Merge branch 'master' into upgrade-to-kubeadm2
This commit is contained in:
commit
ae70dd152f
25 changed files with 168 additions and 34 deletions
|
@ -116,8 +116,8 @@ before_script:
|
||||||
-e ansible_python_interpreter=${PYPATH}
|
-e ansible_python_interpreter=${PYPATH}
|
||||||
-e ansible_ssh_user=${SSH_USER}
|
-e ansible_ssh_user=${SSH_USER}
|
||||||
-e bootstrap_os=${BOOTSTRAP_OS}
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
||||||
-e cert_management=${CERT_MGMT:-script}
|
|
||||||
-e cloud_provider=gce
|
-e cloud_provider=gce
|
||||||
|
-e cert_management=${CERT_MGMT:-script}
|
||||||
-e "{deploy_netchecker: true}"
|
-e "{deploy_netchecker: true}"
|
||||||
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
||||||
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
-e "{download_run_once: ${DOWNLOAD_RUN_ONCE}}"
|
||||||
|
@ -185,6 +185,7 @@ before_script:
|
||||||
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
||||||
--private-key=${HOME}/.ssh/id_rsa
|
--private-key=${HOME}/.ssh/id_rsa
|
||||||
-e bootstrap_os=${BOOTSTRAP_OS}
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
||||||
|
-e cloud_provider=gce
|
||||||
-e ansible_python_interpreter=${PYPATH}
|
-e ansible_python_interpreter=${PYPATH}
|
||||||
-e "{deploy_netchecker: true}"
|
-e "{deploy_netchecker: true}"
|
||||||
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
||||||
|
@ -219,6 +220,7 @@ before_script:
|
||||||
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
||||||
--private-key=${HOME}/.ssh/id_rsa
|
--private-key=${HOME}/.ssh/id_rsa
|
||||||
-e bootstrap_os=${BOOTSTRAP_OS}
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
||||||
|
-e cloud_provider=gce
|
||||||
-e ansible_python_interpreter=${PYPATH}
|
-e ansible_python_interpreter=${PYPATH}
|
||||||
-e reset_confirmation=yes
|
-e reset_confirmation=yes
|
||||||
--limit "all:!fake_hosts"
|
--limit "all:!fake_hosts"
|
||||||
|
@ -232,6 +234,7 @@ before_script:
|
||||||
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
-b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
|
||||||
--private-key=${HOME}/.ssh/id_rsa
|
--private-key=${HOME}/.ssh/id_rsa
|
||||||
-e bootstrap_os=${BOOTSTRAP_OS}
|
-e bootstrap_os=${BOOTSTRAP_OS}
|
||||||
|
-e cloud_provider=gce
|
||||||
-e ansible_python_interpreter=${PYPATH}
|
-e ansible_python_interpreter=${PYPATH}
|
||||||
-e "{deploy_netchecker: true}"
|
-e "{deploy_netchecker: true}"
|
||||||
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
-e "{download_localhost: ${DOWNLOAD_LOCALHOST}}"
|
||||||
|
|
|
@ -62,7 +62,6 @@
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes/node, tags: node }
|
- { role: kubernetes/node, tags: node }
|
||||||
- { role: network_plugin, tags: network }
|
|
||||||
|
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
@ -75,6 +74,7 @@
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
|
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
|
||||||
|
- { role: network_plugin, tags: network }
|
||||||
|
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
|
|
@ -28,10 +28,10 @@ an example inventory located
|
||||||
You can use an
|
You can use an
|
||||||
[inventory generator](https://github.com/kubernetes-incubator/kubespray/blob/master/contrib/inventory_builder/inventory.py)
|
[inventory generator](https://github.com/kubernetes-incubator/kubespray/blob/master/contrib/inventory_builder/inventory.py)
|
||||||
to create or modify an Ansible inventory. Currently, it is limited in
|
to create or modify an Ansible inventory. Currently, it is limited in
|
||||||
functionality and is only use for making a basic Kubespray cluster, but it does
|
functionality and is only used for configuring a basic Kubespray cluster inventory, but it does
|
||||||
support creating large clusters. It now supports
|
support creating inventory file for large clusters as well. It now supports
|
||||||
separated ETCD and Kubernetes master roles from node role if the size exceeds a
|
separated ETCD and Kubernetes master roles from node role if the size exceeds a
|
||||||
certain threshold. Run inventory.py help for more information.
|
certain threshold. Run `python3 contrib/inventory_builder/inventory.py help` help for more information.
|
||||||
|
|
||||||
Example inventory generator usage:
|
Example inventory generator usage:
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@ See more details in the [ansible guide](ansible.md).
|
||||||
Adding nodes
|
Adding nodes
|
||||||
------------
|
------------
|
||||||
|
|
||||||
You may want to add worker nodes to your existing cluster. This can be done by re-running the `cluster.yml` playbook, or you can target the bare minimum needed to get kubelet installed on the worker and talking to your masters. This is especially helpful when doing something like autoscaling your clusters.
|
You may want to add **worker** nodes to your existing cluster. This can be done by re-running the `cluster.yml` playbook, or you can target the bare minimum needed to get kubelet installed on the worker and talking to your masters. This is especially helpful when doing something like autoscaling your clusters.
|
||||||
|
|
||||||
- Add the new worker node to your inventory under kube-node (or utilize a [dynamic inventory](https://docs.ansible.com/ansible/intro_dynamic_inventory.html)).
|
- Add the new worker node to your inventory under kube-node (or utilize a [dynamic inventory](https://docs.ansible.com/ansible/intro_dynamic_inventory.html)).
|
||||||
- Run the ansible-playbook command, substituting `scale.yml` for `cluster.yml`:
|
- Run the ansible-playbook command, substituting `scale.yml` for `cluster.yml`:
|
||||||
|
@ -75,7 +75,7 @@ kube-apiserver via port 8080. A kubeconfig file is not necessary in this case,
|
||||||
because kubectl will use http://localhost:8080 to connect. The kubeconfig files
|
because kubectl will use http://localhost:8080 to connect. The kubeconfig files
|
||||||
generated will point to localhost (on kube-masters) and kube-node hosts will
|
generated will point to localhost (on kube-masters) and kube-node hosts will
|
||||||
connect either to a localhost nginx proxy or to a loadbalancer if configured.
|
connect either to a localhost nginx proxy or to a loadbalancer if configured.
|
||||||
More details on this process is in the [HA guide](ha.md).
|
More details on this process are in the [HA guide](ha.md).
|
||||||
|
|
||||||
Kubespray permits connecting to the cluster remotely on any IP of any
|
Kubespray permits connecting to the cluster remotely on any IP of any
|
||||||
kube-master host on port 6443 by default. However, this requires
|
kube-master host on port 6443 by default. However, this requires
|
||||||
|
|
10
docs/vars.md
10
docs/vars.md
|
@ -109,6 +109,9 @@ Stack](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/dns-st
|
||||||
dynamic kernel services are needed for mounting persistent volumes into containers. These may not be
|
dynamic kernel services are needed for mounting persistent volumes into containers. These may not be
|
||||||
loaded by preinstall kubernetes processes. For example, ceph and rbd backed volumes. Set this variable to
|
loaded by preinstall kubernetes processes. For example, ceph and rbd backed volumes. Set this variable to
|
||||||
true to let kubelet load kernel modules.
|
true to let kubelet load kernel modules.
|
||||||
|
* *kubelet_cgroup_driver* - Allows manual override of the
|
||||||
|
cgroup-driver option for Kubelet. By default autodetection is used
|
||||||
|
to match Docker configuration.
|
||||||
|
|
||||||
##### Custom flags for Kube Components
|
##### Custom flags for Kube Components
|
||||||
For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments. This can be done by providing a list of flags. Example:
|
For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments. This can be done by providing a list of flags. Example:
|
||||||
|
@ -126,5 +129,8 @@ The possible vars are:
|
||||||
|
|
||||||
#### User accounts
|
#### User accounts
|
||||||
|
|
||||||
Kubespray sets up two Kubernetes accounts by default: ``root`` and ``kube``. Their
|
By default, a user with admin rights is created, named `kube`.
|
||||||
passwords default to changeme. You can set this by changing ``kube_api_pwd``.
|
The password can be viewed after deployment by looking at the file
|
||||||
|
`PATH_TO_KUBESPRAY/credentials/kube_user`. This contains a randomly generated
|
||||||
|
password. If you wish to set your own password, just precreate/modify this
|
||||||
|
file yourself or change `kube_api_pwd` var.
|
||||||
|
|
|
@ -12,5 +12,7 @@ docker_repo_info:
|
||||||
|
|
||||||
docker_dns_servers_strict: yes
|
docker_dns_servers_strict: yes
|
||||||
|
|
||||||
|
docker_container_storage_setup: false
|
||||||
|
|
||||||
docker_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/7'
|
docker_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/7'
|
||||||
docker_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
|
docker_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
|
||||||
|
|
15
roles/docker/docker-storage/defaults/main.yml
Normal file
15
roles/docker/docker-storage/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
docker_container_storage_setup_version: v0.6.0
|
||||||
|
docker_container_storage_setup_profile_name: kubespray
|
||||||
|
docker_container_storage_setup_storage_driver: devicemapper
|
||||||
|
docker_container_storage_setup_container_thinpool: docker-pool
|
||||||
|
docker_container_storage_setup_data_size: 40%FREE
|
||||||
|
docker_container_storage_setup_min_data_size: 2G
|
||||||
|
docker_container_storage_setup_chunk_size: 512K
|
||||||
|
docker_container_storage_setup_growpart: false
|
||||||
|
docker_container_storage_setup_auto_extend_pool: yes
|
||||||
|
docker_container_storage_setup_pool_autoextend_threshold: 60
|
||||||
|
docker_container_storage_setup_pool_autoextend_percent: 20
|
||||||
|
docker_container_storage_setup_device_wait_timeout: 60
|
||||||
|
docker_container_storage_setup_wipe_signatures: false
|
||||||
|
docker_container_storage_setup_container_root_lv_size: 40%FREE
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
version=${1:-master}
|
||||||
|
profile_name=${2:-kubespray}
|
||||||
|
dir=`mktemp -d`
|
||||||
|
export GIT_DIR=$dir/.git
|
||||||
|
export GIT_WORK_TREE=$dir
|
||||||
|
|
||||||
|
git init
|
||||||
|
git fetch --depth 1 https://github.com/projectatomic/container-storage-setup.git $version
|
||||||
|
git merge FETCH_HEAD
|
||||||
|
make -C $dir install
|
||||||
|
rm -rf /var/lib/container-storage-setup/$profile_name $dir
|
||||||
|
|
||||||
|
set +e
|
||||||
|
|
||||||
|
/usr/bin/container-storage-setup create $profile_name /etc/sysconfig/docker-storage-setup && /usr/bin/container-storage-setup activate $profile_name
|
||||||
|
# FIXME: exit status can be 1 for both fatal and non fatal errors in current release,
|
||||||
|
# could be improved by matching error strings
|
||||||
|
exit 0
|
37
roles/docker/docker-storage/tasks/main.yml
Normal file
37
roles/docker/docker-storage/tasks/main.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: docker-storage-setup | install git and make
|
||||||
|
with_items: [git, make]
|
||||||
|
package:
|
||||||
|
pkg: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: docker-storage-setup | docker-storage-setup sysconfig template
|
||||||
|
template:
|
||||||
|
src: docker-storage-setup.j2
|
||||||
|
dest: /etc/sysconfig/docker-storage-setup
|
||||||
|
|
||||||
|
- name: docker-storage-override-directory | docker service storage-setup override dir
|
||||||
|
file:
|
||||||
|
dest: /etc/systemd/system/docker.service.d
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: docker-storage-override | docker service storage-setup override file
|
||||||
|
copy:
|
||||||
|
dest: /etc/systemd/system/docker.service.d/override.conf
|
||||||
|
content: |-
|
||||||
|
### Thie file is managed by Ansible
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=-/etc/sysconfig/docker-storage
|
||||||
|
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: docker-storage-setup | install and run container-storage-setup
|
||||||
|
become: yes
|
||||||
|
script: install_container_storage_setup.sh {{ docker_container_storage_setup_version }} {{ docker_container_storage_setup_profile_name }}
|
||||||
|
notify: Docker | reload systemd
|
|
@ -0,0 +1,35 @@
|
||||||
|
{%if docker_container_storage_setup_storage_driver is defined%}STORAGE_DRIVER={{docker_container_storage_setup_storage_driver}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_extra_storage_options is defined%}EXTRA_STORAGE_OPTIONS={{docker_container_storage_setup_extra_storage_options}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_devs is defined%}DEVS={{docker_container_storage_setup_devs}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_container_thinpool is defined%}CONTAINER_THINPOOL={{docker_container_storage_setup_container_thinpool}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_vg is defined%}VG={{docker_container_storage_setup_vg}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_root_size is defined%}ROOT_SIZE={{docker_container_storage_setup_root_size}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_data_size is defined%}DATA_SIZE={{docker_container_storage_setup_data_size}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_min_data_size is defined%}MIN_DATA_SIZE={{docker_container_storage_setup_min_data_size}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_chunk_size is defined%}CHUNK_SIZE={{docker_container_storage_setup_chunk_size}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_growpart is defined%}GROWPART={{docker_container_storage_setup_growpart}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_auto_extend_pool is defined%}AUTO_EXTEND_POOL={{docker_container_storage_setup_auto_extend_pool}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_pool_autoextend_threshold is defined%}POOL_AUTOEXTEND_THRESHOLD={{docker_container_storage_setup_pool_autoextend_threshold}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_pool_autoextend_percent is defined%}POOL_AUTOEXTEND_PERCENT={{docker_container_storage_setup_pool_autoextend_percent}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_device_wait_timeout is defined%}DEVICE_WAIT_TIMEOUT={{docker_container_storage_setup_device_wait_timeout}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_wipe_signatures is defined%}WIPE_SIGNATURES={{docker_container_storage_setup_wipe_signatures}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_container_root_lv_name is defined%}CONTAINER_ROOT_LV_NAME={{docker_container_storage_setup_container_root_lv_name}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_container_root_lv_size is defined%}CONTAINER_ROOT_LV_SIZE={{docker_container_storage_setup_container_root_lv_size}}{%endif%}
|
||||||
|
|
||||||
|
{%if docker_container_storage_setup_container_root_lv_mount_path is defined%}CONTAINER_ROOT_LV_MOUNT_PATH={{docker_container_storage_setup_container_root_lv_mount_path}}{%endif%}
|
4
roles/docker/meta/main.yml
Normal file
4
roles/docker/meta/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: docker/docker-storage
|
||||||
|
when: docker_container_storage_setup and ansible_os_family == "RedHat"
|
|
@ -28,22 +28,18 @@ calico_version: "v2.5.0"
|
||||||
calico_ctl_version: "v1.5.0"
|
calico_ctl_version: "v1.5.0"
|
||||||
calico_cni_version: "v1.10.0"
|
calico_cni_version: "v1.10.0"
|
||||||
calico_policy_version: "v0.7.0"
|
calico_policy_version: "v0.7.0"
|
||||||
weave_version: 2.0.1
|
weave_version: 2.0.4
|
||||||
flannel_version: "v0.8.0"
|
flannel_version: "v0.8.0"
|
||||||
flannel_cni_version: "v0.2.0"
|
flannel_cni_version: "v0.2.0"
|
||||||
pod_infra_version: 3.0
|
pod_infra_version: 3.0
|
||||||
|
|
||||||
# Download URLs
|
# Download URLs
|
||||||
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
|
|
||||||
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
||||||
|
|
||||||
# Checksums
|
# Checksums
|
||||||
etcd_checksum: "274c46a7f8d26f7ae99d6880610f54933cbcf7f3beafa19236c52eb5df8c7a0b"
|
|
||||||
kubeadm_checksum: "8f6ceb26b8503bfc36a99574cf6f853be1c55405aa31669561608ad8099bf5bf"
|
kubeadm_checksum: "8f6ceb26b8503bfc36a99574cf6f853be1c55405aa31669561608ad8099bf5bf"
|
||||||
|
|
||||||
# Containers
|
# Containers
|
||||||
# Possible values: host, docker
|
|
||||||
etcd_deployment_type: "docker"
|
|
||||||
etcd_image_repo: "quay.io/coreos/etcd"
|
etcd_image_repo: "quay.io/coreos/etcd"
|
||||||
etcd_image_tag: "{{ etcd_version }}"
|
etcd_image_tag: "{{ etcd_version }}"
|
||||||
flannel_image_repo: "quay.io/coreos/flannel"
|
flannel_image_repo: "quay.io/coreos/flannel"
|
||||||
|
@ -124,18 +120,10 @@ downloads:
|
||||||
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
|
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
|
||||||
enabled: "{{ deploy_netchecker|bool }}"
|
enabled: "{{ deploy_netchecker|bool }}"
|
||||||
etcd:
|
etcd:
|
||||||
version: "{{etcd_version}}"
|
container: true
|
||||||
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
|
||||||
sha256: >-
|
|
||||||
{%- if etcd_deployment_type in [ 'docker', 'rkt' ] -%}{{etcd_digest_checksum|default(None)}}{%- else -%}{{etcd_checksum}}{%- endif -%}
|
|
||||||
source_url: "{{ etcd_download_url }}"
|
|
||||||
url: "{{ etcd_download_url }}"
|
|
||||||
unarchive: true
|
|
||||||
owner: "etcd"
|
|
||||||
mode: "0755"
|
|
||||||
container: "{{ etcd_deployment_type in [ 'docker', 'rkt' ] }}"
|
|
||||||
repo: "{{ etcd_image_repo }}"
|
repo: "{{ etcd_image_repo }}"
|
||||||
tag: "{{ etcd_image_tag }}"
|
tag: "{{ etcd_image_tag }}"
|
||||||
|
sha256: "{{etcd_digest_checksum|default(None)}}"
|
||||||
kubeadm:
|
kubeadm:
|
||||||
version: "{{ kubeadm_version }}"
|
version: "{{ kubeadm_version }}"
|
||||||
dest: "kubeadm"
|
dest: "kubeadm"
|
||||||
|
|
|
@ -26,3 +26,5 @@
|
||||||
assert:
|
assert:
|
||||||
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
|
that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')"
|
||||||
when: not download_always_pull|bool and not pull_required|bool and pull_by_digest|bool
|
when: not download_always_pull|bool and not pull_required|bool and pull_by_digest|bool
|
||||||
|
tags:
|
||||||
|
- asserts
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
etcd_cluster_setup: true
|
etcd_cluster_setup: true
|
||||||
|
|
||||||
etcd_backup_prefix: "/var/backups"
|
etcd_backup_prefix: "/var/backups"
|
||||||
etcd_bin_dir: "{{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64/"
|
|
||||||
etcd_data_dir: "/var/lib/etcd"
|
etcd_data_dir: "/var/lib/etcd"
|
||||||
|
|
||||||
etcd_config_dir: /etc/ssl/etcd
|
etcd_config_dir: /etc/ssl/etcd
|
||||||
|
@ -23,6 +22,8 @@ etcd_memory_limit: 512M
|
||||||
# Uncomment to set CPU share for etcd
|
# Uncomment to set CPU share for etcd
|
||||||
# etcd_cpu_limit: 300m
|
# etcd_cpu_limit: 300m
|
||||||
|
|
||||||
|
etcd_blkio_weight: 1000
|
||||||
|
|
||||||
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
|
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
|
||||||
|
|
||||||
etcd_compaction_retention: "8"
|
etcd_compaction_retention: "8"
|
||||||
|
|
|
@ -115,7 +115,7 @@
|
||||||
|
|
||||||
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
||||||
- name: Gen_certs | Prepare tempfile for unpacking certs
|
- name: Gen_certs | Prepare tempfile for unpacking certs
|
||||||
shell: mktemp /tmp/certsXXXXX.tar.gz
|
command: mktemp /tmp/certsXXXXX.tar.gz
|
||||||
register: cert_tempfile
|
register: cert_tempfile
|
||||||
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
||||||
inventory_hostname != groups['etcd'][0]
|
inventory_hostname != groups['etcd'][0]
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
# Plan A: no docker-py deps
|
|
||||||
- name: Install | Copy etcdctl binary from docker container
|
- name: Install | Copy etcdctl binary from docker container
|
||||||
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
||||||
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
||||||
|
|
|
@ -12,6 +12,9 @@
|
||||||
{% if etcd_cpu_limit is defined %}
|
{% if etcd_cpu_limit is defined %}
|
||||||
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
|
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if etcd_blkio_weight is defined %}
|
||||||
|
--blkio-weight={{ etcd_blkio_weight }} \
|
||||||
|
{% endif %}
|
||||||
--name={{ etcd_member_name | default("etcd") }} \
|
--name={{ etcd_member_name | default("etcd") }} \
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
||||||
{% if etcd_after_v3 %}
|
{% if etcd_after_v3 %}
|
||||||
|
|
|
@ -17,14 +17,14 @@
|
||||||
file:
|
file:
|
||||||
path: "/etc/kubernetes/manifests/{{item}}.manifest"
|
path: "/etc/kubernetes/manifests/{{item}}.manifest"
|
||||||
state: absent
|
state: absent
|
||||||
with_nested:
|
with_items:
|
||||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||||
register: kube_apiserver_manifest_replaced
|
register: kube_apiserver_manifest_replaced
|
||||||
when: (secret_changed|default(false) or etcd_secret_changed|default(false))
|
when: (secret_changed|default(false) or etcd_secret_changed|default(false))
|
||||||
|
|
||||||
- name: "Pre-upgrade | Delete master containers forcefully"
|
- name: "Pre-upgrade | Delete master containers forcefully"
|
||||||
shell: "docker ps -f name=k8s-{{item}}* -q | xargs --no-run-if-empty docker rm -f"
|
shell: "docker ps -f name=k8s-{{item}}* -q | xargs --no-run-if-empty docker rm -f"
|
||||||
with_nested:
|
with_items:
|
||||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||||
when: kube_apiserver_manifest_replaced.changed
|
when: kube_apiserver_manifest_replaced.changed
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
8
roles/kubernetes/node/tasks/facts.yml
Normal file
8
roles/kubernetes/node/tasks/facts.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
- name: look up docker cgroup driver
|
||||||
|
shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
|
||||||
|
register: docker_cgroup_driver_result
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
standalone_kubelet: >-
|
||||||
|
{%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
|
||||||
|
kubelet_cgroup_driver_detected: "{{ docker_cgroup_driver_result.stdout }}"
|
|
@ -1,7 +1,5 @@
|
||||||
---
|
---
|
||||||
- set_fact:
|
- include: facts.yml
|
||||||
standalone_kubelet: >-
|
|
||||||
{%- if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] -%}true{%- else -%}false{%- endif -%}
|
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- include: pre_upgrade.yml
|
- include: pre_upgrade.yml
|
||||||
|
|
|
@ -26,6 +26,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
--pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \
|
--pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \
|
||||||
--kube-reserved cpu={{ kubelet_cpu_limit }},memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} \
|
--kube-reserved cpu={{ kubelet_cpu_limit }},memory={{ kubelet_memory_limit|regex_replace('Mi', 'M') }} \
|
||||||
--node-status-update-frequency={{ kubelet_status_update_frequency }} \
|
--node-status-update-frequency={{ kubelet_status_update_frequency }} \
|
||||||
|
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
||||||
{% endset %}
|
{% endset %}
|
||||||
|
|
||||||
{# DNS settings for kubelet #}
|
{# DNS settings for kubelet #}
|
||||||
|
|
|
@ -19,6 +19,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
{% if kube_version | version_compare('v1.7', '<') %}
|
{% if kube_version | version_compare('v1.7', '<') %}
|
||||||
--enable-cri={{ kubelet_enable_cri }} \
|
--enable-cri={{ kubelet_enable_cri }} \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
||||||
--cgroups-per-qos={{ kubelet_cgroups_per_qos }} \
|
--cgroups-per-qos={{ kubelet_cgroups_per_qos }} \
|
||||||
--enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} {% endif %}{% endset %}
|
--enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} {% endif %}{% endset %}
|
||||||
|
|
||||||
|
|
|
@ -2,3 +2,5 @@
|
||||||
- name: Stop if non systemd OS type
|
- name: Stop if non systemd OS type
|
||||||
assert:
|
assert:
|
||||||
that: ansible_service_mgr == "systemd"
|
that: ansible_service_mgr == "systemd"
|
||||||
|
tags:
|
||||||
|
- asserts
|
||||||
|
|
|
@ -117,7 +117,7 @@
|
||||||
|
|
||||||
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
||||||
- name: Gen_certs | Prepare tempfile for unpacking certs
|
- name: Gen_certs | Prepare tempfile for unpacking certs
|
||||||
shell: mktemp /tmp/certsXXXXX.tar.gz
|
command: mktemp /tmp/certsXXXXX.tar.gz
|
||||||
register: cert_tempfile
|
register: cert_tempfile
|
||||||
when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
|
when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
|
||||||
inventory_hostname != groups['kube-master'][0]
|
inventory_hostname != groups['kube-master'][0]
|
||||||
|
|
|
@ -6,6 +6,13 @@
|
||||||
enabled: yes
|
enabled: yes
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Calico | Get kubelet hostname
|
||||||
|
shell: >-
|
||||||
|
kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address'
|
||||||
|
| egrep "[[:space:]]{{ ansible_all_ipv4_addresses | join('[[:space:]]|[[:space:]]') }}[[:space:]]*$" | cut -d" " -f1
|
||||||
|
register: calico_kubelet_name
|
||||||
|
when: cloud_provider is defined
|
||||||
|
|
||||||
- name: Calico | Write Calico cni config
|
- name: Calico | Write Calico cni config
|
||||||
template:
|
template:
|
||||||
src: "cni-calico.conf.j2"
|
src: "cni-calico.conf.j2"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
"name": "calico-k8s-network",
|
"name": "calico-k8s-network",
|
||||||
{% if cloud_provider is defined %}
|
{% if cloud_provider is defined %}
|
||||||
"nodename": "{{ inventory_hostname }}",
|
"nodename": "{{ calico_kubelet_name.stdout }}",
|
||||||
{% else %}
|
{% else %}
|
||||||
"nodename": "{{ ansible_hostname }}",
|
"nodename": "{{ ansible_hostname }}",
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue