Dustin C. Hatch
96ac5be3b5
As pods move around between nodes, applications are updated, etc., nodes tend to accumulate images in their container stores that are no longer used. These take up space unnecessarily, eventually triggering disk usage alarms. From now, the _kubelet_ role installs a systemd timer and service unit to periodically clean up these unused images.
154 lines
3.3 KiB
YAML
154 lines
3.3 KiB
YAML
- name: load os-specific values
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
|
|
- '{{ ansible_distribution }}.yml'
|
|
- '{{ ansible_os_family }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure required packages are installed
|
|
dnf:
|
|
name: '{{ kubernetes_packages }}'
|
|
install_weak_deps: false
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure firewalld service is stopped
|
|
service:
|
|
name: firewalld
|
|
state: stopped
|
|
enabled: false
|
|
ignore_errors: true
|
|
tags:
|
|
- firewalld
|
|
|
|
- name: ensure kernel modules-load is configured for kubernetes
|
|
copy:
|
|
content: |+
|
|
{{ kubernetes_kernel_modules | join('\n') }}
|
|
dest: /etc/modules-load.d/k8s.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- load kernel modules
|
|
tags:
|
|
- kmod
|
|
|
|
- name: ensure kernel tunables are set for kubernetes
|
|
copy:
|
|
src: sysctl.conf
|
|
dest: /etc/sysctl.d/60-k8s.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- set kernel tunables
|
|
tags:
|
|
- sysctl
|
|
|
|
- name: ensure zram generator defaults are disabled
|
|
copy:
|
|
content: ''
|
|
dest: /etc/systemd/zram-generator.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- zram-generator
|
|
|
|
- name: ensure zram0 is stopped
|
|
systemd:
|
|
name: systemd-zram-setup@zram0
|
|
state: stopped
|
|
ignore_errors: true
|
|
notify:
|
|
- swapoff -a
|
|
tags:
|
|
- zram-generator
|
|
|
|
- name: ensure unneeded cni configuration files are removed
|
|
file:
|
|
path: /etc/cni/net.d/{{ item }}
|
|
state: absent
|
|
loop:
|
|
- 100-crio-bridge.conflist
|
|
- 200-loopback.conflist
|
|
tags:
|
|
- cni
|
|
|
|
- name: ensure kubelet.service drop-in configuration directory exists
|
|
file:
|
|
path: /etc/systemd/system/kubelet.service.d
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
state: directory
|
|
tags:
|
|
- systemd
|
|
- name: ensure kubelet.service extra args are configured
|
|
copy:
|
|
src: extra-args.systemd.conf
|
|
dest: /etc/systemd/system/kubelet.service.d/60-extra-args.conf
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart kubelet
|
|
tags:
|
|
- systemd
|
|
|
|
- name: ensure kubelet service is enabled
|
|
service:
|
|
name: kubelet
|
|
enabled: true
|
|
tags:
|
|
- service
|
|
|
|
- block:
|
|
- name: ensure crictl-image-prune systemd timer unit file is in place
|
|
copy:
|
|
src: crictl-image-prune.timer
|
|
dest: /etc/systemd/system/
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart crictl-image-prune.timer
|
|
tags:
|
|
- systemd
|
|
- name: ensure crictl-image-prune systemd service unit file is in place
|
|
copy:
|
|
src: crictl-image-prune.service
|
|
dest: /etc/systemd/system/
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- systemd
|
|
- name: ensure crictl-image-prune timer starts automatically
|
|
systemd:
|
|
name: crictl-image-prune.timer
|
|
enabled: true
|
|
tags:
|
|
- timer
|
|
- name: ensure crictl-image-prune timer is running
|
|
systemd:
|
|
name: crictl-image-prune.timer
|
|
state: started
|
|
tags:
|
|
- timer
|
|
tags:
|
|
- auto-prune-images
|