kubespray 2.24 추가

roles/kubernetes-apps/metallb/OWNERS

@@ -0,0 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+reviewers:
+  - oomichi

roles/kubernetes-apps/metallb/defaults/main.yml

@@ -0,0 +1,16 @@
+---
+metallb_enabled: false
+metallb_log_level: info
+metallb_port: "7472"
+metallb_memberlist_port: "7946"
+metallb_speaker_enabled: "{{ metallb_enabled }}"
+metallb_speaker_nodeselector:
+  kubernetes.io/os: "linux"
+metallb_controller_nodeselector:
+  kubernetes.io/os: "linux"
+metallb_speaker_tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists
+metallb_controller_tolerations: []
+metallb_loadbalancer_class: ""

roles/kubernetes-apps/metallb/tasks/main.yml

@@ -0,0 +1,108 @@
+---
+- name: Kubernetes Apps | Check cluster settings for MetalLB
+  fail:
+    msg: "MetalLB require kube_proxy_strict_arp = true, see https://github.com/danderson/metallb/issues/153#issuecomment-518651132"
+  when:
+    - "kube_proxy_mode == 'ipvs' and not kube_proxy_strict_arp"
+
+- name: Kubernetes Apps | Check that the deprecated 'matallb_auto_assign' variable is not used anymore
+  fail:
+    msg: "'matallb_auto_assign' configuration variable is deprecated, please use 'metallb_auto_assign' instead"
+  when:
+    - matallb_auto_assign is defined
+
+- name: Kubernetes Apps | Lay Down MetalLB
+  become: true
+  template:
+    src: "metallb.yaml.j2"
+    dest: "{{ kube_config_dir }}/metallb.yaml"
+    mode: 0644
+  register: metallb_rendering
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Kubernetes Apps | Install and configure MetalLB
+  kube:
+    name: "MetalLB"
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/metallb.yaml"
+    state: "{{ metallb_rendering.changed | ternary('latest', 'present') }}"
+    wait: true
+  become: true
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Kubernetes Apps | Wait for MetalLB controller to be running
+  command: "{{ bin_dir }}/kubectl -n metallb-system wait --for=condition=ready pod -l app=metallb,component=controller --timeout=2m"
+  become: true
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+
+- name: MetalLB | Address pools
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - metallb_config.address_pools is defined
+  block:
+    - name: MetalLB | Layout address pools template
+      ansible.builtin.template:
+        src: pools.yaml.j2
+        dest: "{{ kube_config_dir }}/pools.yaml"
+        mode: 0644
+      register: pools_rendering
+
+    - name: MetalLB | Create address pools configuration
+      kube:
+        name: "MetalLB"
+        kubectl: "{{ bin_dir }}/kubectl"
+        filename: "{{ kube_config_dir }}/pools.yaml"
+        state: "{{ pools_rendering.changed | ternary('latest', 'present') }}"
+      become: true
+
+- name: MetalLB | Layer2
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - metallb_config.layer2 is defined
+  block:
+    - name: MetalLB | Layout layer2 template
+      ansible.builtin.template:
+        src: layer2.yaml.j2
+        dest: "{{ kube_config_dir }}/layer2.yaml"
+        mode: 0644
+      register: layer2_rendering
+
+    - name: MetalLB | Create layer2 configuration
+      kube:
+        name: "MetalLB"
+        kubectl: "{{ bin_dir }}/kubectl"
+        filename: "{{ kube_config_dir }}/layer2.yaml"
+        state: "{{ layer2_rendering.changed | ternary('latest', 'present') }}"
+      become: true
+
+- name: MetalLB | Layer3
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - metallb_config.layer3 is defined
+  block:
+    - name: MetalLB | Layout layer3 template
+      ansible.builtin.template:
+        src: layer3.yaml.j2
+        dest: "{{ kube_config_dir }}/layer3.yaml"
+        mode: 0644
+      register: layer3_rendering
+
+    - name: MetalLB | Create layer3 configuration
+      kube:
+        name: "MetalLB"
+        kubectl: "{{ bin_dir }}/kubectl"
+        filename: "{{ kube_config_dir }}/layer3.yaml"
+        state: "{{ layer3_rendering.changed | ternary('latest', 'present') }}"
+      become: true
+
+
+- name: Kubernetes Apps | Delete MetalLB ConfigMap
+  kube:
+    name: config
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: ConfigMap
+    namespace: metallb-system
+    state: absent

roles/kubernetes-apps/metallb/templates/layer2.yaml.j2

@@ -0,0 +1,19 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+
+# Create layer2 configuration
+{% for entry in metallb_config.layer2 %}
+
+---
+# L2 Configuration
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: "{{ entry }}"
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - "{{ entry }}"
+
+{% endfor %}

roles/kubernetes-apps/metallb/templates/layer3.yaml.j2

@@ -0,0 +1,125 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+# Create layer3 configuration
+{% if metallb_config.layer3.communities is defined %}
+{% for community_name, community in metallb_config.layer3.communities.items() %}
+---
+apiVersion: metallb.io/v1beta1
+kind: Community
+metadata:
+  name: "{{ community_name }}"
+  namespace: metallb-system
+spec:
+  communities:
+  - name: "{{ community_name }}"
+    value: "{{ community }}"
+{% endfor %}
+{% endif %}
+---
+apiVersion: metallb.io/v1beta1
+kind: Community
+metadata:
+  name: well-known
+  namespace: metallb-system
+spec:
+  communities:
+  - name: no-export
+    value: 65535:65281
+  - name: no-advertise
+    value: 65535:65282
+  - name: local-as
+    value: 65535:65283
+  - name: nopeer
+    value: 65535:65284
+
+# BGPAdvertisement is used to advertise address pools to the BGP peer. Specific pools can be listed to be advertised.
+# Local BGP Advertisement specifies that the IP specified in the address pool will be used as remote source address for traffic entering your cluster from the remote peer.
+# When using this option, be sure to use a subnet and routable IP for your address pool.
+# This is good: 10.0.0.10/24. This is also good: 10.0.0.129/25. This is bad: 10.0.0.0/24. This is also bad: 10.0.0.128/25.
+# In this example, 10.0.0.10 will be used as the remote source address.
+# This is also bad: 10.0.0.10-10.0.0.25. Remember: you are working with aggregationLength, which specifies a subnet, not an IP range!
+# The no-advertise community is set on the local advertisement to prevent this route from being published to the BGP peer.
+# Your aggregationLength ideally is the same size as your address pool.
+
+{% for peer_name, peer in metallb_config.layer3.metallb_peers.items() %}
+
+{% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %}
+
+---
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: "{{ peer_name }}-local"
+  namespace: metallb-system
+spec:
+  aggregationLength: 32
+  aggregationLengthV6: 128
+  communities:
+  - no-advertise
+  localpref: "{{ peer.localpref | default("100") }}"
+  ipAddressPools:
+  {% for address_pool in peer.address_pool %}
+  - "{{ address_pool }}"
+  {% endfor %}
+{% endif %}
+
+# External BGP Advertisement. The IP range specied in the address pool is advertised to the BGP peer.
+---
+apiVersion: metallb.io/v1beta1
+kind: BGPAdvertisement
+metadata:
+  name: "{{ peer_name }}-external"
+  namespace: metallb-system
+spec:
+  {% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %}
+  aggregationLength: {{ peer.aggregation_length }}
+  {% endif %}
+  ipAddressPools:
+  {% for address_pool in peer.address_pool %}
+  - "{{ address_pool }}"
+  {% endfor %}
+  {% if peer.communities is defined %}
+    {% for community in peer.communities %}
+  communities:
+  - "{{ community }}"
+    {% endfor %}
+  {% endif %}
+
+
+# Configuration for the BGP peer.
+---
+apiVersion: metallb.io/v1beta2
+kind: BGPPeer
+metadata:
+  name: "{{ peer_name }}"
+  namespace: metallb-system
+spec:
+  myASN: {{ peer.my_asn }}
+  peerASN: {{ peer.peer_asn }}
+  peerAddress: {{ peer.peer_address }}
+  {% if peer.peer_port is defined %}
+  peerPort: {{ peer.peer_port }}
+  {% else %}
+  peerPort: {{ metallb_config.layer3.defaults.peer_port }}
+  {% endif -%}
+
+  {% if peer.password is defined %}
+  password: "{{ peer.password }}"
+  {% endif -%}
+
+  {% if peer.router_id is defined %}
+  routerID: "{{ peer.router_id }}"
+  {% endif -%}
+
+  {% if peer.hold_time is defined %}
+  holdTime: {{ peer.hold_time }}
+  {% elif metallb_config.layer3.defaults.hold_time is defined %}
+  holdTime: {{ metallb_config.layer3.defaults.hold_time }}
+  {% endif -%}
+
+  {% if peer.multihop is defined %}
+  ebgpMultiHop: {{ peer.multihop }}
+  {% endif -%}
+
+{% endfor %}

roles/kubernetes-apps/metallb/templates/pools.yaml.j2

@@ -0,0 +1,22 @@
+#jinja2: trim_blocks: True, lstrip_blocks: True
+# yamllint disable-file
+---
+
+# Create all pools
+{% for pool_name, pool in metallb_config.address_pools.items() %}
+
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  namespace: metallb-system
+  name: "{{ pool_name }}"
+spec:
+  addresses:
+{% for ip_range in pool.ip_range %}
+  - "{{ ip_range }}"
+{% endfor %}
+  autoAssign: {{ pool.auto_assign | default(true) }}
+  avoidBuggyIPs: {{ pool.avoid_buggy_ips | default(false) }}
+
+{% endfor %}