kubespray/roles/kubernetes-apps/metallb/tasks/main.yml

---
- name: Kubernetes Apps | Check cluster settings for MetalLB
  fail:
    msg: "MetalLB require kube_proxy_strict_arp = true, see https://github.com/danderson/metallb/issues/153#issuecomment-518651132"
  when:
    - "kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp"

- name: Kubernetes Apps | Check that the deprecated 'matallb_auto_assign' variable is not used anymore
  fail:
    msg: "'matallb_auto_assign' configuration variable is deprecated, please use 'metallb_auto_assign' instead"
  when:
    - matallb_auto_assign is defined

- name: Kubernetes Apps | Check AppArmor status
  command: which apparmor_parser
  register: apparmor_status
  when:
    - podsecuritypolicy_enabled
    - inventory_hostname == groups['kube_control_plane'][0]
  failed_when: false

- name: Kubernetes Apps | Set apparmor_enabled
  set_fact:
    apparmor_enabled: "{{ apparmor_status.rc == 0 }}"
  when:
    - podsecuritypolicy_enabled
    - inventory_hostname == groups['kube_control_plane'][0]

- name: Kubernetes Apps | Lay Down MetalLB
  become: true
  template:
    src: "metallb.yaml.j2"
    dest: "{{ kube_config_dir }}/metallb.yaml"
    mode: 0644
  register: metallb_rendering
  when:
    - inventory_hostname == groups['kube_control_plane'][0]

- name: Kubernetes Apps | Install and configure MetalLB
  kube:
    name: "MetalLB"
    kubectl: "{{ bin_dir }}/kubectl"
    filename: "{{ kube_config_dir }}/metallb.yaml"
    state: "{{ metallb_rendering.changed | ternary('latest','present') }}"
    wait: true
  become: true
  when:
    - inventory_hostname == groups['kube_control_plane'][0]

- name: Kubernetes Apps | Wait for MetalLB controller to be running
  command: "{{ bin_dir }}/kubectl -n metallb-system wait --for=condition=ready pod -l app=metallb,component=controller"
  become: true
  when:
    - inventory_hostname == groups['kube_control_plane'][0]

- name: MetalLB | Address pools
  block:
    - name: MetalLB | Layout address pools template
      ansible.builtin.template:
        src: pools.yaml.j2
        dest: "{{ kube_config_dir }}/pools.yaml"
        mode: 0644
      register: pools_rendering

    - name: MetalLB | Create address pools configuration
      kube:
        name: "MetalLB"
        kubectl: "{{ bin_dir }}/kubectl"
        filename: "{{ kube_config_dir }}/pools.yaml"
        state: "{{ pools_rendering.changed | ternary('latest','present') }}"
      become: true
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
    - metallb_config.address_pools is defined

- name: MetalLB | Layer2
  block:
    - name: MetalLB | Layout layer2 template
      ansible.builtin.template:
        src: layer2.yaml.j2
        dest: "{{ kube_config_dir }}/layer2.yaml"
        mode: 0644
      register: layer2_rendering

    - name: MetalLB | Create layer2 configuration
      kube:
        name: "MetalLB"
        kubectl: "{{ bin_dir }}/kubectl"
        filename: "{{ kube_config_dir }}/layer2.yaml"
        state: "{{ layer2_rendering.changed | ternary('latest','present') }}"
      become: true
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
    - metallb_config.layer2 is defined

- name: MetalLB | Layer3
  block:
    - name: MetalLB | Layout layer3 template
      ansible.builtin.template:
        src: layer3.yaml.j2
        dest: "{{ kube_config_dir }}/layer3.yaml"
        mode: 0644
      register: layer3_rendering

    - name: MetalLB | Create layer3 configuration
      kube:
        name: "MetalLB"
        kubectl: "{{ bin_dir }}/kubectl"
        filename: "{{ kube_config_dir }}/layer3.yaml"
        state: "{{ layer3_rendering.changed | ternary('latest','present') }}"
      become: true
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
    - metallb_config.layer3 is defined


- name: Kubernetes Apps | Delete MetalLB ConfigMap
  kube:
    name: config
    kubectl: "{{ bin_dir }}/kubectl"
    resource: ConfigMap
    namespace: metallb-system
    state: absent
MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet 2018-09-04 20:17:23 +08:00			`---`
format ansible output (#7482) 2021-04-11 15:37:59 +08:00			`- name: Kubernetes Apps \| Check cluster settings for MetalLB`
MetalLB: fail if kube_proxy_strict_arp is false (#5180) When using IPVS, kube_proxy_strict_arp = true is required https://github.com/danderson/metallb/issues/153#issuecomment-518651132 Add kube_proxy_strict_arp to inventory/sample 2019-09-26 19:21:06 +08:00			`fail:`
			`msg: "MetalLB require kube_proxy_strict_arp = true, see https://github.com/danderson/metallb/issues/153#issuecomment-518651132"`
			`when:`
			`- "kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp"`
Fix metallb speaker when podsecuritypolicy_enabled=true (#5932) (#5933) 2020-04-11 14:48:03 +08:00
fix a typo in the "matallb_auto_assign" variable name (#8949) * fix a typo in the "matallb_auto_assign" variable name * add metallb check to fail when deprecated "matallb_auto_assign" variable is defined 2022-06-14 00:40:12 +08:00			`- name: Kubernetes Apps \| Check that the deprecated 'matallb_auto_assign' variable is not used anymore`
			`fail:`
			`msg: "'matallb_auto_assign' configuration variable is deprecated, please use 'metallb_auto_assign' instead"`
			`when:`
			`- matallb_auto_assign is defined`

Fix metallb speaker when podsecuritypolicy_enabled=true (#5932) (#5933) 2020-04-11 14:48:03 +08:00			`- name: Kubernetes Apps \| Check AppArmor status`
			`command: which apparmor_parser`
			`register: apparmor_status`
			`when:`
			`- podsecuritypolicy_enabled`
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation 2021-03-24 08:26:05 +08:00			`- inventory_hostname == groups['kube_control_plane'][0]`
Fix metallb speaker when podsecuritypolicy_enabled=true (#5932) (#5933) 2020-04-11 14:48:03 +08:00			`failed_when: false`

			`- name: Kubernetes Apps \| Set apparmor_enabled`
			`set_fact:`
			`apparmor_enabled: "{{ apparmor_status.rc == 0 }}"`
			`when:`
			`- podsecuritypolicy_enabled`
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation 2021-03-24 08:26:05 +08:00			`- inventory_hostname == groups['kube_control_plane'][0]`
Fix metallb speaker when podsecuritypolicy_enabled=true (#5932) (#5933) 2020-04-11 14:48:03 +08:00
format ansible output (#7482) 2021-04-11 15:37:59 +08:00			`- name: Kubernetes Apps \| Lay Down MetalLB`
MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet 2018-09-04 20:17:23 +08:00			`become: true`
Fix risky-file-permissions (#8370) When running ansible-lint directly, we can see a lot of warning message like risky-file-permissions File permissions unset or incorrect This fixes the warning messages. 2022-01-09 17:51:12 +08:00			`template:`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`src: "metallb.yaml.j2"`
			`dest: "{{ kube_config_dir }}/metallb.yaml"`
Fix risky-file-permissions (#8370) When running ansible-lint directly, we can see a lot of warning message like risky-file-permissions File permissions unset or incorrect This fixes the warning messages. 2022-01-09 17:51:12 +08:00			`mode: 0644`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`register: metallb_rendering`
MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet 2018-09-04 20:17:23 +08:00			`when:`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`- inventory_hostname == groups['kube_control_plane'][0]`
Update MetalLB and switch to CRD notation. (#9120) Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-04-14 16:14:41 +08:00
format ansible output (#7482) 2021-04-11 15:37:59 +08:00			`- name: Kubernetes Apps \| Install and configure MetalLB`
MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet 2018-09-04 20:17:23 +08:00			`kube:`
Revert "Optimize kube resources creation (#4572)" (#4621) This reverts commit f8fdc0cd939de0e46cd968c6afb0fe91b72f78d0. 2019-04-24 01:37:23 +08:00			`name: "MetalLB"`
ansible-lint: add spaces around variables [E206] (#4699) 2019-05-03 05:24:21 +08:00			`kubectl: "{{ bin_dir }}/kubectl"`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`filename: "{{ kube_config_dir }}/metallb.yaml"`
			`state: "{{ metallb_rendering.changed \| ternary('latest','present') }}"`
			`wait: true`
fix(contrib/metallb): adds missing become: true in role (#4356) On CoreOS, without this, it fails to kubectl apply MetalLB due to lack of privileges. 2019-03-18 09:15:09 +08:00			`become: true`
MetalLB as loadbalancer for on premise deployments (#3027) * add metallb as loadbalancer for on premise deployments * improve configuration * add variables to DaemonSet 2018-09-04 20:17:23 +08:00			`when:`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`- inventory_hostname == groups['kube_control_plane'][0]`

			`- name: Kubernetes Apps \| Wait for MetalLB controller to be running`
			`command: "{{ bin_dir }}/kubectl -n metallb-system wait --for=condition=ready pod -l app=metallb,component=controller"`
			`become: true`
			`when:`
			`- inventory_hostname == groups['kube_control_plane'][0]`

			`- name: MetalLB \| Address pools`
			`block:`
			`- name: MetalLB \| Layout address pools template`
			`ansible.builtin.template:`
			`src: pools.yaml.j2`
			`dest: "{{ kube_config_dir }}/pools.yaml"`
			`mode: 0644`
			`register: pools_rendering`

			`- name: MetalLB \| Create address pools configuration`
			`kube:`
			`name: "MetalLB"`
			`kubectl: "{{ bin_dir }}/kubectl"`
			`filename: "{{ kube_config_dir }}/pools.yaml"`
			`state: "{{ pools_rendering.changed \| ternary('latest','present') }}"`
			`become: true`
			`when:`
			`- inventory_hostname == groups['kube_control_plane'][0]`
			`- metallb_config.address_pools is defined`

			`- name: MetalLB \| Layer2`
			`block:`
			`- name: MetalLB \| Layout layer2 template`
			`ansible.builtin.template:`
			`src: layer2.yaml.j2`
			`dest: "{{ kube_config_dir }}/layer2.yaml"`
			`mode: 0644`
			`register: layer2_rendering`

			`- name: MetalLB \| Create layer2 configuration`
			`kube:`
			`name: "MetalLB"`
			`kubectl: "{{ bin_dir }}/kubectl"`
			`filename: "{{ kube_config_dir }}/layer2.yaml"`
			`state: "{{ layer2_rendering.changed \| ternary('latest','present') }}"`
			`become: true`
			`when:`
			`- inventory_hostname == groups['kube_control_plane'][0]`
			`- metallb_config.layer2 is defined`

			`- name: MetalLB \| Layer3`
			`block:`
			`- name: MetalLB \| Layout layer3 template`
			`ansible.builtin.template:`
			`src: layer3.yaml.j2`
			`dest: "{{ kube_config_dir }}/layer3.yaml"`
			`mode: 0644`
			`register: layer3_rendering`

			`- name: MetalLB \| Create layer3 configuration`
			`kube:`
			`name: "MetalLB"`
			`kubectl: "{{ bin_dir }}/kubectl"`
			`filename: "{{ kube_config_dir }}/layer3.yaml"`
			`state: "{{ layer3_rendering.changed \| ternary('latest','present') }}"`
			`become: true`
			`when:`
			`- inventory_hostname == groups['kube_control_plane'][0]`
			`- metallb_config.layer3 is defined`

Update MetalLB and switch to CRD notation. (#9120) Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-04-14 16:14:41 +08:00
			`- name: Kubernetes Apps \| Delete MetalLB ConfigMap`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`kube:`
Update MetalLB and switch to CRD notation. (#9120) Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-04-14 16:14:41 +08:00			`name: config`
Update MetalLB deployment, wait for resource. (#9995) * Update MetalLB deployment, wait for resource. Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> * yml to yaml, add basic test for metallb Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> --------- Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-05-31 02:37:49 +08:00			`kubectl: "{{ bin_dir }}/kubectl"`
			`resource: ConfigMap`
Update MetalLB and switch to CRD notation. (#9120) Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl> 2023-04-14 16:14:41 +08:00			`namespace: metallb-system`
			`state: absent`