c12s-kubespray/roles/download/defaults/main.yml

814 lines
30 KiB
YAML
Raw Normal View History

2015-12-31 13:07:02 +00:00
---
local_release_dir: /tmp/releases
Added file and container image caching (#4828) * File and container image downloads are now cached localy, so that repeated vagrant up/down runs do not trigger downloading of those files. This is especially useful on laptops with kubernetes runnig locally on vm's. The total size of the cache, after an ansible run, is currently around 800MB, so bandwidth (=time) savings can be quite significant. * When download_run_once is false, the default is still not to cache, but setting download_force_cache will still enable caching. * The local cache location can be set with download_cache_dir and defaults to /tmp/kubernetes_cache * A local docker instance is no longer required to cache docker images; Images are cached to file. A local docker instance is still required, though, if you wish to download images on localhost. * Fixed a FIXME, wher the argument was that delegate_to doesn't play nice with omit. That is a correct observation and the fix is to use default(inventory_host) instead of default(omit). See ansible/ansible#26009 * Removed "Register docker images info" task from download_container and set_docker_image_facts because it was faulty and unused. * Removed redundant when:download.{container,enabled,run_once} conditions from {sync,download}_container.yml * All features of commit d6fd0d2acaec9f53e75d82db30411f96a5bf2cc9 by Timoses <timosesu@gmail.com>, merged May 1st 2019, are included in this patch. Not all code was included verbatim, but each feature of that commit was checked to be working in this patch. One notable change: The actual downloading of the kubeadm images was moved to {download,sync)_container, to enable caching. Note 1: I considered splitting this patch, but most changes that are not directly related to caching, are a pleasant by-product of implementing the caching code, so splitting would be impractical. Note 2: I have my doubts about the usefulness of the upload, download and upgrade tags in the download role. Must they remain or can they be removed? If anybody knows, then please speak up.
2019-06-10 18:21:07 +00:00
download_cache_dir: /tmp/kubespray_cache
# do not delete remote cache files after using them
# NOTE: Setting this parameter to TRUE is only really useful when developing kubespray
download_keep_remote_cache: false
# Only useful when download_run_once is false: Localy cached files and images are
# uploaded to kubernetes nodes. Also, images downloaded on those nodes are copied
# back to the ansible runner's cache, if they are not yet preset.
download_force_cache: false
2015-12-31 13:07:02 +00:00
# Used to only evaluate vars from download role
skip_downloads: false
# Optionally skip kubeadm images download
skip_kubeadm_images: false
kubeadm_images: {}
# if this is set to true will only download files once. Doesn't work
# on Container Linux by CoreOS unless the download_localhost is true and localhost
# is running another OS type. Default compress level is 1 (fastest).
download_run_once: False
download_compress: 1
# if this is set to true will download container
download_container: True
# if this is set to true, uses the localhost for download_run_once mode
# (requires docker and sudo to access docker). You may want this option for
# local caching of docker images or for Container Linux by CoreOS cluster nodes.
# Otherwise, uses the first node in the kube-master group to store images
# in the download_run_once mode.
download_localhost: False
# Always pull images if set to True. Otherwise check by the repo's tag/digest.
download_always_pull: False
# Some problems may occur when downloading files over https proxy due to ansible bug
# https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
# SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
download_validate_certs: True
# Use the first kube-master if download_localhost is not set
download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}"
# Arch of Docker images and needed packages
2018-08-20 14:07:27 +00:00
image_arch: "{{host_architecture | default('amd64')}}"
# Versions
kube_version: v1.16.0
kubeadm_version: "{{ kube_version }}"
etcd_version: v3.3.10
# gcr and kubernetes image repo define
gcr_image_repo: "gcr.io"
kube_image_repo: "{{ gcr_image_repo }}/google-containers"
# docker image repo define
docker_image_repo: "docker.io"
# quay image repo define
quay_image_repo: "quay.io"
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v3.7.3"
calico_ctl_version: "v3.7.3"
calico_cni_version: "v3.7.3"
calico_policy_version: "v3.7.3"
calico_rr_version: "v0.6.1"
calico_typha_version: "v3.7.3"
flannel_version: "v0.11.0"
2017-10-26 09:18:06 +00:00
flannel_cni_version: "v0.3.0"
cni_version: "v0.8.1"
2019-07-15 07:57:06 +00:00
weave_version: 2.5.2
2018-09-06 06:15:51 +00:00
pod_infra_version: 3.1
2018-09-17 14:45:05 +00:00
contiv_version: 1.2.1
cilium_version: "v1.5.5"
2019-07-31 03:10:20 +00:00
kube_ovn_version: "v0.6.0"
2019-04-09 10:37:04 +00:00
kube_router_version: "v0.2.5"
2019-08-09 06:05:25 +00:00
multus_version: "v3.2.1"
crictl_version: "v1.16.0"
2015-12-31 15:05:25 +00:00
# Download URLs
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm"
hyperkube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/{{ image_arch }}/hyperkube"
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
crictl_checksums:
arm:
v1.16.0: 331c49bd9196009b8230f7a36ec272924a7bcf4c1614ecddf0eb9598c787da0e
2019-07-30 19:04:09 +00:00
v1.15.0: f31f8c3b4791608a48d030d1aa1a694a73849ae057b23a90ce4ef17e5afde9e8
v1.14.0: 9910cecfd6558239ba015323066c7233d8371af359b9ddd0b2a35d5223bcf945
arm64:
v1.16.0: aa118c31d6f6fd2d24bb2de4a33598a14a5952e1d01f93d5c3267c2b5334743b
2019-07-30 19:04:09 +00:00
v1.15.0: 785c3da7e058f6fd00b0a48de24b9199eb6bae940d13f509c44ea6dd7ad9ffcd
v1.14.0: f76b3d00a272c8d210e9a45f77d07d3770bee310d99c4fd9a72d6f55278882e5
amd64:
v1.16.0: a3eefa10a483c643ad85aee3d7832a720976ef7e80dde46b212eaaacd7d09512
2019-07-30 19:04:09 +00:00
v1.15.0: c3b71be1f363e16078b51334967348aab4f72f46ef64a61fe7754e029779d45a
v1.14.0: 483c90a9fe679590df4332ba807991c49232e8cd326c307c575ecef7fe22327b
2015-12-31 15:05:25 +00:00
# Checksums
hyperkube_checksums:
arm:
v1.16.0: 4f2e4ffcf7b7f40c70c637c7be9dd51cd1ee29763696011149f315e90339330b
2019-10-16 11:33:41 +00:00
v1.15.4: 480f2428a18875bce1deb24e6e3ef39a5f29f6cd7b8b02c93b6e6c3ee27e896e
2019-08-20 09:05:32 +00:00
v1.15.3: 100d8bddb29e77397b90e6dfbcf0af2d901a90ea4bde90b83b5a39f394c3900b
v1.15.2: eeaa8e071541c7bcaa186ff1d2919d076b27ef70c9e9df70f910756eba55dc99
v1.15.1: fc5af96fd9341776d84c38675be7b8045dee20af327af9331972c422a4109918
v1.15.0: d923c781031bfd97d0fbe50311e4d7c3616aa5b6d466b99049931f09d73d07b9
arm64:
v1.16.0: 0431fff5b32042369a3f233afb7b3adcda7ae5446f31700819ed986f3624bc69
2019-10-16 11:33:41 +00:00
v1.15.4: febe35c7390119b08073b6b348e5934ba308e4b3197638b94d16bcc0b37dedb4
2019-08-20 09:05:32 +00:00
v1.15.3: 1e3e70b8d1e8ebc642f2801d9c7938a27764dfb2f5aea432ab4326d43c04a1f5
v1.15.2: c4cf69f52c7013faee9d54e0f376e0732a4a7b0f7ffc7241e9b7e28bad0ac77f
v1.15.1: 80ed372c5f6c5178df88616175310057c06bdc9d0905953814a1927eb3aaa657
v1.15.0: 824af7d925b87a5ade63575b98b59ee81005fc76eac1dc399602308d7a60bc3c
amd64:
v1.16.0: 00b54ca779db1749ed714b19bb2b9a0333b39048af134f9199e4a5441c1b8324
2019-10-16 11:33:41 +00:00
v1.15.4: 7b8d6a151cde98a22c4fbc9d93e2fe29a13fc1a3d97d84904682488fc34453f1
2019-08-20 09:05:32 +00:00
v1.15.3: 3685c65b4fb85d552f77346900affc2e9a1bc997b4cd3dde0e705fd8c1d9be7a
v1.15.2: ab885606438748eb89a7738e219f5353d94c40c63a4935a539ce89760280f065
v1.15.1: 22b7b1e7f5f2a452d62e0ca4c2cba67119c51e04219aaeaf8452825f9177069e
v1.15.0: 3cc72cc58517b97c608c7a59a20255675bc70f07217c9e11e58cac7746139283
kubeadm_checksums:
arm:
v1.16.0: 6c666958e11b7d4513adecb3107c885c98bdc79f38d369c9f80eaaeae4ddfe66
2019-10-16 11:33:41 +00:00
v1.15.4: 69984698052f1563fd44d78e1a68e140a552df7ed57ccd9c83bdfd82bc6103dd
2019-08-20 09:05:32 +00:00
v1.15.3: 6c6fa56810908b5be83882094ea199844edc94b7e969160623c86512d9251c06
v1.15.2: 4b35ad0031c08a83de7c8d9f9bbed6a30d93a5c74e16ea9e6211ad2e0e12bdd1
v1.15.1: 855abd520291dcef0577a1a2ef87a70f522fd2b22603a12abcd86c2f7ec9c022
v1.15.0: 9464030a1d4e101de5f47348f3514d5a9eb95cbce2e5e31f53ada1ca485cf75e
arm64:
v1.16.0: 9a1d21bfb6bd15697ac010665e5917a5364b340d5b60f2f0302c179d75da0f3f
2019-10-16 11:33:41 +00:00
v1.15.4: df6747066627f8d803033c20e1161c0cd68f3e8ffd72a972f1cfc4221c67c6e9
2019-08-20 09:05:32 +00:00
v1.15.3: 6f472bc8ab1ba3d76448bd45b200edef96741e5affde8dc1429300af3a4904d8
v1.15.2: d3b6ee2048b366726ca366d2db4c46b2cacc38e8ec09cc35781d16593753d930
v1.15.1: 44fbfad0f1026d249fc4f365f1e9562cd52d75360d4d1032731122ba5a4d57dc
v1.15.0: fe3c79070814fe847a23209b1027672fe5c5e7e5c9611e329225058926836f96
amd64:
v1.16.0: 18f30d65fb05148c73cc07c77a83f4a2427379af493ca9f60eda42239409e7ef
2019-10-16 11:33:41 +00:00
v1.15.4: 3acf748ec5d69f316da85fb1e75945afb028f1e207ecb0b5986e23932c040194
2019-08-20 09:05:32 +00:00
v1.15.3: ec56a00bc8d9ec4ac2b081a3b2127d8593daf3b2c86560cf9e6cba5ada2d5a80
v1.15.2: fe2a13a1dea73249560ea44ab54c0359a9722e9c66832f6bcad86798438cba2f
v1.15.1: 3d42441ae177826f1181e559cd2a729464ca8efadef196cfa0e8053a615333b5
v1.15.0: fc4aa44b96dc143d7c3062124e25fed671cab884ebb8b2446edd10abb45e88c2
etcd_binary_checksums:
# Etcd does not have arm32 builds at the moment, having some dummy value is
# required to avoid "no attribute" error
arm: 0
arm64: 5ec97b0b872adce275b8130d19db314f7f2b803aeb24c4aae17a19e2d66853c4
amd64: 1620a59150ec0a0124a65540e23891243feb2d9a628092fb1edcc23974724a45
cni_binary_checksums:
arm: ae6ddbd87c05a79aceb92e1c8c32d11e302f6fc55045f87f6a3ea7e0268b2fda
arm64: acde854e3def3c776c532ae521c19d8784534918cc56449ff16945a2909bff6d
amd64: e9bfc78acd3ae71be77eb8f3e890cc9078a33cc3797703b8ff2fc3077a232252
calicoctl_binary_checksums:
arm:
v3.6.1: 0
v3.5.4: 0
v3.4.4: 0
v3.7.3: 0
amd64:
v3.6.1: 3b01336de37550e020343d62a38c96c4605d33a3ed7ddba2fe38bc172a5b42b5
v3.5.4: 197194b838cc2a9a7455c2ebd5505a5e24f8f3d994eb75c17f5dd568944100b8
v3.4.4: 93bd084e053cf1bf3b7fef369677bd6767c30fe7135e2c7e044e31693422ef61
v3.7.3: 932f68e893e80e95e10f064f1e7745e438d456f41a6ff12d11bb16ca0cab735c
arm64:
v3.6.1: 60fbaeb257061647bdf12b5ede7a0d4298a5ee216f6472e5a92bb14ef5c2a5d3
v3.5.4: a4481178665658658a73e4ceca9a1dff5cccded4179615c91d1c3e49fd96f237
v3.4.4: ff35d9e8b5c00e9fe47d05e8f5123ec98fd641370f8cd93f4fbb3d913da77ab6
v3.7.3: 7cfaab25c287f7ef93b2682d060b55bf39f76b668540de50376b5ed174209832
etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
hyperkube_binary_checksum: "{{ hyperkube_checksums[image_arch][kube_version] }}"
kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kubeadm_version] }}"
calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}"
crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
# Containers
# In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
# it helps a lot for local private development or bare metal environment.
# So you need define --registry-mirror or --insecure-registry, and modify the following url address.
# example:
# You need to deploy kubernetes cluster on local private development.
# Also provide the address of your own private registry.
# And use --insecure-registry options for docker
etcd_image_repo: "{{ quay_image_repo }}/coreos/etcd"
2018-08-20 14:07:27 +00:00
etcd_image_tag: "{{ etcd_version }}{%- if image_arch != 'amd64' -%}-{{ image_arch }}{%- endif -%}"
flannel_image_repo: "{{ quay_image_repo }}/coreos/flannel"
flannel_image_tag: "{{ flannel_version }}"
flannel_cni_image_repo: "{{ quay_image_repo }}/coreos/flannel-cni"
flannel_cni_image_tag: "{{ flannel_cni_version }}"
calico_node_image_repo: "{{ docker_image_repo }}/calico/node"
2019-04-04 08:20:49 +00:00
calico_node_image_tag: "{{ calico_version }}"
calico_cni_image_repo: "{{ docker_image_repo }}/calico/cni"
2019-04-04 08:20:49 +00:00
calico_cni_image_tag: "{{ calico_cni_version }}"
calico_policy_image_repo: "{{ docker_image_repo }}/calico/kube-controllers"
2019-04-04 08:20:49 +00:00
calico_policy_image_tag: "{{ calico_policy_version }}"
calico_rr_image_repo: "{{ docker_image_repo }}/calico/routereflector"
2019-04-04 08:20:49 +00:00
calico_rr_image_tag: "{{ calico_rr_version }}"
calico_typha_image_repo: "{{ docker_image_repo }}/calico/typha"
calico_typha_image_tag: "{{ calico_typha_version }}"
pod_infra_image_repo: "{{ gcr_image_repo }}/google_containers/pause-{{ image_arch }}"
pod_infra_image_tag: "{{ pod_infra_version }}"
install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat"
install_socat_image_tag: "latest"
netcheck_version: "v1.0"
netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent"
netcheck_agent_image_tag: "{{ netcheck_version }}"
netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server"
netcheck_server_image_tag: "{{ netcheck_version }}"
weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube"
2017-01-10 14:47:39 +00:00
weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc"
2017-01-10 14:47:39 +00:00
weave_npc_image_tag: "{{ weave_version }}"
contiv_image_repo: "{{ docker_image_repo }}/contiv/netplugin"
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
contiv_image_tag: "{{ contiv_version }}"
contiv_init_image_repo: "{{ docker_image_repo }}/contiv/netplugin-init"
2018-09-17 14:45:05 +00:00
contiv_init_image_tag: "latest"
contiv_auth_proxy_image_repo: "{{ docker_image_repo }}/contiv/auth_proxy"
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
contiv_auth_proxy_image_tag: "{{ contiv_version }}"
contiv_etcd_init_image_repo: "{{ docker_image_repo }}/ferest/etcd-initer"
contiv_etcd_init_image_tag: latest
contiv_ovs_image_repo: "{{ docker_image_repo }}/contiv/ovs"
2018-09-17 14:45:05 +00:00
contiv_ovs_image_tag: "latest"
cilium_image_repo: "{{ docker_image_repo }}/cilium/cilium"
cilium_image_tag: "{{ cilium_version }}"
cilium_init_image_repo: "{{ docker_image_repo }}/cilium/cilium-init"
cilium_init_image_tag: "2019-04-05"
cilium_operator_image_repo: "{{ docker_image_repo }}/cilium/operator"
cilium_operator_image_tag: "{{ cilium_version }}"
kube_ovn_db_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-db"
kube_ovn_node_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-node"
kube_ovn_cni_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-cni"
kube_ovn_controller_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-controller"
2019-07-31 03:10:20 +00:00
kube_ovn_db_image_tag: "{{ kube_ovn_version }}"
kube_ovn_node_image_tag: "{{ kube_ovn_version }}"
kube_ovn_controller_image_tag: "{{ kube_ovn_version }}"
kube_ovn_cni_image_tag: "{{ kube_ovn_version }}"
kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router"
kube_router_image_tag: "{{ kube_router_version }}"
multus_image_repo: "{{ docker_image_repo }}/nfvpe/multus"
multus_image_tag: "{{ multus_version }}"
nginx_image_repo: "{{ docker_image_repo }}/library/nginx"
nginx_image_tag: 1.15
2018-08-21 15:53:23 +00:00
haproxy_image_repo: "{{ docker_image_repo }}/library/haproxy"
haproxy_image_tag: 1.9
2019-07-31 01:58:21 +00:00
coredns_version: "1.6.0"
coredns_image_repo: "{{ docker_image_repo }}/coredns/coredns"
coredns_image_tag: "{{ coredns_version }}"
2018-08-21 15:53:23 +00:00
2019-09-23 03:13:22 +00:00
nodelocaldns_version: "1.15.5"
nodelocaldns_image_repo: "{{ kube_image_repo }}/k8s-dns-node-cache"
nodelocaldns_image_tag: "{{ nodelocaldns_version }}"
dnsautoscaler_version: 1.6.0
dnsautoscaler_image_repo: "{{ kube_image_repo }}/cluster-proportional-autoscaler-{{ image_arch }}"
dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
test_image_repo: "{{ docker_image_repo }}/library/busybox"
test_image_tag: latest
busybox_image_repo: "{{ docker_image_repo }}/library/busybox"
busybox_image_tag: 1.29.2
helm_version: "v2.14.3"
helm_image_repo: "{{ docker_image_repo }}/lachlanevenson/k8s-helm"
2017-03-17 11:56:25 +00:00
helm_image_tag: "{{ helm_version }}"
tiller_image_repo: "{{ gcr_image_repo }}/kubernetes-helm/tiller"
tiller_image_tag: "{{ helm_version }}"
registry_image_repo: "{{ docker_image_repo }}/library/registry"
registry_image_tag: "2.6"
registry_proxy_image_repo: "{{ gcr_image_repo }}/google_containers/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
metrics_server_version: "v0.3.3"
metrics_server_image_repo: "{{ gcr_image_repo }}/google_containers/metrics-server-amd64"
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/local-volume-provisioner"
local_volume_provisioner_image_tag: "v2.3.2"
cephfs_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/cephfs-provisioner"
cephfs_provisioner_image_tag: "v2.1.0-k8s1.11"
rbd_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/rbd-provisioner"
rbd_provisioner_image_tag: "v2.1.1-k8s1.11"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "v0.0.2"
ingress_nginx_controller_image_repo: "{{ quay_image_repo }}/kubernetes-ingress-controller/nginx-ingress-controller"
ingress_nginx_controller_image_tag: "0.25.1"
2019-10-16 11:21:40 +00:00
cert_manager_version: "v0.11.0"
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
addon_resizer_version: "1.8.3"
addon_resizer_image_repo: "{{ kube_image_repo }}/addon-resizer"
addon_resizer_image_tag: "{{ addon_resizer_version }}"
2017-03-17 11:56:25 +00:00
dashboard_image_repo: "{{ gcr_image_repo }}/google_containers/kubernetes-dashboard-{{ image_arch }}"
dashboard_image_tag: "v1.10.1"
image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f \"{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (index .RepoTags 0) {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (index .RepoDigests 0) {{ '}}' }}{{ '{{' }} end {{ '}}' }}\" | tr '\n' ','"
2015-12-31 15:05:25 +00:00
downloads:
netcheck_server:
enabled: "{{ deploy_netchecker }}"
container: true
repo: "{{ netcheck_server_image_repo }}"
tag: "{{ netcheck_server_image_tag }}"
sha256: "{{ netcheck_server_digest_checksum|default(None) }}"
groups:
- k8s-cluster
netcheck_agent:
enabled: "{{ deploy_netchecker }}"
container: true
repo: "{{ netcheck_agent_image_repo }}"
tag: "{{ netcheck_agent_image_tag }}"
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
groups:
- k8s-cluster
etcd:
container: "{{ etcd_deployment_type != 'host' }}"
file: "{{ etcd_deployment_type == 'host' or etcd_kubeadm_enabled }}"
enabled: true
2018-07-30 09:55:25 +00:00
version: "{{ etcd_version }}"
dest: "{{local_release_dir}}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
repo: "{{ etcd_image_repo }}"
tag: "{{ etcd_image_tag }}"
sha256: >-
{{ etcd_binary_checksum if (etcd_deployment_type == 'host' or etcd_kubeadm_enabled)
else etcd_digest_checksum|d(None) }}
2018-07-30 09:55:25 +00:00
url: "{{ etcd_download_url }}"
unarchive: true
owner: "root"
mode: "0755"
groups:
- etcd
cni:
enabled: true
file: true
version: "{{ cni_version }}"
dest: "{{local_release_dir}}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
sha256: "{{ cni_binary_checksum }}"
url: "{{ cni_download_url }}"
unarchive: false
owner: "root"
mode: "0755"
groups:
- k8s-cluster
kubeadm:
enabled: true
file: true
version: "{{ kubeadm_version }}"
dest: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
sha256: "{{ kubeadm_binary_checksum }}"
url: "{{ kubeadm_download_url }}"
unarchive: false
owner: "root"
mode: "0755"
groups:
- k8s-cluster
2018-07-30 09:55:25 +00:00
hyperkube_file:
enabled: true
file: true
version: "{{ kube_version }}"
dest: "{{ local_release_dir }}/hyperkube-{{ kube_version }}-{{ image_arch }}"
sha256: "{{ hyperkube_binary_checksum }}"
2018-07-30 09:55:25 +00:00
url: "{{ hyperkube_download_url }}"
unarchive: false
owner: "root"
mode: "0755"
groups:
- k8s-cluster
crictl:
file: true
enabled: "{{ container_manager in ['crio', 'cri', 'containerd'] }}"
version: "{{ crictl_version }}"
dest: "{{local_release_dir}}/crictl-{{ crictl_version }}-linux-{{ image_arch }}.tar.gz"
sha256: "{{ crictl_binary_checksum }}"
url: "{{ crictl_download_url }}"
unarchive: true
owner: "root"
mode: "0755"
groups:
- k8s-cluster
cilium:
enabled: "{{ kube_network_plugin == 'cilium' }}"
container: true
repo: "{{ cilium_image_repo }}"
tag: "{{ cilium_image_tag }}"
sha256: "{{ cilium_digest_checksum|default(None) }}"
groups:
- k8s-cluster
cilium_init:
enabled: "{{ kube_network_plugin == 'cilium' }}"
container: true
repo: "{{ cilium_init_image_repo }}"
tag: "{{ cilium_init_image_tag }}"
sha256: "{{ cilium_init_digest_checksum|default(None) }}"
groups:
- k8s-cluster
cilium_operator:
enabled: "{{ kube_network_plugin == 'cilium' }}"
container: true
repo: "{{ cilium_operator_image_repo }}"
tag: "{{ cilium_operator_image_tag }}"
sha256: "{{ cilium_operator_digest_checksum|default(None) }}"
groups:
- k8s-cluster
multus:
enabled: "{{ kube_network_plugin_multus }}"
container: true
repo: "{{ multus_image_repo }}"
tag: "{{ multus_image_tag }}"
sha256: "{{ multus_digest_checksum|default(None) }}"
groups:
- k8s-cluster
flannel:
enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
container: true
repo: "{{ flannel_image_repo }}"
tag: "{{ flannel_image_tag }}"
sha256: "{{ flannel_digest_checksum|default(None) }}"
groups:
- k8s-cluster
flannel_cni:
enabled: "{{ kube_network_plugin == 'flannel' }}"
container: true
repo: "{{ flannel_cni_image_repo }}"
tag: "{{ flannel_cni_image_tag }}"
sha256: "{{ flannel_cni_digest_checksum|default(None) }}"
groups:
- k8s-cluster
calicoctl:
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
file: true
version: "{{ calico_ctl_version }}"
dest: "{{local_release_dir}}/calicoctl"
sha256: "{{ calicoctl_binary_checksum }}"
url: "{{ calicoctl_download_url }}"
unarchive: false
owner: "root"
mode: "0755"
groups:
- k8s-cluster
calico_node:
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
container: true
repo: "{{ calico_node_image_repo }}"
tag: "{{ calico_node_image_tag }}"
sha256: "{{ calico_node_digest_checksum|default(None) }}"
groups:
- k8s-cluster
calico_cni:
enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
container: true
repo: "{{ calico_cni_image_repo }}"
tag: "{{ calico_cni_image_tag }}"
sha256: "{{ calico_cni_digest_checksum|default(None) }}"
groups:
- k8s-cluster
calico_policy:
enabled: "{{ enable_network_policy or kube_network_plugin == 'canal' }}"
container: true
repo: "{{ calico_policy_image_repo }}"
tag: "{{ calico_policy_image_tag }}"
sha256: "{{ calico_policy_digest_checksum|default(None) }}"
groups:
- k8s-cluster
calico_rr:
2018-03-08 09:04:16 +00:00
enabled: "{{ peer_with_calico_rr is defined and peer_with_calico_rr and kube_network_plugin == 'calico' }}"
container: true
repo: "{{ calico_rr_image_repo }}"
tag: "{{ calico_rr_image_tag }}"
sha256: "{{ calico_rr_digest_checksum|default(None) }}"
groups:
- calico-rr
calico_typha:
enabled: "{{ typha_enabled == 'calico' }}"
container: true
repo: "{{ calico_typha_image_repo }}"
tag: "{{ calico_typha_image_tag }}"
sha256: "{{ calico_typha_digest_checksum|default(None) }}"
groups:
- k8s-cluster
2017-01-10 14:47:39 +00:00
weave_kube:
enabled: "{{ kube_network_plugin == 'weave' }}"
2017-01-10 14:47:39 +00:00
container: true
repo: "{{ weave_kube_image_repo }}"
tag: "{{ weave_kube_image_tag }}"
sha256: "{{ weave_kube_digest_checksum|default(None) }}"
groups:
- k8s-cluster
2017-01-10 14:47:39 +00:00
weave_npc:
enabled: "{{ kube_network_plugin == 'weave' }}"
2017-01-10 14:47:39 +00:00
container: true
repo: "{{ weave_npc_image_repo }}"
tag: "{{ weave_npc_image_tag }}"
sha256: "{{ weave_npc_digest_checksum|default(None) }}"
groups:
- k8s-cluster
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
contiv:
enabled: "{{ kube_network_plugin == 'contiv' }}"
container: true
repo: "{{ contiv_image_repo }}"
tag: "{{ contiv_image_tag }}"
sha256: "{{ contiv_digest_checksum|default(None) }}"
groups:
- k8s-cluster
contiv network support (#1914) * Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
contiv_auth_proxy:
enabled: "{{ kube_network_plugin == 'contiv' }}"
container: true
repo: "{{ contiv_auth_proxy_image_repo }}"
tag: "{{ contiv_auth_proxy_image_tag }}"
sha256: "{{ contiv_auth_proxy_digest_checksum|default(None) }}"
groups:
- k8s-cluster
contiv_etcd_init:
enabled: "{{ kube_network_plugin == 'contiv' }}"
container: true
repo: "{{ contiv_etcd_init_image_repo }}"
tag: "{{ contiv_etcd_init_image_tag }}"
sha256: "{{ contiv_etcd_init_digest_checksum|default(None) }}"
groups:
- k8s-cluster
2019-07-31 03:10:20 +00:00
kube_ovn_db:
enabled: "{{ kube_network_plugin == 'kube-ovn' }}"
container: true
repo: "{{ kube_ovn_db_image_repo }}"
tag: "{{ kube_ovn_db_image_tag }}"
sha256: "{{ kube_ovn_digest_checksum|default(None) }}"
groups:
- k8s-cluster
kube_ovn_node:
enabled: "{{ kube_network_plugin == 'kube-ovn' }}"
container: true
repo: "{{ kube_ovn_node_image_repo }}"
tag: "{{ kube_ovn_node_image_tag }}"
sha256: "{{ kube_ovn_digest_checksum|default(None) }}"
groups:
- k8s-cluster
kube_ovn_controller:
enabled: "{{ kube_network_plugin == 'kube-ovn' }}"
container: true
repo: "{{ kube_ovn_controller_image_repo }}"
tag: "{{ kube_ovn_controller_image_tag }}"
sha256: "{{ kube_ovn_digest_checksum|default(None) }}"
groups:
- k8s-cluster
kube_ovn_cni:
enabled: "{{ kube_network_plugin == 'kube-ovn' }}"
container: true
repo: "{{ kube_ovn_cni_image_repo }}"
tag: "{{ kube_ovn_cni_image_tag }}"
sha256: "{{ kube_ovn_digest_checksum|default(None) }}"
groups:
- k8s-cluster
kube_router:
enabled: "{{ kube_network_plugin == 'kube-router' }}"
container: true
repo: "{{ kube_router_image_repo }}"
tag: "{{ kube_router_image_tag }}"
sha256: "{{ kube_router_digest_checksum|default(None) }}"
groups:
- k8s-cluster
pod_infra:
enabled: true
container: true
repo: "{{ pod_infra_image_repo }}"
tag: "{{ pod_infra_image_tag }}"
sha256: "{{ pod_infra_digest_checksum|default(None) }}"
groups:
- k8s-cluster
install_socat:
enabled: "{{ ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] }}"
container: true
repo: "{{ install_socat_image_repo }}"
tag: "{{ install_socat_image_tag }}"
sha256: "{{ install_socat_digest_checksum|default(None) }}"
groups:
- k8s-cluster
nginx:
enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'nginx' }}"
container: true
repo: "{{ nginx_image_repo }}"
tag: "{{ nginx_image_tag }}"
sha256: "{{ nginx_digest_checksum|default(None) }}"
groups:
- kube-node
haproxy:
enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'haproxy' }}"
container: true
repo: "{{ haproxy_image_repo }}"
tag: "{{ haproxy_image_tag }}"
sha256: "{{ haproxy_digest_checksum|default(None) }}"
groups:
- kube-node
coredns:
enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}"
container: true
repo: "{{ coredns_image_repo }}"
tag: "{{ coredns_image_tag }}"
sha256: "{{ coredns_digest_checksum|default(None) }}"
groups:
- kube-master
nodelocaldns:
enabled: "{{ enable_nodelocaldns }}"
container: true
repo: "{{ nodelocaldns_image_repo }}"
tag: "{{ nodelocaldns_image_tag }}"
sha256: "{{ nodelocaldns_digest_checksum|default(None) }}"
groups:
- k8s-cluster
dnsautoscaler:
enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}"
container: true
repo: "{{ dnsautoscaler_image_repo }}"
tag: "{{ dnsautoscaler_image_tag }}"
sha256: "{{ dnsautoscaler_digest_checksum|default(None) }}"
groups:
- kube-master
busybox:
enabled: "{{ kube_network_plugin in ['kube-router'] }}"
container: true
repo: "{{ busybox_image_repo }}"
tag: "{{ busybox_image_tag }}"
sha256: "{{ busybox_digest_checksum|default(None) }}"
groups:
- k8s-cluster
testbox:
enabled: false
container: true
repo: "{{ test_image_repo }}"
tag: "{{ test_image_tag }}"
sha256: "{{ testbox_digest_checksum|default(None) }}"
2017-03-17 11:56:25 +00:00
helm:
enabled: "{{ helm_enabled }}"
2017-03-17 11:56:25 +00:00
container: true
repo: "{{ helm_image_repo }}"
tag: "{{ helm_image_tag }}"
sha256: "{{ helm_digest_checksum|default(None) }}"
groups:
- kube-node
2017-03-17 11:56:25 +00:00
tiller:
enabled: "{{ helm_enabled }}"
2017-03-17 11:56:25 +00:00
container: true
repo: "{{ tiller_image_repo }}"
tag: "{{ tiller_image_tag }}"
sha256: "{{ tiller_digest_checksum|default(None) }}"
groups:
- kube-node
registry:
enabled: "{{ registry_enabled }}"
container: true
repo: "{{ registry_image_repo }}"
tag: "{{ registry_image_tag }}"
sha256: "{{ registry_digest_checksum|default(None) }}"
groups:
- kube-node
registry_proxy:
enabled: "{{ registry_enabled }}"
container: true
repo: "{{ registry_proxy_image_repo }}"
tag: "{{ registry_proxy_image_tag }}"
sha256: "{{ registry_proxy_digest_checksum|default(None) }}"
groups:
- kube-node
metrics_server:
enabled: "{{ metrics_server_enabled }}"
container: true
repo: "{{ metrics_server_image_repo }}"
tag: "{{ metrics_server_image_tag }}"
sha256: "{{ metrics_server_digest_checksum|default(None) }}"
groups:
- kube-master
addon_resizer:
# Currently addon_resizer is only used by metrics server
enabled: "{{ metrics_server_enabled }}"
container: true
repo: "{{ addon_resizer_image_repo }}"
tag: "{{ addon_resizer_image_tag }}"
sha256: "{{ addon_resizer_digest_checksum|default(None) }}"
groups:
- kube-master
local_volume_provisioner:
enabled: "{{ local_volume_provisioner_enabled }}"
container: true
repo: "{{ local_volume_provisioner_image_repo }}"
tag: "{{ local_volume_provisioner_image_tag }}"
sha256: "{{ local_volume_provisioner_digest_checksum|default(None) }}"
groups:
- kube-node
cephfs_provisioner:
enabled: "{{ cephfs_provisioner_enabled }}"
container: true
repo: "{{ cephfs_provisioner_image_repo }}"
tag: "{{ cephfs_provisioner_image_tag }}"
sha256: "{{ cephfs_provisioner_digest_checksum|default(None) }}"
groups:
- kube-node
rbd_provisioner:
enabled: "{{ rbd_provisioner_enabled }}"
container: true
repo: "{{ rbd_provisioner_image_repo }}"
tag: "{{ rbd_provisioner_image_tag }}"
sha256: "{{ rbd_provisioner_digest_checksum|default(None) }}"
groups:
- kube-node
local_path_provisioner:
enabled: "{{ local_volume_provisioner_enabled }}"
container: true
repo: "{{ local_path_provisioner_image_repo }}"
tag: "{{ local_path_provisioner_image_tag }}"
sha256: "{{ local_path_provisioner_digest_checksum|default(None) }}"
groups:
- kube-node
ingress_nginx_controller:
enabled: "{{ ingress_nginx_enabled }}"
container: true
repo: "{{ ingress_nginx_controller_image_repo }}"
tag: "{{ ingress_nginx_controller_image_tag }}"
sha256: "{{ ingress_nginx_controller_digest_checksum|default(None) }}"
groups:
- kube-node
cert_manager_controller:
enabled: "{{ cert_manager_enabled }}"
container: true
repo: "{{ cert_manager_controller_image_repo }}"
tag: "{{ cert_manager_controller_image_tag }}"
sha256: "{{ cert_manager_controller_digest_checksum|default(None) }}"
groups:
- kube-node
dashboard:
enabled: "{{ dashboard_enabled }}"
container: true
repo: "{{ dashboard_image_repo }}"
tag: "{{ dashboard_image_tag }}"
sha256: "{{ dashboard_digest_checksum|default(None) }}"
groups:
- kube-master
download_defaults:
container: false
file: false
repo: None
tag: None
enabled: false
dest: None
version: None
url: None
unarchive: false
owner: kube
mode: None