tim/k3s-ansible
1
0
Fork 1
mirror of https://github.com/techno-tim/k3s-ansible.git synced 2025-12-28 19:52:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge 7239c927de into b86156b995

Browse Source
This commit is contained in:
Techno Tim
2024-07-27 19:24:12 +00:00
committed by GitHub
parent b86156b995 7239c927de
commit cb55257925
8 changed files with 69 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/lint.yml vendored
View File

@@ -47,7 +47,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
- name: Ensure SHA pinned actions
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2f2ebc6d914ab515939dc13f570f91baeb2c194c # 3.0.6
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@74606c30450304eee8660aae751818321754feb1 # 3.0.9
with:
allowlist: |
aws-actions/

12
inventory/sample/group_vars/all.yml
View File

@@ -1,5 +1,5 @@
---
k3s_version: v1.29.2+k3s1
k3s_version: v1.30.2+k3s2
# this is the user that has ssh access to these machines
ansible_user: ansibleuser
systemd_dir: /etc/systemd/system
@@ -13,13 +13,13 @@ flannel_iface: "eth0"
# uncomment calico_iface to use tigera operator/calico cni instead of flannel https://docs.tigera.io/calico/latest/about
# calico_iface: "eth0"
calico_ebpf: false # use eBPF dataplane instead of iptables
calico_tag: "v3.27.2" # calico version tag
calico_tag: "v3.28.0" # calico version tag
# uncomment cilium_iface to use cilium cni instead of flannel or calico
# ensure v4.19.57, v5.1.16, v5.2.0 or more recent kernel
# cilium_iface: "eth0"
cilium_mode: "native" # native when nodes on same subnet or using bgp, else set routed
cilium_tag: "v1.15.2" # cilium version tag
cilium_tag: "v1.16.0" # cilium version tag
cilium_hubble: true # enable hubble observability relay and ui
# if using calico or cilium, you may specify the cluster pod cidr pool
@@ -72,7 +72,7 @@ extra_agent_args: >-
{{ extra_args }}
# image tag for kube-vip
kube_vip_tag_version: "v0.7.2"
kube_vip_tag_version: "v0.8.2"
# tag for kube-vip-cloud-provider manifest
# kube_vip_cloud_provider_tag_version: "main"
@@ -93,8 +93,8 @@ metal_lb_mode: "layer2"
# metal_lb_bgp_peer_address: "192.168.30.1"
# image tag for metal lb
metal_lb_speaker_tag_version: "v0.14.3"
metal_lb_controller_tag_version: "v0.14.3"
metal_lb_speaker_tag_version: "v0.14.8"
metal_lb_controller_tag_version: "v0.14.8"
# metallb ip range for load balancer
metal_lb_ip_range: "192.168.30.80-192.168.30.90"

2
molecule/cilium/overrides.yml
View File

@@ -6,7 +6,7 @@
ansible.builtin.set_fact:
# See:
# https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant
cilium_iface: eth1
cilium_iface: eth0
# The test VMs might be a bit slow, so we give them more time to join the cluster:
retry_count: 45

2
requirements.txt
View File

@@ -6,7 +6,7 @@
#
ansible-compat==4.1.11
# via molecule
ansible-core==2.17.0
ansible-core==2.16.6
# via
# -r requirements.in
# ansible-compat

34
roles/k3s_server_post/tasks/cilium.yml
View File

@@ -221,10 +221,9 @@
- name: Configure Cilium BGP
when: cilium_bgp
block:
- name: Copy BGP manifests to first master
ansible.builtin.template:
src: "cilium.crs.j2"
src: "cilium-bgp.crs.j2"
dest: /tmp/k3s/cilium-bgp.yaml
owner: root
group: root
@@ -247,6 +246,37 @@
ansible.builtin.command: "{{ item }}"
loop:
- k3s kubectl get CiliumBGPPeeringPolicy.cilium.io
changed_when: false
loop_control:
label: "{{ item }}"
- name: Configure Cilium Load Balancer
when: cilium_iface
block:
- name: Copy Load Balancer manifests to first master
ansible.builtin.template:
src: "cilium-lb.crs.j2"
dest: /tmp/k3s/cilium-lb.yaml
owner: root
group: root
mode: 0755
- name: Apply LB manifests
ansible.builtin.command:
cmd: kubectl apply -f /tmp/k3s/cilium-lb.yaml
register: apply_cr
changed_when: "'configured' in apply_cr.stdout or 'created' in apply_cr.stdout"
failed_when: "'is invalid' in apply_cr.stderr"
ignore_errors: true
- name: Print error message if LB manifests application fails
ansible.builtin.debug:
msg: "{{ apply_cr.stderr }}"
when: "'is invalid' in apply_cr.stderr"
- name: Test for LB config resources
ansible.builtin.command: "{{ item }}"
loop:
- k3s kubectl get CiliumLoadBalancerIPPool.cilium.io
changed_when: false
loop_control:

16
roles/k3s_server_post/tasks/metallb.yml
View File

@@ -83,9 +83,23 @@
loop_control:
label: "{{ item.description }}"
- name: Set metallb webhook service name
set_fact:
metallb_webhook_service_name: >-
{{
(
(metal_lb_controller_tag_version | regex_replace('^v', ''))
is
version('0.14.4', '<', version_type='semver')
) | ternary(
'webhook-service',
'metallb-webhook-service'
)
}}
- name: Test metallb-system webhook-service endpoint
command: >-
k3s kubectl -n metallb-system get endpoints webhook-service
k3s kubectl -n metallb-system get endpoints {{ metallb_webhook_service_name }}
changed_when: false
with_items: "{{ groups[group_name_master | default('master')] }}"
run_once: true

13
roles/k3s_server_post/templates/cilium.crs.j2 → roles/k3s_server_post/templates/cilium-bgp.crs.j2
View File

@@ -19,16 +19,3 @@ spec: # CiliumBGPPeeringPolicySpec
serviceSelector:
matchExpressions:
- {key: somekey, operator: NotIn, values: ['never-used-value']}
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "01-lb-pool"
spec:
blocks:
{% if "/" in cilium_bgp_lb_cidr %}
- cidr: {{ cilium_bgp_lb_cidr }}
{% else %}
- start: {{ cilium_bgp_lb_cidr.split('-')[0] }}
stop: {{ cilium_bgp_lb_cidr.split('-')[1] }}
{% endif %}

13
roles/k3s_server_post/templates/cilium-lb.crs.j2 Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "01-lb-pool"
spec:
blocks:
{% if "/" in cilium_bgp_lb_cidr %}
- cidr: {{ cilium_bgp_lb_cidr }}
{% else %}
- start: {{ cilium_bgp_lb_cidr.split('-')[0] }}
stop: {{ cilium_bgp_lb_cidr.split('-')[1] }}
{% endif %}