Added experimental options to ansible role:

1. Ability to specify control host address, for connecting to a control plane provisioned outside of the role. 2. Ability to specify the control host token, again for connecting to a control plane provisioned outside of the role. 3. Included upstream changes from @nolte to define KubeConfig file permissions.
2024-11-22 11:48:22 +01:00 · 2019-12-04 17:17:15 +00:00 · 2019-12-04 17:17:15 +00:00 · 8f3b2428c8
commit 8f3b2428c8
parent 2b8f354a88
3 changed files with 26 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -41,6 +41,8 @@ consistency.
 | `k3s_github_url`               | Set the GitHub URL to install k3s from.                                  | https://github.com/rancher/k3s |
 | `k3s_install_dir`              | Installation directory for k3s.                                          | `/usr/local/bin`               |
 | `k3s_control_workers`          | Are control hosts also workers?                                          | `true`                         |
+| `k3s_control_node_address`     | Use a specific control node address. IP or FQDN.                         | _NULL_                         |
+| `k3s_control_token`            | Use a specific control token, please read notes below.                   | _NULL_                         |
 | `k3s_https_port`               | HTTPS port listening port.                                               | 6443                           |
 | `k3s_use_docker`               | Use Docker rather than Containerd?                                       | `false`                        |
 | `k3s_no_flannel`               | Do not use Flannel                                                       | `false`                        |
@ -53,6 +55,7 @@ consistency.
 | `k3s_disable_scheduler`        | Disable Kubernetes default scheduler                                     | `false`                        |
 | `k3s_disable_cloud_controller` | Disable k3s default cloud controller manager.                            | `false`                        |
 | `k3s_disable_network_policy`   | Disable k3s default network policy controller.                           | `false`                        |
+| `k3s_write_kubeconfig_mode`    | Define the file mode from the generated KubeConfig, eg. `644`            | _NULL_                         |

 #### Important note about `k3s_release_version`

@ -64,6 +67,16 @@ ensure this is set in your Ansible configuration, eg:
 k3s_release_version: v0.2.0
 ```

+#### Important notes about `k3s_control_node_address` and `k3s_control_token`
+
+If you set this, you are explicitly specifying the control host that agents
+should connect to, the value should be an IP address or FQDN.
+
+If the control host is not configured by this role, then you need to also
+specify the `k3s_control_token`.
+
+Please note that this may potentially break setting up agents.
+
 ### Host Variables

 Below are variables that are set against specific hosts in your inventory.
--- a/tasks/configure-k3s-cluster.yml
+++ b/tasks/configure-k3s-cluster.yml
@ -20,16 +20,24 @@
 - name: Ensure control node is delegated to for obtaining a token
  set_fact:
    k3s_control_delegate: "{{ k3s_control_delegate_raw.stdout.split(' @@@ ')[0] }}"
+  when: k3s_control_node_address is not defined

 - name: Ensure the control node address is registered in Ansible
  set_fact:
    k3s_control_node_address: "{{ hostvars[k3s_control_delegate].ansible_host | default(hostvars[k3s_control_delegate].ansible_fqdn) }}"
+  when: k3s_control_node_address is not defined

 - name: Ensure NODE_TOKEN is captured from control node
  slurp:
    path: "/var/lib/rancher/k3s/server/node-token"
-  register: k3s_control_token
+  register: k3s_slurped_control_token
  delegate_to: "{{ k3s_control_delegate }}"
+  when: k3s_control_token is not defined
+
+- name: Ensure NODE_TOKEN is formatted correctly for use in templates
+  set_fact:
+    k3s_control_token: "{{ k3s_slurped_control_token.content | b64decode }}"
+  when: k3s_control_token is not defined

 - name: Ensure k3s service unit file is present
  template:
--- a/templates/k3s.service.j2
+++ b/templates/k3s.service.j2
@ -44,7 +44,7 @@ ExecStart={{ k3s_install_dir }}/k3s
 {% else %}
    agent
    --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }}
-    --token {{ k3s_control_token.content | b64decode }}
+    --token {{ k3s_control_token }}
 {% endif %}
 {% if k3s_use_docker %}
    --docker
@ -64,6 +64,9 @@ ExecStart={{ k3s_install_dir }}/k3s
 {% if k3s_node_external_address is defined %}
    --node-external-ip {{ k3s_node_external_address }}
 {% endif %}
+{% if k3s_write_kubeconfig_mode is defined %}
+    --write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }}
+{% endif %}
 {% if k3s_node_labels is defined and k3s_node_labels is iterable %}
    {% for label in k3s_node_labels %}
        {% for key, value in label.items() %}