Merge branch '321-allow-custom-rke-config-options' into 'master'

Resolve "Allow custom rke config options"

Closes #321

See merge request openappstack/openappstack!91

ansible/group_vars/all/settings.yml.example

@@ -19,3 +19,20 @@ helmfiles:
   - 10-nginx
   - 15-monitoring
   - 20-nextcloud
+
+# Optional, custom rke config.
+# I.e. you can set the desired Kubernetes version but please be aware of
+# the [every rke release has only a few supported kubernetes versions](https://rancher.com/docs/rke/latest/en/config-options/#kubernetes-version).
+#
+# rke_custom_config:
+#   kubernetes_version: "v1.14.3-rancher1-1"
+#
+# Another example is allowing to disable ipv6 in pods by
+# passing adding an additional argument to the kubelet:
+# `--allowed-unsafe-sysctls net.ipv6.conf.all.disable_ipv6`
+#
+# rke_custom_config:
+#   services:
+#     kubelet:
+#       extra_args:
+#         allowed-unsafe-sysctls: 'net.ipv6.conf.all.disable_ipv6'

ansible/roles/rke_configuration/defaults/main.yml

-rke_configuration_location: "{{ data_directory }}/rke/cluster.yml"
-rke_ssh_key_path: "{{ data_directory }}/ssh/ssh_key"
-rke_ssh_agent_auth: "false"
-# Whether to support customer flexvolume driver plugins, by mounting the path
-# /usr/libexec/kubernetes/kubelet-plugins/volume/exec into kubelet.
-flexvolume_plugins: false

ansible/roles/rke_configuration/templates/cluster.yml.j2 → ansible/roles/rke_configuration/files/cluster-defaults.yml

-nodes:
-{% for node in groups['all'] %}
-- address: {{ hostvars[node]['ansible_host'] }}
-  # port: "22"
-  # internal_address: ""
-  role:
-{% if hostvars[node]['inventory_hostname'] in groups.master %}
-  - controlplane
-  - etcd
-{% endif %}
-{% if hostvars[node]['inventory_hostname'] in groups.worker %}
-  - worker
-{% endif %}
-  hostname_override: {{ hostvars[node]['inventory_hostname'] }}
-  user: {{ hostvars[node]['ansible_user'] }}
-  # docker_socket: /var/run/docker.sock
-  # ssh_key: ""
-{% if rke_ssh_key_path is defined %}
-  ssh_key_path: {{ rke_ssh_key_path }}
-{% else %}
-  # ssh_key_path: ""
-{% endif %}
-  # labels: {}
-{% endfor %}
+addon_job_timeout: 0
+addons: ''
+addons_include: []
+authentication:
+  options: {}
+  sans: []
+  strategy: x509
+authorization:
+  mode: rbac
+  options: {}
+bastion_host:
+  address: ''
+  port: ''
+  ssh_key: ''
+  ssh_key_path: ''
+  user: ''
+cloud_provider:
+  name: ''
+cluster_name: ''
+ignore_docker_version: false
+ingress:
+  extra_args: {}
+  node_selector: {}
+  options: {}
+  # Set this to none, so we can install nginx ourselves.
+  provider: none
+kubernetes_version: 'v1.14.3-rancher1-1'
+monitoring:
+  options: {}
+  provider: ''
+network:
+  options: {}
+  plugin: canal
+prefix_path: ''
+private_registries: []
 services:
   etcd:
-    image: ""
+    ca_cert: ''
+    cert: ''
+    creation: ''
     external_urls: []
-    ca_cert: ""
-    cert: ""
-    key: ""
-    path: ""
+    image: ''
+    key: ''
+    path: ''
+    retention: ''
     snapshot: false
-    retention: ""
-    creation: ""
   kube-api:
-    image: ""
-    service_cluster_ip_range: 10.43.0.0/16
-    service_node_port_range: ""
+    image: ''
     pod_security_policy: false
+    service_cluster_ip_range: 10.43.0.0/16
+    service_node_port_range: ''
   kube-controller:
-    image: ""
     cluster_cidr: 10.42.0.0/16
+    image: ''
     service_cluster_ip_range: 10.43.0.0/16
-  scheduler:
-    image: ""
   kubelet:
-    image: ""
+    cluster_dns_server: 10.43.0.10
+    cluster_domain: cluster.local
     extra_args:
-      containerized: "true"
-{% if flexvolume_plugins %}
-      volume-plugin-dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
-{% endif %}
+      containerized: 'true'
     extra_binds:
     # Make local storage work with persistent volumes that use `subpath`
     # see https://open.greenhost.net/openappstack/openappstack/issues/236
-    - "/:/rootfs:rshared"
-{% if flexvolume_plugins %}
-    - /usr/libexec/kubernetes/kubelet-plugins/volume/exec:/usr/libexec/kubernetes/kubelet-plugins/volume/exec
-{% endif %}
-    cluster_domain: cluster.local
-    infra_container_image: ""
-    cluster_dns_server: 10.43.0.10
+    - /:/rootfs:rshared
     fail_swap_on: false
+    image: ''
+    infra_container_image: ''
   kubeproxy:
-    image: ""
-network:
-  plugin: canal
-  options: {}
-authentication:
-  strategy: x509
-  options: {}
-  sans: []
-addons: ""
-addons_include: []
-ssh_agent_auth: {{ rke_ssh_agent_auth }}
-authorization:
-  mode: rbac
-  options: {}
-ignore_docker_version: false
-kubernetes_version: {{ kubernetes_version }}
-private_registries: []
-ingress:
-  # Set this to none, so we can install nginx ourselves.
-  provider: none
-  options: {}
-  node_selector: {}
-  extra_args: {}
-cluster_name: ""
-cloud_provider:
-  name: ""
-prefix_path: ""
-addon_job_timeout: 0
-bastion_host:
-  address: ""
-  port: ""
-  user: ""
-  ssh_key: ""
-  ssh_key_path: ""
-monitoring:
-  provider: ""
-  options: {}
+    image: ''
+  scheduler:
+    image: ''
+ssh_agent_auth: false

ansible/roles/rke_configuration/tasks/main.yml

@@ -29,8 +29,24 @@
   become: true
 
 
-- name: Copy rke cluster configuration file
-  template:
-    src: "cluster.yml.j2"
-    dest: "{{ rke_configuration_location }}"
+- name: Deploy rke cluster configuration file
+  tags:
+    - tmp
+    - rke
+  vars:
+    additional_config:
+      nodes:
+        - address: "{{ ansible_host }}"
+          hostname_override: "{{ inventory_hostname }}"
+          role:
+            - controlplane
+            - etcd
+            - worker
+          ssh_key_path: '/var/lib/OpenAppStack/ssh/ssh_key'
+          user: "{{ ansible_user }}"
+    # Allow undefined rke_custom_config variable
+    custom_config: "{{ rke_custom_config | default({}) }}"
+  copy:
+    content: "{{ lookup('file', 'cluster-defaults.yml') | from_yaml | combine(additional_config, custom_config, recursive=True) | to_nice_yaml(indent=2) }}"
+    dest: "{{ data_directory }}/rke/cluster.yml"
   become: true