From 0913cb2d123ed6353648f2725523094fdee8ff10 Mon Sep 17 00:00:00 2001 From: Greg Althaus Date: Tue, 2 Feb 2016 12:47:57 -0600 Subject: [PATCH] Opencontrail tweaks - opencontrail replaces kube-proxy (so turn it off) - opencontrail needs a plug-in - Allow kubelet to run every but only register from nodes (helps opencontrail gateways) Add a playbook file that runs opencontrail. --- cluster-opencontrail.yml | 44 ++++++++++++++++++++++ roles/kubernetes/node/tasks/main.yml | 1 + roles/kubernetes/node/templates/kubelet.j2 | 5 ++- 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 cluster-opencontrail.yml diff --git a/cluster-opencontrail.yml b/cluster-opencontrail.yml new file mode 100644 index 000000000..e6f5b6f40 --- /dev/null +++ b/cluster-opencontrail.yml @@ -0,0 +1,44 @@ +--- + +# +# To use Opencontrail with Kubernetes, you will need to do the following: +# 1. checkout https://github.com/rackn/container-networking-ansible +# 2. Copy the filters directory from container-network-ansible to this directory. +# 3. Copy the roles/* directory content to the roles directory +# +# Update your inventory file to use opencontrail as the network_plugin. +# Update your inventory to have masters group that is the same as kube-master +# Update your inventory to have nodes group that is the same as kube-node +# Update your inventory to have a gateway group +# +# Add vars to group_var file: +# Publics IP Opencontrail should use to expose services. +# opencontrail_public_subnet=192.0.2.0/24 +# opencontrail_kube_release=1.1 +# +# See here for more info: https://github.com/rackn/container-networking-ansible +# + + +- hosts: k8s-cluster + roles: + - { role: adduser, tags: adduser } + - { role: download, tags: download } + - { role: kubernetes/preinstall, tags: preinstall } + - { role: etcd, tags: etcd } + - { role: docker, tags: docker } + - { role: kubernetes/node, tags: node } + - { role: network_plugin, tags: network, when: kube_network_plugin != 'opencontrail' } + - { role: opencontrail_facts, when: kube_network_plugin == 'opencontrail' } + - { role: opencontrail, when: kube_network_plugin == 'opencontrail' } + - { role: dnsmasq, tags: dnsmasq } + +- hosts: kube-master + roles: + - { role: kubernetes/master, tags: master } + +- hosts: k8s-cluster + roles: + - { role: opencontrail_facts, when: kube_network_plugin == 'opencontrail' } + - { role: opencontrail_provision, when: kube_network_plugin == 'opencontrail' } + diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 803c9251b..df07154b7 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -22,6 +22,7 @@ template: src: manifests/kube-proxy.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-proxy.manifest" + when: kube_network_plugin != "opencontrail" - name: Restart kubelet if binary changed command: /bin/true diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2 index 0f9197586..0ae4034e8 100644 --- a/roles/kubernetes/node/templates/kubelet.j2 +++ b/roles/kubernetes/node/templates/kubelet.j2 @@ -14,7 +14,7 @@ KUBELET_ADDRESS="--address=0.0.0.0" # KUBELET_PORT="--port=10250" # You may leave this blank to use the actual hostname KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}" -{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %} +{% if inventory_hostname not in groups['kube-node'] %} KUBELET_REGISTER_NODE="--register-node=false" {% endif %} # location of the api-server @@ -28,6 +28,9 @@ KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %} DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock" {% endif %} +{% if kube_network_plugin is defined and kube_network_plugin == "opencontrail" and inventory_hostname in groups['kube-node'] %} +KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}" +{% endif %} # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow_privileged=true" {% if ansible_service_mgr in ["sysvinit","upstart"] %}