C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Stop templating kube-system namespace and creating it (#2545)

Browse source 
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
This commit is contained in:
Matthew Mosesohn 2018-03-30 14:29:13 +03:00 committed by GitHub
parent f619eb08b1
commit 03bcfa7ff5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
91 changed files with 122 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
inventory/sample/group_vars/k8s-cluster.yml
View file

@ -6,7 +6,6 @@
kube_config_dir: /etc/kubernetes kube_config_dir: /etc/kubernetes
kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests" kube_manifest_dir: "{{ kube_config_dir }}/manifests"
system_namespace: kube-system
# This is where all the cert scripts and certs will be located # This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl" kube_cert_dir: "{{ kube_config_dir }}/ssl"

2
roles/dnsmasq/tasks/main.yml
View file

@ -91,7 +91,7 @@
- name: Start Resources - name: Start Resources
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{system_namespace}}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"

4
roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml
View file

@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: dnsmasq name: dnsmasq
namespace: "{{ system_namespace }}" namespace: "kube-system"
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: dnsmasq name: dnsmasq
namespace: "{{ system_namespace}}" namespace: "kube-system"
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: cluster-admin

2
roles/dnsmasq/templates/dnsmasq-deploy.yml
View file

@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: dnsmasq name: dnsmasq
namespace: "{{system_namespace}}" namespace: "kube-system"
labels: labels:
k8s-app: dnsmasq k8s-app: dnsmasq
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/dnsmasq/templates/dnsmasq-serviceaccount.yml
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: dnsmasq name: dnsmasq
namespace: "{{ system_namespace }}" namespace: "kube-system"
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/dnsmasq/templates/dnsmasq-svc.yml
View file

@ -6,7 +6,7 @@ metadata:
kubernetes.io/cluster-service: 'true' kubernetes.io/cluster-service: 'true'
k8s-app: dnsmasq k8s-app: dnsmasq
name: dnsmasq name: dnsmasq
namespace: {{system_namespace}} namespace: kube-system
spec: spec:
ports: ports:
- port: 53 - port: 53

6
roles/etcd/defaults/main.yml
View file

@ -12,9 +12,9 @@ etcd_cert_group: root
# Note: This does not set up DNS entries. It simply adds the following DNS # Note: This does not set up DNS entries. It simply adds the following DNS
# entries to the certificate # entries to the certificate
etcd_cert_alt_names: etcd_cert_alt_names:
- "etcd.{{ system_namespace }}.svc.{{ dns_domain }}" - "etcd.kube-system.svc.{{ dns_domain }}"
- "etcd.{{ system_namespace }}.svc" - "etcd.kube-system.svc"
- "etcd.{{ system_namespace }}" - "etcd.kube-system"
- "etcd" - "etcd"
etcd_script_dir: "{{ bin_dir }}/etcd-scripts" etcd_script_dir: "{{ bin_dir }}/etcd-scripts"

8
roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
View file

@ -2,7 +2,7 @@
- name: Kubernetes Apps | Delete old CoreDNS resources - name: Kubernetes Apps | Delete old CoreDNS resources
kube: kube:
name: "coredns" name: "coredns"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}" resource: "{{ item }}"
state: absent state: absent
@ -16,7 +16,7 @@
- name: Kubernetes Apps | Delete kubeadm CoreDNS - name: Kubernetes Apps | Delete kubeadm CoreDNS
kube: kube:
name: "coredns" name: "coredns"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "deploy" resource: "deploy"
state: absent state: absent
@ -28,7 +28,7 @@
- name: Kubernetes Apps | Delete old KubeDNS resources - name: Kubernetes Apps | Delete old KubeDNS resources
kube: kube:
name: "kube-dns" name: "kube-dns"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}" resource: "{{ item }}"
state: absent state: absent
@ -41,7 +41,7 @@
- name: Kubernetes Apps | Delete kubeadm KubeDNS - name: Kubernetes Apps | Delete kubeadm KubeDNS
kube: kube:
name: "kube-dns" name: "kube-dns"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}" resource: "{{ item }}"
state: absent state: absent

2
roles/kubernetes-apps/ansible/tasks/dashboard.yml
View file

@ -22,7 +22,7 @@
- name: Kubernetes Apps | Start dashboard - name: Kubernetes Apps | Start dashboard
kube: kube:
name: "{{ item.item.name }}" name: "{{ item.item.name }}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}" resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}" filename: "{{ kube_config_dir }}/{{ item.item.file }}"

2
roles/kubernetes-apps/ansible/tasks/main.yml
View file

@ -37,7 +37,7 @@
- name: Kubernetes Apps | Start Resources - name: Kubernetes Apps | Start Resources
kube: kube:
name: "{{ item.item.name }}" name: "{{ item.item.name }}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}" resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}" filename: "{{ kube_config_dir }}/{{ item.item.file }}"

2
roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
View file

@ -15,4 +15,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: coredns name: coredns
namespace: {{ system_namespace }} namespace: kube-system

2
roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: coredns name: coredns
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
addonmanager.kubernetes.io/mode: EnsureExists addonmanager.kubernetes.io/mode: EnsureExists
data: data:

2
roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: coredns{{ coredns_ordinal_suffix | default('') }} name: coredns{{ coredns_ordinal_suffix | default('') }}
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: coredns name: coredns
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile

2
roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: coredns{{ coredns_ordinal_suffix | default('') }} name: coredns{{ coredns_ordinal_suffix | default('') }}
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

16
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
View file

@ -25,7 +25,7 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs name: kubernetes-dashboard-certs
namespace: {{ system_namespace }} namespace: kube-system
type: Opaque type: Opaque
--- ---
@ -37,7 +37,7 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: {{ system_namespace }} namespace: kube-system
--- ---
# ------------------- Dashboard Role & Role Binding ------------------- # # ------------------- Dashboard Role & Role Binding ------------------- #
@ -46,7 +46,7 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: kubernetes-dashboard-minimal name: kubernetes-dashboard-minimal
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""] - apiGroups: [""]
@ -81,7 +81,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: kubernetes-dashboard-minimal name: kubernetes-dashboard-minimal
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@ -89,7 +89,7 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: {{ system_namespace }} namespace: kube-system
--- ---
# ------------------- Gross Hack For anonymous auth through api proxy ------------------- # # ------------------- Gross Hack For anonymous auth through api proxy ------------------- #
@ -103,7 +103,7 @@ rules:
resources: ["services/proxy"] resources: ["services/proxy"]
resourceNames: ["https:kubernetes-dashboard:"] resourceNames: ["https:kubernetes-dashboard:"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/{{ system_namespace }}/services/https:kubernetes-dashboard:/proxy/*"] - nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- ---
@ -128,7 +128,7 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: {{ system_namespace }} namespace: kube-system
spec: spec:
replicas: 1 replicas: 1
revisionHistoryLimit: 10 revisionHistoryLimit: 10
@ -200,7 +200,7 @@ metadata:
labels: labels:
k8s-app: kubernetes-dashboard k8s-app: kubernetes-dashboard
name: kubernetes-dashboard name: kubernetes-dashboard
namespace: {{ system_namespace }} namespace: kube-system
spec: spec:
ports: ports:
- port: 443 - port: 443

2
roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
View file

@ -17,7 +17,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: cluster-proportional-autoscaler name: cluster-proportional-autoscaler
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["nodes"] resources: ["nodes"]

4
roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
View file

@ -17,11 +17,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: cluster-proportional-autoscaler name: cluster-proportional-autoscaler
namespace: {{ system_namespace }} namespace: kube-system
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: cluster-proportional-autoscaler name: cluster-proportional-autoscaler
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: cluster-proportional-autoscaler name: cluster-proportional-autoscaler

2
roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
View file

@ -17,4 +17,4 @@ kind: ServiceAccount
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: cluster-proportional-autoscaler name: cluster-proportional-autoscaler
namespace: {{ system_namespace }} namespace: kube-system

4
roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
View file

@ -17,7 +17,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: kubedns-autoscaler name: kubedns-autoscaler
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: kubedns-autoscaler k8s-app: kubedns-autoscaler
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
@ -40,7 +40,7 @@ spec:
memory: "10Mi" memory: "10Mi"
command: command:
- /cluster-proportional-autoscaler - /cluster-proportional-autoscaler
- --namespace={{ system_namespace }} - --namespace=kube-system
- --configmap=kubedns-autoscaler - --configmap=kubedns-autoscaler
# Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
- --target=Deployment/kube-dns - --target=Deployment/kube-dns

2
roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: kube-dns name: kube-dns
namespace: "{{system_namespace}}" namespace: kube-system
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: kube-dns name: kube-dns
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: kube-dns name: kube-dns
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

29
roles/kubernetes-apps/cluster_roles/tasks/main.yml
View file

@ -126,32 +126,3 @@
- kube_version | version_compare('v1.9.3', '<=') - kube_version | version_compare('v1.9.3', '<=')
- inventory_hostname == groups['kube-master'][0] - inventory_hostname == groups['kube-master'][0]
tags: vsphere tags: vsphere
# This is not a cluster role, but should be run after kubeconfig is set on master
- name: Write kube system namespace manifest
template:
src: namespace.j2
dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
when: inventory_hostname == groups['kube-master'][0]
tags:
- apps
- name: Check if kube system namespace exists
command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
register: 'kubesystem'
changed_when: False
failed_when: False
when: inventory_hostname == groups['kube-master'][0]
tags:
- apps
- name: Create kube system namespace
command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
register: create_system_ns
until: create_system_ns.rc == 0
changed_when: False
when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0
tags:
- apps

2
roles/kubernetes-apps/cluster_roles/templates/namespace.j2
View file

@ -1,4 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: "{{system_namespace}}" name: "kube-system"

6
roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
View file

@ -10,7 +10,7 @@
when: rbac_enabled when: rbac_enabled
- name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)" - name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n {{ system_namespace }}" command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n kube-system"
with_items: with_items:
- "efk-sa.yml" - "efk-sa.yml"
- "efk-clusterrolebinding.yml" - "efk-clusterrolebinding.yml"
@ -24,7 +24,7 @@
register: es_deployment_manifest register: es_deployment_manifest
- name: "ElasticSearch | Create ES deployment" - name: "ElasticSearch | Create ES deployment"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n {{ system_namespace }}" command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n kube-system"
run_once: true run_once: true
when: es_deployment_manifest.changed when: es_deployment_manifest.changed
@ -35,6 +35,6 @@
register: es_service_manifest register: es_service_manifest
- name: "ElasticSearch | Create ES service" - name: "ElasticSearch | Create ES service"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}" command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n kube-system"
run_once: true run_once: true
when: es_service_manifest.changed when: es_service_manifest.changed

4
roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
View file

@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: efk name: efk
namespace: {{ system_namespace }} namespace: kube-system
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: efk name: efk
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: cluster-admin

2
roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: efk name: efk
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
View file

@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: elasticsearch-logging-v1 name: elasticsearch-logging-v1
namespace: "{{ system_namespace }}" namespace: kube-system
labels: labels:
k8s-app: elasticsearch-logging k8s-app: elasticsearch-logging
version: "{{ elasticsearch_image_tag }}" version: "{{ elasticsearch_image_tag }}"

2
roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: elasticsearch-logging name: elasticsearch-logging
namespace: "{{ system_namespace }}" namespace: "kube-system"
labels: labels:
k8s-app: elasticsearch-logging k8s-app: elasticsearch-logging
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/efk/fluentd/tasks/main.yml
View file

@ -17,6 +17,6 @@
register: fluentd_ds_manifest register: fluentd_ds_manifest
- name: "Fluentd | Create fluentd daemonset" - name: "Fluentd | Create fluentd daemonset"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}" command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n kube-system"
run_once: true run_once: true
when: fluentd_ds_manifest.changed when: fluentd_ds_manifest.changed

2
roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: fluentd-config name: fluentd-config
namespace: "{{ system_namespace }}" namespace: "kube-system"
data: data:
{{ fluentd_config_file }}: | {{ fluentd_config_file }}: |
# This configuration file for Fluentd / td-agent is used # This configuration file for Fluentd / td-agent is used

2
roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
View file

@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: "fluentd-es-v{{ fluentd_version }}" name: "fluentd-es-v{{ fluentd_version }}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
labels: labels:
k8s-app: fluentd-es k8s-app: fluentd-es
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

4
roles/kubernetes-apps/efk/kibana/tasks/main.yml
View file

@ -10,7 +10,7 @@
filename: "{{kube_config_dir}}/kibana-deployment.yaml" filename: "{{kube_config_dir}}/kibana-deployment.yaml"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
name: "kibana-logging" name: "kibana-logging"
namespace: "{{system_namespace}}" namespace: "kube-system"
resource: "deployment" resource: "deployment"
state: "latest" state: "latest"
with_items: "{{ kibana_deployment_manifest.changed }}" with_items: "{{ kibana_deployment_manifest.changed }}"
@ -27,7 +27,7 @@
filename: "{{kube_config_dir}}/kibana-service.yaml" filename: "{{kube_config_dir}}/kibana-service.yaml"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
name: "kibana-logging" name: "kibana-logging"
namespace: "{{system_namespace}}" namespace: "kube-system"
resource: "svc" resource: "svc"
state: "latest" state: "latest"
with_items: "{{ kibana_service_manifest.changed }}" with_items: "{{ kibana_service_manifest.changed }}"

2
roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
View file

@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: Deployment kind: Deployment
metadata: metadata:
name: kibana-logging name: kibana-logging
namespace: "{{ system_namespace }}" namespace: "kube-system"
labels: labels:
k8s-app: kibana-logging k8s-app: kibana-logging
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: kibana-logging name: kibana-logging
namespace: "{{ system_namespace }}" namespace: "kube-system"
labels: labels:
k8s-app: kibana-logging k8s-app: kibana-logging
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml
View file

@ -2,7 +2,7 @@
cephfs_provisioner_image_repo: quay.io/kubespray/cephfs-provisioner cephfs_provisioner_image_repo: quay.io/kubespray/cephfs-provisioner
cephfs_provisioner_image_tag: 92295a30 cephfs_provisioner_image_tag: 92295a30
cephfs_provisioner_namespace: "{{ system_namespace }}" cephfs_provisioner_namespace: "kube-system"
cephfs_provisioner_cluster: ceph cephfs_provisioner_cluster: ceph
cephfs_provisioner_monitors: [] cephfs_provisioner_monitors: []
cephfs_provisioner_admin_id: admin cephfs_provisioner_admin_id: admin

2
roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml
View file

@ -2,7 +2,7 @@
local_volume_provisioner_image_repo: quay.io/external_storage/local-volume-provisioner local_volume_provisioner_image_repo: quay.io/external_storage/local-volume-provisioner
local_volume_provisioner_image_tag: v2.0.0 local_volume_provisioner_image_tag: v2.0.0
local_volume_provisioner_namespace: "{{ system_namespace }}" local_volume_provisioner_namespace: "kube-system"
local_volume_provisioner_base_dir: /mnt/disks local_volume_provisioner_base_dir: /mnt/disks
local_volume_provisioner_mount_dir: /mnt/disks local_volume_provisioner_mount_dir: /mnt/disks
local_volume_provisioner_storage_class: local-storage local_volume_provisioner_storage_class: local-storage

4
roles/kubernetes-apps/helm/tasks/main.yml
View file

@ -18,7 +18,7 @@
- name: Helm | Apply Helm Manifests (RBAC) - name: Helm | Apply Helm Manifests (RBAC)
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"
@ -28,7 +28,7 @@
- name: Helm | Install/upgrade helm - name: Helm | Install/upgrade helm
command: > command: >
{{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ system_namespace }} {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
{% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account=tiller{% endif %} {% if rbac_enabled %} --service-account=tiller{% endif %}

4
roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
View file

@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: tiller name: tiller
namespace: {{ system_namespace }} namespace: kube-system
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: tiller name: tiller
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: cluster-admin

2
roles/kubernetes-apps/helm/templates/tiller-sa.yml
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: tiller name: tiller
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: Start Calico resources - name: Start Calico resources
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"

2
roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: Canal | Start Resources - name: Canal | Start Resources
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"

4
roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: Cilium | Start Resources - name: Cilium | Start Resources
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"
@ -11,7 +11,7 @@
when: inventory_hostname == groups['kube-master'][0] and not item|skipped when: inventory_hostname == groups['kube-master'][0] and not item|skipped
- name: Cilium | Wait for pods to run - name: Cilium | Wait for pods to run
command: "{{bin_dir}}/kubectl -n {{system_namespace}} get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'" command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'"
register: pods_not_ready register: pods_not_ready
until: pods_not_ready.stdout.find("cilium")==-1 until: pods_not_ready.stdout.find("cilium")==-1
retries: 30 retries: 30

2
roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: Contiv | Create Kubernetes resources - name: Contiv | Create Kubernetes resources
kube: kube:
name: "{{ item.item.name }}" name: "{{ item.item.name }}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}" resource: "{{ item.item.type }}"
filename: "{{ contiv_config_dir }}/{{ item.item.file }}" filename: "{{ contiv_config_dir }}/{{ item.item.file }}"

2
roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
View file

@ -2,7 +2,7 @@
- name: Flannel | Start Resources - name: Flannel | Start Resources
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"

2
roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
View file

@ -5,7 +5,7 @@
kubectl: "{{ bin_dir }}/kubectl" kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/weave-net.yml" filename: "{{ kube_config_dir }}/weave-net.yml"
resource: "ds" resource: "ds"
namespace: "{{system_namespace}}" namespace: "kube-system"
state: "latest" state: "latest"
when: inventory_hostname == groups['kube-master'][0] when: inventory_hostname == groups['kube-master'][0]

4
roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
View file

@ -12,7 +12,7 @@
name: calico-policy-controller name: calico-policy-controller
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: rs resource: rs
namespace: "{{ system_namespace }}" namespace: "kube-system"
state: absent state: absent
run_once: true run_once: true
@ -32,7 +32,7 @@
- name: Start of Calico kube controllers - name: Start of Calico kube controllers
kube: kube:
name: "{{item.item.name}}" name: "{{item.item.name}}"
namespace: "{{ system_namespace }}" namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl" kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}" resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}" filename: "{{kube_config_dir}}/{{item.item.file}}"

4
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
View file

@ -2,7 +2,7 @@ apiVersion: apps/v1beta2
kind: Deployment kind: Deployment
metadata: metadata:
name: calico-kube-controllers name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: calico-kube-controllers k8s-app: calico-kube-controllers
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
@ -15,7 +15,7 @@ spec:
template: template:
metadata: metadata:
name: calico-kube-controllers name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
k8s-app: calico-kube-controllers k8s-app: calico-kube-controllers

2
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View file

@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: calico-kube-controllers name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

2
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
View file

@ -10,4 +10,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: calico-kube-controllers name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: kube-system

2
roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: calico-kube-controllers name: calico-kube-controllers
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/kubernetes-apps/registry/defaults/main.yml
View file

@ -4,6 +4,6 @@ registry_image_tag: 2.6
registry_proxy_image_repo: gcr.io/google_containers/kube-registry-proxy registry_proxy_image_repo: gcr.io/google_containers/kube-registry-proxy
registry_proxy_image_tag: 0.4 registry_proxy_image_tag: 0.4
registry_namespace: "{{ system_namespace }}" registry_namespace: "kube-system"
registry_storage_class: "" registry_storage_class: ""
registry_disk_size: "10Gi" registry_disk_size: "10Gi"

2
roles/kubernetes-apps/rotate_tokens/tasks/main.yml
View file

@ -44,5 +44,5 @@
when: needs_rotation when: needs_rotation
- name: Rotate Tokens | Delete pods in system namespace - name: Rotate Tokens | Delete pods in system namespace
command: "{{ bin_dir }}/kubectl delete pods -n {{ system_namespace }} --all" command: "{{ bin_dir }}/kubectl delete pods -n kube-system --all"
when: needs_rotation when: needs_rotation

2
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-apiserver name: kube-apiserver
namespace: {{system_namespace}} namespace: kube-system
labels: labels:
k8s-app: kube-apiserver k8s-app: kube-apiserver
kubespray: v2 kubespray: v2

2
roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-controller-manager name: kube-controller-manager
namespace: {{system_namespace}} namespace: kube-system
labels: labels:
k8s-app: kube-controller-manager k8s-app: kube-controller-manager
annotations: annotations:

2
roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-scheduler name: kube-scheduler
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: kube-scheduler k8s-app: kube-scheduler
annotations: annotations:

6
roles/kubernetes/master/vars/main.yml
View file

@ -1,6 +0,0 @@
---
namespace_kubesystem:
apiVersion: v1
kind: Namespace
metadata:
name: "{{system_namespace}}"

2
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-proxy name: kube-proxy
namespace: {{system_namespace}} namespace: kube-system
labels: labels:
k8s-app: kube-proxy k8s-app: kube-proxy
annotations: annotations:

2
roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: nginx-proxy name: nginx-proxy
namespace: {{system_namespace}} namespace: kube-system
labels: labels:
k8s-app: kube-nginx k8s-app: kube-nginx
spec: spec:

1
roles/kubespray-defaults/defaults/main.yaml
View file

@ -61,7 +61,6 @@ dns_domain: "{{ cluster_name }}"
kube_config_dir: /etc/kubernetes kube_config_dir: /etc/kubernetes
kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests" kube_manifest_dir: "{{ kube_config_dir }}/manifests"
system_namespace: kube-system
# This is where all the cert scripts and certs will be located # This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl" kube_cert_dir: "{{ kube_config_dir }}/ssl"

2
roles/network_plugin/calico/templates/calico-config.yml.j2
View file

@ -2,7 +2,7 @@ kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: calico-config name: calico-config
namespace: {{ system_namespace }} namespace: kube-system
data: data:
etcd_endpoints: "{{ etcd_access_addresses }}" etcd_endpoints: "{{ etcd_access_addresses }}"
etcd_ca: "/calico-secrets/ca_cert.crt" etcd_ca: "/calico-secrets/ca_cert.crt"

2
roles/network_plugin/calico/templates/calico-cr.yml.j2
View file

@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: calico-node name: calico-node
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: resources:

2
roles/network_plugin/calico/templates/calico-crb.yml.j2
View file

@ -10,4 +10,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: calico-node name: calico-node
namespace: {{ system_namespace }} namespace: kube-system

2
roles/network_plugin/calico/templates/calico-node-sa.yml.j2
View file

@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: calico-node name: calico-node
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/network_plugin/calico/templates/calico-node.yml.j2
View file

@ -6,7 +6,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: calico-node name: calico-node
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: calico-node k8s-app: calico-node
spec: spec:

2
roles/network_plugin/canal/templates/canal-cr-calico.yml.j2
View file

@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: calico name: calico
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: resources:

2
roles/network_plugin/canal/templates/canal-crb-calico.yml.j2
View file

@ -11,4 +11,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: canal name: canal
namespace: {{ system_namespace }} namespace: kube-system

2
roles/network_plugin/canal/templates/canal-crb-flannel.yml.j2
View file

@ -11,4 +11,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: canal name: canal
namespace: {{ system_namespace }} namespace: kube-system

2
roles/network_plugin/canal/templates/canal-node-sa.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: canal name: canal
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/network_plugin/canal/templates/canal-node.yaml.j2
View file

@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: canal-node name: canal-node
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: canal-node k8s-app: canal-node
spec: spec:

2
roles/network_plugin/cilium/templates/cilium-config.yml.j2
View file

@ -2,7 +2,7 @@ kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: cilium-config name: cilium-config
namespace: {{ system_namespace }} namespace: kube-system
data: data:
# This etcd-config contains the etcd endpoints of your cluster. If you use # This etcd-config contains the etcd endpoints of your cluster. If you use
# TLS please make sure you uncomment the ca-file line and add the respective # TLS please make sure you uncomment the ca-file line and add the respective

2
roles/network_plugin/cilium/templates/cilium-crb.yml.j2
View file

@ -10,6 +10,6 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: cilium name: cilium
namespace: {{ system_namespace }} namespace: kube-system
- kind: Group - kind: Group
name: system:nodes name: system:nodes

2
roles/network_plugin/cilium/templates/cilium-ds.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: cilium name: cilium
namespace: {{ system_namespace }} namespace: kube-system
spec: spec:
template: template:
metadata: metadata:

2
roles/network_plugin/cilium/templates/cilium-sa.yml.j2
View file

@ -3,4 +3,4 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: cilium name: cilium
namespace: {{ system_namespace }} namespace: kube-system

4
roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: contiv-api-proxy name: contiv-api-proxy
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-api-proxy k8s-app: contiv-api-proxy
spec: spec:
@ -12,7 +12,7 @@ spec:
template: template:
metadata: metadata:
name: contiv-api-proxy name: contiv-api-proxy
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-api-proxy k8s-app: contiv-api-proxy
annotations: annotations:

2
roles/network_plugin/contiv/templates/contiv-config.yml.j2
View file

@ -5,7 +5,7 @@ kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: contiv-config name: contiv-config
namespace: {{ system_namespace }} namespace: kube-system
data: data:
# The location of your cluster store. This is set to the # The location of your cluster store. This is set to the
# avdertise-client value below from the contiv-etcd service. # avdertise-client value below from the contiv-etcd service.

2
roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
View file

@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: contiv-etcd-proxy name: contiv-etcd-proxy
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-etcd-proxy k8s-app: contiv-etcd-proxy
spec: spec:

2
roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
View file

@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: contiv-etcd name: contiv-etcd
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-etcd k8s-app: contiv-etcd
spec: spec:

2
roles/network_plugin/contiv/templates/contiv-netmaster-clusterrole.yml.j2
View file

@ -2,7 +2,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: contiv-netmaster name: contiv-netmaster
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

2
roles/network_plugin/contiv/templates/contiv-netmaster-clusterrolebinding.yml.j2
View file

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: contiv-netmaster name: contiv-netmaster
namespace: {{ system_namespace }} namespace: kube-system

2
roles/network_plugin/contiv/templates/contiv-netmaster-serviceaccount.yml.j2
View file

@ -2,6 +2,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: contiv-netmaster name: contiv-netmaster
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

4
roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
View file

@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: contiv-netmaster name: contiv-netmaster
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-netmaster k8s-app: contiv-netmaster
spec: spec:
@ -12,7 +12,7 @@ spec:
template: template:
metadata: metadata:
name: contiv-netmaster name: contiv-netmaster
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-netmaster k8s-app: contiv-netmaster
annotations: annotations:

2
roles/network_plugin/contiv/templates/contiv-netplugin-clusterrole.yml.j2
View file

@ -2,7 +2,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
metadata: metadata:
name: contiv-netplugin name: contiv-netplugin
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

2
roles/network_plugin/contiv/templates/contiv-netplugin-clusterrolebinding.yml.j2
View file

@ -9,4 +9,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: contiv-netplugin name: contiv-netplugin
namespace: {{ system_namespace }} namespace: kube-system

2
roles/network_plugin/contiv/templates/contiv-netplugin-serviceaccount.yml.j2
View file

@ -2,6 +2,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: contiv-netplugin name: contiv-netplugin
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"

2
roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
View file

@ -5,7 +5,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
metadata: metadata:
name: contiv-netplugin name: contiv-netplugin
namespace: {{ system_namespace }} namespace: kube-system
labels: labels:
k8s-app: contiv-netplugin k8s-app: contiv-netplugin
spec: spec:

4
roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2
View file

@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: flannel name: flannel
namespace: "{{system_namespace}}" namespace: "kube-system"
--- ---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -41,4 +41,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: flannel name: flannel
namespace: "{{system_namespace}}" namespace: "kube-system"

4
roles/network_plugin/flannel/templates/cni-flannel.yml.j2
View file

@ -3,7 +3,7 @@ kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: kube-flannel-cfg name: kube-flannel-cfg
namespace: "{{system_namespace}}" namespace: "kube-system"
labels: labels:
tier: node tier: node
app: flannel app: flannel
@ -41,7 +41,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: kube-flannel name: kube-flannel
namespace: "{{system_namespace}}" namespace: "kube-system"
labels: labels:
tier: node tier: node
k8s-app: flannel k8s-app: flannel

16
roles/network_plugin/weave/templates/weave-net.yml.j2
View file

@ -8,14 +8,14 @@ items:
name: weave-net name: weave-net
labels: labels:
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1 - apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: weave-net name: weave-net
labels: labels:
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- '' - ''
@ -41,7 +41,7 @@ items:
name: weave-net name: weave-net
labels: labels:
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: weave-net name: weave-net
@ -49,14 +49,14 @@ items:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1 - apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role kind: Role
metadata: metadata:
name: weave-net name: weave-net
labels: labels:
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- '' - ''
@ -79,7 +79,7 @@ items:
name: weave-net name: weave-net
labels: labels:
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
roleRef: roleRef:
kind: Role kind: Role
name: weave-net name: weave-net
@ -87,7 +87,7 @@ items:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: weave-net name: weave-net
namespace: {{ system_namespace }} namespace: kube-system
- apiVersion: extensions/v1beta1 - apiVersion: extensions/v1beta1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
@ -95,7 +95,7 @@ items:
labels: labels:
name: weave-net name: weave-net
version: v{{ weave_version }} version: v{{ weave_version }}
namespace: {{ system_namespace }} namespace: kube-system
spec: spec:
minReadySeconds: 5 minReadySeconds: 5
template: template:

2
roles/vault/defaults/main.yml
View file

@ -86,7 +86,7 @@ vault_ca_options:
format: pem format: pem
ttl: "{{ vault_max_lease_ttl }}" ttl: "{{ vault_max_lease_ttl }}"
exclude_cn_from_sans: true exclude_cn_from_sans: true
alt_names: "vault.{{ system_namespace }}.svc.{{ dns_domain }},vault.{{ system_namespace }}.svc,vault.{{ system_namespace }},vault" alt_names: "vault.kube-system.svc.{{ dns_domain }},vault.kube-system.svc,vault.kube-system,vault"
etcd: etcd:
common_name: etcd common_name: etcd
format: pem format: pem