From 05e5bc79f1aa36d710658cc4a02f740577e5c60f Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Sun, 24 Sep 2017 19:47:36 +0100 Subject: [PATCH] Manually enforce kube-proxy for kubeadm deploy --- roles/kubernetes-apps/ansible/tasks/main.yml | 11 ++++ .../ansible/templates/kube-proxy-ds.yml.j2 | 56 +++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 9e9a30382..1dae49922 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -18,6 +18,17 @@ with_items: ['deploy', 'svc'] tags: upgrade +- name: Kubernetes Apps | Ensure kubeadm kube-proxy + kube: + name: "kube-proxy" + namespace: "{{ system_namespace }}" + kubectl: "{{bin_dir}}/kubectl" + resource: "daemonset" + state: latest + when: + - kubeadm_enabled|default(false) + - inventory_hostname == groups['kube-master'][0] + - name: Kubernetes Apps | Delete kubeadm kubedns kube: name: "kubedns" diff --git a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 new file mode 100644 index 000000000..ba6dc20d4 --- /dev/null +++ b/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 @@ -0,0 +1,56 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + labels: + k8s-app: kube-proxy + name: kube-proxy + namespace: {{ system_namespace }} +spec: + selector: + matchLabels: + k8s-app: kube-proxy + template: + metadata: + labels: + k8s-app: kube-proxy + spec: + containers: + - command: + - /usr/local/bin/kube-proxy + - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf + - --cluster-cidr=10.233.64.0/18 + image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} + name: kube-proxy + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kube-proxy + name: kube-proxy + - mountPath: /run/xtables.lock + name: xtables-lock + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + serviceAccount: kube-proxy + serviceAccountName: kube-proxy + terminationGracePeriodSeconds: 30 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + volumes: + - configMap: + defaultMode: 420 + name: kube-proxy + name: kube-proxy + - hostPath: + path: /run/xtables.lock + name: xtables-lock + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +