Merge branch 'master' into reverselookups

This commit is contained in:
Matthew Mosesohn 2016-10-05 14:46:47 +03:00 committed by GitHub
commit de543fed5f
7 changed files with 23 additions and 23 deletions

View file

@ -1,7 +1,7 @@
AWS AWS
=============== ===============
To deploy kubespray on [AWS](https://www.openstack.org/) uncomment the `cloud_provider` option in `group_vars/all.yml` and set it to `'aws'`. To deploy kubespray on [AWS](https://aws.amazon.com/) uncomment the `cloud_provider` option in `group_vars/all.yml` and set it to `'aws'`.
Prior to creating your instances, you **must** ensure that you have created IAM roles and policies for both "kubernetes-master" and "kubernetes-node". You can find the IAM policies [here](https://github.com/kubernetes/kubernetes/tree/master/cluster/aws/templates/iam). See the [IAM Documentation](https://aws.amazon.com/documentation/iam/) if guidance is needed on how to set these up. When you bring your instances online, associate them with the respective IAM role. Nodes that are only to be used for Etcd do not need a role. Prior to creating your instances, you **must** ensure that you have created IAM roles and policies for both "kubernetes-master" and "kubernetes-node". You can find the IAM policies [here](https://github.com/kubernetes/kubernetes/tree/master/cluster/aws/templates/iam). See the [IAM Documentation](https://aws.amazon.com/documentation/iam/) if guidance is needed on how to set these up. When you bring your instances online, associate them with the respective IAM role. Nodes that are only to be used for Etcd do not need a role.

View file

@ -9,8 +9,6 @@
- name: Create dest directories - name: Create dest directories
file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
when: "{{ download.enabled|bool and not download.container|bool }}" when: "{{ download.enabled|bool and not download.container|bool }}"
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
run_once: "{{ download_run_once|bool }}"
- name: Download items - name: Download items
get_url: get_url:
@ -24,8 +22,6 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
when: "{{ download.enabled|bool and not download.container|bool }}" when: "{{ download.enabled|bool and not download.container|bool }}"
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
run_once: "{{ download_run_once|bool }}"
- name: Extract archives - name: Extract archives
unarchive: unarchive:
@ -35,8 +31,6 @@
mode: "{{ download.mode|default(omit) }}" mode: "{{ download.mode|default(omit) }}"
copy: no copy: no
when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}" when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}"
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
run_once: "{{ download_run_once|bool }}"
- name: Fix permissions - name: Fix permissions
file: file:
@ -45,8 +39,6 @@
owner: "{{ download.owner|default(omit) }}" owner: "{{ download.owner|default(omit) }}"
mode: "{{ download.mode|default(omit) }}" mode: "{{ download.mode|default(omit) }}"
when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}" when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}"
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
run_once: "{{ download_run_once|bool }}"
- name: pulling... - name: pulling...
debug: debug:
@ -65,7 +57,7 @@
retries: 4 retries: 4
delay: "{{ retry_stagger | random + 3 }}" delay: "{{ retry_stagger | random + 3 }}"
when: "{{ download.enabled|bool and download.container|bool }}" when: "{{ download.enabled|bool and download.container|bool }}"
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}" delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else inventory_hostname }}"
run_once: "{{ download_run_once|bool }}" run_once: "{{ download_run_once|bool }}"
- set_fact: - set_fact:

View file

@ -13,6 +13,7 @@ spec:
- apiserver - apiserver
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }} - --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
- --etcd-servers={{ etcd_access_endpoint }} - --etcd-servers={{ etcd_access_endpoint }}
- --etcd-quorum-read=true
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }} - --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
- --apiserver-count={{ kube_apiserver_count }} - --apiserver-count={{ kube_apiserver_count }}
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota - --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota

View file

@ -8,6 +8,9 @@ kube_resolv_conf: "/etc/resolv.conf"
kube_proxy_mode: iptables kube_proxy_mode: iptables
# If using the pure iptables proxy, SNAT everything
kube_proxy_masquerade_all: true
# kube_api_runtime_config: # kube_api_runtime_config:
# - extensions/v1beta1/daemonsets=true # - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true # - extensions/v1beta1/deployments=true

View file

@ -18,6 +18,9 @@ spec:
{% endif %} {% endif %}
- --bind-address={{ ip | default(ansible_default_ipv4.address) }} - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
- --proxy-mode={{ kube_proxy_mode }} - --proxy-mode={{ kube_proxy_mode }}
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
- --masquerade-all
{% endif %}
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:

View file

@ -5,5 +5,6 @@ nat_outgoing: true
# Use IP-over-IP encapsulation across hosts # Use IP-over-IP encapsulation across hosts
ipip: false ipip: false
# cloud_provider can only be set to 'gce' or 'aws' # Set to true if you want your calico cni binaries to overwrite the
# cloud_provider: # ones from hyperkube while leaving other cni plugins intact.
overwrite_hyperkube_cni: false

View file

@ -32,18 +32,8 @@
use_hyperkube_cni: true use_hyperkube_cni: true
when: kube_version | version_compare('v1.3.4','>=') when: kube_version | version_compare('v1.3.4','>=')
- name: Calico | Install calico cni bin
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
changed_when: false
when: "{{ not use_hyperkube_cni|bool }}"
- name: Calico | Install calico-ipam cni bin
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
changed_when: false
when: "{{ not use_hyperkube_cni|bool }}"
- name: Calico | Copy cni plugins from hyperkube - name: Calico | Copy cni plugins from hyperkube
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/" command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
register: cni_task_result register: cni_task_result
until: cni_task_result.rc == 0 until: cni_task_result.rc == 0
retries: 4 retries: 4
@ -51,6 +41,16 @@
changed_when: false changed_when: false
when: "{{ use_hyperkube_cni|bool }}" when: "{{ use_hyperkube_cni|bool }}"
- name: Calico | Install calico cni bin
command: rsync -pi "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
changed_when: false
when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
- name: Calico | Install calico-ipam cni bin
command: rsync -pi "{{ local_release_dir }}/calico/bin/calico-ipam" "/opt/cni/bin/calico-ipam"
changed_when: false
when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
- name: Calico | wait for etcd - name: Calico | wait for etcd
uri: url=http://localhost:2379/health uri: url=http://localhost:2379/health
register: result register: result