Merge pull request #3200 from pablodav/feature/k8s_win_v1.11
Required support to start working on windows node support
This commit is contained in:
commit
db11394711
19 changed files with 85 additions and 1 deletions
|
@ -94,6 +94,7 @@
|
||||||
roles:
|
roles:
|
||||||
- { role: kubespray-defaults}
|
- { role: kubespray-defaults}
|
||||||
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
|
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
|
||||||
|
- { role: win_nodes/kubernetes_patch, tags: win_nodes, when: "kubeadm_enabled" }
|
||||||
|
|
||||||
- hosts: kube-master
|
- hosts: kube-master
|
||||||
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
|
||||||
|
|
|
@ -52,3 +52,6 @@ spec:
|
||||||
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
|
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v={{ kube_log_level }}
|
- --v={{ kube_log_level }}
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
|
|
|
@ -24,6 +24,9 @@ spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
operator: Exists
|
operator: Exists
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: dnsmasq
|
- name: dnsmasq
|
||||||
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
|
image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
|
||||||
|
|
|
@ -138,6 +138,15 @@
|
||||||
msg: "{{available_packages}}"
|
msg: "{{available_packages}}"
|
||||||
when: docker_task_result|failed
|
when: docker_task_result|failed
|
||||||
|
|
||||||
|
# This is required to ensure any apt upgrade will not break kubernetes
|
||||||
|
- name: Set docker pin priority to apt_preferences on Debian family
|
||||||
|
template:
|
||||||
|
src: "apt_preferences.d/debian_docker.j2"
|
||||||
|
dest: "/etc/apt/preferences.d/docker"
|
||||||
|
owner: "root"
|
||||||
|
mode: 0644
|
||||||
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse"] or is_atomic)
|
||||||
|
|
||||||
- name: ensure service is started if docker packages are already present
|
- name: ensure service is started if docker packages are already present
|
||||||
service:
|
service:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
Package: docker-ce
|
||||||
|
Pin: version {{ docker_version }}.*
|
||||||
|
Pin-Priority: 1001
|
|
@ -6,7 +6,6 @@
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
- include_tasks: "gen_certs_{{ cert_management }}.yml"
|
- include_tasks: "gen_certs_{{ cert_management }}.yml"
|
||||||
when:
|
|
||||||
tags:
|
tags:
|
||||||
- etcd-secrets
|
- etcd-secrets
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,9 @@ spec:
|
||||||
labels:
|
labels:
|
||||||
k8s-app: kubedns-autoscaler
|
k8s-app: kubedns-autoscaler
|
||||||
spec:
|
spec:
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
operator: Equal
|
operator: Equal
|
||||||
|
|
|
@ -27,6 +27,9 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||||
spec:
|
spec:
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: "CriticalAddonsOnly"
|
- key: "CriticalAddonsOnly"
|
||||||
operator: "Exists"
|
operator: "Exists"
|
||||||
|
|
|
@ -15,6 +15,9 @@ spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
operator: Exists
|
operator: Exists
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: netchecker-agent
|
- name: netchecker-agent
|
||||||
image: "{{ agent_img }}"
|
image: "{{ agent_img }}"
|
||||||
|
|
|
@ -13,6 +13,9 @@ spec:
|
||||||
app: netchecker-agent-hostnet
|
app: netchecker-agent-hostnet
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: True
|
hostNetwork: True
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -29,6 +29,9 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
serviceAccountName: efk
|
serviceAccountName: efk
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: fluentd-es
|
- name: fluentd-es
|
||||||
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"
|
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"
|
||||||
|
|
|
@ -42,3 +42,6 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
memory: 20Mi
|
memory: 20Mi
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
|
|
|
@ -121,6 +121,7 @@
|
||||||
--ignore-preflight-errors=all
|
--ignore-preflight-errors=all
|
||||||
--allow-experimental-upgrades
|
--allow-experimental-upgrades
|
||||||
--allow-release-candidate-upgrades
|
--allow-release-candidate-upgrades
|
||||||
|
--force
|
||||||
register: kubeadm_upgrade
|
register: kubeadm_upgrade
|
||||||
# Retry is because upload config sometimes fails
|
# Retry is because upload config sometimes fails
|
||||||
retries: 3
|
retries: 3
|
||||||
|
|
|
@ -12,6 +12,9 @@ spec:
|
||||||
{% if kube_version | version_compare('v1.6', '>=') %}
|
{% if kube_version | version_compare('v1.6', '>=') %}
|
||||||
dnsPolicy: ClusterFirst
|
dnsPolicy: ClusterFirst
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: kube-proxy
|
- name: kube-proxy
|
||||||
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
||||||
|
|
|
@ -7,6 +7,9 @@ metadata:
|
||||||
k8s-app: kube-nginx
|
k8s-app: kube-nginx
|
||||||
spec:
|
spec:
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: nginx-proxy
|
- name: nginx-proxy
|
||||||
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
|
image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
|
||||||
|
|
|
@ -53,6 +53,9 @@ spec:
|
||||||
k8s-app: flannel
|
k8s-app: flannel
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: flannel
|
serviceAccountName: flannel
|
||||||
|
# When having win nodes in cluster without this patch, this pod cloud try to be created in windows
|
||||||
|
nodeSelector:
|
||||||
|
beta.kubernetes.io/os: linux
|
||||||
containers:
|
containers:
|
||||||
- name: kube-flannel
|
- name: kube-flannel
|
||||||
image: {{ flannel_image_repo }}:{{ flannel_image_tag }}
|
image: {{ flannel_image_repo }}:{{ flannel_image_tag }}
|
||||||
|
|
3
roles/win_nodes/kubernetes_patch/defaults/main.yml
Normal file
3
roles/win_nodes/kubernetes_patch/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
kubernetes_user_manifests_path: "{{ ansible_env.HOME }}/kube-manifests"
|
|
@ -0,0 +1 @@
|
||||||
|
{"spec":{"template":{"spec":{"nodeSelector":{"beta.kubernetes.io/os":"linux"}}}}}
|
34
roles/win_nodes/kubernetes_patch/tasks/main.yml
Normal file
34
roles/win_nodes/kubernetes_patch/tasks/main.yml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure that user manifests directory exists
|
||||||
|
file:
|
||||||
|
path: "{{ kubernetes_user_manifests_path }}/kubernetes"
|
||||||
|
state: directory
|
||||||
|
recurse: yes
|
||||||
|
tags: [init, cni]
|
||||||
|
|
||||||
|
- name: Apply kube-proxy nodeselector
|
||||||
|
block:
|
||||||
|
- name: Copy kube-proxy daemonset nodeselector patch
|
||||||
|
copy:
|
||||||
|
src: nodeselector-os-linux-patch.json
|
||||||
|
dest: "{{ kubernetes_user_manifests_path }}/nodeselector-os-linux-patch.json"
|
||||||
|
|
||||||
|
# Due to https://github.com/kubernetes/kubernetes/issues/58212 we cannot rely on exit code for "kubectl patch"
|
||||||
|
- name: Check current nodeselector for kube-proxy daemonset
|
||||||
|
shell: kubectl get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.nodeSelector.beta\.kubernetes\.io/os}'
|
||||||
|
register: current_kube_proxy_state
|
||||||
|
|
||||||
|
- name: Apply nodeselector patch for kube-proxy daemonset
|
||||||
|
shell: kubectl patch ds kube-proxy --namespace=kube-system --type=strategic -p "$(cat nodeselector-os-linux-patch.json)"
|
||||||
|
args:
|
||||||
|
chdir: "{{ kubernetes_user_manifests_path }}"
|
||||||
|
register: patch_kube_proxy_state
|
||||||
|
when: current_kube_proxy_state.stdout | trim | lower != "linux"
|
||||||
|
|
||||||
|
- debug: msg={{ patch_kube_proxy_state.stdout_lines }}
|
||||||
|
when: patch_kube_proxy_state is not skipped
|
||||||
|
|
||||||
|
- debug: msg={{ patch_kube_proxy_state.stderr_lines }}
|
||||||
|
when: patch_kube_proxy_state is not skipped
|
||||||
|
tags: init
|
Loading…
Reference in a new issue