Many use cases of k8s involve running a local
registry, chances are the person running this
will learn the hard way that they need to allow
insecure registry on the `kube_service_addresses`
network.
We should just default to settings this in
`inventory/group_vars/all.yml` to help reduce
potential friction for first time users.
This should make things a little more composable,
by making these roles meta roles that perform no
actions by default we allow each role to own its own
resources.
Kubernetes API server has an option:
```
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
```
kargo does not set --bind-address, thus it binds to eth0, in vagrant and similar
environments this causes issues because nodes cannot talk to eachother over eth0.
This sets `--advertise-address` to `ip` if its set, otherwise the default behavior
of is persisted by using `ansible_default_ipv4.address`.
using a shared folder can cause race conditions for the download
role as it tries to download files on all the nodes to the same
shared path. This adds a flag to run the tasks in the download
role on just one node.
I accidently left in the old download URL for coreos
even after I switched the box name to be ubuntu, it
worked fine for me because I already had that box
locally so it didn't try to download. This should
resolve this by using the official bento/ubuntu-14.04
box which is a nice minimal image.
We also allow the default behaviour of sharing folder to VMs
By doing this we can stage our download files in a shared location
and speed up subsequent runs significantly.
Finally will create more verbose documentation.
check_certs task "Check_certs | Set 'sync_certs' to true" was failing
due to the dict not existing, this sets defaults that allows the
correct behavior of the conditionals.