From 73982fd7b7bfc6d51f1b1aae8ffc3ccc820c6379 Mon Sep 17 00:00:00 2001 From: michael Date: Wed, 2 Nov 2022 13:21:31 +1300 Subject: [PATCH] k8s taint module --- ansible/inventory/host_vars/kube01/kube01.yaml | 1 + ansible/inventory/host_vars/kube02/kube02.yaml | 2 +- ansible/inventory/host_vars/kube03/kube03.yaml | 1 + ansible/playbooks/05_k8s_deploy.yaml | 7 +++++++ ansible/roles/k8s_network/tasks/main.yaml | 3 +++ ansible/roles/k8s_taint/tasks/main.yaml | 7 +++++++ ansible/roles/k8s_taint/tasks/remove_taint.yaml | 9 +++++++++ ansible/roles/scratch/tasks/main.yaml | 11 ++++++----- zz_archived/88_scratch.yaml | 6 +++--- 9 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 ansible/roles/k8s_taint/tasks/main.yaml create mode 100644 ansible/roles/k8s_taint/tasks/remove_taint.yaml diff --git a/ansible/inventory/host_vars/kube01/kube01.yaml b/ansible/inventory/host_vars/kube01/kube01.yaml index 4f6ec83..6d79d49 100644 --- a/ansible/inventory/host_vars/kube01/kube01.yaml +++ b/ansible/inventory/host_vars/kube01/kube01.yaml @@ -1,3 +1,4 @@ --- ansible_host: kube01.balsillie.net ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtk+mk1+J3sZ3CA/yS7XV2wH913IdJj0gznmb/nI2nV ladmin@kube01.balsillie.net +k8s_remove_control_plane_taint: true \ No newline at end of file diff --git a/ansible/inventory/host_vars/kube02/kube02.yaml b/ansible/inventory/host_vars/kube02/kube02.yaml index 5203b25..11755c0 100644 --- a/ansible/inventory/host_vars/kube02/kube02.yaml +++ b/ansible/inventory/host_vars/kube02/kube02.yaml @@ -1,4 +1,4 @@ --- ansible_host: kube02.balsillie.net ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOfsOJJJ34VT9mHv9moHQAQNTAok8sOr49rVTkIfDn9 ladmin@kube02.balsillie.net - +k8s_remove_control_plane_taint: true \ No newline at end of file diff --git a/ansible/inventory/host_vars/kube03/kube03.yaml b/ansible/inventory/host_vars/kube03/kube03.yaml index 1331366..d92a7ef 100644 --- a/ansible/inventory/host_vars/kube03/kube03.yaml +++ b/ansible/inventory/host_vars/kube03/kube03.yaml @@ -1,3 +1,4 @@ --- ansible_host: kube03.balsillie.net ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFqYq3CcxziLbWfp/0VpO5uD/HyjiKTXD8t/dAS01Oq ladmin@kube00.balsillie.net +k8s_remove_control_plane_taint: true \ No newline at end of file diff --git a/ansible/playbooks/05_k8s_deploy.yaml b/ansible/playbooks/05_k8s_deploy.yaml index d951c9b..a76820d 100644 --- a/ansible/playbooks/05_k8s_deploy.yaml +++ b/ansible/playbooks/05_k8s_deploy.yaml @@ -12,3 +12,10 @@ become: false roles: - k8s_network + +- name: remove control-plane taints + hosts: localhost + gather_facts: false + become: false + roles: + - k8s_taint diff --git a/ansible/roles/k8s_network/tasks/main.yaml b/ansible/roles/k8s_network/tasks/main.yaml index 74c835b..2f97eed 100644 --- a/ansible/roles/k8s_network/tasks/main.yaml +++ b/ansible/roles/k8s_network/tasks/main.yaml @@ -94,6 +94,9 @@ content: "{{ calico_default_apiserver | to_nice_yaml }}" dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" +# TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work?? +# crd.projectcalico.org/v1 +# projectcalico.org/v3 - name: write out calico bgp peer definition ansible.builtin.copy: content: "{{ calico_bgp_peer | to_nice_yaml }}" diff --git a/ansible/roles/k8s_taint/tasks/main.yaml b/ansible/roles/k8s_taint/tasks/main.yaml new file mode 100644 index 0000000..de4c815 --- /dev/null +++ b/ansible/roles/k8s_taint/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: loop remove_taint for control plane nodes # This allows scheduling workloads on control plane nodes + with_items: + - "{{ groups['k8s_control'] }}" + loop_control: + loop_var: node + ansible.builtin.include_tasks: remove_taint.yaml \ No newline at end of file diff --git a/ansible/roles/k8s_taint/tasks/remove_taint.yaml b/ansible/roles/k8s_taint/tasks/remove_taint.yaml new file mode 100644 index 0000000..6b5d65f --- /dev/null +++ b/ansible/roles/k8s_taint/tasks/remove_taint.yaml @@ -0,0 +1,9 @@ +--- +- name: remove control-plane taint from control-plane nodes # terminology 'control-plane' replaced 'master' in v1.20, ~Dec 2020 + when: hostvars[node].k8s_remove_control_plane_taint | default(false) + kubernetes.core.k8s_taint: + name: "{{ node }}" + state: absent + taints: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane \ No newline at end of file diff --git a/ansible/roles/scratch/tasks/main.yaml b/ansible/roles/scratch/tasks/main.yaml index c2c0c8c..ae53405 100644 --- a/ansible/roles/scratch/tasks/main.yaml +++ b/ansible/roles/scratch/tasks/main.yaml @@ -1,6 +1,7 @@ --- -- name: debug hostname - ansible.builtin.lineinfile: - line: 192.168.199.240 k8s.balsillie.net - insertafter: EOF - path: /etc/hosts \ No newline at end of file +- name: install calicoctl + community.general.pacman: + name: calicoctl + state: latest + update_cache: yes + executable: pikaur \ No newline at end of file diff --git a/zz_archived/88_scratch.yaml b/zz_archived/88_scratch.yaml index e02fd85..2771886 100644 --- a/zz_archived/88_scratch.yaml +++ b/zz_archived/88_scratch.yaml @@ -1,7 +1,7 @@ --- - name: scratch testing - hosts: k8s_control + hosts: localhost gather_facts: true - become: true + become: false roles: - - scratch \ No newline at end of file + - k8s_taint \ No newline at end of file