sa_8001/offline_kubespray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kubespray 2.24 추가

Browse Source
This commit is contained in:
변정훈
2024-02-16 17:08:09 +09:00
parent 1fa9b0df4b
commit f69d904725
1423 changed files with 89069 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml Normal file
View File

@@ -0,0 +1,20 @@
---
local_volume_provisioner_namespace: "kube-system"
# List of node labels to be copied to the PVs created by the provisioner
local_volume_provisioner_nodelabels: []
# - kubernetes.io/hostname
# - topology.kubernetes.io/region
# - topology.kubernetes.io/zone
local_volume_provisioner_tolerations: []
local_volume_provisioner_use_node_name_only: false
# Leverages Ansible's string to Python datatype casting. Otherwise the dict_key isn't substituted.
# see https://github.com/ansible/ansible/issues/17324
local_volume_provisioner_storage_classes: |
{
"{{ local_volume_provisioner_storage_class | default('local-storage') }}": {
"host_dir": "{{ local_volume_provisioner_base_dir | default('/mnt/disks') }}",
"mount_dir": "{{ local_volume_provisioner_mount_dir | default('/mnt/disks') }}",
"volume_mode": "Filesystem",
"fs_type": "ext4"
}
}

12
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/basedirs.yml Normal file
View File

@@ -0,0 +1,12 @@
---
# include to workaround mitogen issue
# https://github.com/dw/mitogen/issues/663
- name: "Local Volume Provisioner | Ensure base dir {{ delegate_host_base_dir.1 }} is created on {{ delegate_host_base_dir.0 }}"
file:
path: "{{ local_volume_provisioner_storage_classes[delegate_host_base_dir.1].host_dir }}"
state: directory
owner: root
group: root
mode: "{{ local_volume_provisioner_directory_mode }}"
delegate_to: "{{ delegate_host_base_dir.0 }}"

48
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: Local Volume Provisioner | Ensure base dir is created on all hosts
include_tasks: basedirs.yml
loop_control:
loop_var: delegate_host_base_dir
loop: "{{ groups['k8s_cluster'] | product(local_volume_provisioner_storage_classes.keys()) | list }}"
- name: Local Volume Provisioner | Create addon dir
file:
path: "{{ kube_config_dir }}/addons/local_volume_provisioner"
state: directory
owner: root
group: root
mode: 0755
- name: Local Volume Provisioner | Templates list
set_fact:
local_volume_provisioner_templates:
- { name: local-volume-provisioner-ns, file: local-volume-provisioner-ns.yml, type: ns }
- { name: local-volume-provisioner-sa, file: local-volume-provisioner-sa.yml, type: sa }
- { name: local-volume-provisioner-clusterrole, file: local-volume-provisioner-clusterrole.yml, type: clusterrole }
- { name: local-volume-provisioner-clusterrolebinding, file: local-volume-provisioner-clusterrolebinding.yml, type: clusterrolebinding }
- { name: local-volume-provisioner-cm, file: local-volume-provisioner-cm.yml, type: cm }
- { name: local-volume-provisioner-ds, file: local-volume-provisioner-ds.yml, type: ds }
- { name: local-volume-provisioner-sc, file: local-volume-provisioner-sc.yml, type: sc }
- name: Local Volume Provisioner | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}"
mode: 0644
with_items: "{{ local_volume_provisioner_templates }}"
register: local_volume_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Local Volume Provisioner | Apply manifests
kube:
name: "{{ item.item.name }}"
namespace: "{{ local_volume_provisioner_namespace }}"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.item.file }}"
state: "latest"
with_items: "{{ local_volume_provisioner_manifests.results }}"
when: inventory_hostname == groups['kube_control_plane'][0]
loop_control:
label: "{{ item.item.file }}"

22
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-clusterrole.yml.j2 Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: local-volume-provisioner-node-clusterrole
namespace: {{ local_volume_provisioner_namespace }}
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch"]
- apiGroups: ["", "events.k8s.io"]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]

14
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-clusterrolebinding.yml.j2 Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-volume-provisioner-system-node
namespace: {{ local_volume_provisioner_namespace }}
subjects:
- kind: ServiceAccount
name: local-volume-provisioner
namespace: {{ local_volume_provisioner_namespace }}
roleRef:
kind: ClusterRole
name: local-volume-provisioner-node-clusterrole
apiGroup: rbac.authorization.k8s.io

33
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-cm.yml.j2 Normal file
View File

@@ -0,0 +1,33 @@
# Macro to convert camelCase dictionary keys to snake_case keys
{% macro convert_keys(mydict) -%}
{% for key in mydict.keys() | list -%}
{% set key_split = key.split('_') -%}
{% set new_key = key_split[0] + key_split[1:] | map('capitalize') | join -%}
{% set value = mydict.pop(key) -%}
{{ mydict.__setitem__(new_key, value) -}}
{{ convert_keys(value) if value is mapping else None -}}
{% endfor -%}
{% endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: local-volume-provisioner
namespace: {{ local_volume_provisioner_namespace }}
data:
{% if local_volume_provisioner_nodelabels | length > 0 %}
nodeLabelsForPV: |
{% for nodelabel in local_volume_provisioner_nodelabels %}
- {{ nodelabel }}
{% endfor %}
{% endif %}
{% if local_volume_provisioner_use_node_name_only %}
useNodeNameOnly: "true"
{% endif %}
storageClassMap: |
{% for class_name, storage_class in local_volume_provisioner_storage_classes.items() %}
{{ class_name }}:
{{- convert_keys(storage_class) }}
{{ storage_class | to_nice_yaml(indent=2) | indent(6) }}
{%- endfor %}

66
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ds.yml.j2 Normal file
View File

@@ -0,0 +1,66 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: local-volume-provisioner
namespace: {{ local_volume_provisioner_namespace }}
labels:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
spec:
selector:
matchLabels:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
template:
metadata:
labels:
k8s-app: local-volume-provisioner
version: {{ local_volume_provisioner_image_tag }}
spec:
priorityClassName: {% if local_volume_provisioner_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
serviceAccountName: local-volume-provisioner
nodeSelector:
kubernetes.io/os: linux
{% if local_volume_provisioner_tolerations %}
tolerations:
{{ local_volume_provisioner_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
{% endif %}
containers:
- name: provisioner
image: {{ local_volume_provisioner_image_repo }}:{{ local_volume_provisioner_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
securityContext:
privileged: true
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: local-volume-provisioner
mountPath: /etc/provisioner/config
readOnly: true
- mountPath: /dev
name: provisioner-dev
{% for class_name, class_config in local_volume_provisioner_storage_classes.items() %}
- name: local-volume-provisioner-hostpath-{{ class_name }}
mountPath: {{ class_config.mount_dir }}
mountPropagation: "HostToContainer"
{% endfor %}
volumes:
- name: local-volume-provisioner
configMap:
name: local-volume-provisioner
- name: provisioner-dev
hostPath:
path: /dev
{% for class_name, class_config in local_volume_provisioner_storage_classes.items() %}
- name: local-volume-provisioner-hostpath-{{ class_name }}
hostPath:
path: {{ class_config.host_dir }}
{% endfor %}

7
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-ns.yml.j2 Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ local_volume_provisioner_namespace }}
labels:
name: {{ local_volume_provisioner_namespace }}

6
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-sa.yml.j2 Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: local-volume-provisioner
namespace: {{ local_volume_provisioner_namespace }}

12
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/templates/local-volume-provisioner-sc.yml.j2 Normal file
View File

@@ -0,0 +1,12 @@
{% for class_name, class_config in local_volume_provisioner_storage_classes.items() %}
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ class_name }}
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
{% if class_config.reclaim_policy is defined %}
reclaimPolicy: {{ class_config.reclaim_policy }}
{% endif %}
{% endfor %}