You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

68 lines
2.3 KiB

  1. ---
  2. - name: Canal | Write Canal cni config
  3. template:
  4. src: "cni-canal.conflist.j2"
  5. dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}canal.conflist.template{% else %}10-canal.conflist{% endif %}"
  6. owner: kube
  7. - name: Canal | Create canal certs directory
  8. file:
  9. dest: "{{ canal_cert_dir }}"
  10. state: directory
  11. mode: 0750
  12. owner: root
  13. group: root
  14. - name: Canal | Link etcd certificates for canal-node
  15. file:
  16. src: "{{ etcd_cert_dir }}/{{ item.s }}"
  17. dest: "{{ canal_cert_dir }}/{{ item.d }}"
  18. state: hard
  19. force: yes
  20. with_items:
  21. - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
  22. - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
  23. - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
  24. - name: Canal | Set Flannel etcd configuration
  25. command: |-
  26. {{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} \
  27. set /{{ cluster_name }}/network/config \
  28. '{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
  29. retries: 4
  30. delay: "{{ retry_stagger | random + 3 }}"
  31. delegate_to: "{{groups['etcd'][0]}}"
  32. changed_when: false
  33. run_once: true
  34. environment:
  35. ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
  36. ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
  37. - name: Canal | Create canal node manifests
  38. template:
  39. src: "{{item.file}}.j2"
  40. dest: "{{kube_config_dir}}/{{item.file}}"
  41. with_items:
  42. - {name: canal-config, file: canal-config.yaml, type: cm}
  43. - {name: canal-node, file: canal-node.yaml, type: ds}
  44. - {name: canal, file: canal-node-sa.yml, type: sa}
  45. - {name: calico, file: canal-cr-calico.yml, type: clusterrole}
  46. - {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
  47. - {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
  48. - {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
  49. register: canal_manifests
  50. when:
  51. - inventory_hostname in groups['kube-master']
  52. - name: Canal | Install calicoctl wrapper script
  53. template:
  54. src: calicoctl.sh.j2
  55. dest: "{{ bin_dir }}/calicoctl.sh"
  56. mode: 0755
  57. owner: root
  58. group: root
  59. - name: Canal | Create network policy directory
  60. file:
  61. path: "{{ canal_policy_dir }}"
  62. state: directory