Merge pull request #1208 from mattymo/1.6-flannel

Update to k8s 1.6 with flannel and centos fixes

inventory/group_vars/k8s-cluster.yml

@@ -32,7 +32,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: false
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.5.3
+kube_version: v1.6.1
 
 # Where the binaries will be downloaded.
 # Note: ensure that you've enough disk space (about 1G)

roles/dnsmasq/tasks/main.yml

@@ -65,7 +65,8 @@
     - {name: dnsmasq, file: dnsmasq-svc.yml, type: svc}
     - {name: dnsmasq-autoscaler, file: dnsmasq-autoscaler.yml, type: deployment}
   register: manifests
-  when: inventory_hostname == groups['kube-master'][0]
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
 
 - name: Start Resources
   kube:
@@ -76,7 +77,8 @@
     filename: "{{kube_config_dir}}/{{item.item.file}}"
     state: "{{item.changed | ternary('latest','present') }}"
   with_items: "{{ manifests.results }}"
-  when: inventory_hostname == groups['kube-master'][0]
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
 
 - name: Check for dnsmasq port (pulling image and running container)
   wait_for:

roles/docker/templates/docker-options.conf.j2

@@ -1,2 +1,3 @@
 [Service]
-Environment="DOCKER_OPTS={% if docker_options is defined %}{{ docker_options }}{% endif %} --iptables={% if kube_network_plugin == 'flannel' %}true{% else %}false{% endif %}"
+Environment="DOCKER_OPTS={{ docker_options | default('') }} \
+--iptables={% if kube_network_plugin == 'flannel' %}true{% else %}false{% endif %}"

roles/download/defaults/main.yml

@@ -18,7 +18,7 @@ download_localhost: False
 download_always_pull: False
 
 # Versions
-kube_version: v1.5.3
+kube_version: v1.6.1
 etcd_version: v3.0.6
 #TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download

roles/kargo-defaults/defaults/main.yaml

@@ -4,7 +4,7 @@ bootstrap_os: none
 kube_api_anonymous_auth: false
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.5.3
+kube_version: v1.6.1
 
 # Directory where the binaries will be installed
 bin_dir: /usr/local/bin

roles/kubernetes-apps/ansible/templates/netchecker-agent-hostnet-ds.j2

@@ -13,9 +13,9 @@ spec:
         app: netchecker-agent-hostnet
     spec:
       hostNetwork: True
-{%- if kube_version | version_compare('v1.6', '>=')  -%}
+{% if kube_version | version_compare('v1.6', '>=') %}
       dnsPolicy: ClusterFirstWithHostNet
-{%- endif -%}
+{% endif %}
       containers:
         - name: netchecker-agent
           image: "{{ agent_img }}"

roles/kubernetes/node/defaults/main.yml

@@ -10,6 +10,14 @@ kube_proxy_mode: iptables
 # policy engine.
 kube_proxy_masquerade_all: false
 
+# These options reflect limitations of running kubelet in a container.
+# Modify at your own risk
+kubelet_enable_cri: false
+kubelet_cgroups_per_qos: false
+# Set to empty to avoid cgroup creation
+kubelet_enforce_node_allocatable: ""
+
+
 # Limits for kube components and nginx load balancer app
 kubelet_memory_limit: 512M
 kubelet_cpu_limit: 100m

roles/kubernetes/node/templates/kubelet.j2

@@ -12,7 +12,9 @@ KUBELET_HOSTNAME="--hostname-override={{ ansible_hostname }}"
 {% set kubelet_args_base %}--pod-manifest-path={{ kube_manifest_dir }} \
 --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \
 --kube-reserved cpu={{ kubelet_cpu_limit }},memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} \
---node-status-update-frequency={{ kubelet_status_update_frequency }}{% endset %}
+--node-status-update-frequency={{ kubelet_status_update_frequency }} \
+--enable-cri={{ kubelet_enable_cri }} --cgroups-per-qos={{ kubelet_cgroups_per_qos }} \
+ --enforce-node-allocatable='{{ kubelet_enforce_node_allocatable }}'{% endset %}
 
 {# DNS settings for kubelet #}
 {% if dns_mode == 'kubedns' %}

roles/kubernetes/preinstall/handlers/main.yml

@@ -4,9 +4,7 @@
     - Preinstall | reload network
     - Preinstall | reload kubelet
     - Preinstall | kube-controller configured
-    - Preinstall | stop controller
+    - Preinstall | restart kube-controller-manager
-    - Preinstall | pause for controller
-    - Preinstall | restart controller
   when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
 
   # FIXME(bogdando) https://github.com/projectcalico/felix/issues/1185
@@ -38,9 +36,7 @@
     state: restarted
   notify:
     - Preinstall | kube-controller configured
-    - Preinstall | stop controller
+    - Preinstall | restart kube-controller-manager
-    - Preinstall | pause for controller
-    - Preinstall | restart controller
   when: not dns_early|bool
 
 - name: Preinstall | kube-controller configured
@@ -48,21 +44,6 @@
   register: kube_controller_set
   when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
 
-- name: Preinstall | stop controller
+- name: Preinstall | restart kube-controller-manager
-  replace:
+  shell: "docker ps -f name=k8s-controller-manager* -q | xargs --no-run-if-empty docker rm -f"
-    dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
-    regexp: '(\s+)image:\s+.*?$'
-    replace: '\1image: kill.controller.using.fake.image.in:manifest'
   when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and kube_controller_set.stat.exists
-
-- name: Preinstall | pause for controller
-  pause: seconds=20
-  when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and kube_controller_set.stat.exists
-
-- name: Preinstall | restart controller
-  replace:
-    dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
-    regexp: '(\s+)image:\s+.*?$'
-    replace: '\1image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}'
-  when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' and kube_controller_set.stat.exists
-