2016-02-10 18:51:39 +08:00
|
|
|
---
|
2021-03-24 08:26:05 +08:00
|
|
|
- hosts: kube_control_plane[0]
|
2019-04-24 07:12:00 +08:00
|
|
|
vars:
|
2021-04-30 08:39:57 +08:00
|
|
|
test_image_repo: k8s.gcr.io/busybox
|
2019-04-24 07:12:00 +08:00
|
|
|
test_image_tag: latest
|
2016-02-10 18:51:39 +08:00
|
|
|
|
|
|
|
tasks:
|
2020-08-28 17:28:53 +08:00
|
|
|
- name: Force binaries directory for Flatcar Container Linux by Kinvolk
|
2016-11-16 01:17:30 +08:00
|
|
|
set_fact:
|
|
|
|
bin_dir: "/opt/bin"
|
2020-08-28 17:28:53 +08:00
|
|
|
when: ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
|
2016-11-16 01:17:30 +08:00
|
|
|
|
2019-05-16 15:27:43 +08:00
|
|
|
- name: Force binaries directory for other hosts
|
|
|
|
set_fact:
|
2016-11-16 01:17:30 +08:00
|
|
|
bin_dir: "/usr/local/bin"
|
2020-08-28 17:28:53 +08:00
|
|
|
when: not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
|
2016-11-16 01:17:30 +08:00
|
|
|
|
2020-09-03 22:25:41 +08:00
|
|
|
- name: Approve kubelet serving certificates
|
|
|
|
block:
|
|
|
|
|
|
|
|
- name: Get certificate signing requests
|
|
|
|
command: "{{ bin_dir }}/kubectl get csr -o name"
|
|
|
|
register: get_csr
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Check there are csrs
|
|
|
|
assert:
|
|
|
|
that: get_csr.stdout_lines | length > 0
|
|
|
|
fail_msg: kubelet_rotate_server_certificates is {{ kubelet_rotate_server_certificates }} but no csr's found
|
|
|
|
|
|
|
|
- name: Approve certificates
|
|
|
|
command: "{{ bin_dir }}/kubectl certificate approve {{ get_csr.stdout_lines | join(' ') }}"
|
|
|
|
register: certificate_approve
|
|
|
|
when: get_csr.stdout_lines | length > 0
|
|
|
|
changed_when: certificate_approve.stdout
|
|
|
|
|
2021-07-12 15:00:47 +08:00
|
|
|
- debug: # noqa unnamed-task
|
2020-09-03 22:25:41 +08:00
|
|
|
msg: "{{ certificate_approve.stdout.split('\n') }}"
|
|
|
|
|
|
|
|
when: kubelet_rotate_server_certificates | default(false)
|
|
|
|
|
2020-09-10 18:45:54 +08:00
|
|
|
- name: Create test namespace
|
|
|
|
command: "{{ bin_dir }}/kubectl create namespace test"
|
|
|
|
changed_when: false
|
2019-04-24 07:12:00 +08:00
|
|
|
|
2020-12-19 20:54:24 +08:00
|
|
|
- name: Wait for API token of test namespace
|
|
|
|
shell: "set -o pipefail && {{ bin_dir }}/kubectl describe serviceaccounts default --namespace test | grep Tokens | awk '{print $2}'"
|
|
|
|
args:
|
|
|
|
executable: /bin/bash
|
|
|
|
changed_when: false
|
|
|
|
register: default_token
|
2021-04-30 22:47:59 +08:00
|
|
|
until: default_token.stdout | length > 0
|
2020-12-19 20:54:24 +08:00
|
|
|
retries: 5
|
|
|
|
delay: 5
|
|
|
|
|
2020-09-10 18:45:54 +08:00
|
|
|
- name: Run 2 busybox pods in test ns
|
|
|
|
command: "{{ bin_dir }}/kubectl run {{ item }} --image={{ test_image_repo }}:{{ test_image_tag }} --namespace test --command -- tail -f /dev/null"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: false
|
2020-05-04 03:36:34 +08:00
|
|
|
loop:
|
|
|
|
- busybox1
|
|
|
|
- busybox2
|
2019-04-24 07:12:00 +08:00
|
|
|
|
2021-07-12 15:00:47 +08:00
|
|
|
- import_role: # noqa unnamed-task
|
2020-04-01 22:23:29 +08:00
|
|
|
name: cluster-dump
|
|
|
|
|
2020-09-10 18:45:54 +08:00
|
|
|
- name: Check that all pods are running and ready
|
|
|
|
command: "{{ bin_dir }}/kubectl get pods --namespace test --no-headers -o yaml"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: false
|
2019-04-20 21:11:40 +08:00
|
|
|
register: run_pods_log
|
2017-09-26 17:38:58 +08:00
|
|
|
until:
|
2019-04-20 21:11:40 +08:00
|
|
|
# Check that all pods are running
|
|
|
|
- '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.phase") | unique | list == ["Running"]'
|
|
|
|
# Check that all pods are ready
|
|
|
|
- '(run_pods_log.stdout | from_yaml)["items"] | map(attribute = "status.containerStatuses") | map("map", attribute = "ready") | map("min") | min'
|
|
|
|
retries: 18
|
|
|
|
delay: 10
|
|
|
|
failed_when: false
|
2016-11-28 20:18:06 +08:00
|
|
|
no_log: true
|
|
|
|
|
2020-09-10 18:45:54 +08:00
|
|
|
- name: Get pod names
|
|
|
|
command: "{{ bin_dir }}/kubectl get pods -n test -o json"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: false
|
2017-09-26 17:38:58 +08:00
|
|
|
register: pods
|
|
|
|
no_log: true
|
|
|
|
|
2021-07-12 15:00:47 +08:00
|
|
|
- debug: # noqa unnamed-task
|
2019-05-16 15:27:43 +08:00
|
|
|
msg: "{{ pods.stdout.split('\n') }}"
|
2019-04-24 07:12:00 +08:00
|
|
|
failed_when: not run_pods_log is success
|
|
|
|
|
2020-07-28 23:39:47 +08:00
|
|
|
- name: Get hostnet pods
|
2019-05-03 05:24:21 +08:00
|
|
|
command: "{{ bin_dir }}/kubectl get pods -n test -o
|
2020-06-30 03:39:59 +08:00
|
|
|
jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: false
|
2016-11-28 20:18:06 +08:00
|
|
|
register: hostnet_pods
|
2021-07-12 15:00:47 +08:00
|
|
|
ignore_errors: true # noqa ignore-errors
|
2017-09-15 20:19:37 +08:00
|
|
|
no_log: true
|
2016-11-28 20:18:06 +08:00
|
|
|
|
2020-07-28 23:39:47 +08:00
|
|
|
- name: Get running pods
|
2019-05-03 05:24:21 +08:00
|
|
|
command: "{{ bin_dir }}/kubectl get pods -n test -o
|
2020-06-30 03:39:59 +08:00
|
|
|
jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: False
|
2016-11-28 20:18:06 +08:00
|
|
|
register: running_pods
|
2017-09-15 20:19:37 +08:00
|
|
|
no_log: true
|
|
|
|
|
2020-09-10 18:45:54 +08:00
|
|
|
- name: Check kubectl output
|
|
|
|
command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide"
|
2020-07-28 23:39:47 +08:00
|
|
|
changed_when: False
|
2017-09-15 20:19:37 +08:00
|
|
|
register: get_pods
|
|
|
|
no_log: true
|
|
|
|
|
2021-07-12 15:00:47 +08:00
|
|
|
- debug: # noqa unnamed-task
|
2019-05-16 15:27:43 +08:00
|
|
|
msg: "{{ get_pods.stdout.split('\n') }}"
|
2016-02-10 18:51:39 +08:00
|
|
|
|
2019-05-16 15:27:43 +08:00
|
|
|
- name: Set networking facts
|
|
|
|
set_fact:
|
2017-02-23 22:14:28 +08:00
|
|
|
kube_pods_subnet: 10.233.64.0/18
|
2016-02-10 18:51:39 +08:00
|
|
|
pod_names: "{{ (pods.stdout | from_json)['items'] | map(attribute = 'metadata.name') | list }}"
|
2016-11-28 20:18:06 +08:00
|
|
|
pod_ips: "{{ (pods.stdout | from_json)['items'] | selectattr('status.podIP', 'defined') | map(attribute = 'status.podIP') | list }}"
|
|
|
|
pods_hostnet: |
|
|
|
|
{% set list = hostnet_pods.stdout.split(" ") %}
|
2019-05-03 05:24:21 +08:00
|
|
|
{{ list }}
|
2016-11-28 20:18:06 +08:00
|
|
|
pods_running: |
|
|
|
|
{% set list = running_pods.stdout.split(" ") %}
|
2019-05-03 05:24:21 +08:00
|
|
|
{{ list }}
|
2016-02-10 18:51:39 +08:00
|
|
|
|
|
|
|
- name: Check pods IP are in correct network
|
|
|
|
assert:
|
|
|
|
that: item | ipaddr(kube_pods_subnet)
|
2019-05-16 15:27:43 +08:00
|
|
|
when:
|
|
|
|
- not item in pods_hostnet
|
|
|
|
- item in pods_running
|
2019-05-03 05:24:21 +08:00
|
|
|
with_items: "{{ pod_ips }}"
|
2016-02-10 18:51:39 +08:00
|
|
|
|
2020-07-28 16:39:08 +08:00
|
|
|
- name: Ping between pods is working
|
|
|
|
command: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
|
2019-05-16 15:27:43 +08:00
|
|
|
when:
|
|
|
|
- not item[0] in pods_hostnet
|
|
|
|
- not item[1] in pods_hostnet
|
2016-11-28 20:18:06 +08:00
|
|
|
with_nested:
|
2019-05-03 05:24:21 +08:00
|
|
|
- "{{ pod_names }}"
|
|
|
|
- "{{ pod_ips }}"
|
2016-11-28 20:18:06 +08:00
|
|
|
|
2020-07-28 16:39:08 +08:00
|
|
|
- name: Ping between hostnet pods is working
|
|
|
|
command: "{{ bin_dir }}/kubectl -n test exec {{ item[0] }} -- ping -c 4 {{ item[1] }}"
|
2019-05-16 15:27:43 +08:00
|
|
|
when:
|
|
|
|
- item[0] in pods_hostnet
|
|
|
|
- item[1] in pods_hostnet
|
2016-11-28 20:18:06 +08:00
|
|
|
with_nested:
|
2019-05-03 05:24:21 +08:00
|
|
|
- "{{ pod_names }}"
|
|
|
|
- "{{ pod_ips }}"
|