diff --git a/REFERENCE.md b/REFERENCE.md
index 34d278f..d3ee93e 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -7,6 +7,7 @@
### Classes
* [`k8s`](#k8s): Sets up a Kubernetes instance - either as a node or as a server
+* [`k8s::common`](#k8s--common): Sets up common Kubernetes components - users/groups/folders/etc
* [`k8s::install::cni_plugins`](#k8s--install--cni_plugins): Manages the installation of CNI plugins
* [`k8s::install::container_runtime`](#k8s--install--container_runtime): Manages the installation of a container runtime / CRI
* [`k8s::install::crictl`](#k8s--install--crictl): installs the crictl debugging tool
@@ -429,7 +430,7 @@ Default value: `true`
##### `role`
-Data type: `Enum['node','server','none']`
+Data type: `Enum['node','server','etcd-replica','none']`
role of the node
@@ -491,6 +492,10 @@ version of kubernetes to install
Default value: `'1.28.14'`
+### `k8s::common`
+
+Sets up common Kubernetes components - users/groups/folders/etc
+
### `k8s::install::cni_plugins`
Manages the installation of CNI plugins
@@ -2072,11 +2077,11 @@ Default value: `'etcd'`
##### `version`
-Data type: `Optional[String[1]]`
+Data type: `String[1]`
version of ectd to install, will use k8s::etcd_version unless otherwise specified
-Default value: `undef`
+Default value: `$k8s::etcd_version`
### `k8s::server::etcd::setup`
@@ -2186,11 +2191,11 @@ Default value: `"${etcd_name}.etcd"`
##### `ensure`
-Data type: `Optional[K8s::Ensure]`
+Data type: `K8s::Ensure`
set ensure for installation or deinstallation
-Default value: `undef`
+Default value: `'present'`
##### `etcd_name`
@@ -2218,11 +2223,11 @@ Default value: `undef`
##### `group`
-Data type: `Optional[String[1]]`
+Data type: `String[1]`
etcd system user group
-Default value: `undef`
+Default value: `'etcd'`
##### `initial_advertise_peer_urls`
@@ -2370,19 +2375,19 @@ Default value: `undef`
##### `user`
-Data type: `Optional[String[1]]`
+Data type: `String[1]`
etcd system user
-Default value: `undef`
+Default value: `'etcd'`
##### `version`
-Data type: `Optional[String[1]]`
+Data type: `String[1]`
The ectd version to install
-Default value: `undef`
+Default value: `$k8s::etcd_version`
### `k8s::server::resources`
diff --git a/data/common.yaml b/data/common.yaml
index 2fbf0ff..ac7cd48 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1 +1,2 @@
---- {}
+---
+k8s::sysconfig_path: '/etc/sysconfig'
diff --git a/manifests/common.pp b/manifests/common.pp
new file mode 100644
index 0000000..39ef5b3
--- /dev/null
+++ b/manifests/common.pp
@@ -0,0 +1,71 @@
+# @summary Sets up common Kubernetes components - users/groups/folders/etc
+class k8s::common {
+ group { $k8s::group:
+ ensure => present,
+ system => true,
+ gid => $k8s::gid,
+ }
+
+ user { $k8s::user:
+ ensure => present,
+ comment => 'Kubernetes user',
+ gid => $k8s::group,
+ home => '/srv/kubernetes',
+ managehome => false,
+ shell => (fact('os.family') ? {
+ 'Debian' => '/usr/sbin/nologin',
+ default => '/sbin/nologin',
+ }),
+ system => true,
+ uid => $k8s::uid,
+ }
+
+ file {
+ default:
+ ensure => directory,
+ force => true,
+ purge => true,
+ recurse => true;
+
+ '/opt/k8s': ;
+ '/opt/k8s/bin': ;
+ }
+
+ file { '/var/run/kubernetes':
+ ensure => directory,
+ owner => $k8s::user,
+ group => $k8s::group,
+ }
+
+ file { "${k8s::sysconfig_path}/kube-common":
+ ensure => file,
+ content => epp('k8s/sysconfig.epp', {
+ comment => 'General Kubernetes Configuration',
+ environment_variables => {
+ 'KUBE_LOG_LEVEL' => '',
+ },
+ }),
+ }
+
+ file {
+ default:
+ ensure => directory;
+
+ '/etc/kubernetes': ;
+ '/etc/kubernetes/certs': ;
+ '/etc/kubernetes/manifests':
+ purge => $k8s::purge_manifests,
+ recurse => true;
+ '/root/.kube': ;
+ '/srv/kubernetes':
+ owner => $k8s::user,
+ group => $k8s::group;
+ '/usr/libexec/kubernetes': ;
+ '/var/lib/kubelet': ;
+ '/var/lib/kubelet/pki': ;
+
+ '/usr/share/containers/': ;
+ '/usr/share/containers/oci/': ;
+ '/usr/share/containers/oci/hooks.d': ;
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index eb62fa3..f11de32 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -95,7 +95,7 @@
Stdlib::Fqdn $cluster_domain = 'cluster.local',
String[1] $etcd_cluster_name = 'default',
- Enum['node','server','none'] $role = 'none',
+ Enum['node','server','etcd-replica','none'] $role = 'none',
Optional[K8s::Firewall] $firewall_type = undef,
String[1] $user = 'kube',
@@ -103,102 +103,11 @@
Integer[0, 65535] $uid = 888,
Integer[0, 65535] $gid = 888,
) {
- if $manage_container_manager {
- include k8s::install::container_runtime
- }
-
- group { $group:
- ensure => present,
- system => true,
- gid => $gid,
- }
-
- user { $user:
- ensure => present,
- comment => 'Kubernetes user',
- gid => $group,
- home => '/srv/kubernetes',
- managehome => false,
- shell => (fact('os.family') ? {
- 'Debian' => '/usr/sbin/nologin',
- default => '/sbin/nologin',
- }),
- system => true,
- uid => $uid,
- }
-
- file {
- default:
- ensure => directory,
- force => true,
- purge => true,
- recurse => true;
-
- '/opt/k8s': ;
- '/opt/k8s/bin': ;
- }
-
- file { '/var/run/kubernetes':
- ensure => directory,
- owner => $user,
- group => $group,
- }
-
- $_sysconfig_path = pick($sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-common":
- ensure => file,
- content => epp('k8s/sysconfig.epp', {
- comment => 'General Kubernetes Configuration',
- environment_variables => {
- 'KUBE_LOG_LEVEL' => '',
- },
- }),
- }
-
- file {
- default:
- ensure => directory;
-
- '/etc/kubernetes': ;
- '/etc/kubernetes/certs': ;
- '/etc/kubernetes/manifests':
- purge => $purge_manifests,
- recurse => true;
- '/root/.kube': ;
- '/srv/kubernetes':
- owner => $user,
- group => $group;
- '/usr/libexec/kubernetes': ;
- '/var/lib/kubelet': ;
- '/var/lib/kubelet/pki': ;
-
- '/usr/share/containers/': ;
- '/usr/share/containers/oci/': ;
- '/usr/share/containers/oci/hooks.d': ;
- }
-
- if $manage_repo {
- include k8s::repo
- }
-
- if $manage_packages {
- # Ensure conntrack is installed to properly handle networking cleanup
- if fact('os.family') == 'Debian' {
- $_conntrack = 'conntrack'
- } else {
- $_conntrack = 'conntrack-tools'
- }
-
- ensure_packages([$_conntrack,])
- }
-
- if $role != 'none' {
- include k8s::install::cni_plugins
- }
-
if $role == 'server' {
include k8s::server
} elsif $role == 'node' {
include k8s::node
+ } elsif $role == 'etcd-replica' {
+ include k8s::server::etcd
}
}
diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp
index ff28af1..bffedc5 100644
--- a/manifests/install/container_runtime.pp
+++ b/manifests/install/container_runtime.pp
@@ -87,6 +87,7 @@
}
if $manage_repo {
+ include k8s::repo
Class['k8s::repo'] -> Package['k8s container manager']
}
}
diff --git a/manifests/install/crictl.pp b/manifests/install/crictl.pp
index 9abd559..9fd4f93 100644
--- a/manifests/install/crictl.pp
+++ b/manifests/install/crictl.pp
@@ -21,8 +21,9 @@
Stdlib::HTTPUrl $download_url_template = 'https://github.com/kubernetes-sigs/cri-tools/releases/download/%{version}/crictl-%{version}-linux-%{arch}.tar.gz',
) {
if $manage_repo {
- $pkg = pick($crictl_package, 'cri-tools')
+ include k8s::repo
+ $pkg = pick($crictl_package, 'cri-tools')
package { $pkg:
ensure => stdlib::ensure($ensure, 'package'),
}
diff --git a/manifests/node.pp b/manifests/node.pp
index 001988e..e197cff 100644
--- a/manifests/node.pp
+++ b/manifests/node.pp
@@ -54,6 +54,26 @@
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
) {
+ include k8s::common
+ include k8s::install::cni_plugins
+
+ if $k8s::manage_container_manager {
+ include k8s::install::container_runtime
+ }
+ if $k8s::manage_repo {
+ include k8s::repo
+ }
+ if $k8s::manage_packages {
+ # Ensure conntrack is installed to properly handle networking cleanup
+ if fact('os.family') == 'Debian' {
+ $_conntrack = 'conntrack'
+ } else {
+ $_conntrack = 'conntrack-tools'
+ }
+
+ ensure_packages([$_conntrack,])
+ }
+
if $manage_crictl {
include k8s::install::crictl
}
diff --git a/manifests/server.pp b/manifests/server.pp
index 0d504a7..b9758b5 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -59,6 +59,8 @@
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
String[1] $etcd_cluster_name = $k8s::etcd_cluster_name,
) {
+ include k8s::common
+
if $manage_etcd {
class { 'k8s::server::etcd':
ensure => $ensure,
diff --git a/manifests/server/etcd.pp b/manifests/server/etcd.pp
index ef4c8db..08f2a74 100644
--- a/manifests/server/etcd.pp
+++ b/manifests/server/etcd.pp
@@ -21,8 +21,8 @@
# @param version version of ectd to install, will use k8s::etcd_version unless otherwise specified
#
class k8s::server::etcd (
- K8s::Ensure $ensure = 'present',
- Optional[String[1]] $version = undef,
+ K8s::Ensure $ensure = 'present',
+ String[1] $version = $k8s::etcd_version,
Boolean $manage_setup = true,
Boolean $manage_firewall = false,
@@ -118,21 +118,9 @@
}
}
- if $manage_setup and !$manage_members {
- include k8s::server::etcd::setup
- }
-
if $ensure == 'present' and $manage_members {
- if defined(Class['k8s']) {
- $_k8s_cluster_name = $k8s::etcd_cluster_name
- $_k8s_puppetdb_discovery_tag = $k8s::puppetdb_discovery_tag
- } else {
- $_k8s_cluster_name = lookup('k8s::cluster_name', undef, undef, undef)
- $_k8s_puppetdb_discovery_tag = lookup('k8s::puppetdb_discovery_tag', undef, undef, undef)
- }
-
- $_cluster_name = pick($cluster_name, $_k8s_cluster_name, 'default')
- $_puppetdb_discovery_tag = pick($puppetdb_discovery_tag, $cluster_name, $_k8s_puppetdb_discovery_tag, 'default')
+ $_cluster_name = pick($cluster_name, $k8s::etcd_cluster_name, 'default')
+ $_puppetdb_discovery_tag = pick($puppetdb_discovery_tag, $cluster_name, $k8s::puppetdb_discovery_tag, 'default')
# Needs the PuppetDB terminus installed
$pql_query = [
@@ -152,16 +140,14 @@
].join(' ')
$cluster_nodes = puppetdb_query($pql_query)
- if $manage_setup {
- class { 'k8s::server::etcd::setup':
- initial_cluster => $cluster_nodes.map |$node| {
- "${node['parameters']['etcd_name']}=${node['parameters']['initial_advertise_peer_urls'][0]}"
- },
- initial_cluster_state => ($cluster_nodes.size() ? {
- 0 => 'new',
- default => 'existing',
- }),
- }
+ $_setup_splat = {
+ initial_cluster => $cluster_nodes.map |$node| {
+ "${node['parameters']['etcd_name']}=${node['parameters']['initial_advertise_peer_urls'][0]}"
+ },
+ initial_cluster_state => ($cluster_nodes.size() ? {
+ 0 => 'new',
+ default => 'existing',
+ }),
}
$cluster_nodes.each |$node| {
@@ -173,22 +159,31 @@
cluster_key => "${cert_path}/etcd-client.key",
}
}
+ } else {
+ $_setup_splat = {}
}
- if $manage_firewall {
- if defined(Class['k8s']) {
- $_k8s_firewall_type = $k8s::firewall_type
- } else {
- $_k8s_firewall_type = lookup('k8s::firewall_type', undef, undef, undef)
+ if $manage_setup {
+ class { 'k8s::server::etcd::setup':
+ ensure => $ensure,
+ version => $version,
+ user => $user,
+ group => $group,
+ * => $_setup_splat,
}
+ }
+
+ if $manage_firewall {
if $facts['firewalld_version'] {
- $_firewall_type = pick($firewall_type, $_k8s_firewall_type, 'firewalld')
+ $_firewall_type = pick($firewall_type, $k8s::firewall_type, 'firewalld')
} else {
- $_firewall_type = pick($firewall_type, $_k8s_firewall_type, 'iptables')
+ $_firewall_type = pick($firewall_type, $k8s::firewall_type, 'iptables')
}
case $_firewall_type {
'firewalld' : {
+ include firewalld
+
firewalld_service {
default:
ensure => $ensure,
diff --git a/manifests/server/etcd/setup.pp b/manifests/server/etcd/setup.pp
index 88b840f..5e03b68 100644
--- a/manifests/server/etcd/setup.pp
+++ b/manifests/server/etcd/setup.pp
@@ -35,10 +35,10 @@
# @param version The ectd version to install
#
class k8s::server::etcd::setup (
- Optional[K8s::Ensure] $ensure = undef,
+ K8s::Ensure $ensure = 'present',
Enum['archive','package'] $install = 'archive',
String[1] $package = 'etcd',
- Optional[String[1]] $version = undef,
+ String[1] $version = $k8s::etcd_version,
String[1] $etcd_name = $facts['networking']['hostname'],
String[1] $fqdn = $facts['networking']['fqdn'],
@@ -72,44 +72,27 @@
Optional[Stdlib::Unixpath] $binary_path = undef,
Stdlib::Unixpath $storage_path = '/var/lib/etcd',
- Optional[String[1]] $user = undef,
- Optional[String[1]] $group = undef,
+ String[1] $user = 'etcd',
+ String[1] $group = 'etcd',
Optional[Integer[0, 65535]] $uid = undef,
Optional[Integer[0, 65535]] $gid = undef,
) {
- if defined(Class['k8s']) {
- $_k8s_etcd_version = $k8s::etcd_version
- } else {
- $_k8s_etcd_version = lookup('k8s::etcd_version')
- }
if defined(Class['k8s::server::etcd']) {
- $_k8s_server_etcd_ensure = $k8s::server::etcd::ensure
- $_k8s_server_etcd_version = $k8s::server::etcd::version
$_k8s_server_etcd_self_signed_tls = $k8s::server::etcd::self_signed_tls
$_k8s_server_etcd_manage_certs = $k8s::server::etcd::manage_certs
- $_k8s_server_etcd_user = $k8s::server::etcd::user
- $_k8s_server_etcd_group = $k8s::server::etcd::group
} else {
- $_k8s_server_etcd_ensure = lookup('k8s::server::etcd::ensure', undef, undef, undef)
- $_k8s_server_etcd_version = lookup('k8s::server::etcd::version', undef, undef, undef)
- $_k8s_server_etcd_self_signed_tls = lookup('k8s::server::etcd::self_signed_tls', undef, undef, undef)
- $_k8s_server_etcd_manage_certs = lookup('k8s::server::etcd::manage_certs', undef, undef, undef)
- $_k8s_server_etcd_user = lookup('k8s::server::etcd::user', undef, undef, undef)
- $_k8s_server_etcd_group = lookup('k8s::server::etcd::group', undef, undef, undef)
+ $_k8s_server_etcd_self_signed_tls = lookup('k8s::server::etcd::self_signed_tls', default_value => undef)
+ $_k8s_server_etcd_manage_certs = lookup('k8s::server::etcd::manage_certs', default_value => undef)
}
- $_ensure = pick($ensure, $_k8s_server_etcd_ensure, 'present')
$_peer_auto_tls = pick($peer_auto_tls, $_k8s_server_etcd_self_signed_tls, false)
$_auto_tls = pick($auto_tls, $_k8s_server_etcd_self_signed_tls, false)
- $_version = pick($version, $_k8s_server_etcd_version, $_k8s_etcd_version)
- $_user = pick($user, $_k8s_server_etcd_user, 'etcd')
- $_group = pick($group, $_k8s_server_etcd_group, 'etcd')
if $install == 'archive' {
$_url = k8s::format_url($archive_template, { version => $version, })
$_file = basename($_url)
archive { "/var/tmp/${_file}":
- ensure => $_ensure,
+ ensure => $ensure,
source => $_url,
extract => true,
extract_command => 'tar xfz %s --strip-components=1',
@@ -119,20 +102,20 @@
notify => Service['etcd'],
}
- if $_ensure == 'absent' {
+ if $ensure == 'absent' {
file { ['/usr/local/bin/etcd', '/usr/local/bin/etcdctl']:
ensure => 'absent',
}
}
- group { $_group:
- ensure => $_ensure,
+ group { $group:
+ ensure => $ensure,
system => true,
gid => $gid,
}
- user { $_user:
- ensure => $_ensure,
+ user { $user:
+ ensure => $ensure,
comment => 'etcd user',
gid => $gid,
home => $storage_path,
@@ -146,13 +129,13 @@
}
} else {
package { $package:
- ensure => stdlib::ensure($_ensure, 'package'),
+ ensure => stdlib::ensure($ensure, 'package'),
}
}
file {
default:
- ensure => stdlib::ensure($_ensure, 'directory');
+ ensure => stdlib::ensure($ensure, 'directory');
'/etc/etcd': ;
$storage_path:
@@ -188,7 +171,7 @@
file {
default:
- ensure => stdlib::ensure($_ensure, 'file'),
+ ensure => stdlib::ensure($ensure, 'file'),
owner => 'root',
group => 'root';
@@ -231,21 +214,21 @@
$service_require = Package[$package]
} else {
$_binary_path = pick($binary_path, '/usr/local/bin/etcd')
- $service_require = User[$_user]
+ $service_require = User[$user]
}
systemd::unit_file { 'etcd.service':
- ensure => $_ensure,
+ ensure => $ensure,
content => epp('k8s/etcd.service.epp', {
binary_path => $_binary_path,
workdir_path => $storage_path,
- user => $_user,
+ user => $user,
}),
notify => Service['etcd'],
}
service { 'etcd':
- ensure => stdlib::ensure($_ensure, 'service'),
+ ensure => stdlib::ensure($ensure, 'service'),
enable => true,
require => $service_require,
subscribe => File['/etc/etcd/etcd.conf'],
diff --git a/spec/classes/k8s_spec.rb b/spec/classes/k8s_spec.rb
index 1473ccb..bd1bf48 100644
--- a/spec/classes/k8s_spec.rb
+++ b/spec/classes/k8s_spec.rb
@@ -10,7 +10,7 @@
it { is_expected.to compile }
- %w[node server].each do |role|
+ %w[node server etcd-replica].each do |role|
context "with role #{role}" do
let(:params) do
{
diff --git a/spec/classes/server/etcd_spec.rb b/spec/classes/server/etcd_spec.rb
index 59f3369..780916f 100644
--- a/spec/classes/server/etcd_spec.rb
+++ b/spec/classes/server/etcd_spec.rb
@@ -11,7 +11,7 @@
}
end
- context "with k8s included" do
+ context "with k8s included in server mode" do
let(:pre_condition) do
<<~PUPPET
function puppetdb_query(String[1] $data) {
@@ -61,7 +61,7 @@ class { '::k8s::server':
end
end
- context "without k8s included" do
+ context "with k8s included" do
let(:pre_condition) do
<<~PUPPET
function puppetdb_query(String[1] $data) {
@@ -75,6 +75,8 @@ class { '::k8s::server':
}
]
}
+
+ include ::k8s
PUPPET
end