Commit Graph

228 Commits (ca6a07f5954d77afdbdf6c2ff2b0db01a1e4c210)

Author SHA1 Message Date
Bogdan Dobrelya a70c3b661e Add HA/LB endpoints for kube-apiserver
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver
vars and usecases.
* Add loadbalancer_apiserver_localhost (default false). If enabled, override
the external LB and expect localhost:443/8080 to be new internal only frontends.
* Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients
to access the apiservers as a comma-separated list of access_ip/ip/ansible ip
(a default mode). When disabled, allow clients to use the given loadbalancers.
* Define connections security mode for kube controllers, schedulers, proxies.
It is insecure be default, which is the current deployment choice.
* Rework the groups['kube-master'][0] hardcode defining the apiserver
endpoints.
* Improve grouping of vars and add facts for kube_apiserver.
* Define kube_apiserver_insecure_bind_address as a fact, add more
facts for ease of use.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-21 11:05:03 +02:00
Bogdan Dobrelya 32cd6e99b2 Add etcd proxy support
* Enforce a etcd-proxy role to a k8s-cluster group members. This
provides an HA layout for all of the k8s cluster internal clients.
* Proxies to be run on each node in the group as a separate etcd
instances with a readwrite proxy mode and listen the given endpoint,
which is either the access_ip:2379 or the localhost:2379.
* A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and
loadbalancers and use the etcd members IPs as a comma-separated
list. Otherwise, clients shall use the local endpoint provided by a
etcd-proxy instances on each etcd node. A Netwroking plugins always
use that access mode.
* Fix apiserver's etcd servers args to use the etcd_access_endpoint.
* Fix networking plugins flannel/calico to use the etcd_endpoint.
* Fix name env var for non masters to be set as well.
* Fix etcd_client_url was not used anywhere and other etcd_* facts
evaluation was duplicated in a few places.
* Define proxy modes only in the env file, if not a master. Del
an automatic proxy mode decisions for etcd nodes in init/unit scripts.
* Use Wants= instead of Requires= as "This is the recommended way to
hook start-up of one unit to the start-up of another unit"
* Make apiserver/calico Wants= etcd-proxy to keep it always up

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
2016-07-19 14:09:40 +02:00
ant31 eb6025a184 Add kubedns as default package to install 2016-06-12 18:08:53 +02:00
Paul Czarkowski 67147cf435 example env allow insecure-registry
Many use cases of k8s involve running a local
registry, chances are the person running this
will learn the hard way that they need to allow
insecure registry on the `kube_service_addresses`
network.

We should just default to settings this in
`inventory/group_vars/all.yml` to help reduce
potential friction for first time users.
2016-05-28 11:56:16 -05:00
Spencer Smith 87757d4fcf provides initial docker options support 2016-05-25 12:56:45 -04:00
David Reuss 0984b23f0e Use correct google ns for dns upstream 2016-05-17 13:19:13 +02:00
Spencer Smith adceaf60e1 support proxies with docker on rhel 2016-05-10 15:49:27 -07:00
Paul Czarkowski 8f4e879ca7 Add native Vagrant support
This allows you to simply run `vagrant up` to get a 3 node HA cluster.

* Creates a dynamic inventory and uses the inventory/group_vars/all.yml
* commented lines in inventory.example so that ansible doesn't try to use it.
* added requirements.txt to give easy way to install ansible/ipaddr
* added gitignore files to stop attempts to save unwated files
* changed `Check if kube-system exists` to `failed_when: false` instead of
`ignore_errors`
2016-05-08 10:17:11 -05:00
Smana bd6c12d686 fix api auth issue for ci tests 2016-05-05 09:00:02 +02:00
Smana 59d71740b1 use a variable for api's 'root' password 2016-05-04 16:49:25 +02:00
teuto.net Netzdienste GmbH 9f8da6c225 Implemented cloud-provider integration for OpenStack.
Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
2016-03-29 15:17:22 +02:00
Smaine Kahlouch 68fafd030d choose between gce and aws cloud providers 2016-03-23 17:27:06 +01:00
ant31 6297e5ea93 Use dnsmasq inside pods 2016-03-19 23:41:27 +01:00
Smana cd38ecc378 redirecting to new doc page 2016-03-07 16:15:40 +01:00
Smana fca384e24c first version of CoreOS on GCE
Please enter the commit message for your changes. Lines starting
2016-02-21 00:06:36 +01:00
Smana 793d665db4 specify weave version 2016-02-10 18:19:03 +01:00
Smaine Kahlouch 4f92417a5d split network plugins into distinct roles 2016-02-09 11:42:00 +01:00
Greg Althaus bedcca922c Add variables and defaults for multiple types of ip addresses.
Each node can have 3 IPs.
1. ansible_default_ip4 - whatever ansible things is the first IPv4 address
   usually with the default gw.
2. ip - An address to use on the local node to bind listeners and do local
   communication.  For example, Vagrant boxes have a first address that is the
   NAT bridge and is common for all nodes.  The second address/interface should
   be used.
3. access_ip - An address to use for node-to-node access.  This is assumed to
   be used by other nodes to access the node and may not be actually assigned
   on the node.  For example, AWS public ip that is not assigned to node.

This updates the places addresses are used to use either ip or access_ip and walk
up the list to find an address.
2016-01-27 16:05:39 -06:00
Smaine Kahlouch 5edc81c627 moving kube-cert group into group_vars 2016-01-22 17:18:45 +01:00
Antoine Legrand 078b67c50f Remove downloader host 2016-01-22 09:59:39 +01:00
ant31 9a03249446 Add travis tests 2016-01-05 12:31:49 +01:00
Smaine Kahlouch 2a08f7bc0a inventory example, localhost for downloader 2016-01-04 14:54:30 +01:00
Smaine Kahlouch 392570f4ff distinct local hostname 2015-12-31 14:54:51 +01:00
Smaine Kahlouch 98fe2c02b2 review local tasks 2015-12-31 10:28:47 +01:00
Smaine Kahlouch 4388cab8d6 Use second ip address in order to avoid any ip range problem 2015-12-24 13:58:04 +01:00
Smaine Kahlouch 03d402e226 using hostnames in the inventory is more readable 2015-12-18 16:13:42 +01:00
Smaine Kahlouch 0a238d9853 Specify etcd servers for the etcd cluster 2015-12-18 14:31:51 +01:00
Antoine Legrand a003d91576 simplify inventory path 2015-12-17 21:32:06 +01:00