Review role order, use master ip even when fqdn are used in the inventory
This commit is contained in:
Smaine Kahlouch
parent
3a349b8519
commit
b3841659d7
9 changed files with 46 additions and 82 deletions
|
|
@ -123,14 +123,14 @@ kube-master
|
|||
- { role: dnsmasq, tags: dnsmasq }
|
||||
- { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
|
||||
|
||||
- hosts: kube-node
|
||||
roles:
|
||||
- { role: kubernetes/node, tags: node }
|
||||
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- { role: kubernetes/master, tags: master }
|
||||
|
||||
- hosts: kube-node
|
||||
roles:
|
||||
- { role: kubernetes/node, tags: node }
|
||||
|
||||
```
|
||||
|
||||
### Run
|
||||
|
|
|
|||
|
|
@ -11,10 +11,10 @@
|
|||
- { role: dnsmasq, tags: dnsmasq }
|
||||
- { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
|
||||
|
||||
- hosts: kube-node
|
||||
roles:
|
||||
- { role: kubernetes/node, tags: node }
|
||||
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- { role: kubernetes/master, tags: master }
|
||||
|
||||
- hosts: kube-node
|
||||
roles:
|
||||
- { role: kubernetes/node, tags: node }
|
||||
|
|
|
|||
|
|
@ -1,17 +1,15 @@
|
|||
---
|
||||
- name: Copy kubectl bash completion
|
||||
copy:
|
||||
src: kubectl_bash_completion.sh
|
||||
dest: /etc/bash_completion.d/kubectl.sh
|
||||
|
||||
- name: Install kubectl binary
|
||||
copy:
|
||||
src={{ local_release_dir }}/kubernetes/bin/kubectl
|
||||
dest={{ bin_dir }}
|
||||
owner=kube
|
||||
mode=u+x
|
||||
notify:
|
||||
- restart daemons
|
||||
|
||||
- name: Copy kubectl bash completion
|
||||
copy:
|
||||
src: kubectl_bash_completion.sh
|
||||
dest: /etc/bash_completion.d/kubectl.sh
|
||||
|
||||
- name: populate users for basic auth in API
|
||||
lineinfile:
|
||||
|
|
@ -58,7 +56,7 @@
|
|||
|
||||
- name: Create 'kube-system' namespace
|
||||
uri:
|
||||
url: http://{{ groups['kube-master'][0]}}:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
|
||||
url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
|
||||
method: POST
|
||||
body: '{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"kube-system"}}'
|
||||
status_code: 201,409
|
||||
|
|
|
|||
|
|
@ -8,24 +8,27 @@
|
|||
- name: Make sure manifest directory exists
|
||||
file: path={{ kube_manifest_dir }} state=directory
|
||||
|
||||
|
||||
- name: certs | create system kube-cert groups
|
||||
group: name={{ kube_cert_group }} state=present system=yes
|
||||
|
||||
- name: create system kube user
|
||||
user:
|
||||
name=kube
|
||||
comment="Kubernetes user"
|
||||
shell=/sbin/nologin
|
||||
state=present
|
||||
system=yes
|
||||
groups={{ kube_cert_group }}
|
||||
|
||||
- include: install.yml
|
||||
|
||||
- include: secrets.yml
|
||||
tags:
|
||||
- secrets
|
||||
|
||||
- include: install.yml
|
||||
|
||||
- name: write the global config file
|
||||
template:
|
||||
src: config.j2
|
||||
dest: "{{ kube_config_dir }}/config"
|
||||
notify:
|
||||
- restart kubelet
|
||||
|
||||
- name: Create kubelet environment vars dir
|
||||
file: path=/etc/systemd/system/kubelet.service.d state=directory
|
||||
|
||||
- name: Write kubelet config file
|
||||
template: src=kubelet.j2 dest=/etc/systemd/system/kubelet.service.d/10-kubelet.conf backup=yes
|
||||
template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.conf backup=yes
|
||||
notify:
|
||||
- restart kubelet
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +1,4 @@
|
|||
---
|
||||
- name: certs | create system kube-cert groups
|
||||
group: name={{ kube_cert_group }} state=present system=yes
|
||||
|
||||
- name: create system kube user
|
||||
user:
|
||||
name=kube
|
||||
comment="Kubernetes user"
|
||||
shell=/sbin/nologin
|
||||
state=present
|
||||
system=yes
|
||||
groups={{ kube_cert_group }}
|
||||
|
||||
- name: certs | make sure the certificate directory exits
|
||||
file:
|
||||
path={{ kube_cert_dir }}
|
||||
|
|
|
|||
|
|
@ -1,26 +0,0 @@
|
|||
###
|
||||
# kubernetes system config
|
||||
#
|
||||
# The following values are used to configure various aspects of all
|
||||
# kubernetes services, including
|
||||
#
|
||||
# kube-apiserver.service
|
||||
# kube-controller-manager.service
|
||||
# kube-scheduler.service
|
||||
# kubelet.service
|
||||
# kube-proxy.service
|
||||
|
||||
# Comma separated list of nodes in the etcd cluster
|
||||
# KUBE_ETCD_SERVERS="--etcd_servers="
|
||||
|
||||
# logging to stderr means we get it in the systemd journal
|
||||
KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||
|
||||
# journal message level, 0 is debug
|
||||
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
||||
|
||||
# Should this cluster be allowed to run privileged docker containers
|
||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||
|
||||
# How the replication controller, scheduler, and proxy
|
||||
KUBE_MASTER="--master=https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}"
|
||||
|
|
@ -1,23 +1,24 @@
|
|||
[Service]
|
||||
Environment="KUBE_LOGTOSTDERR=--logtostderr=true"
|
||||
Environment="KUBE_LOG_LEVEL=--v={{ kube_log_level | default('2') }}"
|
||||
Environment="KUBE_ALLOW_PRIV=--allow_privileged=true"
|
||||
Environment="KUBELET_API_SERVER=--api_servers={% for srv in groups['kube-master'] %}https://{{ srv }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
|
||||
Environment="KUBELET_ADDRESS=--address=0.0.0.0"
|
||||
KUBELET_ADDRESS="--address=0.0.0.0"
|
||||
# The port for the info server to serve on
|
||||
# Environment="KUBELET_PORT=--port=10250"
|
||||
# KUBELET_PORT="--port=10250"
|
||||
# You may leave this blank to use the actual hostname
|
||||
Environment="KUBELET_HOSTNAME=--hostname_override={{ inventory_hostname }}"
|
||||
KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
|
||||
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
|
||||
Environment="KUBELET_REGISTER_NODE=--register-node=false"
|
||||
KUBELET_REGISTER_NODE="--register-node=false"
|
||||
{% endif %}
|
||||
# location of the api-server
|
||||
{% if dns_setup %}
|
||||
Environment="KUBELET_ARGS=--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
|
||||
KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
|
||||
{% else %}
|
||||
Environment="KUBELET_ARGS=--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
|
||||
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
|
||||
{% endif %}
|
||||
{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
|
||||
Environment="KUBELET_NETWORK_PLUGIN=--network_plugin={{ kube_network_plugin }}"
|
||||
KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
|
||||
{% endif %}
|
||||
# Should this cluster be allowed to run privileged docker containers
|
||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ After=docker.service
|
|||
{% endif %}
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/kubernetes/config
|
||||
EnvironmentFile=/etc/kubernetes/kubelet.conf
|
||||
EnvironmentFile=/etc/network-environment
|
||||
ExecStart={{ bin_dir }}/kubelet \
|
||||
$KUBE_LOGTOSTDERR \
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ CALICO_IPAM=true
|
|||
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
|
||||
|
||||
# The kubernetes master IP
|
||||
KUBERNETES_MASTER={{ groups['kube-master'][0] }}
|
||||
KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
|
||||
|
||||
# Location of etcd cluster used by Calico. By default, this uses the etcd
|
||||
# instance running on the Kubernetes Master
|
||||
|
|
@ -16,7 +16,7 @@ ETCD_AUTHORITY="127.0.0.1:23799"
|
|||
{% endif %}
|
||||
|
||||
# The kubernetes-apiserver location - used by the calico plugin
|
||||
KUBE_API_ROOT=http://{{ groups['kube-master'][0] }}:{{kube_apiserver_insecure_port}}/api/v1/
|
||||
KUBE_API_ROOT=http://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_insecure_port}}/api/v1/
|
||||
|
||||
# Location of the calicoctl binary - used by the calico plugin
|
||||
CALICOCTL_PATH="{{ bin_dir }}/calicoctl"
|
||||
|
|
|
|||
Loading…
Reference in a new issue