Cleanup the kata setup role

This adds a modprobe for vhost_net to ensure it is present for kata.
Also we will remove the explicit docker install as .ci/setup.sh should
do it for us now.

Allow k8s cluster-cidr range to talk to port 6443 (k8s api server).

Change-Id: Ic1c13e9635e00bcdd096c48c8a7983ccc19bfbda
This commit is contained in:
Clark Boylan 2018-06-22 18:02:59 -07:00
parent 7fa875d100
commit 7bfe80df73
2 changed files with 21 additions and 0 deletions

View File

@ -6,6 +6,18 @@
- "setup/{{ ansible_os_family }}.yaml"
- "setup/default.yaml"
- name: Allow k8s cluster range to talk to k8s api
iptables:
state: present
action: insert
chain: INPUT
ip_version: ipv4
protocol: tcp
source: "10.244.0.0/16"
destination_port: 6443
jump: ACCEPT
become: yes
- name: Run kata setup.sh
args:
executable: /bin/bash

View File

@ -45,3 +45,12 @@
name: docker-ce
state: present
become: yes
# TODO why isn't this necessary on Ubuntu?
- name: Ensure vhost and vhost_net modules are present as kata checks for these
args:
executable: /bin/bash
shell: |
set -x
modprobe vhost_net
become: yes