commit
08dfb7b59f
|
@ -177,9 +177,6 @@ efk_enabled: false
|
||||||
# Helm deployment
|
# Helm deployment
|
||||||
helm_enabled: false
|
helm_enabled: false
|
||||||
|
|
||||||
# Istio deployment
|
|
||||||
istio_enabled: false
|
|
||||||
|
|
||||||
# Registry deployment
|
# Registry deployment
|
||||||
registry_enabled: false
|
registry_enabled: false
|
||||||
# registry_namespace: "{{ system_namespace }}"
|
# registry_namespace: "{{ system_namespace }}"
|
||||||
|
|
|
@ -36,7 +36,6 @@ calico_policy_version: "v1.0.3"
|
||||||
calico_rr_version: "v0.4.2"
|
calico_rr_version: "v0.4.2"
|
||||||
flannel_version: "v0.10.0"
|
flannel_version: "v0.10.0"
|
||||||
flannel_cni_version: "v0.3.0"
|
flannel_cni_version: "v0.3.0"
|
||||||
istio_version: "0.2.6"
|
|
||||||
vault_version: 0.10.1
|
vault_version: 0.10.1
|
||||||
weave_version: 2.3.0
|
weave_version: 2.3.0
|
||||||
pod_infra_version: 3.0
|
pod_infra_version: 3.0
|
||||||
|
@ -44,12 +43,10 @@ contiv_version: 1.1.7
|
||||||
cilium_version: "v1.0.0-rc8"
|
cilium_version: "v1.0.0-rc8"
|
||||||
|
|
||||||
# Download URLs
|
# Download URLs
|
||||||
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
|
||||||
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
||||||
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
||||||
|
|
||||||
# Checksums
|
# Checksums
|
||||||
istioctl_checksum: fd703063c540b8c0ab943f478c05ab257d88ae27224c746a27d0526ddbf7c370
|
|
||||||
kubeadm_checksum: 7e1169bbbeed973ab402941672dec957638dea5952a1e8bc89a37d5e709cc4b4
|
kubeadm_checksum: 7e1169bbbeed973ab402941672dec957638dea5952a1e8bc89a37d5e709cc4b4
|
||||||
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
||||||
|
|
||||||
|
@ -70,22 +67,6 @@ calico_policy_image_repo: "quay.io/calico/kube-controllers"
|
||||||
calico_policy_image_tag: "{{ calico_policy_version }}"
|
calico_policy_image_tag: "{{ calico_policy_version }}"
|
||||||
calico_rr_image_repo: "quay.io/calico/routereflector"
|
calico_rr_image_repo: "quay.io/calico/routereflector"
|
||||||
calico_rr_image_tag: "{{ calico_rr_version }}"
|
calico_rr_image_tag: "{{ calico_rr_version }}"
|
||||||
istio_proxy_image_repo: docker.io/istio/proxy
|
|
||||||
istio_proxy_image_tag: "{{ istio_version }}"
|
|
||||||
istio_proxy_init_image_repo: docker.io/istio/proxy_init
|
|
||||||
istio_proxy_init_image_tag: "{{ istio_version }}"
|
|
||||||
istio_ca_image_repo: docker.io/istio/istio-ca
|
|
||||||
istio_ca_image_tag: "{{ istio_version }}"
|
|
||||||
istio_mixer_image_repo: docker.io/istio/mixer
|
|
||||||
istio_mixer_image_tag: "{{ istio_version }}"
|
|
||||||
istio_pilot_image_repo: docker.io/istio/pilot
|
|
||||||
istio_pilot_image_tag: "{{ istio_version }}"
|
|
||||||
istio_proxy_debug_image_repo: docker.io/istio/proxy_debug
|
|
||||||
istio_proxy_debug_image_tag: "{{ istio_version }}"
|
|
||||||
istio_sidecar_initializer_image_repo: docker.io/istio/sidecar_initializer
|
|
||||||
istio_sidecar_initializer_image_tag: "{{ istio_version }}"
|
|
||||||
istio_statsd_image_repo: prom/statsd-exporter
|
|
||||||
istio_statsd_image_tag: latest
|
|
||||||
hyperkube_image_repo: "gcr.io/google-containers/hyperkube"
|
hyperkube_image_repo: "gcr.io/google-containers/hyperkube"
|
||||||
hyperkube_image_tag: "{{ kube_version }}"
|
hyperkube_image_tag: "{{ kube_version }}"
|
||||||
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
|
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
|
||||||
|
@ -202,83 +183,6 @@ downloads:
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
groups:
|
groups:
|
||||||
- k8s-cluster
|
- k8s-cluster
|
||||||
istioctl:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
file: true
|
|
||||||
version: "{{ istio_version }}"
|
|
||||||
dest: "istio/istioctl"
|
|
||||||
sha256: "{{ istioctl_checksum }}"
|
|
||||||
source_url: "{{ istioctl_download_url }}"
|
|
||||||
url: "{{ istioctl_download_url }}"
|
|
||||||
unarchive: false
|
|
||||||
owner: "root"
|
|
||||||
mode: "0755"
|
|
||||||
groups:
|
|
||||||
- kube-master
|
|
||||||
istio_proxy:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_proxy_image_repo }}"
|
|
||||||
tag: "{{ istio_proxy_image_tag }}"
|
|
||||||
sha256: "{{ istio_proxy_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_proxy_init:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_proxy_init_image_repo }}"
|
|
||||||
tag: "{{ istio_proxy_init_image_tag }}"
|
|
||||||
sha256: "{{ istio_proxy_init_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_ca:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_ca_image_repo }}"
|
|
||||||
tag: "{{ istio_ca_image_tag }}"
|
|
||||||
sha256: "{{ istio_ca_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_mixer:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_mixer_image_repo }}"
|
|
||||||
tag: "{{ istio_mixer_image_tag }}"
|
|
||||||
sha256: "{{ istio_mixer_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_pilot:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_pilot_image_repo }}"
|
|
||||||
tag: "{{ istio_pilot_image_tag }}"
|
|
||||||
sha256: "{{ istio_pilot_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_proxy_debug:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_proxy_debug_image_repo }}"
|
|
||||||
tag: "{{ istio_proxy_debug_image_tag }}"
|
|
||||||
sha256: "{{ istio_proxy_debug_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_sidecar_initializer:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_sidecar_initializer_image_repo }}"
|
|
||||||
tag: "{{ istio_sidecar_initializer_image_tag }}"
|
|
||||||
sha256: "{{ istio_sidecar_initializer_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
istio_statsd:
|
|
||||||
enabled: "{{ istio_enabled }}"
|
|
||||||
container: true
|
|
||||||
repo: "{{ istio_statsd_image_repo }}"
|
|
||||||
tag: "{{ istio_statsd_image_tag }}"
|
|
||||||
sha256: "{{ istio_statsd_digest_checksum|default(None) }}"
|
|
||||||
groups:
|
|
||||||
- kube-node
|
|
||||||
hyperkube:
|
hyperkube:
|
||||||
enabled: true
|
enabled: true
|
||||||
container: true
|
container: true
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
---
|
|
||||||
istio_namespace: istio-system
|
|
|
@ -1,45 +0,0 @@
|
||||||
---
|
|
||||||
- name: istio | Create addon dir
|
|
||||||
file:
|
|
||||||
path: "{{ kube_config_dir }}/addons/istio"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0755
|
|
||||||
recurse: yes
|
|
||||||
|
|
||||||
- name: istio | Lay out manifests
|
|
||||||
template:
|
|
||||||
src: "{{item.file}}.j2"
|
|
||||||
dest: "{{kube_config_dir}}/addons/istio/{{item.file}}"
|
|
||||||
with_items:
|
|
||||||
- {name: istio-mixer, file: istio.yml, type: deployment }
|
|
||||||
- {name: istio-initializer, file: istio-initializer.yml, type: deployment }
|
|
||||||
register: manifests
|
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
|
||||||
|
|
||||||
- name: istio | Copy istioctl binary from download dir
|
|
||||||
command: rsync -piu "{{ local_release_dir }}/istio/istioctl" "{{ bin_dir }}/istioctl"
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: istio | Set up bash completion
|
|
||||||
shell: "{{ bin_dir }}/istioctl completion >/etc/bash_completion.d/istioctl.sh"
|
|
||||||
when: ansible_os_family in ["Debian","RedHat"]
|
|
||||||
|
|
||||||
- name: istio | Set bash completion file
|
|
||||||
file:
|
|
||||||
path: /etc/bash_completion.d/istioctl.sh
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0755
|
|
||||||
when: ansible_os_family in ["Debian","RedHat"]
|
|
||||||
|
|
||||||
- name: istio | apply manifests
|
|
||||||
kube:
|
|
||||||
name: "{{item.item.name}}"
|
|
||||||
namespace: "{{ istio_namespace }}"
|
|
||||||
kubectl: "{{bin_dir}}/kubectl"
|
|
||||||
resource: "{{item.item.type}}"
|
|
||||||
filename: "{{kube_config_dir}}/addons/istio/{{item.item.file}}"
|
|
||||||
state: "latest"
|
|
||||||
with_items: "{{ manifests.results }}"
|
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
|
|
@ -1,84 +0,0 @@
|
||||||
# GENERATED FILE. Use with Kubernetes 1.7+
|
|
||||||
# TO UPDATE, modify files in install/kubernetes/templates and run install/updateVersion.sh
|
|
||||||
################################
|
|
||||||
# Istio initializer
|
|
||||||
################################
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: istio-inject
|
|
||||||
namespace: {{ istio_namespace }}
|
|
||||||
data:
|
|
||||||
config: |-
|
|
||||||
policy: "enabled"
|
|
||||||
namespaces: [""] # everything, aka v1.NamepsaceAll, aka cluster-wide
|
|
||||||
initializerName: "sidecar.initializer.istio.io"
|
|
||||||
params:
|
|
||||||
initImage: {{ istio_proxy_init_image_repo }}:{{ istio_proxy_init_image_tag }}
|
|
||||||
proxyImage: {{ istio_proxy_image_repo }}:{{ istio_proxy_image_tag }}
|
|
||||||
verbosity: 2
|
|
||||||
version: 0.2.6
|
|
||||||
meshConfigMapName: istio
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: istio-initializer-service-account
|
|
||||||
namespace: {{ istio_namespace }}
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1beta1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: istio-initializer
|
|
||||||
namespace: {{ istio_namespace }}
|
|
||||||
annotations:
|
|
||||||
sidecar.istio.io/inject: "false"
|
|
||||||
initializers:
|
|
||||||
pending: []
|
|
||||||
labels:
|
|
||||||
istio: istio-initializer
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: istio-initializer
|
|
||||||
labels:
|
|
||||||
istio: initializer
|
|
||||||
annotations:
|
|
||||||
sidecar.istio.io/inject: "false"
|
|
||||||
spec:
|
|
||||||
serviceAccountName: istio-initializer-service-account
|
|
||||||
containers:
|
|
||||||
- name: initializer
|
|
||||||
image: {{ istio_sidecar_initializer_image_repo }}:{{ istio_sidecar_initializer_image_tag }}
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
args:
|
|
||||||
- --port=8083
|
|
||||||
- --namespace={{ istio_namespace }}
|
|
||||||
- -v=2
|
|
||||||
volumeMounts:
|
|
||||||
- name: config-volume
|
|
||||||
mountPath: /etc/istio/config
|
|
||||||
volumes:
|
|
||||||
- name: config-volume
|
|
||||||
configMap:
|
|
||||||
name: istio
|
|
||||||
---
|
|
||||||
apiVersion: admissionregistration.k8s.io/v1alpha1
|
|
||||||
kind: InitializerConfiguration
|
|
||||||
metadata:
|
|
||||||
name: istio-sidecar
|
|
||||||
initializers:
|
|
||||||
- name: sidecar.initializer.istio.io
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- "*"
|
|
||||||
apiVersions:
|
|
||||||
- "*"
|
|
||||||
resources:
|
|
||||||
- deployments
|
|
||||||
- statefulsets
|
|
||||||
- jobs
|
|
||||||
- daemonsets
|
|
||||||
---
|
|
File diff suppressed because it is too large
Load Diff
|
@ -22,14 +22,6 @@ dependencies:
|
||||||
- apps
|
- apps
|
||||||
- registry
|
- registry
|
||||||
|
|
||||||
# istio role should be last because it takes a long time to initialize and
|
|
||||||
# will cause timeouts trying to start other addons.
|
|
||||||
- role: kubernetes-apps/istio
|
|
||||||
when: istio_enabled
|
|
||||||
tags:
|
|
||||||
- apps
|
|
||||||
- istio
|
|
||||||
|
|
||||||
- role: kubernetes-apps/persistent_volumes
|
- role: kubernetes-apps/persistent_volumes
|
||||||
when: persistent_volumes_enabled
|
when: persistent_volumes_enabled
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -180,7 +180,6 @@ dashboard_enabled: true
|
||||||
# Addons which can be enabled
|
# Addons which can be enabled
|
||||||
efk_enabled: false
|
efk_enabled: false
|
||||||
helm_enabled: false
|
helm_enabled: false
|
||||||
istio_enabled: false
|
|
||||||
registry_enabled: false
|
registry_enabled: false
|
||||||
enable_network_policy: false
|
enable_network_policy: false
|
||||||
local_volume_provisioner_enabled: "{{ local_volumes_enabled | default('false') }}"
|
local_volume_provisioner_enabled: "{{ local_volumes_enabled | default('false') }}"
|
||||||
|
@ -220,7 +219,6 @@ kubelet_authorization_mode_webhook: false
|
||||||
## List of key=value pairs that describe feature gates for
|
## List of key=value pairs that describe feature gates for
|
||||||
## the k8s cluster.
|
## the k8s cluster.
|
||||||
kube_feature_gates:
|
kube_feature_gates:
|
||||||
- "Initializers={{ istio_enabled | string }}"
|
|
||||||
- "PersistentLocalVolumes={{ local_volume_provisioner_enabled | string }}"
|
- "PersistentLocalVolumes={{ local_volume_provisioner_enabled | string }}"
|
||||||
- "VolumeScheduling={{ local_volume_provisioner_enabled | string }}"
|
- "VolumeScheduling={{ local_volume_provisioner_enabled | string }}"
|
||||||
- "MountPropagation={{ local_volume_provisioner_enabled | string }}"
|
- "MountPropagation={{ local_volume_provisioner_enabled | string }}"
|
||||||
|
|
|
@ -7,7 +7,6 @@ mode: ha
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
kube_network_plugin: flannel
|
kube_network_plugin: flannel
|
||||||
helm_enabled: true
|
helm_enabled: true
|
||||||
istio_enabled: true
|
|
||||||
efk_enabled: true
|
efk_enabled: true
|
||||||
etcd_events_cluster_setup: true
|
etcd_events_cluster_setup: true
|
||||||
local_volume_provisioner_enabled: true
|
local_volume_provisioner_enabled: true
|
||||||
|
|
Loading…
Reference in New Issue