k8s taint module

2022-11-02 13:21:31 +13:00 · 2022-11-02 13:21:31 +13:00 · 73982fd7b7
commit 73982fd7b7
parent 75e78ea7c8
9 changed files with 38 additions and 9 deletions
--- a/ansible/inventory/host_vars/kube01/kube01.yaml
+++ b/ansible/inventory/host_vars/kube01/kube01.yaml
@ -1,3 +1,4 @@
 ---
 ansible_host: kube01.balsillie.net
 ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtk+mk1+J3sZ3CA/yS7XV2wH913IdJj0gznmb/nI2nV ladmin@kube01.balsillie.net
+k8s_remove_control_plane_taint: true
--- a/ansible/inventory/host_vars/kube02/kube02.yaml
+++ b/ansible/inventory/host_vars/kube02/kube02.yaml
@ -1,4 +1,4 @@
 ---
 ansible_host: kube02.balsillie.net
 ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOfsOJJJ34VT9mHv9moHQAQNTAok8sOr49rVTkIfDn9 ladmin@kube02.balsillie.net
-
+k8s_remove_control_plane_taint: true
--- a/ansible/inventory/host_vars/kube03/kube03.yaml
+++ b/ansible/inventory/host_vars/kube03/kube03.yaml
@ -1,3 +1,4 @@
 ---
 ansible_host: kube03.balsillie.net
 ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFqYq3CcxziLbWfp/0VpO5uD/HyjiKTXD8t/dAS01Oq ladmin@kube00.balsillie.net
+k8s_remove_control_plane_taint: true
--- a/ansible/playbooks/05_k8s_deploy.yaml
+++ b/ansible/playbooks/05_k8s_deploy.yaml
@ -12,3 +12,10 @@
  become: false
  roles:
    - k8s_network
+
+- name: remove control-plane taints
+  hosts: localhost
+  gather_facts: false
+  become: false
+  roles:
+    - k8s_taint
--- a/ansible/roles/k8s_network/tasks/main.yaml
+++ b/ansible/roles/k8s_network/tasks/main.yaml
@ -94,6 +94,9 @@
    content: "{{ calico_default_apiserver | to_nice_yaml }}"
    dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"

+# TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work??
+# crd.projectcalico.org/v1
+# projectcalico.org/v3
 - name: write out calico bgp peer definition
  ansible.builtin.copy:
    content: "{{ calico_bgp_peer | to_nice_yaml }}"
--- a/ansible/roles/k8s_taint/tasks/main.yaml
+++ b/ansible/roles/k8s_taint/tasks/main.yaml
@ -0,0 +1,7 @@
+---
+- name: loop remove_taint for control plane nodes # This allows scheduling workloads on control plane nodes
+  with_items: 
+    - "{{ groups['k8s_control'] }}"
+  loop_control:
+    loop_var: node
+  ansible.builtin.include_tasks: remove_taint.yaml
--- a/ansible/roles/k8s_taint/tasks/remove_taint.yaml
+++ b/ansible/roles/k8s_taint/tasks/remove_taint.yaml
@ -0,0 +1,9 @@
+---
+- name: remove control-plane taint from control-plane nodes # terminology 'control-plane' replaced 'master' in v1.20, ~Dec 2020
+  when: hostvars[node].k8s_remove_control_plane_taint | default(false)
+  kubernetes.core.k8s_taint:
+    name: "{{ node }}"
+    state: absent
+    taints:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
--- a/ansible/roles/scratch/tasks/main.yaml
+++ b/ansible/roles/scratch/tasks/main.yaml
@ -1,6 +1,7 @@
 ---
- name: debug hostname
-  ansible.builtin.lineinfile:
-    line: 192.168.199.240 k8s.balsillie.net
-    insertafter: EOF
-    path: /etc/hosts
+- name: install calicoctl
+  community.general.pacman:
+    name: calicoctl
+    state: latest
+    update_cache: yes
+    executable: pikaur
--- a/zz_archived/88_scratch.yaml
+++ b/zz_archived/88_scratch.yaml
@ -1,7 +1,7 @@
 ---
 - name: scratch testing
-  hosts: k8s_control
+  hosts: localhost
  gather_facts: true
-  become: true
+  become: false
  roles:
-    - scratch
+    - k8s_taint