r/k8s-controller: Deploy HAProxy
The _haproxy_ role only installs HAProxy and provides some basic global configuration; it expects another role to depend on it and provide concrete proxy configuration with drop-in configuration files. Thus, we need a role specifically for the Kubernetes control plane nodes to provide the configuration to proxy for the API server.
This commit is contained in:
38
roles/k8s-controller/tasks/main.yml
Normal file
38
roles/k8s-controller/tasks/main.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
- name: ensure haproxy has a copy of kubernetes ca certificate
|
||||
copy:
|
||||
dest: /etc/haproxy/kube-root-ca.crt
|
||||
content: '{{ kube_root_ca_pem }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,go=r
|
||||
setype: etc_t
|
||||
tags:
|
||||
- haproxy
|
||||
- ca-cert
|
||||
- name: ensure haproxy is configured for kubernetes apiserver
|
||||
template:
|
||||
src: haproxy.cfg.j2
|
||||
dest: /etc/haproxy/conf.d/40-apiserver.cfg
|
||||
mode: u=rw,go=r
|
||||
tags:
|
||||
- config
|
||||
- haproxy-config
|
||||
- haproxy
|
||||
notify: reload haproxy
|
||||
- name: ensure haproxy can connect to kubernetes apiserver port
|
||||
seboolean:
|
||||
name: haproxy_connect_any
|
||||
state: true
|
||||
persistent: true
|
||||
tags:
|
||||
- selinux
|
||||
|
||||
- name: flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: ensure haproxy is running
|
||||
service:
|
||||
name: haproxy
|
||||
state: started
|
||||
tags:
|
||||
- service
|
||||
Reference in New Issue
Block a user