Compare commits
15 commits
master
...
release-2.
Author | SHA1 | Date | |
---|---|---|---|
|
d3f6079991 | ||
|
7aa8b82512 | ||
|
ec974e16fa | ||
|
6f97687d19 | ||
|
447605ca0e | ||
|
3901480bc1 | ||
|
c42cb8f9b2 | ||
|
5c28bb0679 | ||
|
6d53229986 | ||
|
1e57d2e21a | ||
|
ea41fc5e74 | ||
|
4167807f17 | ||
|
2ac1c7562f | ||
|
2d6e31d281 | ||
|
0a19d1bf01 |
17 changed files with 90 additions and 50 deletions
|
@ -17,6 +17,9 @@ Quick Start
|
||||||
|
|
||||||
To deploy the cluster you can use :
|
To deploy the cluster you can use :
|
||||||
|
|
||||||
|
### Current release
|
||||||
|
2.8.2
|
||||||
|
|
||||||
### Ansible
|
### Ansible
|
||||||
|
|
||||||
#### Ansible version
|
#### Ansible version
|
||||||
|
@ -111,7 +114,7 @@ Supported Components
|
||||||
--------------------
|
--------------------
|
||||||
|
|
||||||
- Core
|
- Core
|
||||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.12.3
|
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.12.7
|
||||||
- [etcd](https://github.com/coreos/etcd) v3.2.24
|
- [etcd](https://github.com/coreos/etcd) v3.2.24
|
||||||
- [docker](https://www.docker.com/) v18.06 (see note)
|
- [docker](https://www.docker.com/) v18.06 (see note)
|
||||||
- [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)
|
- [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)
|
||||||
|
|
|
@ -19,7 +19,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
|
||||||
kube_api_anonymous_auth: true
|
kube_api_anonymous_auth: true
|
||||||
|
|
||||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||||
kube_version: v1.12.3
|
kube_version: v1.12.7
|
||||||
|
|
||||||
# kubernetes image repo define
|
# kubernetes image repo define
|
||||||
kube_image_repo: "gcr.io/google-containers"
|
kube_image_repo: "gcr.io/google-containers"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
ansible>=2.5.0,!=2.7.0
|
ansible>=2.5.0,<2.7
|
||||||
jinja2>=2.9.6
|
jinja2>=2.9.6
|
||||||
netaddr
|
netaddr
|
||||||
pbr>=1.6
|
pbr>=1.6
|
||||||
|
|
|
@ -13,8 +13,8 @@ docker_versioned_pkg:
|
||||||
'17.09': docker-ce=17.09.0~ce-0~debian
|
'17.09': docker-ce=17.09.0~ce-0~debian
|
||||||
'17.12': docker-ce=17.12.1~ce-0~debian
|
'17.12': docker-ce=17.12.1~ce-0~debian
|
||||||
'18.03': docker-ce=18.03.1~ce-0~debian
|
'18.03': docker-ce=18.03.1~ce-0~debian
|
||||||
'18.06': docker-ce=18.06.1~ce~3-0~debian
|
'18.06': docker-ce=18.06.2~ce~3-0~debian
|
||||||
'stable': docker-ce=18.06.1~ce~3-0~debian
|
'stable': docker-ce=18.06.2~ce~3-0~debian
|
||||||
'edge': docker-ce=17.12.1~ce-0~debian
|
'edge': docker-ce=17.12.1~ce-0~debian
|
||||||
|
|
||||||
docker_package_info:
|
docker_package_info:
|
||||||
|
|
|
@ -6,7 +6,7 @@ docker_kernel_min_version: '0'
|
||||||
docker_versioned_pkg:
|
docker_versioned_pkg:
|
||||||
'latest': docker-ce
|
'latest': docker-ce
|
||||||
'18.03': docker-ce-18.03.1.ce-3.fc28
|
'18.03': docker-ce-18.03.1.ce-3.fc28
|
||||||
'18.06': docker-ce-18.06.1.ce-3.fc28
|
'18.06': docker-ce-18.06.3.ce-3.fc28
|
||||||
|
|
||||||
#
|
#
|
||||||
# This is due to the fact that the docker
|
# This is due to the fact that the docker
|
||||||
|
|
|
@ -14,8 +14,8 @@ docker_versioned_pkg:
|
||||||
'17.09': docker-ce-17.09.0.ce-1.el7.centos
|
'17.09': docker-ce-17.09.0.ce-1.el7.centos
|
||||||
'17.12': docker-ce-17.12.1.ce-1.el7.centos
|
'17.12': docker-ce-17.12.1.ce-1.el7.centos
|
||||||
'18.03': docker-ce-18.03.1.ce-1.el7.centos
|
'18.03': docker-ce-18.03.1.ce-1.el7.centos
|
||||||
'18.06': docker-ce-18.06.1.ce-3.el7
|
'18.06': docker-ce-18.06.3.ce-3.el7
|
||||||
'stable': docker-ce-18.06.1.ce-3.el7
|
'stable': docker-ce-18.06.3.ce-3.el7
|
||||||
'edge': docker-ce-17.12.1.ce-1.el7.centos
|
'edge': docker-ce-17.12.1.ce-1.el7.centos
|
||||||
|
|
||||||
docker_selinux_versioned_pkg:
|
docker_selinux_versioned_pkg:
|
||||||
|
|
|
@ -10,9 +10,9 @@ docker_versioned_pkg:
|
||||||
'17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
'17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
||||||
'17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
'17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
||||||
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
||||||
'18.06': docker-ce=18.06.1~ce~3-0~ubuntu
|
'18.06': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'stable': docker-ce=18.06.1~ce~3-0~ubuntu
|
'stable': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'edge': docker-ce=18.06.1~ce~3-0~ubuntu
|
'edge': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
|
|
||||||
docker_package_info:
|
docker_package_info:
|
||||||
pkg_mgr: apt
|
pkg_mgr: apt
|
||||||
|
|
|
@ -6,9 +6,9 @@ docker_versioned_pkg:
|
||||||
'latest': docker-ce
|
'latest': docker-ce
|
||||||
'17.09': docker-ce=17.09.1~ce-0~ubuntu
|
'17.09': docker-ce=17.09.1~ce-0~ubuntu
|
||||||
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
|
||||||
'18.06': docker-ce=18.06.1~ce~3-0~ubuntu
|
'18.06': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'stable': docker-ce=18.06.1~ce~3-0~ubuntu
|
'stable': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'edge': docker-ce=18.06.1~ce~3-0~ubuntu
|
'edge': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
|
|
||||||
docker_package_info:
|
docker_package_info:
|
||||||
pkg_mgr: apt
|
pkg_mgr: apt
|
||||||
|
|
|
@ -6,9 +6,9 @@ use_docker_engine: false
|
||||||
docker_versioned_pkg:
|
docker_versioned_pkg:
|
||||||
'latest': docker-ce
|
'latest': docker-ce
|
||||||
'18.03': docker-ce=18.03.1~ce-3-0~ubuntu
|
'18.03': docker-ce=18.03.1~ce-3-0~ubuntu
|
||||||
'18.06': docker-ce=18.06.1~ce~3-0~ubuntu
|
'18.06': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'stable': docker-ce=18.06.1~ce~3-0~ubuntu
|
'stable': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
'edge': docker-ce=18.06.1~ce~3-0~ubuntu
|
'edge': docker-ce=18.06.2~ce~3-0~ubuntu
|
||||||
|
|
||||||
docker_package_info:
|
docker_package_info:
|
||||||
pkg_mgr: apt
|
pkg_mgr: apt
|
||||||
|
|
|
@ -35,7 +35,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube
|
||||||
image_arch: "{{host_architecture | default('amd64')}}"
|
image_arch: "{{host_architecture | default('amd64')}}"
|
||||||
|
|
||||||
# Versions
|
# Versions
|
||||||
kube_version: v1.12.3
|
kube_version: v1.12.7
|
||||||
kubeadm_version: "{{ kube_version }}"
|
kubeadm_version: "{{ kube_version }}"
|
||||||
etcd_version: v3.2.24
|
etcd_version: v3.2.24
|
||||||
|
|
||||||
|
@ -70,6 +70,10 @@ cni_download_url: "https://github.com/containernetworking/plugins/releases/downl
|
||||||
|
|
||||||
# Checksums
|
# Checksums
|
||||||
hyperkube_checksums:
|
hyperkube_checksums:
|
||||||
|
v1.12.7: cfcee7cadc18ffb40f87bcb21bc33e98d17a3bf97e1d75f0c63642d9e3b1ec65
|
||||||
|
v1.12.6: eb7bd0c21977bca7071c65fa0ef60d5e09c9e9a16c4fd8435be5bd7f5b0d1221
|
||||||
|
v1.12.5: f8b651816b2caa33e8b25a666e5c370e9786356d59f89579bba772f28370ed00
|
||||||
|
v1.12.4: a4697d8f3791f0408fcdb97b3de187e47d7b39a63332c75f68f95e25f4891cc9
|
||||||
v1.12.3: 600aad3f0d016716abd85931239806193ffbe95f2edfdcea11532d518ae5cdb1
|
v1.12.3: 600aad3f0d016716abd85931239806193ffbe95f2edfdcea11532d518ae5cdb1
|
||||||
v1.12.2: 566dfed398c20c9944f8999d6370cb584cb8c228b3c5881137b6b3d9306e4b06
|
v1.12.2: 566dfed398c20c9944f8999d6370cb584cb8c228b3c5881137b6b3d9306e4b06
|
||||||
v1.12.1: 4aa23cfb2fc2e2e4d0cbe0d83a648c38e4baabd6c66f5cdbbb40cbc7582fdc74
|
v1.12.1: 4aa23cfb2fc2e2e4d0cbe0d83a648c38e4baabd6c66f5cdbbb40cbc7582fdc74
|
||||||
|
@ -88,6 +92,10 @@ hyperkube_checksums:
|
||||||
v1.10.1: 6e0642ad6bae68dc81b8d1c9efa18e265e17e23da1895862823cafac08c0344c
|
v1.10.1: 6e0642ad6bae68dc81b8d1c9efa18e265e17e23da1895862823cafac08c0344c
|
||||||
v1.10.0: b5575b2fb4266754c1675b8cd5d9b6cac70f3fee7a05c4e80da3a9e83e58c57e
|
v1.10.0: b5575b2fb4266754c1675b8cd5d9b6cac70f3fee7a05c4e80da3a9e83e58c57e
|
||||||
kubeadm_checksums:
|
kubeadm_checksums:
|
||||||
|
v1.12.7: 8a16dea17c1f7aa5b72d9abdc4c3f0e50b52f325084647d71acdd0361eec5f6a
|
||||||
|
v1.12.6: 9048031930be9cb0506940c04f6ce67408d9caa9384b32d65d7aa5b6f1ad58ec
|
||||||
|
v1.12.5: d61730b3deb4d9825af0cc1e452a4be2292400507128279770c39669f6599af9
|
||||||
|
v1.12.4: 674ad5892ff2403f492c9042c3cea3fa0bfa3acf95bc7d1777c3645f0ddf64d7
|
||||||
v1.12.3: c675aa3be82754b3f8dfdde2a1526a72986713312d46d898e65cb564c6aa8ad4
|
v1.12.3: c675aa3be82754b3f8dfdde2a1526a72986713312d46d898e65cb564c6aa8ad4
|
||||||
v1.12.2: 51bc4bfd1d934a27245111c0ad1f793d5147ed15389415a1509502f23fcfa642
|
v1.12.2: 51bc4bfd1d934a27245111c0ad1f793d5147ed15389415a1509502f23fcfa642
|
||||||
v1.12.1: 5d95efd65aad398d85a9802799f36410ae7a95f9cbe73c8b10d2213c10a6d7be
|
v1.12.1: 5d95efd65aad398d85a9802799f36410ae7a95f9cbe73c8b10d2213c10a6d7be
|
||||||
|
|
|
@ -42,27 +42,21 @@
|
||||||
|
|
||||||
- name: kubeadm | aggregate all SANs
|
- name: kubeadm | aggregate all SANs
|
||||||
set_fact:
|
set_fact:
|
||||||
apiserver_sans: >-
|
apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_supp + sans_access_ip + sans_ip + sans_address) | unique }}"
|
||||||
kubernetes
|
vars:
|
||||||
kubernetes.default
|
sans_base:
|
||||||
kubernetes.default.svc
|
- "kubernetes"
|
||||||
kubernetes.default.svc.{{ dns_domain }}
|
- "kubernetes.default"
|
||||||
{{ kube_apiserver_ip }}
|
- "kubernetes.default.svc"
|
||||||
localhost
|
- "kubernetes.default.svc.{{ dns_domain }}"
|
||||||
127.0.0.1
|
- "{{ kube_apiserver_ip }}"
|
||||||
{{ ' '.join(groups['kube-master']) }}
|
- "localhost"
|
||||||
{%- if loadbalancer_apiserver is defined %}
|
- "127.0.0.1"
|
||||||
{{ apiserver_loadbalancer_domain_name }}
|
sans_lb: "{{ [apiserver_loadbalancer_domain_name] if apiserver_loadbalancer_domain_name is defined else [] }}"
|
||||||
{%- endif %}
|
sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}"
|
||||||
{%- for host in groups['kube-master'] -%}
|
sans_access_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
|
||||||
{%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %}
|
sans_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
|
||||||
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
sans_address: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
|
||||||
{%- endfor %}
|
|
||||||
{%- if supplementary_addresses_in_ssl_keys is defined %}
|
|
||||||
{%- for addr in supplementary_addresses_in_ssl_keys %}
|
|
||||||
{{ addr }}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endif %}
|
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: kubeadm | Copy etcd cert dir under k8s cert dir
|
- name: kubeadm | Copy etcd cert dir under k8s cert dir
|
||||||
|
|
|
@ -20,7 +20,6 @@ networking:
|
||||||
dnsDomain: {{ dns_domain }}
|
dnsDomain: {{ dns_domain }}
|
||||||
serviceSubnet: {{ kube_service_addresses }}
|
serviceSubnet: {{ kube_service_addresses }}
|
||||||
podSubnet: {{ kube_pods_subnet }}
|
podSubnet: {{ kube_pods_subnet }}
|
||||||
podNetworkCidr: "{{ kube_network_node_prefix }}"
|
|
||||||
kubernetesVersion: {{ kube_version }}
|
kubernetesVersion: {{ kube_version }}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||||
cloudProvider: {{cloud_provider}}
|
cloudProvider: {{cloud_provider}}
|
||||||
|
@ -99,6 +98,12 @@ apiServerExtraArgs:
|
||||||
{% if kube_oidc_groups_claim is defined %}
|
{% if kube_oidc_groups_claim is defined %}
|
||||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_oidc_username_prefix is defined %}
|
||||||
|
oidc-username-prefix: {{ kube_oidc_username_prefix }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kube_oidc_groups_prefix is defined %}
|
||||||
|
oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_encrypt_secret_data %}
|
{% if kube_encrypt_secret_data %}
|
||||||
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
||||||
|
@ -121,6 +126,7 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||||
profiling: "{{ kube_profiling }}"
|
profiling: "{{ kube_profiling }}"
|
||||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
|
@ -171,7 +177,7 @@ apiServerExtraVolumes:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
apiServerCertSANs:
|
apiServerCertSANs:
|
||||||
{% for san in apiserver_sans.split(' ') | unique %}
|
{% for san in apiserver_sans %}
|
||||||
- {{ san }}
|
- {{ san }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
certificatesDir: {{ kube_config_dir }}/ssl
|
certificatesDir: {{ kube_config_dir }}/ssl
|
||||||
|
|
|
@ -21,7 +21,6 @@ networking:
|
||||||
dnsDomain: {{ dns_domain }}
|
dnsDomain: {{ dns_domain }}
|
||||||
serviceSubnet: {{ kube_service_addresses }}
|
serviceSubnet: {{ kube_service_addresses }}
|
||||||
podSubnet: {{ kube_pods_subnet }}
|
podSubnet: {{ kube_pods_subnet }}
|
||||||
podNetworkCidr: "{{ kube_network_node_prefix }}"
|
|
||||||
kubernetesVersion: {{ kube_version }}
|
kubernetesVersion: {{ kube_version }}
|
||||||
kubeProxy:
|
kubeProxy:
|
||||||
config:
|
config:
|
||||||
|
@ -84,6 +83,12 @@ apiServerExtraArgs:
|
||||||
{% if kube_oidc_groups_claim is defined %}
|
{% if kube_oidc_groups_claim is defined %}
|
||||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_oidc_username_prefix is defined %}
|
||||||
|
oidc-username-prefix: {{ kube_oidc_username_prefix }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kube_oidc_groups_prefix is defined %}
|
||||||
|
oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_encrypt_secret_data %}
|
{% if kube_encrypt_secret_data %}
|
||||||
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
||||||
|
@ -119,6 +124,7 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||||
profiling: "{{ kube_profiling }}"
|
profiling: "{{ kube_profiling }}"
|
||||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
|
@ -146,7 +152,7 @@ controllerManagerExtraVolumes:
|
||||||
mountPath: {{ kube_config_dir }}/cloud_config
|
mountPath: {{ kube_config_dir }}/cloud_config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
|
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or apiserver_extra_volumes or (cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"]) %}
|
||||||
apiServerExtraVolumes:
|
apiServerExtraVolumes:
|
||||||
{% if kube_basic_auth|default(true) %}
|
{% if kube_basic_auth|default(true) %}
|
||||||
- name: basic-auth-config
|
- name: basic-auth-config
|
||||||
|
@ -168,6 +174,17 @@ apiServerExtraVolumes:
|
||||||
mountPath: {{ audit_log_mountpath }}
|
mountPath: {{ audit_log_mountpath }}
|
||||||
writable: true
|
writable: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
|
- name: cloud-config
|
||||||
|
hostPath: {{ kube_config_dir }}/cloud_config
|
||||||
|
mountPath: {{ kube_config_dir }}/cloud_config
|
||||||
|
{% endif %}
|
||||||
|
{% for volume in apiserver_extra_volumes %}
|
||||||
|
- name: {{ volume.name }}
|
||||||
|
hostPath: {{ volume.hostPath }}
|
||||||
|
mountPath: {{ volume.mountPath }}
|
||||||
|
writable: {{ volume.writable | default(false)}}
|
||||||
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
|
@ -189,7 +206,7 @@ schedulerExtraArgs:
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
apiServerCertSANs:
|
apiServerCertSANs:
|
||||||
{% for san in apiserver_sans.split(' ') | unique %}
|
{% for san in apiserver_sans %}
|
||||||
- {{ san }}
|
- {{ san }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
certificatesDir: {{ kube_config_dir }}/ssl
|
certificatesDir: {{ kube_config_dir }}/ssl
|
||||||
|
|
|
@ -36,7 +36,6 @@ networking:
|
||||||
dnsDomain: {{ dns_domain }}
|
dnsDomain: {{ dns_domain }}
|
||||||
serviceSubnet: {{ kube_service_addresses }}
|
serviceSubnet: {{ kube_service_addresses }}
|
||||||
podSubnet: {{ kube_pods_subnet }}
|
podSubnet: {{ kube_pods_subnet }}
|
||||||
podNetworkCidr: "{{ kube_network_node_prefix }}"
|
|
||||||
kubernetesVersion: {{ kube_version }}
|
kubernetesVersion: {{ kube_version }}
|
||||||
{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %}
|
{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %}
|
||||||
controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
||||||
|
@ -44,7 +43,7 @@ controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.po
|
||||||
controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}
|
controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
apiServerCertSANs:
|
apiServerCertSANs:
|
||||||
{% for san in apiserver_sans.split(' ') | unique %}
|
{% for san in apiserver_sans %}
|
||||||
- {{ san }}
|
- {{ san }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
certificatesDir: {{ kube_config_dir }}/ssl
|
certificatesDir: {{ kube_config_dir }}/ssl
|
||||||
|
@ -94,6 +93,12 @@ apiServerExtraArgs:
|
||||||
{% if kube_oidc_groups_claim is defined %}
|
{% if kube_oidc_groups_claim is defined %}
|
||||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_oidc_username_prefix is defined %}
|
||||||
|
oidc-username-prefix: {{ kube_oidc_username_prefix }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kube_oidc_groups_prefix is defined %}
|
||||||
|
oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_encrypt_secret_data %}
|
{% if kube_encrypt_secret_data %}
|
||||||
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
|
||||||
|
@ -126,6 +131,7 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -109,7 +109,7 @@
|
||||||
- name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
|
- name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
|
||||||
assert:
|
assert:
|
||||||
that: rbac_enabled and kube_api_anonymous_auth
|
that: rbac_enabled and kube_api_anonymous_auth
|
||||||
when: kube_apiserver_insecure_port == 0
|
when: kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master']
|
||||||
ignore_errors: "{{ ignore_assert_errors }}"
|
ignore_errors: "{{ ignore_assert_errors }}"
|
||||||
|
|
||||||
- name: Stop if kernel version is too low
|
- name: Stop if kernel version is too low
|
||||||
|
|
|
@ -12,7 +12,7 @@ is_atomic: false
|
||||||
disable_swap: true
|
disable_swap: true
|
||||||
|
|
||||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||||
kube_version: v1.12.3
|
kube_version: v1.12.7
|
||||||
|
|
||||||
## Kube Proxy mode One of ['iptables','ipvs']
|
## Kube Proxy mode One of ['iptables','ipvs']
|
||||||
kube_proxy_mode: ipvs
|
kube_proxy_mode: ipvs
|
||||||
|
@ -213,7 +213,7 @@ docker_options: >-
|
||||||
{% if docker_registry_mirrors is defined %}
|
{% if docker_registry_mirrors is defined %}
|
||||||
{{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }}
|
{{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if docker_version is version('17.05', '<') %}
|
{%- if docker_version is defined and docker_version is version('17.05', '<') %}
|
||||||
--graph={{ docker_daemon_graph }} {{ docker_log_opts }}
|
--graph={{ docker_daemon_graph }} {{ docker_log_opts }}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
--data-root={{ docker_daemon_graph }} {{ docker_log_opts }}
|
--data-root={{ docker_daemon_graph }} {{ docker_log_opts }}
|
||||||
|
|
|
@ -110,12 +110,18 @@
|
||||||
- name: Clear IPVS virtual server table
|
- name: Clear IPVS virtual server table
|
||||||
shell: "ipvsadm -C"
|
shell: "ipvsadm -C"
|
||||||
when:
|
when:
|
||||||
- kube_proxy_mode == 'ipvs'
|
- kube_proxy_mode == 'ipvs' and inventory_hostname in groups['k8s-cluster']
|
||||||
|
|
||||||
|
- name: reset | check kube-ipvs0 network device
|
||||||
|
stat:
|
||||||
|
path: /sys/class/net/kube-ipvs0
|
||||||
|
register: kube_ipvs0
|
||||||
|
|
||||||
- name: reset | Remove kube-ipvs0
|
- name: reset | Remove kube-ipvs0
|
||||||
command: "ip link del kube-ipvs0"
|
command: "ip link del kube-ipvs0"
|
||||||
when:
|
when:
|
||||||
- kube_proxy_mode == 'ipvs'
|
- kube_proxy_mode == 'ipvs'
|
||||||
|
- kube_ipvs0.stat.exists
|
||||||
|
|
||||||
- name: reset | delete some files and directories
|
- name: reset | delete some files and directories
|
||||||
file:
|
file:
|
||||||
|
|
Loading…
Reference in a new issue