Rework inventory all by real groups' vars

* Leave all.yml to keep only optional vars * Store groups' specific vars by existing group names * Fix optional vars casted as mandatory (add default()) * Fix missing defaults for an optional IP var * Relink group_vars for terraform to reflect changes Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2026-03-02 09:18:55 -03:30 · 2016-12-27 16:39:00 +01:00
parent 8cbf3fe5f8
commit 712872efba
17 changed files with 263 additions and 201 deletions
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -16,7 +16,7 @@ stream {
        }

        server {
-            listen        127.0.0.1:{{ nginx_kube_apiserver_port }};
+            listen        127.0.0.1:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }};
            proxy_pass    kube_apiserver;
            proxy_timeout 10m;
            proxy_connect_timeout 1s;
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -17,6 +17,8 @@ common_required_pkgs:
 # GCE docker repository
 disable_ipv6_dns: false

+kube_cert_group: kube-cert
+kube_config_dir: /etc/kubernetes

 # For the openstack integration kubelet will need credentials to access
 # openstack apis like nova and cinder. Per default this values will be
@@ -27,9 +29,6 @@ openstack_password: "{{ lookup('env','OS_PASSWORD')  }}"
 openstack_region: "{{ lookup('env','OS_REGION_NAME')  }}"
 openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')|default(lookup('env','OS_PROJECT_ID'),true)  }}"

-# All clients access each node individually, instead of using a load balancer.
-etcd_multiaccess: true
-
 # Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
 # for hostnet pods and infra needs
 resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -20,8 +20,8 @@

 - set_fact:
    kube_apiserver_endpoint: |-
-      {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
-           https://localhost:{{ nginx_kube_apiserver_port }}
+      {% if not is_kube_master and loadbalancer_apiserver_localhost|default(false) -%}
+           https://localhost:{{ nginx_kube_apiserver_port|default(kube_apiserver_port) }}
      {%- elif is_kube_master and loadbalancer_apiserver is not defined -%}
           http://127.0.0.1:{{ kube_apiserver_insecure_port }}
      {%- else -%}
@@ -57,7 +57,7 @@
      {%- endfor %}

 - set_fact:
-    etcd_access_endpoint: "{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
+    etcd_access_endpoint: "{% if etcd_multiaccess|default(true) %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"

 - set_fact:
    etcd_member_name: |-
--- a/roles/kubernetes/secrets/defaults/main.yml
+++ b/roles/kubernetes/secrets/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+kube_cert_group: kube-cert