From 316936c036c95e817ac2a1b0f18250b514cbb01d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Cabrera?= <4tt1l4hvnk1r4ly@proton.me> Date: Mon, 4 Nov 2024 12:23:50 +0000 Subject: [PATCH 1/4] docs: first modules' variable docs table --- README.md | 38 ++++++++++++++++++++++++++++++++++ roles/k3s_agent/meta/main.yml | 5 ++++- roles/k3s_server/meta/main.yml | 6 +++++- 3 files changed, 47 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d9a63f7..4ed5e6f 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,44 @@ Then change `server: https://127.0.0.1:6443` to match your master IP: `server: h See the commands [here](https://technotim.live/posts/k3s-etcd-ansible/#testing-your-cluster). +### Variables + +| Role(s) | Variable | Type | Default | Required | Description | +|---|---|---|---|---|---| +| `download` | `k3s_version` | string | ❌ | Required | K3s binaries version | +| `k3s_agent`, `k3s_server` | `apiserver_endpoint` | string | ❌ | Required | Virtual ip-address configured on each master | +| `k3s_agent` | `extra_agent_args` | string | `null` | Not required | Extra arguments for agents nodes | +| `k3s_agent`, `k3s_server` | `group_name_master` | string | `null` | Not required | Name othe master group | +| `k3s_agent` | `k3s_token` | string | `null` | Not required | Token used to communicate between masters | +| `k3s_agent`, `k3s_server` | `proxy_env` | dict | `null` | Not required | Internet proxy configurations | +| `k3s_agent`, `k3s_server` | `proxy_env.HTTP_PROXY` | string | ❌ | Required | HTTP internet proxy | +| `k3s_agent`, `k3s_server` | `proxy_env.HTTPS_PROXY` | string | ❌ | Required | HTTP internet proxy | +| `k3s_agent`, `k3s_server` | `proxy_env.NO_PROXY` | string | ❌ | Required | Addresses that will not use the proxies | +| `k3s_agent`, `k3s_server` | `systemd_dir` | string | `/etc/systemd/system` | Not required | Path to systemd services | +| `k3s_custom_registries` | `custom_registries_yaml` | string | ❌ | Required | YAML block defining custom registries. The following is an example that pulls all images used in this playbook through your private registries. It also allows you to pull your own images from your private registry, without having to use imagePullSecrets in your deployments. If all you need is your own images and you don't care about caching the docker/quay/ghcr.io images, you can just remove those from the mirrors: section. | +| `k3s_server` | `cilium_bgp` | bool | `~` | Not required | Enable cilium BGP control plane for LB services and pod cidrs. Disables the use of MetalLB. | +| `k3s_server` | `cilium_iface` | string | ❌ | Not required | The network interface used for when Cilium is enabled | +| `k3s_server` | `extra_server_args` | string | `""` | Not required | Extra arguments for server nodes | +| `k3s_server` | `k3s_create_kubectl_symlink` | bool | false | Not required | Create the kubectl -> k3s symlink | +| `k3s_server` | `k3s_create_crictl_symlink` | bool | true | Not required | Create the crictl -> k3s symlink | +| `k3s_server` | `kube_vip_arp` | bool | true | Not required | Enables kube-vip ARP broadcasts | +| `k3s_server` | `kube_vip_bgp` | bool | false | Not required | Enables kube-vip BGP peering | +| `k3s_server` | `kube_vip_bgp_routerid` | string | `"127.0.0.1"` | Not required | Defines the router ID for the kube-vip BGP server | +| `k3s_server` | `kube_vip_bgp_as` | string | `"64513"` | Not required | Defines the AS for the kube-vip BGP server | +| `k3s_server` | `kube_vip_bgp_peeraddress` | string | `"192.168.30.1"` | Not required | Defines the address for the kube-vip BGP peer | +| `k3s_server` | `kube_vip_bgp_peeras` | string | `"64512"` | Not required | Defines the AS for the kube-vip BGP peer | +| `k3s_server` | `kube_vip_bgp_peers` | list | `[]` | Not required | List of BGP peer ASN & address pairs | +| `k3s_server` | `kube_vip_bgp_peers_groups` | list | `['k3s_master']` | Not required | Inventory group in which to search for additional `kube_vip_bgp_peers` parameters to merge. | +| `k3s_server` | `kube_vip_iface` | string | `~` | Not required | Explicitly define an interface that ALL control nodes should use to propagate the VIP, define it here. Otherwise, kube-vip will determine the right interface automatically at runtime. | +| `k3s_server` | `kube_vip_tag_version` | string | `v0.7.2` | Not required | Image tag for kube-vip | +| `k3s_server` | `kube_vip_cloud_provider_tag_version` | string | `main` | Not required | Tag for kube-vip-cloud-provider manifest when enable | +| `k3s_server` | `kube_vip_lb_ip_range` | string | `~` | Not required | IP range for kube-vip load balancer | +| `k3s_server` | `metal_lb_controller_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | +| `k3s_server` | `metal_lb_speaker_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | +| `k3s_server` | `metal_lb_type` | string | `native` | Not required | Use FRR mode or native. Valid values are `frr` and `native` | +| `k3s_server` | `retry_count` | int | `20` | Not required | Amount of retries when verifying that nodes joined | +| `k3s_server` | `server_init_args` | string | ❌ | Not required | Arguments for server nodes | + ### Troubleshooting Be sure to see [this post](https://github.com/techno-tim/k3s-ansible/discussions/20) on how to troubleshoot common problems diff --git a/roles/k3s_agent/meta/main.yml b/roles/k3s_agent/meta/main.yml index 04f856a..c903db9 100644 --- a/roles/k3s_agent/meta/main.yml +++ b/roles/k3s_agent/meta/main.yml @@ -19,14 +19,17 @@ argument_specs: proxy_env: type: dict - description: Internet proxy configurations + description: Internet proxy configurations. See https://docs.k3s.io/advanced#configuring-an-http-proxy for details default: ~ options: HTTP_PROXY: + description: HTTP internet proxy required: true HTTPS_PROXY: + description: HTTPS internet proxy required: true NO_PROXY: + description: Addresses that will not use the proxies required: true systemd_dir: diff --git a/roles/k3s_server/meta/main.yml b/roles/k3s_server/meta/main.yml index 6c5b53f..42b4910 100644 --- a/roles/k3s_server/meta/main.yml +++ b/roles/k3s_server/meta/main.yml @@ -103,17 +103,21 @@ argument_specs: - frr - native default: native + description: Use FRR mode or native. Valid values are `frr` and `native` proxy_env: type: dict - description: Internet proxy configurations + description: Internet proxy configurations. See https://docs.k3s.io/advanced#configuring-an-http-proxy for details default: ~ options: HTTP_PROXY: + description: HTTP internet proxy required: true HTTPS_PROXY: + description: HTTPS internet proxy required: true NO_PROXY: + description: Addresses that will not use the proxies required: true retry_count: From d696363f159009ac113be35f77dd4fc9ba219657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Cabrera?= <4tt1l4hvnk1r4ly@proton.me> Date: Mon, 4 Nov 2024 13:25:03 +0000 Subject: [PATCH 2/4] docs: variables for k3s_server_post --- README.md | 48 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4ed5e6f..d91700c 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ See the commands [here](https://technotim.live/posts/k3s-etcd-ansible/#testing-y | Role(s) | Variable | Type | Default | Required | Description | |---|---|---|---|---|---| | `download` | `k3s_version` | string | ❌ | Required | K3s binaries version | -| `k3s_agent`, `k3s_server` | `apiserver_endpoint` | string | ❌ | Required | Virtual ip-address configured on each master | +| `k3s_agent`, `k3s_server`, `k3s_server_post` | `apiserver_endpoint` | string | ❌ | Required | Virtual ip-address configured on each master | | `k3s_agent` | `extra_agent_args` | string | `null` | Not required | Extra arguments for agents nodes | | `k3s_agent`, `k3s_server` | `group_name_master` | string | `null` | Not required | Name othe master group | | `k3s_agent` | `k3s_token` | string | `null` | Not required | Token used to communicate between masters | @@ -132,13 +132,13 @@ See the commands [here](https://technotim.live/posts/k3s-etcd-ansible/#testing-y | `k3s_agent`, `k3s_server` | `proxy_env.NO_PROXY` | string | ❌ | Required | Addresses that will not use the proxies | | `k3s_agent`, `k3s_server` | `systemd_dir` | string | `/etc/systemd/system` | Not required | Path to systemd services | | `k3s_custom_registries` | `custom_registries_yaml` | string | ❌ | Required | YAML block defining custom registries. The following is an example that pulls all images used in this playbook through your private registries. It also allows you to pull your own images from your private registry, without having to use imagePullSecrets in your deployments. If all you need is your own images and you don't care about caching the docker/quay/ghcr.io images, you can just remove those from the mirrors: section. | -| `k3s_server` | `cilium_bgp` | bool | `~` | Not required | Enable cilium BGP control plane for LB services and pod cidrs. Disables the use of MetalLB. | -| `k3s_server` | `cilium_iface` | string | ❌ | Not required | The network interface used for when Cilium is enabled | +| `k3s_server`, `k3s_server_post` | `cilium_bgp` | bool | `~` | Not required | Enable cilium BGP control plane for LB services and pod cidrs. Disables the use of MetalLB. | +| `k3s_server`, `k3s_server_post` | `cilium_iface` | string | ❌ | Not required | The network interface used for when Cilium is enabled | | `k3s_server` | `extra_server_args` | string | `""` | Not required | Extra arguments for server nodes | -| `k3s_server` | `k3s_create_kubectl_symlink` | bool | false | Not required | Create the kubectl -> k3s symlink | -| `k3s_server` | `k3s_create_crictl_symlink` | bool | true | Not required | Create the crictl -> k3s symlink | -| `k3s_server` | `kube_vip_arp` | bool | true | Not required | Enables kube-vip ARP broadcasts | -| `k3s_server` | `kube_vip_bgp` | bool | false | Not required | Enables kube-vip BGP peering | +| `k3s_server` | `k3s_create_kubectl_symlink` | bool | `false` | Not required | Create the kubectl -> k3s symlink | +| `k3s_server` | `k3s_create_crictl_symlink` | bool | `true` | Not required | Create the crictl -> k3s symlink | +| `k3s_server` | `kube_vip_arp` | bool | `true` | Not required | Enables kube-vip ARP broadcasts | +| `k3s_server` | `kube_vip_bgp` | bool | `false` | Not required | Enables kube-vip BGP peering | | `k3s_server` | `kube_vip_bgp_routerid` | string | `"127.0.0.1"` | Not required | Defines the router ID for the kube-vip BGP server | | `k3s_server` | `kube_vip_bgp_as` | string | `"64513"` | Not required | Defines the AS for the kube-vip BGP server | | `k3s_server` | `kube_vip_bgp_peeraddress` | string | `"192.168.30.1"` | Not required | Defines the address for the kube-vip BGP peer | @@ -148,12 +148,42 @@ See the commands [here](https://technotim.live/posts/k3s-etcd-ansible/#testing-y | `k3s_server` | `kube_vip_iface` | string | `~` | Not required | Explicitly define an interface that ALL control nodes should use to propagate the VIP, define it here. Otherwise, kube-vip will determine the right interface automatically at runtime. | | `k3s_server` | `kube_vip_tag_version` | string | `v0.7.2` | Not required | Image tag for kube-vip | | `k3s_server` | `kube_vip_cloud_provider_tag_version` | string | `main` | Not required | Tag for kube-vip-cloud-provider manifest when enable | -| `k3s_server` | `kube_vip_lb_ip_range` | string | `~` | Not required | IP range for kube-vip load balancer | -| `k3s_server` | `metal_lb_controller_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | +| `k3s_server`, `k3_server_post` | `kube_vip_lb_ip_range` | string | `~` | Not required | IP range for kube-vip load balancer | +| `k3s_server`, `k3s_server_post` | `metal_lb_controller_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | | `k3s_server` | `metal_lb_speaker_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | | `k3s_server` | `metal_lb_type` | string | `native` | Not required | Use FRR mode or native. Valid values are `frr` and `native` | | `k3s_server` | `retry_count` | int | `20` | Not required | Amount of retries when verifying that nodes joined | | `k3s_server` | `server_init_args` | string | ❌ | Not required | Arguments for server nodes | +| `k3s_server_post` | `bpf_lb_algorithm` | string | `maglev` | Not required | BPF lb algorithm | +| `k3s_server_post` | `bpf_lb_mode` | string | `hybrid` | Not required | BPF lb mode | +| `k3s_server_post` | `calico_blocksize` | int | `26` | Not required | IP pool block size | +| `k3s_server_post` | `calico_ebpf` | bool | `false` | Not required | Use eBPF dataplane instead of iptables | +| `k3s_server_post` | `calico_encapsulation` | string | `VXLANCrossSubnet` | Not required | IP pool encapsulation | +| `k3s_server_post` | `calico_natOutgoing` | string | `Enabled` | Not required | IP pool NAT outgoing | +| `k3s_server_post` | `calico_nodeSelector` | string | `all()` | Not required | IP pool node selector | +| `k3s_server_post` | `calico_iface` | string | `~` | Not required | The network interface used for when Calico is enabled | +| `k3s_server_post` | `calico_tag` | string | `v3.27.2` | Not required | Calico version tag | +| `k3s_server_post` | `cilium_bgp_my_asn` | int | `64513` | Not required | Local ASN for BGP peer | +| `k3s_server_post` | `cilium_bgp_peer_asn` | int | `64512` | Not required | BGP peer ASN | +| `k3s_server_post` | `cilium_bgp_peer_address` | string | `~` | Not required | BGP peer address | +| `k3s_server_post` | `cilium_bgp_neighbors` | list | `[]` | Not required | List of BGP peer ASN & address pairs | +| `k3s_server_post` | `cilium_bgp_neighbors_groups` | list | `['k3s_all']` | Not required | Inventory group in which to search for additional `cilium_bgp_neighbors` parameters to merge. | +| `k3s_server_post` | `cilium_bgp_lb_cidr` | string | `192.168.31.0/24` | Not required | BGP load balancer IP range | +| `k3s_server_post` | `cilium_exportPodCIDR` | bool | `true` | Not required | Export pod CIDR | +| `k3s_server_post` | `cilium_hubble` | bool | `true` | Not required | Enable Cilium Hubble | +| `k3s_server_post` | `cilium_hubble` | bool | `true` | Not required | Enable Cilium Hubble | +| `k3s_server_post` | `cilium_mode` | string | `native` | Not required | Inner-node communication mode (choices are `native` and `routed`) | +| `k3s_server_post` | `cluster_cidr` | string | `10.52.0.0/16` | Not required | Inner-cluster IP range | +| `k3s_server_post` | `enable_bpf_masquerade` | bool | `true` | Not required | Use IP masquerading | +| `k3s_server_post` | `kube_proxy_replacement` | bool | `true` | Not required | Replace the native kube-proxy with Cilium | +| `k3s_server_post` | `metal_lb_available_timeout` | string | `240s` | Not required | Wait for MetalLB resources | +| `k3s_server_post` | `metal_lb_ip_range` | string | `192.168.30.80-192.168.30.90` | Not required | MetalLB ip range for load balancer | +| `k3s_server_post` | `metal_lb_controller_tag_version` | string | `v0.14.3` | Not required | Image tag for MetalLB | +| `k3s_server_post` | `metal_lb_mode` | string | `layer2` | Not required | Metallb mode (choices are `bgp` and `layer2`) | +| `k3s_server_post` | `metal_lb_bgp_my_asn` | string | `~` | Not required | BGP ASN configurations | +| `k3s_server_post` | `metal_lb_bgp_peer_asn` | string | `~` | Not required | BGP peer ASN configurations | +| `k3s_server_post` | `metal_lb_bgp_peer_address` | string | `~` | Not required | BGP peer address | + ### Troubleshooting From 1b571e21d617f67fd49026d467a7674ed1ce33c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Cabrera?= <4tt1l4hvnk1r4ly@proton.me> Date: Mon, 4 Nov 2024 21:17:52 +0000 Subject: [PATCH 3/4] docs: lxc and prereq vars in README --- README.md | 2 ++ roles/lxc/meta/main.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/README.md b/README.md index d91700c..ed9f9ea 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,8 @@ See the commands [here](https://technotim.live/posts/k3s-etcd-ansible/#testing-y | `k3s_server_post` | `metal_lb_bgp_my_asn` | string | `~` | Not required | BGP ASN configurations | | `k3s_server_post` | `metal_lb_bgp_peer_asn` | string | `~` | Not required | BGP peer ASN configurations | | `k3s_server_post` | `metal_lb_bgp_peer_address` | string | `~` | Not required | BGP peer address | +| `lxc` | `custom_reboot_command` | string | `~` | Not required | Command to run on reboot | +| `prereq` | `system_timezone` | string | `null` | Not required | Timezone to be set on all nodes | ### Troubleshooting diff --git a/roles/lxc/meta/main.yml b/roles/lxc/meta/main.yml index 497d61b..42847df 100644 --- a/roles/lxc/meta/main.yml +++ b/roles/lxc/meta/main.yml @@ -5,3 +5,4 @@ argument_specs: options: custom_reboot_command: default: ~ + description: Command to run on reboot From 401a2406c8d6729e43b1e6536d41f7a76b05781a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Cabrera?= <4tt1l4hvnk1r4ly@proton.me> Date: Mon, 4 Nov 2024 21:31:51 +0000 Subject: [PATCH 4/4] style: lint errors --- roles/k3s_agent/meta/main.yml | 4 +++- roles/k3s_server/meta/main.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/k3s_agent/meta/main.yml b/roles/k3s_agent/meta/main.yml index c903db9..cec4ba0 100644 --- a/roles/k3s_agent/meta/main.yml +++ b/roles/k3s_agent/meta/main.yml @@ -19,7 +19,9 @@ argument_specs: proxy_env: type: dict - description: Internet proxy configurations. See https://docs.k3s.io/advanced#configuring-an-http-proxy for details + description: + - Internet proxy configurations. + - See https://docs.k3s.io/advanced#configuring-an-http-proxy for details default: ~ options: HTTP_PROXY: diff --git a/roles/k3s_server/meta/main.yml b/roles/k3s_server/meta/main.yml index 42b4910..7d9fbfd 100644 --- a/roles/k3s_server/meta/main.yml +++ b/roles/k3s_server/meta/main.yml @@ -107,7 +107,9 @@ argument_specs: proxy_env: type: dict - description: Internet proxy configurations. See https://docs.k3s.io/advanced#configuring-an-http-proxy for details + description: + - Internet proxy configurations. + - See https://docs.k3s.io/advanced#configuring-an-http-proxy for details default: ~ options: HTTP_PROXY: