adrien/ansible-role-kubernetes
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix Firewalld pb
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-02-20 01:09:58 +01:00
parent fa4679acdd
commit 91a200ae09
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
1 changed files with 52 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

76
tasks/RedHat.yml
View file

@ -9,18 +9,48 @@
# gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg # gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg
# state: present # state: present
#- name: Add Official kubernetes's repo
# template:
# src: "etc/yum.repos.d/kubernetes.repo.j2"
# dest: "/etc/yum.repos.d/kubernetes.repo"
# group: root
# owner: root
# mode: 0644
# when:
# - not ansible_machine == "armv7l"
# - not ansible_machine == "armv6l"
# - kubernetes_cri != "k3s"
- name: Add Official kubernetes's repo - name: Add Official kubernetes's repo
template: yum_repository:
src: "etc/yum.repos.d/kubernetes.repo.j2" name: kubernetes
dest: "/etc/yum.repos.d/kubernetes.repo" description: Kubernetes
group: root baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
owner: root enabled: true
mode: 0644 gpgcheck: true
repo_gpgcheck: true
gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude: kubelet kubeadm kubectl
become: true
when: when:
- not ansible_machine == "armv7l" - not ansible_machine == "armv7l"
- not ansible_machine == "armv6l" - not ansible_machine == "armv6l"
- kubernetes_cri != "k3s" - kubernetes_cri != "k3s"
#- name: redhat | Installing K8s Packages
# package:
# name:
# - kubectl
# - kubelet
# - kubeadm
# - iproute-tc
# - ipvsadm
# state: present
# disable_excludes: kubernetes
# become: true
# register: result
# until: result is successful
- name: Register kubernetes firewalld service - name: Register kubernetes firewalld service
template: template:
src: "etc/firewalld/services/kubernetes.xml.j2" src: "etc/firewalld/services/kubernetes.xml.j2"
@ -50,6 +80,7 @@
# Définir interface # Définir interface
- name: Open Firewalld - name: Open Firewalld
firewalld: firewalld:
zone: external
service: kubernetes service: kubernetes
permanent: true permanent: true
state: enabled state: enabled
@ -59,29 +90,25 @@
# - firewall_name == "firewalld" # - firewall_name == "firewalld"
- kubernetes_server|bool - kubernetes_server|bool
- name: Create kubernetes firewalld zone #- name: Create kubernetes firewalld zone
# firewalld:
# zone: kubernetes
# permanent: true
# state: present
# when:
# - kubernetes_server|bool
- name: Add kubernetes networks to trusted firewalld zone
firewalld: firewalld:
zone: kubernetes # zone: kubernetes
permanent: true zone: trusted
state: present
when:
- kubernetes_server|bool
- name: Add PODs network to kubernetes firewalld zone
firewalld:
zone: kubernetes
permanent: true permanent: true
state: enabled state: enabled
source: "{{ kubernetes_pods_network }}" source: "{{ item }}"
when:
- kubernetes_server|bool
- name: Add Services network to kubernetes firewalld zone
firewalld:
zone: kubernetes
permanent: true
state: enabled
source: "10.96.0.0/12"
when: when:
- kubernetes_server|bool - kubernetes_server|bool
with_items:
- "{{ kubernetes_pods_network }}"
- "10.96.0.0/12"
- name: Install kubernetes tools - name: Install kubernetes tools
dnf: dnf:
@ -89,6 +116,7 @@
enablerepo: "kubernetes" enablerepo: "kubernetes"
state: present state: present
update_cache: yes update_cache: yes
disable_excludes: kubernetes
# notify: Restart kubelet # notify: Restart kubelet
when: when:
- ansible_pkg_mgr == "dnf" - ansible_pkg_mgr == "dnf"