Merge branch 'master' into opencontrail
This commit is contained in:
commit
ed27e6856c
83 changed files with 20835 additions and 18166 deletions
53
.gitmodules
vendored
53
.gitmodules
vendored
|
@ -1,53 +0,0 @@
|
|||
[submodule "roles/apps/k8s-kube-ui"]
|
||||
path = roles/apps/k8s-kube-ui
|
||||
url = https://github.com/ansibl8s/k8s-kube-ui.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-kubedns"]
|
||||
path = roles/apps/k8s-kubedns
|
||||
url = https://github.com/ansibl8s/k8s-kubedns.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-common"]
|
||||
path = roles/apps/k8s-common
|
||||
url = https://github.com/ansibl8s/k8s-common.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-redis"]
|
||||
path = roles/apps/k8s-redis
|
||||
url = https://github.com/ansibl8s/k8s-redis.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-elasticsearch"]
|
||||
path = roles/apps/k8s-elasticsearch
|
||||
url = https://github.com/ansibl8s/k8s-elasticsearch.git
|
||||
[submodule "roles/apps/k8s-fabric8"]
|
||||
path = roles/apps/k8s-fabric8
|
||||
url = https://github.com/ansibl8s/k8s-fabric8.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-memcached"]
|
||||
path = roles/apps/k8s-memcached
|
||||
url = https://github.com/ansibl8s/k8s-memcached.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-postgres"]
|
||||
path = roles/apps/k8s-postgres
|
||||
url = https://github.com/ansibl8s/k8s-postgres.git
|
||||
branch = v1.0
|
||||
[submodule "roles/apps/k8s-kubedash"]
|
||||
path = roles/apps/k8s-kubedash
|
||||
url = https://github.com/ansibl8s/k8s-kubedash.git
|
||||
[submodule "roles/apps/k8s-heapster"]
|
||||
path = roles/apps/k8s-heapster
|
||||
url = https://github.com/ansibl8s/k8s-heapster.git
|
||||
[submodule "roles/apps/k8s-influxdb"]
|
||||
path = roles/apps/k8s-influxdb
|
||||
url = https://github.com/ansibl8s/k8s-influxdb.git
|
||||
[submodule "roles/apps/k8s-kube-logstash"]
|
||||
path = roles/apps/k8s-kube-logstash
|
||||
url = https://github.com/ansibl8s/k8s-kube-logstash.git
|
||||
[submodule "roles/apps/k8s-etcd"]
|
||||
path = roles/apps/k8s-etcd
|
||||
url = https://github.com/ansibl8s/k8s-etcd.git
|
||||
[submodule "roles/apps/k8s-rabbitmq"]
|
||||
path = roles/apps/k8s-rabbitmq
|
||||
url = https://github.com/ansibl8s/k8s-rabbitmq.git
|
||||
[submodule "roles/apps/k8s-pgbouncer"]
|
||||
path = roles/apps/k8s-pgbouncer
|
||||
url = https://github.com/ansibl8s/k8s-pgbouncer.git
|
||||
branch = v1.0
|
36
.travis.yml
36
.travis.yml
|
@ -15,27 +15,27 @@ env:
|
|||
# Debian Jessie
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=flannel
|
||||
CLOUD_IMAGE=debian-8
|
||||
CLOUD_IMAGE=debian-8-kubespray
|
||||
CLOUD_REGION=europe-west1-b
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=calico
|
||||
CLOUD_IMAGE=debian-8
|
||||
CLOUD_REGION=europe-west1-b
|
||||
CLOUD_IMAGE=debian-8-kubespray
|
||||
CLOUD_REGION=us-central1-c
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=weave
|
||||
CLOUD_IMAGE=debian-8
|
||||
CLOUD_REGION=europe-west1-b
|
||||
CLOUD_IMAGE=debian-8-kubespray
|
||||
CLOUD_REGION=us-east1-d
|
||||
|
||||
# Centos 7
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=flannel
|
||||
CLOUD_IMAGE=centos-7-sudo
|
||||
CLOUD_REGION=us-central1-c
|
||||
CLOUD_REGION=asia-east1-c
|
||||
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=calico
|
||||
CLOUD_IMAGE=centos-7-sudo
|
||||
CLOUD_REGION=us-central1-c
|
||||
CLOUD_REGION=europe-west1-b
|
||||
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=weave
|
||||
|
@ -51,32 +51,32 @@ env:
|
|||
- >-
|
||||
KUBE_NETWORK_PLUGIN=calico
|
||||
CLOUD_IMAGE=rhel-7-sudo
|
||||
CLOUD_REGION=us-east1-d
|
||||
CLOUD_REGION=asia-east1-c
|
||||
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=weave
|
||||
CLOUD_IMAGE=rhel-7-sudo
|
||||
CLOUD_REGION=us-east1-d
|
||||
CLOUD_REGION=europe-west1-b
|
||||
|
||||
# Ubuntu 14.04
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=flannel
|
||||
CLOUD_IMAGE=ubuntu-1404-trusty
|
||||
CLOUD_REGION=europe-west1-c
|
||||
CLOUD_REGION=us-central1-c
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=calico
|
||||
CLOUD_IMAGE=ubuntu-1404-trusty
|
||||
CLOUD_REGION=europe-west1-c
|
||||
CLOUD_REGION=us-east1-d
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=weave
|
||||
CLOUD_IMAGE=ubuntu-1404-trusty
|
||||
CLOUD_REGION=europe-west1-c
|
||||
CLOUD_REGION=asia-east1-c
|
||||
|
||||
# Ubuntu 15.10
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=flannel
|
||||
CLOUD_IMAGE=ubuntu-1510-wily
|
||||
CLOUD_REGION=us-central1-a
|
||||
CLOUD_REGION=europe-west1-b
|
||||
- >-
|
||||
KUBE_NETWORK_PLUGIN=calico
|
||||
CLOUD_IMAGE=ubuntu-1510-wily
|
||||
|
@ -84,15 +84,13 @@ env:
|
|||
- >-
|
||||
KUBE_NETWORK_PLUGIN=weave
|
||||
CLOUD_IMAGE=ubuntu-1510-wily
|
||||
CLOUD_REGION=us-central1-a
|
||||
CLOUD_REGION=us-east1-d
|
||||
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
# - env: KUBE_NETWORK_PLUGIN=flannel CLOUD_IMAGE=centos-7-sudo CLOUD_REGION=us-central1-c
|
||||
# - env: KUBE_NETWORK_PLUGIN=flannel CLOUD_IMAGE=rhel-7-sudo CLOUD_REGION=us-east1-d
|
||||
- env: KUBE_NETWORK_PLUGIN=weave CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=europe-west1-c
|
||||
- env: KUBE_NETWORK_PLUGIN=calico CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=europe-west1-c
|
||||
- env: KUBE_NETWORK_PLUGIN=weave CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=asia-east1-c
|
||||
- env: KUBE_NETWORK_PLUGIN=calico CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=us-east1-d
|
||||
|
||||
before_install:
|
||||
# Install Ansible.
|
||||
|
@ -130,7 +128,7 @@ script:
|
|||
-e cloud_region=${CLOUD_REGION}
|
||||
|
||||
# Create cluster
|
||||
- "$HOME/.local/bin/ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root -e '{\"cloud_provider\": true}' $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN} cluster.yml"
|
||||
- "$HOME/.local/bin/ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN} cluster.yml"
|
||||
# Tests Cases
|
||||
## Test Master API
|
||||
- $HOME/.local/bin/ansible-playbook -i inventory/inventory.ini tests/testcases/010_check-apiserver.yml $LOG_LEVEL
|
||||
|
|
201
LICENSE
Normal file
201
LICENSE
Normal file
|
@ -0,0 +1,201 @@
|
|||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright 2016 Kubespray
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
325
README.md
325
README.md
|
@ -1,320 +1,15 @@
|
|||
[![Build Status](https://travis-ci.org/kubespray/setup-kubernetes.svg)](https://travis-ci.org/kubespray/setup-kubernetes)
|
||||
kubernetes-ansible
|
||||
========
|
||||
|
||||
This project allows to
|
||||
- Install and configure a **Multi-Master/HA kubernetes** cluster.
|
||||
- Choose the **network plugin** to be used within the cluster
|
||||
- A **set of roles** in order to install applications over the k8s cluster
|
||||
- A **flexible method** which helps to create new roles for apps.
|
||||
![Kubespray Logo](http://s9.postimg.org/md5dyjl67/kubespray_logoandkubespray_small.png)
|
||||
|
||||
Linux distributions tested:
|
||||
* **Debian** Wheezy, Jessie
|
||||
* **Ubuntu** 14.10, 15.04, 15.10
|
||||
* **Fedora** 23
|
||||
* **CentOS/RHEL** 7
|
||||
##Deploy a production ready kubernetes cluster
|
||||
|
||||
### Requirements
|
||||
* The target servers must have **access to the Internet** in order to pull docker imaqes.
|
||||
* The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
|
||||
in order to avoid any issue during deployment you should disable your firewall
|
||||
* **Copy your ssh keys** to all the servers part of your inventory.
|
||||
* **Ansible v2.x and python-netaddr**
|
||||
* Base knowledge on Ansible. Please refer to [Ansible documentation](http://www.ansible.com/how-ansible-works)
|
||||
- Can be deployed on **AWS, GCE, OpenStack or Baremetal**
|
||||
- **High available** cluster
|
||||
- **Composable** (Choice of the network plugin for instance)
|
||||
- Support most popular **Linux distributions**
|
||||
- **Continuous integration tests**
|
||||
|
||||
### Components
|
||||
* [kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.1.7
|
||||
* [etcd](https://github.com/coreos/etcd/releases) v2.2.4
|
||||
* [calicoctl](https://github.com/projectcalico/calico-docker/releases) v0.16.0
|
||||
* [flanneld](https://github.com/coreos/flannel/releases) v0.5.5
|
||||
* [weave](http://weave.works/) v1.4.4
|
||||
* [docker](https://www.docker.com/) v1.9
|
||||
For an easy way to use it, check out [**kargo-cli**](https://github.com/kubespray/kargo-cli) </br>
|
||||
A complete **documentation** can be found [THERE](https://docs.kubespray.io)
|
||||
|
||||
Quickstart
|
||||
-------------------------
|
||||
The following steps will quickly setup a kubernetes cluster with default configuration.
|
||||
These defaults are good for tests purposes.
|
||||
|
||||
Edit the inventory according to the number of servers
|
||||
```
|
||||
[kube-master]
|
||||
node1
|
||||
node2
|
||||
|
||||
[etcd]
|
||||
node1
|
||||
node2
|
||||
node3
|
||||
|
||||
[kube-node]
|
||||
node2
|
||||
node3
|
||||
node4
|
||||
node5
|
||||
node6
|
||||
|
||||
[k8s-cluster:children]
|
||||
kube-node
|
||||
kube-master
|
||||
```
|
||||
|
||||
Run the playbook
|
||||
```
|
||||
ansible-playbook -i inventory/inventory.cfg cluster.yml -u root
|
||||
```
|
||||
|
||||
You can jump directly to "*Available apps, installation procedure*"
|
||||
|
||||
|
||||
Ansible
|
||||
-------------------------
|
||||
### Variables
|
||||
The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
|
||||
|
||||
### Inventory
|
||||
Below is an example of an inventory.
|
||||
|
||||
```
|
||||
## Configure 'ip' variable to bind kubernetes services on a
|
||||
## different ip than the default iface
|
||||
node1 ansible_ssh_host=95.54.0.12 # ip=10.3.0.1
|
||||
node2 ansible_ssh_host=95.54.0.13 # ip=10.3.0.2
|
||||
node3 ansible_ssh_host=95.54.0.14 # ip=10.3.0.3
|
||||
node4 ansible_ssh_host=95.54.0.15 # ip=10.3.0.4
|
||||
node5 ansible_ssh_host=95.54.0.16 # ip=10.3.0.5
|
||||
node6 ansible_ssh_host=95.54.0.17 # ip=10.3.0.6
|
||||
|
||||
[kube-master]
|
||||
node1
|
||||
node2
|
||||
|
||||
[etcd]
|
||||
node1
|
||||
node2
|
||||
node3
|
||||
|
||||
[kube-node]
|
||||
node2
|
||||
node3
|
||||
node4
|
||||
node5
|
||||
node6
|
||||
|
||||
[k8s-cluster:children]
|
||||
kube-node
|
||||
kube-master
|
||||
```
|
||||
|
||||
### Playbook
|
||||
```
|
||||
---
|
||||
- hosts: k8s-cluster
|
||||
roles:
|
||||
- { role: adduser, tags: adduser }
|
||||
- { role: download, tags: download }
|
||||
- { role: kubernetes/preinstall, tags: preinstall }
|
||||
- { role: etcd, tags: etcd }
|
||||
- { role: docker, tags: docker }
|
||||
- { role: kubernetes/node, tags: node }
|
||||
- { role: network_plugin, tags: network }
|
||||
- { role: dnsmasq, tags: dnsmasq }
|
||||
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- { role: kubernetes/master, tags: master }
|
||||
```
|
||||
|
||||
### Run
|
||||
It is possible to define variables for different environments.
|
||||
For instance, in order to deploy the cluster on 'dev' environment run the following command.
|
||||
```
|
||||
ansible-playbook -i inventory/dev/inventory.cfg cluster.yml -u root
|
||||
```
|
||||
|
||||
Kubernetes
|
||||
-------------------------
|
||||
### Multi master notes
|
||||
* You can choose where to install the master components. If you want your master node to act both as master (api,scheduler,controller) and node (e.g. accept workloads, create pods ...),
|
||||
the server address has to be present on both groups 'kube-master' and 'kube-node'.
|
||||
|
||||
* For safety reasons, you should have at least two master nodes and 3 etcd servers
|
||||
|
||||
* Kube-proxy doesn't support multiple apiservers on startup ([Issue 18174](https://github.com/kubernetes/kubernetes/issues/18174)). An external loadbalancer needs to be configured.
|
||||
In order to do so, some variables have to be used '**loadbalancer_apiserver**' and '**apiserver_loadbalancer_domain_name**'
|
||||
|
||||
|
||||
### Network Plugin
|
||||
You can choose between 3 network plugins. Only one must be chosen.
|
||||
|
||||
* **flannel**: gre/vxlan (layer 2) networking. ([official docs](https://github.com/coreos/flannel))
|
||||
|
||||
* **calico**: bgp (layer 3) networking. ([official docs](http://docs.projectcalico.org/en/0.13/))
|
||||
|
||||
* **weave**: Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. ([official docs](http://weave.works/docs/))
|
||||
|
||||
The choice is defined with the variable **kube_network_plugin**
|
||||
|
||||
|
||||
### Check cluster status
|
||||
|
||||
#### Kubernetes components
|
||||
|
||||
* Check the status of the processes
|
||||
```
|
||||
systemctl status kubelet
|
||||
```
|
||||
|
||||
* Check the logs
|
||||
```
|
||||
journalctl -ae -u kubelet
|
||||
```
|
||||
|
||||
* Check the NAT rules
|
||||
```
|
||||
iptables -nLv -t nat
|
||||
```
|
||||
|
||||
For the master nodes you'll have to see the docker logs for the apiserver
|
||||
```
|
||||
docker logs [apiserver docker id]
|
||||
```
|
||||
|
||||
|
||||
### Available apps, installation procedure
|
||||
|
||||
There are two ways of installing new apps
|
||||
|
||||
#### Ansible galaxy
|
||||
|
||||
Additionnal apps can be installed with ```ansible-galaxy```.
|
||||
|
||||
you'll need to edit the file '*requirements.yml*' in order to chose needed apps.
|
||||
The list of available apps are available [there](https://github.com/ansibl8s)
|
||||
|
||||
For instance it is **strongly recommanded** to install a dns server which resolves kubernetes service names.
|
||||
In order to use this role you'll need the following entries in the file '*requirements.yml*'
|
||||
Please refer to the [k8s-kubedns readme](https://github.com/ansibl8s/k8s-kubedns) for additionnal info.
|
||||
```
|
||||
- src: https://github.com/ansibl8s/k8s-common.git
|
||||
path: roles/apps
|
||||
# version: v1.0
|
||||
|
||||
- src: https://github.com/ansibl8s/k8s-kubedns.git
|
||||
path: roles/apps
|
||||
# version: v1.0
|
||||
```
|
||||
**Note**: the role common is required by all the apps and provides the tasks and libraries needed.
|
||||
|
||||
And empty the apps directory
|
||||
```
|
||||
rm -rf roles/apps/*
|
||||
```
|
||||
|
||||
Then download the roles with ansible-galaxy
|
||||
```
|
||||
ansible-galaxy install -r requirements.yml
|
||||
```
|
||||
|
||||
Finally update the playbook ```apps.yml``` with the chosen roles, and run it
|
||||
```
|
||||
...
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- { role: apps/k8s-kubedns, tags: ['kubedns', 'apps'] }
|
||||
...
|
||||
```
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/inventory.cfg apps.yml -u root
|
||||
```
|
||||
|
||||
#### Git submodules
|
||||
Alternatively the roles can be installed as git submodules.
|
||||
That way is easier if you want to do some changes and commit them.
|
||||
|
||||
|
||||
### Networking
|
||||
|
||||
#### Calico
|
||||
Check if the calico-node container is running
|
||||
```
|
||||
docker ps | grep calico
|
||||
```
|
||||
|
||||
The **calicoctl** command allows to check the status of the network workloads.
|
||||
* Check the status of Calico nodes
|
||||
```
|
||||
calicoctl status
|
||||
```
|
||||
|
||||
* Show the configured network subnet for containers
|
||||
```
|
||||
calicoctl pool show
|
||||
```
|
||||
|
||||
* Show the workloads (ip addresses of containers and their located)
|
||||
```
|
||||
calicoctl endpoint show --detail
|
||||
```
|
||||
|
||||
##### Optionnal : BGP Peering with border routers
|
||||
|
||||
In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
|
||||
For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
|
||||
The following variables need to be set:
|
||||
**peer_with_router** enable the peering with border router of the datacenter (default value: false).
|
||||
you'll need to edit the inventory and add a and a hostvar **local_as** by node.
|
||||
```
|
||||
node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
|
||||
```
|
||||
|
||||
|
||||
#### Flannel
|
||||
|
||||
* Flannel configuration file should have been created there
|
||||
```
|
||||
cat /run/flannel/subnet.env
|
||||
FLANNEL_NETWORK=10.233.0.0/18
|
||||
FLANNEL_SUBNET=10.233.16.1/24
|
||||
FLANNEL_MTU=1450
|
||||
FLANNEL_IPMASQ=false
|
||||
```
|
||||
|
||||
* Check if the network interface has been created
|
||||
```
|
||||
ip a show dev flannel.1
|
||||
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
|
||||
link/ether e2:f3:a7:0f:bf:cb brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.233.16.0/18 scope global flannel.1
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::e0f3:a7ff:fe0f:bfcb/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
```
|
||||
|
||||
* Docker must be configured with a bridge ip in the flannel subnet.
|
||||
```
|
||||
ps aux | grep docker
|
||||
root 20196 1.7 2.7 1260616 56840 ? Ssl 10:18 0:07 /usr/bin/docker daemon --bip=10.233.16.1/24 --mtu=1450
|
||||
```
|
||||
|
||||
* Try to run a container and check its ip address
|
||||
```
|
||||
kubectl run test --image=busybox --command -- tail -f /dev/null
|
||||
replicationcontroller "test" created
|
||||
|
||||
kubectl describe po test-34ozs | grep ^IP
|
||||
IP: 10.233.16.2
|
||||
```
|
||||
|
||||
```
|
||||
kubectl exec test-34ozs -- ip a show dev eth0
|
||||
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
|
||||
link/ether 02:42:0a:e9:2b:03 brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.233.16.2/24 scope global eth0
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::42:aff:fee9:2b03/64 scope link tentative flags 08
|
||||
valid_lft forever preferred_lft forever
|
||||
```
|
||||
|
||||
|
||||
Congrats ! now you can walk through [kubernetes basics](http://kubernetes.io/v1.1/basicstutorials.html)
|
||||
[![Build Status](https://travis-ci.org/kubespray/kargo.svg)](https://travis-ci.org/kubespray/kargo)
|
||||
|
|
29
apps.yml
29
apps.yml
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
# System
|
||||
- { role: apps/k8s-kubedns, tags: ['kubedns', 'kube-system'] }
|
||||
|
||||
# Databases
|
||||
- { role: apps/k8s-postgres, tags: 'postgres' }
|
||||
- { role: apps/k8s-elasticsearch, tags: 'elasticsearch' }
|
||||
- { role: apps/k8s-memcached, tags: 'memcached' }
|
||||
- { role: apps/k8s-redis, tags: 'redis' }
|
||||
|
||||
# Msg Broker
|
||||
- { role: apps/k8s-rabbitmq, tags: 'rabbitmq' }
|
||||
|
||||
# Monitoring
|
||||
- { role: apps/k8s-influxdb, tags: ['influxdb', 'kube-system']}
|
||||
- { role: apps/k8s-heapster, tags: ['heapster', 'kube-system']}
|
||||
- { role: apps/k8s-kubedash, tags: ['kubedash', 'kube-system']}
|
||||
|
||||
# logging
|
||||
- { role: apps/k8s-kube-logstash, tags: 'kube-logstash'}
|
||||
|
||||
# Console
|
||||
- { role: apps/k8s-fabric8, tags: 'fabric8' }
|
||||
- { role: apps/k8s-kube-ui, tags: ['kube-ui', 'kube-system']}
|
||||
|
||||
# ETCD
|
||||
- { role: apps/k8s-etcd, tags: 'etcd'}
|
|
@ -5,11 +5,14 @@
|
|||
- { role: download, tags: download }
|
||||
- { role: kubernetes/preinstall, tags: preinstall }
|
||||
- { role: etcd, tags: etcd }
|
||||
- { role: docker, tags: docker }
|
||||
- { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
|
||||
- { role: kubernetes/node, tags: node }
|
||||
- { role: network_plugin, tags: network }
|
||||
- { role: dnsmasq, tags: dnsmasq }
|
||||
|
||||
- hosts: kube-master
|
||||
roles:
|
||||
- { role: kubernetes/master, tags: master }
|
||||
|
||||
- hosts: k8s-cluster
|
||||
roles:
|
||||
- { role: dnsmasq, tags: dnsmasq }
|
||||
|
|
5
coreos-bootstrap.yml
Normal file
5
coreos-bootstrap.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: k8s-cluster
|
||||
gather_facts: False
|
||||
roles:
|
||||
- coreos-bootstrap
|
|
@ -5,6 +5,10 @@ bin_dir: /usr/local/bin
|
|||
# Note: ensure that you've enough disk space (about 1G)
|
||||
local_release_dir: "/tmp/releases"
|
||||
|
||||
# Uncomment this line for CoreOS only.
|
||||
# Directory where python binary is installed
|
||||
# ansible_python_interpreter: "/opt/bin/python"
|
||||
|
||||
# This is the group that the cert creation scripts chgrp the
|
||||
# cert files to. Not really changable...
|
||||
kube_cert_group: kube-cert
|
||||
|
@ -47,7 +51,7 @@ cluster_name: cluster.local
|
|||
# access_ip: 1.1.1.1
|
||||
|
||||
# Choose network plugin (calico, weave or flannel)
|
||||
kube_network_plugin: calico
|
||||
kube_network_plugin: flannel
|
||||
|
||||
# Kubernetes internal network for services, unused block of space.
|
||||
kube_service_addresses: 10.233.0.0/18
|
||||
|
@ -93,9 +97,17 @@ upstream_dns_servers:
|
|||
dns_setup: true
|
||||
dns_domain: "{{ cluster_name }}"
|
||||
#
|
||||
# # Ip address of the kubernetes dns service
|
||||
# # Ip address of the kubernetes skydns service
|
||||
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
|
||||
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
|
||||
|
||||
# There are some changes specific to the cloud providers
|
||||
# for instance we need to encapsulate packets with some network plugins
|
||||
# If set the possible values are either 'gce', 'aws' or 'openstack'
|
||||
# When openstack is used make sure to source in the openstack credentials
|
||||
# like you would do when using nova-client before starting the playbook.
|
||||
# cloud_provider:
|
||||
|
||||
# For multi masters architecture:
|
||||
# kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
|
||||
# This domain name will be inserted into the /etc/hosts file of all servers
|
||||
|
|
|
@ -1,39 +1,48 @@
|
|||
---
|
||||
- src: https://github.com/ansibl8s/k8s-common.git
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-dashboard.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://github.com/ansibl8s/k8s-kubedns.git
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-common.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
#- src: https://github.com/ansibl8s/k8s-kube-ui.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-fabric8.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-elasticsearch.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-redis.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-memcached.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-postgres.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-pgbouncer.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-heapster.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-influxdb.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-kubedash.git
|
||||
# path: roles/apps
|
||||
#
|
||||
#- src: https://github.com/ansibl8s/k8s-kube-logstash.git
|
||||
# path: roles/apps
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kubedns.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-elasticsearch.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-redis.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-memcached.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-postgres.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-pgbouncer.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-heapster.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-influxdb.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kubedash.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
||||
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kube-logstash.git
|
||||
path: roles/apps
|
||||
scm: git
|
||||
|
|
|
@ -1,6 +1,21 @@
|
|||
---
|
||||
- name: gather os specific variables
|
||||
include_vars: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||
- "{{ ansible_distribution|lower }}.yml"
|
||||
- "{{ ansible_os_family|lower }}.yml"
|
||||
- defaults.yml
|
||||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
|
||||
- name: User | Create User Group
|
||||
group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}}
|
||||
with_items: addusers
|
||||
with_items: "{{ addusers }}"
|
||||
|
||||
- name: User | Create User
|
||||
user:
|
||||
|
@ -10,4 +25,4 @@
|
|||
home: "{{item.home|default(omit)}}"
|
||||
name: "{{item.name}}"
|
||||
system: "{{item.system|default(omit)}}"
|
||||
with_items: addusers
|
||||
with_items: "{{ addusers }}"
|
||||
|
|
8
roles/adduser/vars/coreos.yml
Normal file
8
roles/adduser/vars/coreos.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
addusers:
|
||||
- name: kube
|
||||
comment: "Kubernetes user"
|
||||
shell: /sbin/nologin
|
||||
system: yes
|
||||
group: "{{ kube_cert_group }}"
|
||||
createhome: no
|
15
roles/adduser/vars/redhat.yml
Normal file
15
roles/adduser/vars/redhat.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
addusers:
|
||||
- name: etcd
|
||||
comment: "Etcd user"
|
||||
createhome: yes
|
||||
home: "/var/lib/etcd"
|
||||
system: yes
|
||||
shell: /bin/nologin
|
||||
|
||||
- name: kube
|
||||
comment: "Kubernetes user"
|
||||
shell: /sbin/nologin
|
||||
system: yes
|
||||
group: "{{ kube_cert_group }}"
|
||||
createhome: no
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 8abd4ec3bcdc5f36d96c312f3a424724520a12b8
|
|
@ -1 +0,0 @@
|
|||
Subproject commit f089f60fb1102378b6def3972b50644deff96484
|
|
@ -1 +0,0 @@
|
|||
Subproject commit abd61ee91ae729e7b79ecd56d6bb4eed0ddbe604
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 702923e2000d07bb95044c747c499bb04c3d16bf
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 5442209acd072d170f9d24e2bbd00b95af737d7d
|
|
@ -1 +0,0 @@
|
|||
Subproject commit b892974d5b8bc624ac742e8a6fb7737db8a96a32
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 71c7bf98210e8907554a26e25cc9c2a3ece8cffd
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 0b5be08de2b3f373146a36aef88be3d4e5565dc2
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 21544cc2a908b1578409c5eaca7ee2771b3b9811
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 82b75f84129189fcfb08adfeb6ed6114c68dde3e
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 60a66ca0ae4dc9a7e29b9b9619134adada53e1a4
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 79961d1df223dd1563e41a1df109c4cffa8801ed
|
|
@ -1 +0,0 @@
|
|||
Subproject commit a03a14c46f19732fa7a3ee37a37d9f0375a6e2d2
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 2b538e243a3230c97591a28ac438619ebd555e4c
|
|
@ -1 +0,0 @@
|
|||
Subproject commit a4e134fef3c5ed5db83201f38347638e4bc0200c
|
4
roles/coreos-bootstrap/defaults/main.yml
Normal file
4
roles/coreos-bootstrap/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
pypy_version: 2.4.0
|
||||
pip_python_modules:
|
||||
- httplib2
|
|
@ -1,7 +1,7 @@
|
|||
#/bin/bash
|
||||
set -e
|
||||
|
||||
BINDIR="/usr/local/bin"
|
||||
BINDIR="/opt/bin"
|
||||
|
||||
cd $BINDIR
|
||||
|
19017
roles/coreos-bootstrap/files/get-pip.py
Normal file
19017
roles/coreos-bootstrap/files/get-pip.py
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,3 +1,3 @@
|
|||
#!/bin/bash
|
||||
BINDIR="/usr/local/bin"
|
||||
BINDIR="/opt/bin"
|
||||
LD_LIBRARY_PATH=$BINDIR/pypy/lib:$LD_LIBRARY_PATH $BINDIR/pypy/bin/$(basename $0) $@
|
|
@ -1,41 +1,40 @@
|
|||
---
|
||||
- name: Python | Check if bootstrap is needed
|
||||
raw: stat {{ bin_dir}}/.bootstrapped
|
||||
- name: Bootstrap | Check if bootstrap is needed
|
||||
raw: stat /opt/bin/.bootstrapped
|
||||
register: need_bootstrap
|
||||
ignore_errors: True
|
||||
|
||||
- name: Python | Run bootstrap.sh
|
||||
- name: Bootstrap | Run bootstrap.sh
|
||||
script: bootstrap.sh
|
||||
when: need_bootstrap | failed
|
||||
|
||||
- set_fact:
|
||||
ansible_python_interpreter: "{{ bin_dir }}/python"
|
||||
ansible_python_interpreter: "/opt/bin/python"
|
||||
|
||||
- name: Python | Check if we need to install pip
|
||||
- name: Bootstrap | Check if we need to install pip
|
||||
shell: "{{ansible_python_interpreter}} -m pip --version"
|
||||
register: need_pip
|
||||
ignore_errors: True
|
||||
changed_when: false
|
||||
when: need_bootstrap | failed
|
||||
|
||||
- name: Python | Copy get-pip.py
|
||||
- name: Bootstrap | Copy get-pip.py
|
||||
copy: src=get-pip.py dest=~/get-pip.py
|
||||
when: need_pip | failed
|
||||
|
||||
- name: Python | Install pip
|
||||
- name: Bootstrap | Install pip
|
||||
shell: "{{ansible_python_interpreter}} ~/get-pip.py"
|
||||
when: need_pip | failed
|
||||
|
||||
- name: Python | Remove get-pip.py
|
||||
- name: Bootstrap | Remove get-pip.py
|
||||
file: path=~/get-pip.py state=absent
|
||||
when: need_pip | failed
|
||||
|
||||
- name: Python | Install pip launcher
|
||||
copy: src=runner dest={{ bin_dir }}/pip mode=0755
|
||||
- name: Bootstrap | Install pip launcher
|
||||
copy: src=runner dest=/opt/bin/pip mode=0755
|
||||
when: need_pip | failed
|
||||
|
||||
- name: Install required python modules
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
with_items: pip_python_modules
|
||||
|
2
roles/coreos-bootstrap/templates/python_shim.j2
Normal file
2
roles/coreos-bootstrap/templates/python_shim.j2
Normal file
|
@ -0,0 +1,2 @@
|
|||
#!/bin/bash
|
||||
LD_LIBRARY_PATH={{ pypy_install_path }}/lib:$LD_LIBRARY_PATH exec {{ pypy_install_path }}/bin/{{ item.src }} "$@"
|
318
roles/dnsmasq/library/kube.py
Normal file
318
roles/dnsmasq/library/kube.py
Normal file
|
@ -0,0 +1,318 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
DOCUMENTATION = """
|
||||
---
|
||||
module: kube
|
||||
short_description: Manage Kubernetes Cluster
|
||||
description:
|
||||
- Create, replace, remove, and stop resources within a Kubernetes Cluster
|
||||
version_added: "2.0"
|
||||
options:
|
||||
name:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The name associated with resource
|
||||
filename:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The path and filename of the resource(s) definition file.
|
||||
kubectl:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The path to the kubectl bin
|
||||
namespace:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The namespace associated with the resource(s)
|
||||
resource:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The resource to perform an action on. pods (po), replicationControllers (rc), services (svc)
|
||||
label:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The labels used to filter specific resources.
|
||||
server:
|
||||
required: false
|
||||
default: null
|
||||
description:
|
||||
- The url for the API server that commands are executed against.
|
||||
api_version:
|
||||
required: false
|
||||
choices: ['v1', 'v1beta3']
|
||||
default: v1
|
||||
description:
|
||||
- The API version associated with cluster.
|
||||
force:
|
||||
required: false
|
||||
default: false
|
||||
description:
|
||||
- A flag to indicate to force delete, replace, or stop.
|
||||
all:
|
||||
required: false
|
||||
default: false
|
||||
description:
|
||||
- A flag to indicate delete all, stop all, or all namespaces when checking exists.
|
||||
log_level:
|
||||
required: false
|
||||
default: 0
|
||||
description:
|
||||
- Indicates the level of verbosity of logging by kubectl.
|
||||
state:
|
||||
required: false
|
||||
choices: ['present', 'absent', 'latest', 'reloaded', 'stopped']
|
||||
default: present
|
||||
description:
|
||||
- present handles checking existence or creating if definition file provided,
|
||||
absent handles deleting resource(s) based on other options,
|
||||
latest handles creating ore updating based on existence,
|
||||
reloaded handles updating resource(s) definition using definition file,
|
||||
stopped handles stopping resource(s) based on other options.
|
||||
requirements:
|
||||
- kubectl
|
||||
author: "Kenny Jones (@kenjones-cisco)"
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: test nginx is present
|
||||
kube: name=nginx resource=rc state=present
|
||||
|
||||
- name: test nginx is stopped
|
||||
kube: name=nginx resource=rc state=stopped
|
||||
|
||||
- name: test nginx is absent
|
||||
kube: name=nginx resource=rc state=absent
|
||||
|
||||
- name: test nginx is present
|
||||
kube: filename=/tmp/nginx.yml
|
||||
"""
|
||||
|
||||
|
||||
class KubeManager(object):
|
||||
|
||||
def __init__(self, module):
|
||||
|
||||
self.module = module
|
||||
|
||||
self.kubectl = module.params.get('kubectl')
|
||||
if self.kubectl is None:
|
||||
self.kubectl = module.get_bin_path('kubectl', True)
|
||||
self.base_cmd = [self.kubectl]
|
||||
self.api_version = module.params.get('api_version')
|
||||
|
||||
if self.api_version:
|
||||
self.base_cmd.append('--api-version=' + self.api_version)
|
||||
|
||||
if module.params.get('server'):
|
||||
self.base_cmd.append('--server=' + module.params.get('server'))
|
||||
|
||||
if module.params.get('log_level'):
|
||||
self.base_cmd.append('--v=' + str(module.params.get('log_level')))
|
||||
|
||||
if module.params.get('namespace'):
|
||||
self.base_cmd.append('--namespace=' + module.params.get('namespace'))
|
||||
|
||||
self.all = module.params.get('all')
|
||||
self.force = module.params.get('force')
|
||||
self.name = module.params.get('name')
|
||||
self.filename = module.params.get('filename')
|
||||
self.resource = module.params.get('resource')
|
||||
self.label = module.params.get('label')
|
||||
|
||||
def _execute(self, cmd):
|
||||
args = self.base_cmd + cmd
|
||||
try:
|
||||
rc, out, err = self.module.run_command(args)
|
||||
if rc != 0:
|
||||
self.module.fail_json(
|
||||
msg='error running kubectl (%s) command (rc=%d): %s' % (' '.join(args), rc, out or err))
|
||||
except Exception as exc:
|
||||
self.module.fail_json(
|
||||
msg='error running kubectl (%s) command: %s' % (' '.join(args), str(exc)))
|
||||
return out.splitlines()
|
||||
|
||||
def _execute_nofail(self, cmd):
|
||||
args = self.base_cmd + cmd
|
||||
rc, out, err = self.module.run_command(args)
|
||||
if rc != 0:
|
||||
return None
|
||||
return out.splitlines()
|
||||
|
||||
def create(self, check=True):
|
||||
if check and self.exists():
|
||||
return []
|
||||
|
||||
cmd = ['create']
|
||||
|
||||
if not self.filename:
|
||||
self.module.fail_json(msg='filename required to create')
|
||||
|
||||
cmd.append('--filename=' + self.filename)
|
||||
|
||||
return self._execute(cmd)
|
||||
|
||||
def replace(self):
|
||||
|
||||
if not self.force and not self.exists():
|
||||
return []
|
||||
|
||||
cmd = ['replace']
|
||||
if self.api_version != 'v1':
|
||||
cmd = ['update']
|
||||
|
||||
if self.force:
|
||||
cmd.append('--force')
|
||||
|
||||
if not self.filename:
|
||||
self.module.fail_json(msg='filename required to reload')
|
||||
|
||||
cmd.append('--filename=' + self.filename)
|
||||
|
||||
return self._execute(cmd)
|
||||
|
||||
def delete(self):
|
||||
|
||||
if not self.force and not self.exists():
|
||||
return []
|
||||
|
||||
cmd = ['delete']
|
||||
|
||||
if self.filename:
|
||||
cmd.append('--filename=' + self.filename)
|
||||
else:
|
||||
if not self.resource:
|
||||
self.module.fail_json(msg='resource required to delete without filename')
|
||||
|
||||
cmd.append(self.resource)
|
||||
|
||||
if self.name:
|
||||
cmd.append(self.name)
|
||||
|
||||
if self.label:
|
||||
cmd.append('--selector=' + self.label)
|
||||
|
||||
if self.all:
|
||||
cmd.append('--all')
|
||||
|
||||
if self.force:
|
||||
cmd.append('--ignore-not-found')
|
||||
|
||||
return self._execute(cmd)
|
||||
|
||||
def exists(self):
|
||||
cmd = ['get']
|
||||
|
||||
if not self.resource:
|
||||
return False
|
||||
|
||||
cmd.append(self.resource)
|
||||
|
||||
if self.name:
|
||||
cmd.append(self.name)
|
||||
|
||||
cmd.append('--no-headers')
|
||||
|
||||
if self.label:
|
||||
cmd.append('--selector=' + self.label)
|
||||
|
||||
if self.all:
|
||||
cmd.append('--all-namespaces')
|
||||
|
||||
result = self._execute_nofail(cmd)
|
||||
if not result:
|
||||
return False
|
||||
return True
|
||||
|
||||
def stop(self):
|
||||
|
||||
if not self.force and not self.exists():
|
||||
return []
|
||||
|
||||
cmd = ['stop']
|
||||
|
||||
if self.filename:
|
||||
cmd.append('--filename=' + self.filename)
|
||||
else:
|
||||
if not self.resource:
|
||||
self.module.fail_json(msg='resource required to stop without filename')
|
||||
|
||||
cmd.append(self.resource)
|
||||
|
||||
if self.name:
|
||||
cmd.append(self.name)
|
||||
|
||||
if self.label:
|
||||
cmd.append('--selector=' + self.label)
|
||||
|
||||
if self.all:
|
||||
cmd.append('--all')
|
||||
|
||||
if self.force:
|
||||
cmd.append('--ignore-not-found')
|
||||
|
||||
return self._execute(cmd)
|
||||
|
||||
|
||||
def main():
|
||||
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
name=dict(),
|
||||
filename=dict(),
|
||||
namespace=dict(),
|
||||
resource=dict(),
|
||||
label=dict(),
|
||||
server=dict(),
|
||||
kubectl=dict(),
|
||||
api_version=dict(default='v1', choices=['v1', 'v1beta3']),
|
||||
force=dict(default=False, type='bool'),
|
||||
all=dict(default=False, type='bool'),
|
||||
log_level=dict(default=0, type='int'),
|
||||
state=dict(default='present', choices=['present', 'absent', 'latest', 'reloaded', 'stopped']),
|
||||
)
|
||||
)
|
||||
|
||||
changed = False
|
||||
|
||||
manager = KubeManager(module)
|
||||
state = module.params.get('state')
|
||||
|
||||
if state == 'present':
|
||||
result = manager.create()
|
||||
|
||||
elif state == 'absent':
|
||||
result = manager.delete()
|
||||
|
||||
elif state == 'reloaded':
|
||||
result = manager.replace()
|
||||
|
||||
elif state == 'stopped':
|
||||
result = manager.stop()
|
||||
|
||||
elif state == 'latest':
|
||||
if manager.exists():
|
||||
manager.force = True
|
||||
result = manager.replace()
|
||||
else:
|
||||
result = manager.create(check=False)
|
||||
|
||||
else:
|
||||
module.fail_json(msg='Unrecognized state %s.' % state)
|
||||
|
||||
if result:
|
||||
changed = True
|
||||
module.exit_json(changed=changed,
|
||||
msg='success: %s' % (' '.join(result))
|
||||
)
|
||||
|
||||
|
||||
from ansible.module_utils.basic import * # noqa
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -31,13 +31,32 @@
|
|||
dest: /etc/dnsmasq.d/01-kube-dns.conf
|
||||
state: link
|
||||
|
||||
- name: Create dnsmasq pod manifest
|
||||
template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
|
||||
- name: Create dnsmasq manifests
|
||||
template: src={{item.file}} dest=/etc/kubernetes/{{item.file}}
|
||||
with_items:
|
||||
- {file: dnsmasq-ds.yml, type: ds}
|
||||
- {file: dnsmasq-svc.yml, type: svc}
|
||||
register: manifests
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: Start Resources
|
||||
kube:
|
||||
name: dnsmasq
|
||||
namespace: kube-system
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{item.item.type}}"
|
||||
filename: /etc/kubernetes/{{item.item.file}}
|
||||
state: "{{item.changed | ternary('latest','present') }}"
|
||||
with_items: "{{ manifests.results }}"
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: Check for dnsmasq port (pulling image and running container)
|
||||
wait_for:
|
||||
host: "{{dns_server}}"
|
||||
port: 53
|
||||
delay: 5
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
|
||||
- name: check resolvconf
|
||||
stat: path=/etc/resolvconf/resolv.conf.d/head
|
||||
|
@ -59,7 +78,7 @@
|
|||
|
||||
- name: Add local dnsmasq to resolv.conf
|
||||
lineinfile:
|
||||
line: "nameserver 127.0.0.1"
|
||||
line: "nameserver {{dns_server}}"
|
||||
dest: "{{resolvconffile}}"
|
||||
state: present
|
||||
insertafter: "^search.*$"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#Listen on localhost
|
||||
bind-interfaces
|
||||
listen-address=127.0.0.1
|
||||
listen-address=0.0.0.0
|
||||
|
||||
addn-hosts=/etc/hosts
|
||||
|
||||
|
@ -17,4 +17,4 @@ server={{ srv }}
|
|||
{% endif %}
|
||||
|
||||
# Forward k8s domain to kube-dns
|
||||
server=/{{ dns_domain }}/{{ dns_server }}
|
||||
server=/{{ dns_domain }}/{{ skydns_server }}
|
||||
|
|
52
roles/dnsmasq/templates/dnsmasq-ds.yml
Normal file
52
roles/dnsmasq/templates/dnsmasq-ds.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: dnsmasq
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: dnsmasq
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: dnsmasq
|
||||
spec:
|
||||
containers:
|
||||
- name: dnsmasq
|
||||
image: andyshinn/dnsmasq:2.72
|
||||
command:
|
||||
- dnsmasq
|
||||
args:
|
||||
- -k
|
||||
- "-7"
|
||||
- /etc/dnsmasq.d
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 256M
|
||||
ports:
|
||||
- name: dns
|
||||
containerPort: 53
|
||||
protocol: UDP
|
||||
- name: dns-tcp
|
||||
containerPort: 53
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: etcdnsmasqd
|
||||
mountPath: /etc/dnsmasq.d
|
||||
- name: etcdnsmasqdavailable
|
||||
mountPath: /etc/dnsmasq.d-available
|
||||
|
||||
volumes:
|
||||
- name: etcdnsmasqd
|
||||
hostPath:
|
||||
path: /etc/dnsmasq.d
|
||||
- name: etcdnsmasqdavailable
|
||||
hostPath:
|
||||
path: /etc/dnsmasq.d-available
|
|
@ -1,49 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: dnsmasq
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: dnsmasq
|
||||
image: andyshinn/dnsmasq:2.72
|
||||
command:
|
||||
- dnsmasq
|
||||
args:
|
||||
- -k
|
||||
- "-7"
|
||||
- /etc/dnsmasq.d
|
||||
- --local-service
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 256M
|
||||
ports:
|
||||
- name: dns
|
||||
containerPort: 53
|
||||
hostPort: 53
|
||||
protocol: UDP
|
||||
- name: dns-tcp
|
||||
containerPort: 53
|
||||
hostPort: 53
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: etcdnsmasqd
|
||||
mountPath: /etc/dnsmasq.d
|
||||
- name: etcdnsmasqdavailable
|
||||
mountPath: /etc/dnsmasq.d-available
|
||||
|
||||
volumes:
|
||||
- name: etcdnsmasqd
|
||||
hostPath:
|
||||
path: /etc/dnsmasq.d
|
||||
- name: etcdnsmasqdavailable
|
||||
hostPath:
|
||||
path: /etc/dnsmasq.d-available
|
23
roles/dnsmasq/templates/dnsmasq-svc.yml
Normal file
23
roles/dnsmasq/templates/dnsmasq-svc.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
kubernetes.io/cluster-service: 'true'
|
||||
k8s-app: dnsmasq
|
||||
name: dnsmasq
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 53
|
||||
name: dns-tcp
|
||||
targetPort: 53
|
||||
protocol: TCP
|
||||
- port: 53
|
||||
name: dns
|
||||
targetPort: 53
|
||||
protocol: UDP
|
||||
type: ClusterIP
|
||||
clusterIP: {{dns_server}}
|
||||
selector:
|
||||
k8s-app: dnsmasq
|
|
@ -1 +1,10 @@
|
|||
docker_version: 1.9
|
||||
docker_version: 1.10
|
||||
|
||||
docker_package_info:
|
||||
pkgs:
|
||||
|
||||
docker_repo_key_info:
|
||||
repo_keys:
|
||||
|
||||
docker_repo_info:
|
||||
repos:
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
- defaults.yml
|
||||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
|
||||
- name: check for minimum kernel version
|
||||
fail:
|
||||
|
@ -27,14 +28,14 @@
|
|||
id: "{{item}}"
|
||||
keyserver: "{{docker_repo_key_info.keyserver}}"
|
||||
state: present
|
||||
with_items: docker_repo_key_info.repo_keys
|
||||
with_items: "{{ docker_repo_key_info.repo_keys }}"
|
||||
|
||||
- name: ensure docker repository is enabled
|
||||
action: "{{ docker_repo_info.pkg_repo }}"
|
||||
args:
|
||||
repo: "{{item}}"
|
||||
state: present
|
||||
with_items: docker_repo_info.repos
|
||||
with_items: "{{ docker_repo_info.repos }}"
|
||||
when: docker_repo_info.repos|length > 0
|
||||
|
||||
- name: ensure docker packages are installed
|
||||
|
@ -42,7 +43,7 @@
|
|||
args:
|
||||
pkg: "{{item}}"
|
||||
state: present
|
||||
with_items: docker_package_info.pkgs
|
||||
with_items: "{{ docker_package_info.pkgs }}"
|
||||
when: docker_package_info.pkgs|length > 0
|
||||
|
||||
- name: Centos needs xfs storage type for devicemapper if used
|
||||
|
|
|
@ -4,7 +4,7 @@ docker_kernel_min_version: '3.2'
|
|||
docker_versioned_pkg:
|
||||
latest: docker-engine
|
||||
1.9: docker-engine=1.9.1-0~{{ ansible_distribution_release|lower }}
|
||||
1.10: docker-engine=1.10.1-0~{{ ansible_distribution_release|lower }}
|
||||
1.10: docker-engine=1.10.3-0~{{ ansible_distribution_release|lower }}
|
||||
|
||||
docker_package_info:
|
||||
pkg_mgr: apt
|
||||
|
|
|
@ -5,7 +5,7 @@ docker_kernel_min_version: '3.2'
|
|||
docker_versioned_pkg:
|
||||
latest: docker-engine
|
||||
1.9: docker-engine=1.9.0-0~{{ ansible_distribution_release|lower }}
|
||||
1.10: docker-engine=1.10.1-0~{{ ansible_distribution_release|lower }}
|
||||
1.10: docker-engine=1.10.3-0~{{ ansible_distribution_release|lower }}
|
||||
|
||||
docker_package_info:
|
||||
pkg_mgr: apt
|
||||
|
|
|
@ -2,84 +2,103 @@
|
|||
local_release_dir: /tmp
|
||||
|
||||
# Versions
|
||||
kube_version: v1.1.7
|
||||
kube_version: v1.2.1
|
||||
etcd_version: v2.2.5
|
||||
calico_version: v0.16.1
|
||||
calico_version: v0.17.0
|
||||
calico_cni_version: v1.0.0
|
||||
weave_version: v1.4.4
|
||||
|
||||
# Download URL's
|
||||
kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
|
||||
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
|
||||
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
|
||||
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
|
||||
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
|
||||
kubelet_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-kubelet"
|
||||
apiserver_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-apiserver"
|
||||
kubectl_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-kubectl"
|
||||
|
||||
etcd_download_url: "https://storage.googleapis.com/kubespray/{{etcd_version}}_etcd"
|
||||
calico_download_url: "https://storage.googleapis.com/kubespray/{{calico_version}}_calico"
|
||||
calico_cni_download_url: "https://storage.googleapis.com/kubespray/{{calico_cni_version}}_calico-cni-plugin"
|
||||
calico_cni_ipam_download_url: "https://storage.googleapis.com/kubespray/{{calico_cni_version}}_calico-cni-plugin-ipam"
|
||||
weave_download_url: "https://storage.googleapis.com/kubespray/{{weave_version}}_weave"
|
||||
|
||||
# Checksums
|
||||
calico_checksum: "47f89a33325db822b590d3b2c49c3030e777a50de29e1b5289d48705ab788cc4"
|
||||
calico_checksum: "1fa22c0ee0cc661f56aa09169a3661fb46e552b53fae5fae9aac010e0666b281"
|
||||
calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd"
|
||||
calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2"
|
||||
weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957"
|
||||
etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
|
||||
kubectl_checksum: "7239fda83f0218384ccf3374a47c0d1e243975e50fdf5d544635a397c7ad10dc"
|
||||
kubelet_checksum: "05faa3cf5f5448efafa553a3ef778c645c59d585d4013b52fe7ca8bd4cfc704e"
|
||||
kube_apiserver_checksum: "bb73a3526e51a8f4124b42f6104103deba83f87bd985000c00d382b3a0af059a"
|
||||
kubectl_checksum: "a41b9543ddef1f64078716075311c44c6e1d02c67301c0937a658cef37923bbb"
|
||||
kubelet_checksum: "7e253e07da77b031d5687102c485697f95f9e1e6410c1da1f4d3f064cdc70f07"
|
||||
kube_apiserver_checksum: "8e00cd59330857b119e40cd6156c0f476a8e62bbc9e9addd524b39e0c390a6cd"
|
||||
|
||||
downloads:
|
||||
- name: calico
|
||||
dest: calico/bin/calicoctl
|
||||
version: "{{calico_version}}"
|
||||
sha256: "{{ calico_checksum }}"
|
||||
source_url: "{{ calico_download_url }}"
|
||||
url: "{{ calico_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: calico-cni-plugin
|
||||
dest: calico/bin/calico
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_checksum }}"
|
||||
source_url: "{{ calico_cni_download_url }}"
|
||||
url: "{{ calico_cni_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: calico-cni-plugin-ipam
|
||||
dest: calico/bin/calico-ipam
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_ipam_checksum }}"
|
||||
source_url: "{{ calico_cni_ipam_download_url }}"
|
||||
url: "{{ calico_cni_ipam_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: weave
|
||||
dest: weave/bin/weave
|
||||
version: "{{weave_version}}"
|
||||
source_url: "{{weave_download_url}}"
|
||||
url: "{{weave_download_url}}"
|
||||
sha256: "{{ weave_checksum }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: etcd
|
||||
version: "{{etcd_version}}"
|
||||
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
sha256: "{{ etcd_checksum }}"
|
||||
source_url: "{{ etcd_download_url }}"
|
||||
url: "{{ etcd_download_url }}"
|
||||
unarchive: true
|
||||
owner: "etcd"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-kubelet
|
||||
version: "{{kube_version}}"
|
||||
dest: kubernetes/bin/kubelet
|
||||
sha256: "{{kubelet_checksum}}"
|
||||
url: "{{ kube_download_url }}/kubelet"
|
||||
source_url: "{{ kubelet_download_url }}"
|
||||
url: "{{ kubelet_download_url }}"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-kubectl
|
||||
dest: kubernetes/bin/kubectl
|
||||
version: "{{kube_version}}"
|
||||
sha256: "{{kubectl_checksum}}"
|
||||
url: "{{ kube_download_url }}/kubectl"
|
||||
source_url: "{{ kubectl_download_url }}"
|
||||
url: "{{ kubectl_download_url }}"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-apiserver
|
||||
dest: kubernetes/bin/kube-apiserver
|
||||
version: "{{kube_version}}"
|
||||
sha256: "{{kube_apiserver_checksum}}"
|
||||
url: "{{ kube_download_url }}/kube-apiserver"
|
||||
source_url: "{{ apiserver_download_url }}"
|
||||
url: "{{ apiserver_download_url }}"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Create dest directories
|
||||
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
|
||||
with_items: downloads
|
||||
with_items: "{{ downloads }}"
|
||||
|
||||
- name: Download items
|
||||
get_url:
|
||||
|
@ -10,7 +10,7 @@
|
|||
sha256sum: "{{item.sha256 | default(omit)}}"
|
||||
owner: "{{ item.owner|default(omit) }}"
|
||||
mode: "{{ item.mode|default(omit) }}"
|
||||
with_items: downloads
|
||||
with_items: "{{ downloads }}"
|
||||
|
||||
- name: Extract archives
|
||||
unarchive:
|
||||
|
@ -20,7 +20,7 @@
|
|||
mode: "{{ item.mode|default(omit) }}"
|
||||
copy: no
|
||||
when: "{{item.unarchive is defined and item.unarchive == True}}"
|
||||
with_items: downloads
|
||||
with_items: "{{ downloads }}"
|
||||
|
||||
- name: Fix permissions
|
||||
file:
|
||||
|
@ -29,4 +29,4 @@
|
|||
owner: "{{ item.owner|default(omit) }}"
|
||||
mode: "{{ item.mode|default(omit) }}"
|
||||
when: "{{item.unarchive is not defined or item.unarchive == False}}"
|
||||
with_items: downloads
|
||||
with_items: "{{ downloads }}"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
- name: Configure | Copy etcd.service systemd file
|
||||
template:
|
||||
src: etcd.service.j2
|
||||
dest: /lib/systemd/system/etcd.service
|
||||
dest: /etc/systemd/system/etcd.service
|
||||
backup: yes
|
||||
when: ansible_service_mgr == "systemd"
|
||||
notify: restart etcd
|
||||
|
|
|
@ -272,19 +272,27 @@ _kubectl_get()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--label-columns=")
|
||||
two_word_flags+=("-L")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--selector=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--watch")
|
||||
flags+=("-w")
|
||||
flags+=("--watch-only")
|
||||
|
@ -316,6 +324,7 @@ _kubectl_get()
|
|||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
must_have_one_noun+=("componentstatus")
|
||||
must_have_one_noun+=("configmap")
|
||||
must_have_one_noun+=("daemonset")
|
||||
must_have_one_noun+=("deployment")
|
||||
must_have_one_noun+=("endpoints")
|
||||
|
@ -329,13 +338,16 @@ _kubectl_get()
|
|||
must_have_one_noun+=("persistentvolume")
|
||||
must_have_one_noun+=("persistentvolumeclaim")
|
||||
must_have_one_noun+=("pod")
|
||||
must_have_one_noun+=("podsecuritypolicy")
|
||||
must_have_one_noun+=("podtemplate")
|
||||
must_have_one_noun+=("replicaset")
|
||||
must_have_one_noun+=("replicationcontroller")
|
||||
must_have_one_noun+=("resourcequota")
|
||||
must_have_one_noun+=("secret")
|
||||
must_have_one_noun+=("service")
|
||||
must_have_one_noun+=("serviceaccount")
|
||||
must_have_one_noun+=("thirdpartyresource")
|
||||
must_have_one_noun+=("thirdpartyresourcedata")
|
||||
}
|
||||
|
||||
_kubectl_describe()
|
||||
|
@ -354,6 +366,9 @@ _kubectl_describe()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--selector=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--alsologtostderr")
|
||||
|
@ -383,18 +398,22 @@ _kubectl_describe()
|
|||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
must_have_one_noun+=("configmap")
|
||||
must_have_one_noun+=("daemonset")
|
||||
must_have_one_noun+=("deployment")
|
||||
must_have_one_noun+=("endpoints")
|
||||
must_have_one_noun+=("horizontalpodautoscaler")
|
||||
must_have_one_noun+=("horizontalpodautoscaler")
|
||||
must_have_one_noun+=("ingress")
|
||||
must_have_one_noun+=("job")
|
||||
must_have_one_noun+=("job")
|
||||
must_have_one_noun+=("limitrange")
|
||||
must_have_one_noun+=("namespace")
|
||||
must_have_one_noun+=("node")
|
||||
must_have_one_noun+=("persistentvolume")
|
||||
must_have_one_noun+=("persistentvolumeclaim")
|
||||
must_have_one_noun+=("pod")
|
||||
must_have_one_noun+=("replicaset")
|
||||
must_have_one_noun+=("replicationcontroller")
|
||||
must_have_one_noun+=("resourcequota")
|
||||
must_have_one_noun+=("secret")
|
||||
|
@ -414,11 +433,24 @@ _kubectl_create_namespace()
|
|||
|
||||
flags+=("--dry-run")
|
||||
flags+=("--generator=")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -465,11 +497,25 @@ _kubectl_create_secret_docker-registry()
|
|||
flags+=("--docker-username=")
|
||||
flags+=("--dry-run")
|
||||
flags+=("--generator=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -517,11 +563,24 @@ _kubectl_create_secret_generic()
|
|||
flags+=("--from-file=")
|
||||
flags+=("--from-literal=")
|
||||
flags+=("--generator=")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--type=")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
|
@ -594,12 +653,137 @@ _kubectl_create_secret()
|
|||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_create_configmap()
|
||||
{
|
||||
last_command="kubectl_create_configmap"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--dry-run")
|
||||
flags+=("--from-file=")
|
||||
flags+=("--from-literal=")
|
||||
flags+=("--generator=")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_create_serviceaccount()
|
||||
{
|
||||
last_command="kubectl_create_serviceaccount"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--dry-run")
|
||||
flags+=("--generator=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_create()
|
||||
{
|
||||
last_command="kubectl_create"
|
||||
commands=()
|
||||
commands+=("namespace")
|
||||
commands+=("secret")
|
||||
commands+=("configmap")
|
||||
commands+=("serviceaccount")
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
|
@ -612,10 +796,16 @@ _kubectl_create()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -667,10 +857,16 @@ _kubectl_replace()
|
|||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--force")
|
||||
flags+=("--grace-period=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--save-config")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--timeout=")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
|
@ -720,10 +916,15 @@ _kubectl_patch()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--patch=")
|
||||
two_word_flags+=("-p")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--type=")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -775,8 +976,11 @@ _kubectl_delete()
|
|||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--grace-period=")
|
||||
flags+=("--ignore-not-found")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--selector=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--timeout=")
|
||||
|
@ -808,6 +1012,7 @@ _kubectl_delete()
|
|||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
must_have_one_noun+=("componentstatus")
|
||||
must_have_one_noun+=("configmap")
|
||||
must_have_one_noun+=("daemonset")
|
||||
must_have_one_noun+=("deployment")
|
||||
must_have_one_noun+=("endpoints")
|
||||
|
@ -821,13 +1026,16 @@ _kubectl_delete()
|
|||
must_have_one_noun+=("persistentvolume")
|
||||
must_have_one_noun+=("persistentvolumeclaim")
|
||||
must_have_one_noun+=("pod")
|
||||
must_have_one_noun+=("podsecuritypolicy")
|
||||
must_have_one_noun+=("podtemplate")
|
||||
must_have_one_noun+=("replicaset")
|
||||
must_have_one_noun+=("replicationcontroller")
|
||||
must_have_one_noun+=("resourcequota")
|
||||
must_have_one_noun+=("secret")
|
||||
must_have_one_noun+=("service")
|
||||
must_have_one_noun+=("serviceaccount")
|
||||
must_have_one_noun+=("thirdpartyresource")
|
||||
must_have_one_noun+=("thirdpartyresourcedata")
|
||||
}
|
||||
|
||||
_kubectl_edit()
|
||||
|
@ -846,9 +1054,13 @@ _kubectl_edit()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--save-config")
|
||||
flags+=("--windows-line-endings")
|
||||
flags+=("--alsologtostderr")
|
||||
|
@ -896,9 +1108,15 @@ _kubectl_apply()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -984,6 +1202,7 @@ _kubectl_logs()
|
|||
two_word_flags+=("-c")
|
||||
flags+=("--follow")
|
||||
flags+=("-f")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--interactive")
|
||||
flags+=("--limit-bytes=")
|
||||
flags+=("--previous")
|
||||
|
@ -1041,6 +1260,7 @@ _kubectl_rolling-update()
|
|||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--image=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
|
@ -1048,11 +1268,18 @@ _kubectl_rolling-update()
|
|||
flags+=("--poll-interval=")
|
||||
flags+=("--rollback")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--timeout=")
|
||||
flags+=("--update-period=")
|
||||
flags+=("--validate")
|
||||
|
@ -1105,8 +1332,12 @@ _kubectl_scale()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--replicas=")
|
||||
flags+=("--resource-version=")
|
||||
flags+=("--timeout=")
|
||||
|
@ -1191,6 +1422,7 @@ _kubectl_drain()
|
|||
|
||||
flags+=("--force")
|
||||
flags+=("--grace-period=")
|
||||
flags+=("--ignore-daemonsets")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -1464,6 +1696,7 @@ _kubectl_run()
|
|||
flags+=("--generator=")
|
||||
flags+=("--hostport=")
|
||||
flags+=("--image=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--labels=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--leave-stdin-open")
|
||||
|
@ -1474,6 +1707,7 @@ _kubectl_run()
|
|||
flags+=("--output-version=")
|
||||
flags+=("--overrides=")
|
||||
flags+=("--port=")
|
||||
flags+=("--record")
|
||||
flags+=("--replicas=")
|
||||
two_word_flags+=("-r")
|
||||
flags+=("--requests=")
|
||||
|
@ -1484,11 +1718,16 @@ _kubectl_run()
|
|||
flags+=("--service-overrides=")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--stdin")
|
||||
flags+=("-i")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--tty")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -1552,15 +1791,23 @@ _kubectl_expose()
|
|||
flags+=("--overrides=")
|
||||
flags+=("--port=")
|
||||
flags+=("--protocol=")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--save-config")
|
||||
flags+=("--selector=")
|
||||
flags+=("--session-affinity=")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--target-port=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--type=")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -1610,6 +1857,7 @@ _kubectl_autoscale()
|
|||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--generator=")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--max=")
|
||||
flags+=("--min=")
|
||||
flags+=("--name=")
|
||||
|
@ -1617,12 +1865,20 @@ _kubectl_autoscale()
|
|||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--save-config")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -1653,6 +1909,239 @@ _kubectl_autoscale()
|
|||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_rollout_history()
|
||||
{
|
||||
last_command="kubectl_rollout_history"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--filename=")
|
||||
flags_with_completion+=("--filename")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--revision=")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_rollout_pause()
|
||||
{
|
||||
last_command="kubectl_rollout_pause"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--filename=")
|
||||
flags_with_completion+=("--filename")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_rollout_resume()
|
||||
{
|
||||
last_command="kubectl_rollout_resume"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--filename=")
|
||||
flags_with_completion+=("--filename")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_rollout_undo()
|
||||
{
|
||||
last_command="kubectl_rollout_undo"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--filename=")
|
||||
flags_with_completion+=("--filename")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--to-revision=")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_rollout()
|
||||
{
|
||||
last_command="kubectl_rollout"
|
||||
commands=()
|
||||
commands+=("history")
|
||||
commands+=("pause")
|
||||
commands+=("resume")
|
||||
commands+=("undo")
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_label()
|
||||
{
|
||||
last_command="kubectl_label"
|
||||
|
@ -1671,19 +2160,28 @@ _kubectl_label()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--overwrite")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--resource-version=")
|
||||
flags+=("--selector=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -1712,6 +2210,7 @@ _kubectl_label()
|
|||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
must_have_one_noun+=("componentstatus")
|
||||
must_have_one_noun+=("configmap")
|
||||
must_have_one_noun+=("daemonset")
|
||||
must_have_one_noun+=("deployment")
|
||||
must_have_one_noun+=("endpoints")
|
||||
|
@ -1725,13 +2224,16 @@ _kubectl_label()
|
|||
must_have_one_noun+=("persistentvolume")
|
||||
must_have_one_noun+=("persistentvolumeclaim")
|
||||
must_have_one_noun+=("pod")
|
||||
must_have_one_noun+=("podsecuritypolicy")
|
||||
must_have_one_noun+=("podtemplate")
|
||||
must_have_one_noun+=("replicaset")
|
||||
must_have_one_noun+=("replicationcontroller")
|
||||
must_have_one_noun+=("resourcequota")
|
||||
must_have_one_noun+=("secret")
|
||||
must_have_one_noun+=("service")
|
||||
must_have_one_noun+=("serviceaccount")
|
||||
must_have_one_noun+=("thirdpartyresource")
|
||||
must_have_one_noun+=("thirdpartyresourcedata")
|
||||
}
|
||||
|
||||
_kubectl_annotate()
|
||||
|
@ -1751,19 +2253,28 @@ _kubectl_annotate()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--overwrite")
|
||||
flags+=("--record")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--resource-version=")
|
||||
flags+=("--selector=")
|
||||
two_word_flags+=("-l")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -1804,7 +2315,7 @@ _kubectl_config_view()
|
|||
flags_completion=()
|
||||
|
||||
flags+=("--flatten")
|
||||
flags+=("--merge")
|
||||
flags+=("--merge=")
|
||||
flags+=("--minify")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
|
@ -1813,9 +2324,14 @@ _kubectl_config_view()
|
|||
flags+=("--raw")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -1857,8 +2373,10 @@ _kubectl_config_set-cluster()
|
|||
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--embed-certs")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags_with_completion+=("--certificate-authority")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--embed-certs=")
|
||||
flags+=("--insecure-skip-tls-verify=")
|
||||
flags+=("--server=")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--client-certificate=")
|
||||
|
@ -1895,8 +2413,12 @@ _kubectl_config_set-credentials()
|
|||
flags_completion=()
|
||||
|
||||
flags+=("--client-certificate=")
|
||||
flags_with_completion+=("--client-certificate")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--embed-certs")
|
||||
flags_with_completion+=("--client-key")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--embed-certs=")
|
||||
flags+=("--password=")
|
||||
flags+=("--token=")
|
||||
flags+=("--username=")
|
||||
|
@ -2041,6 +2563,45 @@ _kubectl_config_unset()
|
|||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_config_current-context()
|
||||
{
|
||||
last_command="kubectl_config_current-context"
|
||||
commands=()
|
||||
|
||||
flags=()
|
||||
two_word_flags=()
|
||||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
flags+=("--client-certificate=")
|
||||
flags+=("--client-key=")
|
||||
flags+=("--cluster=")
|
||||
flags+=("--context=")
|
||||
flags+=("--insecure-skip-tls-verify")
|
||||
flags+=("--kubeconfig=")
|
||||
flags+=("--log-backtrace-at=")
|
||||
flags+=("--log-dir=")
|
||||
flags+=("--log-flush-frequency=")
|
||||
flags+=("--logtostderr")
|
||||
flags+=("--match-server-version")
|
||||
flags+=("--namespace=")
|
||||
flags+=("--password=")
|
||||
flags+=("--server=")
|
||||
two_word_flags+=("-s")
|
||||
flags+=("--stderrthreshold=")
|
||||
flags+=("--token=")
|
||||
flags+=("--user=")
|
||||
flags+=("--username=")
|
||||
flags+=("--v=")
|
||||
flags+=("--vmodule=")
|
||||
|
||||
must_have_one_flag=()
|
||||
must_have_one_noun=()
|
||||
}
|
||||
|
||||
_kubectl_config_use-context()
|
||||
{
|
||||
last_command="kubectl_config_use-context"
|
||||
|
@ -2090,6 +2651,7 @@ _kubectl_config()
|
|||
commands+=("set-context")
|
||||
commands+=("set")
|
||||
commands+=("unset")
|
||||
commands+=("current-context")
|
||||
commands+=("use-context")
|
||||
|
||||
flags=()
|
||||
|
@ -2136,6 +2698,7 @@ _kubectl_cluster-info()
|
|||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
flags+=("--certificate-authority=")
|
||||
|
@ -2255,6 +2818,7 @@ _kubectl_explain()
|
|||
flags_with_completion=()
|
||||
flags_completion=()
|
||||
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--recursive")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -2301,17 +2865,27 @@ _kubectl_convert()
|
|||
two_word_flags+=("-f")
|
||||
flags_with_completion+=("-f")
|
||||
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
|
||||
flags+=("--include-extended-apis")
|
||||
flags+=("--local")
|
||||
flags+=("--no-headers")
|
||||
flags+=("--output=")
|
||||
two_word_flags+=("-o")
|
||||
flags+=("--output-version=")
|
||||
flags+=("--recursive")
|
||||
flags+=("-R")
|
||||
flags+=("--schema-cache-dir=")
|
||||
flags_with_completion+=("--schema-cache-dir")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--show-all")
|
||||
flags+=("-a")
|
||||
flags+=("--show-labels")
|
||||
flags+=("--sort-by=")
|
||||
flags+=("--template=")
|
||||
flags_with_completion+=("--template")
|
||||
flags_completion+=("_filedir")
|
||||
two_word_flags+=("-t")
|
||||
flags_with_completion+=("-t")
|
||||
flags_completion+=("_filedir")
|
||||
flags+=("--validate")
|
||||
flags+=("--alsologtostderr")
|
||||
flags+=("--api-version=")
|
||||
|
@ -2370,6 +2944,7 @@ _kubectl()
|
|||
commands+=("run")
|
||||
commands+=("expose")
|
||||
commands+=("autoscale")
|
||||
commands+=("rollout")
|
||||
commands+=("label")
|
||||
commands+=("annotate")
|
||||
commands+=("config")
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
copy:
|
||||
src: kubectl_bash_completion.sh
|
||||
dest: /etc/bash_completion.d/kubectl.sh
|
||||
when: ansible_os_family in ["Debian","RedHat"]
|
||||
|
||||
- name: Copy kube-apiserver binary
|
||||
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver"
|
||||
|
@ -44,7 +45,7 @@
|
|||
- meta: flush_handlers
|
||||
|
||||
- include: start.yml
|
||||
with_items: groups['kube-master']
|
||||
with_items: "{{ groups['kube-master'] }}"
|
||||
when: "{{ hostvars[item].inventory_hostname == inventory_hostname }}"
|
||||
|
||||
# Create kube-system namespace
|
||||
|
@ -74,17 +75,12 @@
|
|||
- name: Write kube-controller-manager manifest
|
||||
template:
|
||||
src: manifests/kube-controller-manager.manifest.j2
|
||||
dest: "{{ kube_config_dir }}/kube-controller-manager.manifest"
|
||||
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
|
||||
|
||||
- name: Write kube-scheduler manifest
|
||||
template:
|
||||
src: manifests/kube-scheduler.manifest.j2
|
||||
dest: "{{ kube_config_dir }}/kube-scheduler.manifest"
|
||||
|
||||
- name: Write podmaster manifest
|
||||
template:
|
||||
src: manifests/kube-podmaster.manifest.j2
|
||||
dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest"
|
||||
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
|
||||
|
||||
- name: restart kubelet
|
||||
service:
|
||||
|
|
|
@ -38,7 +38,15 @@ KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private
|
|||
# Add you own!
|
||||
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem"
|
||||
|
||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||
{% else %}
|
||||
{# TODO: gce and aws don't need the cloud provider to be set? #}
|
||||
KUBELET_CLOUDPROVIDER=""
|
||||
{% endif %}
|
||||
|
||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
||||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \
|
||||
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS"
|
||||
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS \
|
||||
$KUBELET_CLOUDPROVIDER"
|
||||
{% endif %}
|
||||
|
|
|
@ -19,7 +19,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
|
|||
$KUBE_ADMISSION_CONTROL \
|
||||
$KUBE_RUNTIME_CONFIG \
|
||||
$KUBE_TLS_CONFIG \
|
||||
$KUBE_API_ARGS
|
||||
$KUBE_API_ARGS \
|
||||
$KUBELET_CLOUDPROVIDER
|
||||
Restart=on-failure
|
||||
Type=notify
|
||||
LimitNOFILE=65536
|
||||
|
|
|
@ -48,5 +48,5 @@ spec:
|
|||
path: {{ kube_config_dir }}
|
||||
name: kubernetes-config
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
path: /etc/ssl/certs/
|
||||
name: ssl-certs-host
|
||||
|
|
|
@ -12,9 +12,14 @@ spec:
|
|||
- /hyperkube
|
||||
- controller-manager
|
||||
- --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
|
||||
- --leader-elect=true
|
||||
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
||||
- --root-ca-file={{ kube_cert_dir }}/ca.pem
|
||||
- --v={{ kube_log_level | default('2') }}
|
||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||
- --cloud-provider=openstack
|
||||
- --cloud-config={{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
host: 127.0.0.1
|
||||
|
@ -29,10 +34,20 @@ spec:
|
|||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||
- mountPath: {{ kube_config_dir }}/cloud_config
|
||||
name: cloudconfig
|
||||
readOnly: true
|
||||
{% endif %}
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: {{ kube_cert_dir }}
|
||||
name: ssl-certs-kubernetes
|
||||
- hostPath:
|
||||
path: /usr/share/ca-certificates
|
||||
path: /etc/ssl/certs/
|
||||
name: ssl-certs-host
|
||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||
- hostPath:
|
||||
path: {{ kube_config_dir }}/cloud_config
|
||||
name: cloudconfig
|
||||
{% endif %}
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: kube-podmaster
|
||||
namespace: kube-system
|
||||
spec:
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: scheduler-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
- --key=scheduler
|
||||
- --source-file={{ kube_config_dir}}/kube-scheduler.manifest
|
||||
- --dest-file={{ kube_manifest_dir }}/kube-scheduler.manifest
|
||||
volumeMounts:
|
||||
- mountPath: {{ kube_config_dir }}
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: {{ kube_manifest_dir }}
|
||||
name: manifest-dst
|
||||
- name: controller-manager-elector
|
||||
image: gcr.io/google_containers/podmaster:1.1
|
||||
command:
|
||||
- /podmaster
|
||||
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
- --key=controller
|
||||
- --source-file={{ kube_config_dir }}/kube-controller-manager.manifest
|
||||
- --dest-file={{ kube_manifest_dir }}/kube-controller-manager.manifest
|
||||
terminationMessagePath: /dev/termination-log
|
||||
volumeMounts:
|
||||
- mountPath: {{ kube_config_dir }}
|
||||
name: manifest-src
|
||||
readOnly: true
|
||||
- mountPath: {{ kube_manifest_dir }}
|
||||
name: manifest-dst
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: {{ kube_config_dir }}
|
||||
name: manifest-src
|
||||
- hostPath:
|
||||
path: {{ kube_manifest_dir }}
|
||||
name: manifest-dst
|
|
@ -11,6 +11,7 @@ spec:
|
|||
command:
|
||||
- /hyperkube
|
||||
- scheduler
|
||||
- --leader-elect=true
|
||||
- --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
|
||||
- --v={{ kube_log_level | default('2') }}
|
||||
livenessProbe:
|
||||
|
|
|
@ -31,10 +31,8 @@ dns_domain: "{{ cluster_name }}"
|
|||
|
||||
kube_proxy_mode: userspace
|
||||
|
||||
# Temporary image, waiting for official google release
|
||||
# hyperkube_image_repo: gcr.io/google_containers/hyperkube
|
||||
hyperkube_image_repo: quay.io/ant31/kubernetes-hyperkube
|
||||
hyperkube_image_tag: v1.1.4
|
||||
hyperkube_image_repo: quay.io/smana/kubernetes-hyperkube
|
||||
hyperkube_image_tag: v1.2.1
|
||||
|
||||
# IP address of the DNS server.
|
||||
# Kubernetes will create a pod with several containers, serving as the DNS
|
||||
|
@ -43,6 +41,6 @@ hyperkube_image_tag: v1.1.4
|
|||
# pick the 10th ip address in the kube_service_addresses range and use that.
|
||||
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
|
||||
|
||||
kube_api_runtime_config:
|
||||
- extensions/v1beta1/daemonsets=true
|
||||
- extensions/v1beta1/deployments=true
|
||||
# kube_api_runtime_config:
|
||||
# - extensions/v1beta1/daemonsets=true
|
||||
# - extensions/v1beta1/deployments=true
|
||||
|
|
|
@ -18,12 +18,3 @@
|
|||
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet"
|
||||
register: kubelet_copy
|
||||
changed_when: false
|
||||
|
||||
- name: install | Calico-plugin | Directory
|
||||
file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/ state=directory
|
||||
when: kube_network_plugin == "calico"
|
||||
|
||||
- name: install | Calico-plugin | Binary
|
||||
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico"
|
||||
when: kube_network_plugin == "calico"
|
||||
changed_when: false
|
||||
|
|
|
@ -7,7 +7,9 @@ KUBE_LOGGING="--logtostderr=true"
|
|||
{% endif %}
|
||||
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
|
||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||
{% if inventory_hostname in groups['kube-node'] %}
|
||||
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
{% endif %}
|
||||
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
|
||||
KUBELET_ADDRESS="--address=0.0.0.0"
|
||||
# The port for the info server to serve on
|
||||
|
@ -33,7 +35,14 @@ KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
|
|||
{% endif %}
|
||||
# Should this cluster be allowed to run privileged docker containers
|
||||
KUBE_ALLOW_PRIV="--allow_privileged=true"
|
||||
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||
{% else %}
|
||||
{# TODO: gce and aws don't need the cloud provider to be set? #}
|
||||
KUBELET_CLOUDPROVIDER=""
|
||||
{% endif %}
|
||||
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
|
||||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
|
||||
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN"
|
||||
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
|
||||
$KUBELET_CLOUDPROVIDER"
|
||||
{% endif %}
|
||||
|
|
|
@ -20,7 +20,8 @@ ExecStart={{ bin_dir }}/kubelet \
|
|||
$KUBELET_ARGS \
|
||||
$DOCKER_SOCKET \
|
||||
$KUBELET_REGISTER_NODE \
|
||||
$KUBELET_NETWORK_PLUGIN
|
||||
$KUBELET_NETWORK_PLUGIN \
|
||||
$KUBELET_CLOUDPROVIDER
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -23,6 +23,7 @@ spec:
|
|||
- --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
|
||||
{% endif %}
|
||||
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||
- --proxy-mode={{ kube_proxy_mode }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
|
|
|
@ -8,5 +8,13 @@ common_required_pkgs:
|
|||
- rsync
|
||||
- bash-completion
|
||||
|
||||
pypy_version: 2.4.0
|
||||
python_pypy_url: "https://bitbucket.org/pypy/pypy/downloads/pypy-{{ pypy_version }}.tar.bz2"
|
||||
|
||||
|
||||
# For the openstack integration kubelet will need credentials to access
|
||||
# openstack apis like nova and cinder. Per default this values will be
|
||||
# read from the environment.
|
||||
openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
|
||||
openstack_username: "{{ lookup('env','OS_USERNAME') }}"
|
||||
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
|
||||
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
|
||||
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -5,9 +5,10 @@
|
|||
regexp: "^{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4.address)) }} {{ item }}$"
|
||||
line: "{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4.address)) }} {{ item }}"
|
||||
state: present
|
||||
create: yes
|
||||
backup: yes
|
||||
when: hostvars[item].ansible_default_ipv4.address is defined
|
||||
with_items: groups['all']
|
||||
with_items: "{{ groups['all'] }}"
|
||||
|
||||
- name: Hosts | populate kubernetes loadbalancer address into hosts file
|
||||
lineinfile:
|
||||
|
|
|
@ -14,6 +14,12 @@
|
|||
- defaults.yml
|
||||
paths:
|
||||
- ../vars
|
||||
skip: true
|
||||
|
||||
- name: Force binaries directory for CoreOS
|
||||
set_fact:
|
||||
bin_dir: "/opt/bin"
|
||||
when: ansible_os_family == "CoreOS"
|
||||
|
||||
- name: Create kubernetes config directory
|
||||
file:
|
||||
|
@ -40,6 +46,14 @@
|
|||
owner: kube
|
||||
when: ansible_service_mgr in ["sysvinit","upstart"]
|
||||
|
||||
- name: check cloud_provider value
|
||||
fail:
|
||||
msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws' or 'openstack'"
|
||||
when: cloud_provider is defined and cloud_provider not in ['gce', 'aws', 'openstack']
|
||||
|
||||
- include: openstack-credential-check.yml
|
||||
when: cloud_provider is defined and cloud_provider == 'openstack'
|
||||
|
||||
- name: Create cni directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
|
@ -50,18 +64,13 @@
|
|||
- "/opt/cni/bin"
|
||||
when: kube_network_plugin == "calico"
|
||||
|
||||
- name: Update package management cache (APT)
|
||||
apt: update_cache=yes
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Update package management cache (YUM)
|
||||
yum: update_cache=yes name='*'
|
||||
when: ansible_pkg_mgr == 'yum'
|
||||
|
||||
- name: Install python-apt for Debian distribs
|
||||
command: apt-get install -y python-apt
|
||||
- name: Install latest version of python-apt for Debian distribs
|
||||
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
|
||||
when: ansible_os_family == "Debian"
|
||||
changed_when: False
|
||||
|
||||
- name: Install python-dnf for latest RedHat versions
|
||||
command: dnf install -y python-dnf yum
|
||||
|
@ -85,7 +94,8 @@
|
|||
module: "{{ ansible_pkg_mgr }}"
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
with_items: "{{required_pkgs | union(common_required_pkgs)}}"
|
||||
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
|
||||
when: ansible_os_family != "CoreOS"
|
||||
|
||||
# Todo : selinux configuration
|
||||
- name: Set selinux policy to permissive
|
||||
|
@ -93,7 +103,12 @@
|
|||
when: ansible_os_family == "RedHat"
|
||||
changed_when: False
|
||||
|
||||
- include: etchosts.yml
|
||||
- name: Write openstack cloud-config
|
||||
template:
|
||||
src: openstack-cloud-config.j2
|
||||
dest: "{{ kube_config_dir }}/cloud_config"
|
||||
group: "{{ kube_cert_group }}"
|
||||
mode: 0640
|
||||
when: cloud_provider is defined and cloud_provider == "openstack"
|
||||
|
||||
- include: python-bootstrap.yml
|
||||
when: ansible_os_family not in [ "Debian", "RedHat" ]
|
||||
- include: etchosts.yml
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: check openstack_auth_url value
|
||||
fail:
|
||||
msg: "openstack_auth_url is missing"
|
||||
when: openstack_auth_url is not defined or openstack_auth_url == ""
|
||||
|
||||
- name: check openstack_username value
|
||||
fail:
|
||||
msg: "openstack_username is missing"
|
||||
when: openstack_username is not defined or openstack_username == ""
|
||||
|
||||
- name: check openstack_password value
|
||||
fail:
|
||||
msg: "openstack_password is missing"
|
||||
when: openstack_password is not defined or openstack_password == ""
|
||||
|
||||
- name: check openstack_region value
|
||||
fail:
|
||||
msg: "openstack_region is missing"
|
||||
when: openstack_region is not defined or openstack_region == ""
|
||||
|
||||
- name: check tenant_id value
|
||||
fail:
|
||||
msg: "tenant_id is missing"
|
||||
when: openstack_tenant_id is not defined or openstack_tenant_id == ""
|
|
@ -0,0 +1,6 @@
|
|||
[Global]
|
||||
auth-url={{ openstack_auth_url }}
|
||||
username={{ openstack_username }}
|
||||
password={{ openstack_password }}
|
||||
region={{ openstack_region }}
|
||||
tenant-id={{ openstack_tenant_id }}
|
|
@ -1,4 +1,5 @@
|
|||
required_pkgs:
|
||||
- python-apt
|
||||
- aufs-tools
|
||||
- apt-transport-https
|
||||
- software-properties-common
|
||||
|
|
|
@ -54,7 +54,7 @@ if [ -z ${SSLDIR} ]; then
|
|||
SSLDIR="/etc/kubernetes/certs"
|
||||
fi
|
||||
|
||||
tmpdir=$(mktemp -d --tmpdir kubernetes_cacert.XXXXXX)
|
||||
tmpdir=$(mktemp -d /tmp/kubernetes_cacert.XXXXXX)
|
||||
trap 'rm -rf "${tmpdir}"' EXIT
|
||||
cd "${tmpdir}"
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- name: certs | write openssl config
|
||||
sudo: False
|
||||
become: False
|
||||
local_action: template src="openssl.conf.j2" dest="{{ role_path }}/files/openssl.conf"
|
||||
run_once: yes
|
||||
|
||||
- name: certs | run cert generation script
|
||||
sudo: False
|
||||
become: False
|
||||
local_action: shell
|
||||
{{ role_path }}/scripts/make-ssl.sh
|
||||
-f {{ role_path }}/files/openssl.conf
|
||||
|
@ -48,4 +48,4 @@
|
|||
file:
|
||||
path: "{{ item }}"
|
||||
mode: 0600
|
||||
with_items: keyfiles.stdout_lines
|
||||
with_items: "{{ keyfiles.stdout_lines }}"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: tokens | generate tokens for master components
|
||||
sudo: False
|
||||
become: False
|
||||
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
|
||||
environment:
|
||||
TOKEN_DIR: "{{ role_path }}/files/tokens"
|
||||
|
@ -12,7 +12,7 @@
|
|||
notify: set secret_changed
|
||||
|
||||
- name: tokens | generate tokens for node components
|
||||
sudo: False
|
||||
become: False
|
||||
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
|
||||
environment:
|
||||
TOKEN_DIR: "{{ role_path }}/files/tokens"
|
||||
|
|
|
@ -9,9 +9,10 @@ subjectAltName = @alt_names
|
|||
[alt_names]
|
||||
DNS.1 = kubernetes
|
||||
DNS.2 = kubernetes.default
|
||||
DNS.3 = kubernetes.default.svc.{{ dns_domain }}
|
||||
DNS.3 = kubernetes.default.svc
|
||||
DNS.4 = kubernetes.default.svc.{{ dns_domain }}
|
||||
{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
|
||||
DNS.4 = {{ apiserver_loadbalancer_domain_name }}
|
||||
DNS.5 = {{ apiserver_loadbalancer_domain_name }}
|
||||
{% endif %}
|
||||
{% for host in groups['kube-master'] %}
|
||||
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
||||
|
|
|
@ -1,2 +1,6 @@
|
|||
---
|
||||
# cloud_provider: no
|
||||
# Enables Internet connectivity from containers
|
||||
nat_outgoing: true
|
||||
|
||||
# cloud_provider can only be set to 'gce' or 'aws'
|
||||
# cloud_provider:
|
||||
|
|
|
@ -8,13 +8,14 @@
|
|||
mode: 0644
|
||||
notify:
|
||||
- restart docker
|
||||
when: ansible_os_family != "CoreOS"
|
||||
|
||||
- name: Calico | Write docker.service systemd file
|
||||
template:
|
||||
src: systemd-docker.service
|
||||
dest: /lib/systemd/system/docker.service
|
||||
notify: restart docker
|
||||
when: ansible_service_mgr == "systemd"
|
||||
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
@ -34,12 +35,6 @@
|
|||
- name: Calico | install calicoctl
|
||||
file: path={{ bin_dir }}/calicoctl mode=0755 state=file
|
||||
|
||||
- name: Calico | Create calicoctl symlink (needed by kubelet)
|
||||
file:
|
||||
src: /usr/local/bin/calicoctl
|
||||
dest: /usr/bin/calicoctl
|
||||
state: link
|
||||
|
||||
- name: Calico | wait for etcd
|
||||
wait_for:
|
||||
port: 2379
|
||||
|
@ -53,15 +48,23 @@
|
|||
register: calico_conf
|
||||
run_once: true
|
||||
|
||||
- name: Calico | Configure calico network pool for cloud
|
||||
command: "calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
|
||||
run_once: true
|
||||
when: calico_conf.status == 404 and cloud_provider is defined and cloud_provider == True
|
||||
|
||||
- name: Calico | Configure calico network pool
|
||||
command: "calicoctl pool add {{ kube_pods_subnet }}"
|
||||
command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }}"
|
||||
run_once: true
|
||||
when: calico_conf.status == 404 and (cloud_provider is not defined or cloud_provider != True)
|
||||
when: calico_conf.status == 404 and cloud_provider is not defined
|
||||
and not nat_outgoing|default(false) or
|
||||
(nat_outgoing|default(false) and peer_with_router|default(false))
|
||||
|
||||
- name: Calico | Configure calico network pool for cloud
|
||||
command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
|
||||
run_once: true
|
||||
when: calico_conf.status == 404 and cloud_provider is defined
|
||||
|
||||
- name: Calico | Configure calico network pool with nat outgoing
|
||||
command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} --nat-outgoing"
|
||||
run_once: true
|
||||
when: calico_conf.status == 404 and cloud_provider is not defined
|
||||
and nat_outgoing|default(false) and not peer_with_router|default(false)
|
||||
|
||||
- name: Calico | Get calico configuration from etcd
|
||||
uri:
|
||||
|
@ -112,13 +115,13 @@
|
|||
when: calico_copy.stdout_lines
|
||||
|
||||
- name: Calico | Disable node mesh
|
||||
shell: calicoctl bgp node-mesh off
|
||||
shell: "{{ bin_dir }}/calicoctl bgp node-mesh off"
|
||||
environment:
|
||||
ETCD_AUTHORITY: "127.0.0.1:2379"
|
||||
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
|
||||
|
||||
- name: Calico | Configure peering with router(s)
|
||||
shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
|
||||
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
|
||||
environment:
|
||||
ETCD_AUTHORITY: "127.0.0.1:2379"
|
||||
with_items: peers
|
||||
|
|
|
@ -6,3 +6,7 @@ flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address
|
|||
## interface that should be used for flannel operations
|
||||
## This is actually an inventory node-level item
|
||||
# flannel_interface:
|
||||
|
||||
# You can choose what type of flannel backend to use
|
||||
# please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
|
||||
flannel_backend_type: "vxlan"
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
src: network.json
|
||||
dest: /etc/flannel-network.json
|
||||
backup: yes
|
||||
|
||||
- name: Flannel | Create flannel pod manifest
|
||||
template:
|
||||
src: flannel-pod.yml
|
||||
|
@ -15,6 +14,7 @@
|
|||
wait_for:
|
||||
path: /run/flannel/subnet.env
|
||||
delay: 5
|
||||
timeout: 600
|
||||
|
||||
- name: Flannel | Get flannel_subnet from subnet.env
|
||||
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
|
||||
|
@ -42,11 +42,18 @@
|
|||
notify:
|
||||
- restart docker
|
||||
|
||||
- name: Flannel | Create docker config symlink for CoreOS
|
||||
file:
|
||||
src: "/etc/default/docker"
|
||||
dest: "/run/flannel_docker_opts.env"
|
||||
state: link
|
||||
when: ansible_os_family == "CoreOS"
|
||||
|
||||
- name: Flannel | Write docker.service systemd file
|
||||
template:
|
||||
src: systemd-docker.service
|
||||
dest: /lib/systemd/system/docker.service
|
||||
notify: restart docker
|
||||
when: ansible_service_mgr == "systemd"
|
||||
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# Deployed by Ansible
|
||||
{% if ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
|
||||
{% if (ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian") or
|
||||
(kube_network_plugin == "flannel" and ansible_os_family == "CoreOS") %}
|
||||
DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||
{% elif kube_network_plugin == "flannel" %}
|
||||
OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
|
||||
|
|
|
@ -1 +1 @@
|
|||
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "vxlan" } }
|
||||
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
src: systemd-docker.service
|
||||
dest: /lib/systemd/system/docker.service
|
||||
notify: restart docker
|
||||
when: ansible_service_mgr == "systemd"
|
||||
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
|
101
roles/uploads/defaults/main.yml
Normal file
101
roles/uploads/defaults/main.yml
Normal file
|
@ -0,0 +1,101 @@
|
|||
---
|
||||
local_release_dir: /tmp
|
||||
|
||||
# Versions
|
||||
kube_version: v1.2.1
|
||||
etcd_version: v2.2.5
|
||||
calico_version: v0.17.0
|
||||
calico_cni_version: v1.0.0
|
||||
weave_version: v1.4.4
|
||||
|
||||
# Download URL's
|
||||
kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
|
||||
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
|
||||
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
|
||||
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
|
||||
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
|
||||
|
||||
# Checksums
|
||||
calico_checksum: "1fa22c0ee0cc661f56aa09169a3661fb46e552b53fae5fae9aac010e0666b281"
|
||||
calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd"
|
||||
calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2"
|
||||
weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957"
|
||||
etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
|
||||
kubectl_checksum: "a41b9543ddef1f64078716075311c44c6e1d02c67301c0937a658cef37923bbb"
|
||||
kubelet_checksum: "7e253e07da77b031d5687102c485697f95f9e1e6410c1da1f4d3f064cdc70f07"
|
||||
kube_apiserver_checksum: "8e00cd59330857b119e40cd6156c0f476a8e62bbc9e9addd524b39e0c390a6cd"
|
||||
|
||||
downloads:
|
||||
- name: calico
|
||||
dest: calico/bin/calicoctl
|
||||
version: "{{calico_version}}"
|
||||
sha256: "{{ calico_checksum }}"
|
||||
source_url: "{{ calico_download_url }}"
|
||||
url: "{{ calico_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: calico-cni-plugin
|
||||
dest: calico/bin/calico
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_checksum }}"
|
||||
source_url: "{{ calico_cni_download_url }}"
|
||||
url: "{{ calico_cni_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: calico-cni-plugin-ipam
|
||||
dest: calico/bin/calico-ipam
|
||||
version: "{{calico_cni_version}}"
|
||||
sha256: "{{ calico_cni_ipam_checksum }}"
|
||||
source_url: "{{ calico_cni_ipam_download_url }}"
|
||||
url: "{{ calico_cni_ipam_download_url }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: weave
|
||||
dest: weave/bin/weave
|
||||
version: "{{weave_version}}"
|
||||
source_url: "{{weave_download_url}}"
|
||||
url: "{{weave_download_url}}"
|
||||
sha256: "{{ weave_checksum }}"
|
||||
owner: "root"
|
||||
mode: "0755"
|
||||
|
||||
- name: etcd
|
||||
version: "{{etcd_version}}"
|
||||
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
|
||||
sha256: "{{ etcd_checksum }}"
|
||||
source_url: "{{ etcd_download_url }}"
|
||||
url: "{{ etcd_download_url }}"
|
||||
unarchive: true
|
||||
owner: "etcd"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-kubelet
|
||||
version: "{{kube_version}}"
|
||||
dest: kubernetes/bin/kubelet
|
||||
sha256: "{{kubelet_checksum}}"
|
||||
source_url: "{{ kube_download_url }}/kubelet"
|
||||
url: "{{ kube_download_url }}/kubelet"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-kubectl
|
||||
dest: kubernetes/bin/kubectl
|
||||
version: "{{kube_version}}"
|
||||
sha256: "{{kubectl_checksum}}"
|
||||
source_url: "{{ kube_download_url }}/kubectl"
|
||||
url: "{{ kube_download_url }}/kubectl"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
||||
|
||||
- name: kubernetes-apiserver
|
||||
dest: kubernetes/bin/kube-apiserver
|
||||
version: "{{kube_version}}"
|
||||
sha256: "{{kube_apiserver_checksum}}"
|
||||
source_url: "{{ kube_download_url }}/kube-apiserver"
|
||||
url: "{{ kube_download_url }}/kube-apiserver"
|
||||
owner: "kube"
|
||||
mode: "0755"
|
24
roles/uploads/tasks/main.yml
Normal file
24
roles/uploads/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
- name: Create dest directories
|
||||
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
|
||||
with_items: downloads
|
||||
|
||||
- name: Download items
|
||||
get_url:
|
||||
url: "{{item.source_url}}"
|
||||
dest: "{{local_release_dir}}/{{item.dest}}"
|
||||
sha256sum: "{{item.sha256 | default(omit)}}"
|
||||
owner: "{{ item.owner|default(omit) }}"
|
||||
mode: "{{ item.mode|default(omit) }}"
|
||||
with_items: downloads
|
||||
|
||||
- name: uploads items
|
||||
gc_storage:
|
||||
bucket: kubespray
|
||||
object: "{{item.version}}_{{item.name}}"
|
||||
src: "{{ local_release_dir }}/{{item.dest}}"
|
||||
mode: put
|
||||
permission: public-read
|
||||
gs_access_key: "changeme"
|
||||
gs_secret_key: "changeme"
|
||||
with_items: downloads
|
|
@ -1,6 +1,15 @@
|
|||
# k8s-integration-tests
|
||||
# Kubespray cloud deployment tests
|
||||
|
||||
## Amazon Web Service
|
||||
|
||||
| Calico | Flannel | Weave |
|
||||
------------- | ------------- | ------------- | ------------- |
|
||||
Debian Jessie | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-jessie) | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/) | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/) |
|
||||
Ubuntu Trusty |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-trusty)|
|
||||
RHEL 7.2 |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/)|
|
||||
CentOS 7 |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/)|
|
||||
|
||||
|
||||
*Work In Progress*
|
||||
|
||||
## Test environment variables
|
||||
|
||||
|
|
94
tests/support/aws.groovy
Normal file
94
tests/support/aws.groovy
Normal file
|
@ -0,0 +1,94 @@
|
|||
def run(username, credentialsId, ami, network_plugin, aws_access, aws_secret) {
|
||||
def inventory_path = pwd() + "/inventory/inventory-test.ini"
|
||||
dir('tests') {
|
||||
wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
|
||||
try {
|
||||
create_vm("${env.JOB_NAME}-${env.BUILD_NUMBER}", inventory_path, ami, username, network_plugin, aws_access, aws_secret)
|
||||
install_cluster(inventory_path, credentialsId, network_plugin)
|
||||
|
||||
test_apiserver(inventory_path, credentialsId)
|
||||
test_create_pod(inventory_path, credentialsId)
|
||||
test_network(inventory_path, credentialsId)
|
||||
} finally {
|
||||
delete_vm(inventory_path, credentialsId, aws_access, aws_secret)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
def create_vm(run_id, inventory_path, ami, username, network_plugin, aws_access, aws_secret) {
|
||||
ansiblePlaybook(
|
||||
inventory: 'local_inventory/hosts.cfg',
|
||||
playbook: 'cloud_playbooks/create-aws.yml',
|
||||
extraVars: [
|
||||
test_id: run_id,
|
||||
kube_network_plugin: network_plugin,
|
||||
aws_access_key: [value: aws_access, hidden: true],
|
||||
aws_secret_key: [value: aws_secret, hidden: true],
|
||||
aws_ami_id: ami,
|
||||
aws_security_group: [value: 'sg-cb0327a2', hidden: true],
|
||||
key_name: 'travis-ci',
|
||||
inventory_path: inventory_path,
|
||||
aws_region: 'eu-central-1',
|
||||
ssh_user: username
|
||||
],
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
|
||||
def delete_vm(inventory_path, credentialsId, aws_access, aws_secret) {
|
||||
ansiblePlaybook(
|
||||
inventory: inventory_path,
|
||||
playbook: 'cloud_playbooks/delete-aws.yml',
|
||||
credentialsId: credentialsId,
|
||||
extraVars: [
|
||||
aws_access_key: [value: aws_access, hidden: true],
|
||||
aws_secret_key: [value: aws_secret, hidden: true]
|
||||
],
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
|
||||
def install_cluster(inventory_path, credentialsId, network_plugin) {
|
||||
ansiblePlaybook(
|
||||
inventory: inventory_path,
|
||||
playbook: '../cluster.yml',
|
||||
sudo: true,
|
||||
credentialsId: credentialsId,
|
||||
extraVars: [
|
||||
kube_network_plugin: network_plugin
|
||||
],
|
||||
extras: "-e cloud_provider=aws",
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
|
||||
def test_apiserver(inventory_path, credentialsId) {
|
||||
ansiblePlaybook(
|
||||
inventory: inventory_path,
|
||||
playbook: 'testcases/010_check-apiserver.yml',
|
||||
credentialsId: credentialsId,
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
|
||||
def test_create_pod(inventory_path, credentialsId) {
|
||||
ansiblePlaybook(
|
||||
inventory: inventory_path,
|
||||
playbook: 'testcases/020_check-create-pod.yml',
|
||||
sudo: true,
|
||||
credentialsId: credentialsId,
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
|
||||
def test_network(inventory_path, credentialsId) {
|
||||
ansiblePlaybook(
|
||||
inventory: inventory_path,
|
||||
playbook: 'testcases/030_check-network.yml',
|
||||
sudo: true,
|
||||
credentialsId: credentialsId,
|
||||
colorized: true
|
||||
)
|
||||
}
|
||||
return this;
|
11
uploads.yml
Normal file
11
uploads.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- {role: uploads}
|
||||
|
||||
# TEST download
|
||||
- hosts: localhost
|
||||
vars:
|
||||
local_release_dir: /tmp/from_gcloud
|
||||
roles:
|
||||
- {role: download}
|
Loading…
Reference in a new issue