C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
c12s-kubespray/roles/kubernetes-apps/ansible/tasks/main.yml

104 lines
3.2 KiB
YAML
Raw Normal View History

remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
---
Add wait for kube-apiserver to kubernetes-apps Fixes #777
2016-12-20 15:44:39 +00:00
- name: Kubernetes Apps | Wait for kube-apiserver
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
2017-02-17 21:22:34 +00:00
uri:
Support for disabling apiserver insecure port This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). Rework of #1937 with kubeadm support Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
2017-11-06 20:01:10 +00:00
url: "{{ kube_apiserver_endpoint }}/healthz"
validate_certs: no
client_cert: "{{ kube_apiserver_client_cert }}"
client_key: "{{ kube_apiserver_client_key }}"
Add wait for kube-apiserver to kubernetes-apps Fixes #777
2016-12-20 15:44:39 +00:00
register: result
until: result.status == 200
retries: 10
Move cluster roles and system namespace to new role This should be done after kubeconfig is set for admin and before network plugins are up.
2017-10-26 08:10:33 +00:00
delay: 2
Should only check for api-server running on the master. If this runs on other nodes, it will fail the playbook.
2017-01-17 21:57:34 +00:00
when: inventory_hostname == groups['kube-master'][0]
Add wait for kube-apiserver to kubernetes-apps Fixes #777
2016-12-20 15:44:39 +00:00
Upgrade to kubeadm (#1667) * Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 09:38:58 +00:00
- name: Kubernetes Apps | Delete old kubedns resources
kube:
name: "kubedns"
namespace: "{{ system_namespace }}"
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
kubectl: "{{ bin_dir }}/kubectl"
Upgrade to kubeadm (#1667) * Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 09:38:58 +00:00
resource: "{{ item }}"
state: absent
Add ability to use custom cert secret instead of init container provisioned self-signed certs
2017-11-13 19:59:31 +00:00
with_items:
- 'deploy'
- 'svc'
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- upgrade
Upgrade to kubeadm (#1667) * Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 09:38:58 +00:00
- name: Kubernetes Apps | Delete kubeadm kubedns
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
kube:
name: "kubedns"
namespace: "{{ system_namespace }}"
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
kubectl: "{{ bin_dir }}/kubectl"
kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml
2017-09-13 18:00:51 +00:00
resource: "deploy"
state: absent
when:
- kubeadm_enabled|default(false)
- kubeadm_init.changed|default(false)
- inventory_hostname == groups['kube-master'][0]
remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
- name: Kubernetes Apps | Lay Down KubeDNS Template
Cleanup legacy syntax, spacing, files all to yml Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
2017-02-17 21:22:34 +00:00
template:
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
with_items:
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
- { name: kube-dns, file: kubedns-sa.yml, type: sa }
- { name: kube-dns, file: kubedns-deploy.yml, type: deployment }
- { name: kube-dns, file: kubedns-svc.yml, type: svc }
- { name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa }
- { name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole }
- { name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
- { name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment }
remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
register: manifests
basic rbac support
2017-06-27 04:27:25 +00:00
when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
run netchecker-server with list pods
2017-07-17 11:28:09 +00:00
- rbac_enabled or item.type not in rbac_resources
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- dnsmasq
basic rbac support
2017-06-27 04:27:25 +00:00
only patch system:kube-dns role for old dns
2017-07-10 11:14:28 +00:00
# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
Revert "no need to patch system:kube-dns" This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-10 11:05:42 +00:00
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
command: >
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
{{ bin_dir }}/kubectl patch clusterrole system:kube-dns
Revert "no need to patch system:kube-dns" This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-10 11:05:42 +00:00
--patch='{
"rules": [
{
"apiGroups" : [""],
"resources" : ["endpoints", "services"],
"verbs": ["list", "watch", "get"]
}
]
}'
only patch system:kube-dns role for old dns
2017-07-10 11:14:28 +00:00
when:
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
- rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- dnsmasq
Revert "no need to patch system:kube-dns" This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-10 11:05:42 +00:00
remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
- name: Kubernetes Apps | Start Resources
kube:
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
name: "{{ item.item.name }}"
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 10:43:06 +00:00
namespace: "{{ system_namespace }}"
KubeDNS template should not suffix with .yml.j2
2018-02-05 08:26:54 +00:00
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
Fix non-rbac deployment of resources as a list (#1613) * Use kubectl apply instead of create/replace Disable checks for existing resources to speed up execution. * Fix non-rbac deployment of resources as a list * Fix autoscaler tolerations field * set all kube resources to state=latest * Update netchecker and weave
2017-09-05 05:23:12 +00:00
state: "latest"
remove dependency on kpm for kubedns
2016-09-01 17:01:15 +00:00
with_items: "{{ manifests.results }}"
Fix non-rbac deployment of resources as a list (#1613) * Use kubectl apply instead of create/replace Disable checks for existing resources to speed up execution. * Fix non-rbac deployment of resources as a list * Fix autoscaler tolerations field * set all kube resources to state=latest * Update netchecker and weave
2017-09-05 05:23:12 +00:00
when:
- dns_mode != 'none'
- inventory_hostname == groups['kube-master'][0]
- not item|skipped
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- dnsmasq
Add possibility to enable network policy via Calico network controller The requirements for network policy feature are described here [1]. In order to enable it, appropriate configuration must be provided to the CNI plug in and Calico policy controller must be set up. Beside that corresponding extensions needed to be enabled in k8s API. Now to turn on the feature user can define `enable_network_policy` customization variable for Ansible. [1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 14:09:50 +00:00
Add advanced net check for DNS K8s app * Add an option to deploy K8s app to test e2e network connectivity and cluster DNS resolve via Kubedns for nethost/simple pods (defaults to false). * Parametrize existing k8s apps templates with kube_namespace and kube_config_dir instead of hardcode. * For CoreOS, ensure nameservers from inventory to be put in the first place to allow hostnet pods connectivity via short names or FQDN and hostnet agents to pass as well, if netchecker deployed. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 15:23:47 +00:00
- name: Kubernetes Apps | Netchecker
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
2018-01-29 11:37:48 +00:00
import_tasks: tasks/netchecker.yml
Add advanced net check for DNS K8s app * Add an option to deploy K8s app to test e2e network connectivity and cluster DNS resolve via Kubedns for nethost/simple pods (defaults to false). * Parametrize existing k8s apps templates with kube_namespace and kube_config_dir instead of hardcode. * For CoreOS, ensure nameservers from inventory to be put in the first place to allow hostnet pods connectivity via short names or FQDN and hostnet agents to pass as well, if netchecker deployed. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 15:23:47 +00:00
when: deploy_netchecker
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- netchecker
Add kube dashboard, enabled by default (#1643) * Add kube dashboard, enabled by default Also add rbac role for kube user * Update main.yml
2017-09-09 20:38:03 +00:00
- name: Kubernetes Apps | Dashboard
Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.
2018-01-29 11:37:48 +00:00
import_tasks: tasks/dashboard.yml
Add kube dashboard, enabled by default (#1643) * Add kube dashboard, enabled by default Also add rbac role for kube user * Update main.yml
2017-09-09 20:38:03 +00:00
when: dashboard_enabled
Normalize tags in all places to prepare for tag fixing in future (#1739)
2017-10-05 07:43:04 +00:00
tags:
- dashboard
Reference in a new issue Copy permalink