Download MetalLB CRDs for respective versions (#225)

* Download MetalLB CRDs for respective versions This ensures that the CRDs match the actual MetalLB controller version, as given by the user. * Download VIP RBAC definitions for respective version
2023-02-07 05:24:02 +01:00 · 2023-02-07 05:24:02 +01:00 · 10c6ef1d57
commit 10c6ef1d57
parent ed4d888e3d
5 changed files with 18 additions and 1850 deletions
--- a/roles/k3s/master/tasks/metallb.yml
+++ b/roles/k3s/master/tasks/metallb.yml
@ -8,20 +8,23 @@
    mode: 0644
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
- name: Copy metallb namespace to first master
+- name: Download metallb manifest to first master
-  template:
+  ansible.builtin.get_url:
-    src: "metallb.namespace.j2"
+    url: "https://raw.githubusercontent.com/metallb/metallb/{{ metal_lb_controller_tag_version }}/config/manifests/metallb-native.yaml"  # noqa yaml[line-length]
    dest: "/var/lib/rancher/k3s/server/manifests/metallb-namespace.yaml"
    owner: root
    group: root
    mode: 0644
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
 - name: Copy metallb manifest to first master
  template:
    src: "metallb.crds.j2"
    dest: "/var/lib/rancher/k3s/server/manifests/metallb-crds.yaml"
    owner: root
    group: root
    mode: 0644
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
 - name: Set image versions for metallb manifest
  ansible.builtin.replace:
    path: "/var/lib/rancher/k3s/server/manifests/metallb-crds.yaml"
    regexp: "{{ item.change | ansible.builtin.regex_escape }}"
    replace: "{{ item.to }}"
  with_items:
    - change: "metallb/speaker:{{ metal_lb_controller_tag_version }}"
      to: "metallb/speaker:{{ metal_lb_speaker_tag_version }}"
  loop_control:
    label: "{{ item.change }} => {{ item.to }}"
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
--- a/roles/k3s/master/tasks/vip.yml
+++ b/roles/k3s/master/tasks/vip.yml
@ -8,9 +8,9 @@
    mode: 0644
  when: ansible_hostname == hostvars[groups['master'][0]]['ansible_hostname']
- name: Copy vip rbac manifest to first master
+- name: Download vip rbac manifest to first master
-  template:
+  ansible.builtin.get_url:
-    src: "vip.rbac.yaml.j2"
+    url: "https://raw.githubusercontent.com/kube-vip/kube-vip/{{ kube_vip_tag_version }}/docs/manifests/rbac.yaml"
    dest: "/var/lib/rancher/k3s/server/manifests/vip-rbac.yaml"
    owner: root
    group: root
--- a/roles/k3s/master/templates/metallb.crds.j2
+++ b/roles/k3s/master/templates/metallb.crds.j2
--- a/roles/k3s/master/templates/metallb.namespace.j2
+++ b/roles/k3s/master/templates/metallb.namespace.j2
@ -1,6 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: metallb-system
  labels:
    app: metallb
--- a/roles/k3s/master/templates/vip.rbac.yaml.j2
+++ b/roles/k3s/master/templates/vip.rbac.yaml.j2
@ -1,32 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: kube-vip
  namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  name: system:kube-vip-role
 rules:
  - apiGroups: [""]
    resources: ["services", "services/status", "nodes", "endpoints"]
    verbs: ["list","get","watch", "update"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["list", "get", "watch", "update", "create"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: system:kube-vip-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-vip-role
 subjects:
 - kind: ServiceAccount
  name: kube-vip
  namespace: kube-system