richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6404 Commits
29 Branches
81 Tags
146 MiB
Tree: a4f26dc8f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a4f26dc8f3'
${ noResults }
kubespray/docs/ansible.md

280 lines
14 KiB
Raw Normal View History

Add markdown CI (#5380)
4 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Fix typo
7 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add markdown CI (#5380)
4 years ago
fix typo / error regarding etcd and k8s_cluster groups (#8580) As far as I can tell this is simply a typo that has existed from the beginning. Having it this way around (`etcd` group as a child and thus subset of `k8s_cluster`) mirrors what is written in the preceeding sentence.
2 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs: Replace master with control plane (#7767) This replaces master with "control plane" in Kubespray docs because of [1]. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Fix invalid documentation links (#7692) * Fix invalid link to Ansible documentation * Fix invalid link to mitogen doc page * Fix invalid link to calico doc page * Fix all invalid links to doc pages
3 years ago
Docs updates Fix mismatching inventory examples. Add command examples. Clarify groups use cases. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
add documentation
8 years ago
Update ansible.md (#4599) Ansible 2.0 has deprecated the “ssh” from ansible_ssh_host. Updating the docs to be more aligned with the Ansible version used in the sample/inventory.ini file as well. Also adding `[bastion]` group in the docs to avoid confusion.
5 years ago
add documentation
8 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
add documentation
8 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
add documentation
8 years ago
Add markdown CI (#5380)
4 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Support multiple inventory files under individual inventory directory
6 years ago
Rework inventory all by real groups' vars * Leave all.yml to keep only optional vars * Store groups' specific vars by existing group names * Fix optional vars casted as mandatory (add default()) * Fix missing defaults for an optional IP var * Relink group_vars for terraform to reflect changes Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Docs: Replace master with control plane (#7767) This replaces master with "control plane" in Kubespray docs because of [1]. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
3 years ago
Fix some docs.ansible.com url typo (#7550)
3 years ago
Update ansible.md
6 years ago
Add markdown CI (#5380)
4 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update ansible.md
6 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Create ansible.md fixing a typo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
rename almost all mentions of kargo
7 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Update Ansible tags in documentation (#7933)
3 years ago
Add support for kube-vip (#8669) Signed-off-by: Mathieu Parent <math.parent@gmail.com>
2 years ago
Update Ansible tags in documentation (#7933)
3 years ago
Add youki runtime support (#8411)
2 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
5 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
5 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Update ansible.md
6 years ago
More granular control for download/upload images/binaries Add upload tag allow users to exclude distributing images across nodes when running with the download tag set. Add related tags and update docs as well. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add markdown CI (#5380)
4 years ago
Support multiple inventory files under individual inventory directory
6 years ago
More granular control for download/upload images/binaries Add upload tag allow users to exclude distributing images across nodes when running with the download tag set. Add related tags and update docs as well. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add documentation about bastion hosts
8 years ago
Add markdown CI (#5380)
4 years ago
Add documentation about bastion hosts
8 years ago
Add markdown CI (#5380)
4 years ago
Update ansible.md (#4599) Ansible 2.0 has deprecated the “ssh” from ansible_ssh_host. Updating the docs to be more aligned with the Ansible version used in the sample/inventory.ini file as well. Also adding `[bastion]` group in the docs to avoid confusion.
5 years ago
Add documentation about bastion hosts
8 years ago
Update docs Link docs to README, update README with recent info. Update comparsions, add kubeadm vs kargo. Better describe variables precedence UX impact. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Securing http link to https link (#5617) Fix http link to https link for security Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
4 years ago
add strategy mitogen_linear when installed mitogen (#5985) * add strategy mitogen_linear when installed mitogen * add small docs Rename playbook file The raw action executes as a regular Mitogen connection, which requires Python on the target, so add strategy: linear to bootstrap-os role playbook. * add mitogen to CI test fix typo * enable mitogen test on deploy-part1 tests change version from master to release download tar.gz archive * run all CI tests with mitogen * disable mitogen with upgrade CI tests * enable mitogen on CI tests via env vars * disable mitogen on CI test by default, enable on some different OS * disable mitogen CI test on centos8 (get error /usr/bin/python: No such file or directory)
4 years ago
Mitogen: deprecate the use of mitogen and remove coverage from CI (#8147)
3 years ago
Move to Ansible 3.4.0 (#7672) * Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
3 years ago
[ansible] make ansible 5.x the new default version (#8660) * [ansible] make ansible 5.x the new default version and move different versions tested to nightly jobs * [CI] jobs were missing proper ansible cleanup
2 years ago
Move to Ansible 3.4.0 (#7672) * Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
3 years ago
  1. # Ansible variables
  3. ## Inventory
  5. The inventory is composed of 3 groups:
  7. * **kube_node** : list of kubernetes nodes where the pods will run.
  8. * **kube_control_plane** : list of servers where kubernetes control plane components (apiserver, scheduler, controller) will run.
  9. * **etcd**: list of servers to compose the etcd server. You should have at least 3 servers for failover purpose.
  11. Note: do not modify the children of _k8s_cluster_, like putting
  12. the _etcd_ group into the _k8s_cluster_, unless you are certain
  13. to do that and you have it fully contained in the latter:
  15. ```ShellSession
  16. etcd ⊂ k8s_cluster => kube_node ∩ etcd = etcd
  17. ```
  19. When _kube_node_ contains _etcd_, you define your etcd cluster to be as well schedulable for Kubernetes workloads.
  20. If you want it a standalone, make sure those groups do not intersect.
  21. If you want the server to act both as control-plane and node, the server must be defined
  22. on both groups _kube_control_plane_ and _kube_node_. If you want a standalone and
  23. unschedulable control plane, the server must be defined only in the _kube_control_plane_ and
  24. not _kube_node_.
  26. There are also two special groups:
  28. * **calico_rr** : explained for [advanced Calico networking cases](/docs/calico.md)
  29. * **bastion** : configure a bastion host if your nodes are not directly reachable
  31. Below is a complete inventory example:
  33. ```ini
  34. ## Configure 'ip' variable to bind kubernetes services on a
  35. ## different ip than the default iface
  36. node1 ansible_host=95.54.0.12 ip=10.3.0.1
  37. node2 ansible_host=95.54.0.13 ip=10.3.0.2
  38. node3 ansible_host=95.54.0.14 ip=10.3.0.3
  39. node4 ansible_host=95.54.0.15 ip=10.3.0.4
  40. node5 ansible_host=95.54.0.16 ip=10.3.0.5
  41. node6 ansible_host=95.54.0.17 ip=10.3.0.6
  43. [kube_control_plane]
  44. node1
  45. node2
  47. [etcd]
  48. node1
  49. node2
  50. node3
  52. [kube_node]
  53. node2
  54. node3
  55. node4
  56. node5
  57. node6
  59. [k8s_cluster:children]
  60. kube_node
  61. kube_control_plane
  62. ```
  64. ## Group vars and overriding variables precedence
  66. The group variables to control main deployment options are located in the directory ``inventory/sample/group_vars``.
  67. Optional variables are located in the `inventory/sample/group_vars/all.yml`.
  68. Mandatory variables that are common for at least one role (or a node group) can be found in the
  69. `inventory/sample/group_vars/k8s_cluster.yml`.
  70. There are also role vars for docker, kubernetes preinstall and control plane roles.
  71. According to the [ansible docs](https://docs.ansible.com/ansible/latest/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable),
  72. those cannot be overridden from the group vars. In order to override, one should use
  73. the `-e` runtime flags (most simple way) or other layers described in the docs.
  75. Kubespray uses only a few layers to override things (or expect them to
  76. be overridden for roles):
  78. Layer | Comment
  79. ------|--------
  80. **role defaults** | provides best UX to override things for Kubespray deployments
  81. inventory vars | Unused
  82. **inventory group_vars** | Expects users to use ``all.yml``,``k8s_cluster.yml`` etc. to override things
  83. inventory host_vars | Unused
  84. playbook group_vars | Unused
  85. playbook host_vars | Unused
  86. **host facts** | Kubespray overrides for internal roles' logic, like state flags
  87. play vars | Unused
  88. play vars_prompt | Unused
  89. play vars_files | Unused
  90. registered vars | Unused
  91. set_facts | Kubespray overrides those, for some places
  92. **role and include vars** | Provides bad UX to override things! Use extra vars to enforce
  93. block vars (only for tasks in block) | Kubespray overrides for internal roles' logic
  94. task vars (only for the task) | Unused for roles, but only for helper scripts
  95. **extra vars** (always win precedence) | override with ``ansible-playbook -e @foo.yml``
  97. ## Ansible tags
  99. The following tags are defined in playbooks:
  101. | Tag name | Used for
  102. |--------------------------------|---------
  103. | annotate | Create kube-router annotation
  104. | apps | K8s apps definitions
  105. | asserts | Check tasks for download role
  106. | aws-ebs-csi-driver | Configuring csi driver: aws-ebs
  107. | azure-csi-driver | Configuring csi driver: azure
  108. | bastion | Setup ssh config for bastion
  109. | bootstrap-os | Anything related to host OS configuration
  110. | calico | Network plugin Calico
  111. | calico_rr | Configuring Calico route reflector
  112. | canal | Network plugin Canal
  113. | cephfs-provisioner | Configuring CephFS
  114. | cert-manager | Configuring certificate manager for K8s
  115. | cilium | Network plugin Cilium
  116. | cinder-csi-driver | Configuring csi driver: cinder
  117. | client | Kubernetes clients role
  118. | cloud-provider | Cloud-provider related tasks
  119. | cluster-roles | Configuring cluster wide application (psp ...)
  120. | cni | CNI plugins for Network Plugins
  121. | containerd | Configuring containerd engine runtime for hosts
  122. | container_engine_accelerator | Enable nvidia accelerator for runtimes
  123. | container-engine | Configuring container engines
  124. | container-runtimes | Configuring container runtimes
  125. | coredns | Configuring coredns deployment
  126. | crio | Configuring crio container engine for hosts
  127. | crun | Configuring crun runtime
  128. | csi-driver | Configuring csi driver
  129. | dashboard | Installing and configuring the Kubernetes Dashboard
  130. | dns | Remove dns entries when resetting
  131. | docker | Configuring docker engine runtime for hosts
  132. | download | Fetching container images to a delegate host
  133. | etcd | Configuring etcd cluster
  134. | etcd-secrets | Configuring etcd certs/keys
  135. | etchosts | Configuring /etc/hosts entries for hosts
  136. | external-cloud-controller | Configure cloud controllers
  137. | external-openstack | Cloud controller : openstack
  138. | external-provisioner | Configure external provisioners
  139. | external-vsphere | Cloud controller : vsphere
  140. | facts | Gathering facts and misc check results
  141. | files | Remove files when resetting
  142. | flannel | Network plugin flannel
  143. | gce | Cloud-provider GCP
  144. | gcp-pd-csi-driver | Configuring csi driver: gcp-pd
  145. | gvisor | Configuring gvisor runtime
  146. | helm | Installing and configuring Helm
  147. | ingress-controller | Configure ingress controllers
  148. | ingress_alb | AWS ALB Ingress Controller
  149. | init | Windows kubernetes init nodes
  150. | iptables | Flush and clear iptable when resetting
  151. | k8s-pre-upgrade | Upgrading K8s cluster
  152. | k8s-secrets | Configuring K8s certs/keys
  153. | k8s-gen-tokens | Configuring K8s tokens
  154. | kata-containers | Configuring kata-containers runtime
  155. | krew | Install and manage krew
  156. | kubeadm | Roles linked to kubeadm tasks
  157. | kube-apiserver | Configuring static pod kube-apiserver
  158. | kube-controller-manager | Configuring static pod kube-controller-manager
  159. | kube-vip | Installing and configuring kube-vip
  160. | kubectl | Installing kubectl and bash completion
  161. | kubelet | Configuring kubelet service
  162. | kube-ovn | Network plugin kube-ovn
  163. | kube-router | Network plugin kube-router
  164. | kube-proxy | Configuring static pod kube-proxy
  165. | localhost | Special steps for the localhost (ansible runner)
  166. | local-path-provisioner | Configure External provisioner: local-path
  167. | local-volume-provisioner | Configure External provisioner: local-volume
  168. | macvlan | Network plugin macvlan
  169. | master | Configuring K8s master node role
  170. | metallb | Installing and configuring metallb
  171. | metrics_server | Configuring metrics_server
  172. | netchecker | Installing netchecker K8s app
  173. | network | Configuring networking plugins for K8s
  174. | mounts | Umount kubelet dirs when reseting
  175. | multus | Network plugin multus
  176. | nginx | Configuring LB for kube-apiserver instances
  177. | node | Configuring K8s minion (compute) node role
  178. | nodelocaldns | Configuring nodelocaldns daemonset
  179. | node-label | Tasks linked to labeling of nodes
  180. | node-webhook | Tasks linked to webhook (grating access to resources)
  181. | nvidia_gpu | Enable nvidia accelerator for runtimes
  182. | oci | Cloud provider: oci
  183. | persistent_volumes | Configure csi volumes
  184. | persistent_volumes_aws_ebs_csi | Configuring csi driver: aws-ebs
  185. | persistent_volumes_cinder_csi | Configuring csi driver: cinder
  186. | persistent_volumes_gcp_pd_csi | Configuring csi driver: gcp-pd
  187. | persistent_volumes_openstack | Configuring csi driver: openstack
  188. | policy-controller | Configuring Calico policy controller
  189. | post-remove | Tasks running post-remove operation
  190. | post-upgrade | Tasks running post-upgrade operation
  191. | pre-remove | Tasks running pre-remove operation
  192. | pre-upgrade | Tasks running pre-upgrade operation
  193. | preinstall | Preliminary configuration steps
  194. | registry | Configuring local docker registry
  195. | reset | Tasks running doing the node reset
  196. | resolvconf | Configuring /etc/resolv.conf for hosts/apps
  197. | rbd-provisioner | Configure External provisioner: rdb
  198. | services | Remove services (etcd, kubelet etc...) when resetting
  199. | snapshot | Enabling csi snapshot
  200. | snapshot-controller | Configuring csi snapshot controller
  201. | upgrade | Upgrading, f.e. container images/binaries
  202. | upload | Distributing images/binaries across hosts
  203. | vsphere-csi-driver | Configuring csi driver: vsphere
  204. | weave | Network plugin Weave
  205. | win_nodes | Running windows specific tasks
  206. | youki | Configuring youki runtime
  208. Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
  209. tags found in the codebase. New tags will be listed with the empty "Used for"
  210. field.
  212. ## Example commands
  214. Example command to filter and apply only DNS configuration tasks and skip
  215. everything else related to host OS configuration and downloading images of containers:
  217. ```ShellSession
  218. ansible-playbook -i inventory/sample/hosts.ini cluster.yml --tags preinstall,facts --skip-tags=download,bootstrap-os
  219. ```
  221. And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
  223. ```ShellSession
  224. ansible-playbook -i inventory/sample/hosts.ini -e dns_mode='none' cluster.yml --tags resolvconf
  225. ```
  227. And this prepares all container images locally (at the ansible runner node) without installing
  228. or upgrading related stuff or trying to upload container to K8s cluster nodes:
  230. ```ShellSession
  231. ansible-playbook -i inventory/sample/hosts.ini cluster.yml \
  232. -e download_run_once=true -e download_localhost=true \
  233. --tags download --skip-tags upload,upgrade
  234. ```
  236. Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.
  238. ## Bastion host
  240. If you prefer to not make your nodes publicly accessible (nodes with private IPs only),
  241. you can use a so called *bastion* host to connect to your nodes. To specify and use a bastion,
  242. simply add a line to your inventory, where you have to replace x.x.x.x with the public IP of the
  243. bastion host.
  245. ```ShellSession
  246. [bastion]
  247. bastion ansible_host=x.x.x.x
  248. ```
  250. For more information about Ansible and bastion hosts, read
  251. [Running Ansible Through an SSH Bastion Host](https://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/)
  253. ## Mitogen
  255. Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for useage and reasons for deprecation.
  257. ## Beyond ansible 2.9
  259. Ansible project has decided, in order to ease their maintenance burden, to split between
  260. two projects which are now joined under the Ansible umbrella.
  262. Ansible-base (2.10.x branch) will contain just the ansible language implementation while
  263. ansible modules that were previously bundled into a single repository will be part of the
  264. ansible 3.x package. Pleasee see [this blog post](https://blog.while-true-do.io/ansible-release-3-0-0/)
  265. that explains in detail the need and the evolution plan.
  267. **Note:** this change means that ansible virtual envs cannot be upgraded with `pip install -U`.
  268. You first need to uninstall your old ansible (pre 2.10) version and install the new one.
  270. ```ShellSession
  271. pip uninstall ansible ansible-base ansible-core
  272. cd kubespray/
  273. pip install -U .
  274. ```
  276. **Note:** some changes needed to support ansible 2.10+ are not backwards compatible with 2.9
  277. Kubespray needs to evolve and keep pace with upstream ansible and will be forced to eventually
  278. drop 2.9 support. Kubespray CIs use only the ansible version specified in the `requirements.txt`
  279. and while the `ansible_version.yml` may allow older versions to be used, these are not
  280. exercised in the CI and compatibility is not guaranteed.