C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use bin_dir for kubeadm

Browse source
This commit is contained in:
Matthew Mosesohn 2017-09-21 20:44:38 +01:00
parent bc9085a86a
commit e04467fe34
5 changed files with 15 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
roles/kubernetes-apps/rotate_tokens/tasks/rotate_tokens.yml → roles/kubernetes-apps/rotate_tokens/tasks/main.yml
View file

@ -3,7 +3,6 @@
command: >- command: >-
{{ bin_dir }}/kubectl get pods --all-namespaces {{ bin_dir }}/kubectl get pods --all-namespaces
-o 'jsonpath={range .items[*]}{.metadata.namespace}{" "}{.metadata.name}{" "}{.spec.volumes[*].name}{"\n"}{end}' -o 'jsonpath={range .items[*]}{.metadata.namespace}{" "}{.metadata.name}{" "}{.spec.volumes[*].name}{"\n"}{end}'
register: pods_secrets register: pods_secrets
run_once: true run_once: true
@ -15,28 +14,12 @@
register: tokens_to_delete register: tokens_to_delete
run_once: true run_once: true
- name: view pods_secrets
debug: msg="{{ pods_secrets.stdout_lines }}"
- name: view pods_secrets2
#debug: msg="{{ item.split(" ")[0] }}"
debug: msg="{{ item.split(" ")[0] }} {{ item.split(" ")[1] }}"
with_items: "{{ tokens_to_delete.stdout_lines }}"
- name: Rotate Tokens | Delete expired tokens - name: Rotate Tokens | Delete expired tokens
command: "{{ bin_dir }}/kubectl delete secrets -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}" command: "{{ bin_dir }}/kubectl delete secrets -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}"
with_items: "{{ tokens_to_delete.stdout_lines }}" with_items: "{{ tokens_to_delete.stdout_lines }}"
run_once: true run_once: true
- set_fact: - name: Rotate Tokens | Delete pods
t2d: |-
["default default-token-38nh5",
"kube-public default-token-cx54r",
"kube-system default-token-d6dfh",
"default default-token-b58hs"
]
- name: Rotate Tokens | Delete pods with default tokens
command: "{{ bin_dir }}/kubectl delete pod -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}" command: "{{ bin_dir }}/kubectl delete pod -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}"
with_items: "{{ pods_secrets.stdout_lines }}" with_items: "{{ pods_secrets.stdout_lines }}"
register: delete_pods register: delete_pods

2
roles/kubernetes/kubeadm/tasks/main.yml
View file

@ -24,7 +24,7 @@
register: kubeadm_client_conf register: kubeadm_client_conf
- name: Join to cluster if needed - name: Join to cluster if needed
command: kubeadm join --config {{ kube_config_dir}}/kubeadm-client.conf --skip-preflight-checks command: "{{ bin_dir }}/kubeadm join --config {{ kube_config_dir}}/kubeadm-client.conf --skip-preflight-checks"
register: kubeadm_join register: kubeadm_join
when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists) when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)

14
roles/kubernetes/master/tasks/kubeadm-setup.yml
View file

@ -61,20 +61,22 @@
register: kubeadm_config register: kubeadm_config
- name: kubeadm | Initialize first master - name: kubeadm | Initialize first master
command: timeout -k 240s 240s kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
register: kubeadm_init register: kubeadm_init
#Retry is because upload config sometimes fails #Retry is because upload config sometimes fails
retries: 3 retries: 3
when: inventory_hostname == groups['kube-master']|first and not admin_conf.stat.exists when: inventory_hostname == groups['kube-master']|first and not admin_conf.stat.exists
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
notify: Master | restart kubelet
- name: kubeadm | Upgrade first master - name: kubeadm | Upgrade first master
command: timeout -k 240s 240s kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks command: timeout -k 240s 240s {{ bin_dir }}/kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks
register: kubeadm_upgrade register: kubeadm_upgrade
#Retry is because upload config sometimes fails #Retry is because upload config sometimes fails
retries: 3 retries: 3
when: inventory_hostname == groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists) when: inventory_hostname == groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists)
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
notify: Master | restart kubelet
- name: slurp kubeadm certs - name: slurp kubeadm certs
slurp: slurp:
@ -109,16 +111,18 @@
when: inventory_hostname != groups['kube-master']|first when: inventory_hostname != groups['kube-master']|first
- name: kubeadm | Init other uninitialized masters - name: kubeadm | Init other uninitialized masters
command: timeout -k 240s 240s kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
register: kubeadm_init register: kubeadm_init
when: inventory_hostname != groups['kube-master']|first and not admin_conf.stat.exists when: inventory_hostname != groups['kube-master']|first and not admin_conf.stat.exists
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
notify: Master | restart kubelet
- name: kubeadm | Upgrade first master - name: kubeadm | Upgrade other masters
command: timeout -k 240s 240s kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks command: timeout -k 240s 240s {{ bin_dir }}/kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks
register: kubeadm_upgrade register: kubeadm_upgrade
when: inventory_hostname != groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists) when: inventory_hostname != groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists)
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
notify: Master | restart kubelet
- name: kubeadm | Check service account key again - name: kubeadm | Check service account key again
stat: stat:

5
tests/testcases/030_check-network.yml
View file

@ -16,7 +16,10 @@
- name: Get pod names - name: Get pod names
shell: "{{bin_dir}}/kubectl get pods -o json" shell: "{{bin_dir}}/kubectl get pods -o json"
register: pods register: pods
until: '"ContainerCreating" not in pods.stdout and "Terminating" not in pods.stdout' until:
- '"ContainerCreating" not in pods.stdout'
- '"Pending" not in pods.stdout'
- '"Terminating" not in pods.stdout'
retries: 60 retries: 60
delay: 2 delay: 2
no_log: true no_log: true

1
upgrade-cluster.yml
View file

@ -67,7 +67,6 @@
- { role: kubernetes/node, tags: node } - { role: kubernetes/node, tags: node }
- { role: kubernetes/master, tags: master } - { role: kubernetes/master, tags: master }
- { role: network_plugin, tags: network } - { role: network_plugin, tags: network }
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
- { role: upgrade/post-upgrade, tags: post-upgrade } - { role: upgrade/post-upgrade, tags: post-upgrade }
#Finally handle worker upgrades, based on given batch size #Finally handle worker upgrades, based on given batch size