Test group membership with group_names
Testing for group membership with group names makes Kubespray more tolerant towards the structure of the inventory. Where 'inventory_hostname in groups["some_group"] would fail if "some_group" is not defined, '"some_group" in group_names' would not.pull/11559/head
parent
89ff0710e9
commit
2ec1c93897
|
@ -11,7 +11,7 @@
|
||||||
include_tasks: prep_kubeadm_images.yml
|
include_tasks: prep_kubeadm_images.yml
|
||||||
when:
|
when:
|
||||||
- not skip_downloads | default(false)
|
- not skip_downloads | default(false)
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- download
|
- download
|
||||||
- upload
|
- upload
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
get_checksum: true
|
get_checksum: true
|
||||||
get_mime: false
|
get_mime: false
|
||||||
register: etcd_member_certs
|
register: etcd_member_certs
|
||||||
when: inventory_hostname in groups['etcd']
|
when: ('etcd' in group_names)
|
||||||
with_items:
|
with_items:
|
||||||
- ca.pem
|
- ca.pem
|
||||||
- member-{{ inventory_hostname }}.pem
|
- member-{{ inventory_hostname }}.pem
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
stat:
|
stat:
|
||||||
path: "{{ etcd_cert_dir }}/{{ item }}"
|
path: "{{ etcd_cert_dir }}/{{ item }}"
|
||||||
register: etcd_node_certs
|
register: etcd_node_certs
|
||||||
when: inventory_hostname in groups['k8s_cluster']
|
when: ('k8s_cluster' in group_names)
|
||||||
with_items:
|
with_items:
|
||||||
- ca.pem
|
- ca.pem
|
||||||
- node-{{ inventory_hostname }}.pem
|
- node-{{ inventory_hostname }}.pem
|
||||||
|
@ -99,7 +99,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_member_requires_sync: true
|
etcd_member_requires_sync: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- (not etcd_member_certs.results[0].stat.exists | default(false)) or
|
- (not etcd_member_certs.results[0].stat.exists | default(false)) or
|
||||||
(not etcd_member_certs.results[1].stat.exists | default(false)) or
|
(not etcd_member_certs.results[1].stat.exists | default(false)) or
|
||||||
(not etcd_member_certs.results[2].stat.exists | default(false)) or
|
(not etcd_member_certs.results[2].stat.exists | default(false)) or
|
||||||
|
@ -115,7 +115,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
kubernetes_host_requires_sync: true
|
kubernetes_host_requires_sync: true
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster'] and
|
- ('k8s_cluster' in group_names) and
|
||||||
inventory_hostname not in groups['etcd']
|
inventory_hostname not in groups['etcd']
|
||||||
- (not etcd_node_certs.results[0].stat.exists | default(false)) or
|
- (not etcd_node_certs.results[0].stat.exists | default(false)) or
|
||||||
(not etcd_node_certs.results[1].stat.exists | default(false)) or
|
(not etcd_node_certs.results[1].stat.exists | default(false)) or
|
||||||
|
|
|
@ -79,7 +79,7 @@
|
||||||
{% endfor %}]"
|
{% endfor %}]"
|
||||||
delegate_to: "{{ groups['etcd'][0] }}"
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- sync_certs | default(false)
|
- sync_certs | default(false)
|
||||||
- inventory_hostname != groups['etcd'][0]
|
- inventory_hostname != groups['etcd'][0]
|
||||||
notify: Set etcd_secret_changed
|
notify: Set etcd_secret_changed
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
with_items: "{{ etcd_master_certs.results }}"
|
with_items: "{{ etcd_master_certs.results }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- sync_certs | default(false)
|
- sync_certs | default(false)
|
||||||
- inventory_hostname != groups['etcd'][0]
|
- inventory_hostname != groups['etcd'][0]
|
||||||
loop_control:
|
loop_control:
|
||||||
|
@ -110,7 +110,7 @@
|
||||||
{% endfor %}]"
|
{% endfor %}]"
|
||||||
delegate_to: "{{ groups['etcd'][0] }}"
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- inventory_hostname != groups['etcd'][0]
|
- inventory_hostname != groups['etcd'][0]
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
|
@ -125,7 +125,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
with_items: "{{ etcd_master_node_certs.results }}"
|
with_items: "{{ etcd_master_node_certs.results }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- inventory_hostname != groups['etcd'][0]
|
- inventory_hostname != groups['etcd'][0]
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
|
@ -135,7 +135,7 @@
|
||||||
- name: Gen_certs | Generate etcd certs
|
- name: Gen_certs | Generate etcd certs
|
||||||
include_tasks: gen_nodes_certs_script.yml
|
include_tasks: gen_nodes_certs_script.yml
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane'] and
|
- ('kube_control_plane' in group_names) and
|
||||||
sync_certs | default(false) and inventory_hostname not in groups['etcd']
|
sync_certs | default(false) and inventory_hostname not in groups['etcd']
|
||||||
|
|
||||||
- name: Gen_certs | Generate etcd certs on nodes if needed
|
- name: Gen_certs | Generate etcd certs on nodes if needed
|
||||||
|
@ -143,7 +143,7 @@
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
- inventory_hostname in groups['k8s_cluster'] and
|
- ('k8s_cluster' in group_names) and
|
||||||
sync_certs | default(false) and inventory_hostname not in groups['etcd']
|
sync_certs | default(false) and inventory_hostname not in groups['etcd']
|
||||||
|
|
||||||
- name: Gen_certs | check certificate permissions
|
- name: Gen_certs | check certificate permissions
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- etcd-secrets
|
- etcd-secrets
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- master # master tag is deprecated and replaced by control-plane
|
- master # master tag is deprecated and replaced by control-plane
|
||||||
- control-plane
|
- control-plane
|
||||||
|
@ -49,7 +49,7 @@
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
|
||||||
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
- kube_network_plugin != "calico" or calico_datastore == "etcd"
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- master # master tag is deprecated and replaced by control-plane
|
- master # master tag is deprecated and replaced by control-plane
|
||||||
- control-plane
|
- control-plane
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: delegate_host_to_write_cacert
|
loop_var: delegate_host_to_write_cacert
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- cinder_cacert is defined
|
- cinder_cacert is defined
|
||||||
- cinder_cacert | length > 0
|
- cinder_cacert | length > 0
|
||||||
|
|
||||||
|
|
|
@ -243,5 +243,5 @@
|
||||||
delegate_to: "{{ first_kube_control_plane }}"
|
delegate_to: "{{ first_kube_control_plane }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "node-role.kubernetes.io/control-plane:NoSchedule-"
|
- "node-role.kubernetes.io/control-plane:NoSchedule-"
|
||||||
when: inventory_hostname in groups['kube_node']
|
when: ('kube_node' in group_names)
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
uri:
|
uri:
|
||||||
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
|
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
|
||||||
validate_certs: false
|
validate_certs: false
|
||||||
when: inventory_hostname in groups['kube_control_plane']
|
when: ('kube_control_plane' in group_names)
|
||||||
register: _result
|
register: _result
|
||||||
retries: 60
|
retries: 60
|
||||||
delay: 5
|
delay: 5
|
||||||
|
|
|
@ -51,7 +51,7 @@
|
||||||
register: "etcd_client_cert_serial_result"
|
register: "etcd_client_cert_serial_result"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster'] | union(groups['calico_rr'] | default([])) | unique | sort
|
- group_names | intersect(['k8s_cluster', 'calico_rr']) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- network
|
- network
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
tags:
|
tags:
|
||||||
- kubeadm
|
- kubeadm
|
||||||
when:
|
when:
|
||||||
- not inventory_hostname in groups['kube_control_plane']
|
- not ('kube_control_plane' in group_names)
|
||||||
|
|
||||||
- name: Install | Copy kubelet binary from download dir
|
- name: Install | Copy kubelet binary from download dir
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
get_checksum: false
|
get_checksum: false
|
||||||
get_mime: false
|
get_mime: false
|
||||||
register: kube_apiserver_set
|
register: kube_apiserver_set
|
||||||
when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
when: ('kube_control_plane' in group_names) and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||||
listen: Preinstall | propagate resolvconf to k8s components
|
listen: Preinstall | propagate resolvconf to k8s components
|
||||||
|
|
||||||
# FIXME(mattymo): Also restart for kubeadm mode
|
# FIXME(mattymo): Also restart for kubeadm mode
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
get_checksum: false
|
get_checksum: false
|
||||||
get_mime: false
|
get_mime: false
|
||||||
register: kube_controller_set
|
register: kube_controller_set
|
||||||
when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
when: ('kube_control_plane' in group_names) and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
|
||||||
listen: Preinstall | propagate resolvconf to k8s components
|
listen: Preinstall | propagate resolvconf to k8s components
|
||||||
|
|
||||||
- name: Preinstall | restart kube-controller-manager docker
|
- name: Preinstall | restart kube-controller-manager docker
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
when:
|
when:
|
||||||
- container_manager == "docker"
|
- container_manager == "docker"
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
- kube_controller_set.stat.exists
|
- kube_controller_set.stat.exists
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
until: preinstall_restart_controller_manager.rc == 0
|
until: preinstall_restart_controller_manager.rc == 0
|
||||||
when:
|
when:
|
||||||
- container_manager in ['crio', 'containerd']
|
- container_manager in ['crio', 'containerd']
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
- kube_controller_set.stat.exists
|
- kube_controller_set.stat.exists
|
||||||
|
@ -83,7 +83,7 @@
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
when:
|
when:
|
||||||
- container_manager == "docker"
|
- container_manager == "docker"
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
- kube_apiserver_set.stat.exists
|
- kube_apiserver_set.stat.exists
|
||||||
|
@ -99,7 +99,7 @@
|
||||||
delay: 1
|
delay: 1
|
||||||
when:
|
when:
|
||||||
- container_manager in ['crio', 'containerd']
|
- container_manager in ['crio', 'containerd']
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
- kube_apiserver_set.stat.exists
|
- kube_apiserver_set.stat.exists
|
||||||
|
@ -116,7 +116,7 @@
|
||||||
delay: 1
|
delay: 1
|
||||||
when:
|
when:
|
||||||
- dns_late
|
- dns_late
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- dns_mode != 'none'
|
- dns_mode != 'none'
|
||||||
- resolvconf_mode == 'host_resolvconf'
|
- resolvconf_mode == 'host_resolvconf'
|
||||||
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
|
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
|
||||||
|
|
|
@ -65,14 +65,14 @@
|
||||||
that: ansible_memtotal_mb >= minimal_master_memory_mb
|
that: ansible_memtotal_mb >= minimal_master_memory_mb
|
||||||
when:
|
when:
|
||||||
- not ignore_assert_errors
|
- not ignore_assert_errors
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
|
|
||||||
- name: Stop if memory is too small for nodes
|
- name: Stop if memory is too small for nodes
|
||||||
assert:
|
assert:
|
||||||
that: ansible_memtotal_mb >= minimal_node_memory_mb
|
that: ansible_memtotal_mb >= minimal_node_memory_mb
|
||||||
when:
|
when:
|
||||||
- not ignore_assert_errors
|
- not ignore_assert_errors
|
||||||
- inventory_hostname in groups['kube_node']
|
- ('kube_node' in group_names)
|
||||||
|
|
||||||
# This command will fail if cgroups are not enabled on the node.
|
# This command will fail if cgroups are not enabled on the node.
|
||||||
# For reference: https://kubernetes.io/docs/concepts/architecture/cgroups/#check-cgroup-version
|
# For reference: https://kubernetes.io/docs/concepts/architecture/cgroups/#check-cgroup-version
|
||||||
|
@ -92,7 +92,7 @@
|
||||||
msg: "Do not schedule more pods on a node than inet addresses are available."
|
msg: "Do not schedule more pods on a node than inet addresses are available."
|
||||||
when:
|
when:
|
||||||
- not ignore_assert_errors
|
- not ignore_assert_errors
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- kube_network_node_prefix is defined
|
- kube_network_node_prefix is defined
|
||||||
- kube_network_plugin != 'calico'
|
- kube_network_plugin != 'calico'
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ kube_owner }}"
|
owner: "{{ kube_owner }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: inventory_hostname in groups['k8s_cluster']
|
when: ('k8s_cluster' in group_names)
|
||||||
become: true
|
become: true
|
||||||
tags:
|
tags:
|
||||||
- kubelet
|
- kubelet
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: inventory_hostname in groups['k8s_cluster']
|
when: ('k8s_cluster' in group_names)
|
||||||
become: true
|
become: true
|
||||||
tags:
|
tags:
|
||||||
- kubelet
|
- kubelet
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
get_mime: false
|
get_mime: false
|
||||||
register: kube_cert_compat_dir_check
|
register: kube_cert_compat_dir_check
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- kube_cert_dir != kube_cert_compat_dir
|
- kube_cert_dir != kube_cert_compat_dir
|
||||||
|
|
||||||
- name: Create kubernetes kubeadm compat cert dir (kubernetes/kubeadm issue 1498)
|
- name: Create kubernetes kubeadm compat cert dir (kubernetes/kubeadm issue 1498)
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
state: link
|
state: link
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- kube_cert_dir != kube_cert_compat_dir
|
- kube_cert_dir != kube_cert_compat_dir
|
||||||
- not kube_cert_compat_dir_check.stat.exists
|
- not kube_cert_compat_dir_check.stat.exists
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@
|
||||||
- "/opt/cni/bin"
|
- "/opt/cni/bin"
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin in ["calico", "weave", "flannel", "cilium", "kube-ovn", "kube-router", "macvlan"]
|
- kube_network_plugin in ["calico", "weave", "flannel", "cilium", "kube-ovn", "kube-router", "macvlan"]
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- network
|
- network
|
||||||
- cilium
|
- cilium
|
||||||
|
@ -100,7 +100,7 @@
|
||||||
- "/var/lib/calico"
|
- "/var/lib/calico"
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin == "calico"
|
- kube_network_plugin == "calico"
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
tags:
|
tags:
|
||||||
- network
|
- network
|
||||||
- calico
|
- calico
|
||||||
|
@ -115,7 +115,7 @@
|
||||||
mode: "{{ local_volume_provisioner_directory_mode }}"
|
mode: "{{ local_volume_provisioner_directory_mode }}"
|
||||||
with_items: "{{ local_volume_provisioner_storage_classes.keys() | list }}"
|
with_items: "{{ local_volume_provisioner_storage_classes.keys() | list }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- local_volume_provisioner_enabled
|
- local_volume_provisioner_enabled
|
||||||
tags:
|
tags:
|
||||||
- persistent_volumes
|
- persistent_volumes
|
||||||
|
|
|
@ -57,7 +57,7 @@
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- sync_tokens | default(false)
|
- sync_tokens | default(false)
|
||||||
- inventory_hostname != groups['kube_control_plane'][0]
|
- inventory_hostname != groups['kube_control_plane'][0]
|
||||||
- tokens_data.stdout
|
- tokens_data.stdout
|
||||||
|
|
|
@ -273,7 +273,7 @@ kubelet_shutdown_grace_period: 60s
|
||||||
kubelet_shutdown_grace_period_critical_pods: 20s
|
kubelet_shutdown_grace_period_critical_pods: 20s
|
||||||
|
|
||||||
# Whether to deploy the container engine
|
# Whether to deploy the container engine
|
||||||
deploy_container_engine: "{{ inventory_hostname in groups['k8s_cluster'] or etcd_deployment_type == 'docker' }}"
|
deploy_container_engine: "{{ 'k8s_cluster' in group_names or etcd_deployment_type == 'docker' }}"
|
||||||
|
|
||||||
# Container for runtime
|
# Container for runtime
|
||||||
container_manager: containerd
|
container_manager: containerd
|
||||||
|
|
|
@ -121,7 +121,7 @@
|
||||||
|
|
||||||
- name: Calico | kdd specific configuration
|
- name: Calico | kdd specific configuration
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- calico_datastore == "kdd"
|
- calico_datastore == "kdd"
|
||||||
block:
|
block:
|
||||||
- name: Calico | Check if extra directory is needed
|
- name: Calico | Check if extra directory is needed
|
||||||
|
@ -321,7 +321,7 @@
|
||||||
nodeToNodeMeshEnabled: "false"
|
nodeToNodeMeshEnabled: "false"
|
||||||
when:
|
when:
|
||||||
- peer_with_router | default(false) or peer_with_calico_rr | default(false)
|
- peer_with_router | default(false) or peer_with_calico_rr | default(false)
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Configure Calico BGP
|
- name: Calico | Configure Calico BGP
|
||||||
|
@ -382,7 +382,7 @@
|
||||||
- {name: kubernetes-services-endpoint, file: kubernetes-services-endpoint.yml, type: cm }
|
- {name: kubernetes-services-endpoint, file: kubernetes-services-endpoint.yml, type: cm }
|
||||||
register: calico_node_manifests
|
register: calico_node_manifests
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- rbac_enabled or item.type not in rbac_resources
|
- rbac_enabled or item.type not in rbac_resources
|
||||||
|
|
||||||
- name: Calico | Create calico manifests for typha
|
- name: Calico | Create calico manifests for typha
|
||||||
|
@ -394,7 +394,7 @@
|
||||||
- {name: calico, file: calico-typha.yml, type: typha}
|
- {name: calico, file: calico-typha.yml, type: typha}
|
||||||
register: calico_node_typha_manifest
|
register: calico_node_typha_manifest
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- typha_enabled
|
- typha_enabled
|
||||||
|
|
||||||
- name: Calico | get calico apiserver caBundle
|
- name: Calico | get calico apiserver caBundle
|
||||||
|
@ -421,7 +421,7 @@
|
||||||
- {name: calico, file: calico-apiserver.yml, type: calico-apiserver}
|
- {name: calico, file: calico-apiserver.yml, type: calico-apiserver}
|
||||||
register: calico_apiserver_manifest
|
register: calico_apiserver_manifest
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- calico_apiserver_enabled
|
- calico_apiserver_enabled
|
||||||
|
|
||||||
- name: Start Calico resources
|
- name: Start Calico resources
|
||||||
|
@ -473,7 +473,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- {name: calico, file: calico-ipamconfig.yml, type: ipam}
|
- {name: calico, file: calico-ipamconfig.yml, type: ipam}
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- calico_datastore == "kdd"
|
- calico_datastore == "kdd"
|
||||||
|
|
||||||
- name: Calico | Create ipamconfig resources
|
- name: Calico | Create ipamconfig resources
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
when:
|
when:
|
||||||
- calico_rr_id is defined
|
- calico_rr_id is defined
|
||||||
- calico_group_id is defined
|
- calico_group_id is defined
|
||||||
- inventory_hostname in groups['calico_rr']
|
- ('calico_rr' in group_names)
|
||||||
|
|
||||||
- name: Calico | Configure peering with route reflectors at global scope
|
- name: Calico | Configure peering with route reflectors at global scope
|
||||||
command:
|
command:
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
cmd: "{{ bin_dir }}/calicoctl.sh get node {{ inventory_hostname }}"
|
cmd: "{{ bin_dir }}/calicoctl.sh get node {{ inventory_hostname }}"
|
||||||
register: output_get_node
|
register: output_get_node
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- local_as is defined
|
- local_as is defined
|
||||||
- groups['calico_rr'] | default([]) | length == 0
|
- groups['calico_rr'] | default([]) | length == 0
|
||||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
until: output.rc == 0
|
until: output.rc == 0
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- local_as is defined
|
- local_as is defined
|
||||||
- groups['calico_rr'] | default([]) | length == 0
|
- groups['calico_rr'] | default([]) | length == 0
|
||||||
- output_get_node.rc == 0
|
- output_get_node.rc == 0
|
||||||
|
@ -77,7 +77,7 @@
|
||||||
until: output.rc == 0
|
until: output.rc == 0
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
- local_as is defined
|
- local_as is defined
|
||||||
- groups['calico_rr'] | default([]) | length == 0
|
- groups['calico_rr'] | default([]) | length == 0
|
||||||
- output_get_node.rc != 0
|
- output_get_node.rc != 0
|
||||||
|
@ -110,4 +110,4 @@
|
||||||
- "{{ peers | default([]) | selectattr('scope', 'undefined') | list | union(peers | default([]) | selectattr('scope', 'defined') | selectattr('scope', 'equalto', 'node') | list ) }}"
|
- "{{ peers | default([]) | selectattr('scope', 'undefined') | list | union(peers | default([]) | selectattr('scope', 'defined') | selectattr('scope', 'equalto', 'node') | list ) }}"
|
||||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['k8s_cluster']
|
- ('k8s_cluster' in group_names)
|
||||||
|
|
|
@ -59,7 +59,7 @@
|
||||||
- {name: cilium, file: sa.yml, type: sa}
|
- {name: cilium, file: sa.yml, type: sa}
|
||||||
register: cilium_node_manifests
|
register: cilium_node_manifests
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube_control_plane']
|
- ('kube_control_plane' in group_names)
|
||||||
- item.when | default(True) | bool
|
- item.when | default(True) | bool
|
||||||
|
|
||||||
- name: Cilium | Create Cilium Hubble manifests
|
- name: Cilium | Create Cilium Hubble manifests
|
||||||
|
|
|
@ -4,18 +4,18 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ kube_router_annotations_master }}"
|
- "{{ kube_router_annotations_master }}"
|
||||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||||
when: kube_router_annotations_master is defined and inventory_hostname in groups['kube_control_plane']
|
when: kube_router_annotations_master is defined and 'kube_control_plane' in group_names
|
||||||
|
|
||||||
- name: Kube-router | Add annotations on kube_node
|
- name: Kube-router | Add annotations on kube_node
|
||||||
command: "{{ kubectl }} annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
command: "{{ kubectl }} annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ kube_router_annotations_node }}"
|
- "{{ kube_router_annotations_node }}"
|
||||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||||
when: kube_router_annotations_node is defined and inventory_hostname in groups['kube_node']
|
when: kube_router_annotations_node is defined and 'kube_node' in group_names
|
||||||
|
|
||||||
- name: Kube-router | Add common annotations on all servers
|
- name: Kube-router | Add common annotations on all servers
|
||||||
command: "{{ kubectl }} annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
command: "{{ kubectl }} annotate --overwrite node {{ ansible_hostname }} {{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ kube_router_annotations_all }}"
|
- "{{ kube_router_annotations_all }}"
|
||||||
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
||||||
when: kube_router_annotations_all is defined and inventory_hostname in groups['k8s_cluster']
|
when: kube_router_annotations_all is defined and 'k8s_cluster' in group_names
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
when:
|
when:
|
||||||
- groups['kube_control_plane'] | length > 0
|
- groups['kube_control_plane'] | length > 0
|
||||||
# ignore servers that are not nodes
|
# ignore servers that are not nodes
|
||||||
- inventory_hostname in groups['k8s_cluster'] and kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
|
- ('k8s_cluster' in group_names) and kube_override_hostname | default(inventory_hostname) in nodes.stdout_lines
|
||||||
retries: "{{ delete_node_retries }}"
|
retries: "{{ delete_node_retries }}"
|
||||||
# Sometimes the api-server can have a short window of indisponibility when we delete a control plane node
|
# Sometimes the api-server can have a short window of indisponibility when we delete a control plane node
|
||||||
delay: "{{ delete_node_delay_seconds }}"
|
delay: "{{ delete_node_delay_seconds }}"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
register: remove_node_ip
|
register: remove_node_ip
|
||||||
when:
|
when:
|
||||||
- groups['kube_control_plane'] | length > 0
|
- groups['kube_control_plane'] | length > 0
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- ip is not defined
|
- ip is not defined
|
||||||
- access_ip is not defined
|
- access_ip is not defined
|
||||||
delegate_to: "{{ groups['etcd'] | first }}"
|
delegate_to: "{{ groups['etcd'] | first }}"
|
||||||
|
@ -16,14 +16,14 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
node_ip: "{{ ip | default(access_ip | default(remove_node_ip.stdout)) | trim }}"
|
node_ip: "{{ ip | default(access_ip | default(remove_node_ip.stdout)) | trim }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
|
|
||||||
- name: Make sure node_ip is set
|
- name: Make sure node_ip is set
|
||||||
assert:
|
assert:
|
||||||
that: node_ip is defined and node_ip | length > 0
|
that: node_ip is defined and node_ip | length > 0
|
||||||
msg: "Etcd node ip is not set !"
|
msg: "Etcd node ip is not set !"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
|
|
||||||
- name: Lookup etcd member id
|
- name: Lookup etcd member id
|
||||||
shell: "set -o pipefail && {{ bin_dir }}/etcdctl member list | grep -w {{ node_ip }} | cut -d, -f1"
|
shell: "set -o pipefail && {{ bin_dir }}/etcdctl member list | grep -w {{ node_ip }} | cut -d, -f1"
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
ETCDCTL_CACERT: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_deployment_type == 'kubeadm' else etcd_cert_dir + '/ca.pem' }}"
|
ETCDCTL_CACERT: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_deployment_type == 'kubeadm' else etcd_cert_dir + '/ca.pem' }}"
|
||||||
ETCDCTL_ENDPOINTS: "https://127.0.0.1:2379"
|
ETCDCTL_ENDPOINTS: "https://127.0.0.1:2379"
|
||||||
delegate_to: "{{ groups['etcd'] | first }}"
|
delegate_to: "{{ groups['etcd'] | first }}"
|
||||||
when: inventory_hostname in groups['etcd']
|
when: ('etcd' in group_names)
|
||||||
|
|
||||||
- name: Remove etcd member from cluster
|
- name: Remove etcd member from cluster
|
||||||
command: "{{ bin_dir }}/etcdctl member remove {{ etcd_member_id.stdout }}"
|
command: "{{ bin_dir }}/etcdctl member remove {{ etcd_member_id.stdout }}"
|
||||||
|
@ -54,5 +54,5 @@
|
||||||
ETCDCTL_ENDPOINTS: "https://127.0.0.1:2379"
|
ETCDCTL_ENDPOINTS: "https://127.0.0.1:2379"
|
||||||
delegate_to: "{{ groups['etcd'] | first }}"
|
delegate_to: "{{ groups['etcd'] | first }}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['etcd']
|
- ('etcd' in group_names)
|
||||||
- etcd_member_id.stdout | length > 0
|
- etcd_member_id.stdout | length > 0
|
||||||
|
|
|
@ -211,7 +211,7 @@
|
||||||
command: "ipvsadm -C"
|
command: "ipvsadm -C"
|
||||||
ignore_errors: true # noqa ignore-errors
|
ignore_errors: true # noqa ignore-errors
|
||||||
when:
|
when:
|
||||||
- kube_proxy_mode == 'ipvs' and inventory_hostname in groups['k8s_cluster']
|
- kube_proxy_mode == 'ipvs' and 'k8s_cluster' in group_names
|
||||||
|
|
||||||
- name: Reset | check kube-ipvs0 network device
|
- name: Reset | check kube-ipvs0 network device
|
||||||
stat:
|
stat:
|
||||||
|
|
Loading…
Reference in New Issue