ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

remove empty when line

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

force kubeadm upgrade due to failure without --force flag

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type

fixes in syntax and LF for newline in files

fix on yamllint check

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

some cleanup for innecesary lines

remove conditions for nodeselector
This commit is contained in:
Pablo Estigarribia 2018-06-05 08:15:20 -03:00
parent 7efe287c74
commit 7cbe3c2171
19 changed files with 85 additions and 1 deletions

View file

@ -93,6 +93,7 @@
roles:
- { role: kubespray-defaults}
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
- { role: win_nodes/kubernetes_patch, tags: win_nodes, when: "kubeadm_enabled" }
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"

View file

@ -52,3 +52,6 @@ spec:
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
- --logtostderr=true
- --v={{ kube_log_level }}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View file

@ -24,6 +24,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: dnsmasq
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"

View file

@ -136,6 +136,15 @@
msg: "{{available_packages}}"
when: docker_task_result|failed
# This is required to ensure any apt upgrade will not break kubernetes
- name: Set docker pin priority to apt_preferences on Debian family
template:
src: "apt_preferences.d/debian_docker.j2"
dest: "/etc/apt/preferences.d/docker"
owner: "root"
mode: 0644
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
- name: ensure service is started if docker packages are already present
service:
name: docker

View file

@ -0,0 +1,3 @@
Package: docker-ce
Pin: version {{ docker_version }}.*
Pin-Priority: 1001

View file

@ -6,7 +6,6 @@
- facts
- include_tasks: "gen_certs_{{ cert_management }}.yml"
when:
tags:
- etcd-secrets

View file

@ -28,6 +28,9 @@ spec:
labels:
k8s-app: kubedns-autoscaler
spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
tolerations:
- effect: NoSchedule
operator: Equal

View file

@ -27,6 +27,9 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"

View file

@ -15,6 +15,9 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: netchecker-agent
image: "{{ agent_img }}"

View file

@ -13,6 +13,9 @@ spec:
app: netchecker-agent-hostnet
spec:
hostNetwork: True
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirstWithHostNet
{% endif %}

View file

@ -29,6 +29,9 @@ spec:
spec:
priorityClassName: system-node-critical
serviceAccountName: efk
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: fluentd-es
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"

View file

@ -42,3 +42,6 @@ spec:
requests:
cpu: 10m
memory: 20Mi
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux

View file

@ -121,6 +121,7 @@
--ignore-preflight-errors=all
--allow-experimental-upgrades
--allow-release-candidate-upgrades
--force
register: kubeadm_upgrade
# Retry is because upload config sometimes fails
retries: 3

View file

@ -12,6 +12,9 @@ spec:
{% if kube_version | version_compare('v1.6', '>=') %}
dnsPolicy: ClusterFirst
{% endif %}
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: kube-proxy
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}

View file

@ -7,6 +7,9 @@ metadata:
k8s-app: kube-nginx
spec:
hostNetwork: true
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: nginx-proxy
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}

View file

@ -53,6 +53,9 @@ spec:
k8s-app: flannel
spec:
serviceAccountName: flannel
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- name: kube-flannel
image: {{ flannel_image_repo }}:{{ flannel_image_tag }}

View file

@ -0,0 +1,3 @@
---
kubernetes_user_manifests_path: "{{ ansible_env.HOME }}/kube-manifests"

View file

@ -0,0 +1 @@
{"spec":{"template":{"spec":{"nodeSelector":{"beta.kubernetes.io/os":"linux"}}}}}

View file

@ -0,0 +1,34 @@
---
- name: Ensure that user manifests directory exists
file:
path: "{{ kubernetes_user_manifests_path }}/kubernetes"
state: directory
recurse: yes
tags: [init, cni]
- name: Apply kube-proxy nodeselector
block:
- name: Copy kube-proxy daemonset nodeselector patch
copy:
src: nodeselector-os-linux-patch.json
dest: "{{ kubernetes_user_manifests_path }}/nodeselector-os-linux-patch.json"
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
- name: Check current nodeselector for kube-proxy daemonset
shell: kubectl get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
register: current_kube_proxy_state
- name: Apply nodeselector patch for kube-proxy daemonset
shell: kubectl patch ds kube-proxy --namespace=kube-system --type=strategic -p "$(cat nodeselector-os-linux-patch.json)"
args:
chdir: "{{ kubernetes_user_manifests_path }}"
register: patch_kube_proxy_state
when: current_kube_proxy_state.stdout | trim | lower != "linux"
- debug: msg={{ patch_kube_proxy_state.stdout_lines }}
when: patch_kube_proxy_state is not skipped
- debug: msg={{ patch_kube_proxy_state.stderr_lines }}
when: patch_kube_proxy_state is not skipped
tags: init