Remove etcd-proxy from all nodes and use etcd multiaccess
This commit is contained in:
parent
b63d554eb3
commit
b8ca4e4f45
23 changed files with 55 additions and 380 deletions
|
@ -5,10 +5,6 @@ The following components require a highly available endpoints:
|
||||||
* etcd cluster,
|
* etcd cluster,
|
||||||
* kube-apiserver service instances.
|
* kube-apiserver service instances.
|
||||||
|
|
||||||
The former provides the
|
|
||||||
[etcd-proxy](https://coreos.com/etcd/docs/latest/proxy.html) service to access
|
|
||||||
the cluster members in HA fashion.
|
|
||||||
|
|
||||||
The latter relies on a 3rd side reverse proxies, like Nginx or HAProxy, to
|
The latter relies on a 3rd side reverse proxies, like Nginx or HAProxy, to
|
||||||
achieve the same goal.
|
achieve the same goal.
|
||||||
|
|
||||||
|
@ -57,7 +53,7 @@ type. The following diagram shows how traffic to the apiserver is directed.
|
||||||
|
|
||||||
A user may opt to use an external loadbalancer (LB) instead. An external LB
|
A user may opt to use an external loadbalancer (LB) instead. An external LB
|
||||||
provides access for external clients, while the internal LB accepts client
|
provides access for external clients, while the internal LB accepts client
|
||||||
connections only to the localhost, similarly to the etcd-proxy HA endpoints.
|
connections only to the localhost.
|
||||||
Given a frontend `VIP` address and `IP1, IP2` addresses of backends, here is
|
Given a frontend `VIP` address and `IP1, IP2` addresses of backends, here is
|
||||||
an example configuration for a HAProxy service acting as an external LB:
|
an example configuration for a HAProxy service acting as an external LB:
|
||||||
```
|
```
|
||||||
|
|
|
@ -62,7 +62,7 @@ ndots: 5
|
||||||
# Enable multiaccess to configure clients to access all of the etcd members directly
|
# Enable multiaccess to configure clients to access all of the etcd members directly
|
||||||
# as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers.
|
# as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers.
|
||||||
# This may be the case if clients support and loadbalance multiple etcd servers natively.
|
# This may be the case if clients support and loadbalance multiple etcd servers natively.
|
||||||
etcd_multiaccess: false
|
etcd_multiaccess: true
|
||||||
|
|
||||||
# Assume there are no internal loadbalancers for apiservers exist and listen on
|
# Assume there are no internal loadbalancers for apiservers exist and listen on
|
||||||
# kube_apiserver_port (default 443)
|
# kube_apiserver_port (default 443)
|
||||||
|
|
|
@ -6,21 +6,14 @@
|
||||||
- reload etcd
|
- reload etcd
|
||||||
- wait for etcd up
|
- wait for etcd up
|
||||||
|
|
||||||
- name: restart etcd-proxy
|
|
||||||
command: /bin/true
|
|
||||||
notify:
|
|
||||||
- etcd | reload systemd
|
|
||||||
- reload etcd-proxy
|
|
||||||
- wait for etcd up
|
|
||||||
|
|
||||||
- name: etcd | reload systemd
|
- name: etcd | reload systemd
|
||||||
command: systemctl daemon-reload
|
command: systemctl daemon-reload
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- name: wait for etcd up
|
- name: wait for etcd up
|
||||||
uri: url="http://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
|
uri: url="http://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
|
||||||
register: result
|
register: result
|
||||||
until: result.status == 200
|
until: result.status is defined and result.status == 200
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 5
|
delay: 5
|
||||||
|
|
||||||
|
@ -29,9 +22,3 @@
|
||||||
name: etcd
|
name: etcd
|
||||||
state: restarted
|
state: restarted
|
||||||
when: is_etcd_master
|
when: is_etcd_master
|
||||||
|
|
||||||
- name: reload etcd-proxy
|
|
||||||
service:
|
|
||||||
name: etcd-proxy
|
|
||||||
state: restarted
|
|
||||||
when: is_etcd_proxy
|
|
||||||
|
|
|
@ -26,19 +26,3 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian" and is_etcd_master
|
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian" and is_etcd_master
|
||||||
notify: restart etcd
|
notify: restart etcd
|
||||||
|
|
||||||
- name: Configure | Copy etcd-proxy.service systemd file
|
|
||||||
template:
|
|
||||||
src: "etcd-proxy-{{ etcd_deployment_type }}.service.j2"
|
|
||||||
dest: /etc/systemd/system/etcd-proxy.service
|
|
||||||
backup: yes
|
|
||||||
when: ansible_service_mgr == "systemd" and is_etcd_proxy
|
|
||||||
notify: restart etcd-proxy
|
|
||||||
- name: Configure | Write etcd-proxy initd script
|
|
||||||
template:
|
|
||||||
src: "deb-etcd-proxy-{{ etcd_deployment_type }}.initd.j2"
|
|
||||||
dest: /etc/init.d/etcd-proxy
|
|
||||||
owner: root
|
|
||||||
mode: 0755
|
|
||||||
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian" and is_etcd_proxy
|
|
||||||
notify: restart etcd-proxy
|
|
||||||
|
|
|
@ -1,8 +1,13 @@
|
||||||
---
|
---
|
||||||
|
- include: pre_upgrade.yml
|
||||||
- include: install.yml
|
- include: install.yml
|
||||||
|
when: is_etcd_master
|
||||||
- include: set_cluster_health.yml
|
- include: set_cluster_health.yml
|
||||||
|
when: is_etcd_master
|
||||||
- include: configure.yml
|
- include: configure.yml
|
||||||
|
when: is_etcd_master
|
||||||
- include: refresh_config.yml
|
- include: refresh_config.yml
|
||||||
|
when: is_etcd_master
|
||||||
|
|
||||||
- name: Ensure etcd is running
|
- name: Ensure etcd is running
|
||||||
service:
|
service:
|
||||||
|
@ -11,23 +16,11 @@
|
||||||
enabled: yes
|
enabled: yes
|
||||||
when: is_etcd_master
|
when: is_etcd_master
|
||||||
|
|
||||||
- name: Ensure etcd-proxy is running
|
|
||||||
service:
|
|
||||||
name: etcd-proxy
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
when: is_etcd_proxy
|
|
||||||
|
|
||||||
- name: Restart etcd if binary changed
|
- name: Restart etcd if binary changed
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify: restart etcd
|
notify: restart etcd
|
||||||
when: etcd_deployment_type == "host" and etcd_copy.stdout_lines and is_etcd_master
|
when: etcd_deployment_type == "host" and etcd_copy.stdout_lines and is_etcd_master
|
||||||
|
|
||||||
- name: Restart etcd-proxy if binary changed
|
|
||||||
command: /bin/true
|
|
||||||
notify: restart etcd-proxy
|
|
||||||
when: etcd_deployment_type == "host" and etcd_copy.stdout_lines and is_etcd_proxy
|
|
||||||
|
|
||||||
# Reload systemd before starting service
|
# Reload systemd before starting service
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
@ -35,4 +28,6 @@
|
||||||
# initial state of the cluster is in `existing`
|
# initial state of the cluster is in `existing`
|
||||||
# state insted of `new`.
|
# state insted of `new`.
|
||||||
- include: set_cluster_health.yml
|
- include: set_cluster_health.yml
|
||||||
|
when: is_etcd_master
|
||||||
- include: refresh_config.yml
|
- include: refresh_config.yml
|
||||||
|
when: is_etcd_master
|
||||||
|
|
|
@ -5,10 +5,3 @@
|
||||||
dest: /etc/etcd.env
|
dest: /etc/etcd.env
|
||||||
notify: restart etcd
|
notify: restart etcd
|
||||||
when: is_etcd_master
|
when: is_etcd_master
|
||||||
|
|
||||||
- name: Refresh config | Create etcd-proxy config file
|
|
||||||
template:
|
|
||||||
src: etcd-proxy.j2
|
|
||||||
dest: /etc/etcd-proxy.env
|
|
||||||
notify: restart etcd-proxy
|
|
||||||
when: is_etcd_proxy
|
|
||||||
|
|
|
@ -1,120 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
set -a
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: etcd-proxy
|
|
||||||
# Required-Start: $local_fs $network $syslog
|
|
||||||
# Required-Stop:
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: etcd-proxy
|
|
||||||
# Description:
|
|
||||||
# etcd-proxy is a proxy for etcd: distributed, consistent key-value store for shared configuration and service discovery
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
PATH=/sbin:/usr/sbin:/bin/:/usr/bin
|
|
||||||
DESC="etcd-proxy"
|
|
||||||
NAME=etcd-proxy
|
|
||||||
DAEMON={{ docker_bin_dir | default("/usr/bin") }}/docker
|
|
||||||
DAEMON_EXEC=`basename $DAEMON`
|
|
||||||
DAEMON_ARGS="run --restart=always --env-file=/etc/etcd-proxy.env \
|
|
||||||
--net=host \
|
|
||||||
--stop-signal=SIGKILL \
|
|
||||||
-v /usr/share/ca-certificates/:/etc/ssl/certs:ro \
|
|
||||||
--name={{ etcd_proxy_member_name | default("etcd-proxy") }} \
|
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
|
||||||
{% if etcd_after_v3 %}
|
|
||||||
{{ etcd_container_bin_dir }}etcd
|
|
||||||
{% endif %}"
|
|
||||||
|
|
||||||
|
|
||||||
SCRIPTNAME=/etc/init.d/$NAME
|
|
||||||
DAEMON_USER=root
|
|
||||||
STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
|
|
||||||
PID=/var/run/etcd-proxy.pid
|
|
||||||
|
|
||||||
# Exit if the binary is not present
|
|
||||||
[ -x "$DAEMON" ] || exit 0
|
|
||||||
|
|
||||||
# Define LSB log_* functions.
|
|
||||||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
|
|
||||||
# and status_of_proc is working.
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
do_status()
|
|
||||||
{
|
|
||||||
status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
|
|
||||||
}
|
|
||||||
|
|
||||||
# Function that starts the daemon/service
|
|
||||||
#
|
|
||||||
do_start()
|
|
||||||
{
|
|
||||||
{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_proxy_member_name | default("etcd-proxy") }} &>/dev/null || true
|
|
||||||
sleep 1
|
|
||||||
start-stop-daemon --background --start --quiet --make-pidfile --pidfile $PID --user $DAEMON_USER --exec $DAEMON -- \
|
|
||||||
$DAEMON_ARGS \
|
|
||||||
|| return 2
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Function that stops the daemon/service
|
|
||||||
#
|
|
||||||
do_stop()
|
|
||||||
{
|
|
||||||
start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $DAEMON_EXEC
|
|
||||||
RETVAL="$?"
|
|
||||||
|
|
||||||
sleep 1
|
|
||||||
return "$RETVAL"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
log_daemon_msg "Starting $DESC" "$NAME"
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0|1) log_end_msg 0 || exit 0 ;;
|
|
||||||
2) log_end_msg 1 || exit 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
|
||||||
if do_stop; then
|
|
||||||
log_end_msg 0
|
|
||||||
else
|
|
||||||
log_failure_msg "Can't stop etcd-proxy"
|
|
||||||
log_end_msg 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
if do_status; then
|
|
||||||
log_end_msg 0
|
|
||||||
else
|
|
||||||
log_failure_msg "etcd-proxy is not running"
|
|
||||||
log_end_msg 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart|force-reload)
|
|
||||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
|
||||||
if do_stop; then
|
|
||||||
if do_start; then
|
|
||||||
log_end_msg 0
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
rc="$?"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
rc="$?"
|
|
||||||
fi
|
|
||||||
log_failure_msg "Can't restart etcd-proxy"
|
|
||||||
log_end_msg ${rc}
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
|
|
||||||
exit 3
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
|
@ -1,110 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
set -a
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: etcd-proxy
|
|
||||||
# Required-Start: $local_fs $network $syslog
|
|
||||||
# Required-Stop:
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: etcd-proxy
|
|
||||||
# Description:
|
|
||||||
# etcd-proxy is a proxy for etcd: distributed, consistent key-value store for shared configuration and service discovery
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
|
||||||
DESC="etcd-proxy"
|
|
||||||
NAME=etcd-proxy
|
|
||||||
DAEMON={{ bin_dir }}/etcd
|
|
||||||
DAEMON_ARGS=""
|
|
||||||
SCRIPTNAME=/etc/init.d/$NAME
|
|
||||||
DAEMON_USER=etcd
|
|
||||||
STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
|
|
||||||
PID=/var/run/etcd-proxy.pid
|
|
||||||
|
|
||||||
# Exit if the binary is not present
|
|
||||||
[ -x "$DAEMON" ] || exit 0
|
|
||||||
|
|
||||||
# Read configuration variable file if it is present
|
|
||||||
[ -f /etc/etcd-proxy.env ] && . /etc/etcd-proxy.env
|
|
||||||
|
|
||||||
# Define LSB log_* functions.
|
|
||||||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
|
|
||||||
# and status_of_proc is working.
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
do_status()
|
|
||||||
{
|
|
||||||
status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
|
|
||||||
}
|
|
||||||
|
|
||||||
# Function that starts the daemon/service
|
|
||||||
#
|
|
||||||
do_start()
|
|
||||||
{
|
|
||||||
start-stop-daemon --background --start --quiet --make-pidfile --pidfile $PID --user $DAEMON_USER --exec $DAEMON -- \
|
|
||||||
$DAEMON_ARGS \
|
|
||||||
|| return 2
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Function that stops the daemon/service
|
|
||||||
#
|
|
||||||
do_stop()
|
|
||||||
{
|
|
||||||
start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
|
|
||||||
RETVAL="$?"
|
|
||||||
|
|
||||||
sleep 1
|
|
||||||
return "$RETVAL"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
log_daemon_msg "Starting $DESC" "$NAME"
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0|1) log_end_msg 0 || exit 0 ;;
|
|
||||||
2) log_end_msg 1 || exit 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
|
||||||
if do_stop; then
|
|
||||||
log_end_msg 0
|
|
||||||
else
|
|
||||||
log_failure_msg "Can't stop etcd-proxy"
|
|
||||||
log_end_msg 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
if do_status; then
|
|
||||||
log_end_msg 0
|
|
||||||
else
|
|
||||||
log_failure_msg "etcd-proxy is not running"
|
|
||||||
log_end_msg 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
|
|
||||||
restart|force-reload)
|
|
||||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
|
||||||
if do_stop; then
|
|
||||||
if do_start; then
|
|
||||||
log_end_msg 0
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
rc="$?"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
rc="$?"
|
|
||||||
fi
|
|
||||||
log_failure_msg "Can't restart etcd-proxy"
|
|
||||||
log_end_msg ${rc}
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
|
|
||||||
exit 3
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=etcd-proxy docker wrapper
|
|
||||||
Wants=docker.socket
|
|
||||||
After=docker.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=root
|
|
||||||
PermissionsStartOnly=true
|
|
||||||
ExecStart={{ docker_bin_dir | default("/usr/bin") }}/docker run --restart=always \
|
|
||||||
--env-file=/etc/etcd-proxy.env \
|
|
||||||
{# TODO(mattymo): Allow docker IP binding and disable in envfile
|
|
||||||
-p 2380:2380 -p 2379:2379 #}
|
|
||||||
--net=host \
|
|
||||||
--stop-signal=SIGKILL \
|
|
||||||
-v /usr/share/ca-certificates/:/etc/ssl/certs:ro \
|
|
||||||
--name={{ etcd_proxy_member_name | default("etcd-proxy") }} \
|
|
||||||
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
|
|
||||||
{% if etcd_after_v3 %}
|
|
||||||
{{ etcd_container_bin_dir }}etcd
|
|
||||||
{% endif %}
|
|
||||||
ExecStartPre=-{{ docker_bin_dir | default("/usr/bin") }}/docker rm -f {{ etcd_proxy_member_name | default("etcd-proxy") }}
|
|
||||||
ExecReload={{ docker_bin_dir | default("/usr/bin") }}/docker restart {{ etcd_proxy_member_name | default("etcd-proxy") }}
|
|
||||||
ExecStop={{ docker_bin_dir | default("/usr/bin") }}/docker stop {{ etcd_proxy_member_name | default("etcd-proxy") }}
|
|
||||||
Restart=always
|
|
||||||
RestartSec=15s
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -1,19 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=etcd-proxy
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=notify
|
|
||||||
User=etcd
|
|
||||||
PermissionsStartOnly=true
|
|
||||||
EnvironmentFile=/etc/etcd-proxy.env
|
|
||||||
ExecStart={{ bin_dir }}/etcd
|
|
||||||
ExecStartPre=/bin/mkdir -p /var/lib/etcd-proxy
|
|
||||||
ExecStartPre=/bin/chown -R etcd: /var/lib/etcd-proxy
|
|
||||||
NotifyAccess=all
|
|
||||||
Restart=always
|
|
||||||
RestartSec=10s
|
|
||||||
LimitNOFILE=40000
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -1,5 +0,0 @@
|
||||||
ETCD_DATA_DIR=/var/lib/etcd-proxy
|
|
||||||
ETCD_PROXY=on
|
|
||||||
ETCD_LISTEN_CLIENT_URLS={{ etcd_access_endpoint }}
|
|
||||||
ETCD_NAME={{ etcd_proxy_member_name | default("etcd-proxy") }}
|
|
||||||
ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
|
|
|
@ -3,11 +3,7 @@ ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
|
ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
|
||||||
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
|
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
|
||||||
|
|
||||||
{% if not is_etcd_proxy %}
|
|
||||||
ETCD_LISTEN_CLIENT_URLS=http://{{ etcd_address }}:2379,http://127.0.0.1:2379
|
ETCD_LISTEN_CLIENT_URLS=http://{{ etcd_address }}:2379,http://127.0.0.1:2379
|
||||||
{% else %}
|
|
||||||
ETCD_LISTEN_CLIENT_URLS=http://{{ etcd_address }}:2379
|
|
||||||
{% endif %}
|
|
||||||
ETCD_ELECTION_TIMEOUT=10000
|
ETCD_ELECTION_TIMEOUT=10000
|
||||||
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
|
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
|
||||||
ETCD_LISTEN_PEER_URLS=http://{{ etcd_address }}:2380
|
ETCD_LISTEN_PEER_URLS=http://{{ etcd_address }}:2380
|
||||||
|
|
|
@ -26,7 +26,7 @@ spec:
|
||||||
image: calico/kube-policy-controller:latest
|
image: calico/kube-policy-controller:latest
|
||||||
env:
|
env:
|
||||||
- name: ETCD_ENDPOINTS
|
- name: ETCD_ENDPOINTS
|
||||||
value: "{{ etcd_endpoint }}"
|
value: "{{ etcd_access_endpoint }}"
|
||||||
# Location of the Kubernetes API - this shouldn't need to be
|
# Location of the Kubernetes API - this shouldn't need to be
|
||||||
# changed so long as it is used in conjunction with
|
# changed so long as it is used in conjunction with
|
||||||
# CONFIGURE_ETC_HOSTS="true".
|
# CONFIGURE_ETC_HOSTS="true".
|
||||||
|
@ -38,3 +38,12 @@ spec:
|
||||||
# This removes the need for KubeDNS to resolve the Service.
|
# This removes the need for KubeDNS to resolve the Service.
|
||||||
- name: CONFIGURE_ETC_HOSTS
|
- name: CONFIGURE_ETC_HOSTS
|
||||||
value: "true"
|
value: "true"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: {{ etcd_cert_dir }}
|
||||||
|
name: etcd-certs
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- hostPath:
|
||||||
|
path: {{ etcd_cert_dir }}
|
||||||
|
name: etcd-certs
|
||||||
|
|
||||||
|
|
|
@ -14,12 +14,3 @@
|
||||||
name: kube-apiserver
|
name: kube-apiserver
|
||||||
state: stopped
|
state: stopped
|
||||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
||||||
|
|
||||||
- name: "Pre-upgrade | remove kube-apiserver service definition"
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
|
||||||
with_items:
|
|
||||||
- /etc/systemd/system/kube-apiserver.service
|
|
||||||
- /etc/init.d/kube-apiserver
|
|
||||||
|
|
|
@ -62,3 +62,4 @@ spec:
|
||||||
- hostPath:
|
- hostPath:
|
||||||
path: /var/log/
|
path: /var/log/
|
||||||
name: logfile
|
name: logfile
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
"name": "calico-k8s-network",
|
"name": "calico-k8s-network",
|
||||||
"type": "calico",
|
"type": "calico",
|
||||||
|
"etcd_endpoints": "{{ etcd_access_endpoint }}",
|
||||||
"log_level": "info",
|
"log_level": "info",
|
||||||
"ipam": {
|
"ipam": {
|
||||||
"type": "calico-ipam"
|
"type": "calico-ipam"
|
||||||
|
|
|
@ -45,3 +45,6 @@ openstack_username: "{{ lookup('env','OS_USERNAME') }}"
|
||||||
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
|
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
|
||||||
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
||||||
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
||||||
|
|
||||||
|
# All clients access each node individually, instead of using a load balancer.
|
||||||
|
etcd_multiaccess: true
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
- set_fact:
|
- set_fact:
|
||||||
etcd_access_addresses: |-
|
etcd_access_addresses: |-
|
||||||
{% for item in groups['etcd'] -%}
|
{% for item in groups['etcd'] -%}
|
||||||
http://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2379{% if not loop.last %},{% endif %}
|
http://{{ item }}:2379{% if not loop.last %},{% endif %}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
- set_fact: etcd_access_endpoint="{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
|
- set_fact: etcd_access_endpoint="{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
|
||||||
- set_fact:
|
- set_fact:
|
||||||
|
@ -43,13 +43,6 @@
|
||||||
{% for item in groups['etcd'] -%}
|
{% for item in groups['etcd'] -%}
|
||||||
{{ "etcd"+loop.index|string }}=http://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
|
{{ "etcd"+loop.index|string }}=http://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
- set_fact:
|
|
||||||
etcd_proxy_member_name: |-
|
|
||||||
{% for host in groups['k8s-cluster'] %}
|
|
||||||
{% if inventory_hostname == host %}{{"etcd-proxy"+loop.index|string }}{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
- set_fact:
|
|
||||||
is_etcd_proxy: "{{ inventory_hostname in groups['k8s-cluster'] }}"
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
|
is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
|
||||||
- set_fact:
|
- set_fact:
|
||||||
|
|
|
@ -43,17 +43,21 @@
|
||||||
- name: Calico | wait for etcd
|
- name: Calico | wait for etcd
|
||||||
uri: url=http://localhost:2379/health
|
uri: url=http://localhost:2379/health
|
||||||
register: result
|
register: result
|
||||||
until: result.status == 200
|
until: result.status == 200 or result.status == 401
|
||||||
retries: 10
|
retries: 10
|
||||||
delay: 5
|
delay: 5
|
||||||
when: inventory_hostname in groups['kube-master']
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Check if calico network pool has already been configured
|
- name: Calico | Check if calico network pool has already been configured
|
||||||
uri:
|
command: |-
|
||||||
url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
|
curl \
|
||||||
return_content: yes
|
--cacert {{ etcd_cert_dir }}/ca.pem \
|
||||||
status_code: 200,404
|
--cert {{ etcd_cert_dir}}/admin.pem \
|
||||||
|
--key {{ etcd_cert_dir }}/admin-key.pem \
|
||||||
|
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
||||||
register: calico_conf
|
register: calico_conf
|
||||||
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Define ipip pool argument
|
- name: Calico | Define ipip pool argument
|
||||||
|
@ -79,21 +83,25 @@
|
||||||
environment:
|
environment:
|
||||||
NO_DEFAULT_POOLS: true
|
NO_DEFAULT_POOLS: true
|
||||||
run_once: true
|
run_once: true
|
||||||
when: calico_conf.status == 404 or "nodes" not in calico_conf.content
|
when: '"Key not found" in calico_conf.stdout or "nodes" not in calico_conf.stdout'
|
||||||
|
|
||||||
- name: Calico | Get calico configuration from etcd
|
- name: Calico | Get calico configuration from etcd
|
||||||
uri:
|
command: |-
|
||||||
url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
|
curl http://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
|
||||||
return_content: yes
|
register: calico_pools_raw
|
||||||
register: calico_pools
|
delegate_to: "{{groups['etcd'][0]}}"
|
||||||
|
run_once: true
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Check if calico pool is properly configured
|
- name: Calico | Check if calico pool is properly configured
|
||||||
fail:
|
fail:
|
||||||
msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
|
msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
|
||||||
Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
|
Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
|
||||||
when: ( calico_pools.json['node']['nodes'] | length > 1 ) or
|
when: ( calico_pools['node']['nodes'] | length > 1 ) or
|
||||||
( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
|
( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calico | Write /etc/network-environment
|
- name: Calico | Write /etc/network-environment
|
||||||
|
@ -131,4 +139,3 @@
|
||||||
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
|
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
|
||||||
with_items: peers
|
with_items: peers
|
||||||
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Calico per-node agent
|
Description=Calico per-node agent
|
||||||
Documentation=https://github.com/projectcalico/calico-docker
|
Documentation=https://github.com/projectcalico/calico-docker
|
||||||
After=docker.service docker.socket etcd-proxy.service
|
After=docker.service docker.socket
|
||||||
Wants=docker.socket etcd-proxy.service
|
Wants=docker.socket
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
User=root
|
User=root
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
/usr/bin/docker run --privileged --rm \
|
/usr/bin/docker run --privileged --rm \
|
||||||
--net=host --pid=host -e ETCD_AUTHORITY={{ etcd_authority }} \
|
--net=host --pid=host \
|
||||||
|
-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \
|
||||||
-v /usr/bin/docker:/usr/bin/docker \
|
-v /usr/bin/docker:/usr/bin/docker \
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
-v /var/run/calico:/var/run/calico \
|
-v /var/run/calico:/var/run/calico \
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
|
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
|
||||||
|
|
||||||
# The Kubernetes master IP
|
# The Kubernetes master IP
|
||||||
KUBERNETES_MASTER={{ first_kube_master }}
|
KUBERNETES_MASTER={{ kube_apiserver_endpoint }}
|
||||||
|
|
||||||
# IP and port of etcd instance used by Calico
|
# IP and port of etcd instance used by Calico
|
||||||
ETCD_AUTHORITY={{ etcd_authority }}
|
ETCD_ENDPOINTS={{ etcd_access_endpoint }}
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
args:
|
args:
|
||||||
- "--network-config=/etc/flannel-network.json"
|
- "--network-config=/etc/flannel-network.json"
|
||||||
- "--etcd-prefix=/{{ cluster_name }}/network"
|
- "--etcd-prefix=/{{ cluster_name }}/network"
|
||||||
- "--etcd-server={{ etcd_endpoint }}"
|
- "--etcd-endpoints={{ etcd_access_endpoint }}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: "networkconfig"
|
- name: "networkconfig"
|
||||||
mountPath: "/etc/flannel-network.json"
|
mountPath: "/etc/flannel-network.json"
|
||||||
|
|
Loading…
Reference in a new issue