Deploy kubelet and kube-apiserver as containers
kubelet via docker kube-apiserver as a static pod Fixed etcd service start to be more tolerant of slow start. Workaround for kube_version to stay in download role, but not download an files by creating a new "nothing" download entry.
This commit is contained in:
parent
74129d199c
commit
0cdbc13f1e
19 changed files with 88 additions and 348 deletions
|
@ -15,8 +15,6 @@ calico_cni_version: v1.3.1
|
||||||
weave_version: v1.5.0
|
weave_version: v1.5.0
|
||||||
|
|
||||||
# Download URL's
|
# Download URL's
|
||||||
kubelet_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubelet"
|
|
||||||
apiserver_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-apiserver"
|
|
||||||
kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl"
|
kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl"
|
||||||
|
|
||||||
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
|
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
|
||||||
|
@ -64,14 +62,6 @@ downloads:
|
||||||
unarchive: true
|
unarchive: true
|
||||||
owner: "etcd"
|
owner: "etcd"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
kubernetes_kubelet:
|
|
||||||
version: "{{kube_version}}"
|
|
||||||
dest: kubernetes/bin/kubelet
|
|
||||||
sha256: "{{vars['kube_checksum'][kube_version]['kubelet']}}"
|
|
||||||
source_url: "{{ kubelet_download_url }}"
|
|
||||||
url: "{{ kubelet_download_url }}"
|
|
||||||
owner: "kube"
|
|
||||||
mode: "0755"
|
|
||||||
kubernetes_kubectl:
|
kubernetes_kubectl:
|
||||||
dest: kubernetes/bin/kubectl
|
dest: kubernetes/bin/kubectl
|
||||||
version: "{{kube_version}}"
|
version: "{{kube_version}}"
|
||||||
|
@ -80,14 +70,8 @@ downloads:
|
||||||
url: "{{ kubectl_download_url }}"
|
url: "{{ kubectl_download_url }}"
|
||||||
owner: "kube"
|
owner: "kube"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
kubernetes_apiserver:
|
nothing:
|
||||||
dest: kubernetes/bin/kube-apiserver
|
enabled: false
|
||||||
version: "{{kube_version}}"
|
|
||||||
sha256: "{{vars['kube_checksum'][kube_version]['kube_apiserver']}}"
|
|
||||||
source_url: "{{ apiserver_download_url }}"
|
|
||||||
url: "{{ apiserver_download_url }}"
|
|
||||||
owner: "kube"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
download:
|
download:
|
||||||
enabled: "{{ file.enabled|default('true') }}"
|
enabled: "{{ file.enabled|default('true') }}"
|
||||||
|
|
|
@ -1,22 +1,12 @@
|
||||||
kube_checksum:
|
kube_checksum:
|
||||||
v1.2.2:
|
v1.2.2:
|
||||||
kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de
|
|
||||||
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
|
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
|
||||||
kubelet: f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b
|
|
||||||
v1.2.3:
|
v1.2.3:
|
||||||
kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9
|
|
||||||
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
|
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
|
||||||
kubelet_checksum: 633bb41c51c5c0df0645dd60ba82b12eba39d009eb87bae9227de7d9a89c0797
|
|
||||||
v1.2.4:
|
v1.2.4:
|
||||||
kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e
|
|
||||||
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
|
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
|
||||||
kubelet: 4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341
|
|
||||||
v1.2.5:
|
v1.2.5:
|
||||||
kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33
|
|
||||||
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
|
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
|
||||||
kubelet: cd15b929f0190876216f397c2c6e7aa8c08d3b047fd90b4980cd68c8f4896211
|
|
||||||
v1.3.0:
|
v1.3.0:
|
||||||
kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd
|
|
||||||
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
|
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
|
||||||
kubelet: bd5f10ccb95fe6e95ddf7ad8a119195c27cb2bce4be6f80c1810ff1a2111496d
|
|
||||||
kube_version: v1.3.0
|
kube_version: v1.3.0
|
||||||
|
|
|
@ -2,7 +2,5 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.kubernetes_kubectl }}"
|
file: "{{ downloads.kubernetes_kubectl }}"
|
||||||
- role: download
|
|
||||||
file: "{{ downloads.kubernetes_apiserver }}"
|
|
||||||
- { role: etcd }
|
- { role: etcd }
|
||||||
- { role: kubernetes/node }
|
- { role: kubernetes/node }
|
||||||
|
|
|
@ -1,52 +1,34 @@
|
||||||
---
|
---
|
||||||
|
- include: pre-upgrade.yml
|
||||||
|
|
||||||
- name: Copy kubectl bash completion
|
- name: Copy kubectl bash completion
|
||||||
copy:
|
copy:
|
||||||
src: kubectl_bash_completion.sh
|
src: kubectl_bash_completion.sh
|
||||||
dest: /etc/bash_completion.d/kubectl.sh
|
dest: /etc/bash_completion.d/kubectl.sh
|
||||||
when: ansible_os_family in ["Debian","RedHat"]
|
when: ansible_os_family in ["Debian","RedHat"]
|
||||||
|
|
||||||
- name: Copy kube-apiserver binary
|
|
||||||
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver"
|
|
||||||
register: kube_apiserver_copy
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Copy kubectl binary
|
- name: Copy kubectl binary
|
||||||
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl"
|
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: install | Write kube-apiserver systemd init file
|
|
||||||
template:
|
|
||||||
src: "kube-apiserver.service.j2"
|
|
||||||
dest: "/etc/systemd/system/kube-apiserver.service"
|
|
||||||
backup: yes
|
|
||||||
when: ansible_service_mgr == "systemd"
|
|
||||||
notify: restart kube-apiserver
|
|
||||||
|
|
||||||
- name: install | Write kube-apiserver initd script
|
|
||||||
template:
|
|
||||||
src: "deb-kube-apiserver.initd.j2"
|
|
||||||
dest: "/etc/init.d/kube-apiserver"
|
|
||||||
owner: root
|
|
||||||
mode: 0755
|
|
||||||
backup: yes
|
|
||||||
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian"
|
|
||||||
|
|
||||||
- name: Write kube-apiserver config file
|
|
||||||
template:
|
|
||||||
src: "kube-apiserver.j2"
|
|
||||||
dest: "{{ kube_config_dir }}/kube-apiserver.env"
|
|
||||||
backup: yes
|
|
||||||
notify: restart kube-apiserver
|
|
||||||
|
|
||||||
- name: Allow apiserver to bind on both secure and insecure ports
|
|
||||||
shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
- include: start.yml
|
- name: Write kube-apiserver manifest
|
||||||
with_items: "{{ groups['kube-master'] }}"
|
template:
|
||||||
when: "{{ hostvars[item].inventory_hostname == inventory_hostname }}"
|
src: manifests/kube-apiserver.manifest.j2
|
||||||
|
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
|
||||||
|
register: apiserver_manifest
|
||||||
|
|
||||||
|
- name: restart kubelet
|
||||||
|
service:
|
||||||
|
name: kubelet
|
||||||
|
state: restarted
|
||||||
|
when: apiserver_manifest.changed
|
||||||
|
|
||||||
|
- name: wait for the apiserver to be running
|
||||||
|
wait_for:
|
||||||
|
port: "{{kube_apiserver_insecure_port}}"
|
||||||
|
timeout: 60
|
||||||
|
|
||||||
# Create kube-system namespace
|
# Create kube-system namespace
|
||||||
- name: copy 'kube-system' namespace manifest
|
- name: copy 'kube-system' namespace manifest
|
||||||
|
@ -61,17 +43,13 @@
|
||||||
failed_when: False
|
failed_when: False
|
||||||
run_once: yes
|
run_once: yes
|
||||||
|
|
||||||
- name: wait for the apiserver to be running
|
|
||||||
wait_for:
|
|
||||||
port: "{{kube_apiserver_insecure_port}}"
|
|
||||||
timeout: 60
|
|
||||||
|
|
||||||
- name: Create 'kube-system' namespace
|
- name: Create 'kube-system' namespace
|
||||||
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
|
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
|
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
# Write manifests
|
# Write other manifests
|
||||||
- name: Write kube-controller-manager manifest
|
- name: Write kube-controller-manager manifest
|
||||||
template:
|
template:
|
||||||
src: manifests/kube-controller-manager.manifest.j2
|
src: manifests/kube-controller-manager.manifest.j2
|
||||||
|
@ -81,9 +59,3 @@
|
||||||
template:
|
template:
|
||||||
src: manifests/kube-scheduler.manifest.j2
|
src: manifests/kube-scheduler.manifest.j2
|
||||||
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
|
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
|
||||||
|
|
||||||
- name: restart kubelet
|
|
||||||
service:
|
|
||||||
name: kubelet
|
|
||||||
state: restarted
|
|
||||||
changed_when: false
|
|
||||||
|
|
25
roles/kubernetes/master/tasks/pre-upgrade.yml
Normal file
25
roles/kubernetes/master/tasks/pre-upgrade.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
- name: "Pre-upgrade | check for kube-apiserver unit file"
|
||||||
|
stat:
|
||||||
|
path: /etc/systemd/system/kube-apiserver.service
|
||||||
|
register: kube_apiserver_service_file
|
||||||
|
|
||||||
|
- name: "Pre-upgrade | check for kube-apiserver init script"
|
||||||
|
stat:
|
||||||
|
path: /etc/init.d/kube-apiserver
|
||||||
|
register: kube_apiserver_init_script
|
||||||
|
|
||||||
|
- name: "Pre-upgrade | stop kube-apiserver if service defined"
|
||||||
|
service:
|
||||||
|
name: kube-apiserver
|
||||||
|
state: stopped
|
||||||
|
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||||
|
|
||||||
|
- name: "Pre-upgrade | remove kube-apiserver service definition"
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||||
|
with_items:
|
||||||
|
- /etc/systemd/system/kube-apiserver.service
|
||||||
|
- /etc/init.d/kube-apiserver
|
|
@ -1,22 +0,0 @@
|
||||||
---
|
|
||||||
- name: Pause
|
|
||||||
pause: seconds=10
|
|
||||||
|
|
||||||
- name: reload systemd
|
|
||||||
command: systemctl daemon-reload
|
|
||||||
when: ansible_service_mgr == "systemd" and restart_apimaster is defined and restart_apimaster == True
|
|
||||||
|
|
||||||
- name: reload kube-apiserver
|
|
||||||
service:
|
|
||||||
name: kube-apiserver
|
|
||||||
state: restarted
|
|
||||||
enabled: yes
|
|
||||||
when: ( restart_apimaster is defined and restart_apimaster == True) or
|
|
||||||
secret_changed | default(false)
|
|
||||||
|
|
||||||
- name: Enable apiserver
|
|
||||||
service:
|
|
||||||
name: kube-apiserver
|
|
||||||
enabled: yes
|
|
||||||
state: started
|
|
||||||
when: restart_apimaster is not defined or restart_apimaster == False
|
|
|
@ -1,118 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: kube-apiserver
|
|
||||||
# Required-Start: $local_fs $network $syslog
|
|
||||||
# Required-Stop:
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: The Kubernetes apiserver
|
|
||||||
# Description:
|
|
||||||
# The Kubernetes apiserver.
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
|
|
||||||
# PATH should only include /usr/* if it runs after the mountnfs.sh script
|
|
||||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
|
||||||
DESC="The Kubernetes apiserver"
|
|
||||||
NAME=kube-apiserver
|
|
||||||
DAEMON={{ bin_dir }}/kube-apiserver
|
|
||||||
DAEMON_LOG_FILE=/var/log/$NAME.log
|
|
||||||
PIDFILE=/var/run/$NAME.pid
|
|
||||||
SCRIPTNAME=/etc/init.d/$NAME
|
|
||||||
DAEMON_USER=root
|
|
||||||
|
|
||||||
# Exit if the package is not installed
|
|
||||||
[ -x "$DAEMON" ] || exit 0
|
|
||||||
|
|
||||||
# Read configuration variable file if it is present
|
|
||||||
[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env
|
|
||||||
|
|
||||||
# Define LSB log_* functions.
|
|
||||||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
|
|
||||||
# and status_of_proc is working.
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
#
|
|
||||||
# Function that starts the daemon/service
|
|
||||||
#
|
|
||||||
do_start()
|
|
||||||
{
|
|
||||||
# Return
|
|
||||||
# 0 if daemon has been started
|
|
||||||
# 1 if daemon was already running
|
|
||||||
# 2 if daemon could not be started
|
|
||||||
start-stop-daemon --start --quiet --background --no-close \
|
|
||||||
--make-pidfile --pidfile $PIDFILE \
|
|
||||||
--exec $DAEMON -c $DAEMON_USER --test > /dev/null \
|
|
||||||
|| return 1
|
|
||||||
start-stop-daemon --start --quiet --background --no-close \
|
|
||||||
--make-pidfile --pidfile $PIDFILE \
|
|
||||||
--exec $DAEMON -c $DAEMON_USER -- \
|
|
||||||
$DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \
|
|
||||||
|| return 2
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Function that stops the daemon/service
|
|
||||||
#
|
|
||||||
do_stop()
|
|
||||||
{
|
|
||||||
# Return
|
|
||||||
# 0 if daemon has been stopped
|
|
||||||
# 1 if daemon was already stopped
|
|
||||||
# 2 if daemon could not be stopped
|
|
||||||
# other if a failure occurred
|
|
||||||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
|
|
||||||
RETVAL="$?"
|
|
||||||
[ "$RETVAL" = 2 ] && return 2
|
|
||||||
# Many daemons don't delete their pidfiles when they exit.
|
|
||||||
rm -f $PIDFILE
|
|
||||||
return "$RETVAL"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
log_daemon_msg "Starting $DESC" "$NAME"
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0|1) log_end_msg 0 || exit 0 ;;
|
|
||||||
2) log_end_msg 1 || exit 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
|
||||||
do_stop
|
|
||||||
case "$?" in
|
|
||||||
0|1) log_end_msg 0 ;;
|
|
||||||
2) exit 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart|force-reload)
|
|
||||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
|
||||||
do_stop
|
|
||||||
case "$?" in
|
|
||||||
0|1)
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0) log_end_msg 0 ;;
|
|
||||||
1) log_end_msg 1 ;; # Old process is still running
|
|
||||||
*) log_end_msg 1 ;; # Failed to start
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Failed to stop
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
|
|
||||||
exit 3
|
|
||||||
;;
|
|
||||||
esac
|
|
|
@ -1,58 +0,0 @@
|
||||||
###
|
|
||||||
# kubernetes system config
|
|
||||||
#
|
|
||||||
# The following values are used to configure the kube-apiserver
|
|
||||||
|
|
||||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
|
||||||
# Logging directory
|
|
||||||
KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true"
|
|
||||||
{% else %}
|
|
||||||
# logging to stderr means we get it in the systemd journal
|
|
||||||
KUBE_LOGGING="--logtostderr=true"
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Apiserver Log level, 0 is debug
|
|
||||||
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
|
||||||
|
|
||||||
# The port on the local server to listen on.
|
|
||||||
KUBE_API_PORT="--insecure-port={{kube_apiserver_insecure_port}} --secure-port={{ kube_apiserver_port }}"
|
|
||||||
|
|
||||||
# Insecure API address (default is localhost)
|
|
||||||
KUBE_API_INSECURE_BIND="--insecure-bind-address={{ kube_apiserver_insecure_bind_address | default('127.0.0.1') }}"
|
|
||||||
|
|
||||||
# Address range to use for services
|
|
||||||
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range={{ kube_service_addresses }}"
|
|
||||||
|
|
||||||
# Location of the etcd cluster
|
|
||||||
KUBE_ETCD_SERVERS="--etcd_servers={{ etcd_access_endpoint }}"
|
|
||||||
|
|
||||||
# Bind address for secure endpoint
|
|
||||||
KUBE_API_ADDRESS="--bind-address={{ ip | default(ansible_default_ipv4.address) }}"
|
|
||||||
|
|
||||||
# default admission control policies
|
|
||||||
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"
|
|
||||||
|
|
||||||
# RUNTIME API CONFIGURATION (e.g. enable extensions)
|
|
||||||
KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}"
|
|
||||||
|
|
||||||
# TLS CONFIGURATION
|
|
||||||
KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private_key_file={{ kube_cert_dir }}/apiserver-key.pem --client_ca_file={{ kube_cert_dir }}/ca.pem"
|
|
||||||
|
|
||||||
# Add you own!
|
|
||||||
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem --advertise-address={{ ip | default(ansible_default_ipv4.address) }}"
|
|
||||||
|
|
||||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
||||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
|
||||||
{% else %}
|
|
||||||
{# TODO: gce and aws don't need the cloud provider to be set? #}
|
|
||||||
KUBELET_CLOUDPROVIDER=""
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
|
||||||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_API_INSECURE_BIND \
|
|
||||||
$KUBE_SERVICE_ADDRESSES $KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG \
|
|
||||||
$KUBE_TLS_CONFIG $KUBE_API_ARGS $KUBELET_CLOUDPROVIDER"
|
|
||||||
{% endif %}
|
|
|
@ -1,30 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=Kubernetes API Server
|
|
||||||
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
|
||||||
Wants=etcd-proxy.service
|
|
||||||
After=etcd-proxy.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
EnvironmentFile=/etc/kubernetes/kube-apiserver.env
|
|
||||||
User=kube
|
|
||||||
ExecStart={{ bin_dir }}/kube-apiserver \
|
|
||||||
$KUBE_LOGTOSTDERR \
|
|
||||||
$KUBE_LOG_LEVEL \
|
|
||||||
$KUBE_ETCD_SERVERS \
|
|
||||||
$KUBE_API_ADDRESS \
|
|
||||||
$KUBE_API_PORT \
|
|
||||||
$KUBE_API_INSECURE_BIND \
|
|
||||||
$KUBELET_PORT \
|
|
||||||
$KUBE_ALLOW_PRIV \
|
|
||||||
$KUBE_SERVICE_ADDRESSES \
|
|
||||||
$KUBE_ADMISSION_CONTROL \
|
|
||||||
$KUBE_RUNTIME_CONFIG \
|
|
||||||
$KUBE_TLS_CONFIG \
|
|
||||||
$KUBE_API_ARGS \
|
|
||||||
$KUBELET_CLOUDPROVIDER
|
|
||||||
Restart=on-failure
|
|
||||||
Type=notify
|
|
||||||
LimitNOFILE=65536
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -2,6 +2,7 @@ apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: kube-apiserver
|
name: kube-apiserver
|
||||||
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
|
@ -12,12 +13,14 @@ spec:
|
||||||
- apiserver
|
- apiserver
|
||||||
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --etcd-servers={{ etcd_access_endpoint }}
|
- --etcd-servers={{ etcd_access_endpoint }}
|
||||||
|
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address | default('127.0.0.1') }}
|
||||||
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
||||||
- --service-cluster-ip-range={{ kube_service_addresses }}
|
- --service-cluster-ip-range={{ kube_service_addresses }}
|
||||||
- --client-ca-file={{ kube_cert_dir }}/ca.pem
|
- --client-ca-file={{ kube_cert_dir }}/ca.pem
|
||||||
- --basic-auth-file={{ kube_users_dir }}/known_users.csv
|
- --basic-auth-file={{ kube_users_dir }}/known_users.csv
|
||||||
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
|
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
|
||||||
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
||||||
|
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
|
||||||
- --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
- --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
||||||
- --secure-port={{ kube_apiserver_port }}
|
- --secure-port={{ kube_apiserver_port }}
|
||||||
- --insecure-port={{ kube_apiserver_insecure_port }}
|
- --insecure-port={{ kube_apiserver_insecure_port }}
|
||||||
|
@ -26,16 +29,13 @@ spec:
|
||||||
- --runtime-config={{ conf }}
|
- --runtime-config={{ conf }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
|
|
||||||
- --v={{ kube_log_level | default('2') }}
|
- --v={{ kube_log_level | default('2') }}
|
||||||
- --allow-privileged=true
|
- --allow-privileged=true
|
||||||
ports:
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||||
- containerPort: {{ kube_apiserver_port }}
|
- --cloud-provider={{ cloud_provider }}
|
||||||
hostPort: {{ kube_apiserver_port }}
|
- --cloud-config={{ kube_config_dir }}/cloud_config
|
||||||
name: https
|
{% endif %}
|
||||||
- containerPort: {{ kube_apiserver_insecure_port }}
|
- 2>&1 >> {{ kube_log_dir }}/kube-apiserver.log
|
||||||
hostPort: {{ kube_apiserver_insecure_port }}
|
|
||||||
name: local
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: {{ kube_config_dir }}
|
- mountPath: {{ kube_config_dir }}
|
||||||
name: kubernetes-config
|
name: kubernetes-config
|
||||||
|
@ -43,6 +43,8 @@ spec:
|
||||||
- mountPath: /etc/ssl/certs
|
- mountPath: /etc/ssl/certs
|
||||||
name: ssl-certs-host
|
name: ssl-certs-host
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- mountPath: /var/log/
|
||||||
|
name: logfile
|
||||||
volumes:
|
volumes:
|
||||||
- hostPath:
|
- hostPath:
|
||||||
path: {{ kube_config_dir }}
|
path: {{ kube_config_dir }}
|
||||||
|
@ -50,3 +52,6 @@ spec:
|
||||||
- hostPath:
|
- hostPath:
|
||||||
path: /etc/ssl/certs/
|
path: /etc/ssl/certs/
|
||||||
name: ssl-certs-host
|
name: ssl-certs-host
|
||||||
|
- hostPath:
|
||||||
|
path: /var/log/
|
||||||
|
name: logfile
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download #For kube_version
|
||||||
file: "{{ downloads.kubernetes_kubelet }}"
|
file: "{{ downloads.nothing }}"
|
||||||
- role: kubernetes/secrets
|
- role: kubernetes/secrets
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat"
|
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat"
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
|
|
||||||
- name: install | Install kubelet binary
|
- name: install | Install kubelet launch script
|
||||||
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet"
|
template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
|
||||||
register: kubelet_copy
|
register: kubelet_launcher
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
- name: Restart kubelet if binary changed
|
- name: Restart kubelet if binary changed
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
when: kubelet_copy.stdout_lines
|
when: kubelet_launcher.changed
|
||||||
|
|
||||||
# reload-systemd
|
# reload-systemd
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
15
roles/kubernetes/node/templates/kubelet-container.j2
Normal file
15
roles/kubernetes/node/templates/kubelet-container.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
/usr/bin/docker run --privileged --rm \
|
||||||
|
--net=host --pid=host --name=kubelet \
|
||||||
|
-v /etc/cni:/etc/cni:ro \
|
||||||
|
-v /opt/cni:/opt/cni:ro \
|
||||||
|
-v /etc/kubernetes:/etc/kubernetes \
|
||||||
|
-v /sys:/sys \
|
||||||
|
-v /dev:/dev \
|
||||||
|
-v /var/lib/docker:/var/lib/docker \
|
||||||
|
-v /var/run:/var/run \
|
||||||
|
-v /var/lib/kubelet:/var/lib/kubelet \
|
||||||
|
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
|
||||||
|
nsenter --target=1 --mount --wd=. -- \
|
||||||
|
./hyperkube kubelet \
|
||||||
|
$@
|
|
@ -6,7 +6,6 @@ KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true"
|
||||||
KUBE_LOGGING="--logtostderr=true"
|
KUBE_LOGGING="--logtostderr=true"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
||||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
|
||||||
{% if inventory_hostname in groups['kube-node'] %}
|
{% if inventory_hostname in groups['kube-node'] %}
|
||||||
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -15,7 +14,7 @@ KUBELET_ADDRESS="--address={{ ip | default("0.0.0.0") }}"
|
||||||
# The port for the info server to serve on
|
# The port for the info server to serve on
|
||||||
# KUBELET_PORT="--port=10250"
|
# KUBELET_PORT="--port=10250"
|
||||||
# You may leave this blank to use the actual hostname
|
# You may leave this blank to use the actual hostname
|
||||||
KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
|
KUBELET_HOSTNAME="--hostname-override={{ inventory_hostname }}"
|
||||||
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
|
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
|
||||||
KUBELET_REGISTER_NODE="--register-node=false"
|
KUBELET_REGISTER_NODE="--register-node=false"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -26,12 +25,12 @@ KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} -
|
||||||
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
|
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
|
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
|
||||||
KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d"
|
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
|
||||||
{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
|
{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
|
||||||
DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
|
DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
# Should this cluster be allowed to run privileged docker containers
|
||||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
KUBE_ALLOW_PRIV="--allow-privileged=true"
|
||||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
|
@ -22,7 +22,10 @@ ExecStart={{ bin_dir }}/kubelet \
|
||||||
$KUBELET_REGISTER_NODE \
|
$KUBELET_REGISTER_NODE \
|
||||||
$KUBELET_NETWORK_PLUGIN \
|
$KUBELET_NETWORK_PLUGIN \
|
||||||
$KUBELET_CLOUDPROVIDER
|
$KUBELET_CLOUDPROVIDER
|
||||||
Restart=on-failure
|
ExecStartPre=-/usr/bin/docker rm -f kubelet
|
||||||
|
ExecReload=/usr/bin/docker restart kubelet
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10s
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
/usr/bin/docker run --privileged --rm \
|
/usr/bin/docker run --privileged --rm \
|
||||||
--net=host -e ETCD_AUTHORITY={{ etcd_authority }} \
|
--net=host --pid=host -e ETCD_AUTHORITY={{ etcd_authority }} \
|
||||||
-v /usr/bin/docker:/usr/bin/docker \
|
-v /usr/bin/docker:/usr/bin/docker \
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
-v /var/run/calico:/var/run/calico \
|
-v /var/run/calico:/var/run/calico \
|
||||||
|
|
|
@ -60,15 +60,6 @@ downloads:
|
||||||
owner: "etcd"
|
owner: "etcd"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: kubernetes-kubelet
|
|
||||||
version: "{{kube_version}}"
|
|
||||||
dest: kubernetes/bin/kubelet
|
|
||||||
sha256: "{{vars['kube_checksum'][kube_version]['kubelet']}}"
|
|
||||||
source_url: "{{ kube_download_url }}/kubelet"
|
|
||||||
url: "{{ kube_download_url }}/kubelet"
|
|
||||||
owner: "kube"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
||||||
- name: kubernetes-kubectl
|
- name: kubernetes-kubectl
|
||||||
dest: kubernetes/bin/kubectl
|
dest: kubernetes/bin/kubectl
|
||||||
version: "{{kube_version}}"
|
version: "{{kube_version}}"
|
||||||
|
@ -77,12 +68,3 @@ downloads:
|
||||||
url: "{{ kube_download_url }}/kubectl"
|
url: "{{ kube_download_url }}/kubectl"
|
||||||
owner: "kube"
|
owner: "kube"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: kubernetes-apiserver
|
|
||||||
dest: kubernetes/bin/kube-apiserver
|
|
||||||
version: "{{kube_version}}"
|
|
||||||
sha256: "{{vars['kube_checksum'][kube_version]['kube_apiserver']}}"
|
|
||||||
source_url: "{{ kube_download_url }}/kube-apiserver"
|
|
||||||
url: "{{ kube_download_url }}/kube-apiserver"
|
|
||||||
owner: "kube"
|
|
||||||
mode: "0755"
|
|
||||||
|
|
|
@ -2,21 +2,16 @@ kube_checksum:
|
||||||
v1.2.2:
|
v1.2.2:
|
||||||
kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de
|
kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de
|
||||||
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
|
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
|
||||||
kubelet: f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b
|
|
||||||
v1.2.3:
|
v1.2.3:
|
||||||
kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9
|
kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9
|
||||||
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
|
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
|
||||||
kubelet_checksum: 633bb41c51c5c0df0645dd60ba82b12eba39d009eb87bae9227de7d9a89c0797
|
|
||||||
v1.2.4:
|
v1.2.4:
|
||||||
kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e
|
kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e
|
||||||
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
|
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
|
||||||
kubelet: 4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341
|
|
||||||
v1.2.5:
|
v1.2.5:
|
||||||
kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33
|
kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33
|
||||||
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
|
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
|
||||||
kubelet: cd15b929f0190876216f397c2c6e7aa8c08d3b047fd90b4980cd68c8f4896211
|
|
||||||
v1.3.0:
|
v1.3.0:
|
||||||
kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd
|
kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd
|
||||||
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
|
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
|
||||||
kubelet: bd5f10ccb95fe6e95ddf7ad8a119195c27cb2bce4be6f80c1810ff1a2111496d
|
|
||||||
kube_version: v1.3.0
|
kube_version: v1.3.0
|
||||||
|
|
Loading…
Reference in a new issue