From 624a964cda77ba0a2f0e1fe270713ec96fd4608b Mon Sep 17 00:00:00 2001 From: "teuto.net Netzdienste GmbH" Date: Thu, 31 Mar 2016 14:38:08 +0200 Subject: [PATCH 1/3] Implemented Dynamic Provisioning of PersistentVolumes with cinder When kubespray is deployed on OpenStack, the kube-controller-manager is now aware of the cluster and can create new cinder volumes automatically if the PersistentVolumeClaims are annotated accordingly. Note that this is an alpha feature of kubernetes 1.2 --- .../manifests/kube-controller-manager.manifest.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 index 4b9ed2f74..2897ad774 100644 --- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 @@ -16,6 +16,10 @@ spec: - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --root-ca-file={{ kube_cert_dir }}/ca.pem - --v={{ kube_log_level | default('2') }} +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - --cloud-provider=openstack + - --cloud-config={{ kube_config_dir }}/cloud_config +{% endif %} livenessProbe: httpGet: host: 127.0.0.1 @@ -30,6 +34,11 @@ spec: - mountPath: /etc/ssl/certs name: ssl-certs-host readOnly: true +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - mountPath: {{ kube_config_dir }}/cloud_config + name: cloudconfig + readOnly: true +{% endif %} volumes: - hostPath: path: {{ kube_cert_dir }} @@ -37,3 +46,8 @@ spec: - hostPath: path: /usr/share/ca-certificates name: ssl-certs-host +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - hostPath: + path: {{ kube_config_dir }}/cloud_config + name: cloudconfig +{% endif %} From 8cbdf73ebaf663cddba955cea04b0237db9ad460 Mon Sep 17 00:00:00 2001 From: "teuto.net Netzdienste GmbH" Date: Fri, 1 Apr 2016 09:34:28 +0200 Subject: [PATCH 2/3] Changed path to hosts ssl certs from /usr/share/ca-certificates to /etc/ssl/certs/ which fixes https problems in kube-controller-manager and kube-apiserver (#189) caused by the lack of certificates on debian and redhat based systems. --- .../master/templates/manifests/kube-apiserver.manifest.j2 | 2 +- .../templates/manifests/kube-controller-manager.manifest.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index 1a0b6a2cb..707915047 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -48,5 +48,5 @@ spec: path: {{ kube_config_dir }} name: kubernetes-config - hostPath: - path: /usr/share/ca-certificates + path: /etc/ssl/certs/ name: ssl-certs-host diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 index 2897ad774..3ae4c18fc 100644 --- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 @@ -44,7 +44,7 @@ spec: path: {{ kube_cert_dir }} name: ssl-certs-kubernetes - hostPath: - path: /usr/share/ca-certificates + path: /etc/ssl/certs/ name: ssl-certs-host {% if cloud_provider is defined and cloud_provider == "openstack" %} - hostPath: From 7237a925eb64ce04793da258471678c8d8762bbe Mon Sep 17 00:00:00 2001 From: ant31 <2t.antoine@gmail.com> Date: Fri, 1 Apr 2016 12:40:01 +0200 Subject: [PATCH 3/3] Add kubernetes.default.svc in certs dns --- roles/kubernetes/secrets/templates/openssl.conf.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2 index c0f253ebe..fa00163a3 100644 --- a/roles/kubernetes/secrets/templates/openssl.conf.j2 +++ b/roles/kubernetes/secrets/templates/openssl.conf.j2 @@ -9,9 +9,10 @@ subjectAltName = @alt_names [alt_names] DNS.1 = kubernetes DNS.2 = kubernetes.default -DNS.3 = kubernetes.default.svc.{{ dns_domain }} +DNS.3 = kubernetes.default.svc +DNS.4 = kubernetes.default.svc.{{ dns_domain }} {% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %} -DNS.4 = {{ apiserver_loadbalancer_domain_name }} +DNS.5 = {{ apiserver_loadbalancer_domain_name }} {% endif %} {% for host in groups['kube-master'] %} IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}