C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename dns_server, add var for selinux. (#1572)

Browse source 
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
This commit is contained in:
Vijay Katam 2017-10-11 12:40:21 -07:00 committed by Matthew Mosesohn
parent e41c0532e3
commit 27ed73e3e3
11 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/ansible.md
View file

@ -157,7 +157,7 @@ ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsma
``` ```
And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files: And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
``` ```
ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf ansible-playbook -i inventory/inventory.ini -e dnsmasq_dns_server='' cluster.yml --tags resolvconf
``` ```
And this prepares all container images localy (at the ansible runner node) without installing And this prepares all container images localy (at the ansible runner node) without installing
or upgrading related stuff or trying to upload container to K8s cluster nodes: or upgrading related stuff or trying to upload container to K8s cluster nodes:

3
docs/vars.md
View file

@ -28,6 +28,7 @@ Some variables of note include:
* *kube_version* - Specify a given Kubernetes hyperkube version * *kube_version* - Specify a given Kubernetes hyperkube version
* *searchdomains* - Array of DNS domains to search when looking up hostnames * *searchdomains* - Array of DNS domains to search when looking up hostnames
* *nameservers* - Array of nameservers to use for DNS lookup * *nameservers* - Array of nameservers to use for DNS lookup
* *preinstall_selinux_state* - Set selinux state, permitted values are permissive and disabled.
#### Addressing variables #### Addressing variables
@ -61,7 +62,7 @@ following default cluster paramters:
* *kube_network_node_prefix* - Subnet allocated per-node for pod IPs. Remainin * *kube_network_node_prefix* - Subnet allocated per-node for pod IPs. Remainin
bits in kube_pods_subnet dictates how many kube-nodes can be in cluster. bits in kube_pods_subnet dictates how many kube-nodes can be in cluster.
* *dns_setup* - Enables dnsmasq * *dns_setup* - Enables dnsmasq
* *dns_server* - Cluster IP for dnsmasq (default is 10.233.0.2) * *dnsmasq_dns_server* - Cluster IP for dnsmasq (default is 10.233.0.2)
* *skydns_server* - Cluster IP for KubeDNS (default is 10.233.0.3) * *skydns_server* - Cluster IP for KubeDNS (default is 10.233.0.3)
* *cloud_provider* - Enable extra Kubelet option if operating inside GCE or * *cloud_provider* - Enable extra Kubelet option if operating inside GCE or
OpenStack (default is unset) OpenStack (default is unset)

2
inventory/group_vars/k8s-cluster.yml
View file

@ -120,7 +120,7 @@ resolvconf_mode: docker_dns
deploy_netchecker: false deploy_netchecker: false
# Ip address of the kubernetes skydns service # Ip address of the kubernetes skydns service
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
dns_domain: "{{ cluster_name }}" dns_domain: "{{ cluster_name }}"
# Path used to store Docker data # Path used to store Docker data

2
roles/dnsmasq/tasks/main.yml
View file

@ -102,7 +102,7 @@
- name: Check for dnsmasq port (pulling image and running container) - name: Check for dnsmasq port (pulling image and running container)
wait_for: wait_for:
host: "{{dns_server}}" host: "{{dnsmasq_dns_server}}"
port: 53 port: 53
timeout: 180 timeout: 180
when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts

2
roles/dnsmasq/templates/dnsmasq-svc.yml
View file

@ -18,6 +18,6 @@ spec:
targetPort: 53 targetPort: 53
protocol: UDP protocol: UDP
type: ClusterIP type: ClusterIP
clusterIP: {{dns_server}} clusterIP: {{dnsmasq_dns_server}}
selector: selector:
k8s-app: dnsmasq k8s-app: dnsmasq

2
roles/docker/tasks/set_facts_dns.yml
View file

@ -6,7 +6,7 @@
{%- if dns_mode == 'kubedns' -%} {%- if dns_mode == 'kubedns' -%}
{{ [ skydns_server ] }} {{ [ skydns_server ] }}
{%- elif dns_mode == 'dnsmasq_kubedns' -%} {%- elif dns_mode == 'dnsmasq_kubedns' -%}
{{ [ dns_server ] }} {{ [ dnsmasq_dns_server ] }}
{%- endif -%} {%- endif -%}
- name: set base docker dns facts - name: set base docker dns facts

2
roles/kubernetes/node/templates/kubelet.standard.env.j2
View file

@ -28,7 +28,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
{% if dns_mode == 'kubedns' %} {% if dns_mode == 'kubedns' %}
{% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }}{% endset %} {% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }}{% endset %}
{% elif dns_mode == 'dnsmasq_kubedns' %} {% elif dns_mode == 'dnsmasq_kubedns' %}
{% set kubelet_args_cluster_dns %}--cluster-dns={{ dns_server }}{% endset %} {% set kubelet_args_cluster_dns %}--cluster-dns={{ dnsmasq_dns_server }}{% endset %}
{% else %} {% else %}
{% set kubelet_args_cluster_dns %}{% endset %} {% set kubelet_args_cluster_dns %}{% endset %}
{% endif %} {% endif %}

2
roles/kubernetes/preinstall/defaults/main.yml
View file

@ -56,3 +56,5 @@ resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
# All inventory hostnames will be written into each /etc/hosts file. # All inventory hostnames will be written into each /etc/hosts file.
populate_inventory_to_hosts_file: true populate_inventory_to_hosts_file: true
preinstall_selinux_state: permissive

4
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -176,10 +176,10 @@
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
register: slc register: slc
- name: Set selinux policy to permissive - name: Set selinux policy
selinux: selinux:
policy: targeted policy: targeted
state: permissive state: "{{ preinstall_selinux_state }}"
when: when:
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- slc.stat.exists == True - slc.stat.exists == True

2
roles/kubernetes/preinstall/tasks/set_resolv_facts.yml
View file

@ -98,7 +98,7 @@
{%- elif dns_early|bool -%} {%- elif dns_early|bool -%}
{{ upstream_dns_servers|default([]) }} {{ upstream_dns_servers|default([]) }}
{%- else -%} {%- else -%}
{{ [ dns_server ] }} {{ [ dnsmasq_dns_server ] }}
{%- endif -%} {%- endif -%}
- name: generate nameservers to resolvconf - name: generate nameservers to resolvconf

2
roles/kubespray-defaults/defaults/main.yaml
View file

@ -36,7 +36,7 @@ resolvconf_mode: docker_dns
deploy_netchecker: false deploy_netchecker: false
# Ip address of the kubernetes skydns service # Ip address of the kubernetes skydns service
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
dns_domain: "{{ cluster_name }}" dns_domain: "{{ cluster_name }}"
# Kubernetes configuration dirs and system namespace. # Kubernetes configuration dirs and system namespace.