我正在嘗試在現有的單節點 kubernetes 叢集上安裝 calico(透過 kubeadm 安裝)。這兩份清單是Tigera 操作員和自訂資源。如果我透過 kubectl 手動安裝它,效果很好:
kubectl -f apply tigera-operator.yaml
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/apiservers.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/imagesets.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/installations.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/tigerastatuses.operator.tigera.io created
namespace/tigera-operator created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/tigera-operator created
serviceaccount/tigera-operator created
clusterrole.rbac.authorization.k8s.io/tigera-operator created
clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created
deployment.apps/tigera-operator created
當我嘗試通過安裝它時ansible kubernetes 模組(核心或社區,是一樣的),我收到以下錯誤:
fatal: [work-pve]: FAILED! => {"changed": false, "msg": "Failed to find exact match for operator.tigera.io/v1.Installation by [kind, name, singularName, shortNames]"}
當然,清單是各種資源的混合體,長度超過 5k 行。我不確定如何解決這個問題,但我期待任何建議。我猜測其他清單也會出現此問題,因此我認為這不是 calico 特定的問題。
ansible的任務是:
- name: apply manifest tigera-operator manifest
kubernetes.core.k8s:
src: "/tmp/tigera-operator.yaml"
state: present
kubeconfig: /etc/kubernetes/admin.conf
在主機上我執行ansible 4.4(apple m1,透過brew安裝)。
在伺服器上我運行的是 Ubuntu 20.04.3。
Pip 函式庫:openshift (0.12.1)、kubernetes (12.0.1)。
答案1
我最終很容易地解決了這個問題。我需要將apply指令加入任務。所以現在看起來像這樣(我還添加了第二個相關任務):
- name: apply manifest tigera-operator manifest
kubernetes.core.k8s:
src: "/tmp/tigera-operator.yaml"
state: present
apply: yes
kubeconfig: /etc/kubernetes/admin.conf
- name: apply manifest Calico custom-resources
kubernetes.core.k8s:
src: "/tmp/custom-resources.yaml"
state: present
apply: yes
kubeconfig: /etc/kubernetes/admin.conf
參考: https://docs.ansible.com/ansible/latest/collections/community/kubernetes/k8s_module.html
apply 將所需的資源定義與先前提供的資源定義進行比較,忽略自動產生的屬性 apply 與服務一起使用比「force=yes」效果更好