Manually enforce kube-proxy for kubeadm deploy

2017-09-24 19:47:36 +01:00 · 2017-09-24 19:47:36 +01:00 · 05e5bc79f1
commit 05e5bc79f1
parent 4a9ebee765
2 changed files with 67 additions and 0 deletions
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@ -18,6 +18,17 @@
  with_items: ['deploy', 'svc']
  tags: upgrade

+- name: Kubernetes Apps | Ensure kubeadm kube-proxy
+  kube:
+    name: "kube-proxy"
+    namespace: "{{ system_namespace }}"
+    kubectl: "{{bin_dir}}/kubectl"
+    resource: "daemonset"
+    state: latest
+  when:
+    - kubeadm_enabled|default(false)
+    - inventory_hostname == groups['kube-master'][0]
+
 - name: Kubernetes Apps | Delete kubeadm kubedns
  kube:
    name: "kubedns"
--- a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
@ -0,0 +1,56 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: kube-proxy
+  name: kube-proxy
+  namespace: {{ system_namespace }}
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-proxy
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-proxy
+    spec:
+      containers:
+      - command:
+        - /usr/local/bin/kube-proxy
+        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
+        - --cluster-cidr=10.233.64.0/18
+        image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+        imagePullPolicy: {{ k8s_image_pull_policy }}
+        name: kube-proxy
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /var/lib/kube-proxy
+          name: kube-proxy
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      restartPolicy: Always
+      serviceAccount: kube-proxy
+      serviceAccountName: kube-proxy
+      terminationGracePeriodSeconds: 30
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node.cloudprovider.kubernetes.io/uninitialized
+        value: "true"
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: kube-proxy
+        name: kube-proxy
+      - hostPath:
+          path: /run/xtables.lock
+        name: xtables-lock
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+