Enable containerd to deploy vanilla containerd package (#4951)
* Enable containerd to deploy vanilla containerd package Fixes kubeadm references to CRI socket for containerd Fixes download role cache feature to work with containerd Change-Id: I2ab8f0031107e2f0d1a85c39b4beb66f08509a01 * use containerd for flannel-addons job Change-Id: Ied375c7d65e64a625ffbd995ff16f2374067dee6 * add containerd vars Change-Id: Ib9a8a04e501c481a86235413cbec63f3672baf91 * fixup vars Change-Id: Ibea64e4b18405a578b52a13da100384582aa24c2 * more fixes * fix rh repo Change-Id: I00575a77cfb7b81d6095db5d918a52023c8f13ba * Adjust helm host install for containerdpull/4964/head
parent
a038d62644
commit
29307740dd
|
@ -10,3 +10,35 @@ containerd_config:
|
||||||
registries:
|
registries:
|
||||||
"docker.io": "https://registry-1.docker.io"
|
"docker.io": "https://registry-1.docker.io"
|
||||||
max_container_log_line_size: -1
|
max_container_log_line_size: -1
|
||||||
|
|
||||||
|
containerd_version: '1.2.6'
|
||||||
|
containerd_package: 'containerd.io'
|
||||||
|
|
||||||
|
containerd_cfg_dir: /etc/containerd
|
||||||
|
|
||||||
|
# Path to runc binray
|
||||||
|
runc_binary: /usr/sbin/runc
|
||||||
|
|
||||||
|
|
||||||
|
yum_repo_dir: /etc/yum.repos.d
|
||||||
|
yum_conf: /etc/yum.conf
|
||||||
|
containerd_yum_conf: /etc/yum_containerd.conf
|
||||||
|
|
||||||
|
# Optional values for containerd apt repo
|
||||||
|
containerd_package_info:
|
||||||
|
pkgs:
|
||||||
|
|
||||||
|
containerd_repo_key_info:
|
||||||
|
repo_keys:
|
||||||
|
|
||||||
|
containerd_repo_info:
|
||||||
|
repos:
|
||||||
|
|
||||||
|
extras_rh_repo_base_url: "http://mirror.centos.org/centos/$releasever/extras/$basearch/"
|
||||||
|
extras_rh_repo_gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7"
|
||||||
|
|
||||||
|
# Ubuntu docker-ce repo
|
||||||
|
containerd_ubuntu_repo_base_url: "https://download.docker.com/linux/ubuntu"
|
||||||
|
containerd_ubuntu_repo_gpgkey: 'https://download.docker.com/linux/ubuntu/gpg'
|
||||||
|
containerd_ubuntu_repo_repokey: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
|
||||||
|
containerd_ubuntu_repo_component: 'stable'
|
||||||
|
|
|
@ -2,23 +2,19 @@
|
||||||
- name: restart containerd
|
- name: restart containerd
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify:
|
notify:
|
||||||
- Containerd | reload containerd
|
- Containerd | restart containerd
|
||||||
- Containerd | pause while containerd restarts
|
|
||||||
- Containerd | wait for containerd
|
- Containerd | wait for containerd
|
||||||
|
|
||||||
- name: Containerd | reload containerd
|
- name: Containerd | restart containerd
|
||||||
service:
|
systemd:
|
||||||
name: containerd
|
name: containerd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
- name: Containerd | pause while containerd restarts
|
daemon-reload: yes
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
||||||
prompt: "Waiting for containerd restart"
|
|
||||||
|
|
||||||
- name: Containerd | wait for containerd
|
- name: Containerd | wait for containerd
|
||||||
command: "{{ containerd_bin_dir }}/ctr images ls -q"
|
command: "{{ containerd_bin_dir }}/ctr images ls -q"
|
||||||
register: containerd_ready
|
register: containerd_ready
|
||||||
retries: 10
|
retries: 8
|
||||||
delay: 5
|
delay: 4
|
||||||
until: containerd_ready.rc == 0
|
until: containerd_ready.rc == 0
|
||||||
|
|
|
@ -0,0 +1,106 @@
|
||||||
|
---
|
||||||
|
- name: ensure containerd repository public key is installed
|
||||||
|
action: "{{ containerd_repo_key_info.pkg_key }}"
|
||||||
|
args:
|
||||||
|
id: "{{ item }}"
|
||||||
|
url: "{{ containerd_repo_key_info.url }}"
|
||||||
|
state: present
|
||||||
|
register: keyserver_task_result
|
||||||
|
until: keyserver_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
with_items: "{{ containerd_repo_key_info.repo_keys }}"
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
|
||||||
|
- name: ensure containerd repository is enabled
|
||||||
|
action: "{{ containerd_repo_info.pkg_repo }}"
|
||||||
|
args:
|
||||||
|
repo: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ containerd_repo_info.repos }}"
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
- containerd_repo_info.repos|length > 0
|
||||||
|
|
||||||
|
# This is required to ensure any apt upgrade will not break kubernetes
|
||||||
|
- name: Set containerd pin priority to apt_preferences on Debian family
|
||||||
|
template:
|
||||||
|
src: "apt_preferences.d/debian_containerd.j2"
|
||||||
|
dest: "/etc/apt/preferences.d/containerd"
|
||||||
|
owner: "root"
|
||||||
|
mode: 0644
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
|
||||||
|
- name: ensure containerd repository public key is installed
|
||||||
|
action: "{{ containerd_repo_key_info.pkg_key }}"
|
||||||
|
args:
|
||||||
|
id: "{{ item }}"
|
||||||
|
url: "{{ containerd_repo_key_info.url }}"
|
||||||
|
state: present
|
||||||
|
register: keyserver_task_result
|
||||||
|
until: keyserver_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
with_items: "{{ containerd_repo_key_info.repo_keys }}"
|
||||||
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic)
|
||||||
|
|
||||||
|
- name: ensure containerd repository is enabled
|
||||||
|
action: "{{ containerd_repo_info.pkg_repo }}"
|
||||||
|
args:
|
||||||
|
repo: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ containerd_repo_info.repos }}"
|
||||||
|
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS", "RedHat", "Suse", "ClearLinux"] or is_atomic) and (containerd_repo_info.repos|length > 0)
|
||||||
|
|
||||||
|
- name: Configure containerd repository on Fedora
|
||||||
|
template:
|
||||||
|
src: "fedora_containerd.repo.j2"
|
||||||
|
dest: "{{ yum_repo_dir }}/containerd.repo"
|
||||||
|
when: ansible_distribution == "Fedora" and not is_atomic
|
||||||
|
|
||||||
|
- name: Configure containerd repository on RedHat/CentOS
|
||||||
|
template:
|
||||||
|
src: "rh_containerd.repo.j2"
|
||||||
|
dest: "{{ yum_repo_dir }}/containerd.repo"
|
||||||
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||||
|
|
||||||
|
- name: check if container-selinux is available
|
||||||
|
yum:
|
||||||
|
list: "container-selinux"
|
||||||
|
register: yum_result
|
||||||
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||||
|
|
||||||
|
- name: Configure extras repository on RedHat/CentOS if container-selinux is not available in current repos
|
||||||
|
yum_repository:
|
||||||
|
name: extras
|
||||||
|
description: "CentOS-7 - Extras"
|
||||||
|
state: present
|
||||||
|
baseurl: "{{ extras_rh_repo_base_url }}"
|
||||||
|
file: "extras"
|
||||||
|
gpgcheck: yes
|
||||||
|
gpgkey: "{{ extras_rh_repo_gpgkey }}"
|
||||||
|
keepcache: "{{ containerd_rpm_keepcache | default('1') }}"
|
||||||
|
proxy: " {{ http_proxy | default('_none_') }}"
|
||||||
|
when:
|
||||||
|
- ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||||
|
- yum_result.results | length == 0
|
||||||
|
|
||||||
|
- name: Copy yum.conf for editing
|
||||||
|
copy:
|
||||||
|
src: "{{ yum_conf }}"
|
||||||
|
dest: "{{ containerd_yum_conf }}"
|
||||||
|
remote_src: yes
|
||||||
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
||||||
|
|
||||||
|
- name: Edit copy of yum.conf to set obsoletes=0
|
||||||
|
lineinfile:
|
||||||
|
path: "{{ containerd_yum_conf }}"
|
||||||
|
state: present
|
||||||
|
regexp: '^obsoletes='
|
||||||
|
line: 'obsoletes=0'
|
||||||
|
when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: crictl | Download crictl
|
- name: crictl | Download crictl
|
||||||
include_tasks: "roles/download/tasks/download_file.yml"
|
include_tasks: "../../../download/tasks/download_file.yml"
|
||||||
vars:
|
vars:
|
||||||
download: "{{ download_defaults | combine(downloads.crictl) }}"
|
download: "{{ download_defaults | combine(downloads.crictl) }}"
|
||||||
|
|
||||||
|
|
|
@ -5,27 +5,119 @@
|
||||||
when:
|
when:
|
||||||
- not ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
- not ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
||||||
|
|
||||||
- name: Install Docker
|
- name: gather os specific variables
|
||||||
include_role:
|
include_vars: "{{ item }}"
|
||||||
name: container-engine/docker
|
with_first_found:
|
||||||
|
- files:
|
||||||
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||||
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}-{{ host_architecture }}.yml"
|
||||||
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml"
|
||||||
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||||
|
- "{{ ansible_distribution|lower }}-{{ host_architecture }}.yml"
|
||||||
|
- "{{ ansible_distribution|lower }}.yml"
|
||||||
|
- "{{ ansible_os_family|lower }}-{{ host_architecture }}.yml"
|
||||||
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
|
- defaults.yml
|
||||||
|
paths:
|
||||||
|
- ../vars
|
||||||
|
skip: true
|
||||||
|
tags:
|
||||||
|
- facts
|
||||||
|
|
||||||
- name: Install config.toml
|
- include_tasks: containerd_repo.yml
|
||||||
|
|
||||||
|
- name: ensure containerd config directory
|
||||||
|
file:
|
||||||
|
dest: "{{ containerd_cfg_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Copy containerd config file
|
||||||
template:
|
template:
|
||||||
src: config.toml.j2
|
src: config.toml.j2
|
||||||
dest: /etc/containerd/config.toml
|
dest: "{{ containerd_cfg_dir }}/config.toml"
|
||||||
owner: bin
|
owner: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
notify: restart containerd
|
||||||
|
|
||||||
- name: Stop and disabled Docker
|
|
||||||
systemd:
|
|
||||||
name: docker
|
|
||||||
state: stopped
|
|
||||||
enabled: no
|
|
||||||
|
|
||||||
- name: Restart containerd
|
- name: ensure containerd repository public key is installed
|
||||||
systemd:
|
action: "{{ containerd_repo_key_info.pkg_key }}"
|
||||||
name: containerd
|
args:
|
||||||
state: restarted
|
id: "{{ item }}"
|
||||||
|
url: "{{ containerd_repo_key_info.url }}"
|
||||||
|
state: present
|
||||||
|
register: keyserver_task_result
|
||||||
|
until: keyserver_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
with_items: "{{ containerd_repo_key_info.repo_keys }}"
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
|
||||||
|
- name: ensure containerd repository is enabled
|
||||||
|
action: "{{ containerd_repo_info.pkg_repo }}"
|
||||||
|
args:
|
||||||
|
repo: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ containerd_repo_info.repos }}"
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
- containerd_repo_info.repos|length > 0
|
||||||
|
|
||||||
|
# This is required to ensure any apt upgrade will not break kubernetes
|
||||||
|
- name: Set containerd pin priority to apt_preferences on Debian family
|
||||||
|
template:
|
||||||
|
src: "apt_preferences.d/debian_containerd.j2"
|
||||||
|
dest: "/etc/apt/preferences.d/containerd"
|
||||||
|
owner: "root"
|
||||||
|
mode: 0644
|
||||||
|
when:
|
||||||
|
- ansible_os_family in ['Ubuntu', 'Debian']
|
||||||
|
- not is_atomic
|
||||||
|
|
||||||
|
- name: ensure containerd packages are installed
|
||||||
|
action: "{{ containerd_package_info.pkg_mgr }}"
|
||||||
|
args:
|
||||||
|
pkg: "{{ item.name }}"
|
||||||
|
force: "{{ item.force | default(omit) }}"
|
||||||
|
conf_file: "{{ item.yum_conf | default(omit) }}"
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
|
||||||
|
register: containerd_task_result
|
||||||
|
until: containerd_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
with_items: "{{ containerd_package_info.pkgs }}"
|
||||||
|
notify: restart containerd
|
||||||
|
when:
|
||||||
|
- not is_atomic
|
||||||
|
- containerd_package_info.pkgs|length > 0
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Check if runc is installed
|
||||||
|
stat:
|
||||||
|
path: /usr/sbin/runc
|
||||||
|
register: runc_stat
|
||||||
|
|
||||||
|
- name: Install runc package if necessary
|
||||||
|
action: "{{ containerd_package_info.pkg_mgr }}"
|
||||||
|
args:
|
||||||
|
pkg: runc
|
||||||
|
state: present
|
||||||
|
update_cache: "{{ omit if ansible_distribution == 'Fedora' else True }}"
|
||||||
|
register: runc_task_result
|
||||||
|
until: runc_task_result is succeeded
|
||||||
|
retries: 4
|
||||||
|
delay: "{{ retry_stagger | d(3) }}"
|
||||||
|
notify: restart containerd
|
||||||
|
when:
|
||||||
|
- not is_atomic
|
||||||
|
- not runc_stat.stat.exists
|
||||||
|
|
||||||
- name: Install crictl config
|
- name: Install crictl config
|
||||||
template:
|
template:
|
||||||
|
@ -35,16 +127,6 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Install crictl completion
|
- name: Install crictl completion
|
||||||
shell: /usr/local/bin/crictl completion >/etc/bash_completion.d/crictl
|
shell: "{{ bin_dir }}/crictl completion >/etc/bash_completion.d/crictl"
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
when: ansible_distribution in ["CentOS","RedHat", "Ubuntu", "Debian"]
|
||||||
|
|
||||||
- name: Enable containerd
|
|
||||||
systemd:
|
|
||||||
name: containerd.service
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
daemon-reload: yes
|
|
||||||
|
|
||||||
- name: flush handlers so we can wait for containerd to come up
|
|
||||||
meta: flush_handlers
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
Package: {{ containerd_package }}
|
||||||
|
Pin: version {{ containerd_version }}.*
|
||||||
|
Pin-Priority: 1001
|
|
@ -13,7 +13,7 @@ disabled_plugins = ["restart"]
|
||||||
|
|
||||||
[plugins.linux]
|
[plugins.linux]
|
||||||
shim = "/usr/bin/containerd-shim"
|
shim = "/usr/bin/containerd-shim"
|
||||||
runtime = "/usr/sbin/runc"
|
runtime = "{{ runc_binary }}"
|
||||||
|
|
||||||
[plugins.cri]
|
[plugins.cri]
|
||||||
stream_server_address = "127.0.0.1"
|
stream_server_address = "127.0.0.1"
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
[docker-ce]
|
||||||
|
name=Docker-CE Repository
|
||||||
|
baseurl={{ docker_rh_repo_base_url }}
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
keepcache={{ docker_rpm_keepcache | default('1') }}
|
||||||
|
gpgkey={{ docker_rh_repo_gpgkey }}
|
||||||
|
{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
|
||||||
|
|
||||||
|
[docker-engine]
|
||||||
|
name=Docker-Engine Repository
|
||||||
|
baseurl={{ dockerproject_rh_repo_base_url }}
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
keepcache={{ docker_rpm_keepcache | default('1') }}
|
||||||
|
gpgkey={{ dockerproject_rh_repo_gpgkey }}
|
||||||
|
{% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
containerd_versioned_pkg:
|
||||||
|
'latest': "{{ containerd_package }}"
|
||||||
|
'1.2.4': "{{ containerd_package }}-1.2.4-3.1.el7"
|
||||||
|
'1.2.5': "{{ containerd_package }}-1.2.5-3.1.el7"
|
||||||
|
'1.2.6': "{{ containerd_package }}-1.2.6-3.3.el7"
|
||||||
|
'stable': "{{ containerd_package }}-1.2.6-3.3.el7"
|
||||||
|
'edge': "{{ containerd_package }}-1.2.6-3.3.el7"
|
||||||
|
|
||||||
|
containerd_package_info:
|
||||||
|
pkg_mgr: yum
|
||||||
|
pkgs:
|
||||||
|
- name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
|
||||||
|
|
||||||
|
containerd_pkgs:
|
||||||
|
- name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
|
||||||
|
yum_conf: "{{ containerd_yum_conf }}"
|
||||||
|
|
||||||
|
containerd_repo_key_info:
|
||||||
|
pkg_key: ''
|
||||||
|
repo_keys: []
|
||||||
|
|
||||||
|
containerd_repo_info:
|
||||||
|
pkg_repo: ''
|
||||||
|
repos: []
|
||||||
|
|
||||||
|
runc_binary: /bin/runc
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
# docker-ce containerd.io does not contain daemon
|
||||||
|
containerd_package: containerd
|
||||||
|
|
||||||
|
containerd_package_info:
|
||||||
|
pkg_mgr: zypper
|
||||||
|
pkgs:
|
||||||
|
- name: "{{ containerd_package }}"
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
containerd_repo_key_info:
|
||||||
|
pkg_key: ''
|
||||||
|
repo_keys: []
|
||||||
|
|
||||||
|
containerd_repo_info:
|
||||||
|
pkg_repo: ''
|
||||||
|
repos: []
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
containerd_versioned_pkg:
|
||||||
|
'latest': "{{ containerd_package }}"
|
||||||
|
'1.2.4': "{{ containerd_package }}=1.2.4-1"
|
||||||
|
'stable': "{{ containerd_package }}=1.2.4-1"
|
||||||
|
'edge': "{{ containerd_package }}=1.2.4-1"
|
||||||
|
|
||||||
|
containerd_package_info:
|
||||||
|
pkg_mgr: apt
|
||||||
|
pkgs:
|
||||||
|
- name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
|
||||||
|
force: true
|
||||||
|
|
||||||
|
containerd_repo_key_info:
|
||||||
|
pkg_key: apt_key
|
||||||
|
url: '{{ containerd_ubuntu_repo_gpgkey }}'
|
||||||
|
repo_keys:
|
||||||
|
- '{{ containerd_ubuntu_repo_repokey }}'
|
||||||
|
|
||||||
|
containerd_repo_info:
|
||||||
|
pkg_repo: apt_repository
|
||||||
|
repos:
|
||||||
|
- >
|
||||||
|
deb {{ containerd_ubuntu_repo_base_url }}
|
||||||
|
{{ ansible_distribution_release|lower }}
|
||||||
|
{{ containerd_ubuntu_repo_component }}
|
|
@ -20,10 +20,3 @@ dependencies:
|
||||||
tags:
|
tags:
|
||||||
- container-engine
|
- container-engine
|
||||||
- docker
|
- docker
|
||||||
|
|
||||||
- role: container-engine/containerd
|
|
||||||
when:
|
|
||||||
- container_manager == 'containerd'
|
|
||||||
tags:
|
|
||||||
- container-engine
|
|
||||||
- containerd
|
|
||||||
|
|
|
@ -5,8 +5,7 @@
|
||||||
# It will output something like the following:
|
# It will output something like the following:
|
||||||
# nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc...
|
# nginx:1.15,gcr.io/google-containers/kube-proxy:v1.14.1,gcr.io/google-containers/kube-proxy@sha256:44af2833c6cbd9a7fc2e9d2f5244a39dfd2e31ad91bf9d4b7d810678db738ee9,gcr.io/google-containers/kube-apiserver:v1.14.1,etc...
|
||||||
- name: check_pull_required | Generate a list of information about the images on a node
|
- name: check_pull_required | Generate a list of information about the images on a node
|
||||||
shell: >-
|
shell: "{{ image_info_command }}"
|
||||||
{{ docker_bin_dir }}/docker images -q | xargs -r {{ docker_bin_dir }}/docker inspect -f "{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (index .RepoTags) {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (index .RepoDigests) {{ '}}' }}{{ '{{' }} end {{ '}}' }}" | sed -e 's/^ *\[//g' -e 's/\] *$//g' -e 's/ /\n/g' | tr '\n' ','
|
|
||||||
delegate_to: "{{ download_delegate if download_run_once or inventory_hostname }}"
|
delegate_to: "{{ download_delegate if download_run_once or inventory_hostname }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
register: docker_images
|
register: docker_images
|
||||||
|
|
|
@ -65,7 +65,7 @@
|
||||||
- ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"]
|
- ansible_os_family not in ["CoreOS", "Container Linux by CoreOS"]
|
||||||
|
|
||||||
- name: download_container | Prepare container download
|
- name: download_container | Prepare container download
|
||||||
import_tasks: check_pull_required.yml
|
include_tasks: check_pull_required.yml
|
||||||
run_once: "{{ download_run_once }}"
|
run_once: "{{ download_run_once }}"
|
||||||
when:
|
when:
|
||||||
- not download_always_pull
|
- not download_always_pull
|
||||||
|
|
|
@ -24,10 +24,11 @@
|
||||||
|
|
||||||
- include_tasks: ../../container-engine/containerd/tasks/crictl.yml
|
- include_tasks: ../../container-engine/containerd/tasks/crictl.yml
|
||||||
when:
|
when:
|
||||||
|
- not skip_downloads|default(false)
|
||||||
- container_manager in ['containerd', 'crio']
|
- container_manager in ['containerd', 'crio']
|
||||||
|
|
||||||
- name: download | Get kubeadm binary and list of required images
|
- name: download | Get kubeadm binary and list of required images
|
||||||
import_tasks: prep_kubeadm_images.yml
|
include_tasks: prep_kubeadm_images.yml
|
||||||
when:
|
when:
|
||||||
- kube_version is version('v1.11.0', '>=')
|
- kube_version is version('v1.11.0', '>=')
|
||||||
- not skip_downloads|default(false)
|
- not skip_downloads|default(false)
|
||||||
|
|
|
@ -5,6 +5,20 @@
|
||||||
tags:
|
tags:
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
|
- name: Set image info command for containerd
|
||||||
|
set_fact:
|
||||||
|
image_info_command: "{{ containerd_bin_dir }}/ctr images ls | tail -n +2 | awk -F '[ :]+' '{print $1\":\"$2\",\"$1\":\"$4\"@\"$5}' | tr '\n' ','"
|
||||||
|
when: container_manager == 'containerd'
|
||||||
|
|
||||||
|
- name: Register docker images info
|
||||||
|
shell: "{{ image_info_command }}"
|
||||||
|
no_log: true
|
||||||
|
register: docker_images
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
check_mode: no
|
||||||
|
when: download_container
|
||||||
|
|
||||||
- name: prep_download | Create staging directory on remote node
|
- name: prep_download | Create staging directory on remote node
|
||||||
file:
|
file:
|
||||||
path: "{{ local_release_dir }}/images"
|
path: "{{ local_release_dir }}/images"
|
||||||
|
|
|
@ -13,3 +13,9 @@ etcd:
|
||||||
{% for endpoint in etcd_access_addresses.split(',') %}
|
{% for endpoint in etcd_access_addresses.split(',') %}
|
||||||
- {{ endpoint }}
|
- {{ endpoint }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if dns_mode in ['coredns', 'coredns_dual'] %}
|
||||||
|
dns:
|
||||||
|
type: CoreDNS
|
||||||
|
imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
|
||||||
|
imageTag: {{ coredns_image_tag }}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -1,6 +1,25 @@
|
||||||
---
|
---
|
||||||
|
- name: Helm | Set commands for helm host tasks
|
||||||
|
set_fact:
|
||||||
|
helm_compare_command: >-
|
||||||
|
{%- if container_manager in ['docker', 'crio'] %}
|
||||||
|
{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /usr/bin/cmp {{ helm_image_repo }}:{{ helm_image_tag }} /usr/local/bin/helm /systembindir/helm
|
||||||
|
{%- elif container_manager == "containerd" %}
|
||||||
|
ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/systembindir,options=rbind:rw {{ helm_image_repo }}:{{ helm_image_tag }} helm-compare sh -c 'cmp /usr/local/bin/helm /systembindir/helm'
|
||||||
|
{%- endif %}
|
||||||
|
helm_copy_command: >-
|
||||||
|
{%- if container_manager in ['docker', 'crio'] %}
|
||||||
|
{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /bin/cp {{ helm_image_repo }}:{{ helm_image_tag }} -f /usr/local/bin/helm /systembindir/helm
|
||||||
|
{%- elif container_manager == "containerd" %}
|
||||||
|
ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/systembindir,options=rbind:rw {{ helm_image_repo }}:{{ helm_image_tag }} helm-copy sh -c '/bin/cp -f /usr/local/bin/helm /systembindir/helm'
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
- name: Helm | ensure helm container is pulled for containerd
|
||||||
|
command: "ctr i pull {{ helm_image_repo }}:{{ helm_image_tag }}"
|
||||||
|
when: container_manager == "containerd"
|
||||||
|
|
||||||
- name: Helm | Compare host helm with hyperkube container
|
- name: Helm | Compare host helm with hyperkube container
|
||||||
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /usr/bin/cmp {{ helm_image_repo }}:{{ helm_image_tag }} /usr/local/bin/helm /systembindir/helm"
|
command: "{{ helm_compare_command }}"
|
||||||
register: helm_task_compare_result
|
register: helm_task_compare_result
|
||||||
until: helm_task_compare_result.rc in [0,1,2]
|
until: helm_task_compare_result.rc in [0,1,2]
|
||||||
retries: 4
|
retries: 4
|
||||||
|
@ -9,7 +28,7 @@
|
||||||
failed_when: "helm_task_compare_result.rc not in [0,1,2]"
|
failed_when: "helm_task_compare_result.rc not in [0,1,2]"
|
||||||
|
|
||||||
- name: Helm | Copy helm from helm container
|
- name: Helm | Copy helm from helm container
|
||||||
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /bin/cp {{ helm_image_repo }}:{{ helm_image_tag }} -f /usr/local/bin/helm /systembindir/helm"
|
command: "{{ helm_copy_command }}"
|
||||||
when: helm_task_compare_result.rc != 0
|
when: helm_task_compare_result.rc != 0
|
||||||
register: helm_task_result
|
register: helm_task_result
|
||||||
until: helm_task_result.rc == 0
|
until: helm_task_result.rc == 0
|
||||||
|
|
|
@ -40,6 +40,12 @@
|
||||||
run_once: yes
|
run_once: yes
|
||||||
when: kubeconfig_localhost|default(false)
|
when: kubeconfig_localhost|default(false)
|
||||||
|
|
||||||
|
- name: Wait for k8s apiserver
|
||||||
|
wait_for:
|
||||||
|
host: "{{ kube_apiserver_access_address }}"
|
||||||
|
port: "{{ kube_apiserver_port }}"
|
||||||
|
timeout: 180
|
||||||
|
|
||||||
# NOTE(mattymo): Please forgive this workaround
|
# NOTE(mattymo): Please forgive this workaround
|
||||||
- name: Generate admin kubeconfig with external api endpoint
|
- name: Generate admin kubeconfig with external api endpoint
|
||||||
shell: >-
|
shell: >-
|
||||||
|
|
|
@ -17,11 +17,7 @@ nodeRegistration:
|
||||||
{% else %}
|
{% else %}
|
||||||
taints: []
|
taints: []
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if container_manager == 'crio' %}
|
criSocket: {{ cri_socket }}
|
||||||
criSocket: /var/run/crio/crio.sock
|
|
||||||
{% else %}
|
|
||||||
criSocket: /var/run/dockershim.sock
|
|
||||||
{% endif %}
|
|
||||||
---
|
---
|
||||||
apiVersion: kubeadm.k8s.io/v1beta2
|
apiVersion: kubeadm.k8s.io/v1beta2
|
||||||
kind: ClusterConfiguration
|
kind: ClusterConfiguration
|
||||||
|
|
|
@ -5,7 +5,7 @@ discovery:
|
||||||
{% if kubeadm_config_api_fqdn is defined %}
|
{% if kubeadm_config_api_fqdn is defined %}
|
||||||
apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
||||||
{% else %}
|
{% else %}
|
||||||
apiServerEndpoint: {{ kubeadm_discovery_address | replace("https://", "")}}
|
apiServerEndpoint: {{ kubeadm_discovery_address }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
token: {{ kubeadm_token }}
|
token: {{ kubeadm_token }}
|
||||||
unsafeSkipCAVerification: true
|
unsafeSkipCAVerification: true
|
||||||
|
@ -18,8 +18,4 @@ controlPlane:
|
||||||
certificateKey: {{ kubeadm_certificate_key }}
|
certificateKey: {{ kubeadm_certificate_key }}
|
||||||
nodeRegistration:
|
nodeRegistration:
|
||||||
name: {{ kube_override_hostname|default(inventory_hostname) }}
|
name: {{ kube_override_hostname|default(inventory_hostname) }}
|
||||||
{% if container_manager == 'crio' %}
|
criSocket: {{ cri_socket }}
|
||||||
criSocket: /var/run/crio/crio.sock
|
|
||||||
{% else %}
|
|
||||||
criSocket: /var/run/dockershim.sock
|
|
||||||
{% endif %}
|
|
||||||
|
|
|
@ -5,25 +5,25 @@ cloud_region: us-central1-c
|
||||||
cloud_machine_type: "n1-standard-2"
|
cloud_machine_type: "n1-standard-2"
|
||||||
mode: ha
|
mode: ha
|
||||||
|
|
||||||
# Deployment settings
|
# Kubespray settings
|
||||||
kubeadm_control_plane: true
|
kubeadm_control_plane: true
|
||||||
kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
|
kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
|
||||||
|
kube_proxy_mode: iptables
|
||||||
kube_network_plugin: flannel
|
kube_network_plugin: flannel
|
||||||
helm_enabled: true
|
helm_enabled: true
|
||||||
kubernetes_audit: true
|
kubernetes_audit: true
|
||||||
|
container_manager: containerd
|
||||||
etcd_events_cluster_enabled: true
|
etcd_events_cluster_enabled: true
|
||||||
local_volume_provisioner_enabled: true
|
local_volume_provisioner_enabled: true
|
||||||
etcd_deployment_type: host
|
etcd_deployment_type: host
|
||||||
deploy_netchecker: true
|
deploy_netchecker: true
|
||||||
dns_min_replicas: 1
|
dns_min_replicas: 1
|
||||||
cloud_provider: gce
|
|
||||||
kube_encrypt_secret_data: true
|
kube_encrypt_secret_data: true
|
||||||
# ingress_nginx_enabled: true
|
ingress_nginx_enabled: true
|
||||||
cert_manager_enabled: true
|
cert_manager_enabled: true
|
||||||
# Disabled temporarily
|
# Disable as health checks are still unstable and slow to respond.
|
||||||
metrics_server_enabled: false
|
metrics_server_enabled: false
|
||||||
metrics_server_kubelet_insecure_tls: true
|
metrics_server_kubelet_insecure_tls: true
|
||||||
kube_token_auth: true
|
kube_token_auth: true
|
||||||
kube_basic_auth: true
|
kube_basic_auth: true
|
||||||
enable_nodelocaldns: false
|
enable_nodelocaldns: false
|
||||||
local_path_provisioner_enabled: true
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ kube_proxy_mode: iptables
|
||||||
kube_network_plugin: flannel
|
kube_network_plugin: flannel
|
||||||
helm_enabled: true
|
helm_enabled: true
|
||||||
kubernetes_audit: true
|
kubernetes_audit: true
|
||||||
|
container_manager: containerd
|
||||||
etcd_events_cluster_enabled: true
|
etcd_events_cluster_enabled: true
|
||||||
local_volume_provisioner_enabled: true
|
local_volume_provisioner_enabled: true
|
||||||
etcd_deployment_type: host
|
etcd_deployment_type: host
|
||||||
|
|
|
@ -5,5 +5,6 @@ mode: default
|
||||||
|
|
||||||
# Kubespray settings
|
# Kubespray settings
|
||||||
kube_network_plugin: canal
|
kube_network_plugin: canal
|
||||||
|
container_manager: containerd
|
||||||
deploy_netchecker: true
|
deploy_netchecker: true
|
||||||
dns_min_replicas: 1
|
dns_min_replicas: 1
|
||||||
|
|
Loading…
Reference in New Issue