Merge pull request #363 from mattymo/kubelet

Deploy kubelet and kube-apiserver as containers
pull/377/head
Antoine Legrand 2016-07-24 01:02:33 +02:00 committed by GitHub
commit af4c41f32e
19 changed files with 88 additions and 348 deletions

View File

@ -15,8 +15,6 @@ calico_cni_version: v1.3.1
weave_version: v1.5.0 weave_version: v1.5.0
# Download URL's # Download URL's
kubelet_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubelet"
apiserver_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-apiserver"
kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl" kubectl_download_url: "https://storage.googleapis.com/kargo/{{kube_version}}_kubernetes-kubectl"
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd" etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
@ -64,14 +62,6 @@ downloads:
unarchive: true unarchive: true
owner: "etcd" owner: "etcd"
mode: "0755" mode: "0755"
kubernetes_kubelet:
version: "{{kube_version}}"
dest: kubernetes/bin/kubelet
sha256: "{{vars['kube_checksum'][kube_version]['kubelet']}}"
source_url: "{{ kubelet_download_url }}"
url: "{{ kubelet_download_url }}"
owner: "kube"
mode: "0755"
kubernetes_kubectl: kubernetes_kubectl:
dest: kubernetes/bin/kubectl dest: kubernetes/bin/kubectl
version: "{{kube_version}}" version: "{{kube_version}}"
@ -80,14 +70,8 @@ downloads:
url: "{{ kubectl_download_url }}" url: "{{ kubectl_download_url }}"
owner: "kube" owner: "kube"
mode: "0755" mode: "0755"
kubernetes_apiserver: nothing:
dest: kubernetes/bin/kube-apiserver enabled: false
version: "{{kube_version}}"
sha256: "{{vars['kube_checksum'][kube_version]['kube_apiserver']}}"
source_url: "{{ apiserver_download_url }}"
url: "{{ apiserver_download_url }}"
owner: "kube"
mode: "0755"
download: download:
enabled: "{{ file.enabled|default('true') }}" enabled: "{{ file.enabled|default('true') }}"

View File

@ -1,22 +1,12 @@
kube_checksum: kube_checksum:
v1.2.2: v1.2.2:
kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4 kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
kubelet: f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b
v1.2.3: v1.2.3:
kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
kubelet_checksum: 633bb41c51c5c0df0645dd60ba82b12eba39d009eb87bae9227de7d9a89c0797
v1.2.4: v1.2.4:
kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897 kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
kubelet: 4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341
v1.2.5: v1.2.5:
kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19 kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
kubelet: cd15b929f0190876216f397c2c6e7aa8c08d3b047fd90b4980cd68c8f4896211
v1.3.0: v1.3.0:
kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
kubelet: bd5f10ccb95fe6e95ddf7ad8a119195c27cb2bce4be6f80c1810ff1a2111496d
kube_version: v1.3.0 kube_version: v1.3.0

View File

@ -2,7 +2,5 @@
dependencies: dependencies:
- role: download - role: download
file: "{{ downloads.kubernetes_kubectl }}" file: "{{ downloads.kubernetes_kubectl }}"
- role: download
file: "{{ downloads.kubernetes_apiserver }}"
- { role: etcd } - { role: etcd }
- { role: kubernetes/node } - { role: kubernetes/node }

View File

@ -1,52 +1,34 @@
--- ---
- include: pre-upgrade.yml
- name: Copy kubectl bash completion - name: Copy kubectl bash completion
copy: copy:
src: kubectl_bash_completion.sh src: kubectl_bash_completion.sh
dest: /etc/bash_completion.d/kubectl.sh dest: /etc/bash_completion.d/kubectl.sh
when: ansible_os_family in ["Debian","RedHat"] when: ansible_os_family in ["Debian","RedHat"]
- name: Copy kube-apiserver binary
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kube-apiserver" "{{ bin_dir }}/kube-apiserver"
register: kube_apiserver_copy
changed_when: false
- name: Copy kubectl binary - name: Copy kubectl binary
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl" command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubectl" "{{ bin_dir }}/kubectl"
changed_when: false changed_when: false
- name: install | Write kube-apiserver systemd init file
template:
src: "kube-apiserver.service.j2"
dest: "/etc/systemd/system/kube-apiserver.service"
backup: yes
when: ansible_service_mgr == "systemd"
notify: restart kube-apiserver
- name: install | Write kube-apiserver initd script
template:
src: "deb-kube-apiserver.initd.j2"
dest: "/etc/init.d/kube-apiserver"
owner: root
mode: 0755
backup: yes
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "Debian"
- name: Write kube-apiserver config file
template:
src: "kube-apiserver.j2"
dest: "{{ kube_config_dir }}/kube-apiserver.env"
backup: yes
notify: restart kube-apiserver
- name: Allow apiserver to bind on both secure and insecure ports
shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver
changed_when: false
- meta: flush_handlers - meta: flush_handlers
- include: start.yml - name: Write kube-apiserver manifest
with_items: "{{ groups['kube-master'] }}" template:
when: "{{ hostvars[item].inventory_hostname == inventory_hostname }}" src: manifests/kube-apiserver.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
register: apiserver_manifest
- name: restart kubelet
service:
name: kubelet
state: restarted
when: apiserver_manifest.changed
- name: wait for the apiserver to be running
wait_for:
port: "{{kube_apiserver_insecure_port}}"
timeout: 60
# Create kube-system namespace # Create kube-system namespace
- name: copy 'kube-system' namespace manifest - name: copy 'kube-system' namespace manifest
@ -61,17 +43,13 @@
failed_when: False failed_when: False
run_once: yes run_once: yes
- name: wait for the apiserver to be running
wait_for:
port: "{{kube_apiserver_insecure_port}}"
timeout: 60
- name: Create 'kube-system' namespace - name: Create 'kube-system' namespace
command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml" command: "{{ bin_dir }}/kubectl create -f /etc/kubernetes/kube-system-ns.yml"
changed_when: False changed_when: False
when: kubesystem|failed and inventory_hostname == groups['kube-master'][0] when: kubesystem|failed and inventory_hostname == groups['kube-master'][0]
# Write manifests # Write other manifests
- name: Write kube-controller-manager manifest - name: Write kube-controller-manager manifest
template: template:
src: manifests/kube-controller-manager.manifest.j2 src: manifests/kube-controller-manager.manifest.j2
@ -81,9 +59,3 @@
template: template:
src: manifests/kube-scheduler.manifest.j2 src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest" dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
- name: restart kubelet
service:
name: kubelet
state: restarted
changed_when: false

View File

@ -0,0 +1,25 @@
---
- name: "Pre-upgrade | check for kube-apiserver unit file"
stat:
path: /etc/systemd/system/kube-apiserver.service
register: kube_apiserver_service_file
- name: "Pre-upgrade | check for kube-apiserver init script"
stat:
path: /etc/init.d/kube-apiserver
register: kube_apiserver_init_script
- name: "Pre-upgrade | stop kube-apiserver if service defined"
service:
name: kube-apiserver
state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
- name: "Pre-upgrade | remove kube-apiserver service definition"
file:
path: "{{ item }}"
state: absent
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
with_items:
- /etc/systemd/system/kube-apiserver.service
- /etc/init.d/kube-apiserver

View File

@ -1,22 +0,0 @@
---
- name: Pause
pause: seconds=10
- name: reload systemd
command: systemctl daemon-reload
when: ansible_service_mgr == "systemd" and restart_apimaster is defined and restart_apimaster == True
- name: reload kube-apiserver
service:
name: kube-apiserver
state: restarted
enabled: yes
when: ( restart_apimaster is defined and restart_apimaster == True) or
secret_changed | default(false)
- name: Enable apiserver
service:
name: kube-apiserver
enabled: yes
state: started
when: restart_apimaster is not defined or restart_apimaster == False

View File

@ -1,118 +0,0 @@
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: kube-apiserver
# Required-Start: $local_fs $network $syslog
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: The Kubernetes apiserver
# Description:
# The Kubernetes apiserver.
### END INIT INFO
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="The Kubernetes apiserver"
NAME=kube-apiserver
DAEMON={{ bin_dir }}/kube-apiserver
DAEMON_LOG_FILE=/var/log/$NAME.log
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
DAEMON_USER=root
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --background --no-close \
--make-pidfile --pidfile $PIDFILE \
--exec $DAEMON -c $DAEMON_USER --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --background --no-close \
--make-pidfile --pidfile $PIDFILE \
--exec $DAEMON -c $DAEMON_USER -- \
$DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) log_end_msg 0 || exit 0 ;;
2) log_end_msg 1 || exit 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) exit 1 ;;
esac
;;
status)
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac

View File

@ -1,58 +0,0 @@
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
# Logging directory
KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true"
{% else %}
# logging to stderr means we get it in the systemd journal
KUBE_LOGGING="--logtostderr=true"
{% endif %}
# Apiserver Log level, 0 is debug
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=true"
# The port on the local server to listen on.
KUBE_API_PORT="--insecure-port={{kube_apiserver_insecure_port}} --secure-port={{ kube_apiserver_port }}"
# Insecure API address (default is localhost)
KUBE_API_INSECURE_BIND="--insecure-bind-address={{ kube_apiserver_insecure_bind_address | default('127.0.0.1') }}"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range={{ kube_service_addresses }}"
# Location of the etcd cluster
KUBE_ETCD_SERVERS="--etcd_servers={{ etcd_access_endpoint }}"
# Bind address for secure endpoint
KUBE_API_ADDRESS="--bind-address={{ ip | default(ansible_default_ipv4.address) }}"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"
# RUNTIME API CONFIGURATION (e.g. enable extensions)
KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}"
# TLS CONFIGURATION
KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private_key_file={{ kube_cert_dir }}/apiserver-key.pem --client_ca_file={{ kube_cert_dir }}/ca.pem"
# Add you own!
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem --advertise-address={{ ip | default(ansible_default_ipv4.address) }}"
{% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %}
{# TODO: gce and aws don't need the cloud provider to be set? #}
KUBELET_CLOUDPROVIDER=""
{% endif %}
{% if ansible_service_mgr in ["sysvinit","upstart"] %}
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_API_INSECURE_BIND \
$KUBE_SERVICE_ADDRESSES $KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG \
$KUBE_TLS_CONFIG $KUBE_API_ARGS $KUBELET_CLOUDPROVIDER"
{% endif %}

View File

@ -1,30 +0,0 @@
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
Wants=etcd-proxy.service
After=etcd-proxy.service
[Service]
EnvironmentFile=/etc/kubernetes/kube-apiserver.env
User=kube
ExecStart={{ bin_dir }}/kube-apiserver \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_ETCD_SERVERS \
$KUBE_API_ADDRESS \
$KUBE_API_PORT \
$KUBE_API_INSECURE_BIND \
$KUBELET_PORT \
$KUBE_ALLOW_PRIV \
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$KUBE_RUNTIME_CONFIG \
$KUBE_TLS_CONFIG \
$KUBE_API_ARGS \
$KUBELET_CLOUDPROVIDER
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target

View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: kube-apiserver name: kube-apiserver
namespace: kube-system
spec: spec:
hostNetwork: true hostNetwork: true
containers: containers:
@ -12,12 +13,14 @@ spec:
- apiserver - apiserver
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }} - --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
- --etcd-servers={{ etcd_access_endpoint }} - --etcd-servers={{ etcd_access_endpoint }}
- --insecure-bind-address={{ kube_apiserver_insecure_bind_address | default('127.0.0.1') }}
- --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota - --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
- --service-cluster-ip-range={{ kube_service_addresses }} - --service-cluster-ip-range={{ kube_service_addresses }}
- --client-ca-file={{ kube_cert_dir }}/ca.pem - --client-ca-file={{ kube_cert_dir }}/ca.pem
- --basic-auth-file={{ kube_users_dir }}/known_users.csv - --basic-auth-file={{ kube_users_dir }}/known_users.csv
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
- --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --secure-port={{ kube_apiserver_port }} - --secure-port={{ kube_apiserver_port }}
- --insecure-port={{ kube_apiserver_insecure_port }} - --insecure-port={{ kube_apiserver_insecure_port }}
@ -26,16 +29,13 @@ spec:
- --runtime-config={{ conf }} - --runtime-config={{ conf }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
- --v={{ kube_log_level | default('2') }} - --v={{ kube_log_level | default('2') }}
- --allow-privileged=true - --allow-privileged=true
ports: {% if cloud_provider is defined and cloud_provider == "openstack" %}
- containerPort: {{ kube_apiserver_port }} - --cloud-provider={{ cloud_provider }}
hostPort: {{ kube_apiserver_port }} - --cloud-config={{ kube_config_dir }}/cloud_config
name: https {% endif %}
- containerPort: {{ kube_apiserver_insecure_port }} - 2>&1 >> {{ kube_log_dir }}/kube-apiserver.log
hostPort: {{ kube_apiserver_insecure_port }}
name: local
volumeMounts: volumeMounts:
- mountPath: {{ kube_config_dir }} - mountPath: {{ kube_config_dir }}
name: kubernetes-config name: kubernetes-config
@ -43,6 +43,8 @@ spec:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl/certs
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
- mountPath: /var/log/
name: logfile
volumes: volumes:
- hostPath: - hostPath:
path: {{ kube_config_dir }} path: {{ kube_config_dir }}
@ -50,3 +52,6 @@ spec:
- hostPath: - hostPath:
path: /etc/ssl/certs/ path: /etc/ssl/certs/
name: ssl-certs-host name: ssl-certs-host
- hostPath:
path: /var/log/
name: logfile

View File

@ -1,5 +1,5 @@
--- ---
dependencies: dependencies:
- role: download - role: download #For kube_version
file: "{{ downloads.kubernetes_kubelet }}" file: "{{ downloads.nothing }}"
- role: kubernetes/secrets - role: kubernetes/secrets

View File

@ -14,7 +14,7 @@
when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat" when: ansible_service_mgr in ["sysvinit","upstart"] and ansible_os_family == "RedHat"
notify: restart kubelet notify: restart kubelet
- name: install | Install kubelet binary - name: install | Install kubelet launch script
command: rsync -piu "{{ local_release_dir }}/kubernetes/bin/kubelet" "{{ bin_dir }}/kubelet" template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
register: kubelet_copy register: kubelet_launcher
changed_when: false changed_when: false

View File

@ -26,7 +26,7 @@
- name: Restart kubelet if binary changed - name: Restart kubelet if binary changed
command: /bin/true command: /bin/true
notify: restart kubelet notify: restart kubelet
when: kubelet_copy.stdout_lines when: kubelet_launcher.changed
# reload-systemd # reload-systemd
- meta: flush_handlers - meta: flush_handlers

View File

@ -0,0 +1,15 @@
#!/bin/bash
/usr/bin/docker run --privileged --rm \
--net=host --pid=host --name=kubelet \
-v /etc/cni:/etc/cni:ro \
-v /opt/cni:/opt/cni:ro \
-v /etc/kubernetes:/etc/kubernetes \
-v /sys:/sys \
-v /dev:/dev \
-v /var/lib/docker:/var/lib/docker \
-v /var/run:/var/run \
-v /var/lib/kubelet:/var/lib/kubelet \
{{ hyperkube_image_repo }}:{{ hyperkube_image_tag}} \
nsenter --target=1 --mount --wd=. -- \
./hyperkube kubelet \
$@

View File

@ -6,7 +6,6 @@ KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true"
KUBE_LOGGING="--logtostderr=true" KUBE_LOGGING="--logtostderr=true"
{% endif %} {% endif %}
KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}" KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
KUBE_ALLOW_PRIV="--allow_privileged=true"
{% if inventory_hostname in groups['kube-node'] %} {% if inventory_hostname in groups['kube-node'] %}
KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}" KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address'])) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
{% endif %} {% endif %}
@ -15,7 +14,7 @@ KUBELET_ADDRESS="--address={{ ip | default("0.0.0.0") }}"
# The port for the info server to serve on # The port for the info server to serve on
# KUBELET_PORT="--port=10250" # KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname # You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}" KUBELET_HOSTNAME="--hostname-override={{ inventory_hostname }}"
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %} {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
KUBELET_REGISTER_NODE="--register-node=false" KUBELET_REGISTER_NODE="--register-node=false"
{% endif %} {% endif %}
@ -26,12 +25,12 @@ KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} -
KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}" KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
{% endif %} {% endif %}
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %} {% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d" KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %} {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock" DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
{% endif %} {% endif %}
# Should this cluster be allowed to run privileged docker containers # Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=true" KUBE_ALLOW_PRIV="--allow-privileged=true"
{% if cloud_provider is defined and cloud_provider == "openstack" %} {% if cloud_provider is defined and cloud_provider == "openstack" %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config" KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %} {% else %}

View File

@ -22,7 +22,10 @@ ExecStart={{ bin_dir }}/kubelet \
$KUBELET_REGISTER_NODE \ $KUBELET_REGISTER_NODE \
$KUBELET_NETWORK_PLUGIN \ $KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER $KUBELET_CLOUDPROVIDER
Restart=on-failure ExecStartPre=-/usr/bin/docker rm -f kubelet
ExecReload=/usr/bin/docker restart kubelet
Restart=always
RestartSec=10s
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
/usr/bin/docker run --privileged --rm \ /usr/bin/docker run --privileged --rm \
--net=host -e ETCD_AUTHORITY={{ etcd_authority }} \ --net=host --pid=host -e ETCD_AUTHORITY={{ etcd_authority }} \
-v /usr/bin/docker:/usr/bin/docker \ -v /usr/bin/docker:/usr/bin/docker \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
-v /var/run/calico:/var/run/calico \ -v /var/run/calico:/var/run/calico \

View File

@ -60,15 +60,6 @@ downloads:
owner: "etcd" owner: "etcd"
mode: "0755" mode: "0755"
- name: kubernetes-kubelet
version: "{{kube_version}}"
dest: kubernetes/bin/kubelet
sha256: "{{vars['kube_checksum'][kube_version]['kubelet']}}"
source_url: "{{ kube_download_url }}/kubelet"
url: "{{ kube_download_url }}/kubelet"
owner: "kube"
mode: "0755"
- name: kubernetes-kubectl - name: kubernetes-kubectl
dest: kubernetes/bin/kubectl dest: kubernetes/bin/kubectl
version: "{{kube_version}}" version: "{{kube_version}}"
@ -77,12 +68,3 @@ downloads:
url: "{{ kube_download_url }}/kubectl" url: "{{ kube_download_url }}/kubectl"
owner: "kube" owner: "kube"
mode: "0755" mode: "0755"
- name: kubernetes-apiserver
dest: kubernetes/bin/kube-apiserver
version: "{{kube_version}}"
sha256: "{{vars['kube_checksum'][kube_version]['kube_apiserver']}}"
source_url: "{{ kube_download_url }}/kube-apiserver"
url: "{{ kube_download_url }}/kube-apiserver"
owner: "kube"
mode: "0755"

View File

@ -2,21 +2,16 @@ kube_checksum:
v1.2.2: v1.2.2:
kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de kube_apiserver: eb1bfd8b877052cbd1991b8c429a1d06661f4cb019905e20e128174f724e16de
kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4 kubectl: 473e6924569fba30d4a50cecdc2cae5f31d97d1f662463e85b74a472105dcff4
kubelet: f16827dc7e7c82f0e215f0fc73eb01e2dfe91a2ec83f9cbcaf8d37c91b64fd3b
v1.2.3: v1.2.3:
kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9 kube_apiserver_checksum: ebaeeeb72cb29b358337b330617a96355ff2d08a5a523fc1a81beba36cc9d6f9
kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c kubectl_checksum: 394853edd409a721bcafe4f1360009ef9f845050719fe7d6fc7176f45cc92a8c
kubelet_checksum: 633bb41c51c5c0df0645dd60ba82b12eba39d009eb87bae9227de7d9a89c0797
v1.2.4: v1.2.4:
kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e kube_apiserver: 6ac99b36b02968459e026fcfc234207c66064b5e11816b69dd8fc234b2ffec1e
kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897 kubectl: dac61fbd506f7a17540feca691cd8a9d9d628d59661eebce788a50511f578897
kubelet: 4adaf40592248eef6fd4fa126464915ea41e624a70dc77178089760ed235e341
v1.2.5: v1.2.5:
kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33 kube_apiserver: fbe8296ad4b194c06f6802a126d35cd2887dc1aded308d4da2b580f270412b33
kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19 kubectl: 5526a496a84701015485e32c86486e2f23599f7a865164f546e619c6a62f7f19
kubelet: cd15b929f0190876216f397c2c6e7aa8c08d3b047fd90b4980cd68c8f4896211
v1.3.0: v1.3.0:
kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd kube_apiserver: 431cd312984a29f45590138e990d5c4d537b069b71f2587a72414fabc4fcffdd
kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc kubectl: f40b2d0ff33984e663a0dea4916f1cb9041abecc09b11f9372cdb8049ded95dc
kubelet: bd5f10ccb95fe6e95ddf7ad8a119195c27cb2bce4be6f80c1810ff1a2111496d
kube_version: v1.3.0 kube_version: v1.3.0