commit
b45747ec86
12 changed files with 93 additions and 22 deletions
|
@ -68,7 +68,7 @@ dns_setup: true
|
||||||
dns_domain: "{{ cluster_name }}"
|
dns_domain: "{{ cluster_name }}"
|
||||||
#
|
#
|
||||||
# # Ip address of the kubernetes dns service
|
# # Ip address of the kubernetes dns service
|
||||||
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
|
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
|
||||||
|
|
||||||
# For multi masters architecture:
|
# For multi masters architecture:
|
||||||
# kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
|
# kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 256fa156e46d623ab0a7a60efdc7bac535cea8d7
|
Subproject commit 340d1a5ec75e7b7c43783dc7a1c02aa7d5991dbe
|
|
@ -15,3 +15,9 @@
|
||||||
|
|
||||||
- name: Create etcd2 binary symlink
|
- name: Create etcd2 binary symlink
|
||||||
file: src=/usr/local/bin/etcd dest=/usr/local/bin/etcd2 state=link
|
file: src=/usr/local/bin/etcd dest=/usr/local/bin/etcd2 state=link
|
||||||
|
|
||||||
|
- name: install required python module 'httplib2'
|
||||||
|
apt:
|
||||||
|
name: "python-httplib2"
|
||||||
|
state: present
|
||||||
|
when: inventory_hostname == groups['kube-master'][0] or inventory_hostname == groups['etcd'][0]
|
||||||
|
|
|
@ -15,6 +15,6 @@ ETCD_LISTEN_CLIENT_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default(
|
||||||
ETCD_LISTEN_PEER_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address) }}:2380"
|
ETCD_LISTEN_PEER_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address) }}:2380"
|
||||||
ETCD_NAME="{{ etcd.name }}"
|
ETCD_NAME="{{ etcd.name }}"
|
||||||
{% else %}
|
{% else %}
|
||||||
ETCD_INITIAL_CLUSTER="{% for host in groups['etcd'] %}master{{ loop.index|string }}=http://{{ host }}:2380{% if not loop.last %},{% endif %}{% endfor %}"
|
ETCD_INITIAL_CLUSTER="{% for host in groups['etcd'] %}master{{ loop.index|string }}=http://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:2380{% if not loop.last %},{% endif %}{% endfor %}"
|
||||||
ETCD_LISTEN_CLIENT_URLS="http://127.0.0.1:23799"
|
ETCD_LISTEN_CLIENT_URLS="http://127.0.0.1:23799"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
- "{{ kube_cert_dir }}"
|
- "{{ kube_cert_dir }}"
|
||||||
- "{{ kube_users_dir }}"
|
- "{{ kube_users_dir }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
|
when: inventory_hostname != "{{ groups['kube-master'][0] }}"
|
||||||
|
|
||||||
# Write manifests
|
# Write manifests
|
||||||
- name: Write kube-apiserver manifest
|
- name: Write kube-apiserver manifest
|
||||||
|
@ -48,12 +49,6 @@
|
||||||
port: "{{kube_apiserver_insecure_port}}"
|
port: "{{kube_apiserver_insecure_port}}"
|
||||||
delay: 10
|
delay: 10
|
||||||
|
|
||||||
- name: install required python module 'httplib2'
|
|
||||||
apt:
|
|
||||||
name: "python-httplib2"
|
|
||||||
state: present
|
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
|
||||||
|
|
||||||
- name: Create 'kube-system' namespace
|
- name: Create 'kube-system' namespace
|
||||||
uri:
|
uri:
|
||||||
url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
|
url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
|
||||||
|
|
|
@ -10,7 +10,6 @@ spec:
|
||||||
command:
|
command:
|
||||||
- /hyperkube
|
- /hyperkube
|
||||||
- apiserver
|
- apiserver
|
||||||
- --insecure-bind-address=0.0.0.0
|
|
||||||
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
|
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
|
||||||
|
|
|
@ -19,7 +19,10 @@ token_file="${token_dir}/known_tokens.csv"
|
||||||
|
|
||||||
create_accounts=($@)
|
create_accounts=($@)
|
||||||
|
|
||||||
|
if [ ! -e "${token_file}" ]; then
|
||||||
touch "${token_file}"
|
touch "${token_file}"
|
||||||
|
fi
|
||||||
|
|
||||||
for account in "${create_accounts[@]}"; do
|
for account in "${create_accounts[@]}"; do
|
||||||
if grep ",${account}," "${token_file}" ; then
|
if grep ",${account}," "${token_file}" ; then
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
src=kube-gen-token.sh
|
src=kube-gen-token.sh
|
||||||
dest={{ kube_script_dir }}
|
dest={{ kube_script_dir }}
|
||||||
mode=u+x
|
mode=u+x
|
||||||
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
- name: tokens | generate tokens for master components
|
- name: tokens | generate tokens for master components
|
||||||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
||||||
|
@ -14,6 +15,7 @@
|
||||||
- "{{ groups['kube-master'] }}"
|
- "{{ groups['kube-master'] }}"
|
||||||
register: gentoken
|
register: gentoken
|
||||||
changed_when: "'Added' in gentoken.stdout"
|
changed_when: "'Added' in gentoken.stdout"
|
||||||
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
- name: tokens | generate tokens for node components
|
- name: tokens | generate tokens for node components
|
||||||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
||||||
|
@ -24,3 +26,30 @@
|
||||||
- "{{ groups['kube-node'] }}"
|
- "{{ groups['kube-node'] }}"
|
||||||
register: gentoken
|
register: gentoken
|
||||||
changed_when: "'Added' in gentoken.stdout"
|
changed_when: "'Added' in gentoken.stdout"
|
||||||
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
|
- name: tokens | generate tokens for calico
|
||||||
|
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
|
||||||
|
environment:
|
||||||
|
TOKEN_DIR: "{{ kube_token_dir }}"
|
||||||
|
with_nested:
|
||||||
|
- [ "system:calico" ]
|
||||||
|
- "{{ groups['k8s-cluster'] }}"
|
||||||
|
register: gentoken
|
||||||
|
changed_when: "'Added' in gentoken.stdout"
|
||||||
|
when: kube_network_plugin == "calico"
|
||||||
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
|
|
||||||
|
- name: tokens | get the calico token values
|
||||||
|
slurp:
|
||||||
|
src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token"
|
||||||
|
register: calico_token
|
||||||
|
when: kube_network_plugin == "calico"
|
||||||
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
|
|
||||||
|
- name: tokens | Add KUBE_AUTH_TOKEN for calico
|
||||||
|
lineinfile:
|
||||||
|
regexp: "^KUBE_AUTH_TOKEN=.*$"
|
||||||
|
line: "KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}"
|
||||||
|
dest: "/etc/network-environment"
|
||||||
|
when: kube_network_plugin == "calico"
|
||||||
|
|
|
@ -18,8 +18,6 @@
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
- include: gen_tokens.yml
|
- include: gen_tokens.yml
|
||||||
run_once: true
|
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
|
||||||
|
|
||||||
# Sync certs between nodes
|
# Sync certs between nodes
|
||||||
- user:
|
- user:
|
||||||
|
@ -50,3 +48,4 @@
|
||||||
- "{{ kube_cert_dir}}/node.pem"
|
- "{{ kube_cert_dir}}/node.pem"
|
||||||
- "{{ kube_cert_dir}}/node-key.pem"
|
- "{{ kube_cert_dir}}/node-key.pem"
|
||||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
|
when: inventory_hostname not in "{{ groups['kube-master'] }}"
|
||||||
|
|
|
@ -1,18 +1,46 @@
|
||||||
---
|
---
|
||||||
- name: Calico | Install calicoctl bin
|
- name: Calico | Install calicoctl bin
|
||||||
copy:
|
copy:
|
||||||
src={{ local_release_dir }}/calico/bin/calicoctl
|
src: "{{ local_release_dir }}/calico/bin/calicoctl"
|
||||||
dest={{ bin_dir }}
|
dest: "{{ bin_dir }}"
|
||||||
mode=0755
|
mode: 0755
|
||||||
notify: restart calico-node
|
notify: restart calico-node
|
||||||
|
|
||||||
- name: Calico | Create calicoctl symlink (needed by kubelet)
|
- name: Calico | Create calicoctl symlink (needed by kubelet)
|
||||||
file: src=/usr/local/bin/calicoctl dest=/usr/bin/calicoctl state=link
|
file:
|
||||||
|
src: /usr/local/bin/calicoctl
|
||||||
|
dest: /usr/bin/calicoctl
|
||||||
|
state: link
|
||||||
|
|
||||||
- name: Calico | Configure calico-node desired pool
|
- name: Calico | Check if calico network pool has already been configured
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:2379/v2/keys/calico/v1/ipam/v4/pool"
|
||||||
|
return_content: yes
|
||||||
|
status_code: 200,404
|
||||||
|
register: calico_conf
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
|
|
||||||
|
- name: Calico | Configure calico network pool
|
||||||
shell: calicoctl pool add {{ kube_pods_subnet }}
|
shell: calicoctl pool add {{ kube_pods_subnet }}
|
||||||
environment:
|
run_once: true
|
||||||
ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
|
when: calico_conf.status == 404
|
||||||
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
|
|
||||||
|
- name: Calico | Get calico configuration from etcd
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:2379/v2/keys/calico/v1/ipam/v4/pool"
|
||||||
|
return_content: yes
|
||||||
|
register: calico_pools
|
||||||
|
run_once: true
|
||||||
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
|
|
||||||
|
- name: Calico | Check if calico pool is properly configured
|
||||||
|
fail:
|
||||||
|
msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
|
||||||
|
Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
|
||||||
|
when: ( calico_pools.json['node']['nodes'] | length > 1 ) or
|
||||||
|
( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
|
||||||
run_once: true
|
run_once: true
|
||||||
delegate_to: "{{ groups['etcd'][0] }}"
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
|
|
||||||
|
@ -33,9 +61,13 @@
|
||||||
|
|
||||||
- name: Calico | Disable node mesh
|
- name: Calico | Disable node mesh
|
||||||
shell: calicoctl bgp node-mesh off
|
shell: calicoctl bgp node-mesh off
|
||||||
|
environment:
|
||||||
|
ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
|
||||||
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
||||||
|
|
||||||
- name: Calico | Configure peering with router(s)
|
- name: Calico | Configure peering with router(s)
|
||||||
shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
|
shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
|
||||||
|
environment:
|
||||||
|
ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
|
||||||
with_items: peers
|
with_items: peers
|
||||||
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
kube_network_plugin is not defined
|
kube_network_plugin is not defined
|
||||||
|
|
||||||
- name: Write network-environment
|
- name: Write network-environment
|
||||||
template: src=network-environment.j2 dest=/etc/network-environment mode=u+x
|
template: src=network-environment.j2 dest=/etc/network-environment mode=640
|
||||||
|
|
||||||
- include: flannel.yml
|
- include: flannel.yml
|
||||||
when: kube_network_plugin == "flannel"
|
when: kube_network_plugin == "flannel"
|
||||||
|
|
|
@ -5,7 +5,11 @@ CALICO_IPAM=true
|
||||||
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
|
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
|
||||||
|
|
||||||
# The kubernetes master IP
|
# The kubernetes master IP
|
||||||
|
{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
|
||||||
|
KUBERNETES_MASTER=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}
|
||||||
|
{% else %}
|
||||||
KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
|
KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Location of etcd cluster used by Calico. By default, this uses the etcd
|
# Location of etcd cluster used by Calico. By default, this uses the etcd
|
||||||
# instance running on the Kubernetes Master
|
# instance running on the Kubernetes Master
|
||||||
|
@ -16,7 +20,11 @@ ETCD_AUTHORITY="127.0.0.1:23799"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# The kubernetes-apiserver location - used by the calico plugin
|
# The kubernetes-apiserver location - used by the calico plugin
|
||||||
KUBE_API_ROOT=http://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_insecure_port}}/api/v1/
|
{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
|
||||||
|
KUBE_API_ROOT=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}/api/v1/
|
||||||
|
{% else %}
|
||||||
|
KUBE_API_ROOT=https://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_port}}/api/v1/
|
||||||
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
FLANNEL_ETCD_PREFIX="--etcd-prefix=/{{ cluster_name }}/network"
|
FLANNEL_ETCD_PREFIX="--etcd-prefix=/{{ cluster_name }}/network"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue