Merge branch 'master' into reverselookups
This commit is contained in:
commit
de543fed5f
7 changed files with 23 additions and 23 deletions
|
@ -1,7 +1,7 @@
|
||||||
AWS
|
AWS
|
||||||
===============
|
===============
|
||||||
|
|
||||||
To deploy kubespray on [AWS](https://www.openstack.org/) uncomment the `cloud_provider` option in `group_vars/all.yml` and set it to `'aws'`.
|
To deploy kubespray on [AWS](https://aws.amazon.com/) uncomment the `cloud_provider` option in `group_vars/all.yml` and set it to `'aws'`.
|
||||||
|
|
||||||
Prior to creating your instances, you **must** ensure that you have created IAM roles and policies for both "kubernetes-master" and "kubernetes-node". You can find the IAM policies [here](https://github.com/kubernetes/kubernetes/tree/master/cluster/aws/templates/iam). See the [IAM Documentation](https://aws.amazon.com/documentation/iam/) if guidance is needed on how to set these up. When you bring your instances online, associate them with the respective IAM role. Nodes that are only to be used for Etcd do not need a role.
|
Prior to creating your instances, you **must** ensure that you have created IAM roles and policies for both "kubernetes-master" and "kubernetes-node". You can find the IAM policies [here](https://github.com/kubernetes/kubernetes/tree/master/cluster/aws/templates/iam). See the [IAM Documentation](https://aws.amazon.com/documentation/iam/) if guidance is needed on how to set these up. When you bring your instances online, associate them with the respective IAM role. Nodes that are only to be used for Etcd do not need a role.
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,6 @@
|
||||||
- name: Create dest directories
|
- name: Create dest directories
|
||||||
file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
|
file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
|
||||||
when: "{{ download.enabled|bool and not download.container|bool }}"
|
when: "{{ download.enabled|bool and not download.container|bool }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
|
||||||
|
|
||||||
- name: Download items
|
- name: Download items
|
||||||
get_url:
|
get_url:
|
||||||
|
@ -24,8 +22,6 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: "{{ download.enabled|bool and not download.container|bool }}"
|
when: "{{ download.enabled|bool and not download.container|bool }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
|
||||||
|
|
||||||
- name: Extract archives
|
- name: Extract archives
|
||||||
unarchive:
|
unarchive:
|
||||||
|
@ -35,8 +31,6 @@
|
||||||
mode: "{{ download.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
copy: no
|
copy: no
|
||||||
when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}"
|
when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
|
||||||
|
|
||||||
- name: Fix permissions
|
- name: Fix permissions
|
||||||
file:
|
file:
|
||||||
|
@ -45,8 +39,6 @@
|
||||||
owner: "{{ download.owner|default(omit) }}"
|
owner: "{{ download.owner|default(omit) }}"
|
||||||
mode: "{{ download.mode|default(omit) }}"
|
mode: "{{ download.mode|default(omit) }}"
|
||||||
when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}"
|
when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
|
|
||||||
run_once: "{{ download_run_once|bool }}"
|
|
||||||
|
|
||||||
- name: pulling...
|
- name: pulling...
|
||||||
debug:
|
debug:
|
||||||
|
@ -65,7 +57,7 @@
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
when: "{{ download.enabled|bool and download.container|bool }}"
|
when: "{{ download.enabled|bool and download.container|bool }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
|
delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else inventory_hostname }}"
|
||||||
run_once: "{{ download_run_once|bool }}"
|
run_once: "{{ download_run_once|bool }}"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
|
|
|
@ -13,6 +13,7 @@ spec:
|
||||||
- apiserver
|
- apiserver
|
||||||
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --etcd-servers={{ etcd_access_endpoint }}
|
- --etcd-servers={{ etcd_access_endpoint }}
|
||||||
|
- --etcd-quorum-read=true
|
||||||
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
|
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
|
||||||
- --apiserver-count={{ kube_apiserver_count }}
|
- --apiserver-count={{ kube_apiserver_count }}
|
||||||
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota
|
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota
|
||||||
|
|
|
@ -8,6 +8,9 @@ kube_resolv_conf: "/etc/resolv.conf"
|
||||||
|
|
||||||
kube_proxy_mode: iptables
|
kube_proxy_mode: iptables
|
||||||
|
|
||||||
|
# If using the pure iptables proxy, SNAT everything
|
||||||
|
kube_proxy_masquerade_all: true
|
||||||
|
|
||||||
# kube_api_runtime_config:
|
# kube_api_runtime_config:
|
||||||
# - extensions/v1beta1/daemonsets=true
|
# - extensions/v1beta1/daemonsets=true
|
||||||
# - extensions/v1beta1/deployments=true
|
# - extensions/v1beta1/deployments=true
|
||||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --proxy-mode={{ kube_proxy_mode }}
|
- --proxy-mode={{ kube_proxy_mode }}
|
||||||
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
||||||
|
- --masquerade-all
|
||||||
|
{% endif %}
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|
|
@ -5,5 +5,6 @@ nat_outgoing: true
|
||||||
# Use IP-over-IP encapsulation across hosts
|
# Use IP-over-IP encapsulation across hosts
|
||||||
ipip: false
|
ipip: false
|
||||||
|
|
||||||
# cloud_provider can only be set to 'gce' or 'aws'
|
# Set to true if you want your calico cni binaries to overwrite the
|
||||||
# cloud_provider:
|
# ones from hyperkube while leaving other cni plugins intact.
|
||||||
|
overwrite_hyperkube_cni: false
|
||||||
|
|
|
@ -32,18 +32,8 @@
|
||||||
use_hyperkube_cni: true
|
use_hyperkube_cni: true
|
||||||
when: kube_version | version_compare('v1.3.4','>=')
|
when: kube_version | version_compare('v1.3.4','>=')
|
||||||
|
|
||||||
- name: Calico | Install calico cni bin
|
|
||||||
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
|
|
||||||
changed_when: false
|
|
||||||
when: "{{ not use_hyperkube_cni|bool }}"
|
|
||||||
|
|
||||||
- name: Calico | Install calico-ipam cni bin
|
|
||||||
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
|
|
||||||
changed_when: false
|
|
||||||
when: "{{ not use_hyperkube_cni|bool }}"
|
|
||||||
|
|
||||||
- name: Calico | Copy cni plugins from hyperkube
|
- name: Calico | Copy cni plugins from hyperkube
|
||||||
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
|
command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
|
||||||
register: cni_task_result
|
register: cni_task_result
|
||||||
until: cni_task_result.rc == 0
|
until: cni_task_result.rc == 0
|
||||||
retries: 4
|
retries: 4
|
||||||
|
@ -51,6 +41,16 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: "{{ use_hyperkube_cni|bool }}"
|
when: "{{ use_hyperkube_cni|bool }}"
|
||||||
|
|
||||||
|
- name: Calico | Install calico cni bin
|
||||||
|
command: rsync -pi "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
|
||||||
|
changed_when: false
|
||||||
|
when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
|
||||||
|
|
||||||
|
- name: Calico | Install calico-ipam cni bin
|
||||||
|
command: rsync -pi "{{ local_release_dir }}/calico/bin/calico-ipam" "/opt/cni/bin/calico-ipam"
|
||||||
|
changed_when: false
|
||||||
|
when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
|
||||||
|
|
||||||
- name: Calico | wait for etcd
|
- name: Calico | wait for etcd
|
||||||
uri: url=http://localhost:2379/health
|
uri: url=http://localhost:2379/health
|
||||||
register: result
|
register: result
|
||||||
|
|
Loading…
Reference in a new issue