Adding yamllinter to ci steps (#1556)
* Adding yaml linter to ci check * Minor linting fixes from yamllint * Changing CI to install python pkgs from requirements.txt - adding in a secondary requirements.txt for tests - moving yamllint to tests requirementspull/1567/head
parent
ecb6dc3679
commit
8b151d12b9
|
@ -18,10 +18,7 @@ variables:
|
||||||
# us-west1-a
|
# us-west1-a
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- pip install ansible==2.3.0
|
- pip install -r tests/requirements.txt
|
||||||
- pip install netaddr
|
|
||||||
- pip install apache-libcloud==0.20.1
|
|
||||||
- pip install boto==2.9.0
|
|
||||||
- mkdir -p /.ssh
|
- mkdir -p /.ssh
|
||||||
- cp tests/ansible.cfg .
|
- cp tests/ansible.cfg .
|
||||||
|
|
||||||
|
@ -75,10 +72,7 @@ before_script:
|
||||||
- $HOME/.cache
|
- $HOME/.cache
|
||||||
before_script:
|
before_script:
|
||||||
- docker info
|
- docker info
|
||||||
- pip install ansible==2.3.0
|
- pip install -r tests/requirements.txt
|
||||||
- pip install netaddr
|
|
||||||
- pip install apache-libcloud==0.20.1
|
|
||||||
- pip install boto==2.9.0
|
|
||||||
- mkdir -p /.ssh
|
- mkdir -p /.ssh
|
||||||
- mkdir -p $HOME/.ssh
|
- mkdir -p $HOME/.ssh
|
||||||
- echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
|
- echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa
|
||||||
|
@ -642,6 +636,13 @@ syntax-check:
|
||||||
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
|
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
|
||||||
except: ['triggers', 'master']
|
except: ['triggers', 'master']
|
||||||
|
|
||||||
|
yamllint:
|
||||||
|
<<: *job
|
||||||
|
stage: unit-tests
|
||||||
|
script:
|
||||||
|
- yamllint roles
|
||||||
|
except: ['triggers', 'master']
|
||||||
|
|
||||||
tox-inventory-builder:
|
tox-inventory-builder:
|
||||||
stage: unit-tests
|
stage: unit-tests
|
||||||
<<: *job
|
<<: *job
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
braces:
|
||||||
|
min-spaces-inside: 0
|
||||||
|
max-spaces-inside: 1
|
||||||
|
brackets:
|
||||||
|
min-spaces-inside: 0
|
||||||
|
max-spaces-inside: 1
|
||||||
|
indentation:
|
||||||
|
spaces: 2
|
||||||
|
indent-sequences: consistent
|
||||||
|
line-length: disable
|
||||||
|
new-line-at-end-of-file: disable
|
||||||
|
truthy: disable
|
|
@ -49,4 +49,3 @@
|
||||||
pip:
|
pip:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
with_items: "{{pip_python_modules}}"
|
with_items: "{{pip_python_modules}}"
|
||||||
|
|
||||||
|
|
|
@ -27,4 +27,3 @@
|
||||||
hostname:
|
hostname:
|
||||||
name: "{{inventory_hostname}}"
|
name: "{{inventory_hostname}}"
|
||||||
when: ansible_hostname == 'localhost'
|
when: ansible_hostname == 'localhost'
|
||||||
|
|
||||||
|
|
|
@ -6,4 +6,3 @@
|
||||||
regexp: '^\w+\s+requiretty'
|
regexp: '^\w+\s+requiretty'
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
|
|
|
@ -4,12 +4,12 @@
|
||||||
|
|
||||||
# Max of 4 names is allowed and no more than 256 - 17 chars total
|
# Max of 4 names is allowed and no more than 256 - 17 chars total
|
||||||
# (a 2 is reserved for the 'default.svc.' and'svc.')
|
# (a 2 is reserved for the 'default.svc.' and'svc.')
|
||||||
#searchdomains:
|
# searchdomains:
|
||||||
# - foo.bar.lc
|
# - foo.bar.lc
|
||||||
|
|
||||||
# Max of 2 is allowed here (a 1 is reserved for the dns_server)
|
# Max of 2 is allowed here (a 1 is reserved for the dns_server)
|
||||||
#nameservers:
|
# nameservers:
|
||||||
# - 127.0.0.1
|
# - 127.0.0.1
|
||||||
|
|
||||||
dns_forward_max: 150
|
dns_forward_max: 150
|
||||||
cache_size: 1000
|
cache_size: 1000
|
||||||
|
|
|
@ -86,4 +86,3 @@
|
||||||
port: 53
|
port: 53
|
||||||
timeout: 180
|
timeout: 180
|
||||||
when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts
|
when: inventory_hostname == groups['kube-node'][0] and groups['kube-node'][0] in ansible_play_hosts
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Copyright 2016 The Kubernetes Authors.
|
# Copyright 2016 The Kubernetes Authors.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
@ -34,17 +35,16 @@ spec:
|
||||||
- name: autoscaler
|
- name: autoscaler
|
||||||
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
|
image: gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.1
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: "20m"
|
cpu: "20m"
|
||||||
memory: "10Mi"
|
memory: "10Mi"
|
||||||
command:
|
command:
|
||||||
- /cluster-proportional-autoscaler
|
- /cluster-proportional-autoscaler
|
||||||
- --namespace=kube-system
|
- --namespace=kube-system
|
||||||
- --configmap=dnsmasq-autoscaler
|
- --configmap=dnsmasq-autoscaler
|
||||||
- --target=Deployment/dnsmasq
|
- --target=Deployment/dnsmasq
|
||||||
# When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
|
# When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
|
||||||
# If using small nodes, "nodesPerReplica" should dominate.
|
# If using small nodes, "nodesPerReplica" should dominate.
|
||||||
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
|
- --default-params={"linear":{"nodesPerReplica":{{ dnsmasq_nodes_per_replica }},"preventSinglePointFailure":true}}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v={{ kube_log_level }}
|
- --v={{ kube_log_level }}
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,6 @@ spec:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: {{ dns_cpu_limit }}
|
cpu: {{ dns_cpu_limit }}
|
||||||
|
@ -64,4 +63,3 @@ spec:
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/dnsmasq.d-available
|
path: /etc/dnsmasq.d-available
|
||||||
dnsPolicy: Default # Don't use cluster DNS.
|
dnsPolicy: Default # Don't use cluster DNS.
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
docker_version: '1.13'
|
docker_version: '1.13'
|
||||||
|
|
||||||
docker_package_info:
|
docker_package_info:
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
- Docker | pause while Docker restarts
|
- Docker | pause while Docker restarts
|
||||||
- Docker | wait for docker
|
- Docker | wait for docker
|
||||||
|
|
||||||
- name : Docker | reload systemd
|
- name: Docker | reload systemd
|
||||||
shell: systemctl daemon-reload
|
shell: systemctl daemon-reload
|
||||||
|
|
||||||
- name: Docker | reload docker.socket
|
- name: Docker | reload docker.socket
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
include_vars: "{{ item }}"
|
include_vars: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- files:
|
- files:
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}.yml"
|
- "{{ ansible_distribution|lower }}.yml"
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
- defaults.yml
|
- defaults.yml
|
||||||
paths:
|
paths:
|
||||||
- ../vars
|
- ../vars
|
||||||
skip: true
|
skip: true
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
- name: add system search domains to docker options
|
- name: add system search domains to docker options
|
||||||
set_fact:
|
set_fact:
|
||||||
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
|
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
|
||||||
when: system_search_domains.stdout != ""
|
when: system_search_domains.stdout != ""
|
||||||
|
|
||||||
- name: check number of nameservers
|
- name: check number of nameservers
|
||||||
fail:
|
fail:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
docker_kernel_min_version: '3.10'
|
docker_kernel_min_version: '3.10'
|
||||||
|
|
||||||
# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
|
# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
docker_kernel_min_version: '0'
|
docker_kernel_min_version: '0'
|
||||||
|
|
||||||
# versioning: docker-io itself is pinned at docker 1.5
|
# versioning: docker-io itself is pinned at docker 1.5
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
docker_kernel_min_version: '0'
|
docker_kernel_min_version: '0'
|
||||||
|
|
||||||
# https://docs.docker.com/engine/installation/linux/fedora/#install-from-a-package
|
# https://docs.docker.com/engine/installation/linux/fedora/#install-from-a-package
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
docker_kernel_min_version: '0'
|
docker_kernel_min_version: '0'
|
||||||
|
|
||||||
# https://yum.dockerproject.org/repo/main/centos/7/Packages/
|
# https://yum.dockerproject.org/repo/main/centos/7/Packages/
|
||||||
|
@ -8,7 +9,7 @@ docker_versioned_pkg:
|
||||||
'1.12': docker-engine-1.12.6-1.el7.centos
|
'1.12': docker-engine-1.12.6-1.el7.centos
|
||||||
'1.13': docker-engine-1.13.1-1.el7.centos
|
'1.13': docker-engine-1.13.1-1.el7.centos
|
||||||
'stable': docker-engine-17.03.0.ce-1.el7.centos
|
'stable': docker-engine-17.03.0.ce-1.el7.centos
|
||||||
'edge': docker-engine-17.03.0.ce-1.el7.centos
|
'edge': docker-engine-17.03.0.ce-1.el7.centos
|
||||||
|
|
||||||
# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
|
# https://docs.docker.com/engine/installation/linux/centos/#install-from-a-package
|
||||||
# https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
|
# https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
|
||||||
|
|
|
@ -20,7 +20,7 @@ download_always_pull: False
|
||||||
# Versions
|
# Versions
|
||||||
kube_version: v1.7.3
|
kube_version: v1.7.3
|
||||||
etcd_version: v3.2.4
|
etcd_version: v3.2.4
|
||||||
#TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||||
# after migration to container download
|
# after migration to container download
|
||||||
calico_version: "v1.1.3"
|
calico_version: "v1.1.3"
|
||||||
calico_cni_version: "v1.8.0"
|
calico_cni_version: "v1.8.0"
|
||||||
|
|
|
@ -111,7 +111,7 @@
|
||||||
- download.enabled|bool
|
- download.enabled|bool
|
||||||
- download.container|bool
|
- download.container|bool
|
||||||
|
|
||||||
#NOTE(bogdando) this brings no docker-py deps for nodes
|
# NOTE(bogdando) this brings no docker-py deps for nodes
|
||||||
- name: Download containers if pull is required or told to always pull
|
- name: Download containers if pull is required or told to always pull
|
||||||
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
|
command: "{{ docker_bin_dir }}/docker pull {{ pull_args }}"
|
||||||
register: pull_task_result
|
register: pull_task_result
|
||||||
|
|
|
@ -21,7 +21,7 @@ etcd_metrics: "basic"
|
||||||
etcd_memory_limit: 512M
|
etcd_memory_limit: 512M
|
||||||
|
|
||||||
# Uncomment to set CPU share for etcd
|
# Uncomment to set CPU share for etcd
|
||||||
#etcd_cpu_limit: 300m
|
# etcd_cpu_limit: 300m
|
||||||
|
|
||||||
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
|
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
|
||||||
|
|
||||||
|
|
|
@ -43,4 +43,3 @@
|
||||||
ETCDCTL_API: 3
|
ETCDCTL_API: 3
|
||||||
retries: 3
|
retries: 3
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
|
|
||||||
|
|
|
@ -30,4 +30,3 @@
|
||||||
- name: set etcd_secret_changed
|
- name: set etcd_secret_changed
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_secret_changed: true
|
etcd_secret_changed: true
|
||||||
|
|
||||||
|
|
|
@ -66,4 +66,3 @@
|
||||||
{%- set _ = certs.update({'sync': True}) -%}
|
{%- set _ = certs.update({'sync': True}) -%}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{{ certs.sync }}
|
{{ certs.sync }}
|
||||||
|
|
||||||
|
|
|
@ -73,11 +73,10 @@
|
||||||
'member-{{ node }}-key.pem',
|
'member-{{ node }}-key.pem',
|
||||||
{% endfor %}]"
|
{% endfor %}]"
|
||||||
my_master_certs: ['ca-key.pem',
|
my_master_certs: ['ca-key.pem',
|
||||||
'admin-{{ inventory_hostname }}.pem',
|
'admin-{{ inventory_hostname }}.pem',
|
||||||
'admin-{{ inventory_hostname }}-key.pem',
|
'admin-{{ inventory_hostname }}-key.pem',
|
||||||
'member-{{ inventory_hostname }}.pem',
|
'member-{{ inventory_hostname }}.pem',
|
||||||
'member-{{ inventory_hostname }}-key.pem'
|
'member-{{ inventory_hostname }}-key.pem']
|
||||||
]
|
|
||||||
all_node_certs: "['ca.pem',
|
all_node_certs: "['ca.pem',
|
||||||
{% for node in (groups['k8s-cluster'] + groups['calico-rr']|default([]))|unique %}
|
{% for node in (groups['k8s-cluster'] + groups['calico-rr']|default([]))|unique %}
|
||||||
'node-{{ node }}.pem',
|
'node-{{ node }}.pem',
|
||||||
|
@ -111,22 +110,22 @@
|
||||||
sync_certs|default(false) and inventory_hostname not in groups['etcd']
|
sync_certs|default(false) and inventory_hostname not in groups['etcd']
|
||||||
notify: set etcd_secret_changed
|
notify: set etcd_secret_changed
|
||||||
|
|
||||||
#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
|
# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
|
||||||
#char limit when using shell command
|
# char limit when using shell command
|
||||||
|
|
||||||
#FIXME(mattymo): Use tempfile module in ansible 2.3
|
|
||||||
- name: Gen_certs | Prepare tempfile for unpacking certs
|
|
||||||
shell: mktemp /tmp/certsXXXXX.tar.gz
|
|
||||||
register: cert_tempfile
|
|
||||||
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
|
||||||
inventory_hostname != groups['etcd'][0]
|
|
||||||
|
|
||||||
- name: Gen_certs | Write master certs to tempfile
|
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
||||||
copy:
|
- name: Gen_certs | Prepare tempfile for unpacking certs
|
||||||
content: "{{etcd_master_cert_data.stdout}}"
|
shell: mktemp /tmp/certsXXXXX.tar.gz
|
||||||
dest: "{{cert_tempfile.stdout}}"
|
register: cert_tempfile
|
||||||
owner: root
|
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
||||||
mode: "0600"
|
inventory_hostname != groups['etcd'][0]
|
||||||
|
|
||||||
|
- name: Gen_certs | Write master certs to tempfile
|
||||||
|
copy:
|
||||||
|
content: "{{etcd_master_cert_data.stdout}}"
|
||||||
|
dest: "{{cert_tempfile.stdout}}"
|
||||||
|
owner: root
|
||||||
|
mode: "0600"
|
||||||
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
when: inventory_hostname in groups['etcd'] and sync_certs|default(false) and
|
||||||
inventory_hostname != groups['etcd'][0]
|
inventory_hostname != groups['etcd'][0]
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,6 @@
|
||||||
when: inventory_hostname in etcd_node_cert_hosts
|
when: inventory_hostname in etcd_node_cert_hosts
|
||||||
tags: etcd-secrets
|
tags: etcd-secrets
|
||||||
|
|
||||||
|
|
||||||
- name: gen_certs_vault | Read in the local credentials
|
- name: gen_certs_vault | Read in the local credentials
|
||||||
command: cat /etc/vault/roles/etcd/userpass
|
command: cat /etc/vault/roles/etcd/userpass
|
||||||
register: etcd_vault_creds_cat
|
register: etcd_vault_creds_cat
|
||||||
|
@ -33,15 +32,15 @@
|
||||||
|
|
||||||
- name: gen_certs_vault | Set fact for vault_client_token
|
- name: gen_certs_vault | Set fact for vault_client_token
|
||||||
set_fact:
|
set_fact:
|
||||||
vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
|
vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: gen_certs_vault | Set fact for Vault API token
|
- name: gen_certs_vault | Set fact for Vault API token
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_vault_headers:
|
etcd_vault_headers:
|
||||||
Accept: application/json
|
Accept: application/json
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
X-Vault-Token: "{{ vault_client_token }}"
|
X-Vault-Token: "{{ vault_client_token }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when: vault_client_token != ""
|
when: vault_client_token != ""
|
||||||
|
|
||||||
|
@ -96,5 +95,3 @@
|
||||||
with_items: "{{ etcd_node_certs_needed|d([]) }}"
|
with_items: "{{ etcd_node_certs_needed|d([]) }}"
|
||||||
when: inventory_hostname in etcd_node_cert_hosts
|
when: inventory_hostname in etcd_node_cert_hosts
|
||||||
notify: set etcd_secret_changed
|
notify: set etcd_secret_changed
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
#Plan A: no docker-py deps
|
# Plan A: no docker-py deps
|
||||||
- name: Install | Copy etcdctl binary from docker container
|
- name: Install | Copy etcdctl binary from docker container
|
||||||
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;
|
||||||
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
{{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
|
||||||
|
@ -12,21 +12,21 @@
|
||||||
delay: "{{ retry_stagger | random + 3 }}"
|
delay: "{{ retry_stagger | random + 3 }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
#Plan B: looks nicer, but requires docker-py on all hosts:
|
# Plan B: looks nicer, but requires docker-py on all hosts:
|
||||||
#- name: Install | Set up etcd-binarycopy container
|
# - name: Install | Set up etcd-binarycopy container
|
||||||
# docker:
|
# docker:
|
||||||
# name: etcd-binarycopy
|
# name: etcd-binarycopy
|
||||||
# state: present
|
# state: present
|
||||||
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
||||||
# when: etcd_deployment_type == "docker"
|
# when: etcd_deployment_type == "docker"
|
||||||
#
|
#
|
||||||
#- name: Install | Copy etcdctl from etcd-binarycopy container
|
# - name: Install | Copy etcdctl from etcd-binarycopy container
|
||||||
# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
|
# command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
|
||||||
# when: etcd_deployment_type == "docker"
|
# when: etcd_deployment_type == "docker"
|
||||||
#
|
#
|
||||||
#- name: Install | Clean up etcd-binarycopy container
|
# - name: Install | Clean up etcd-binarycopy container
|
||||||
# docker:
|
# docker:
|
||||||
# name: etcd-binarycopy
|
# name: etcd-binarycopy
|
||||||
# state: absent
|
# state: absent
|
||||||
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
# image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
|
||||||
# when: etcd_deployment_type == "docker"
|
# when: etcd_deployment_type == "docker"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
- name: "Pre-upgrade | check for etcd-proxy unit file"
|
||||||
stat:
|
stat:
|
||||||
path: /etc/systemd/system/etcd-proxy.service
|
path: /etc/systemd/system/etcd-proxy.service
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Refresh config | Create etcd config file
|
- name: Refresh config | Create etcd config file
|
||||||
template:
|
template:
|
||||||
src: etcd.env.yml
|
src: etcd.env.j2
|
||||||
dest: /etc/etcd.env
|
dest: /etc/etcd.env
|
||||||
notify: restart etcd
|
notify: restart etcd
|
||||||
when: is_etcd_master
|
when: is_etcd_master
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: sync_etcd_master_certs | Create list of master certs needing creation
|
- name: sync_etcd_master_certs | Create list of master certs needing creation
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_master_cert_list: >-
|
etcd_master_cert_list: >-
|
||||||
{{ etcd_master_cert_list|default([]) + [
|
{{ etcd_master_cert_list|default([]) + [
|
||||||
"admin-" + item + ".pem",
|
"admin-" + item + ".pem",
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- include: ../../vault/tasks/shared/sync_file.yml
|
- include: ../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ etcd_cert_dir }}"
|
sync_file_dir: "{{ etcd_cert_dir }}"
|
||||||
sync_file_hosts: "{{ groups.etcd }}"
|
sync_file_hosts: "{{ groups.etcd }}"
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: sync_etcd_node_certs | Create list of node certs needing creation
|
- name: sync_etcd_node_certs | Create list of node certs needing creation
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + item + '.pem'] }}"
|
etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + item + '.pem'] }}"
|
||||||
with_items: "{{ etcd_node_cert_hosts }}"
|
with_items: "{{ etcd_node_cert_hosts }}"
|
||||||
|
|
||||||
- include: ../../vault/tasks/shared/sync_file.yml
|
- include: ../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ etcd_cert_dir }}"
|
sync_file_dir: "{{ etcd_cert_dir }}"
|
||||||
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
|
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
sync_file_results: []
|
sync_file_results: []
|
||||||
|
|
||||||
- include: ../../vault/tasks/shared/sync_file.yml
|
- include: ../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: ca.pem
|
sync_file: ca.pem
|
||||||
sync_file_dir: "{{ etcd_cert_dir }}"
|
sync_file_dir: "{{ etcd_cert_dir }}"
|
||||||
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
|
sync_file_hosts: "{{ etcd_node_cert_hosts }}"
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
elrepo_key_url: 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
|
elrepo_key_url: 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
|
||||||
elrepo_rpm : elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
elrepo_rpm: elrepo-release-7.0-3.el7.elrepo.noarch.rpm
|
||||||
elrepo_mirror : http://www.elrepo.org
|
elrepo_mirror: http://www.elrepo.org
|
||||||
|
|
||||||
elrepo_url : '{{elrepo_mirror}}/{{elrepo_rpm}}'
|
elrepo_url: '{{elrepo_mirror}}/{{elrepo_rpm}}'
|
||||||
|
|
||||||
elrepo_kernel_package: "kernel-lt"
|
elrepo_kernel_package: "kernel-lt"
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
|
---
|
||||||
# Versions
|
# Versions
|
||||||
kubedns_version : 1.14.2
|
kubedns_version: 1.14.2
|
||||||
kubednsautoscaler_version: 1.1.1
|
kubednsautoscaler_version: 1.1.1
|
||||||
|
|
||||||
# Limits for dnsmasq/kubedns apps
|
# Limits for dnsmasq/kubedns apps
|
||||||
|
|
|
@ -14,12 +14,12 @@
|
||||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||||
with_items:
|
with_items:
|
||||||
- {name: kubedns, file: kubedns-sa.yml, type: sa}
|
- {name: kubedns, file: kubedns-sa.yml, type: sa}
|
||||||
- {name: kubedns, file: kubedns-deploy.yml, type: deployment}
|
- {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
|
||||||
- {name: kubedns, file: kubedns-svc.yml, type: svc}
|
- {name: kubedns, file: kubedns-svc.yml, type: svc}
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml.j2, type: deployment}
|
||||||
register: manifests
|
register: manifests
|
||||||
when:
|
when:
|
||||||
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Kubernetes Apps | Lay Down Netchecker Template
|
- name: Kubernetes Apps | Lay Down Netchecker Template
|
||||||
template:
|
template:
|
||||||
src: "{{item.file}}"
|
src: "{{item.file}}"
|
||||||
|
@ -24,7 +25,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
#FIXME: remove if kubernetes/features#124 is implemented
|
# FIXME: remove if kubernetes/features#124 is implemented
|
||||||
- name: Kubernetes Apps | Purge old Netchecker daemonsets
|
- name: Kubernetes Apps | Purge old Netchecker daemonsets
|
||||||
kube:
|
kube:
|
||||||
name: "{{item.item.name}}"
|
name: "{{item.item.name}}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
# Copyright 2016 The Kubernetes Authors. All rights reserved
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Copyright 2016 The Kubernetes Authors.
|
# Copyright 2016 The Kubernetes Authors.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
@ -34,18 +35,18 @@ spec:
|
||||||
- name: autoscaler
|
- name: autoscaler
|
||||||
image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
|
image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: "20m"
|
cpu: "20m"
|
||||||
memory: "10Mi"
|
memory: "10Mi"
|
||||||
command:
|
command:
|
||||||
- /cluster-proportional-autoscaler
|
- /cluster-proportional-autoscaler
|
||||||
- --namespace={{ system_namespace }}
|
- --namespace={{ system_namespace }}
|
||||||
- --configmap=kubedns-autoscaler
|
- --configmap=kubedns-autoscaler
|
||||||
# Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
|
# Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
|
||||||
- --target=Deployment/kube-dns
|
- --target=Deployment/kube-dns
|
||||||
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
|
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v=2
|
- --v=2
|
||||||
{% if rbac_enabled %}
|
{% if rbac_enabled %}
|
||||||
serviceAccountName: cluster-proportional-autoscaler
|
serviceAccountName: cluster-proportional-autoscaler
|
||||||
{% endif %}
|
{% endif %}
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -19,4 +20,3 @@ spec:
|
||||||
- name: dns-tcp
|
- name: dns-tcp
|
||||||
port: 53
|
port: 53
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
elasticsearch_cpu_limit: 1000m
|
elasticsearch_cpu_limit: 1000m
|
||||||
elasticsearch_mem_limit: 0M
|
elasticsearch_mem_limit: 0M
|
||||||
elasticsearch_cpu_requests: 100m
|
elasticsearch_cpu_requests: 100m
|
||||||
elasticsearch_mem_requests: 0M
|
elasticsearch_mem_requests: 0M
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.elasticsearch }}"
|
file: "{{ downloads.elasticsearch }}"
|
||||||
|
|
|
@ -38,4 +38,3 @@
|
||||||
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
|
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when: es_service_manifest.changed
|
when: es_service_manifest.changed
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
fluentd_cpu_limit: 0m
|
fluentd_cpu_limit: 0m
|
||||||
fluentd_mem_limit: 200Mi
|
fluentd_mem_limit: 200Mi
|
||||||
fluentd_cpu_requests: 100m
|
fluentd_cpu_requests: 100m
|
||||||
fluentd_mem_requests: 200Mi
|
fluentd_mem_requests: 200Mi
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.fluentd }}"
|
file: "{{ downloads.fluentd }}"
|
||||||
|
|
|
@ -20,4 +20,3 @@
|
||||||
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
|
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when: fluentd_ds_manifest.changed
|
when: fluentd_ds_manifest.changed
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
kibana_cpu_limit: 100m
|
kibana_cpu_limit: 100m
|
||||||
kibana_mem_limit: 0M
|
kibana_mem_limit: 0M
|
||||||
kibana_cpu_requests: 100m
|
kibana_cpu_requests: 100m
|
||||||
kibana_mem_requests: 0M
|
kibana_mem_requests: 0M
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.kibana }}"
|
file: "{{ downloads.kibana }}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Kibana | Write Kibana deployment"
|
- name: "Kibana | Write Kibana deployment"
|
||||||
template:
|
template:
|
||||||
src: kibana-deployment.yml.j2
|
src: kibana-deployment.yml.j2
|
||||||
dest: "{{ kube_config_dir }}/kibana-deployment.yaml"
|
dest: "{{ kube_config_dir }}/kibana-deployment.yaml"
|
||||||
register: kibana_deployment_manifest
|
register: kibana_deployment_manifest
|
||||||
|
@ -17,7 +17,7 @@
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: "Kibana | Write Kibana service "
|
- name: "Kibana | Write Kibana service "
|
||||||
template:
|
template:
|
||||||
src: kibana-service.yml.j2
|
src: kibana-service.yml.j2
|
||||||
dest: "{{ kube_config_dir }}/kibana-service.yaml"
|
dest: "{{ kube_config_dir }}/kibana-service.yaml"
|
||||||
register: kibana_service_manifest
|
register: kibana_service_manifest
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: kubernetes-apps/efk/elasticsearch
|
- role: kubernetes-apps/efk/elasticsearch
|
||||||
- role: kubernetes-apps/efk/fluentd
|
- role: kubernetes-apps/efk/fluentd
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
helm_enabled: false
|
helm_enabled: false
|
||||||
|
|
||||||
# specify a dir and attach it to helm for HELM_HOME.
|
# specify a dir and attach it to helm for HELM_HOME.
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.helm }}"
|
file: "{{ downloads.helm }}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: download
|
- role: download
|
||||||
file: "{{ downloads.netcheck_server }}"
|
file: "{{ downloads.netcheck_server }}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Create canal ConfigMap
|
- name: Create canal ConfigMap
|
||||||
run_once: true
|
run_once: true
|
||||||
kube:
|
kube:
|
||||||
|
@ -7,7 +8,7 @@
|
||||||
resource: "configmap"
|
resource: "configmap"
|
||||||
namespace: "{{system_namespace}}"
|
namespace: "{{system_namespace}}"
|
||||||
|
|
||||||
#FIXME: remove if kubernetes/features#124 is implemented
|
# FIXME: remove if kubernetes/features#124 is implemented
|
||||||
- name: Purge old flannel and canal-node
|
- name: Purge old flannel and canal-node
|
||||||
run_once: true
|
run_once: true
|
||||||
kube:
|
kube:
|
||||||
|
@ -29,4 +30,3 @@
|
||||||
namespace: "{{system_namespace}}"
|
namespace: "{{system_namespace}}"
|
||||||
state: "{{ item | ternary('latest','present') }}"
|
state: "{{ item | ternary('latest','present') }}"
|
||||||
with_items: "{{ canal_node_manifest.changed }}"
|
with_items: "{{ canal_node_manifest.changed }}"
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: kubernetes-apps/network_plugin/canal
|
- role: kubernetes-apps/network_plugin/canal
|
||||||
when: kube_network_plugin == 'canal'
|
when: kube_network_plugin == 'canal'
|
||||||
tags: canal
|
tags: canal
|
||||||
- role: kubernetes-apps/network_plugin/weave
|
- role: kubernetes-apps/network_plugin/weave
|
||||||
when: kube_network_plugin == 'weave'
|
when: kube_network_plugin == 'weave'
|
||||||
tags: weave
|
tags: weave
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#FIXME: remove if kubernetes/features#124 is implemented
|
---
|
||||||
|
# FIXME: remove if kubernetes/features#124 is implemented
|
||||||
- name: Weave | Purge old weave daemonset
|
- name: Weave | Purge old weave daemonset
|
||||||
kube:
|
kube:
|
||||||
name: "weave-net"
|
name: "weave-net"
|
||||||
|
@ -9,7 +10,6 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
|
when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
|
||||||
|
|
||||||
|
|
||||||
- name: Weave | Start Resources
|
- name: Weave | Start Resources
|
||||||
kube:
|
kube:
|
||||||
name: "weave-net"
|
name: "weave-net"
|
||||||
|
@ -21,7 +21,6 @@
|
||||||
with_items: "{{ weave_manifest.changed }}"
|
with_items: "{{ weave_manifest.changed }}"
|
||||||
when: inventory_hostname == groups['kube-master'][0]
|
when: inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
||||||
|
|
||||||
- name: "Weave | wait for weave to become available"
|
- name: "Weave | wait for weave to become available"
|
||||||
uri:
|
uri:
|
||||||
url: http://127.0.0.1:6784/status
|
url: http://127.0.0.1:6784/status
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Limits for calico apps
|
# Limits for calico apps
|
||||||
calico_policy_controller_cpu_limit: 100m
|
calico_policy_controller_cpu_limit: 100m
|
||||||
calico_policy_controller_memory_limit: 256M
|
calico_policy_controller_memory_limit: 256M
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- set_fact:
|
- set_fact:
|
||||||
calico_cert_dir: "{{ canal_cert_dir }}"
|
calico_cert_dir: "{{ canal_cert_dir }}"
|
||||||
when: kube_network_plugin == 'canal'
|
when: kube_network_plugin == 'canal'
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# An experimental dev/test only dynamic volumes provisioner,
|
# An experimental dev/test only dynamic volumes provisioner,
|
||||||
# for PetSets. Works for kube>=v1.3 only.
|
# for PetSets. Works for kube>=v1.3 only.
|
||||||
kube_hostpath_dynamic_provisioner: "false"
|
kube_hostpath_dynamic_provisioner: "false"
|
||||||
|
@ -52,14 +53,14 @@ kube_oidc_auth: false
|
||||||
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
|
## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
|
||||||
## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
|
## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
|
||||||
|
|
||||||
#kube_oidc_url: https:// ...
|
# kube_oidc_url: https:// ...
|
||||||
# kube_oidc_client_id: kubernetes
|
# kube_oidc_client_id: kubernetes
|
||||||
## Optional settings for OIDC
|
## Optional settings for OIDC
|
||||||
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
|
# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
|
||||||
# kube_oidc_username_claim: sub
|
# kube_oidc_username_claim: sub
|
||||||
# kube_oidc_groups_claim: groups
|
# kube_oidc_groups_claim: groups
|
||||||
|
|
||||||
##Variables for custom flags
|
## Variables for custom flags
|
||||||
apiserver_custom_flags: []
|
apiserver_custom_flags: []
|
||||||
|
|
||||||
controller_mgr_custom_flags: []
|
controller_mgr_custom_flags: []
|
||||||
|
|
|
@ -88,4 +88,3 @@
|
||||||
|
|
||||||
- include: post-upgrade.yml
|
- include: post-upgrade.yml
|
||||||
tags: k8s-post-upgrade
|
tags: k8s-post-upgrade
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# Valid options: docker (default), rkt, or host
|
# Valid options: docker (default), rkt, or host
|
||||||
kubelet_deployment_type: host
|
kubelet_deployment_type: host
|
||||||
|
|
||||||
|
@ -49,7 +50,7 @@ kube_apiserver_node_port_range: "30000-32767"
|
||||||
|
|
||||||
kubelet_load_modules: false
|
kubelet_load_modules: false
|
||||||
|
|
||||||
##Support custom flags to be passed to kubelet
|
## Support custom flags to be passed to kubelet
|
||||||
kubelet_custom_flags: []
|
kubelet_custom_flags: []
|
||||||
|
|
||||||
# This setting is used for rkt based kubelet for deploying hyperkube
|
# This setting is used for rkt based kubelet for deploying hyperkube
|
||||||
|
|
|
@ -21,4 +21,3 @@
|
||||||
dest: "/etc/systemd/system/kubelet.service"
|
dest: "/etc/systemd/system/kubelet.service"
|
||||||
backup: "yes"
|
backup: "yes"
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
|
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
path: /var/lib/kubelet
|
path: /var/lib/kubelet
|
||||||
|
|
||||||
- name: Create kubelet service systemd directory
|
- name: Create kubelet service systemd directory
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/system/kubelet.service.d
|
path: /etc/systemd/system/kubelet.service.d
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Write kubelet proxy drop-in
|
- name: Write kubelet proxy drop-in
|
||||||
|
@ -30,4 +30,3 @@
|
||||||
dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
|
dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
|
||||||
when: http_proxy is defined or https_proxy is defined or no_proxy is defined
|
when: http_proxy is defined or https_proxy is defined or no_proxy is defined
|
||||||
notify: restart kubelet
|
notify: restart kubelet
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Preinstall | restart network
|
- name: Preinstall | restart network
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -48,5 +48,3 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "azure_route_table_name is missing"
|
msg: "azure_route_table_name is missing"
|
||||||
when: azure_route_table_name is not defined or azure_route_table_name == ""
|
when: azure_route_table_name is not defined or azure_route_table_name == ""
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- include: pre-upgrade.yml
|
- include: pre-upgrade.yml
|
||||||
tags: [upgrade, bootstrap-os]
|
tags: [upgrade, bootstrap-os]
|
||||||
|
|
||||||
- name: Force binaries directory for Container Linux by CoreOS
|
- name: Force binaries directory for Container Linux by CoreOS
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -27,14 +27,14 @@
|
||||||
include_vars: "{{ item }}"
|
include_vars: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- files:
|
- files:
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}.yml"
|
- "{{ ansible_distribution|lower }}.yml"
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
- defaults.yml
|
- defaults.yml
|
||||||
paths:
|
paths:
|
||||||
- ../vars
|
- ../vars
|
||||||
skip: true
|
skip: true
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: check vsphere environment variables
|
- name: check vsphere environment variables
|
||||||
fail:
|
fail:
|
||||||
msg: "{{ item.name }} is missing"
|
msg: "{{ item.name }} is missing"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
required_pkgs:
|
required_pkgs:
|
||||||
- libselinux-python
|
- libselinux-python
|
||||||
- device-mapper-libs
|
- device-mapper-libs
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
required_pkgs:
|
required_pkgs:
|
||||||
- python-apt
|
- python-apt
|
||||||
- aufs-tools
|
- aufs-tools
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
required_pkgs:
|
required_pkgs:
|
||||||
- libselinux-python
|
- libselinux-python
|
||||||
- device-mapper-libs
|
- device-mapper-libs
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
required_pkgs:
|
required_pkgs:
|
||||||
- libselinux-python
|
- libselinux-python
|
||||||
- device-mapper-libs
|
- device-mapper-libs
|
||||||
|
|
|
@ -105,4 +105,3 @@
|
||||||
{%- set _ = certs.update({'sync': True}) -%}
|
{%- set _ = certs.update({'sync': True}) -%}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{{ certs.sync }}
|
{{ certs.sync }}
|
||||||
|
|
||||||
|
|
|
@ -56,26 +56,25 @@
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
all_master_certs: "['ca-key.pem',
|
all_master_certs: "['ca-key.pem',
|
||||||
|
'apiserver.pem',
|
||||||
|
'apiserver-key.pem',
|
||||||
|
'kube-scheduler.pem',
|
||||||
|
'kube-scheduler-key.pem',
|
||||||
|
'kube-controller-manager.pem',
|
||||||
|
'kube-controller-manager-key.pem',
|
||||||
|
{% for node in groups['kube-master'] %}
|
||||||
|
'admin-{{ node }}.pem',
|
||||||
|
'admin-{{ node }}-key.pem',
|
||||||
|
{% endfor %}]"
|
||||||
|
my_master_certs: ['ca-key.pem',
|
||||||
|
'admin-{{ inventory_hostname }}.pem',
|
||||||
|
'admin-{{ inventory_hostname }}-key.pem',
|
||||||
'apiserver.pem',
|
'apiserver.pem',
|
||||||
'apiserver-key.pem',
|
'apiserver-key.pem',
|
||||||
'kube-scheduler.pem',
|
'kube-scheduler.pem',
|
||||||
'kube-scheduler-key.pem',
|
'kube-scheduler-key.pem',
|
||||||
'kube-controller-manager.pem',
|
'kube-controller-manager.pem',
|
||||||
'kube-controller-manager-key.pem',
|
'kube-controller-manager-key.pem']
|
||||||
{% for node in groups['kube-master'] %}
|
|
||||||
'admin-{{ node }}.pem',
|
|
||||||
'admin-{{ node }}-key.pem',
|
|
||||||
{% endfor %}]"
|
|
||||||
my_master_certs: ['ca-key.pem',
|
|
||||||
'admin-{{ inventory_hostname }}.pem',
|
|
||||||
'admin-{{ inventory_hostname }}-key.pem',
|
|
||||||
'apiserver.pem',
|
|
||||||
'apiserver-key.pem',
|
|
||||||
'kube-scheduler.pem',
|
|
||||||
'kube-scheduler-key.pem',
|
|
||||||
'kube-controller-manager.pem',
|
|
||||||
'kube-controller-manager-key.pem',
|
|
||||||
]
|
|
||||||
all_node_certs: "['ca.pem',
|
all_node_certs: "['ca.pem',
|
||||||
{% for node in groups['k8s-cluster'] %}
|
{% for node in groups['k8s-cluster'] %}
|
||||||
'node-{{ node }}.pem',
|
'node-{{ node }}.pem',
|
||||||
|
@ -84,11 +83,10 @@
|
||||||
'kube-proxy-{{ node }}-key.pem',
|
'kube-proxy-{{ node }}-key.pem',
|
||||||
{% endfor %}]"
|
{% endfor %}]"
|
||||||
my_node_certs: ['ca.pem',
|
my_node_certs: ['ca.pem',
|
||||||
'node-{{ inventory_hostname }}.pem',
|
'node-{{ inventory_hostname }}.pem',
|
||||||
'node-{{ inventory_hostname }}-key.pem',
|
'node-{{ inventory_hostname }}-key.pem',
|
||||||
'kube-proxy-{{ inventory_hostname }}.pem',
|
'kube-proxy-{{ inventory_hostname }}.pem',
|
||||||
'kube-proxy-{{ inventory_hostname }}-key.pem',
|
'kube-proxy-{{ inventory_hostname }}-key.pem']
|
||||||
]
|
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
- name: Gen_certs | Gather master certs
|
- name: Gen_certs | Gather master certs
|
||||||
|
@ -114,10 +112,10 @@
|
||||||
sync_certs|default(false) and
|
sync_certs|default(false) and
|
||||||
inventory_hostname != groups['kube-master'][0]
|
inventory_hostname != groups['kube-master'][0]
|
||||||
|
|
||||||
#NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
|
# NOTE(mattymo): Use temporary file to copy master certs because we have a ~200k
|
||||||
#char limit when using shell command
|
# char limit when using shell command
|
||||||
|
|
||||||
#FIXME(mattymo): Use tempfile module in ansible 2.3
|
# FIXME(mattymo): Use tempfile module in ansible 2.3
|
||||||
- name: Gen_certs | Prepare tempfile for unpacking certs
|
- name: Gen_certs | Prepare tempfile for unpacking certs
|
||||||
shell: mktemp /tmp/certsXXXXX.tar.gz
|
shell: mktemp /tmp/certsXXXXX.tar.gz
|
||||||
register: cert_tempfile
|
register: cert_tempfile
|
||||||
|
@ -195,4 +193,3 @@
|
||||||
- name: Gen_certs | update ca-certificates (RedHat)
|
- name: Gen_certs | update ca-certificates (RedHat)
|
||||||
command: update-ca-trust extract
|
command: update-ca-trust extract
|
||||||
when: kube_ca_cert.changed and ansible_os_family == "RedHat"
|
when: kube_ca_cert.changed and ansible_os_family == "RedHat"
|
||||||
|
|
||||||
|
|
|
@ -33,9 +33,9 @@
|
||||||
- name: gen_certs_vault | Set fact for Vault API token
|
- name: gen_certs_vault | Set fact for Vault API token
|
||||||
set_fact:
|
set_fact:
|
||||||
kube_vault_headers:
|
kube_vault_headers:
|
||||||
Accept: application/json
|
Accept: application/json
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
|
X-Vault-Token: "{{ kube_vault_login_result.get('json',{}).get('auth', {}).get('client_token') }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
# Issue certs to kube-master nodes
|
# Issue certs to kube-master nodes
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
with_items: "{{ groups['k8s-cluster'] }}"
|
with_items: "{{ groups['k8s-cluster'] }}"
|
||||||
|
|
||||||
- include: ../../../vault/tasks/shared/sync_file.yml
|
- include: ../../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kube_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
sync_file_results: []
|
sync_file_results: []
|
||||||
|
|
||||||
- include: ../../../vault/tasks/shared/sync_file.yml
|
- include: ../../../vault/tasks/shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: ca.pem
|
sync_file: ca.pem
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kube_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
## Required for bootstrap-os/preinstall/download roles and setting facts
|
## Required for bootstrap-os/preinstall/download roles and setting facts
|
||||||
# Valid bootstrap options (required): ubuntu, coreos, centos, none
|
# Valid bootstrap options (required): ubuntu, coreos, centos, none
|
||||||
bootstrap_os: none
|
bootstrap_os: none
|
||||||
|
@ -88,8 +89,10 @@ kube_network_node_prefix: 24
|
||||||
|
|
||||||
# The port the API Server will be listening on.
|
# The port the API Server will be listening on.
|
||||||
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
|
kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
|
||||||
kube_apiserver_port: 6443 # (https)
|
# https
|
||||||
kube_apiserver_insecure_port: 8080 # (http)
|
kube_apiserver_port: 6443
|
||||||
|
# http
|
||||||
|
kube_apiserver_insecure_port: 8080
|
||||||
|
|
||||||
# Path used to store Docker data
|
# Path used to store Docker data
|
||||||
docker_daemon_graph: "/var/lib/docker"
|
docker_daemon_graph: "/var/lib/docker"
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Configure defaults
|
- name: Configure defaults
|
||||||
debug:
|
debug:
|
||||||
msg: "Check roles/kubespray-defaults/defaults/main.yml"
|
msg: "Check roles/kubespray-defaults/defaults/main.yml"
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
- Calico | reload systemd
|
- Calico | reload systemd
|
||||||
- Calico | reload calico-node
|
- Calico | reload calico-node
|
||||||
|
|
||||||
- name : Calico | reload systemd
|
- name: Calico | reload systemd
|
||||||
shell: systemctl daemon-reload
|
shell: systemctl daemon-reload
|
||||||
|
|
||||||
- name: Calico | reload calico-node
|
- name: Calico | reload calico-node
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
- Calico-rr | reload systemd
|
- Calico-rr | reload systemd
|
||||||
- Calico-rr | reload calico-rr
|
- Calico-rr | reload calico-rr
|
||||||
|
|
||||||
- name : Calico-rr | reload systemd
|
- name: Calico-rr | reload systemd
|
||||||
shell: systemctl daemon-reload
|
shell: systemctl daemon-reload
|
||||||
|
|
||||||
- name: Calico-rr | reload calico-rr
|
- name: Calico-rr | reload calico-rr
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: etcd
|
- role: etcd
|
||||||
- role: docker
|
- role: docker
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
# The interface used by canal for host <-> host communication.
|
# The interface used by canal for host <-> host communication.
|
||||||
# If left blank, then the interface is chosing using the node's
|
# If left blank, then the interface is chosing using the node's
|
||||||
# default route.
|
# default route.
|
||||||
|
@ -30,4 +31,3 @@ calicoctl_memory_limit: 170M
|
||||||
calicoctl_cpu_limit: 100m
|
calicoctl_cpu_limit: 100m
|
||||||
calicoctl_memory_requests: 32M
|
calicoctl_memory_requests: 32M
|
||||||
calicoctl_cpu_requests: 25m
|
calicoctl_cpu_requests: 25m
|
||||||
|
|
||||||
|
|
|
@ -14,4 +14,3 @@
|
||||||
owner: kube
|
owner: kube
|
||||||
recurse: true
|
recurse: true
|
||||||
mode: "u=rwX,g-rwx,o-rwx"
|
mode: "u=rwX,g-rwx,o-rwx"
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
- Flannel | pause while Docker restarts
|
- Flannel | pause while Docker restarts
|
||||||
- Flannel | wait for docker
|
- Flannel | wait for docker
|
||||||
|
|
||||||
- name : Flannel | reload systemd
|
- name: Flannel | reload systemd
|
||||||
shell: systemctl daemon-reload
|
shell: systemctl daemon-reload
|
||||||
|
|
||||||
- name: Flannel | reload docker.socket
|
- name: Flannel | reload docker.socket
|
||||||
|
|
|
@ -1,44 +1,44 @@
|
||||||
---
|
---
|
||||||
kind: "Pod"
|
kind: "Pod"
|
||||||
apiVersion: "v1"
|
apiVersion: "v1"
|
||||||
metadata:
|
metadata:
|
||||||
name: "flannel"
|
name: "flannel"
|
||||||
namespace: "{{system_namespace}}"
|
namespace: "{{system_namespace}}"
|
||||||
labels:
|
labels:
|
||||||
app: "flannel"
|
app: "flannel"
|
||||||
version: "v0.1"
|
version: "v0.1"
|
||||||
spec:
|
spec:
|
||||||
volumes:
|
volumes:
|
||||||
- name: "subnetenv"
|
- name: "subnetenv"
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/run/flannel"
|
path: "/run/flannel"
|
||||||
- name: "etcd-certs"
|
- name: "etcd-certs"
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "{{ flannel_cert_dir }}"
|
path: "{{ flannel_cert_dir }}"
|
||||||
containers:
|
containers:
|
||||||
- name: "flannel-container"
|
- name: "flannel-container"
|
||||||
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
|
image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: {{ flannel_cpu_limit }}
|
cpu: {{ flannel_cpu_limit }}
|
||||||
memory: {{ flannel_memory_limit }}
|
memory: {{ flannel_memory_limit }}
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ flannel_cpu_requests }}
|
cpu: {{ flannel_cpu_requests }}
|
||||||
memory: {{ flannel_memory_requests }}
|
memory: {{ flannel_memory_requests }}
|
||||||
command:
|
command:
|
||||||
- "/bin/sh"
|
- "/bin/sh"
|
||||||
- "-c"
|
- "-c"
|
||||||
- "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
|
- "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network -etcd-cafile {{ flannel_cert_dir }}/ca_cert.crt -etcd-certfile {{ flannel_cert_dir }}/cert.crt -etcd-keyfile {{ flannel_cert_dir }}/key.pem {% if flannel_interface is defined %}-iface {{ flannel_interface }}{% endif %} {% if flannel_public_ip is defined %}-public-ip {{ flannel_public_ip }}{% endif %}"
|
||||||
ports:
|
ports:
|
||||||
- hostPort: 10253
|
- hostPort: 10253
|
||||||
containerPort: 10253
|
containerPort: 10253
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: "subnetenv"
|
- name: "subnetenv"
|
||||||
mountPath: "/run/flannel"
|
mountPath: "/run/flannel"
|
||||||
- name: "etcd-certs"
|
- name: "etcd-certs"
|
||||||
mountPath: "{{ flannel_cert_dir }}"
|
mountPath: "{{ flannel_cert_dir }}"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: network_plugin/calico
|
- role: network_plugin/calico
|
||||||
when: kube_network_plugin == 'calico'
|
when: kube_network_plugin == 'calico'
|
||||||
tags: calico
|
tags: calico
|
||||||
- role: network_plugin/flannel
|
- role: network_plugin/flannel
|
||||||
when: kube_network_plugin == 'flannel'
|
when: kube_network_plugin == 'flannel'
|
||||||
tags: flannel
|
tags: flannel
|
||||||
- role: network_plugin/weave
|
- role: network_plugin/weave
|
||||||
when: kube_network_plugin == 'weave'
|
when: kube_network_plugin == 'weave'
|
||||||
tags: weave
|
tags: weave
|
||||||
- role: network_plugin/canal
|
- role: network_plugin/canal
|
||||||
when: kube_network_plugin == 'canal'
|
when: kube_network_plugin == 'canal'
|
||||||
tags: canal
|
tags: canal
|
||||||
- role: network_plugin/cloud
|
- role: network_plugin/cloud
|
||||||
when: kube_network_plugin == 'cloud'
|
when: kube_network_plugin == 'cloud'
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: Weave pre-upgrade | Stop legacy weave
|
- name: Weave pre-upgrade | Stop legacy weave
|
||||||
command: weave stop
|
command: weave stop
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
include_vars: "{{ item }}"
|
include_vars: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- files:
|
- files:
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
|
||||||
- "{{ ansible_distribution|lower }}.yml"
|
- "{{ ansible_distribution|lower }}.yml"
|
||||||
- "{{ ansible_os_family|lower }}.yml"
|
- "{{ ansible_os_family|lower }}.yml"
|
||||||
- defaults.yml
|
- defaults.yml
|
||||||
paths:
|
paths:
|
||||||
- ../vars
|
- ../vars
|
||||||
skip: true
|
skip: true
|
||||||
tags: facts
|
tags: facts
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Uncordon node
|
- name: Uncordon node
|
||||||
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
|
command: "{{ bin_dir }}/kubectl uncordon {{ inventory_hostname }}"
|
||||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
|
when: (needs_cordoning|default(false)) and ( {%- if inventory_hostname in groups['kube-node'] -%} true {%- else -%} false {%- endif -%} )
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
|
---
|
||||||
drain_grace_period: 90
|
drain_grace_period: 90
|
||||||
drain_timeout: 120s
|
drain_timeout: 120s
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,7 @@ vault_needs_gen: false
|
||||||
vault_port: 8200
|
vault_port: 8200
|
||||||
# Although "cert" is an option, ansible has no way to auth via cert until
|
# Although "cert" is an option, ansible has no way to auth via cert until
|
||||||
# upstream merges: https://github.com/ansible/ansible/pull/18141
|
# upstream merges: https://github.com/ansible/ansible/pull/18141
|
||||||
vault_role_auth_method: userpass
|
vault_role_auth_method: userpass
|
||||||
vault_roles:
|
vault_roles:
|
||||||
- name: etcd
|
- name: etcd
|
||||||
group: etcd
|
group: etcd
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: ../shared/create_role.yml
|
- include: ../shared/create_role.yml
|
||||||
vars:
|
vars:
|
||||||
create_role_name: "{{ item.name }}"
|
create_role_name: "{{ item.name }}"
|
||||||
create_role_group: "{{ item.group }}"
|
create_role_group: "{{ item.group }}"
|
||||||
create_role_policy_rules: "{{ item.policy_rules }}"
|
create_role_policy_rules: "{{ item.policy_rules }}"
|
||||||
create_role_options: "{{ item.role_options }}"
|
create_role_options: "{{ item.role_options }}"
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
|
- name: bootstrap/start_vault_temp | Ensure vault-temp isn't already running
|
||||||
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
|
shell: if docker rm -f {{ vault_temp_container_name }} 2>&1 1>/dev/null;then echo true;else echo false;fi
|
||||||
register: vault_temp_stop_check
|
register: vault_temp_stop_check
|
||||||
|
@ -13,7 +12,7 @@
|
||||||
-v /etc/vault:/etc/vault
|
-v /etc/vault:/etc/vault
|
||||||
{{ vault_image_repo }}:{{ vault_version }} server
|
{{ vault_image_repo }}:{{ vault_version }} server
|
||||||
|
|
||||||
#FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
|
# FIXME(mattymo): Crashes on first start with aufs docker storage. See hashicorp/docker-vault#19
|
||||||
- name: bootstrap/start_vault_temp | Start again single node Vault with file backend
|
- name: bootstrap/start_vault_temp | Start again single node Vault with file backend
|
||||||
command: docker start {{ vault_temp_container_name }}
|
command: docker start {{ vault_temp_container_name }}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: ../shared/sync_file.yml
|
- include: ../shared/sync_file.yml
|
||||||
vars:
|
vars:
|
||||||
sync_file: "ca.pem"
|
sync_file: "ca.pem"
|
||||||
|
@ -29,4 +28,3 @@
|
||||||
- name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
|
- name: bootstrap/sync_vault_certs | Unset sync_file_results after api.pem sync
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_results: []
|
sync_file_results: []
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: ../shared/check_vault.yml
|
- include: ../shared/check_vault.yml
|
||||||
when: inventory_hostname in groups.vault
|
when: inventory_hostname in groups.vault
|
||||||
|
|
||||||
|
@ -26,7 +25,7 @@
|
||||||
- include: ../shared/find_leader.yml
|
- include: ../shared/find_leader.yml
|
||||||
when: inventory_hostname in groups.vault
|
when: inventory_hostname in groups.vault
|
||||||
|
|
||||||
- include: ../shared/pki_mount.yml
|
- include: ../shared/pki_mount.yml
|
||||||
when: inventory_hostname == groups.vault|first
|
when: inventory_hostname == groups.vault|first
|
||||||
|
|
||||||
- include: ../shared/config_ca.yml
|
- include: ../shared/config_ca.yml
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue