From d554120e313ea1f1f01864456f1430bbb2e6815e Mon Sep 17 00:00:00 2001 From: hybris Date: Mon, 28 Jan 2019 15:28:54 +0100 Subject: [PATCH] Changes to kubernetes deploy --- 2-setup-kubernetes.yml | 18 ++++--- 3-kubeadm-init.yml | 10 ++-- roles/dns/files/resolv.conf | 2 - roles/dns/files/resolv.conf.j2 | 2 + .../kubernetes/files/kube-router-cni.conf.j2 | 9 ++++ roles/kubernetes/tasks/firewalld.yml | 48 +++++++++---------- roles/kubernetes/tasks/main.yml | 17 +++---- roles/kubernetes/tasks/update_kernel.yml | 5 +- 8 files changed, 61 insertions(+), 50 deletions(-) delete mode 100644 roles/dns/files/resolv.conf create mode 100644 roles/dns/files/resolv.conf.j2 create mode 100644 roles/kubernetes/files/kube-router-cni.conf.j2 diff --git a/2-setup-kubernetes.yml b/2-setup-kubernetes.yml index 76c22cf..77d574d 100644 --- a/2-setup-kubernetes.yml +++ b/2-setup-kubernetes.yml @@ -5,11 +5,15 @@ remote_user: hybris become: yes - vars: - # rename this to something with sense - network_default_gw: 2001:470:6d:22c::1 - roles: - - dns - - proxy - - kubernetes + # - dns + # - proxy + # - kubernetes + + tasks: + + # - name: open firewall ports + # include: firewalld.yml + + - name: update linux kernel + include: update_kernel.yml \ No newline at end of file diff --git a/3-kubeadm-init.yml b/3-kubeadm-init.yml index 270c6f0..4166494 100644 --- a/3-kubeadm-init.yml +++ b/3-kubeadm-init.yml @@ -5,7 +5,7 @@ tasks: - name: initialize kubernetes master - shell: kubeadm init --apiserver-advertise-address=2001:470:6d:22c:42::1 --pod-network-cidr=2001:470:6d:22c::/64 + shell: kubeadm init --apiserver-advertise-address=2001:470:6d:22c:42::1 --pod-network-cidr=2001:470:6d:22c:42::/80 delegate_to: k8s-master.e2m run_once: yes @@ -31,7 +31,7 @@ - debug: var: k8s_ca_cert_hash - - name: join nodes to cluster - shell: kubeadm join [2001:470:6d:22c:42::1]:6443 --token {{ k8s_token }} --discovery-token-ca-cert-hash sha256:{{ k8s_ca_cert_hash }} - delegate_to: "{{ item }}" - with_items: "{{ k8s-nodes }}" \ No newline at end of file + # - name: join nodes to cluster + # shell: kubeadm join [2001:470:6d:22c:42::1]:6443 --token {{ k8s_token }} --discovery-token-ca-cert-hash sha256:{{ k8s_ca_cert_hash }} + # delegate_to: "{{ item }}" + # with_items: "{{ k8s-nodes }}" \ No newline at end of file diff --git a/roles/dns/files/resolv.conf b/roles/dns/files/resolv.conf deleted file mode 100644 index e8512c0..0000000 --- a/roles/dns/files/resolv.conf +++ /dev/null @@ -1,2 +0,0 @@ -search local e2m -nameserver 2001:470:6d:22c::1 diff --git a/roles/dns/files/resolv.conf.j2 b/roles/dns/files/resolv.conf.j2 new file mode 100644 index 0000000..8c19a90 --- /dev/null +++ b/roles/dns/files/resolv.conf.j2 @@ -0,0 +1,2 @@ +search local {{ network_domain }} +nameserver {{ network_dns }} diff --git a/roles/kubernetes/files/kube-router-cni.conf.j2 b/roles/kubernetes/files/kube-router-cni.conf.j2 new file mode 100644 index 0000000..6cb5061 --- /dev/null +++ b/roles/kubernetes/files/kube-router-cni.conf.j2 @@ -0,0 +1,9 @@ +{ + "name":"e2m", + "type":"bridge", + "bridge":"kube-bridge", + "isDefaultGateway":true, + "ipam": { + "type":"host-local" + } +} \ No newline at end of file diff --git a/roles/kubernetes/tasks/firewalld.yml b/roles/kubernetes/tasks/firewalld.yml index 46e3f8f..dda05b7 100644 --- a/roles/kubernetes/tasks/firewalld.yml +++ b/roles/kubernetes/tasks/firewalld.yml @@ -3,33 +3,33 @@ #### FIREWALL TASKS #### ######################## -# ## kubernetes requirements +## kubernetes requirements -# - name: enable port 6443/tcp -# firewalld: -# port: 6443/tcp -# permanent: yes -# state: enabled + - name: enable port 6443/tcp + firewalld: + port: 6443/tcp + permanent: yes + state: enabled -# - name: enable port 10250/tcp -# firewalld: -# port: 10250/tcp -# permanent: yes -# state: enabled + - name: enable port 10250/tcp + firewalld: + port: 10250/tcp + permanent: yes + state: enabled -# - name: enable port 6443/udp -# firewalld: -# port: 6443/udp -# permanent: yes -# state: enabled + - name: enable port 6443/udp + firewalld: + port: 6443/udp + permanent: yes + state: enabled -# - name: enable port 10250/udp -# firewalld: -# port: 10250/udp -# permanent: yes -# state: enabled + - name: enable port 10250/udp + firewalld: + port: 10250/udp + permanent: yes + state: enabled -# ## reload firewalld after setting rules +## reload firewalld after setting rules -# - name: reload firewalld -# shell: firewall-cmd --reload + - name: reload firewalld + shell: firewall-cmd --reload diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml index 9c24edd..f2b8ad9 100644 --- a/roles/kubernetes/tasks/main.yml +++ b/roles/kubernetes/tasks/main.yml @@ -61,14 +61,12 @@ path: /etc/cni/net.d state: directory -# TODO: this -# - name: copy cni config -# template: -# src: "../files/####CNI CONFIG####" -# dest: /etc/cni/net.d/####CNI CONFIG#### -# owner: root -# group: root -# with_items: "{{ kubernetes }}" +- name: copy cni config + template: + src: ../files/kube-router-cni.conf.j2 + dest: /etc/cni/net.d/10-kuberouter.conf + owner: root + group: root - name: install packages yum: @@ -101,6 +99,3 @@ enabled: yes state: restarted daemon_reload: yes - -- name: reboot - reboot: \ No newline at end of file diff --git a/roles/kubernetes/tasks/update_kernel.yml b/roles/kubernetes/tasks/update_kernel.yml index 3007393..2a9a2b7 100644 --- a/roles/kubernetes/tasks/update_kernel.yml +++ b/roles/kubernetes/tasks/update_kernel.yml @@ -27,4 +27,7 @@ line: "GRUB_DEFAULT=0" - name: write grub config - shell: grub2-mkconfig -o /boot/grub2/grub.cfg \ No newline at end of file + shell: grub2-mkconfig -o /boot/grub2/grub.cfg + +- name: reboot + reboot: \ No newline at end of file