diff --git a/.travis.yml b/.travis.yml index 00e27304e..6c26cd110 100644 --- a/.travis.yml +++ b/.travis.yml @@ -58,18 +58,18 @@ env: CLOUD_IMAGE=rhel-7-sudo CLOUD_REGION=europe-west1-b - # Ubuntu 14.04 + # Ubuntu 16.04 - >- KUBE_NETWORK_PLUGIN=flannel - CLOUD_IMAGE=ubuntu-1404-trusty + CLOUD_IMAGE=ubuntu-1604-xenial CLOUD_REGION=us-central1-c - >- KUBE_NETWORK_PLUGIN=calico - CLOUD_IMAGE=ubuntu-1404-trusty + CLOUD_IMAGE=ubuntu-1604-xenial CLOUD_REGION=us-east1-d - >- KUBE_NETWORK_PLUGIN=weave - CLOUD_IMAGE=ubuntu-1404-trusty + CLOUD_IMAGE=ubuntu-1604-xenial CLOUD_REGION=asia-east1-c # Ubuntu 15.10 @@ -87,11 +87,6 @@ env: CLOUD_REGION=us-east1-d -matrix: - allow_failures: - - env: KUBE_NETWORK_PLUGIN=weave CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=asia-east1-c - - env: KUBE_NETWORK_PLUGIN=calico CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=us-east1-d - before_install: # Install Ansible. - pip install --user boto -U diff --git a/README.md b/README.md index 8e4f8ae39..67e183ae8 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,16 @@ - Support most popular **Linux distributions** - **Continuous integration tests** -To create a cluster in vagrant simply run `vagrant up` -For an easy way to use it, check out [**kargo-cli**](https://github.com/kubespray/kargo-cli)
+To deploy the cluster you can use : + +* [**kargo-cli**](https://github.com/kubespray/kargo-cli) +* **vagrant** by simply running `vagrant up` +* **Ansible** usual commands + A complete **documentation** can be found [**here**](https://docs.kubespray.io) -[![Build Status](https://travis-ci.org/kubespray/kargo.svg)](https://travis-ci.org/kubespray/kargo) +if you have any question you can **chat** with us [**here**](https://chat.kubespray.io) + +[![Build Status](https://travis-ci.org/kubespray/kargo.svg)](https://travis-ci.org/kubespray/kargo)
+CI tests sponsored by Google (GCE), and [TeutoNet](https://teuto.net/) for OpenStack. diff --git a/roles/docker/vars/ubuntu-16.04.yml b/roles/docker/vars/ubuntu-16.04.yml new file mode 100644 index 000000000..c019c7696 --- /dev/null +++ b/roles/docker/vars/ubuntu-16.04.yml @@ -0,0 +1,27 @@ +--- +docker_version: 1.11 +docker_kernel_min_version: '3.2' + +# https://apt.dockerproject.org/repo/dists/ubuntu-trusty/main/filelist +docker_versioned_pkg: + latest: docker-engine + 1.11: docker-engine=1.11.1-0~{{ ansible_distribution_release|lower }} + +docker_package_info: + pkg_mgr: apt + pkgs: + - "{{ docker_versioned_pkg[docker_version] }}" + +docker_repo_key_info: + pkg_key: apt_key + keyserver: hkp://p80.pool.sks-keyservers.net:80 + repo_keys: + - 58118E89F3A912897C070ADBF76221572C52609D + +docker_repo_info: + pkg_repo: apt_repository + repos: + - > + deb https://apt.dockerproject.org/repo + {{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }} + main diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index a6e11a759..30952f691 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -2,7 +2,7 @@ local_release_dir: /tmp # Versions -kube_version: v1.2.2 +kube_version: "v1.2.4" etcd_version: v2.2.5 calico_version: v0.19.0 calico_cni_version: v1.2.1 @@ -25,9 +25,9 @@ calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f calico_cni_ipam_checksum: "fd122bee97af3ed86fc18fa4d797da29be3a5857a526aa154b433e50d7b36845" weave_checksum: "28d2c4e2b1ad8600da69882501eba697679aea10a5e61c769aa3a9ee72b0d89a" etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756" -kubectl_checksum: "473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4" -kubelet_checksum: "f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b" -kube_apiserver_checksum: "eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de" +kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897" +kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341" +kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e" downloads: - name: calico diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 63320f6fe..e96e7115b 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -32,7 +32,7 @@ dns_domain: "{{ cluster_name }}" kube_proxy_mode: userspace hyperkube_image_repo: quay.io/smana/kubernetes-hyperkube -hyperkube_image_tag: v1.2.2 +hyperkube_image_tag: "v1.2.4" # IP address of the DNS server. # Kubernetes will create a pod with several containers, serving as the DNS diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml index 280aa2182..295ebcb0c 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs.yml @@ -4,7 +4,8 @@ src: "openssl.conf.j2" dest: "{{ kube_config_dir }}/openssl.conf" run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) - name: certs | copy certs generation script copy: @@ -12,12 +13,14 @@ dest: "{{ kube_script_dir }}/make-ssl.sh" mode: 0700 run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) - name: certs | run cert generation script command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}" run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_certs|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_certs|default(false) notify: set secret_changed - set_fact: @@ -39,8 +42,7 @@ content: "{{ item.content|b64decode }}" dest: "{{ item.source }}" with_items: '{{slurp_certs.results}}' - when: item.item in master_certs and - inventory_hostname in groups['kube-master'] and sync_certs|default(false) and + when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and inventory_hostname != groups['kube-master'][0] - name: certs | Copy certs on nodes diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml index 87c5e038d..b43213247 100644 --- a/roles/kubernetes/secrets/tasks/gen_tokens.yml +++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml @@ -5,7 +5,8 @@ dest: "{{ kube_script_dir }}/kube-gen-token.sh" mode: 0700 run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | generate tokens for master components command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" @@ -18,7 +19,8 @@ changed_when: "'Added' in gentoken_master.stdout" notify: set secret_changed run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | generate tokens for node components command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" @@ -31,22 +33,24 @@ changed_when: "'Added' in gentoken_node.stdout" notify: set secret_changed run_once: yes - when: inventory_hostname == groups['kube-master'][0] and gen_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: gen_tokens|default(false) - name: tokens | Get list of tokens from first master shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)" register: tokens_list changed_when: false - when: inventory_hostname == groups['kube-master'][0] and sync_tokens|default(false) + delegate_to: "{{groups['kube-master'][0]}}" + when: sync_tokens|default(false) - name: tokens | Get the tokens from first master slurp: src: "{{ item }}" - delegate_to: "{{groups['kube-master'][0]}}" register: slurp_tokens with_items: '{{tokens_list.stdout_lines}}' - when: sync_tokens|default(false) run_once: true + delegate_to: "{{groups['kube-master'][0]}}" + when: sync_tokens|default(false) notify: set secret_changed - name: tokens | Copy tokens on masters @@ -54,5 +58,5 @@ content: "{{ item.content|b64decode }}" dest: "{{ item.source }}" with_items: '{{slurp_tokens.results}}' - when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and + when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and inventory_hostname != groups['kube-master'][0] diff --git a/roles/uploads/defaults/main.yml b/roles/uploads/defaults/main.yml index 177cd1329..af1176921 100644 --- a/roles/uploads/defaults/main.yml +++ b/roles/uploads/defaults/main.yml @@ -2,7 +2,7 @@ local_release_dir: /tmp # Versions -kube_version: v1.2.2 +kube_version: "v1.2.4" etcd_version: v2.2.5 calico_version: v0.19.0 calico_cni_version: v1.2.1 @@ -22,9 +22,9 @@ calico_cni_checksum: "b2eeb45fdfce58394e3a0019dd4b74bebe4bb35ed6d7c399213297594f calico_cni_ipam_checksum: "fd122bee97af3ed86fc18fa4d797da29be3a5857a526aa154b433e50d7b36845" weave_checksum: "28d2c4e2b1ad8600da69882501eba697679aea10a5e61c769aa3a9ee72b0d89a" etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756" -kubectl_checksum: "473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4" -kubelet_checksum: "f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b" -kube_apiserver_checksum: "eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de" +kubectl_checksum: "dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897" +kubelet_checksum: "4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341" +kube_apiserver_checksum: "6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e" downloads: - name: calico diff --git a/roles/uploads/tasks/main.yml b/roles/uploads/tasks/main.yml index 000e1f9a2..279d26dd5 100644 --- a/roles/uploads/tasks/main.yml +++ b/roles/uploads/tasks/main.yml @@ -1,4 +1,22 @@ --- +- name: Create the checksum file + lineinfile: + create: yes + dest: "{{ role_path }}/{{ kube_version }}_k8s-sha256" + line: '{{item.name}}:{{item.sha256}}' + with_items: '{{downloads}}' + when: item.name in ["kubernetes-kubelet", "kubernetes-kubectl", "kubernetes-apiserver"] + +- name: Upload checksum file on GS + gc_storage: + bucket: kargo + object: "{{ kube_version }}_k8s-sha256" + src: "{{ role_path }}/{{ kube_version }}_k8s-sha256" + mode: put + permission: public-read + gs_access_key: "changeme" + gs_secret_key: "changeme" + - name: Create dest directories file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes with_items: '{{downloads}}' diff --git a/scripts/change_k8s_version.sh b/scripts/change_k8s_version.sh new file mode 100755 index 000000000..8c00e7168 --- /dev/null +++ b/scripts/change_k8s_version.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +# This file is part of Kargo. +# +# Foobar is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Foobar is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Foobar. If not, see . + +#color variables +txtbld=$(tput bold) # Bold +bldred=${txtbld}$(tput setaf 1) # red +bldgre=${txtbld}$(tput setaf 2) # green +bldylw=${txtbld}$(tput setaf 3) # yellow +txtrst=$(tput sgr0) # Reset +err=${bldred}ERROR${txtrst} +info=${bldgre}INFO${txtrst} +warn=${bldylw}WARNING${txtrst} + +usage() +{ + cat << EOF +Update ansible playbook with a specific kubernetes version + +Usage : $(basename $0) -v + -h | --help : Show this message + -i | --init : Initial upgrade (download binaries) + -v | --version : Kubernetes version + + ex : switch to kubernetes v1.2.4 + $(basename $0) -v v1.2.4 +EOF +} + +# Options parsing +while (($#)); do + case "$1" in + -h | --help) usage; exit 0;; + -i | --init) INIT=1; shift;; + -v | --version) VERS=${2}; shift 2;; + *) + usage + echo "ERROR : Unknown option" + exit 3 + ;; + esac +done + +if [ -z ${VERS} ]; then + usage + echo -e "\n${err}: The option version must be defined" + exit 3 +else + if ! [[ ${VERS} =~ ^v[0-9]\.[0-9]\.[0-9]$ ]]; then + echo -e "\n${err}: Invalid version format (ex: v1.2.4)" + exit 1 + fi +fi + +UPLOAD_VARFILE="roles/uploads/defaults/main.yml" +DOWNLOAD_VARFILE="roles/download/defaults/main.yml" +K8S_BIN="kubelet kubectl kube-apiserver" + +if [[ ${INIT} -eq 1 ]]; then + DOWNLOAD_URL=https://storage.googleapis.com/kubernetes-release/release/${VERS}/bin/linux/amd64 + TMP_DIR=$(mktemp -d --tmpdir kubernetes_tmpbin_XXXXXXX) + sed -i "s/^hyperkube_image_tag.*$/hyperkube_image_tag: \"${VERS}\"/" roles/kubernetes/node/defaults/main.yml + trap 'rm -rf "${tmpdir}"' EXIT + cd "${tmpdir}" + + for BIN in ${K8S_BIN}; do + curl -s -o ${BIN} ${DOWNLOAD_URL}/${BIN} + if [ $? -ne 0 ]; then + echo -e "\n${err}: Downloading ${BIN} failed! Try again" + exit 1 + else + echo -e "\n${info}: ${BIN} downloaded successfuly" + fi + done + + for varfile in ${UPLOAD_VARFILE} ${DOWNLOAD_VARFILE}; do + sed -i "s/^kube_version.*$/kube_version: \"${VERS}\"/" ${varfile} + + for BIN in ${K8S_BIN}; do + CHECKSUM=$(sha256sum ${BIN} | cut -d' ' -f1) + BIN=$(echo ${BIN} | tr '-' '_') + sed -i "s/^${BIN}_checksum.*$/${BIN}_checksum: \"${CHECKSUM}\"/" ${varfile} + done + done + + rm -rf "${tmpdir}" +else + CHECKSUM_URL=https://storage.googleapis.com/kargo/${VERS}_k8s-sha256 + sed -i "s/^hyperkube_image_tag.*$/hyperkube_image_tag: \"${VERS}\"/" roles/kubernetes/node/defaults/main.yml + for varfile in ${UPLOAD_VARFILE} ${DOWNLOAD_VARFILE}; do + sed -i "s/^kube_version.*$/kube_version: \"${VERS}\"/" ${varfile} + for BIN in ${K8S_BIN}; do + if [[ "${BIN}" =~ "apiserver" ]]; then + BIN="apiserver" + fi + line=$(curl -sk ${CHECKSUM_URL} | grep ${BIN}) + CHECKSUM=$(echo ${line} | cut -d':' -f2) + if [[ "${BIN}" =~ "apiserver" ]]; then + BIN="kube_apiserver" + fi + sed -i "s/^${BIN}_checksum.*$/${BIN}_checksum: \"${CHECKSUM}\"/" ${varfile} + done + done +fi diff --git a/tests/cloud_playbooks/create-aws.yml b/tests/cloud_playbooks/create-aws.yml index 88d3326d5..0ff198405 100644 --- a/tests/cloud_playbooks/create-aws.yml +++ b/tests/cloud_playbooks/create-aws.yml @@ -30,4 +30,4 @@ port: 22 timeout: 300 state: started - with_items: ec2.instances + with_items: "{{ec2.instances}}" diff --git a/tests/cloud_playbooks/create-gce.yml b/tests/cloud_playbooks/create-gce.yml index 18b5f51a3..840cf2e7c 100644 --- a/tests/cloud_playbooks/create-gce.yml +++ b/tests/cloud_playbooks/create-gce.yml @@ -30,4 +30,4 @@ - name: Wait for SSH to come up wait_for: host={{item.public_ip}} port=22 delay=10 timeout=180 state=started - with_items: gce.instance_data + with_items: "{{gce.instance_data}}" diff --git a/tests/testcases/020_check-create-pod.yml b/tests/testcases/020_check-create-pod.yml index 4e4027359..590fe9a8c 100644 --- a/tests/testcases/020_check-create-pod.yml +++ b/tests/testcases/020_check-create-pod.yml @@ -8,6 +8,6 @@ - name: Pods are running shell: "/usr/local/bin/kubectl get pods --no-headers -o json" register: run_pods_log - until: (run_pods_log.stdout | from_json)['items'] | map(attribute = 'status.phase') | join(',') == "Running,Running" + until: [ '(run_pods_log.stdout | from_json)["items"] | map(attribute = "status.phase") | join(",") == "Running,Running"' ] retries: 24 delay: 5 diff --git a/tests/testcases/030_check-network.yml b/tests/testcases/030_check-network.yml index a65d5e1e5..528168198 100644 --- a/tests/testcases/030_check-network.yml +++ b/tests/testcases/030_check-network.yml @@ -14,7 +14,7 @@ - name: Check pods IP are in correct network assert: that: item | ipaddr(kube_pods_subnet) - with_items: pod_ips + with_items: "{{pod_ips}}" - name: Ping between pods is working