From 2117e8167d7425f5bcf6c5c0ede17b28135510b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <andreas@kruger.nu>
Date: Thu, 11 Oct 2018 15:28:21 +0200
Subject: [PATCH] Update pre-install verify settings with network checks and
 etc. (#3504)

* Update pre-install verify settings with network checks and etc.

* Remove upstream dns server check. It's bogus
---
 .../preinstall/tasks/0020-verify-settings.yml | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 84a80571d..9b16442fe 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -153,3 +153,52 @@
     - 'calico_version_on_server.stdout != ""'
     - inventory_hostname == groups['kube-master'][0]
   run_once: yes
+
+- name: "Check that kube_service_addresses is a network range"
+  assert:
+    that:
+      - kube_service_addresses | ipaddr
+    msg: "kube_service_addresses is not a valid network range"
+  run_once: yes
+
+- name: "Check that kube_pods_subnet is a network range"
+  assert:
+    that:
+      - kube_pods_subnet | ipaddr
+    msg: "kube_pods_subnet is not a valid network range"
+  run_once: yes
+
+- name: "Check that kube_pods_subnet does not collide with kube_service_addresses"
+  assert:
+    that:
+      - kube_pods_subnet | ipaddr(kube_service_addresses) | string == 'None'
+    msg: "kube_pods_subnet cannot be the same network segment as kube_service_addresses"
+  run_once: yes
+
+- name: Stop if unknown dns mode
+  assert:
+    that: dns_mode in ['dnsmasq_kubedns', 'kubedns', 'coredns', 'coredns_dual', 'manual', 'none']
+    msg: "dns_mode can only be 'dnsmasq_kubedns', 'kubedns', 'coredns', 'coredns_dual', 'manual' or 'none'"
+  when: dns_mode is defined
+  run_once: true
+
+- name: Stop if unknown kube proxy mode
+  assert:
+    that: kube_proxy_mode in ['iptables', 'ipvs']
+    msg: "kube_proxy_mode can only be 'iptables' or 'ipvs'"
+  when: kube_proxy_mode is defined
+  run_once: true
+
+- name: Stop if unknown cert_management
+  assert:
+    that: cert_management in ['script', 'vault']
+    msg: "cert_management can only be 'script' or 'vault'"
+  when: cert_management is defined
+  run_once: true
+
+- name: Stop if unknown resolvconf_mode
+  assert:
+    that: resolvconf_mode in ['docker_dns', 'host_resolvconf', 'none']
+    msg: "resolvconf_mode can only be 'docker_dns', 'host_resolvconf' or 'none'"
+  when: resolvconf_mode is defined
+  run_once: true
-- 
GitLab