C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' into opencontrail

Browse source
This commit is contained in:
Greg Althaus 2016-04-08 07:58:41 -05:00
commit ed27e6856c
83 changed files with 20835 additions and 18166 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
.gitmodules vendored
View file

@ -1,53 +0,0 @@
[submodule "roles/apps/k8s-kube-ui"]
path = roles/apps/k8s-kube-ui
url = https://github.com/ansibl8s/k8s-kube-ui.git
branch = v1.0
[submodule "roles/apps/k8s-kubedns"]
path = roles/apps/k8s-kubedns
url = https://github.com/ansibl8s/k8s-kubedns.git
branch = v1.0
[submodule "roles/apps/k8s-common"]
path = roles/apps/k8s-common
url = https://github.com/ansibl8s/k8s-common.git
branch = v1.0
[submodule "roles/apps/k8s-redis"]
path = roles/apps/k8s-redis
url = https://github.com/ansibl8s/k8s-redis.git
branch = v1.0
[submodule "roles/apps/k8s-elasticsearch"]
path = roles/apps/k8s-elasticsearch
url = https://github.com/ansibl8s/k8s-elasticsearch.git
[submodule "roles/apps/k8s-fabric8"]
path = roles/apps/k8s-fabric8
url = https://github.com/ansibl8s/k8s-fabric8.git
branch = v1.0
[submodule "roles/apps/k8s-memcached"]
path = roles/apps/k8s-memcached
url = https://github.com/ansibl8s/k8s-memcached.git
branch = v1.0
[submodule "roles/apps/k8s-postgres"]
path = roles/apps/k8s-postgres
url = https://github.com/ansibl8s/k8s-postgres.git
branch = v1.0
[submodule "roles/apps/k8s-kubedash"]
path = roles/apps/k8s-kubedash
url = https://github.com/ansibl8s/k8s-kubedash.git
[submodule "roles/apps/k8s-heapster"]
path = roles/apps/k8s-heapster
url = https://github.com/ansibl8s/k8s-heapster.git
[submodule "roles/apps/k8s-influxdb"]
path = roles/apps/k8s-influxdb
url = https://github.com/ansibl8s/k8s-influxdb.git
[submodule "roles/apps/k8s-kube-logstash"]
path = roles/apps/k8s-kube-logstash
url = https://github.com/ansibl8s/k8s-kube-logstash.git
[submodule "roles/apps/k8s-etcd"]
path = roles/apps/k8s-etcd
url = https://github.com/ansibl8s/k8s-etcd.git
[submodule "roles/apps/k8s-rabbitmq"]
path = roles/apps/k8s-rabbitmq
url = https://github.com/ansibl8s/k8s-rabbitmq.git
[submodule "roles/apps/k8s-pgbouncer"]
path = roles/apps/k8s-pgbouncer
url = https://github.com/ansibl8s/k8s-pgbouncer.git
branch = v1.0

36
.travis.yml
View file

@ -15,27 +15,27 @@ env:
# Debian Jessie
- >-
KUBE_NETWORK_PLUGIN=flannel
CLOUD_IMAGE=debian-8
CLOUD_IMAGE=debian-8-kubespray
CLOUD_REGION=europe-west1-b
- >-
KUBE_NETWORK_PLUGIN=calico
CLOUD_IMAGE=debian-8
CLOUD_REGION=europe-west1-b
CLOUD_IMAGE=debian-8-kubespray
CLOUD_REGION=us-central1-c
- >-
KUBE_NETWORK_PLUGIN=weave
CLOUD_IMAGE=debian-8
CLOUD_REGION=europe-west1-b
CLOUD_IMAGE=debian-8-kubespray
CLOUD_REGION=us-east1-d
# Centos 7
- >-
KUBE_NETWORK_PLUGIN=flannel
CLOUD_IMAGE=centos-7-sudo
CLOUD_REGION=us-central1-c
CLOUD_REGION=asia-east1-c
- >-
KUBE_NETWORK_PLUGIN=calico
CLOUD_IMAGE=centos-7-sudo
CLOUD_REGION=us-central1-c
CLOUD_REGION=europe-west1-b
- >-
KUBE_NETWORK_PLUGIN=weave
@ -51,32 +51,32 @@ env:
- >-
KUBE_NETWORK_PLUGIN=calico
CLOUD_IMAGE=rhel-7-sudo
CLOUD_REGION=us-east1-d
CLOUD_REGION=asia-east1-c
- >-
KUBE_NETWORK_PLUGIN=weave
CLOUD_IMAGE=rhel-7-sudo
CLOUD_REGION=us-east1-d
CLOUD_REGION=europe-west1-b
# Ubuntu 14.04
- >-
KUBE_NETWORK_PLUGIN=flannel
CLOUD_IMAGE=ubuntu-1404-trusty
CLOUD_REGION=europe-west1-c
CLOUD_REGION=us-central1-c
- >-
KUBE_NETWORK_PLUGIN=calico
CLOUD_IMAGE=ubuntu-1404-trusty
CLOUD_REGION=europe-west1-c
CLOUD_REGION=us-east1-d
- >-
KUBE_NETWORK_PLUGIN=weave
CLOUD_IMAGE=ubuntu-1404-trusty
CLOUD_REGION=europe-west1-c
CLOUD_REGION=asia-east1-c
# Ubuntu 15.10
- >-
KUBE_NETWORK_PLUGIN=flannel
CLOUD_IMAGE=ubuntu-1510-wily
CLOUD_REGION=us-central1-a
CLOUD_REGION=europe-west1-b
- >-
KUBE_NETWORK_PLUGIN=calico
CLOUD_IMAGE=ubuntu-1510-wily
@ -84,15 +84,13 @@ env:
- >-
KUBE_NETWORK_PLUGIN=weave
CLOUD_IMAGE=ubuntu-1510-wily
CLOUD_REGION=us-central1-a
CLOUD_REGION=us-east1-d
matrix:
allow_failures:
# - env: KUBE_NETWORK_PLUGIN=flannel CLOUD_IMAGE=centos-7-sudo CLOUD_REGION=us-central1-c
# - env: KUBE_NETWORK_PLUGIN=flannel CLOUD_IMAGE=rhel-7-sudo CLOUD_REGION=us-east1-d
- env: KUBE_NETWORK_PLUGIN=weave CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=europe-west1-c
- env: KUBE_NETWORK_PLUGIN=calico CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=europe-west1-c
- env: KUBE_NETWORK_PLUGIN=weave CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=asia-east1-c
- env: KUBE_NETWORK_PLUGIN=calico CLOUD_IMAGE=ubuntu-1404-trusty CLOUD_REGION=us-east1-d
before_install:
# Install Ansible.
@ -130,7 +128,7 @@ script:
-e cloud_region=${CLOUD_REGION}
# Create cluster
- "$HOME/.local/bin/ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root -e '{\"cloud_provider\": true}' $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN} cluster.yml"
- "$HOME/.local/bin/ansible-playbook -i inventory/inventory.ini -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root -e cloud_provider=gce $LOG_LEVEL -e kube_network_plugin=${KUBE_NETWORK_PLUGIN} cluster.yml"
# Tests Cases
## Test Master API
- $HOME/.local/bin/ansible-playbook -i inventory/inventory.ini tests/testcases/010_check-apiserver.yml $LOG_LEVEL

201
LICENSE Normal file
View file

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2016 Kubespray
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

325
README.md
View file

@ -1,320 +1,15 @@
[![Build Status](https://travis-ci.org/kubespray/setup-kubernetes.svg)](https://travis-ci.org/kubespray/setup-kubernetes)
kubernetes-ansible
========
This project allows to
- Install and configure a **Multi-Master/HA kubernetes** cluster.
- Choose the **network plugin** to be used within the cluster
- A **set of roles** in order to install applications over the k8s cluster
- A **flexible method** which helps to create new roles for apps.
![Kubespray Logo](http://s9.postimg.org/md5dyjl67/kubespray_logoandkubespray_small.png)
Linux distributions tested:
* **Debian** Wheezy, Jessie
* **Ubuntu** 14.10, 15.04, 15.10
* **Fedora** 23
* **CentOS/RHEL** 7
##Deploy a production ready kubernetes cluster
### Requirements
* The target servers must have **access to the Internet** in order to pull docker imaqes.
* The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
in order to avoid any issue during deployment you should disable your firewall
* **Copy your ssh keys** to all the servers part of your inventory.
* **Ansible v2.x and python-netaddr**
* Base knowledge on Ansible. Please refer to [Ansible documentation](http://www.ansible.com/how-ansible-works)
- Can be deployed on **AWS, GCE, OpenStack or Baremetal**
- **High available** cluster
- **Composable** (Choice of the network plugin for instance)
- Support most popular **Linux distributions**
- **Continuous integration tests**
### Components
* [kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.1.7
* [etcd](https://github.com/coreos/etcd/releases) v2.2.4
* [calicoctl](https://github.com/projectcalico/calico-docker/releases) v0.16.0
* [flanneld](https://github.com/coreos/flannel/releases) v0.5.5
* [weave](http://weave.works/) v1.4.4
* [docker](https://www.docker.com/) v1.9
For an easy way to use it, check out [**kargo-cli**](https://github.com/kubespray/kargo-cli) </br>
A complete **documentation** can be found [THERE](https://docs.kubespray.io)
Quickstart
-------------------------
The following steps will quickly setup a kubernetes cluster with default configuration.
These defaults are good for tests purposes.
Edit the inventory according to the number of servers
```
[kube-master]
node1
node2
[etcd]
node1
node2
node3
[kube-node]
node2
node3
node4
node5
node6
[k8s-cluster:children]
kube-node
kube-master
```
Run the playbook
```
ansible-playbook -i inventory/inventory.cfg cluster.yml -u root
```
You can jump directly to "*Available apps, installation procedure*"
Ansible
-------------------------
### Variables
The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
### Inventory
Below is an example of an inventory.
```
## Configure 'ip' variable to bind kubernetes services on a
## different ip than the default iface
node1 ansible_ssh_host=95.54.0.12 # ip=10.3.0.1
node2 ansible_ssh_host=95.54.0.13 # ip=10.3.0.2
node3 ansible_ssh_host=95.54.0.14 # ip=10.3.0.3
node4 ansible_ssh_host=95.54.0.15 # ip=10.3.0.4
node5 ansible_ssh_host=95.54.0.16 # ip=10.3.0.5
node6 ansible_ssh_host=95.54.0.17 # ip=10.3.0.6
[kube-master]
node1
node2
[etcd]
node1
node2
node3
[kube-node]
node2
node3
node4
node5
node6
[k8s-cluster:children]
kube-node
kube-master
```
### Playbook
```
---
- hosts: k8s-cluster
roles:
- { role: adduser, tags: adduser }
- { role: download, tags: download }
- { role: kubernetes/preinstall, tags: preinstall }
- { role: etcd, tags: etcd }
- { role: docker, tags: docker }
- { role: kubernetes/node, tags: node }
- { role: network_plugin, tags: network }
- { role: dnsmasq, tags: dnsmasq }
- hosts: kube-master
roles:
- { role: kubernetes/master, tags: master }
```
### Run
It is possible to define variables for different environments.
For instance, in order to deploy the cluster on 'dev' environment run the following command.
```
ansible-playbook -i inventory/dev/inventory.cfg cluster.yml -u root
```
Kubernetes
-------------------------
### Multi master notes
* You can choose where to install the master components. If you want your master node to act both as master (api,scheduler,controller) and node (e.g. accept workloads, create pods ...),
the server address has to be present on both groups 'kube-master' and 'kube-node'.
* For safety reasons, you should have at least two master nodes and 3 etcd servers
* Kube-proxy doesn't support multiple apiservers on startup ([Issue 18174](https://github.com/kubernetes/kubernetes/issues/18174)). An external loadbalancer needs to be configured.
In order to do so, some variables have to be used '**loadbalancer_apiserver**' and '**apiserver_loadbalancer_domain_name**'
### Network Plugin
You can choose between 3 network plugins. Only one must be chosen.
* **flannel**: gre/vxlan (layer 2) networking. ([official docs](https://github.com/coreos/flannel))
* **calico**: bgp (layer 3) networking. ([official docs](http://docs.projectcalico.org/en/0.13/))
* **weave**: Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. ([official docs](http://weave.works/docs/))
The choice is defined with the variable **kube_network_plugin**
### Check cluster status
#### Kubernetes components
* Check the status of the processes
```
systemctl status kubelet
```
* Check the logs
```
journalctl -ae -u kubelet
```
* Check the NAT rules
```
iptables -nLv -t nat
```
For the master nodes you'll have to see the docker logs for the apiserver
```
docker logs [apiserver docker id]
```
### Available apps, installation procedure
There are two ways of installing new apps
#### Ansible galaxy
Additionnal apps can be installed with ```ansible-galaxy```.
you'll need to edit the file '*requirements.yml*' in order to chose needed apps.
The list of available apps are available [there](https://github.com/ansibl8s)
For instance it is **strongly recommanded** to install a dns server which resolves kubernetes service names.
In order to use this role you'll need the following entries in the file '*requirements.yml*'
Please refer to the [k8s-kubedns readme](https://github.com/ansibl8s/k8s-kubedns) for additionnal info.
```
- src: https://github.com/ansibl8s/k8s-common.git
path: roles/apps
# version: v1.0
- src: https://github.com/ansibl8s/k8s-kubedns.git
path: roles/apps
# version: v1.0
```
**Note**: the role common is required by all the apps and provides the tasks and libraries needed.
And empty the apps directory
```
rm -rf roles/apps/*
```
Then download the roles with ansible-galaxy
```
ansible-galaxy install -r requirements.yml
```
Finally update the playbook ```apps.yml``` with the chosen roles, and run it
```
...
- hosts: kube-master
roles:
- { role: apps/k8s-kubedns, tags: ['kubedns', 'apps'] }
...
```
```
ansible-playbook -i inventory/inventory.cfg apps.yml -u root
```
#### Git submodules
Alternatively the roles can be installed as git submodules.
That way is easier if you want to do some changes and commit them.
### Networking
#### Calico
Check if the calico-node container is running
```
docker ps | grep calico
```
The **calicoctl** command allows to check the status of the network workloads.
* Check the status of Calico nodes
```
calicoctl status
```
* Show the configured network subnet for containers
```
calicoctl pool show
```
* Show the workloads (ip addresses of containers and their located)
```
calicoctl endpoint show --detail
```
##### Optionnal : BGP Peering with border routers
In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
The following variables need to be set:
**peer_with_router** enable the peering with border router of the datacenter (default value: false).
you'll need to edit the inventory and add a and a hostvar **local_as** by node.
```
node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
```
#### Flannel
* Flannel configuration file should have been created there
```
cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.233.0.0/18
FLANNEL_SUBNET=10.233.16.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=false
```
* Check if the network interface has been created
```
ip a show dev flannel.1
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
link/ether e2:f3:a7:0f:bf:cb brd ff:ff:ff:ff:ff:ff
inet 10.233.16.0/18 scope global flannel.1
valid_lft forever preferred_lft forever
inet6 fe80::e0f3:a7ff:fe0f:bfcb/64 scope link
valid_lft forever preferred_lft forever
```
* Docker must be configured with a bridge ip in the flannel subnet.
```
ps aux | grep docker
root 20196 1.7 2.7 1260616 56840 ? Ssl 10:18 0:07 /usr/bin/docker daemon --bip=10.233.16.1/24 --mtu=1450
```
* Try to run a container and check its ip address
```
kubectl run test --image=busybox --command -- tail -f /dev/null
replicationcontroller "test" created
kubectl describe po test-34ozs | grep ^IP
IP: 10.233.16.2
```
```
kubectl exec test-34ozs -- ip a show dev eth0
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:42:0a:e9:2b:03 brd ff:ff:ff:ff:ff:ff
inet 10.233.16.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:aff:fee9:2b03/64 scope link tentative flags 08
valid_lft forever preferred_lft forever
```
Congrats ! now you can walk through [kubernetes basics](http://kubernetes.io/v1.1/basicstutorials.html)
[![Build Status](https://travis-ci.org/kubespray/kargo.svg)](https://travis-ci.org/kubespray/kargo)

29
apps.yml
View file

@ -1,29 +0,0 @@
---
- hosts: kube-master
roles:
# System
- { role: apps/k8s-kubedns, tags: ['kubedns', 'kube-system'] }
# Databases
- { role: apps/k8s-postgres, tags: 'postgres' }
- { role: apps/k8s-elasticsearch, tags: 'elasticsearch' }
- { role: apps/k8s-memcached, tags: 'memcached' }
- { role: apps/k8s-redis, tags: 'redis' }
# Msg Broker
- { role: apps/k8s-rabbitmq, tags: 'rabbitmq' }
# Monitoring
- { role: apps/k8s-influxdb, tags: ['influxdb', 'kube-system']}
- { role: apps/k8s-heapster, tags: ['heapster', 'kube-system']}
- { role: apps/k8s-kubedash, tags: ['kubedash', 'kube-system']}
# logging
- { role: apps/k8s-kube-logstash, tags: 'kube-logstash'}
# Console
- { role: apps/k8s-fabric8, tags: 'fabric8' }
- { role: apps/k8s-kube-ui, tags: ['kube-ui', 'kube-system']}
# ETCD
- { role: apps/k8s-etcd, tags: 'etcd'}

7
cluster.yml
View file

@ -5,11 +5,14 @@
- { role: download, tags: download }
- { role: kubernetes/preinstall, tags: preinstall }
- { role: etcd, tags: etcd }
- { role: docker, tags: docker }
- { role: docker, tags: docker, when: ansible_os_family != "CoreOS" }
- { role: kubernetes/node, tags: node }
- { role: network_plugin, tags: network }
- { role: dnsmasq, tags: dnsmasq }
- hosts: kube-master
roles:
- { role: kubernetes/master, tags: master }
- hosts: k8s-cluster
roles:
- { role: dnsmasq, tags: dnsmasq }

5
coreos-bootstrap.yml Normal file
View file

@ -0,0 +1,5 @@
---
- hosts: k8s-cluster
gather_facts: False
roles:
- coreos-bootstrap

18
inventory/group_vars/all.yml
View file

@ -1,10 +1,14 @@
# Directory where the binaries will be installed
# Directory where the binaries will be installed
bin_dir: /usr/local/bin
# Where the binaries will be downloaded.
# Note: ensure that you've enough disk space (about 1G)
local_release_dir: "/tmp/releases"
# Uncomment this line for CoreOS only.
# Directory where python binary is installed
# ansible_python_interpreter: "/opt/bin/python"
# This is the group that the cert creation scripts chgrp the
# cert files to. Not really changable...
kube_cert_group: kube-cert
@ -47,7 +51,7 @@ cluster_name: cluster.local
# access_ip: 1.1.1.1
# Choose network plugin (calico, weave or flannel)
kube_network_plugin: calico
kube_network_plugin: flannel
# Kubernetes internal network for services, unused block of space.
kube_service_addresses: 10.233.0.0/18
@ -93,9 +97,17 @@ upstream_dns_servers:
dns_setup: true
dns_domain: "{{ cluster_name }}"
#
# # Ip address of the kubernetes dns service
# # Ip address of the kubernetes skydns service
skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
# There are some changes specific to the cloud providers
# for instance we need to encapsulate packets with some network plugins
# If set the possible values are either 'gce', 'aws' or 'openstack'
# When openstack is used make sure to source in the openstack credentials
# like you would do when using nova-client before starting the playbook.
# cloud_provider:
# For multi masters architecture:
# kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
# This domain name will be inserted into the /etc/hosts file of all servers

77
requirements.yml
View file

@ -1,39 +1,48 @@
---
- src: https://github.com/ansibl8s/k8s-common.git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-dashboard.git
path: roles/apps
scm: git
- src: https://github.com/ansibl8s/k8s-kubedns.git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-common.git
path: roles/apps
scm: git
#- src: https://github.com/ansibl8s/k8s-kube-ui.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-fabric8.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-elasticsearch.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-redis.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-memcached.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-postgres.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-pgbouncer.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-heapster.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-influxdb.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-kubedash.git
# path: roles/apps
#
#- src: https://github.com/ansibl8s/k8s-kube-logstash.git
# path: roles/apps
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kubedns.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-elasticsearch.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-redis.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-memcached.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-postgres.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-pgbouncer.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-heapster.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-influxdb.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kubedash.git
path: roles/apps
scm: git
- src: https://gitlab.com/kubespray-ansibl8s/k8s-kube-logstash.git
path: roles/apps
scm: git

19
roles/adduser/tasks/main.yml
View file

@ -1,6 +1,21 @@
---
- name: gather os specific variables
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
paths:
- ../vars
skip: true
- name: User | Create User Group
group: name={{item.group|default(item.name)}} system={{item.system|default(omit)}}
with_items: addusers
with_items: "{{ addusers }}"
- name: User | Create User
user:
@ -10,4 +25,4 @@
home: "{{item.home|default(omit)}}"
name: "{{item.name}}"
system: "{{item.system|default(omit)}}"
with_items: addusers
with_items: "{{ addusers }}"

8
roles/adduser/vars/coreos.yml Normal file
View file

@ -0,0 +1,8 @@
---
addusers:
- name: kube
comment: "Kubernetes user"
shell: /sbin/nologin
system: yes
group: "{{ kube_cert_group }}"
createhome: no

2
roles/adduser/defaults/main.yml → roles/adduser/vars/debian.yml
View file

@ -12,4 +12,4 @@ addusers:
shell: /sbin/nologin
system: yes
group: "{{ kube_cert_group }}"
createhome: no
createhome: no

15
roles/adduser/vars/redhat.yml Normal file
View file

@ -0,0 +1,15 @@
---
addusers:
- name: etcd
comment: "Etcd user"
createhome: yes
home: "/var/lib/etcd"
system: yes
shell: /bin/nologin
- name: kube
comment: "Kubernetes user"
shell: /sbin/nologin
system: yes
group: "{{ kube_cert_group }}"
createhome: no

1
roles/apps/k8s-common

@ -1 +0,0 @@
Subproject commit 8abd4ec3bcdc5f36d96c312f3a424724520a12b8

1
roles/apps/k8s-elasticsearch

@ -1 +0,0 @@
Subproject commit f089f60fb1102378b6def3972b50644deff96484

1
roles/apps/k8s-etcd

@ -1 +0,0 @@
Subproject commit abd61ee91ae729e7b79ecd56d6bb4eed0ddbe604

1
roles/apps/k8s-fabric8

@ -1 +0,0 @@
Subproject commit 702923e2000d07bb95044c747c499bb04c3d16bf

1
roles/apps/k8s-heapster

@ -1 +0,0 @@
Subproject commit 5442209acd072d170f9d24e2bbd00b95af737d7d

1
roles/apps/k8s-influxdb

@ -1 +0,0 @@
Subproject commit b892974d5b8bc624ac742e8a6fb7737db8a96a32

1
roles/apps/k8s-kube-logstash

@ -1 +0,0 @@
Subproject commit 71c7bf98210e8907554a26e25cc9c2a3ece8cffd

1
roles/apps/k8s-kube-ui

@ -1 +0,0 @@
Subproject commit 0b5be08de2b3f373146a36aef88be3d4e5565dc2

1
roles/apps/k8s-kubedash

@ -1 +0,0 @@
Subproject commit 21544cc2a908b1578409c5eaca7ee2771b3b9811

1
roles/apps/k8s-kubedns

@ -1 +0,0 @@
Subproject commit 82b75f84129189fcfb08adfeb6ed6114c68dde3e

1
roles/apps/k8s-memcached

@ -1 +0,0 @@
Subproject commit 60a66ca0ae4dc9a7e29b9b9619134adada53e1a4

1
roles/apps/k8s-pgbouncer

@ -1 +0,0 @@
Subproject commit 79961d1df223dd1563e41a1df109c4cffa8801ed

1
roles/apps/k8s-postgres

@ -1 +0,0 @@
Subproject commit a03a14c46f19732fa7a3ee37a37d9f0375a6e2d2

1
roles/apps/k8s-rabbitmq

@ -1 +0,0 @@
Subproject commit 2b538e243a3230c97591a28ac438619ebd555e4c

1
roles/apps/k8s-redis

@ -1 +0,0 @@
Subproject commit a4e134fef3c5ed5db83201f38347638e4bc0200c

4
roles/coreos-bootstrap/defaults/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
pypy_version: 2.4.0
pip_python_modules:
- httplib2

2
roles/kubernetes/preinstall/files/bootstrap.sh → roles/coreos-bootstrap/files/bootstrap.sh
View file

@ -1,7 +1,7 @@
#/bin/bash
set -e
BINDIR="/usr/local/bin"
BINDIR="/opt/bin"
cd $BINDIR

19017
roles/coreos-bootstrap/files/get-pip.py Normal file
View file

File diff suppressed because it is too large Load diff

2
roles/kubernetes/preinstall/files/runner → roles/coreos-bootstrap/files/runner
View file

@ -1,3 +1,3 @@
#!/bin/bash
BINDIR="/usr/local/bin"
BINDIR="/opt/bin"
LD_LIBRARY_PATH=$BINDIR/pypy/lib:$LD_LIBRARY_PATH $BINDIR/pypy/bin/$(basename $0) $@

21
roles/kubernetes/preinstall/tasks/python-bootstrap.yml → roles/coreos-bootstrap/tasks/main.yml
View file

@ -1,41 +1,40 @@
---
- name: Python | Check if bootstrap is needed
raw: stat {{ bin_dir}}/.bootstrapped
- name: Bootstrap | Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
ignore_errors: True
- name: Python | Run bootstrap.sh
- name: Bootstrap | Run bootstrap.sh
script: bootstrap.sh
when: need_bootstrap | failed
- set_fact:
ansible_python_interpreter: "{{ bin_dir }}/python"
ansible_python_interpreter: "/opt/bin/python"
- name: Python | Check if we need to install pip
- name: Bootstrap | Check if we need to install pip
shell: "{{ansible_python_interpreter}} -m pip --version"
register: need_pip
ignore_errors: True
changed_when: false
when: need_bootstrap | failed
- name: Python | Copy get-pip.py
- name: Bootstrap | Copy get-pip.py
copy: src=get-pip.py dest=~/get-pip.py
when: need_pip | failed
- name: Python | Install pip
- name: Bootstrap | Install pip
shell: "{{ansible_python_interpreter}} ~/get-pip.py"
when: need_pip | failed
- name: Python | Remove get-pip.py
- name: Bootstrap | Remove get-pip.py
file: path=~/get-pip.py state=absent
when: need_pip | failed
- name: Python | Install pip launcher
copy: src=runner dest={{ bin_dir }}/pip mode=0755
- name: Bootstrap | Install pip launcher
copy: src=runner dest=/opt/bin/pip mode=0755
when: need_pip | failed
- name: Install required python modules
pip:
name: "{{ item }}"
with_items: pip_python_modules

2
roles/coreos-bootstrap/templates/python_shim.j2 Normal file
View file

@ -0,0 +1,2 @@
#!/bin/bash
LD_LIBRARY_PATH={{ pypy_install_path }}/lib:$LD_LIBRARY_PATH exec {{ pypy_install_path }}/bin/{{ item.src }} "$@"

318
roles/dnsmasq/library/kube.py Normal file
View file

@ -0,0 +1,318 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
DOCUMENTATION = """
---
module: kube
short_description: Manage Kubernetes Cluster
description:
- Create, replace, remove, and stop resources within a Kubernetes Cluster
version_added: "2.0"
options:
name:
required: false
default: null
description:
- The name associated with resource
filename:
required: false
default: null
description:
- The path and filename of the resource(s) definition file.
kubectl:
required: false
default: null
description:
- The path to the kubectl bin
namespace:
required: false
default: null
description:
- The namespace associated with the resource(s)
resource:
required: false
default: null
description:
- The resource to perform an action on. pods (po), replicationControllers (rc), services (svc)
label:
required: false
default: null
description:
- The labels used to filter specific resources.
server:
required: false
default: null
description:
- The url for the API server that commands are executed against.
api_version:
required: false
choices: ['v1', 'v1beta3']
default: v1
description:
- The API version associated with cluster.
force:
required: false
default: false
description:
- A flag to indicate to force delete, replace, or stop.
all:
required: false
default: false
description:
- A flag to indicate delete all, stop all, or all namespaces when checking exists.
log_level:
required: false
default: 0
description:
- Indicates the level of verbosity of logging by kubectl.
state:
required: false
choices: ['present', 'absent', 'latest', 'reloaded', 'stopped']
default: present
description:
- present handles checking existence or creating if definition file provided,
absent handles deleting resource(s) based on other options,
latest handles creating ore updating based on existence,
reloaded handles updating resource(s) definition using definition file,
stopped handles stopping resource(s) based on other options.
requirements:
- kubectl
author: "Kenny Jones (@kenjones-cisco)"
"""
EXAMPLES = """
- name: test nginx is present
kube: name=nginx resource=rc state=present
- name: test nginx is stopped
kube: name=nginx resource=rc state=stopped
- name: test nginx is absent
kube: name=nginx resource=rc state=absent
- name: test nginx is present
kube: filename=/tmp/nginx.yml
"""
class KubeManager(object):
def __init__(self, module):
self.module = module
self.kubectl = module.params.get('kubectl')
if self.kubectl is None:
self.kubectl = module.get_bin_path('kubectl', True)
self.base_cmd = [self.kubectl]
self.api_version = module.params.get('api_version')
if self.api_version:
self.base_cmd.append('--api-version=' + self.api_version)
if module.params.get('server'):
self.base_cmd.append('--server=' + module.params.get('server'))
if module.params.get('log_level'):
self.base_cmd.append('--v=' + str(module.params.get('log_level')))
if module.params.get('namespace'):
self.base_cmd.append('--namespace=' + module.params.get('namespace'))
self.all = module.params.get('all')
self.force = module.params.get('force')
self.name = module.params.get('name')
self.filename = module.params.get('filename')
self.resource = module.params.get('resource')
self.label = module.params.get('label')
def _execute(self, cmd):
args = self.base_cmd + cmd
try:
rc, out, err = self.module.run_command(args)
if rc != 0:
self.module.fail_json(
msg='error running kubectl (%s) command (rc=%d): %s' % (' '.join(args), rc, out or err))
except Exception as exc:
self.module.fail_json(
msg='error running kubectl (%s) command: %s' % (' '.join(args), str(exc)))
return out.splitlines()
def _execute_nofail(self, cmd):
args = self.base_cmd + cmd
rc, out, err = self.module.run_command(args)
if rc != 0:
return None
return out.splitlines()
def create(self, check=True):
if check and self.exists():
return []
cmd = ['create']
if not self.filename:
self.module.fail_json(msg='filename required to create')
cmd.append('--filename=' + self.filename)
return self._execute(cmd)
def replace(self):
if not self.force and not self.exists():
return []
cmd = ['replace']
if self.api_version != 'v1':
cmd = ['update']
if self.force:
cmd.append('--force')
if not self.filename:
self.module.fail_json(msg='filename required to reload')
cmd.append('--filename=' + self.filename)
return self._execute(cmd)
def delete(self):
if not self.force and not self.exists():
return []
cmd = ['delete']
if self.filename:
cmd.append('--filename=' + self.filename)
else:
if not self.resource:
self.module.fail_json(msg='resource required to delete without filename')
cmd.append(self.resource)
if self.name:
cmd.append(self.name)
if self.label:
cmd.append('--selector=' + self.label)
if self.all:
cmd.append('--all')
if self.force:
cmd.append('--ignore-not-found')
return self._execute(cmd)
def exists(self):
cmd = ['get']
if not self.resource:
return False
cmd.append(self.resource)
if self.name:
cmd.append(self.name)
cmd.append('--no-headers')
if self.label:
cmd.append('--selector=' + self.label)
if self.all:
cmd.append('--all-namespaces')
result = self._execute_nofail(cmd)
if not result:
return False
return True
def stop(self):
if not self.force and not self.exists():
return []
cmd = ['stop']
if self.filename:
cmd.append('--filename=' + self.filename)
else:
if not self.resource:
self.module.fail_json(msg='resource required to stop without filename')
cmd.append(self.resource)
if self.name:
cmd.append(self.name)
if self.label:
cmd.append('--selector=' + self.label)
if self.all:
cmd.append('--all')
if self.force:
cmd.append('--ignore-not-found')
return self._execute(cmd)
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(),
filename=dict(),
namespace=dict(),
resource=dict(),
label=dict(),
server=dict(),
kubectl=dict(),
api_version=dict(default='v1', choices=['v1', 'v1beta3']),
force=dict(default=False, type='bool'),
all=dict(default=False, type='bool'),
log_level=dict(default=0, type='int'),
state=dict(default='present', choices=['present', 'absent', 'latest', 'reloaded', 'stopped']),
)
)
changed = False
manager = KubeManager(module)
state = module.params.get('state')
if state == 'present':
result = manager.create()
elif state == 'absent':
result = manager.delete()
elif state == 'reloaded':
result = manager.replace()
elif state == 'stopped':
result = manager.stop()
elif state == 'latest':
if manager.exists():
manager.force = True
result = manager.replace()
else:
result = manager.create(check=False)
else:
module.fail_json(msg='Unrecognized state %s.' % state)
if result:
changed = True
module.exit_json(changed=changed,
msg='success: %s' % (' '.join(result))
)
from ansible.module_utils.basic import * # noqa
if __name__ == '__main__':
main()

25
roles/dnsmasq/tasks/main.yml
View file

@ -31,13 +31,32 @@
dest: /etc/dnsmasq.d/01-kube-dns.conf
state: link
- name: Create dnsmasq pod manifest
template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
- name: Create dnsmasq manifests
template: src={{item.file}} dest=/etc/kubernetes/{{item.file}}
with_items:
- {file: dnsmasq-ds.yml, type: ds}
- {file: dnsmasq-svc.yml, type: svc}
register: manifests
when: inventory_hostname == groups['kube-master'][0]
- name: Start Resources
kube:
name: dnsmasq
namespace: kube-system
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: /etc/kubernetes/{{item.item.file}}
state: "{{item.changed | ternary('latest','present') }}"
with_items: "{{ manifests.results }}"
when: inventory_hostname == groups['kube-master'][0]
- name: Check for dnsmasq port (pulling image and running container)
wait_for:
host: "{{dns_server}}"
port: 53
delay: 5
when: inventory_hostname == groups['kube-master'][0]
- name: check resolvconf
stat: path=/etc/resolvconf/resolv.conf.d/head
@ -59,7 +78,7 @@
- name: Add local dnsmasq to resolv.conf
lineinfile:
line: "nameserver 127.0.0.1"
line: "nameserver {{dns_server}}"
dest: "{{resolvconffile}}"
state: present
insertafter: "^search.*$"

4
roles/dnsmasq/templates/01-kube-dns.conf.j2
View file

@ -1,6 +1,6 @@
#Listen on localhost
bind-interfaces
listen-address=127.0.0.1
listen-address=0.0.0.0
addn-hosts=/etc/hosts
@ -17,4 +17,4 @@ server={{ srv }}
{% endif %}
# Forward k8s domain to kube-dns
server=/{{ dns_domain }}/{{ dns_server }}
server=/{{ dns_domain }}/{{ skydns_server }}

52
roles/dnsmasq/templates/dnsmasq-ds.yml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: dnsmasq
namespace: kube-system
labels:
k8s-app: dnsmasq
spec:
template:
metadata:
labels:
k8s-app: dnsmasq
spec:
containers:
- name: dnsmasq
image: andyshinn/dnsmasq:2.72
command:
- dnsmasq
args:
- -k
- "-7"
- /etc/dnsmasq.d
securityContext:
capabilities:
add:
- NET_ADMIN
imagePullPolicy: Always
resources:
limits:
cpu: 100m
memory: 256M
ports:
- name: dns
containerPort: 53
protocol: UDP
- name: dns-tcp
containerPort: 53
protocol: TCP
volumeMounts:
- name: etcdnsmasqd
mountPath: /etc/dnsmasq.d
- name: etcdnsmasqdavailable
mountPath: /etc/dnsmasq.d-available
volumes:
- name: etcdnsmasqd
hostPath:
path: /etc/dnsmasq.d
- name: etcdnsmasqdavailable
hostPath:
path: /etc/dnsmasq.d-available

49
roles/dnsmasq/templates/dnsmasq-pod.yml
View file

@ -1,49 +0,0 @@
---
apiVersion: v1
kind: Pod
metadata:
name: dnsmasq
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: dnsmasq
image: andyshinn/dnsmasq:2.72
command:
- dnsmasq
args:
- -k
- "-7"
- /etc/dnsmasq.d
- --local-service
securityContext:
capabilities:
add:
- NET_ADMIN
imagePullPolicy: Always
resources:
limits:
cpu: 100m
memory: 256M
ports:
- name: dns
containerPort: 53
hostPort: 53
protocol: UDP
- name: dns-tcp
containerPort: 53
hostPort: 53
protocol: TCP
volumeMounts:
- name: etcdnsmasqd
mountPath: /etc/dnsmasq.d
- name: etcdnsmasqdavailable
mountPath: /etc/dnsmasq.d-available
volumes:
- name: etcdnsmasqd
hostPath:
path: /etc/dnsmasq.d
- name: etcdnsmasqdavailable
hostPath:
path: /etc/dnsmasq.d-available

23
roles/dnsmasq/templates/dnsmasq-svc.yml Normal file
View file

@ -0,0 +1,23 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
kubernetes.io/cluster-service: 'true'
k8s-app: dnsmasq
name: dnsmasq
namespace: kube-system
spec:
ports:
- port: 53
name: dns-tcp
targetPort: 53
protocol: TCP
- port: 53
name: dns
targetPort: 53
protocol: UDP
type: ClusterIP
clusterIP: {{dns_server}}
selector:
k8s-app: dnsmasq

11
roles/docker/defaults/main.yml
View file

@ -1 +1,10 @@
docker_version: 1.9
docker_version: 1.10
docker_package_info:
pkgs:
docker_repo_key_info:
repo_keys:
docker_repo_info:
repos:

7
roles/docker/tasks/main.yml
View file

@ -11,6 +11,7 @@
- defaults.yml
paths:
- ../vars
skip: true
- name: check for minimum kernel version
fail:
@ -27,14 +28,14 @@
id: "{{item}}"
keyserver: "{{docker_repo_key_info.keyserver}}"
state: present
with_items: docker_repo_key_info.repo_keys
with_items: "{{ docker_repo_key_info.repo_keys }}"
- name: ensure docker repository is enabled
action: "{{ docker_repo_info.pkg_repo }}"
args:
repo: "{{item}}"
state: present
with_items: docker_repo_info.repos
with_items: "{{ docker_repo_info.repos }}"
when: docker_repo_info.repos|length > 0
- name: ensure docker packages are installed
@ -42,7 +43,7 @@
args:
pkg: "{{item}}"
state: present
with_items: docker_package_info.pkgs
with_items: "{{ docker_package_info.pkgs }}"
when: docker_package_info.pkgs|length > 0
- name: Centos needs xfs storage type for devicemapper if used

2
roles/docker/vars/debian.yml
View file

@ -4,7 +4,7 @@ docker_kernel_min_version: '3.2'
docker_versioned_pkg:
latest: docker-engine
1.9: docker-engine=1.9.1-0~{{ ansible_distribution_release|lower }}
1.10: docker-engine=1.10.1-0~{{ ansible_distribution_release|lower }}
1.10: docker-engine=1.10.3-0~{{ ansible_distribution_release|lower }}
docker_package_info:
pkg_mgr: apt

2
roles/docker/vars/ubuntu.yml
View file

@ -5,7 +5,7 @@ docker_kernel_min_version: '3.2'
docker_versioned_pkg:
latest: docker-engine
1.9: docker-engine=1.9.0-0~{{ ansible_distribution_release|lower }}
1.10: docker-engine=1.10.1-0~{{ ansible_distribution_release|lower }}
1.10: docker-engine=1.10.3-0~{{ ansible_distribution_release|lower }}
docker_package_info:
pkg_mgr: apt

49
roles/download/defaults/main.yml
View file

@ -2,84 +2,103 @@
local_release_dir: /tmp
# Versions
kube_version: v1.1.7
kube_version: v1.2.1
etcd_version: v2.2.5
calico_version: v0.16.1
calico_version: v0.17.0
calico_cni_version: v1.0.0
weave_version: v1.4.4
# Download URL's
kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
kubelet_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-kubelet"
apiserver_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-apiserver"
kubectl_download_url: "https://storage.googleapis.com/kubespray/{{kube_version}}_kubernetes-kubectl"
etcd_download_url: "https://storage.googleapis.com/kubespray/{{etcd_version}}_etcd"
calico_download_url: "https://storage.googleapis.com/kubespray/{{calico_version}}_calico"
calico_cni_download_url: "https://storage.googleapis.com/kubespray/{{calico_cni_version}}_calico-cni-plugin"
calico_cni_ipam_download_url: "https://storage.googleapis.com/kubespray/{{calico_cni_version}}_calico-cni-plugin-ipam"
weave_download_url: "https://storage.googleapis.com/kubespray/{{weave_version}}_weave"
# Checksums
calico_checksum: "47f89a33325db822b590d3b2c49c3030e777a50de29e1b5289d48705ab788cc4"
calico_checksum: "1fa22c0ee0cc661f56aa09169a3661fb46e552b53fae5fae9aac010e0666b281"
calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd"
calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2"
weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957"
etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
kubectl_checksum: "7239fda83f0218384ccf3374a47c0d1e243975e50fdf5d544635a397c7ad10dc"
kubelet_checksum: "05faa3cf5f5448efafa553a3ef778c645c59d585d4013b52fe7ca8bd4cfc704e"
kube_apiserver_checksum: "bb73a3526e51a8f4124b42f6104103deba83f87bd985000c00d382b3a0af059a"
kubectl_checksum: "a41b9543ddef1f64078716075311c44c6e1d02c67301c0937a658cef37923bbb"
kubelet_checksum: "7e253e07da77b031d5687102c485697f95f9e1e6410c1da1f4d3f064cdc70f07"
kube_apiserver_checksum: "8e00cd59330857b119e40cd6156c0f476a8e62bbc9e9addd524b39e0c390a6cd"
downloads:
- name: calico
dest: calico/bin/calicoctl
version: "{{calico_version}}"
sha256: "{{ calico_checksum }}"
source_url: "{{ calico_download_url }}"
url: "{{ calico_download_url }}"
owner: "root"
mode: "0755"
- name: calico-cni-plugin
dest: calico/bin/calico
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_checksum }}"
source_url: "{{ calico_cni_download_url }}"
url: "{{ calico_cni_download_url }}"
owner: "root"
mode: "0755"
- name: calico-cni-plugin-ipam
dest: calico/bin/calico-ipam
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_ipam_checksum }}"
source_url: "{{ calico_cni_ipam_download_url }}"
url: "{{ calico_cni_ipam_download_url }}"
owner: "root"
mode: "0755"
- name: weave
dest: weave/bin/weave
version: "{{weave_version}}"
source_url: "{{weave_download_url}}"
url: "{{weave_download_url}}"
sha256: "{{ weave_checksum }}"
owner: "root"
mode: "0755"
- name: etcd
version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
sha256: "{{ etcd_checksum }}"
source_url: "{{ etcd_download_url }}"
url: "{{ etcd_download_url }}"
unarchive: true
owner: "etcd"
mode: "0755"
- name: kubernetes-kubelet
version: "{{kube_version}}"
dest: kubernetes/bin/kubelet
sha256: "{{kubelet_checksum}}"
url: "{{ kube_download_url }}/kubelet"
source_url: "{{ kubelet_download_url }}"
url: "{{ kubelet_download_url }}"
owner: "kube"
mode: "0755"
- name: kubernetes-kubectl
dest: kubernetes/bin/kubectl
version: "{{kube_version}}"
sha256: "{{kubectl_checksum}}"
url: "{{ kube_download_url }}/kubectl"
source_url: "{{ kubectl_download_url }}"
url: "{{ kubectl_download_url }}"
owner: "kube"
mode: "0755"
- name: kubernetes-apiserver
dest: kubernetes/bin/kube-apiserver
version: "{{kube_version}}"
sha256: "{{kube_apiserver_checksum}}"
url: "{{ kube_download_url }}/kube-apiserver"
source_url: "{{ apiserver_download_url }}"
url: "{{ apiserver_download_url }}"
owner: "kube"
mode: "0755"

8
roles/download/tasks/main.yml
View file

@ -1,7 +1,7 @@
---
- name: Create dest directories
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
with_items: downloads
with_items: "{{ downloads }}"
- name: Download items
get_url:
@ -10,7 +10,7 @@
sha256sum: "{{item.sha256 | default(omit)}}"
owner: "{{ item.owner|default(omit) }}"
mode: "{{ item.mode|default(omit) }}"
with_items: downloads
with_items: "{{ downloads }}"
- name: Extract archives
unarchive:
@ -20,7 +20,7 @@
mode: "{{ item.mode|default(omit) }}"
copy: no
when: "{{item.unarchive is defined and item.unarchive == True}}"
with_items: downloads
with_items: "{{ downloads }}"
- name: Fix permissions
file:
@ -29,4 +29,4 @@
owner: "{{ item.owner|default(omit) }}"
mode: "{{ item.mode|default(omit) }}"
when: "{{item.unarchive is not defined or item.unarchive == False}}"
with_items: downloads
with_items: "{{ downloads }}"

2
roles/etcd/tasks/configure.yml
View file

@ -2,7 +2,7 @@
- name: Configure | Copy etcd.service systemd file
template:
src: etcd.service.j2
dest: /lib/systemd/system/etcd.service
dest: /etc/systemd/system/etcd.service
backup: yes
when: ansible_service_mgr == "systemd"
notify: restart etcd

583
roles/kubernetes/master/files/kubectl_bash_completion.sh
View file

@ -272,19 +272,27 @@ _kubectl_get()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--label-columns=")
two_word_flags+=("-L")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--recursive")
flags+=("-R")
flags+=("--selector=")
two_word_flags+=("-l")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--watch")
flags+=("-w")
flags+=("--watch-only")
@ -316,6 +324,7 @@ _kubectl_get()
must_have_one_flag=()
must_have_one_noun=()
must_have_one_noun+=("componentstatus")
must_have_one_noun+=("configmap")
must_have_one_noun+=("daemonset")
must_have_one_noun+=("deployment")
must_have_one_noun+=("endpoints")
@ -329,13 +338,16 @@ _kubectl_get()
must_have_one_noun+=("persistentvolume")
must_have_one_noun+=("persistentvolumeclaim")
must_have_one_noun+=("pod")
must_have_one_noun+=("podsecuritypolicy")
must_have_one_noun+=("podtemplate")
must_have_one_noun+=("replicaset")
must_have_one_noun+=("replicationcontroller")
must_have_one_noun+=("resourcequota")
must_have_one_noun+=("secret")
must_have_one_noun+=("service")
must_have_one_noun+=("serviceaccount")
must_have_one_noun+=("thirdpartyresource")
must_have_one_noun+=("thirdpartyresourcedata")
}
_kubectl_describe()
@ -354,6 +366,9 @@ _kubectl_describe()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--recursive")
flags+=("-R")
flags+=("--selector=")
two_word_flags+=("-l")
flags+=("--alsologtostderr")
@ -383,18 +398,22 @@ _kubectl_describe()
must_have_one_flag=()
must_have_one_noun=()
must_have_one_noun+=("configmap")
must_have_one_noun+=("daemonset")
must_have_one_noun+=("deployment")
must_have_one_noun+=("endpoints")
must_have_one_noun+=("horizontalpodautoscaler")
must_have_one_noun+=("horizontalpodautoscaler")
must_have_one_noun+=("ingress")
must_have_one_noun+=("job")
must_have_one_noun+=("job")
must_have_one_noun+=("limitrange")
must_have_one_noun+=("namespace")
must_have_one_noun+=("node")
must_have_one_noun+=("persistentvolume")
must_have_one_noun+=("persistentvolumeclaim")
must_have_one_noun+=("pod")
must_have_one_noun+=("replicaset")
must_have_one_noun+=("replicationcontroller")
must_have_one_noun+=("resourcequota")
must_have_one_noun+=("secret")
@ -414,11 +433,24 @@ _kubectl_create_namespace()
flags+=("--dry-run")
flags+=("--generator=")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -465,11 +497,25 @@ _kubectl_create_secret_docker-registry()
flags+=("--docker-username=")
flags+=("--dry-run")
flags+=("--generator=")
flags+=("--include-extended-apis")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -517,11 +563,24 @@ _kubectl_create_secret_generic()
flags+=("--from-file=")
flags+=("--from-literal=")
flags+=("--generator=")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--type=")
flags+=("--validate")
flags+=("--alsologtostderr")
@ -594,12 +653,137 @@ _kubectl_create_secret()
must_have_one_noun=()
}
_kubectl_create_configmap()
{
last_command="kubectl_create_configmap"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--dry-run")
flags+=("--from-file=")
flags+=("--from-literal=")
flags+=("--generator=")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_create_serviceaccount()
{
last_command="kubectl_create_serviceaccount"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--dry-run")
flags+=("--generator=")
flags+=("--include-extended-apis")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_create()
{
last_command="kubectl_create"
commands=()
commands+=("namespace")
commands+=("secret")
commands+=("configmap")
commands+=("serviceaccount")
flags=()
two_word_flags=()
@ -612,10 +796,16 @@ _kubectl_create()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -667,10 +857,16 @@ _kubectl_replace()
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--force")
flags+=("--grace-period=")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--save-config")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--timeout=")
flags+=("--validate")
flags+=("--alsologtostderr")
@ -720,10 +916,15 @@ _kubectl_patch()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--patch=")
two_word_flags+=("-p")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--type=")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -775,8 +976,11 @@ _kubectl_delete()
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--grace-period=")
flags+=("--ignore-not-found")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--recursive")
flags+=("-R")
flags+=("--selector=")
two_word_flags+=("-l")
flags+=("--timeout=")
@ -808,6 +1012,7 @@ _kubectl_delete()
must_have_one_flag=()
must_have_one_noun=()
must_have_one_noun+=("componentstatus")
must_have_one_noun+=("configmap")
must_have_one_noun+=("daemonset")
must_have_one_noun+=("deployment")
must_have_one_noun+=("endpoints")
@ -821,13 +1026,16 @@ _kubectl_delete()
must_have_one_noun+=("persistentvolume")
must_have_one_noun+=("persistentvolumeclaim")
must_have_one_noun+=("pod")
must_have_one_noun+=("podsecuritypolicy")
must_have_one_noun+=("podtemplate")
must_have_one_noun+=("replicaset")
must_have_one_noun+=("replicationcontroller")
must_have_one_noun+=("resourcequota")
must_have_one_noun+=("secret")
must_have_one_noun+=("service")
must_have_one_noun+=("serviceaccount")
must_have_one_noun+=("thirdpartyresource")
must_have_one_noun+=("thirdpartyresourcedata")
}
_kubectl_edit()
@ -846,9 +1054,13 @@ _kubectl_edit()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--save-config")
flags+=("--windows-line-endings")
flags+=("--alsologtostderr")
@ -896,9 +1108,15 @@ _kubectl_apply()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -984,6 +1202,7 @@ _kubectl_logs()
two_word_flags+=("-c")
flags+=("--follow")
flags+=("-f")
flags+=("--include-extended-apis")
flags+=("--interactive")
flags+=("--limit-bytes=")
flags+=("--previous")
@ -1041,6 +1260,7 @@ _kubectl_rolling-update()
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--image=")
flags+=("--include-extended-apis")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
@ -1048,11 +1268,18 @@ _kubectl_rolling-update()
flags+=("--poll-interval=")
flags+=("--rollback")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--timeout=")
flags+=("--update-period=")
flags+=("--validate")
@ -1105,8 +1332,12 @@ _kubectl_scale()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--replicas=")
flags+=("--resource-version=")
flags+=("--timeout=")
@ -1191,6 +1422,7 @@ _kubectl_drain()
flags+=("--force")
flags+=("--grace-period=")
flags+=("--ignore-daemonsets")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -1464,6 +1696,7 @@ _kubectl_run()
flags+=("--generator=")
flags+=("--hostport=")
flags+=("--image=")
flags+=("--include-extended-apis")
flags+=("--labels=")
two_word_flags+=("-l")
flags+=("--leave-stdin-open")
@ -1474,6 +1707,7 @@ _kubectl_run()
flags+=("--output-version=")
flags+=("--overrides=")
flags+=("--port=")
flags+=("--record")
flags+=("--replicas=")
two_word_flags+=("-r")
flags+=("--requests=")
@ -1484,11 +1718,16 @@ _kubectl_run()
flags+=("--service-overrides=")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--stdin")
flags+=("-i")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--tty")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -1552,15 +1791,23 @@ _kubectl_expose()
flags+=("--overrides=")
flags+=("--port=")
flags+=("--protocol=")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--save-config")
flags+=("--selector=")
flags+=("--session-affinity=")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--target-port=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--type=")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -1610,6 +1857,7 @@ _kubectl_autoscale()
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--generator=")
flags+=("--include-extended-apis")
flags+=("--max=")
flags+=("--min=")
flags+=("--name=")
@ -1617,12 +1865,20 @@ _kubectl_autoscale()
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--save-config")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -1653,6 +1909,239 @@ _kubectl_autoscale()
must_have_one_noun=()
}
_kubectl_rollout_history()
{
last_command="kubectl_rollout_history"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--filename=")
flags_with_completion+=("--filename")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--recursive")
flags+=("-R")
flags+=("--revision=")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_rollout_pause()
{
last_command="kubectl_rollout_pause"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--filename=")
flags_with_completion+=("--filename")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--recursive")
flags+=("-R")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_rollout_resume()
{
last_command="kubectl_rollout_resume"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--filename=")
flags_with_completion+=("--filename")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--recursive")
flags+=("-R")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_rollout_undo()
{
last_command="kubectl_rollout_undo"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--filename=")
flags_with_completion+=("--filename")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--recursive")
flags+=("-R")
flags+=("--to-revision=")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_rollout()
{
last_command="kubectl_rollout"
commands=()
commands+=("history")
commands+=("pause")
commands+=("resume")
commands+=("undo")
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_label()
{
last_command="kubectl_label"
@ -1671,19 +2160,28 @@ _kubectl_label()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--overwrite")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--resource-version=")
flags+=("--selector=")
two_word_flags+=("-l")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -1712,6 +2210,7 @@ _kubectl_label()
must_have_one_flag=()
must_have_one_noun=()
must_have_one_noun+=("componentstatus")
must_have_one_noun+=("configmap")
must_have_one_noun+=("daemonset")
must_have_one_noun+=("deployment")
must_have_one_noun+=("endpoints")
@ -1725,13 +2224,16 @@ _kubectl_label()
must_have_one_noun+=("persistentvolume")
must_have_one_noun+=("persistentvolumeclaim")
must_have_one_noun+=("pod")
must_have_one_noun+=("podsecuritypolicy")
must_have_one_noun+=("podtemplate")
must_have_one_noun+=("replicaset")
must_have_one_noun+=("replicationcontroller")
must_have_one_noun+=("resourcequota")
must_have_one_noun+=("secret")
must_have_one_noun+=("service")
must_have_one_noun+=("serviceaccount")
must_have_one_noun+=("thirdpartyresource")
must_have_one_noun+=("thirdpartyresourcedata")
}
_kubectl_annotate()
@ -1751,19 +2253,28 @@ _kubectl_annotate()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--overwrite")
flags+=("--record")
flags+=("--recursive")
flags+=("-R")
flags+=("--resource-version=")
flags+=("--selector=")
two_word_flags+=("-l")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -1804,7 +2315,7 @@ _kubectl_config_view()
flags_completion=()
flags+=("--flatten")
flags+=("--merge")
flags+=("--merge=")
flags+=("--minify")
flags+=("--no-headers")
flags+=("--output=")
@ -1813,9 +2324,14 @@ _kubectl_config_view()
flags+=("--raw")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -1857,8 +2373,10 @@ _kubectl_config_set-cluster()
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--embed-certs")
flags+=("--insecure-skip-tls-verify")
flags_with_completion+=("--certificate-authority")
flags_completion+=("_filedir")
flags+=("--embed-certs=")
flags+=("--insecure-skip-tls-verify=")
flags+=("--server=")
flags+=("--alsologtostderr")
flags+=("--client-certificate=")
@ -1895,8 +2413,12 @@ _kubectl_config_set-credentials()
flags_completion=()
flags+=("--client-certificate=")
flags_with_completion+=("--client-certificate")
flags_completion+=("_filedir")
flags+=("--client-key=")
flags+=("--embed-certs")
flags_with_completion+=("--client-key")
flags_completion+=("_filedir")
flags+=("--embed-certs=")
flags+=("--password=")
flags+=("--token=")
flags+=("--username=")
@ -2041,6 +2563,45 @@ _kubectl_config_unset()
must_have_one_noun=()
}
_kubectl_config_current-context()
{
last_command="kubectl_config_current-context"
commands=()
flags=()
two_word_flags=()
flags_with_completion=()
flags_completion=()
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
flags+=("--client-certificate=")
flags+=("--client-key=")
flags+=("--cluster=")
flags+=("--context=")
flags+=("--insecure-skip-tls-verify")
flags+=("--kubeconfig=")
flags+=("--log-backtrace-at=")
flags+=("--log-dir=")
flags+=("--log-flush-frequency=")
flags+=("--logtostderr")
flags+=("--match-server-version")
flags+=("--namespace=")
flags+=("--password=")
flags+=("--server=")
two_word_flags+=("-s")
flags+=("--stderrthreshold=")
flags+=("--token=")
flags+=("--user=")
flags+=("--username=")
flags+=("--v=")
flags+=("--vmodule=")
must_have_one_flag=()
must_have_one_noun=()
}
_kubectl_config_use-context()
{
last_command="kubectl_config_use-context"
@ -2090,6 +2651,7 @@ _kubectl_config()
commands+=("set-context")
commands+=("set")
commands+=("unset")
commands+=("current-context")
commands+=("use-context")
flags=()
@ -2136,6 +2698,7 @@ _kubectl_cluster-info()
flags_with_completion=()
flags_completion=()
flags+=("--include-extended-apis")
flags+=("--alsologtostderr")
flags+=("--api-version=")
flags+=("--certificate-authority=")
@ -2255,6 +2818,7 @@ _kubectl_explain()
flags_with_completion=()
flags_completion=()
flags+=("--include-extended-apis")
flags+=("--recursive")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -2301,17 +2865,27 @@ _kubectl_convert()
two_word_flags+=("-f")
flags_with_completion+=("-f")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
flags+=("--include-extended-apis")
flags+=("--local")
flags+=("--no-headers")
flags+=("--output=")
two_word_flags+=("-o")
flags+=("--output-version=")
flags+=("--recursive")
flags+=("-R")
flags+=("--schema-cache-dir=")
flags_with_completion+=("--schema-cache-dir")
flags_completion+=("_filedir")
flags+=("--show-all")
flags+=("-a")
flags+=("--show-labels")
flags+=("--sort-by=")
flags+=("--template=")
flags_with_completion+=("--template")
flags_completion+=("_filedir")
two_word_flags+=("-t")
flags_with_completion+=("-t")
flags_completion+=("_filedir")
flags+=("--validate")
flags+=("--alsologtostderr")
flags+=("--api-version=")
@ -2370,6 +2944,7 @@ _kubectl()
commands+=("run")
commands+=("expose")
commands+=("autoscale")
commands+=("rollout")
commands+=("label")
commands+=("annotate")
commands+=("config")

12
roles/kubernetes/master/tasks/main.yml
View file

@ -3,6 +3,7 @@
copy:
src: kubectl_bash_completion.sh
dest: /etc/bash_completion.d/kubectl.sh
when: ansible_os_family in ["Debian","RedHat"]
- name: Copy kube-apiserver binary
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver"
@ -44,7 +45,7 @@
- meta: flush_handlers
- include: start.yml
with_items: groups['kube-master']
with_items: "{{ groups['kube-master'] }}"
when: "{{ hostvars[item].inventory_hostname == inventory_hostname }}"
# Create kube-system namespace
@ -74,17 +75,12 @@
- name: Write kube-controller-manager manifest
template:
src: manifests/kube-controller-manager.manifest.j2
dest: "{{ kube_config_dir }}/kube-controller-manager.manifest"
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
- name: Write kube-scheduler manifest
template:
src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_config_dir }}/kube-scheduler.manifest"
- name: Write podmaster manifest
template:
src: manifests/kube-podmaster.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest"
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
- name: restart kubelet
service:

10
roles/kubernetes/master/templates/kube-apiserver.j2
View file

@ -38,7 +38,15 @@ KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private
# Add you own!
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem"
{% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %}
{# TODO: gce and aws don't need the cloud provider to be set? #}
KUBELET_CLOUDPROVIDER=""
{% endif %}
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS"
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS \
$KUBELET_CLOUDPROVIDER"
{% endif %}

3
roles/kubernetes/master/templates/kube-apiserver.service.j2
View file

@ -19,7 +19,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
$KUBE_ADMISSION_CONTROL \
$KUBE_RUNTIME_CONFIG \
$KUBE_TLS_CONFIG \
$KUBE_API_ARGS
$KUBE_API_ARGS \
$KUBELET_CLOUDPROVIDER
Restart=on-failure
Type=notify
LimitNOFILE=65536

2
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View file

@ -48,5 +48,5 @@ spec:
path: {{ kube_config_dir }}
name: kubernetes-config
- hostPath:
path: /usr/share/ca-certificates
path: /etc/ssl/certs/
name: ssl-certs-host

17
roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
View file

@ -12,9 +12,14 @@ spec:
- /hyperkube
- controller-manager
- --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
- --leader-elect=true
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --root-ca-file={{ kube_cert_dir }}/ca.pem
- --v={{ kube_log_level | default('2') }}
{% if cloud_provider is defined and cloud_provider == "openstack" %}
- --cloud-provider=openstack
- --cloud-config={{ kube_config_dir }}/cloud_config
{% endif %}
livenessProbe:
httpGet:
host: 127.0.0.1
@ -29,10 +34,20 @@ spec:
- mountPath: /etc/ssl/certs
name: ssl-certs-host
readOnly: true
{% if cloud_provider is defined and cloud_provider == "openstack" %}
- mountPath: {{ kube_config_dir }}/cloud_config
name: cloudconfig
readOnly: true
{% endif %}
volumes:
- hostPath:
path: {{ kube_cert_dir }}
name: ssl-certs-kubernetes
- hostPath:
path: /usr/share/ca-certificates
path: /etc/ssl/certs/
name: ssl-certs-host
{% if cloud_provider is defined and cloud_provider == "openstack" %}
- hostPath:
path: {{ kube_config_dir }}/cloud_config
name: cloudconfig
{% endif %}

46
roles/kubernetes/master/templates/manifests/kube-podmaster.manifest.j2
View file

@ -1,46 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: kube-podmaster
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: scheduler-elector
image: gcr.io/google_containers/podmaster:1.1
command:
- /podmaster
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
- --key=scheduler
- --source-file={{ kube_config_dir}}/kube-scheduler.manifest
- --dest-file={{ kube_manifest_dir }}/kube-scheduler.manifest
volumeMounts:
- mountPath: {{ kube_config_dir }}
name: manifest-src
readOnly: true
- mountPath: {{ kube_manifest_dir }}
name: manifest-dst
- name: controller-manager-elector
image: gcr.io/google_containers/podmaster:1.1
command:
- /podmaster
- --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
- --key=controller
- --source-file={{ kube_config_dir }}/kube-controller-manager.manifest
- --dest-file={{ kube_manifest_dir }}/kube-controller-manager.manifest
terminationMessagePath: /dev/termination-log
volumeMounts:
- mountPath: {{ kube_config_dir }}
name: manifest-src
readOnly: true
- mountPath: {{ kube_manifest_dir }}
name: manifest-dst
volumes:
- hostPath:
path: {{ kube_config_dir }}
name: manifest-src
- hostPath:
path: {{ kube_manifest_dir }}
name: manifest-dst

1
roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
View file

@ -11,6 +11,7 @@ spec:
command:
- /hyperkube
- scheduler
- --leader-elect=true
- --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
- --v={{ kube_log_level | default('2') }}
livenessProbe:

12
roles/kubernetes/node/defaults/main.yml
View file

@ -31,10 +31,8 @@ dns_domain: "{{ cluster_name }}"
kube_proxy_mode: userspace
# Temporary image, waiting for official google release
# hyperkube_image_repo: gcr.io/google_containers/hyperkube
hyperkube_image_repo: quay.io/ant31/kubernetes-hyperkube
hyperkube_image_tag: v1.1.4
hyperkube_image_repo: quay.io/smana/kubernetes-hyperkube
hyperkube_image_tag: v1.2.1
# IP address of the DNS server.
# Kubernetes will create a pod with several containers, serving as the DNS
@ -43,6 +41,6 @@ hyperkube_image_tag: v1.1.4
# pick the 10th ip address in the kube_service_addresses range and use that.
dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
kube_api_runtime_config:
- extensions/v1beta1/daemonsets=true
- extensions/v1beta1/deployments=true
# kube_api_runtime_config:
# - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true

9
roles/kubernetes/node/tasks/install.yml
View file

@ -18,12 +18,3 @@
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet"
register: kubelet_copy
changed_when: false
- name: install | Calico-plugin | Directory
file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/ state=directory
when: kube_network_plugin == "calico"
- name: install | Calico-plugin | Binary
command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico"
when: kube_network_plugin == "calico"
changed_when: false

11
roles/kubernetes/node/templates/kubelet.j2
View file

@ -7,7 +7,9 @@ KUBE_LOGGING="--logtostderr=true"
{% endif %}
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
KUBE_ALLOW_PRIV="--allow_privileged=true"
{% if inventory_hostname in groups['kube-node'] %}
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
{% endif %}
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
@ -33,7 +35,14 @@ KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
{% endif %}
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=true"
{% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %}
{# TODO: gce and aws don't need the cloud provider to be set? #}
KUBELET_CLOUDPROVIDER=""
{% endif %}
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN"
$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER"
{% endif %}

3
roles/kubernetes/node/templates/kubelet.service.j2
View file

@ -20,7 +20,8 @@ ExecStart={{ bin_dir }}/kubelet \
$KUBELET_ARGS \
$DOCKER_SOCKET \
$KUBELET_REGISTER_NODE \
$KUBELET_NETWORK_PLUGIN
$KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER
Restart=on-failure
[Install]

1
roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
View file

@ -23,6 +23,7 @@ spec:
- --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
{% endif %}
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
- --proxy-mode={{ kube_proxy_mode }}
securityContext:
privileged: true
volumeMounts:

12
roles/kubernetes/preinstall/defaults/main.yml
View file

@ -8,5 +8,13 @@ common_required_pkgs:
- rsync
- bash-completion
pypy_version: 2.4.0
python_pypy_url: "https://bitbucket.org/pypy/pypy/downloads/pypy-{{ pypy_version }}.tar.bz2"
# For the openstack integration kubelet will need credentials to access
# openstack apis like nova and cinder. Per default this values will be
# read from the environment.
openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
openstack_username: "{{ lookup('env','OS_USERNAME') }}"
openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID') }}"

17474
roles/kubernetes/preinstall/files/get-pip.py
View file

File diff suppressed because it is too large Load diff

3
roles/kubernetes/preinstall/tasks/etchosts.yml
View file

@ -5,9 +5,10 @@
regexp: "^{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4.address)) }} {{ item }}$"
line: "{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4.address)) }} {{ item }}"
state: present
create: yes
backup: yes
when: hostvars[item].ansible_default_ipv4.address is defined
with_items: groups['all']
with_items: "{{ groups['all'] }}"
- name: Hosts | populate kubernetes loadbalancer address into hosts file
lineinfile:

37
roles/kubernetes/preinstall/tasks/main.yml
View file

@ -14,6 +14,12 @@
- defaults.yml
paths:
- ../vars
skip: true
- name: Force binaries directory for CoreOS
set_fact:
bin_dir: "/opt/bin"
when: ansible_os_family == "CoreOS"
- name: Create kubernetes config directory
file:
@ -40,6 +46,14 @@
owner: kube
when: ansible_service_mgr in ["sysvinit","upstart"]
- name: check cloud_provider value
fail:
msg: "If set the 'cloud_provider' var must be set either to 'gce', 'aws' or 'openstack'"
when: cloud_provider is defined and cloud_provider not in ['gce', 'aws', 'openstack']
- include: openstack-credential-check.yml
when: cloud_provider is defined and cloud_provider == 'openstack'
- name: Create cni directories
file:
path: "{{ item }}"
@ -50,18 +64,13 @@
- "/opt/cni/bin"
when: kube_network_plugin == "calico"
- name: Update package management cache (APT)
apt: update_cache=yes
when: ansible_pkg_mgr == 'apt'
- name: Update package management cache (YUM)
yum: update_cache=yes name='*'
when: ansible_pkg_mgr == 'yum'
- name: Install python-apt for Debian distribs
command: apt-get install -y python-apt
- name: Install latest version of python-apt for Debian distribs
apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
when: ansible_os_family == "Debian"
changed_when: False
- name: Install python-dnf for latest RedHat versions
command: dnf install -y python-dnf yum
@ -85,7 +94,8 @@
module: "{{ ansible_pkg_mgr }}"
name: "{{ item }}"
state: latest
with_items: "{{required_pkgs | union(common_required_pkgs)}}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: ansible_os_family != "CoreOS"
# Todo : selinux configuration
- name: Set selinux policy to permissive
@ -93,7 +103,12 @@
when: ansible_os_family == "RedHat"
changed_when: False
- include: etchosts.yml
- name: Write openstack cloud-config
template:
src: openstack-cloud-config.j2
dest: "{{ kube_config_dir }}/cloud_config"
group: "{{ kube_cert_group }}"
mode: 0640
when: cloud_provider is defined and cloud_provider == "openstack"
- include: python-bootstrap.yml
when: ansible_os_family not in [ "Debian", "RedHat" ]
- include: etchosts.yml

25
roles/kubernetes/preinstall/tasks/openstack-credential-check.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: check openstack_auth_url value
fail:
msg: "openstack_auth_url is missing"
when: openstack_auth_url is not defined or openstack_auth_url == ""
- name: check openstack_username value
fail:
msg: "openstack_username is missing"
when: openstack_username is not defined or openstack_username == ""
- name: check openstack_password value
fail:
msg: "openstack_password is missing"
when: openstack_password is not defined or openstack_password == ""
- name: check openstack_region value
fail:
msg: "openstack_region is missing"
when: openstack_region is not defined or openstack_region == ""
- name: check tenant_id value
fail:
msg: "tenant_id is missing"
when: openstack_tenant_id is not defined or openstack_tenant_id == ""

6
roles/kubernetes/preinstall/templates/openstack-cloud-config.j2 Normal file
View file

@ -0,0 +1,6 @@
[Global]
auth-url={{ openstack_auth_url }}
username={{ openstack_username }}
password={{ openstack_password }}
region={{ openstack_region }}
tenant-id={{ openstack_tenant_id }}

1
roles/kubernetes/preinstall/vars/debian.yml
View file

@ -1,4 +1,5 @@
required_pkgs:
- python-apt
- aufs-tools
- apt-transport-https
- software-properties-common

2
roles/kubernetes/secrets/scripts/make-ssl.sh
View file

@ -54,7 +54,7 @@ if [ -z ${SSLDIR} ]; then
SSLDIR="/etc/kubernetes/certs"
fi
tmpdir=$(mktemp -d --tmpdir kubernetes_cacert.XXXXXX)
tmpdir=$(mktemp -d /tmp/kubernetes_cacert.XXXXXX)
trap 'rm -rf "${tmpdir}"' EXIT
cd "${tmpdir}"

6
roles/kubernetes/secrets/tasks/gen_certs.yml
View file

@ -1,11 +1,11 @@
---
- name: certs | write openssl config
sudo: False
become: False
local_action: template src="openssl.conf.j2" dest="{{ role_path }}/files/openssl.conf"
run_once: yes
- name: certs | run cert generation script
sudo: False
become: False
local_action: shell
{{ role_path }}/scripts/make-ssl.sh
-f {{ role_path }}/files/openssl.conf
@ -48,4 +48,4 @@
file:
path: "{{ item }}"
mode: 0600
with_items: keyfiles.stdout_lines
with_items: "{{ keyfiles.stdout_lines }}"

4
roles/kubernetes/secrets/tasks/gen_tokens.yml
View file

@ -1,6 +1,6 @@
---
- name: tokens | generate tokens for master components
sudo: False
become: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"
@ -12,7 +12,7 @@
notify: set secret_changed
- name: tokens | generate tokens for node components
sudo: False
become: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"

5
roles/kubernetes/secrets/templates/openssl.conf.j2
View file

@ -9,9 +9,10 @@ subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc.{{ dns_domain }}
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.{{ dns_domain }}
{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
DNS.4 = {{ apiserver_loadbalancer_domain_name }}
DNS.5 = {{ apiserver_loadbalancer_domain_name }}
{% endif %}
{% for host in groups['kube-master'] %}
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}

6
roles/network_plugin/calico/defaults/main.yml
View file

@ -1,2 +1,6 @@
---
# cloud_provider: no
# Enables Internet connectivity from containers
nat_outgoing: true
# cloud_provider can only be set to 'gce' or 'aws'
# cloud_provider:

35
roles/network_plugin/calico/tasks/main.yml
View file

@ -8,13 +8,14 @@
mode: 0644
notify:
- restart docker
when: ansible_os_family != "CoreOS"
- name: Calico | Write docker.service systemd file
template:
src: systemd-docker.service
dest: /lib/systemd/system/docker.service
notify: restart docker
when: ansible_service_mgr == "systemd"
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers
@ -34,12 +35,6 @@
- name: Calico | install calicoctl
file: path={{ bin_dir }}/calicoctl mode=0755 state=file
- name: Calico | Create calicoctl symlink (needed by kubelet)
file:
src: /usr/local/bin/calicoctl
dest: /usr/bin/calicoctl
state: link
- name: Calico | wait for etcd
wait_for:
port: 2379
@ -53,15 +48,23 @@
register: calico_conf
run_once: true
- name: Calico | Configure calico network pool for cloud
command: "calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
run_once: true
when: calico_conf.status == 404 and cloud_provider is defined and cloud_provider == True
- name: Calico | Configure calico network pool
command: "calicoctl pool add {{ kube_pods_subnet }}"
command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }}"
run_once: true
when: calico_conf.status == 404 and (cloud_provider is not defined or cloud_provider != True)
when: calico_conf.status == 404 and cloud_provider is not defined
and not nat_outgoing|default(false) or
(nat_outgoing|default(false) and peer_with_router|default(false))
- name: Calico | Configure calico network pool for cloud
command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing"
run_once: true
when: calico_conf.status == 404 and cloud_provider is defined
- name: Calico | Configure calico network pool with nat outgoing
command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} --nat-outgoing"
run_once: true
when: calico_conf.status == 404 and cloud_provider is not defined
and nat_outgoing|default(false) and not peer_with_router|default(false)
- name: Calico | Get calico configuration from etcd
uri:
@ -112,13 +115,13 @@
when: calico_copy.stdout_lines
- name: Calico | Disable node mesh
shell: calicoctl bgp node-mesh off
shell: "{{ bin_dir }}/calicoctl bgp node-mesh off"
environment:
ETCD_AUTHORITY: "127.0.0.1:2379"
when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
- name: Calico | Configure peering with router(s)
shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
environment:
ETCD_AUTHORITY: "127.0.0.1:2379"
with_items: peers

4
roles/network_plugin/flannel/defaults/main.yml
View file

@ -6,3 +6,7 @@ flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address
## interface that should be used for flannel operations
## This is actually an inventory node-level item
# flannel_interface:
# You can choose what type of flannel backend to use
# please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
flannel_backend_type: "vxlan"

11
roles/network_plugin/flannel/tasks/main.yml
View file

@ -4,7 +4,6 @@
src: network.json
dest: /etc/flannel-network.json
backup: yes
- name: Flannel | Create flannel pod manifest
template:
src: flannel-pod.yml
@ -15,6 +14,7 @@
wait_for:
path: /run/flannel/subnet.env
delay: 5
timeout: 600
- name: Flannel | Get flannel_subnet from subnet.env
shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
@ -42,11 +42,18 @@
notify:
- restart docker
- name: Flannel | Create docker config symlink for CoreOS
file:
src: "/etc/default/docker"
dest: "/run/flannel_docker_opts.env"
state: link
when: ansible_os_family == "CoreOS"
- name: Flannel | Write docker.service systemd file
template:
src: systemd-docker.service
dest: /lib/systemd/system/docker.service
notify: restart docker
when: ansible_service_mgr == "systemd"
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers

3
roles/network_plugin/flannel/templates/docker
View file

@ -1,5 +1,6 @@
# Deployed by Ansible
{% if ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
{% if (ansible_service_mgr in ["sysvinit","upstart"] and kube_network_plugin == "flannel" and ansible_os_family == "Debian") or
(kube_network_plugin == "flannel" and ansible_os_family == "CoreOS") %}
DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
{% elif kube_network_plugin == "flannel" %}
OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"

2
roles/network_plugin/flannel/templates/network.json
View file

@ -1 +1 @@
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "vxlan" } }
{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }

2
roles/network_plugin/weave/tasks/main.yml
View file

@ -14,7 +14,7 @@
src: systemd-docker.service
dest: /lib/systemd/system/docker.service
notify: restart docker
when: ansible_service_mgr == "systemd"
when: ansible_service_mgr == "systemd" and ansible_os_family != "CoreOS"
- meta: flush_handlers

101
roles/uploads/defaults/main.yml Normal file
View file

@ -0,0 +1,101 @@
---
local_release_dir: /tmp
# Versions
kube_version: v1.2.1
etcd_version: v2.2.5
calico_version: v0.17.0
calico_cni_version: v1.0.0
weave_version: v1.4.4
# Download URL's
kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
# Checksums
calico_checksum: "1fa22c0ee0cc661f56aa09169a3661fb46e552b53fae5fae9aac010e0666b281"
calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd"
calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2"
weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957"
etcd_checksum: "aa6037406257d2a1bc48ffa769afe7a4f8a04cc1ffcd36ef84f9ee8bc4eca756"
kubectl_checksum: "a41b9543ddef1f64078716075311c44c6e1d02c67301c0937a658cef37923bbb"
kubelet_checksum: "7e253e07da77b031d5687102c485697f95f9e1e6410c1da1f4d3f064cdc70f07"
kube_apiserver_checksum: "8e00cd59330857b119e40cd6156c0f476a8e62bbc9e9addd524b39e0c390a6cd"
downloads:
- name: calico
dest: calico/bin/calicoctl
version: "{{calico_version}}"
sha256: "{{ calico_checksum }}"
source_url: "{{ calico_download_url }}"
url: "{{ calico_download_url }}"
owner: "root"
mode: "0755"
- name: calico-cni-plugin
dest: calico/bin/calico
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_checksum }}"
source_url: "{{ calico_cni_download_url }}"
url: "{{ calico_cni_download_url }}"
owner: "root"
mode: "0755"
- name: calico-cni-plugin-ipam
dest: calico/bin/calico-ipam
version: "{{calico_cni_version}}"
sha256: "{{ calico_cni_ipam_checksum }}"
source_url: "{{ calico_cni_ipam_download_url }}"
url: "{{ calico_cni_ipam_download_url }}"
owner: "root"
mode: "0755"
- name: weave
dest: weave/bin/weave
version: "{{weave_version}}"
source_url: "{{weave_download_url}}"
url: "{{weave_download_url}}"
sha256: "{{ weave_checksum }}"
owner: "root"
mode: "0755"
- name: etcd
version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
sha256: "{{ etcd_checksum }}"
source_url: "{{ etcd_download_url }}"
url: "{{ etcd_download_url }}"
unarchive: true
owner: "etcd"
mode: "0755"
- name: kubernetes-kubelet
version: "{{kube_version}}"
dest: kubernetes/bin/kubelet
sha256: "{{kubelet_checksum}}"
source_url: "{{ kube_download_url }}/kubelet"
url: "{{ kube_download_url }}/kubelet"
owner: "kube"
mode: "0755"
- name: kubernetes-kubectl
dest: kubernetes/bin/kubectl
version: "{{kube_version}}"
sha256: "{{kubectl_checksum}}"
source_url: "{{ kube_download_url }}/kubectl"
url: "{{ kube_download_url }}/kubectl"
owner: "kube"
mode: "0755"
- name: kubernetes-apiserver
dest: kubernetes/bin/kube-apiserver
version: "{{kube_version}}"
sha256: "{{kube_apiserver_checksum}}"
source_url: "{{ kube_download_url }}/kube-apiserver"
url: "{{ kube_download_url }}/kube-apiserver"
owner: "kube"
mode: "0755"

24
roles/uploads/tasks/main.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Create dest directories
file: path={{local_release_dir}}/{{item.dest|dirname}} state=directory recurse=yes
with_items: downloads
- name: Download items
get_url:
url: "{{item.source_url}}"
dest: "{{local_release_dir}}/{{item.dest}}"
sha256sum: "{{item.sha256 | default(omit)}}"
owner: "{{ item.owner|default(omit) }}"
mode: "{{ item.mode|default(omit) }}"
with_items: downloads
- name: uploads items
gc_storage:
bucket: kubespray
object: "{{item.version}}_{{item.name}}"
src: "{{ local_release_dir }}/{{item.dest}}"
mode: put
permission: public-read
gs_access_key: "changeme"
gs_secret_key: "changeme"
with_items: downloads

13
tests/README.md
View file

@ -1,6 +1,15 @@
# k8s-integration-tests
# Kubespray cloud deployment tests
## Amazon Web Service
| Calico | Flannel | Weave |
------------- | ------------- | ------------- | ------------- |
Debian Jessie | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-jessie) | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-jessie/) | [![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-jessie/) |
Ubuntu Trusty |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-trusty/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-trusty/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-trusty)|
RHEL 7.2 |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-rhel72/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-rhel72/)|
CentOS 7 |[![Build Status](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-calico-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-flannel-centos7/)|[![Build Status](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/badge/icon)](https://ci.kubespray.io/job/kubespray-aws-weave-centos7/)|
*Work In Progress*
## Test environment variables

94
tests/support/aws.groovy Normal file
View file

@ -0,0 +1,94 @@
def run(username, credentialsId, ami, network_plugin, aws_access, aws_secret) {
def inventory_path = pwd() + "/inventory/inventory-test.ini"
dir('tests') {
wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
try {
create_vm("${env.JOB_NAME}-${env.BUILD_NUMBER}", inventory_path, ami, username, network_plugin, aws_access, aws_secret)
install_cluster(inventory_path, credentialsId, network_plugin)
test_apiserver(inventory_path, credentialsId)
test_create_pod(inventory_path, credentialsId)
test_network(inventory_path, credentialsId)
} finally {
delete_vm(inventory_path, credentialsId, aws_access, aws_secret)
}
}
}
}
def create_vm(run_id, inventory_path, ami, username, network_plugin, aws_access, aws_secret) {
ansiblePlaybook(
inventory: 'local_inventory/hosts.cfg',
playbook: 'cloud_playbooks/create-aws.yml',
extraVars: [
test_id: run_id,
kube_network_plugin: network_plugin,
aws_access_key: [value: aws_access, hidden: true],
aws_secret_key: [value: aws_secret, hidden: true],
aws_ami_id: ami,
aws_security_group: [value: 'sg-cb0327a2', hidden: true],
key_name: 'travis-ci',
inventory_path: inventory_path,
aws_region: 'eu-central-1',
ssh_user: username
],
colorized: true
)
}
def delete_vm(inventory_path, credentialsId, aws_access, aws_secret) {
ansiblePlaybook(
inventory: inventory_path,
playbook: 'cloud_playbooks/delete-aws.yml',
credentialsId: credentialsId,
extraVars: [
aws_access_key: [value: aws_access, hidden: true],
aws_secret_key: [value: aws_secret, hidden: true]
],
colorized: true
)
}
def install_cluster(inventory_path, credentialsId, network_plugin) {
ansiblePlaybook(
inventory: inventory_path,
playbook: '../cluster.yml',
sudo: true,
credentialsId: credentialsId,
extraVars: [
kube_network_plugin: network_plugin
],
extras: "-e cloud_provider=aws",
colorized: true
)
}
def test_apiserver(inventory_path, credentialsId) {
ansiblePlaybook(
inventory: inventory_path,
playbook: 'testcases/010_check-apiserver.yml',
credentialsId: credentialsId,
colorized: true
)
}
def test_create_pod(inventory_path, credentialsId) {
ansiblePlaybook(
inventory: inventory_path,
playbook: 'testcases/020_check-create-pod.yml',
sudo: true,
credentialsId: credentialsId,
colorized: true
)
}
def test_network(inventory_path, credentialsId) {
ansiblePlaybook(
inventory: inventory_path,
playbook: 'testcases/030_check-network.yml',
sudo: true,
credentialsId: credentialsId,
colorized: true
)
}
return this;

11
uploads.yml Normal file
View file

@ -0,0 +1,11 @@
---
- hosts: localhost
roles:
- {role: uploads}
# TEST download
- hosts: localhost
vars:
local_release_dir: /tmp/from_gcloud
roles:
- {role: download}