cleaning, add ipvs and fixed some litle bug

2020-05-10 21:01:26 +02:00 · 2020-05-10 21:01:26 +02:00 · 56bb742890
commit 56bb742890
parent 103271d12c
5 changed files with 85 additions and 24 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,5 +3,6 @@
 #kubernetes_cri: "containerd"
 kubernetes_server: false
 # value for kuberntes_network: calico, weave-net
-#kubernetes_network: calico
+#kubernetes_network: weave-net
 kubernetes_kubeproxy_mode: ipvs
 kubernetes_version: 1.18.2
--- a/tasks/install_server.yml
+++ b/tasks/install_server.yml
@ -24,30 +24,54 @@
  shell: |
    swapoff -a
- name: Remove swapfile from /etc/fstab
+- name: Remove swapfile from /etc/fstab (2/2)
  mount:
    name: swap
    fstype: swap
    state: absent
- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
+- name: Configuring IPVS kernel module to be load on boot
  file:
    path: "/etc/systemd/system/kubelet.service.d"
    state: "directory"
    group: root
    owner: root
    mode: 0755
 - name: Configure kubelet service
  template:
-    src: "etc/{{ item }}.j2"
+    src: "etc/modules-load.d/ipvs.conf.j2"
-    dest: "/etc/{{ item }}"
+    dest: "/etc/modules-load.d/ipvs.conf"
    group: root
    owner: root
    mode: 0644
  when:
    - kubernetes_kubeproxy_mode == "ipvs"
 - name: Load IPVS kernel module
  modprobe:
    name: "{{ item }}"
    state: present
  with_items:
-    - "systemd/system/kubelet.service.d/0-containerd.conf"
+    - ip_vs
-    - "sysconfig/kubelet"
+    - ip_vs_rr
    - ip_vs_wrr
    - ip_vs_sh
    - nf_conntrack_ipv4
    - nf_conntrack_ipv6
  when:
    - kubernetes_kubeproxy_mode == "ipvs"
 #- name: Ensuring /etc/systemd/system/kubelet.service.d Folder Exists
 #  file:
 #    path: "/etc/systemd/system/kubelet.service.d"
 #    state: "directory"
 #    group: root
 #    owner: root
 #    mode: 0755
 #
 #- name: Configure kubelet service
 #  template:
 #    src: "etc/{{ item }}.j2"
 #    dest: "/etc/{{ item }}"
 #    group: root
 #    owner: root
 #    mode: 0644
 #  with_items:
 #    - "systemd/system/kubelet.service.d/0-containerd.conf"
 #    - "sysconfig/kubelet"
 - name: Enable kubelet on boot
  service:
@ -179,12 +203,13 @@
    - server_enrolled.rc == 1
 - name: Check if a node is still tainted
-  command: kubectl get nodes '{{ ansible_host }}' -o jsonpath='{.spec.taints}'
+  command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_host | lower }}' -o jsonpath='{.spec.taints}'
  when: kubernetes_master_taint
  register: current_taint
 - name: taint the machine if needed
-  command: kubectl taint nodes --all node-role.kubernetes.io/master-
+#  command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
  command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes '{{ ansible_host | lower }}' node-role.kubernetes.io/master-
  when: kubernetes_master_taint == true and current_taint.stdout
 #
--- a/templates/etc/firewalld/services/kubernetes.xml.j2
+++ b/templates/etc/firewalld/services/kubernetes.xml.j2
@ -23,4 +23,16 @@
 {% else %}
  <port protocol="tcp" port="10250"/>
 {% endif %}
 {% if kubernetes_network == "flannel" %}
 # flannel vxlan
  <port protocol="udp" port="8472"/>
 {% elif kubernetes_network == "calico" %}
 # calico
  <port protocol="udp" port="4789"/>
  <port protocol="tcp" port="5473"/>
 {% elif kubernetes_network == "weave-net" %}
 # Weave-Net
  <port protocol="udp" port="6783-6784"/>
  <port protocol="tcp" port="6783"/>
 {% endif %}
 </service>
--- a/templates/etc/modules-load.d/ipvs.conf.j2
+++ b/templates/etc/modules-load.d/ipvs.conf.j2
@ -0,0 +1,6 @@
 ip_vs
 ip_vs_rr
 ip_vs_wrr
 ip_vs_sh
 nf_conntrack_ipv4
 nf_conntrack_ipv6
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@ -9,6 +9,8 @@ bootstrapTokens:
 nodeRegistration:
 {% if  kubernetes_cri == "containerd" %}
  criSocket: "/run/containerd/containerd.sock"
 {% elif kubernetes_cri == "cri-o" %}
  criSocket: "/var/run/crio/crio.sock"
 {% elif  kubernetes_cri == "docker" %}
  criSocket: "/var/run/docker.sock"
 {% endif %}
@ -20,13 +22,15 @@ nodeRegistration:
    effect: "NoSchedule"
 {% endif %}
  kubeletExtraArgs:
 {% if  kubernetes_cri == "containerd" %}
    cgroup-driver: "systemd"
    container-runtime: "remote"
-    runtime-request-timeout: "15m"
+    runtime-request-timeout: "5m"
 {% if kubernetes_cri == "containerd" %}
    container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
 {% elif kubernetes_cri == "cri-o" %}
    container-runtime-endpoint: "unix:///var/run/crio/crio.sock"
 {% endif %}
-    node-ip: {{ ansible_host }}
+    node-ip: {{ ansible_default_ipv4.address }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
@ -34,7 +38,7 @@ nodeRegistration:
  - IsPrivilegedUser
 {% endif %}
 localAPIEndpoint:
-  advertiseAddress: "{{ ansible_host }}"
+  advertiseAddress: "{{ ansible_default_ipv4.address }}"
  bindPort: 6443
 {% if kubernetes_certificateKey is defined %}
 certificateKey: "{{ kubernetes_certificateKey.stdout }}"
@ -56,7 +60,7 @@ discovery:
    token: "{{ kubetoken.stdout }}"
 nodeRegistration:
  kubeletExtraArgs:
-    node-ip: {{ ansible_host }}
+    node-ip: {{ ansible_default_ipv4.address }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
@ -75,7 +79,20 @@ apiServer:
  certSANs:
  - "{{ lb_kubemaster }}"
 {% endif %}
-{% if kubernetes_network == "flannel" %}
+{% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
 networking:
 {% if kubernetes_network == "flannel" %}
  podSubnet: "10.244.0.0/16"
-{% endif %}
+{% elif kubernetes_network == "calico" %}
  podSubnet: "192.168.0.0/16"
 {% endif %}
 {% endif %}
 ---
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
 kind: KubeProxyConfiguration
 {% if kubernetes_kubeproxy_mode is defined %}
 mode: {{ kubernetes_kubeproxy_mode }}
 {% endif %}
 ---
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration