|
|
---
- name: Canal | Write Canal cni config
template:
src: "cni-canal.conflist.j2"
dest: "/etc/cni/net.d/canal.conflist.template"
owner: kube
register: canal_conflist
notify: reset_canal_cni
- name: Canal | Create canal certs directory
file:
dest: "{{ canal_cert_dir }}"
state: directory
mode: 0750
owner: root
group: root
- name: Canal | Link etcd certificates for canal-node
file:
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ canal_cert_dir }}/{{ item.d }}"
state: hard
force: yes
with_items:
- {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
# Flannel need etcd v2 API
- name: Canal | Set Flannel etcd configuration
command: |-
{{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config \
'{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
register: output
retries: 4
until: output.rc == 0
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{ groups['etcd'][0] }}"
changed_when: false
run_once: true
environment:
ETCDCTL_API: 2
ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
- name: Canal | Create canal node manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: canal-config, file: canal-config.yaml, type: cm}
- {name: canal-node, file: canal-node.yaml, type: ds}
- {name: canal, file: canal-node-sa.yml, type: sa}
- {name: calico, file: canal-cr-calico.yml, type: clusterrole}
- {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
- {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
- {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
register: canal_manifests
when:
- inventory_hostname in groups['kube_control_plane']
- name: Canal | Install calicoctl wrapper script
template:
src: calicoctl.sh.j2
dest: "{{ bin_dir }}/calicoctl.sh"
mode: 0755
owner: root
group: root
- name: Canal | Create network policy directory
file:
path: "{{ canal_policy_dir }}"
state: directory
|
