sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
havelight-ee
2023-05-30 14:44:26 +09:00
parent 9a3174deef
commit 4c32a7239d
2598 changed files with 164595 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
kubespray/roles/network_plugin/flannel/defaults/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# Flannel public IP
# The address that flannel should advertise as how to access the system
# Disabled until https://github.com/coreos/flannel/issues/712 is fixed
# flannel_public_ip: "{{ access_ip|default(ip|default(fallback_ips[inventory_hostname])) }}"
## interface that should be used for flannel operations
## This is actually an inventory cluster-level item
# flannel_interface:
## Select interface that should be used for flannel operations by regexp on Name or IP
## This is actually an inventory cluster-level item
## example: select interface with ip from net 10.0.0.0/23
## single quote and escape backslashes
# flannel_interface_regexp: '10\\.0\\.[0-2]\\.\\d{1,3}'
# You can choose what type of flannel backend to use
# please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
flannel_backend_type: "vxlan"
flannel_vxlan_vni: 1
flannel_vxlan_port: 8472
flannel_vxlan_direct_routing: false
# Limits for apps
flannel_memory_limit: 500M
flannel_cpu_limit: 300m
flannel_memory_requests: 64M
flannel_cpu_requests: 150m

3
kubespray/roles/network_plugin/flannel/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
dependencies:
- role: network_plugin/cni

21
kubespray/roles/network_plugin/flannel/tasks/main.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Flannel | Stop if kernel version is too low for Flannel Wireguard encryption
assert:
that: ansible_kernel.split('-')[0] is version('5.6.0', '>=')
when:
- kube_network_plugin == 'flannel'
- flannel_backend_type == 'wireguard'
- not ignore_assert_errors
- name: Flannel | Create Flannel manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
mode: 0644
with_items:
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
register: flannel_node_manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]

24
kubespray/roles/network_plugin/flannel/tasks/reset.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: reset | check cni network device
stat:
path: /sys/class/net/cni0
get_attributes: no
get_checksum: no
get_mime: no
register: cni
- name: reset | remove the network device created by the flannel
command: ip link del cni0
when: cni.stat.exists
- name: reset | check flannel network device
stat:
path: /sys/class/net/flannel.1
get_attributes: no
get_checksum: no
get_mime: no
register: flannel
- name: reset | remove the network device created by the flannel
command: ip link del flannel.1
when: flannel.stat.exists

44
kubespray/roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2 Normal file
View File

@@ -0,0 +1,44 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system

170
kubespray/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 Normal file
View File

@@ -0,0 +1,170 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "{{ kube_pods_subnet }}",
"EnableIPv4": true,
{% if enable_dual_stack_networks %}
"EnableIPv6": true,
"IPv6Network": "{{ kube_pods_subnet_ipv6 }}",
{% endif %}
"Backend": {
"Type": "{{ flannel_backend_type }}"{% if flannel_backend_type == "vxlan" %},
"VNI": {{ flannel_vxlan_vni }},
"Port": {{ flannel_vxlan_port }},
"DirectRouting": {{ flannel_vxlan_direct_routing | to_json }}
{% endif %}
}
}
{% for arch in ['amd64', 'arm64', 'arm', 'ppc64le', 's390x'] %}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
{% if arch == 'amd64' %}
name: kube-flannel
{% else %}
name: kube-flannel-ds-{{ arch }}
{% endif %}
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
priorityClassName: system-node-critical
serviceAccountName: flannel
containers:
- name: kube-flannel
image: {{ flannel_image_repo }}:{{ flannel_image_tag | regex_replace(image_arch,'') }}{{ arch }}
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:
cpu: {{ flannel_cpu_limit }}
memory: {{ flannel_memory_limit }}
requests:
cpu: {{ flannel_cpu_requests }}
memory: {{ flannel_memory_requests }}
command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr"{% if flannel_interface is defined %}, "--iface={{ flannel_interface }}"{% endif %}{% if flannel_interface_regexp is defined %}, "--iface-regex={{ flannel_interface_regexp }}"{% endif %} ]
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- {{ arch }}
initContainers:
- name: install-cni-plugin
image: {{ flannel_init_image_repo }}:{{ flannel_init_image_tag | regex_replace(image_arch,'') }}{{ arch }}
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: {{ flannel_image_repo }}:{{ flannel_image_tag | regex_replace(image_arch,'') }}{{ arch }}
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- operator: Exists
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: cni-plugin
hostPath:
path: /opt/cni/bin
updateStrategy:
rollingUpdate:
maxUnavailable: {{ serial | default('20%') }}
type: RollingUpdate
{% endfor %}