C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' of https://github.com/kubespray/kargo

Browse source
This commit is contained in:
Mark Lee 2017-02-08 19:19:26 +09:00
commit 5a2de36a55
13 changed files with 48 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/netcheck.md
View file

@ -2,7 +2,7 @@ Network Checker Application
===========================
With the ``deploy_netchecker`` var enabled (defaults to false), Kargo deploys a
Network Checker Application from the 3rd side `l23network/mcp-netchecker` docker
Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker
images. It consists of the server and agents trying to reach the server by usual
for Kubernetes applications network connectivity meanings. Therefore, this
automagically verifies a pod to pod connectivity via the cluster IP and checks
@ -25,8 +25,8 @@ There are related application specifc variables:
netchecker_port: 31081
agent_report_interval: 15
netcheck_namespace: default
agent_img: "quay.io/l23network/mcp-netchecker-agent:v0.1"
server_img: "quay.io/l23network/mcp-netchecker-server:v0.1"
agent_img: "quay.io/l23network/k8s-netchecker-agent:v1.0"
server_img: "quay.io/l23network/k8s-netchecker-server:v1.0"
```
Note that the application verifies DNS resolve for FQDNs comprising only the

14
roles/download/defaults/main.yml
View file

@ -59,11 +59,9 @@ hyperkube_image_repo: "quay.io/coreos/hyperkube"
hyperkube_image_tag: "{{ kube_version }}_coreos.0"
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
pod_infra_image_tag: "{{ pod_infra_version }}"
netcheck_tag: v0.1
netcheck_kubectl_tag: v0.18.0-120-gaeb4ac55ad12b1-dirty
netcheck_agent_img_repo: "quay.io/l23network/mcp-netchecker-agent"
netcheck_server_img_repo: "quay.io/l23network/mcp-netchecker-server"
netcheck_kubectl_img_repo: "gcr.io/google_containers/kubectl"
netcheck_tag: "v1.0"
netcheck_agent_img_repo: "quay.io/l23network/k8s-netchecker-agent"
netcheck_server_img_repo: "quay.io/l23network/k8s-netchecker-server"
weave_kube_image_repo: "weaveworks/weave-kube"
weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "weaveworks/weave-npc"
@ -96,12 +94,6 @@ downloads:
tag: "{{ netcheck_tag }}"
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
enabled: "{{ deploy_netchecker|bool }}"
netcheck_kubectl:
container: true
repo: "{{ netcheck_kubectl_img_repo }}"
tag: "{{ netcheck_kubectl_tag }}"
sha256: "{{ netcheck_kubectl_digest_checksum|default(None) }}"
enabled: "{{ deploy_netchecker|bool }}"
etcd:
version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"

7
roles/etcd/defaults/main.yml
View file

@ -7,6 +7,11 @@ etcd_cert_group: root
etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
etcd_heartbeat_interval: "250"
etcd_election_timeout: "5000"
# Limits
etcd_memory_limit: 512M
etcd_cpu_limit: 300m
# Uncomment to set CPU share for etcd
#etcd_cpu_limit: 300m

7
roles/etcd/templates/etcd-docker.service.j2
View file

@ -14,7 +14,12 @@ ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
-v /etc/ssl/certs:/etc/ssl/certs:ro \
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
-v /var/lib/etcd:/var/lib/etcd:rw \
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
{% if etcd_memory_limit is defined %}
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
{% endif %}
{% if etcd_cpu_limit is defined %}
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
{% endif %}
--name={{ etcd_member_name | default("etcd") }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %}

3
roles/etcd/templates/etcd.j2
View file

@ -4,7 +4,8 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
ETCD_ELECTION_TIMEOUT=10000
ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
ETCD_NAME={{ etcd_member_name }}

5
roles/kubernetes-apps/ansible/defaults/main.yml
View file

@ -31,7 +31,6 @@ agent_report_interval: 15
netcheck_namespace: default
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_tag }}"
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_tag }}"
kubectl_image: "{{ netcheck_kubectl_img_repo }}:{{ netcheck_kubectl_tag }}"
# Limits for netchecker apps
netchecker_agent_cpu_limit: 30m
@ -42,10 +41,6 @@ netchecker_server_cpu_limit: 100m
netchecker_server_memory_limit: 256M
netchecker_server_cpu_requests: 50m
netchecker_server_memory_requests: 128M
netchecker_kubectl_cpu_limit: 30m
netchecker_kubectl_memory_limit: 128M
netchecker_kubectl_cpu_requests: 15m
netchecker_kubectl_memory_requests: 64M
# SSL
etcd_cert_dir: "/etc/ssl/etcd/ssl"

7
roles/kubernetes-apps/ansible/templates/netchecker-agent-ds.yml
View file

@ -20,8 +20,11 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: REPORT_INTERVAL
value: '{{ agent_report_interval }}'
args:
- "-v=5"
- "-alsologtostderr=true"
- "-serverendpoint=netchecker-service:8081"
- "-reportinterval={{ agent_report_interval }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:

7
roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.yml
View file

@ -21,8 +21,11 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: REPORT_INTERVAL
value: '{{ agent_report_interval }}'
args:
- "-v=5"
- "-alsologtostderr=true"
- "-serverendpoint=netchecker-service:8081"
- "-reportinterval={{ agent_report_interval }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:

15
roles/kubernetes-apps/ansible/templates/netchecker-server-pod.yml
View file

@ -21,15 +21,8 @@ spec:
ports:
- containerPort: 8081
hostPort: 8081
- name: kubectl-proxy
image: "{{ kubectl_image }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:
cpu: {{ netchecker_kubectl_cpu_limit }}
memory: {{ netchecker_kubectl_memory_limit }}
requests:
cpu: {{ netchecker_kubectl_cpu_requests }}
memory: {{ netchecker_kubectl_memory_requests }}
args:
- proxy
- "-v=5"
- "-logtostderr"
- "-kubeproxyinit"
- "-endpoint=0.0.0.0:8081"

4
roles/kubernetes-apps/meta/main.yaml
View file

@ -12,9 +12,5 @@ dependencies:
file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker
tags: [download, netchecker]
- {role: kubernetes-apps/ansible, tags: apps}
- {role: kubernetes-apps/kpm, tags: [apps, kpm]}

4
roles/kubernetes/node/defaults/main.yml
View file

@ -29,3 +29,7 @@ nginx_image_repo: nginx
nginx_image_tag: 1.11.4-alpine
etcd_config_dir: /etc/ssl/etcd
# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"

4
roles/kubernetes/node/meta/main.yml
View file

@ -22,10 +22,6 @@ dependencies:
file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download
file: "{{ downloads.kubednsmasq }}"
tags: [download, dnsmasq]

10
roles/kubernetes/node/tasks/main.yml
View file

@ -21,6 +21,16 @@
notify: restart kubelet
tags: kubelet
- name: Ensure nodePort range is reserved
sysctl:
name: net.ipv4.ip_local_reserved_ports
value: "{{ kube_apiserver_node_port_range }}"
sysctl_set: yes
state: present
reload: yes
when: kube_apiserver_node_port_range is defined
tags: kube-proxy
- name: Write proxy manifest
template:
src: manifests/kube-proxy.manifest.j2