diff --git a/defaults/main.yml b/defaults/main.yml
index 3bbf3a5..d041f2a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,4 +5,5 @@ kubernetes_server: false
# value for kuberntes_network: flannel, calico, weave-net
#kubernetes_network: weave-net
kubernetes_kubeproxy_mode: ipvs
-kubernetes_version: 1.20.1
+kubernetes_version: 1.20.2
+kubernetes_pods_network: "10.244.0.0/16"
\ No newline at end of file
diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
index be10842..1db8527 100644
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@@ -32,19 +32,20 @@
when:
- kubernetes_server|bool
-#- name: Reload firewalld configuration
-# service:
-# name: firewalld
-# state: reloaded
-# enabled: yes
-# when:
-# - kubernetes_server|bool
-
-- name: reload firewalld to refresh service list
- command: firewall-cmd --reload
+- name: Reload firewalld configuration
+ service:
+ name: firewalld
+ state: reloaded
+ enabled: yes
when:
- - need_firewalld_reload is changed
- kubernetes_server|bool
+ - need_firewalld_reload is changed
+
+#- name: reload firewalld to refresh service list
+# command: firewall-cmd --reload
+# when:
+# - need_firewalld_reload is changed
+# - kubernetes_server|bool
# Définir interface
- name: Open Firewalld
@@ -58,6 +59,30 @@
# - firewall_name == "firewalld"
- kubernetes_server|bool
+- name: Create kubernetes firewalld zone
+ firewalld:
+ zone: kubernetes
+ permanent: true
+ state: present
+ when:
+ - kubernetes_server|bool
+- name: Add PODs network to kubernetes firewalld zone
+ firewalld:
+ zone: kubernetes
+ permanent: true
+ state: enabled
+ source: "{{ kubernetes_pods_network }}"
+ when:
+ - kubernetes_server|bool
+- name: Add Services network to kubernetes firewalld zone
+ firewalld:
+ zone: kubernetes
+ permanent: true
+ state: enabled
+ source: "10.96.0.0/12"
+ when:
+ - kubernetes_server|bool
+
- name: Install kubernetes tools
dnf:
name: "{{ kubernetes_package_name }}"
diff --git a/templates/etc/firewalld/services/kubernetes.xml.j2 b/templates/etc/firewalld/services/kubernetes.xml.j2
index 4cd8035..e5ec9c5 100644
--- a/templates/etc/firewalld/services/kubernetes.xml.j2
+++ b/templates/etc/firewalld/services/kubernetes.xml.j2
@@ -24,7 +24,7 @@
# kube-controler-manager, used by self
-# ???
+# Read-only Kubelet API (Deprecated)
{% else %}
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index bb99625..2d69675 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -96,21 +96,17 @@ apiServer:
readOnly: false
pathType: DirectoryOrCreate
- name: "audit-policies"
- hostPath: "/etc/kubernetes/policies"
- mountPath: "/etc/kubernetes/policies"
+ hostPath: "/etc/kubernetes/policies/audit-policy.yaml"
+ mountPath: "/etc/kubernetes/policies/audit-policy.yaml"
readOnly: false
- pathType: DirectoryOrCreate
+ pathType: File
{% if lb_kubemaster is defined %}
certSANs:
- "{{ lb_kubemaster }}"
{% endif %}
{% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
networking:
-{% if kubernetes_network == "flannel" %}
- podSubnet: "10.244.0.0/16"
-{% elif kubernetes_network == "calico" %}
- podSubnet: "192.168.0.0/16"
-{% endif %}
+ podSubnet: "{{ kubernetes_pods_network }}"
{% endif %}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index a5905f3..beb4337 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -4,5 +4,6 @@ kubernetes_package_name:
- kubelet
- kubeadm
- iproute-tc
+ - ipvsadm
#kubernetes_remove_packages_name:
# - kubernetes.io