Mirrors/geerlingguy.ansible-role-kubernetes
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-kubernetes.git synced 2024-11-18 19:10:39 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #126 from geerlingguy/fix-ci-updates

Browse Source 
Update Kubernetes version and try to get CI passing
This commit is contained in:
Jeff Geerling 2022-10-26 17:25:58 -05:00 committed by GitHub
commit 86ce85e819
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 76 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.travis.yml
View File

@ -1,36 +0,0 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: kubernetes
matrix:
- MOLECULE_DISTRO: centos8
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: debian10
- MOLECULE_DISTRO: debian10
MOLECULE_PLAYBOOK: playbook-calico.yml
before_install:
# Upgrade Docker to work with docker-py.
- curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash
install:
# Install test dependencies.
- pip install molecule[docker] yamllint ansible-lint docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

40
README.md
View File

@ -6,7 +6,7 @@ An Ansible Role that installs [Kubernetes](https://kubernetes.io) on Linux.
## Requirements
Requires Docker or another [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes) ; recommended role for Docker installation: `geerlingguy.docker`.
Requires a compatible [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes); recommended role for CRI installation: `geerlingguy.containerd`.
## Role Variables
@ -27,17 +27,17 @@ kubernetes_packages:
Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc.
```yaml
kubernetes_version: '1.20'
kubernetes_version_rhel_package: '1.20.4'
kubernetes_version: '1.25'
kubernetes_version_rhel_package: '1.25.1'
```
The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers.
```yaml
kubernetes_role: master
kubernetes_role: control_plane
```
Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`.
Whether the particular server will serve as a Kubernetes `control_plane` (default) or `node`. The control plane will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `control_plane`.
### Variables to configure kubeadm and kubelet with `kubeadm init` through a config file (recommended)
@ -49,7 +49,7 @@ kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-co
Path for `<FILE>`. If the directory does not exist, this role will create it.
The following variables are parsed as options to <FILE>. To understand its syntax, see https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration and https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.j2`).
The following variables are parsed as options to <FILE>. To understand its syntax, see [kubelet-integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) and [kubeadm-config-file](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file) . The skeleton (`apiVersion`, `kind`) of the config file will be created by this role, so do not define them within the variables. (See `templates/kubeadm-kubelet-config.j2`).
```yaml
kubernetes_config_init_configuration:
@ -70,14 +70,14 @@ Options under `kind: ClusterConfiguration`. Including `kubernetes_pod_network.ci
```yaml
kubernetes_config_kubelet_configuration:
cgroupDriver: cgroupfs
cgroupDriver: systemd
```
Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. To get the syntax of this options see https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file and https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration.
Options to configure kubelet on any nodes in your cluster through the `kubeadm init` process. For syntax options read the [kubelet config file](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file) and [kubelet integration](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/kubelet-integration) documentation.
NOTE: This is the recommended way to do the kubelet-configuration. Most command-line-options are deprecated.
NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with containerd instead of docker, this value should be changed to `systemd`.
NOTE: The recommended cgroupDriver depends on your [Container Runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes). When using this role with Docker instead of containerd, this value should be changed to `cgroupfs`.
```yaml
kubernetes_config_kube_proxy_configuration: {}
@ -92,7 +92,7 @@ kubernetes_kubelet_extra_args: ""
kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet
```
Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. *This is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.*
Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. **This option is deprecated. Please use `kubernetes_config_kubelet_configuration` instead.**
```yaml
kubernetes_kubeadm_init_extra_opts: ""
@ -109,10 +109,10 @@ Extra args to pass to the generated `kubeadm join` command during K8s node initi
### Additional variables
```yaml
kubernetes_allow_pods_on_master: true
kubernetes_allow_pods_on_control_plane: true
```
Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods.
Whether to remove the taint that denies pods from being deployed to the Kubernetes control plane. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes control plane which doesn't run any other pods.
```yaml
kubernetes_pod_network:
@ -137,7 +137,7 @@ kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'`
kubernetes_ignore_preflight_errors: 'all'
```
Options passed to `kubeadm init` when initializing the Kubernetes master. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
Options passed to `kubeadm init` when initializing the Kubernetes control plane. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
```yaml
kubernetes_apt_release_channel: main
@ -177,25 +177,25 @@ None.
## Example Playbooks
### Single node (master-only) cluster
### Single node (control-plane-only) cluster
```yaml
- hosts: all
vars:
kubernetes_allow_pods_on_master: true
kubernetes_allow_pods_on_control_plane: true
roles:
- geerlingguy.docker
- geerlingguy.kubernetes
```
### Two or more nodes (single master) cluster
### Two or more nodes (single control-plane) cluster
Master inventory vars:
Control plane inventory vars:
```yaml
kubernetes_role: "master"
kubernetes_role: "control_plane"
```
Node(s) inventory vars:
@ -210,14 +210,14 @@ Playbook:
- hosts: all
vars:
kubernetes_allow_pods_on_master: true
kubernetes_allow_pods_on_control_plane: true
roles:
- geerlingguy.docker
- geerlingguy.kubernetes
```
Then, log into the Kubernetes master, and run `kubectl get nodes` as root, and you should see a list of all the servers.
Then, log into the Kubernetes control plane, and run `kubectl get nodes` as root, and you should see a list of all the servers.
## License

10
defaults/main.yml
View File

@ -9,17 +9,17 @@ kubernetes_packages:
- name: kubernetes-cni
state: present
kubernetes_version: '1.20'
kubernetes_version_rhel_package: '1.20.4'
kubernetes_version: '1.25'
kubernetes_version_rhel_package: '1.25.1'
kubernetes_role: master
kubernetes_role: control_plane
# This is deprecated. Please use kubernetes_config_kubelet_configuration instead.
kubernetes_kubelet_extra_args: ""
kubernetes_kubeadm_init_extra_opts: ""
kubernetes_join_command_extra_opts: ""
kubernetes_allow_pods_on_master: true
kubernetes_allow_pods_on_control_plane: true
kubernetes_pod_network:
# Flannel CNI.
cni: 'flannel'
@ -30,7 +30,7 @@ kubernetes_pod_network:
kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml'
kubernetes_config_kubelet_configuration:
cgroupDriver: "cgroupfs"
cgroupDriver: "systemd"
kubernetes_config_init_configuration:
localAPIEndpoint:

4
meta/main.yml
View File

@ -7,12 +7,13 @@ galaxy_info:
description: Kubernetes for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
min_ansible_version: 2.10
platforms:
- name: EL
versions:
- 7
- 8
- 9
- name: Debian
versions:
- stretch
@ -23,6 +24,7 @@ galaxy_info:
- xenial
- bionic
- focal
- jammy
galaxy_tags:
- system
- containers

12
molecule/default/calico.yml
View File

@ -8,9 +8,13 @@
cni: 'calico'
cidr: '192.168.0.0/16'
# Allow swap in test environments (hard to control in some Docker envs).
kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
docker_install_compose: false
# Allow swap in test environments (hard to control in some envs).
kubernetes_config_kubelet_configuration:
cgroupDriver: "systemd"
failSwapOn: false
cgroupsPerQOS: true
enforceNodeAllocatable: ['pods']
containerd_config_cgroup_driver_systemd: true
pre_tasks:
- name: Update apt cache.
@ -29,7 +33,7 @@
action: setup
roles:
- role: geerlingguy.docker
- role: geerlingguy.containerd
- role: geerlingguy.kubernetes
post_tasks:

12
molecule/default/converge.yml
View File

@ -4,9 +4,13 @@
become: true
vars:
# Allow swap in test environments (hard to control in some Docker envs).
kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
docker_install_compose: false
# Allow swap in test environments (hard to control in some envs).
kubernetes_config_kubelet_configuration:
cgroupDriver: "systemd"
failSwapOn: false
cgroupsPerQOS: true
enforceNodeAllocatable: ['pods']
containerd_config_cgroup_driver_systemd: true
pre_tasks:
- name: Update apt cache.
@ -25,7 +29,7 @@
action: setup
roles:
- role: geerlingguy.docker
- role: geerlingguy.containerd
- role: geerlingguy.kubernetes
post_tasks:

5
molecule/default/molecule.yml
View File

@ -9,8 +9,9 @@ platforms:
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /var/lib/docker
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- /var/lib/containerd
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:

2
molecule/default/requirements.yml
View File

@ -1,2 +1,2 @@
---
- src: geerlingguy.docker
- src: geerlingguy.containerd

25
tasks/master-setup.yml → tasks/control-plane-setup.yml
View File

@ -9,7 +9,7 @@
src: "kubeadm-kubelet-config.j2"
dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}"
- name: Initialize Kubernetes master with kubeadm init
- name: Initialize Kubernetes control plane with kubeadm init
command: >
kubeadm init
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
@ -17,15 +17,30 @@
register: kubeadmin_init
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined)
- name: Initialize Kubernetes master with kubeadm init and ignore_preflight_errors
- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
command: >
kubeadm init
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
failed_when: false # TODO REMOVE
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined)
# TODO REMOVE
- name: Print kubeadm init output
debug: var=kubeadmin_init
# TODO REMOVE
- name: Get kubelet status
command: journalctl --no-pager -xeu kubelet
register: journalctl
changed_when: false
# TODO REMOVE
- name: Print kubelet status
debug: var=journalctl
- name: Print the init output to screen.
debug:
var: kubeadmin_init.stdout
@ -73,8 +88,8 @@
# TODO: Check if taint exists with something like `kubectl describe nodes`
# instead of using kubernetes_init_stat.stat.exists check.
- name: Allow pods on master node (if configured).
command: "kubectl taint nodes --all node-role.kubernetes.io/master-"
- name: Allow pods on control plane (if configured).
command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
when:
- kubernetes_allow_pods_on_master | bool
- kubernetes_allow_pods_on_control_plane | bool
- not kubernetes_init_stat.stat.exists

10
tasks/main.yml
View File

@ -34,15 +34,15 @@
path: /etc/kubernetes/admin.conf
register: kubernetes_init_stat
# Set up master.
- include_tasks: master-setup.yml
when: kubernetes_role == 'master'
# Set up control plane.
- include_tasks: control-plane-setup.yml
when: kubernetes_role == 'control_plane'
# Set up nodes.
- name: Get the kubeadm join command from the Kubernetes master.
- name: Get the kubeadm join command from the Kubernetes control plane.
command: kubeadm token create --print-join-command
changed_when: false
when: kubernetes_role == 'master'
when: kubernetes_role == 'control_plane'
register: kubernetes_join_command_result
- name: Set the kubeadm join command globally.

2
tasks/node-setup.yml
View File

@ -1,5 +1,5 @@
---
- name: Join node to Kubernetes master
- name: Join node to Kubernetes control plane.
shell: >
{{ kubernetes_join_command }}
creates=/etc/kubernetes/kubelet.conf

4
templates/kubeadm-kubelet-config.j2
View File

@ -1,10 +1,10 @@
---
apiVersion: kubeadm.k8s.io/v1beta2
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
{{ kubernetes_config_init_configuration | to_nice_yaml }}
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
apiVersion: kubeadm.k8s.io/v1beta2
{{ kubernetes_config_cluster_configuration | to_nice_yaml }}
{% if kubernetes_config_kubelet_configuration|length > 0 %}
---