Fix Firewalld pb

2021-02-20 01:09:58 +01:00 · 2021-02-20 01:09:58 +01:00 · 91a200ae09
commit 91a200ae09
parent fa4679acdd
1 changed files with 52 additions and 24 deletions
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@ -9,18 +9,48 @@
 #    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg
 #    state: present

+#- name: Add Official kubernetes's repo
+#  template:
+#    src: "etc/yum.repos.d/kubernetes.repo.j2"
+#    dest: "/etc/yum.repos.d/kubernetes.repo"
+#    group: root
+#    owner: root
+#    mode: 0644
+#  when:
+#    - not ansible_machine == "armv7l"
+#    - not ansible_machine == "armv6l"
+#    - kubernetes_cri != "k3s"
+
 - name: Add Official kubernetes's repo
-  template:
-    src: "etc/yum.repos.d/kubernetes.repo.j2"
-    dest: "/etc/yum.repos.d/kubernetes.repo"
-    group: root
-    owner: root
-    mode: 0644
+  yum_repository:
+    name: kubernetes
+    description: Kubernetes
+    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
+    enabled: true
+    gpgcheck: true
+    repo_gpgcheck: true
+    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+    exclude: kubelet kubeadm kubectl
+  become: true
  when:
    - not ansible_machine == "armv7l"
    - not ansible_machine == "armv6l"
    - kubernetes_cri != "k3s"

+#- name: redhat | Installing K8s Packages
+#  package:
+#    name:
+#      - kubectl
+#      - kubelet
+#      - kubeadm
+#      - iproute-tc
+#      - ipvsadm
+#    state: present
+#    disable_excludes: kubernetes
+#  become: true
+#  register: result
+#  until: result is successful
+
 - name: Register kubernetes firewalld service
  template:
    src: "etc/firewalld/services/kubernetes.xml.j2"
@ -50,6 +80,7 @@
 # Définir interface
 - name: Open Firewalld
  firewalld:
+    zone: external
    service: kubernetes
    permanent: true
    state: enabled
@ -59,29 +90,25 @@
 #    - firewall_name == "firewalld"
    - kubernetes_server|bool

- name: Create kubernetes firewalld zone
+#- name: Create kubernetes firewalld zone
+#  firewalld:
+#    zone: kubernetes
+#    permanent: true
+#    state: present
+#  when:
+#    - kubernetes_server|bool
+- name: Add kubernetes networks to trusted firewalld zone
  firewalld:
-    zone: kubernetes
-    permanent: true
-    state: present
-  when:
-    - kubernetes_server|bool
- name: Add PODs network to kubernetes firewalld zone
-  firewalld:
-    zone: kubernetes
+#    zone: kubernetes
+    zone: trusted
    permanent: true
    state: enabled
-    source: "{{ kubernetes_pods_network }}"
-  when:
-    - kubernetes_server|bool
- name: Add Services network to kubernetes firewalld zone
-  firewalld:
-    zone: kubernetes
-    permanent: true
-    state: enabled
-    source: "10.96.0.0/12"
+    source: "{{ item }}"
  when:
    - kubernetes_server|bool
+  with_items:
+    - "{{ kubernetes_pods_network }}"
+    - "10.96.0.0/12"

 - name: Install kubernetes tools
  dnf:
@ -89,6 +116,7 @@
    enablerepo: "kubernetes"
    state: present
    update_cache: yes
+    disable_excludes: kubernetes
 #  notify: Restart kubelet
  when:
    - ansible_pkg_mgr == "dnf"