我正在尝试在现有的单节点 kubernetes 集群上安装 calico(通过 kubeadm 安装)。两个清单是tigera 运营商和自定义资源如果我通过 kubectl 手动安装它,效果会很好:
kubectl -f apply tigera-operator.yaml
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/apiservers.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/imagesets.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/installations.operator.tigera.io created
customresourcedefinition.apiextensions.k8s.io/tigerastatuses.operator.tigera.io created
namespace/tigera-operator created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/tigera-operator created
serviceaccount/tigera-operator created
clusterrole.rbac.authorization.k8s.io/tigera-operator created
clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created
deployment.apps/tigera-operator created
当我尝试通过ansible kubernetes 模块(核心或社区,都是一样的),我收到以下错误:
fatal: [work-pve]: FAILED! => {"changed": false, "msg": "Failed to find exact match for operator.tigera.io/v1.Installation by [kind, name, singularName, shortNames]"}
清单当然是各种资源的混合体,长度超过 5k 行。我不确定如何解决这个问题,但我期待任何建议。我猜这个问题也发生在其他清单中,所以我不认为这是 calico 特有的问题。
ansible 任务是:
- name: apply manifest tigera-operator manifest
kubernetes.core.k8s:
src: "/tmp/tigera-operator.yaml"
state: present
kubeconfig: /etc/kubernetes/admin.conf
在主机上,我运行 ansible 4.4(apple m1,通过 brew 安装)。
在服务器上,我运行的是 Ubuntu 20.04.3。Pip
库:openshift(0.12.1)、kubernetes(12.0.1)。
答案1
最后我能够很轻松地解决这个问题。我需要将指令添加apply到任务中。所以现在它看起来像这样(我还添加了第二个相关任务):
- name: apply manifest tigera-operator manifest
kubernetes.core.k8s:
src: "/tmp/tigera-operator.yaml"
state: present
apply: yes
kubeconfig: /etc/kubernetes/admin.conf
- name: apply manifest Calico custom-resources
kubernetes.core.k8s:
src: "/tmp/custom-resources.yaml"
state: present
apply: yes
kubeconfig: /etc/kubernetes/admin.conf
参考: https://docs.ansible.com/ansible/latest/collections/community/kubernetes/k8s_module.html
apply 将所需的资源定义与先前提供的资源定义进行比较,忽略自动生成的属性,apply 比 'force=yes' 更适合服务