richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6508 Commits
29 Branches
81 Tags
147 MiB
Tree: 27bd7fd737
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '27bd7fd737'
${ noResults }
kubespray/docs/ansible.md

305 lines
14 KiB
Raw Normal View History

[docs] document support for ansible versions (#8827) drop note about not supporting ansible 2.9 since we still cover it in nightly CI
2 years ago
the KUESPRAYDIR defined but never used (#8930) * fix dir error * the command line should align
2 years ago
[docs] document support for ansible versions (#8827) drop note about not supporting ansible 2.9 since we still cover it in nightly CI
2 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Fix typo
7 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add markdown CI (#5380)
4 years ago
fix typo / error regarding etcd and k8s_cluster groups (#8580) As far as I can tell this is simply a typo that has existed from the beginning. Having it this way around (`etcd` group as a child and thus subset of `k8s_cluster`) mirrors what is written in the preceeding sentence.
2 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs: Replace master with control plane (#7767) This replaces master with "control plane" in Kubespray docs because of [1]. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Fix invalid documentation links (#7692) * Fix invalid link to Ansible documentation * Fix invalid link to mitogen doc page * Fix invalid link to calico doc page * Fix all invalid links to doc pages
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
add documentation
8 years ago
Update ansible.md (#4599) Ansible 2.0 has deprecated the “ssh” from ansible_ssh_host. Updating the docs to be more aligned with the Ansible version used in the sample/inventory.ini file as well. Also adding `[bastion]` group in the docs to avoid confusion.
5 years ago
add documentation
8 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Support multiple inventory files under individual inventory directory
6 years ago
Rework inventory all by real groups' vars * Leave all.yml to keep only optional vars * Store groups' specific vars by existing group names * Fix optional vars casted as mandatory (add default()) * Fix missing defaults for an optional IP var * Relink group_vars for terraform to reflect changes Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs: Replace master with control plane (#7767) This replaces master with "control plane" in Kubespray docs because of [1]. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Fix some docs.ansible.com url typo (#7550)
3 years ago
Update ansible.md
6 years ago
Add markdown CI (#5380)
4 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update ansible.md
6 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Create ansible.md fixing a typo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Update Ansible tags in documentation (#7933)
3 years ago
Add support for kube-vip (#8669) Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2 years ago
Update Ansible tags in documentation (#7933)
3 years ago
Add youki runtime support (#8411)
2 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
5 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
5 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Update ansible.md
6 years ago
More granular control for download/upload images/binaries Add upload tag allow users to exclude distributing images across nodes when running with the download tag set. Add related tags and update docs as well. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Support multiple inventory files under individual inventory directory
6 years ago
More granular control for download/upload images/binaries Add upload tag allow users to exclude distributing images across nodes when running with the download tag set. Add related tags and update docs as well. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add documentation about bastion hosts
8 years ago
Add markdown CI (#5380)
4 years ago
Add documentation about bastion hosts
8 years ago
Add markdown CI (#5380)
4 years ago
Update ansible.md (#4599) Ansible 2.0 has deprecated the “ssh” from ansible_ssh_host. Updating the docs to be more aligned with the Ansible version used in the sample/inventory.ini file as well. Also adding `[bastion]` group in the docs to avoid confusion.
5 years ago
Add documentation about bastion hosts
8 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Securing http link to https link (#5617) Fix http link to https link for security Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
4 years ago
add strategy mitogen_linear when installed mitogen (#5985) * add strategy mitogen_linear when installed mitogen * add small docs Rename playbook file The raw action executes as a regular Mitogen connection, which requires Python on the target, so add strategy: linear to bootstrap-os role playbook. * add mitogen to CI test fix typo * enable mitogen test on deploy-part1 tests change version from master to release download tar.gz archive * run all CI tests with mitogen * disable mitogen with upgrade CI tests * enable mitogen on CI tests via env vars * disable mitogen on CI test by default, enable on some different OS * disable mitogen CI test on centos8 (get error /usr/bin/python: No such file or directory)
4 years ago
Mitogen: deprecate the use of mitogen and remove coverage from CI (#8147)
3 years ago
Move to Ansible 3.4.0 (#7672) * Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
3 years ago
[ansible] make ansible 5.x the new default version (#8660) * [ansible] make ansible 5.x the new default version and move different versions tested to nightly jobs * [CI] jobs were missing proper ansible cleanup
2 years ago
Move to Ansible 3.4.0 (#7672) * Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
3 years ago
  1. # Ansible
  3. ## Installing Ansible
  5. Kubespray supports multiple ansible versions and ships different `requirements.txt` files for them.
  6. Depending on your available python version you may be limited in chooding which ansible version to use.
  8. It is recommended to deploy the ansible version used by kubespray into a python virtual environment.
  10. ```ShellSession
  11. VENVDIR=kubespray-venv
  12. KUBESPRAYDIR=kubespray
  13. ANSIBLE_VERSION=2.12
  14. virtualenv --python=$(which python3) $VENVDIR
  15. source $VENVDIR/bin/activate
  16. cd $KUBESPRAYDIR
  17. pip install -U -r requirements-$ANSIBLE_VERSION.txt
  18. test -f requirements-$ANSIBLE_VERSION.yml && \
  19. ansible-galaxy role install -r requirements-$ANSIBLE_VERSION.yml && \
  20. ansible-galaxy collection -r requirements-$ANSIBLE_VERSION.yml
  21. ```
  23. ### Ansible Python Compatibility
  25. Based on the table below and the available python version for your ansible host you should choose the appropriate ansible version to use with kubespray.
  27. | Ansible Version | Python Version |
  28. | --------------- | -------------- |
  29. | 2.9 | 2.7,3.5-3.8 |
  30. | 2.10 | 2.7,3.5-3.8 |
  31. | 2.11 | 2.7,3.5-3.9 |
  32. | 2.12 | 3.8-3.10 |
  34. ## Inventory
  36. The inventory is composed of 3 groups:
  38. * **kube_node** : list of kubernetes nodes where the pods will run.
  39. * **kube_control_plane** : list of servers where kubernetes control plane components (apiserver, scheduler, controller) will run.
  40. * **etcd**: list of servers to compose the etcd server. You should have at least 3 servers for failover purpose.
  42. Note: do not modify the children of _k8s_cluster_, like putting
  43. the _etcd_ group into the _k8s_cluster_, unless you are certain
  44. to do that and you have it fully contained in the latter:
  46. ```ShellSession
  47. etcd ⊂ k8s_cluster => kube_node ∩ etcd = etcd
  48. ```
  50. When _kube_node_ contains _etcd_, you define your etcd cluster to be as well schedulable for Kubernetes workloads.
  51. If you want it a standalone, make sure those groups do not intersect.
  52. If you want the server to act both as control-plane and node, the server must be defined
  53. on both groups _kube_control_plane_ and _kube_node_. If you want a standalone and
  54. unschedulable control plane, the server must be defined only in the _kube_control_plane_ and
  55. not _kube_node_.
  57. There are also two special groups:
  59. * **calico_rr** : explained for [advanced Calico networking cases](/docs/calico.md)
  60. * **bastion** : configure a bastion host if your nodes are not directly reachable
  62. Below is a complete inventory example:
  64. ```ini
  65. ## Configure 'ip' variable to bind kubernetes services on a
  66. ## different ip than the default iface
  67. node1 ansible_host=95.54.0.12 ip=10.3.0.1
  68. node2 ansible_host=95.54.0.13 ip=10.3.0.2
  69. node3 ansible_host=95.54.0.14 ip=10.3.0.3
  70. node4 ansible_host=95.54.0.15 ip=10.3.0.4
  71. node5 ansible_host=95.54.0.16 ip=10.3.0.5
  72. node6 ansible_host=95.54.0.17 ip=10.3.0.6
  74. [kube_control_plane]
  75. node1
  76. node2
  78. [etcd]
  79. node1
  80. node2
  81. node3
  83. [kube_node]
  84. node2
  85. node3
  86. node4
  87. node5
  88. node6
  90. [k8s_cluster:children]
  91. kube_node
  92. kube_control_plane
  93. ```
  95. ## Group vars and overriding variables precedence
  97. The group variables to control main deployment options are located in the directory ``inventory/sample/group_vars``.
  98. Optional variables are located in the `inventory/sample/group_vars/all.yml`.
  99. Mandatory variables that are common for at least one role (or a node group) can be found in the
  100. `inventory/sample/group_vars/k8s_cluster.yml`.
  101. There are also role vars for docker, kubernetes preinstall and control plane roles.
  102. According to the [ansible docs](https://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable),
  103. those cannot be overridden from the group vars. In order to override, one should use
  104. the `-e` runtime flags (most simple way) or other layers described in the docs.
  106. Kubespray uses only a few layers to override things (or expect them to
  107. be overridden for roles):
  109. Layer | Comment
  110. ------|--------
  111. **role defaults** | provides best UX to override things for Kubespray deployments
  112. inventory vars | Unused
  113. **inventory group_vars** | Expects users to use ``all.yml``,``k8s_cluster.yml`` etc. to override things
  114. inventory host_vars | Unused
  115. playbook group_vars | Unused
  116. playbook host_vars | Unused
  117. **host facts** | Kubespray overrides for internal roles' logic, like state flags
  118. play vars | Unused
  119. play vars_prompt | Unused
  120. play vars_files | Unused
  121. registered vars | Unused
  122. set_facts | Kubespray overrides those, for some places
  123. **role and include vars** | Provides bad UX to override things! Use extra vars to enforce
  124. block vars (only for tasks in block) | Kubespray overrides for internal roles' logic
  125. task vars (only for the task) | Unused for roles, but only for helper scripts
  126. **extra vars** (always win precedence) | override with ``ansible-playbook -e @foo.yml``
  128. ## Ansible tags
  130. The following tags are defined in playbooks:
  132. | Tag name | Used for
  133. |--------------------------------|---------
  134. | annotate | Create kube-router annotation
  135. | apps | K8s apps definitions
  136. | asserts | Check tasks for download role
  137. | aws-ebs-csi-driver | Configuring csi driver: aws-ebs
  138. | azure-csi-driver | Configuring csi driver: azure
  139. | bastion | Setup ssh config for bastion
  140. | bootstrap-os | Anything related to host OS configuration
  141. | calico | Network plugin Calico
  142. | calico_rr | Configuring Calico route reflector
  143. | canal | Network plugin Canal
  144. | cephfs-provisioner | Configuring CephFS
  145. | cert-manager | Configuring certificate manager for K8s
  146. | cilium | Network plugin Cilium
  147. | cinder-csi-driver | Configuring csi driver: cinder
  148. | client | Kubernetes clients role
  149. | cloud-provider | Cloud-provider related tasks
  150. | cluster-roles | Configuring cluster wide application (psp ...)
  151. | cni | CNI plugins for Network Plugins
  152. | containerd | Configuring containerd engine runtime for hosts
  153. | container_engine_accelerator | Enable nvidia accelerator for runtimes
  154. | container-engine | Configuring container engines
  155. | container-runtimes | Configuring container runtimes
  156. | coredns | Configuring coredns deployment
  157. | crio | Configuring crio container engine for hosts
  158. | crun | Configuring crun runtime
  159. | csi-driver | Configuring csi driver
  160. | dashboard | Installing and configuring the Kubernetes Dashboard
  161. | dns | Remove dns entries when resetting
  162. | docker | Configuring docker engine runtime for hosts
  163. | download | Fetching container images to a delegate host
  164. | etcd | Configuring etcd cluster
  165. | etcd-secrets | Configuring etcd certs/keys
  166. | etchosts | Configuring /etc/hosts entries for hosts
  167. | external-cloud-controller | Configure cloud controllers
  168. | external-openstack | Cloud controller : openstack
  169. | external-provisioner | Configure external provisioners
  170. | external-vsphere | Cloud controller : vsphere
  171. | facts | Gathering facts and misc check results
  172. | files | Remove files when resetting
  173. | flannel | Network plugin flannel
  174. | gce | Cloud-provider GCP
  175. | gcp-pd-csi-driver | Configuring csi driver: gcp-pd
  176. | gvisor | Configuring gvisor runtime
  177. | helm | Installing and configuring Helm
  178. | ingress-controller | Configure ingress controllers
  179. | ingress_alb | AWS ALB Ingress Controller
  180. | init | Windows kubernetes init nodes
  181. | iptables | Flush and clear iptable when resetting
  182. | k8s-pre-upgrade | Upgrading K8s cluster
  183. | k8s-secrets | Configuring K8s certs/keys
  184. | k8s-gen-tokens | Configuring K8s tokens
  185. | kata-containers | Configuring kata-containers runtime
  186. | krew | Install and manage krew
  187. | kubeadm | Roles linked to kubeadm tasks
  188. | kube-apiserver | Configuring static pod kube-apiserver
  189. | kube-controller-manager | Configuring static pod kube-controller-manager
  190. | kube-vip | Installing and configuring kube-vip
  191. | kubectl | Installing kubectl and bash completion
  192. | kubelet | Configuring kubelet service
  193. | kube-ovn | Network plugin kube-ovn
  194. | kube-router | Network plugin kube-router
  195. | kube-proxy | Configuring static pod kube-proxy
  196. | localhost | Special steps for the localhost (ansible runner)
  197. | local-path-provisioner | Configure External provisioner: local-path
  198. | local-volume-provisioner | Configure External provisioner: local-volume
  199. | macvlan | Network plugin macvlan
  200. | master | Configuring K8s master node role
  201. | metallb | Installing and configuring metallb
  202. | metrics_server | Configuring metrics_server
  203. | netchecker | Installing netchecker K8s app
  204. | network | Configuring networking plugins for K8s
  205. | mounts | Umount kubelet dirs when reseting
  206. | multus | Network plugin multus
  207. | nginx | Configuring LB for kube-apiserver instances
  208. | node | Configuring K8s minion (compute) node role
  209. | nodelocaldns | Configuring nodelocaldns daemonset
  210. | node-label | Tasks linked to labeling of nodes
  211. | node-webhook | Tasks linked to webhook (grating access to resources)
  212. | nvidia_gpu | Enable nvidia accelerator for runtimes
  213. | oci | Cloud provider: oci
  214. | persistent_volumes | Configure csi volumes
  215. | persistent_volumes_aws_ebs_csi | Configuring csi driver: aws-ebs
  216. | persistent_volumes_cinder_csi | Configuring csi driver: cinder
  217. | persistent_volumes_gcp_pd_csi | Configuring csi driver: gcp-pd
  218. | persistent_volumes_openstack | Configuring csi driver: openstack
  219. | policy-controller | Configuring Calico policy controller
  220. | post-remove | Tasks running post-remove operation
  221. | post-upgrade | Tasks running post-upgrade operation
  222. | pre-remove | Tasks running pre-remove operation
  223. | pre-upgrade | Tasks running pre-upgrade operation
  224. | preinstall | Preliminary configuration steps
  225. | registry | Configuring local docker registry
  226. | reset | Tasks running doing the node reset
  227. | resolvconf | Configuring /etc/resolv.conf for hosts/apps
  228. | rbd-provisioner | Configure External provisioner: rdb
  229. | services | Remove services (etcd, kubelet etc...) when resetting
  230. | snapshot | Enabling csi snapshot
  231. | snapshot-controller | Configuring csi snapshot controller
  232. | upgrade | Upgrading, f.e. container images/binaries
  233. | upload | Distributing images/binaries across hosts
  234. | vsphere-csi-driver | Configuring csi driver: vsphere
  235. | weave | Network plugin Weave
  236. | win_nodes | Running windows specific tasks
  237. | youki | Configuring youki runtime
  239. Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
  240. tags found in the codebase. New tags will be listed with the empty "Used for"
  241. field.
  243. ## Example commands
  245. Example command to filter and apply only DNS configuration tasks and skip
  246. everything else related to host OS configuration and downloading images of containers:
  248. ```ShellSession
  249. ansible-playbook -i inventory/sample/hosts.ini cluster.yml --tags preinstall,facts --skip-tags=download,bootstrap-os
  250. ```
  252. And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
  254. ```ShellSession
  255. ansible-playbook -i inventory/sample/hosts.ini -e dns_mode='none' cluster.yml --tags resolvconf
  256. ```
  258. And this prepares all container images locally (at the ansible runner node) without installing
  259. or upgrading related stuff or trying to upload container to K8s cluster nodes:
  261. ```ShellSession
  262. ansible-playbook -i inventory/sample/hosts.ini cluster.yml \
  263. -e download_run_once=true -e download_localhost=true \
  264. --tags download --skip-tags upload,upgrade
  265. ```
  267. Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
  269. ## Bastion host
  271. If you prefer to not make your nodes publicly accessible (nodes with private IPs only),
  272. you can use a so called *bastion* host to connect to your nodes. To specify and use a bastion,
  273. simply add a line to your inventory, where you have to replace x.x.x.x with the public IP of the
  274. bastion host.
  276. ```ShellSession
  277. [bastion]
  278. bastion ansible_host=x.x.x.x
  279. ```
  281. For more information about Ansible and bastion hosts, read
  282. [Running Ansible Through an SSH Bastion Host](https://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/)
  284. ## Mitogen
  286. Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for useage and reasons for deprecation.
  288. ## Beyond ansible 2.9
  290. Ansible project has decided, in order to ease their maintenance burden, to split between
  291. two projects which are now joined under the Ansible umbrella.
  293. Ansible-base (2.10.x branch) will contain just the ansible language implementation while
  294. ansible modules that were previously bundled into a single repository will be part of the
  295. ansible 3.x package. Pleasee see [this blog post](https://blog.while-true-do.io/ansible-release-3-0-0/)
  296. that explains in detail the need and the evolution plan.
  298. **Note:** this change means that ansible virtual envs cannot be upgraded with `pip install -U`.
  299. You first need to uninstall your old ansible (pre 2.10) version and install the new one.
  301. ```ShellSession
  302. pip uninstall ansible ansible-base ansible-core
  303. cd kubespray/
  304. pip install -U .
  305. ```