | join(' ') }}; do
|
||||
openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkip $IP | grep -q 'does match certificate' || echo 'NEED-RENEW'
|
||||
done
|
||||
for HOST in {{ apiserver_hosts | join(' ') }}; do
|
||||
openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkhost $HOST | grep -q 'does match certificate' || echo 'NEED-RENEW'
|
||||
done
|
||||
vars:
|
||||
apiserver_ips: "{{ apiserver_sans|map('ipaddr')|reject('equalto', False)|list }}"
|
||||
apiserver_hosts: "{{ apiserver_sans|difference(apiserver_ips) }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: apiserver_sans_check
|
||||
changed_when: "'does match certificate' not in apiserver_sans_check.stdout"
|
||||
changed_when: "'NEED-RENEW' in apiserver_sans_check.stdout"
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
|
||||
- name: kubeadm | regenerate apiserver cert 1/2
|
||||
@@ -97,7 +107,6 @@
|
||||
- apiserver.crt
|
||||
- apiserver.key
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
|
||||
@@ -107,7 +116,6 @@
|
||||
init phase certs apiserver
|
||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "## Expiration before renewal ##"
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') }}certs check-expiration
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs check-expiration
|
||||
|
||||
echo "## Renewing certificates managed by kubeadm ##"
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') }}certs renew all
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs renew all
|
||||
|
||||
echo "## Restarting control plane pods managed by kubeadm ##"
|
||||
{% if container_manager == "docker" %}
|
||||
{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f"
|
||||
{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f
|
||||
{% else %}
|
||||
{{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
|
||||
{% endif %}
|
||||
@@ -20,4 +20,4 @@ echo "## Waiting for apiserver to be up again ##"
|
||||
until printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/6443; do sleep 1; done
|
||||
|
||||
echo "## Expiration after renewal ##"
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') }}certs check-expiration
|
||||
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs check-expiration
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
Description=Timer to renew K8S control plane certificates
|
||||
|
||||
[Timer]
|
||||
# First Monday of each month
|
||||
OnCalendar=Mon *-*-1..7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00
|
||||
OnCalendar={{ auto_renew_certificates_systemd_calendar }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
etc_hosts_localhosts_dict_target: >-
|
||||
{%- set target_entries = (etc_hosts_localhosts_dict|default({})).get(item.key, []) | difference(item.value.get('unexpected' ,[])) -%}
|
||||
{{ etc_hosts_localhosts_dict_target|default({}) | combine({item.key: (target_entries + item.value.expected)|unique}) }}
|
||||
with_dict: "{{ etc_hosts_localhost_entries }}"
|
||||
loop: "{{ etc_hosts_localhost_entries|dict2items }}"
|
||||
|
||||
- name: Hosts | Update (if necessary) hosts file
|
||||
lineinfile:
|
||||
@@ -66,7 +66,7 @@
|
||||
state: present
|
||||
backup: yes
|
||||
unsafe_writes: yes
|
||||
with_dict: "{{ etc_hosts_localhosts_dict_target }}"
|
||||
loop: "{{ etc_hosts_localhosts_dict_target|dict2items }}"
|
||||
|
||||
# gather facts to update ansible_fqdn
|
||||
- name: Update facts
|
||||
|
||||
@@ -15,7 +15,7 @@ is_fedora_coreos: false
|
||||
disable_swap: true
|
||||
|
||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||
kube_version: v1.19.9
|
||||
kube_version: v1.19.10
|
||||
|
||||
## The minimum version working
|
||||
kube_version_min_required: v1.18.0
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
- name: remove-node | List nodes
|
||||
command: kubectl get nodes -o go-template={% raw %}'{{ range .items }}{{ .metadata.name }}{{ "\n" }}{{ end }}'{% endraw %}
|
||||
command: >-
|
||||
{{ bin_dir }}/kubectl get nodes -o go-template={% raw %}'{{ range .items }}{{ .metadata.name }}{{ "\n" }}{{ end }}'{% endraw %}
|
||||
register: nodes
|
||||
delegate_to: "{{ groups['kube-master']|first }}"
|
||||
changed_when: false
|
||||
|
||||
@@ -202,6 +202,7 @@
|
||||
- filter
|
||||
- nat
|
||||
- mangle
|
||||
- raw
|
||||
when: flush_iptables|bool
|
||||
tags:
|
||||
- iptables
|
||||
|
||||
@@ -70,8 +70,6 @@
|
||||
roles:
|
||||
- { role: kubespray-defaults }
|
||||
tasks:
|
||||
- name: include needed vars
|
||||
include_vars: roles/kubespray-defaults/defaults/main.yaml
|
||||
- name: Upload control plane certificates
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm init phase
|
||||
|
||||
@@ -10,34 +10,29 @@
|
||||
url: "{{ item.value.url }}"
|
||||
dest: "{{ images_dir }}/{{ item.value.filename }}"
|
||||
checksum: "{{ item.value.checksum }}"
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
|
||||
- name: Unxz compressed images
|
||||
command: unxz --force {{ images_dir }}/{{ item.value.filename }}
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
when:
|
||||
- item.value.filename.endswith('.xz')
|
||||
|
||||
- name: Convert images which is not in qcow2 format
|
||||
command: qemu-img convert -O qcow2 {{ images_dir }}/{{ item.value.filename.rstrip('.xz') }} {{ images_dir }}/{{ item.key }}.qcow2
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
when:
|
||||
- not (item.value.converted|bool)
|
||||
|
||||
- name: Make sure all images are ending with qcow2
|
||||
command: cp {{ images_dir }}/{{ item.value.filename.rstrip('.xz') }} {{ images_dir }}/{{ item.key }}.qcow2
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
when:
|
||||
- item.value.converted|bool
|
||||
|
||||
- name: Resize images # noqa 301
|
||||
command: qemu-img resize {{ images_dir }}/{{ item.key }}.qcow2 +8G
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
|
||||
# STEP 2: Include the images inside a container
|
||||
- name: Template default Dockerfile
|
||||
@@ -47,16 +42,14 @@
|
||||
|
||||
- name: Create docker images for each OS # noqa 301
|
||||
command: docker build -t {{ registry }}/vm-{{ item.key }}:{{ item.value.tag }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
|
||||
- name: docker login # noqa 301
|
||||
command: docker login -u="{{ docker_user }}" -p="{{ docker_password }}" "{{ docker_host }}"
|
||||
|
||||
- name: docker push image # noqa 301
|
||||
command: docker push {{ registry }}/vm-{{ item.key }}:{{ item.value.tag }}
|
||||
with_dict:
|
||||
- "{{ images }}"
|
||||
loop: "{{ images|dict2items }}"
|
||||
|
||||
- name: docker logout # noqa 301
|
||||
command: docker logout -u="{{ docker_user }}" "{{ docker_host }}"
|
||||
|
||||
@@ -13,3 +13,5 @@ typha_enabled: true
|
||||
calico_backend: kdd
|
||||
typha_secure: true
|
||||
disable_ipv6_dns: true
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -12,3 +12,5 @@ dns_min_replicas: 1
|
||||
typha_enabled: true
|
||||
calico_backend: kdd
|
||||
typha_secure: true
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -13,3 +13,5 @@ etcd_deployment_type: host
|
||||
|
||||
# required
|
||||
calico_iptables_backend: "Auto"
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -14,3 +14,5 @@ helm_enabled: true
|
||||
# https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
|
||||
http_proxy: http://172.30.30.30:8888
|
||||
https_proxy: http://172.30.30.30:8888
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -10,3 +10,5 @@ enable_nodelocaldns: false
|
||||
dns_min_replicas: 1
|
||||
kube_proxy_masquerade_all: true
|
||||
macvlan_interface: "eth0"
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -10,3 +10,5 @@ kube_network_plugin: calico
|
||||
|
||||
# Only docker package 20.10 for Fedora33
|
||||
docker_version: '20.10'
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -11,3 +11,5 @@ dns_min_replicas: 1
|
||||
|
||||
# test Ambassador
|
||||
ingress_ambassador_enabled: true
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -9,3 +9,5 @@ kube_network_plugin: canal
|
||||
dynamic_kubelet_configuration: true
|
||||
deploy_netchecker: true
|
||||
dns_min_replicas: 1
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -7,3 +7,5 @@ mode: separate
|
||||
kube_network_plugin: weave
|
||||
deploy_netchecker: true
|
||||
dns_min_replicas: 1
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -8,3 +8,5 @@ kube_network_plugin: cilium
|
||||
deploy_netchecker: true
|
||||
enable_network_policy: true
|
||||
dns_min_replicas: 1
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
@@ -12,3 +12,5 @@ dns_min_replicas: 1
|
||||
# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
|
||||
kube_proxy_mode: iptables
|
||||
enable_nodelocaldns: False
|
||||
|
||||
auto_renew_certificates: true
|
||||
|
||||
Reference in New Issue
Block a user