7f783dba51
When using Rook for managing Ceph we can use Rook CRDs to create S3 buckets and users. This PR adds bucket claim template to the elasticsearch chart. Rook creates a bucket for a bucket claim and also creates a secret containing the credentials to get access to this bucket. So we also add a snippet to expose these credentials via environment variables to containers where they are needed. Change-Id: Ic5cd35a5c64a914af97d2b3cfec21dbe399c0f14
73 lines
2.3 KiB
YAML
73 lines
2.3 KiB
YAML
---
|
|
- name: Mount tmpfs to /var/lib/etcd
|
|
mount:
|
|
path: /var/lib/etcd
|
|
src: tmpfs
|
|
fstype: tmpfs
|
|
opts: size=1g
|
|
state: mounted
|
|
|
|
- name: Prepare kubeadm config
|
|
template:
|
|
src: files/kubeadm_config.yaml
|
|
dest: /tmp/kubeadm_config.yaml
|
|
|
|
- name: Initialize the Kubernetes cluster using kubeadm
|
|
command: kubeadm init --config /tmp/kubeadm_config.yaml
|
|
|
|
- name: "Setup kubeconfig for {{ kubectl.user }} user"
|
|
shell: |
|
|
mkdir -p /home/{{ kubectl.user }}/.kube
|
|
cp -i /etc/kubernetes/admin.conf /home/{{ kubectl.user }}/.kube/config
|
|
chown -R {{ kubectl.user }}:{{ kubectl.group }} /home/{{ kubectl.user }}/.kube
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Deploy Calico
|
|
become: false
|
|
command: kubectl apply -f /tmp/calico.yaml
|
|
|
|
- name: Sleep before trying to check Calico pods
|
|
pause:
|
|
seconds: 20
|
|
|
|
- name: Wait for Calico pods ready
|
|
become: false
|
|
command: kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=calico-node
|
|
|
|
- name: Prepare Calico patch
|
|
copy:
|
|
src: files/calico_patch.yaml
|
|
dest: /tmp/calico_patch.yaml
|
|
|
|
- name: Patch Calico
|
|
become: false
|
|
command: kubectl -n kube-system patch daemonset calico-node --patch-file /tmp/calico_patch.yaml
|
|
|
|
- name: Wait for Calico pods ready
|
|
become: false
|
|
command: kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=calico-node
|
|
|
|
- name: Generate join command
|
|
command: kubeadm token create --print-join-command
|
|
register: join_command
|
|
|
|
- name: Untaint Kubernetes control plane node
|
|
become: false
|
|
command: kubectl taint nodes -l 'node-role.kubernetes.io/control-plane' node-role.kubernetes.io/control-plane-
|
|
|
|
- name: Enable recursive queries for coredns
|
|
become: false
|
|
shell: |
|
|
PATCH=$(mktemp)
|
|
kubectl get configmap coredns -n kube-system -o json | jq -r "{data: .data}" | sed 's/ready\\n/header \{\\n response set ra\\n \}\\n ready\\n/g' > "${PATCH}"
|
|
kubectl patch configmap coredns -n kube-system --patch-file "${PATCH}"
|
|
kubectl set image deployment coredns -n kube-system "coredns=registry.k8s.io/coredns/coredns:v1.9.4"
|
|
kubectl rollout restart -n kube-system deployment/coredns
|
|
sleep 10
|
|
kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=kube-dns
|
|
rm -f "${PATCH}"
|
|
args:
|
|
executable: /bin/bash
|
|
...
|