update

2023-05-30 14:44:26 +09:00
parent 9a3174deef
commit 4c32a7239d
2598 changed files with 164595 additions and 487 deletions
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/OWNERS
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - kubespray-approvers
+reviewers:
+  - kubespray-reviewers
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/defaults/main.yml
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+alb_ingress_controller_namespace: kube-system
+alb_ingress_aws_region: "us-east-1"
+
+# Enables logging on all outbound requests sent to the AWS API.
+# If logging is desired, set to true.
+alb_ingress_aws_debug: "false"
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+
+- name: ALB Ingress Controller | Create addon dir
+  file:
+    path: "{{ kube_config_dir }}/addons/alb_ingress"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: ALB Ingress Controller | Create manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}"
+    mode: 0644
+  with_items:
+    - { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole }
+    - { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }
+    - { name: alb-ingress-ns, file: alb-ingress-ns.yml, type: ns }
+    - { name: alb-ingress-sa, file: alb-ingress-sa.yml, type: sa }
+    - { name: alb-ingress-deploy, file: alb-ingress-deploy.yml, type: deploy }
+  register: alb_ingress_manifests
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+
+- name: ALB Ingress Controller | Apply manifests
+  kube:
+    name: "{{ item.item.name }}"
+    namespace: "{{ alb_ingress_controller_namespace }}"
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: "{{ item.item.type }}"
+    filename: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.item.file }}"
+    state: "latest"
+  with_items: "{{ alb_ingress_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrole.yml.j2
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: alb-ingress
+  namespace: {{ alb_ingress_controller_namespace }}
+rules:
+  - apiGroups: ["", "extensions"]
+    resources: ["configmaps", "endpoints", "nodes", "pods", "secrets", "events", "ingresses", "ingresses/status", "services"]
+    verbs: ["list", "create", "get", "update", "watch", "patch"]
+  - apiGroups: ["", "extensions"]
+    resources: ["nodes", "pods", "secrets", "services", "namespaces"]
+    verbs: ["get", "list", "watch"]
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrolebinding.yml.j2
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-clusterrolebinding.yml.j2
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: alb-ingress
+  namespace: {{ alb_ingress_controller_namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: alb-ingress
+    namespace: {{ alb_ingress_controller_namespace }}
+roleRef:
+  kind: ClusterRole
+  name: alb-ingress
+  apiGroup: rbac.authorization.k8s.io
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-deploy.yml.j2
@@ -0,0 +1,74 @@
+# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
+# This manifest details sensible defaults for deploying an ALB Ingress Controller.
+# GitHub: https://github.com/coreos/alb-ingress-controller
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: alb-ingress-controller
+  labels:
+    k8s-app: alb-ingress-controller
+  # Namespace the ALB Ingress Controller should run in. Does not impact which
+  # namespaces it's able to resolve ingress resource for. For limiting ingress
+  # namespace scope, see --watch-namespace.
+  namespace: {{ alb_ingress_controller_namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: alb-ingress-controller
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        k8s-app: alb-ingress-controller
+    spec:
+      containers:
+      - args:
+        # Limit the namespace where this ALB Ingress Controller deployment will
+        # resolve ingress resources. If left commented, all namespaces are used.
+        #- --watch-namespace=your-k8s-namespace
+
+        # Setting the ingress-class flag below will ensure that only ingress resources with the
+        # annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
+        # choose any class you'd like for this controller to respect.
+        - --ingress-class=alb
+        # Name of your cluster. Used when naming resources created
+        # by the ALB Ingress Controller, providing distinction between
+        # clusters.
+        - --cluster-name={{ cluster_name }}
+
+        # Enables logging on all outbound requests sent to the AWS API.
+        # If logging is desired, set to true.
+        # - ---aws-api-debug
+{% if alb_ingress_aws_debug %}
+        - --aws-api-debug
+{% endif %}
+        # Maximum number of times to retry the aws calls.
+        # defaults to 10.
+        # - --aws-max-retries=10
+
+        # AWS region this ingress controller will operate in.
+        # If unspecified, it will be discovered from ec2metadata.
+        # List of regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region
+{% if alb_ingress_aws_region is defined %}
+        - --aws-region={{ alb_ingress_aws_region }}
+{% endif %}
+
+        image: "{{ alb_ingress_image_repo }}:{{ alb_ingress_image_tag }}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
+        name: server
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+{% if rbac_enabled %}
+      serviceAccountName: alb-ingress
+{% endif %}
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-ns.yml.j2
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-ns.yml.j2
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ alb_ingress_controller_namespace }}
+  labels:
+    name: {{ alb_ingress_controller_namespace }}
--- a/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-sa.yml.j2
+++ b/kubespray/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/templates/alb-ingress-sa.yml.j2
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: alb-ingress
+  namespace: {{ alb_ingress_controller_namespace }}