From 9b800d9fba3eff1a286a3a7c5639cd6543989d84 Mon Sep 17 00:00:00 2001 From: Xan Manning Date: Mon, 19 Oct 2020 20:26:12 +0100 Subject: [PATCH] moving to file-based config --- defaults/main.yml | 6 + molecule/docker/converge.yml | 7 +- tasks/build/configure-k3s-cluster.yml | 12 +- tasks/build/install-k3s.yml | 21 ++ tasks/main.yml | 8 +- tasks/state-installed.yml | 3 - tasks/state-validated.yml | 2 +- tasks/validate/check-cluster-nodes-ready.yml | 4 +- .../validate/check-experimental-variables.yml | 22 +-- tasks/validate/post-install.yml | 2 +- tasks/validate/pre-flight.yml | 12 ++ templates/config.yaml.j2 | 11 ++ templates/k3s.service.j2 | 185 +----------------- 13 files changed, 83 insertions(+), 212 deletions(-) create mode 100644 tasks/validate/pre-flight.yml create mode 100644 templates/config.yaml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 6e5c136..d596b24 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,6 +32,9 @@ k3s_install_dir: /usr/local/bin # Install using hard links rather than symbolic links k3s_install_hard_links: false +# Use Docker rather than containerd +k3s_use_docker: false + # A list of templates used for preconfigure the cluster. k3s_server_manifests_templates: [] @@ -49,6 +52,7 @@ k3s_use_unsupported_config: false # k3s_server: # listen-port: 6443 +k3s_server: null ## # Agent Configuration @@ -59,6 +63,8 @@ k3s_use_unsupported_config: false # - "foo=bar" # - "bish=bosh" +k3s_agent: null + ## # Ansible Controller configuration ## diff --git a/molecule/docker/converge.yml b/molecule/docker/converge.yml index 3700ddc..be09ada 100644 --- a/molecule/docker/converge.yml +++ b/molecule/docker/converge.yml @@ -4,8 +4,11 @@ become: true vars: molecule_is_test: true + k3s_release_version: latest k3s_use_docker: true - k3s_https_port: 26443 - k3s_cluster_domain: examplecluster.local + k3s_skip_validation: true + k3s_server: + https-listen-port: 26443 + cluster-domain: examplecluster.local roles: - role: xanmanning.k3s diff --git a/tasks/build/configure-k3s-cluster.yml b/tasks/build/configure-k3s-cluster.yml index 175a69c..c5aa581 100644 --- a/tasks/build/configure-k3s-cluster.yml +++ b/tasks/build/configure-k3s-cluster.yml @@ -31,7 +31,7 @@ src: cluster-token.j2 dest: "{{ k3s_token_location }}/cluster-token" mode: 0600 - become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" when: (k3s_control_node and not k3s_primary_control_node) or not k3s_control_node notify: @@ -47,6 +47,16 @@ - reload systemd - restart k3s +- name: Ensure k3s config file exists on control plane + template: + src: config.yaml.j2 + dest: "{{ k3s_config_file }}" + mode: 0644 + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + - name: Ensure secondary masters are started service: name: k3s diff --git a/tasks/build/install-k3s.yml b/tasks/build/install-k3s.yml index 4f9f990..b129729 100644 --- a/tasks/build/install-k3s.yml +++ b/tasks/build/install-k3s.yml @@ -18,11 +18,32 @@ - restart k3s become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" +- name: Ensure config directory exists + file: + path: "{{ k3s_config_file | dirname }}" + state: directory + mode: 0755 + recurse: true + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" + - name: Ensure systemd unit file directory exists file: path: "{{ k3s_systemd_unit_directory }}" state: directory mode: 0755 + become: "{{ k3s_become_for_systemd | ternary(true, false, k3s_become_for_all) }}" + +- name: Ensure k3s config file exists on control plane + template: + src: config.yaml.j2 + dest: "{{ k3s_config_file }}" + mode: 0644 + when: (k3s_control_node and k3s_controller_count | length == 1) + or (k3s_primary_control_node and k3s_controller_count | length > 1) + notify: + - reload systemd + - restart k3s + become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}" - name: Ensure k3s service unit file is present on control plane template: diff --git a/tasks/main.yml b/tasks/main.yml index 6ea8c4e..bcefc18 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,5 @@ --- -- name: Check to see if k3s_state is a supported value - assert: - that: - - k3s_state in k3s_valid_states - fail_msg: "k3s_state not valid. Check README.md for details." - success_msg: "k3s_state is valid." - when: k3s_state is defined +- import_tasks: validate/pre-flight.yml - include_tasks: state-{{ (k3s_state | lower) | default('installed') }}.yml diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml index a51174a..b6ea95a 100644 --- a/tasks/state-installed.yml +++ b/tasks/state-installed.yml @@ -1,8 +1,5 @@ --- -- import_tasks: validate/check-environment.yml - when: not k3s_skip_validation - - import_tasks: build/preconfigure-k3s.yml - import_tasks: teardown/drain-and-remove-nodes.yml diff --git a/tasks/state-validated.yml b/tasks/state-validated.yml index 9cfe1d1..a94e0b3 100644 --- a/tasks/state-validated.yml +++ b/tasks/state-validated.yml @@ -1,6 +1,6 @@ --- -- import_tasks: validate/check-environment.yml +- import_tasks: validate/pre-flight.yml - import_tasks: validate/main.yml diff --git a/tasks/validate/check-cluster-nodes-ready.yml b/tasks/validate/check-cluster-nodes-ready.yml index 5c81fd2..478998e 100644 --- a/tasks/validate/check-cluster-nodes-ready.yml +++ b/tasks/validate/check-cluster-nodes-ready.yml @@ -10,5 +10,7 @@ and kubectl_get_nodes_result.stdout.find("NotReady") == -1 retries: 30 delay: 20 - when: k3s_control_node and not k3s_no_flannel and not ansible_check_mode + when: k3s_control_node + and (k3s_server.disable is defined and 'flannel' not in k3s_server.disable) + and not ansible_check_mode become: "{{ k3s_become_for_kubectl | ternary(true, false, k3s_become_for_all) }}" diff --git a/tasks/validate/check-experimental-variables.yml b/tasks/validate/check-experimental-variables.yml index 8e2dab6..f3a6818 100644 --- a/tasks/validate/check-experimental-variables.yml +++ b/tasks/validate/check-experimental-variables.yml @@ -6,19 +6,9 @@ - k3s_use_experimental is defined and k3s_use_experimental success_msg: "Experimental variables are defined and enabled." fail_msg: "Experimental variables have been configured. If you want to use them ensure you set k3s_use_experimental" - when: (k3s_non_root is defined and k3s_non_root) - or (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) - or (k3s_etcd_datastore is defined and k3s_etcd_datastore) - or (k3s_secrets_encryption is defined and k3s_secrets_encryption) - or (k3s_enable_selinux is defined and k3s_enable_selinux) - -- name: Check if experimental dqlite is being used and k3s_use_unsupported_config is configured - assert: - that: - - k3s_use_unsupported_config is defined and k3s_use_unsupported_config - success_msg: "Unsupported use of dqlite backend is enabled." - fail_msg: | - Embedded DQLite is no longer supported and there is no upgrade path to use Etcd! - If you're sure you want to use it set k3s_use_unsupported_config. This will break in v1.19! - when: k3s_use_experimental - and (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) + when: (k3s_server.rootless is defined and k3s_server.rootless) + or (k3s_agent.rootless is defined and k3s_agent.rootless) + or (k3s_server.etcd-datastore is defined and k3s_server.etcd-datastore) + or (k3s_server.secrets-encryption is defined and k3s_server.secrets-encryption) + or (k3s_agent.secrets-encryption is defined and k3s_agent.secrets-encryption) + or (k3s_server.selinux is defined and k3s_server.selinux) diff --git a/tasks/validate/post-install.yml b/tasks/validate/post-install.yml index 728e247..86393ac 100644 --- a/tasks/validate/post-install.yml +++ b/tasks/validate/post-install.yml @@ -1,4 +1,4 @@ --- - import_tasks: check-control-plane.yml -- import_tasks: check-clustr-nodes-ready.yml +- import_tasks: check-cluster-nodes-ready.yml diff --git a/tasks/validate/pre-flight.yml b/tasks/validate/pre-flight.yml new file mode 100644 index 0000000..4039c1a --- /dev/null +++ b/tasks/validate/pre-flight.yml @@ -0,0 +1,12 @@ +--- + +- name: Check to see if k3s_state is a supported value + assert: + that: + - k3s_state in k3s_valid_states + fail_msg: "k3s_state not valid. Check README.md for details." + success_msg: "k3s_state is valid." + when: k3s_state is defined + +- import_tasks: check-environment.yml + when: not k3s_skip_validation diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 new file mode 100644 index 0000000..a766899 --- /dev/null +++ b/templates/config.yaml.j2 @@ -0,0 +1,11 @@ +--- + +{% if k3s_control_node %} +{% if k3s_server is defined and k3s_server != None %} +{{ k3s_server | to_nice_yaml(indent=2) }} +{% endif %} +{% else %} +{% if k3s_agent is defined and k3s_agent != None %} +{{ k3s_agent | to_nice_yaml(indent=2) }} +{% endif %} +{% endif %} diff --git a/templates/k3s.service.j2 b/templates/k3s.service.j2 index 4d86782..e8455cf 100644 --- a/templates/k3s.service.j2 +++ b/templates/k3s.service.j2 @@ -16,192 +16,17 @@ ExecStart={{ k3s_install_dir }}/k3s {% endif %} {% if k3s_control_node %} server - {% if k3s_bind_address is defined %} - --bind-address {{ k3s_bind_address }} - {% endif %} - {% if k3s_non_root is defined and k3s_non_root %} - --rootless - {% endif %} - {% if k3s_https_port != 6443 %} - --https-listen-port {{ k3s_https_port }} - {% endif %} - {% if k3s_disable_scheduler %} - --disable-scheduler - {% endif %} - {% if k3s_disable_cloud_controller %} - --disable-cloud-controller - {% endif %} - {% if k3s_disable_network_policy %} - --disable-network-policy - {% endif %} - {% if k3s_disable_kube_proxy %} - --disable-kube-proxy - {% endif %} - {% if k3s_no_flannel %} - {% if (k3s_release_version | replace('v', '')) is version_compare('1.0.0', '>=') %} - --flannel-backend none - {% else %} - --no-flannel - {% endif %} - {% endif %} - {% if k3s_cluster_cidr is defined %} - --cluster-cidr {{ k3s_cluster_cidr }} - {% endif %} - {% if k3s_service_cidr is defined %} - --service-cidr {{ k3s_service_cidr }} - {% endif %} - {% if k3s_flannel_backend is defined and not k3s_no_flannel %} - --flannel-backend {{ k3s_flannel_backend }} - {% endif %} - {% if k3s_private_registry is defined and k3s_private_registry %} - --private-registry {{ k3s_private_registry }} - {% endif %} - {{ ' --disable coredns' if k3s_no_coredns else '' }}{{ ' --disable servicelb' if k3s_no_servicelb else '' }}{{ ' --disable traefik' if k3s_no_traefik else '' }}{{ ' --disable local-storage' if k3s_no_local_storage else '' }}{{ ' --disable metrics-server' if k3s_no_metrics_server else '' }} - {% if not k3s_no_local_storage and k3s_default_local_storage_path is defined and k3s_default_local_storage_path %} - --default-local-storage-path {{ k3s_default_local_storage_path }} - {% endif %} - {% if k3s_cluster_dns is defined and k3s_cluster_dns %} - --cluster-dns {{ k3s_cluster_dns }} - {% endif %} - {% if k3s_cluster_domain is defined and k3s_cluster_domain != "cluster.local" %} - --cluster-domain {{ k3s_cluster_domain }} - {% endif %} - {% if k3s_datastore_endpoint is defined and k3s_datastore_endpoint %} - --datastore-endpoint "{{ k3s_datastore_endpoint }}" - {% if k3s_datastore_cafile is defined and k3s_datastore_cafile %} - --datastore-cafile {{ k3s_datastore_cafile }} - {% endif %} - {% if k3s_datastore_certfile is defined and k3s_datastore_certfile %} - --datastore-certfile {{ k3s_datastore_certfile }} - {% endif %} - {% if k3s_datastore_keyfile is defined and k3s_datastore_keyfile %} - --datastore-keyfile {{ k3s_datastore_keyfile }} - {% endif %} - {% endif %} - {% if (k3s_dqlite_datastore is defined and k3s_dqlite_datastore) or (k3s_etcd_datastore is defined and k3s_etcd_datastore) %} - {% if k3s_primary_control_node is defined and k3s_primary_control_node %} - --cluster-init - {% else %} - --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} - --token-file {{ k3s_token_location }}/cluster-token - {% endif %} - {% if k3s_etcd_disable_snapshots %} - --etcd-disable-snapshots - {% else %} - {% if k3s_etcd_snapshot_schedule_cron is defined %} - --etcd-snapshot-schedule-cron "{{ k3s_etcd_snapshot_schedule_cron }}" - {% endif %} - {% if k3s_etcd_snapshot_retention is defined %} - --etcd-snapshot-retention {{ k3s_etcd_snapshot_retention }} - {% endif %} - {% if k3s_etcd_snapshot_directory is defined %} - --etcd-snapshot-dir {{ k3s_etcd_snapshot_directory }} - {% endif %} - {% endif %} - {% endif %} - {% if k3s_secrets_encryption is defined and k3s_secrets_encryption %} - --secrets-encryption - {% endif %} - {% if k3s_kube_apiserver_args is defined and k3s_kube_apiserver_args is iterable %} - {% for arg in k3s_kube_apiserver_args %} - {% for key, value in arg.items() %} - --kube-apiserver-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_scheduler_args is defined and k3s_kube_scheduler_args is iterable %} - {% for arg in k3s_kube_scheduler_args %} - {% for key, value in arg.items() %} - --kube-scheduler-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_controller_manager_args is defined and k3s_kube_controller_manager_args is iterable %} - {% for arg in k3s_kube_controller_manager_args %} - {% for key, value in arg.items() %} - --kube-controller-manager-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} - {% endif %} - {% if k3s_kube_cloud_controller_manager_args is defined and k3s_kube_cloud_controller_manager_args is iterable %} - {% for arg in k3s_kube_cloud_controller_manager_args %} - {% for key, value in arg.items() %} - --kube-cloud-controller-manager-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} + {% if k3s_server is defined %} + --config {{ k3s_config_file }} {% endif %} {% else %} agent - --server https://{{ k3s_control_node_address }}:{{ k3s_https_port }} + --server https://{{ k3s_control_node_address }}:{{ k3s_server['https-listen-port'] | default(6443) }} --token-file {{ k3s_token_location }}/cluster-token -{% endif %} -{% if k3s_enable_selinux %} - --selinux -{% endif %} -{% if k3s_resolv_conf is defined and k3s_resolv_conf %} - --resolv-conf {{ k3s_resolv_conf }} -{% endif %} -{% if k3s_tls_san is defined and k3s_tls_san is iterable %} - {% for san in k3s_tls_san %} - --tls-san {{ san }} - {% endfor %} -{% else %} - {% if k3s_tls_san is defined and k3s_tls_san %} - --tls-san {{ k3s_tls_san }} + {% if k3s_agent is defined %} + --config {{ k3s_config_file }} {% endif %} {% endif %} -{% if k3s_node_data_dir is defined %} - --data-dir {{ k3s_node_data_dir }} -{% endif %} -{% if k3s_use_docker %} - --docker -{% endif %} -{% if k3s_flannel_interface is defined and not k3s_no_flannel %} - --flannel-iface {{ k3s_flannel_interface }} -{% endif %} -{% if k3s_node_name is defined %} - --node-name {{ k3s_node_name }} -{% endif %} -{% if k3s_node_id is defined %} - --with-node-id {{ k3s_node_id }} -{% endif %} -{% if k3s_node_ip_address is defined %} - --node-ip {{ k3s_node_ip_address }} -{% endif %} -{% if k3s_node_external_address is defined %} - --node-external-ip {{ k3s_node_external_address }} -{% endif %} -{% if k3s_write_kubeconfig_mode is defined %} - --write-kubeconfig-mode {{ k3s_write_kubeconfig_mode }} -{% endif %} -{% if k3s_node_labels is defined and k3s_node_labels is iterable %} - {% for label in k3s_node_labels %} - {% for key, value in label.items() %} - --node-label {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_node_taints is defined and k3s_node_taints is iterable %} - {% for taint in k3s_node_taints %} - {% for key, value in taint.items() %} - --node-taint {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_kubelet_args is defined and k3s_kubelet_args is iterable %} - {% for arg in k3s_kubelet_args %} - {% for key, value in arg.items() %} - --kubelet-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} -{% if k3s_kube_proxy_args is defined and k3s_kube_proxy_args is iterable %} - {% for arg in k3s_kube_proxy_args %} - {% for key, value in arg.items() %} - --kube-proxy-arg {{ key }}={{ value }} - {% endfor %} - {% endfor %} -{% endif %} {% endfilter %} {% endfilter %}