Mirrors/geerlingguy.ansible-role-kubernetes
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-kubernetes.git synced 2025-08-06 13:47:31 +02:00
Code Issues Projects Releases Wiki Activity

Dynamically untaint node, fix sysctl for Ubuntu 22.04

Browse Source
This commit is contained in:
Daniel Herrmann 2022-09-23 12:39:59 +02:00
parent 6a0573270a
commit 7d651728da
2 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tasks/master-setup.yml
View File

@ -76,10 +76,24 @@
changed_when: "'created' in weave_result.stdout" changed_when: "'created' in weave_result.stdout"
when: kubernetes_pod_network.cni == 'weave' when: kubernetes_pod_network.cni == 'weave'
# TODO: Check if taint exists with something like `kubectl describe nodes` # Check if a Taint exists
# instead of using kubernetes_init_stat.stat.exists check. - name: Check if taint exists preventing pods to be scheduled on the master node
- name: Allow pods on master node (if configured). shell: |
command: "kubectl taint nodes --all node-role.kubernetes.io/master-" set -o pipefail
kubectl describe nodes | grep Taints | grep --invert-match \<none\> | sed -r 's/Taints:\s+(.*:NoSchedule)/\1/'
args:
executable: /bin/bash
register: kube_taint
# grep will exit with 1 when no results found.
# This causes the task not to halt play.
ignore_errors: true
changed_when: false
when: when:
- kubernetes_allow_pods_on_master | bool - kubernetes_allow_pods_on_master | bool
- not kubernetes_init_stat.stat.exists
# Untaint node depending on previous result
- name: Allow pods on master node (if configured).
command: "kubectl taint nodes --all {{ kube_taint.stdout }}-"
when:
- kubernetes_allow_pods_on_master | bool
- not kube_taint.failed

12
tasks/sysctl-setup.yml
View File

@ -7,11 +7,19 @@
ansible_distribution != 'Debian' ansible_distribution != 'Debian'
or ansible_distribution_major_version | int < 10 or ansible_distribution_major_version | int < 10
# See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic # See: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic
- name: Ensure br_netfilter is loaded
community.general.modprobe:
name: br_netfilter
state: present
when: >
ansible_distribution != 'Debian'
or ansible_distribution_major_version | int < 10
- name: Let iptables see bridged traffic. - name: Let iptables see bridged traffic.
sysctl: sysctl:
name: "{{ item }}" name: "{{ item }}"
value: '1' value: "1"
state: present state: present
loop: loop:
- net.bridge.bridge-nf-call-iptables - net.bridge.bridge-nf-call-iptables