diff --git a/defaults/main.yml b/defaults/main.yml
index de3a66e..5397af4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,5 +3,6 @@
#kubernetes_cri: "containerd"
kubernetes_server: false
# value for kuberntes_network: calico, weave-net
-#kubernetes_network: calico
+#kubernetes_network: weave-net
+kubernetes_kubeproxy_mode: ipvs
kubernetes_version: 1.18.2
diff --git a/tasks/install_server.yml b/tasks/install_server.yml
index 6730623..42f7b07 100644
--- a/tasks/install_server.yml
+++ b/tasks/install_server.yml
@@ -24,30 +24,54 @@
shell: |
swapoff -a
-- name: Remove swapfile from /etc/fstab
+- name: Remove swapfile from /etc/fstab (2/2)
mount:
name: swap
fstype: swap
state: absent
-- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
- file:
- path: "/etc/systemd/system/kubelet.service.d"
- state: "directory"
- group: root
- owner: root
- mode: 0755
-
-- name: Configure kubelet service
+- name: Configuring IPVS kernel module to be load on boot
template:
- src: "etc/{{ item }}.j2"
- dest: "/etc/{{ item }}"
+ src: "etc/modules-load.d/ipvs.conf.j2"
+ dest: "/etc/modules-load.d/ipvs.conf"
group: root
owner: root
mode: 0644
+ when:
+ - kubernetes_kubeproxy_mode == "ipvs"
+
+- name: Load IPVS kernel module
+ modprobe:
+ name: "{{ item }}"
+ state: present
with_items:
- - "systemd/system/kubelet.service.d/0-containerd.conf"
- - "sysconfig/kubelet"
+ - ip_vs
+ - ip_vs_rr
+ - ip_vs_wrr
+ - ip_vs_sh
+ - nf_conntrack_ipv4
+ - nf_conntrack_ipv6
+ when:
+ - kubernetes_kubeproxy_mode == "ipvs"
+
+#- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
+# file:
+# path: "/etc/systemd/system/kubelet.service.d"
+# state: "directory"
+# group: root
+# owner: root
+# mode: 0755
+#
+#- name: Configure kubelet service
+# template:
+# src: "etc/{{ item }}.j2"
+# dest: "/etc/{{ item }}"
+# group: root
+# owner: root
+# mode: 0644
+# with_items:
+# - "systemd/system/kubelet.service.d/0-containerd.conf"
+# - "sysconfig/kubelet"
- name: Enable kubelet on boot
service:
@@ -179,12 +203,13 @@
- server_enrolled.rc == 1
- name: Check if a node is still tainted
- command: kubectl get nodes '{{ ansible_host }}' -o jsonpath='{.spec.taints}'
+ command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_host | lower }}' -o jsonpath='{.spec.taints}'
when: kubernetes_master_taint
register: current_taint
- name: taint the machine if needed
- command: kubectl taint nodes --all node-role.kubernetes.io/master-
+# command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
+ command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes '{{ ansible_host | lower }}' node-role.kubernetes.io/master-
when: kubernetes_master_taint == true and current_taint.stdout
#
diff --git a/templates/etc/firewalld/services/kubernetes.xml.j2 b/templates/etc/firewalld/services/kubernetes.xml.j2
index da9fe95..d4d0a53 100644
--- a/templates/etc/firewalld/services/kubernetes.xml.j2
+++ b/templates/etc/firewalld/services/kubernetes.xml.j2
@@ -23,4 +23,16 @@
{% else %}
{% endif %}
+{% if kubernetes_network == "flannel" %}
+# flannel vxlan
+
+{% elif kubernetes_network == "calico" %}
+# calico
+
+
+{% elif kubernetes_network == "weave-net" %}
+# Weave-Net
+
+
+{% endif %}
diff --git a/templates/etc/modules-load.d/ipvs.conf.j2 b/templates/etc/modules-load.d/ipvs.conf.j2
new file mode 100644
index 0000000..3ba283c
--- /dev/null
+++ b/templates/etc/modules-load.d/ipvs.conf.j2
@@ -0,0 +1,6 @@
+ip_vs
+ip_vs_rr
+ip_vs_wrr
+ip_vs_sh
+nf_conntrack_ipv4
+nf_conntrack_ipv6
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index a4bf070..e4923d1 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -9,6 +9,8 @@ bootstrapTokens:
nodeRegistration:
{% if kubernetes_cri == "containerd" %}
criSocket: "/run/containerd/containerd.sock"
+{% elif kubernetes_cri == "cri-o" %}
+ criSocket: "/var/run/crio/crio.sock"
{% elif kubernetes_cri == "docker" %}
criSocket: "/var/run/docker.sock"
{% endif %}
@@ -20,13 +22,15 @@ nodeRegistration:
effect: "NoSchedule"
{% endif %}
kubeletExtraArgs:
-{% if kubernetes_cri == "containerd" %}
cgroup-driver: "systemd"
container-runtime: "remote"
- runtime-request-timeout: "15m"
+ runtime-request-timeout: "5m"
+{% if kubernetes_cri == "containerd" %}
container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
+{% elif kubernetes_cri == "cri-o" %}
+ container-runtime-endpoint: "unix:///var/run/crio/crio.sock"
{% endif %}
- node-ip: {{ ansible_host }}
+ node-ip: {{ ansible_default_ipv4.address }}
read-only-port: "10255"
ignorePreflightErrors:
- SystemVerification
@@ -34,7 +38,7 @@ nodeRegistration:
- IsPrivilegedUser
{% endif %}
localAPIEndpoint:
- advertiseAddress: "{{ ansible_host }}"
+ advertiseAddress: "{{ ansible_default_ipv4.address }}"
bindPort: 6443
{% if kubernetes_certificateKey is defined %}
certificateKey: "{{ kubernetes_certificateKey.stdout }}"
@@ -56,7 +60,7 @@ discovery:
token: "{{ kubetoken.stdout }}"
nodeRegistration:
kubeletExtraArgs:
- node-ip: {{ ansible_host }}
+ node-ip: {{ ansible_default_ipv4.address }}
read-only-port: "10255"
ignorePreflightErrors:
- SystemVerification
@@ -75,7 +79,20 @@ apiServer:
certSANs:
- "{{ lb_kubemaster }}"
{% endif %}
-{% if kubernetes_network == "flannel" %}
+{% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
networking:
+{% if kubernetes_network == "flannel" %}
podSubnet: "10.244.0.0/16"
-{% endif %}
\ No newline at end of file
+{% elif kubernetes_network == "calico" %}
+ podSubnet: "192.168.0.0/16"
+{% endif %}
+{% endif %}
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+{% if kubernetes_kubeproxy_mode is defined %}
+mode: {{ kubernetes_kubeproxy_mode }}
+{% endif %}
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration