Merge branch 'ha_master' of https://github.com/ansibl8s/setup-kubernetes into ha

60122301 · ant31 · 693230ac · 61bb6468 · 60122301 · 60122301
Commit 60122301 authored 9 years ago by ant31
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ kube-master
 Run the playbook
 ```
-ansible-playbook -i environments/production/inventory cluster.yml -u root
+ansible-playbook -i environments/test/inventory cluster.yml -u root
 ```
 You can jump directly to "*Available apps, installation procedure*"
@@ -59,7 +59,7 @@ Ansible
 ### Download binaries
 A role allows to download required binaries. They will be stored in a directory defined by the variable
 **'local_release_dir'** (by default /tmp).
-Please ensure that you have enough disk space there (about **1G**).
+Please ensure that you have enough disk space there (about **300M**).
 **Note**: Whenever you'll need to change the version of a software, you'll have to erase the content of this directory.
@@ -106,14 +106,6 @@ In node-mesh mode the nodes peers with all the nodes in order to exchange routes
 [k8s-cluster:children]
 kube-node
 kube-master
-[paris:vars]
-peers=[{"router_id": "10.99.0.2", "as": "65xxx"}, {"router_id": "10.99.0.3", "as": "65xxx"}]
-loadbalancer_address="10.99.0.24"
-[usa:vars]
-peers=[{"router_id": "10.99.0.34", "as": "65xxx"}, {"router_id": "10.99.0.35", "as": "65xxx"}]
-loadbalancer_address="10.99.0.44"
 ```
 ### Playbook
@@ -124,13 +116,9 @@ loadbalancer_address="10.99.0.44"
  roles:
    - { role: download, tags: download }
-# etcd must be running on master(s) before going on
- hosts: etcd
-  roles:
-    - { role: etcd, tags: etcd }
 - hosts: k8s-cluster
  roles:
+    - { role: etcd, tags: etcd }
    - { role: docker, tags: docker }
    - { role: dnsmasq, tags: dnsmasq }
    - { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
@@ -161,6 +149,9 @@ the server address has to be present on both groups 'kube-master' and 'kube-node
 * Almost all kubernetes components are running into pods except *kubelet*. These pods are managed by kubelet which ensure they're always running
 * One etcd cluster member per node will be configured. For safety reasons, you should have at least two master nodes.
+* Kube-proxy doesn't support multiple apiservers on startup ([#18174]('https://github.com/kubernetes/kubernetes/issues/18174')). An external loadbalancer needs to be configured.
+In order to do so, some variables have to be used '**loadbalancer_apiserver**' and '**apiserver_loadbalancer_domain_name**' 
 ### Network Overlay

--- a/environments/test/group_vars/all.yml
+++ b/environments/test/group_vars/all.yml
@@ -73,8 +73,8 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address
 # For multi masters architecture:
 # kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
 # This domain name will be inserted into the /etc/hosts file of all servers
-# configurationexample with haproxy :
+# configuration example with haproxy :
-# lissten kubernetes-apiserver-https
+# listen kubernetes-apiserver-https
 #   bind 10.99.0.21:8383
 #    option ssl-hello-chk
 #    mode tcp
@@ -83,4 +83,4 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address
 #    server master1 10.99.0.26:443
 #    server master2 10.99.0.27:443
 #    balance roundrobin
-apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
+# apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
--- a/environments/test/group_vars/new-york.yml
+++ b/environments/test/group_vars/new-york.yml
---
+#---
-peers:
+#peers:
-  -router_id: "10.99.0.34"
+#  -router_id: "10.99.0.34"
-   as: "65xxx"
+#   as: "65xxx"
-  - router_id: "10.99.0.35"
+#  - router_id: "10.99.0.35"
-   as: "65xxx"
+#   as: "65xxx"
+#
-loadbalancer_apiserver:
+#loadbalancer_apiserver:
-  address: "10.99.0.44"
+#  address: "10.99.0.44"
-  port: "8383"
+#  port: "8383"
--- a/environments/test/group_vars/paris.yml
+++ b/environments/test/group_vars/paris.yml
---
+#---
-peers:
+#peers:
-  -router_id: "10.99.0.2"
+#  -router_id: "10.99.0.2"
-   as: "65xxx"
+#   as: "65xxx"
-  - router_id: "10.99.0.3"
+#  - router_id: "10.99.0.3"
-   as: "65xxx"
+#   as: "65xxx"
+#
-loadbalancer_apiserver:
+#loadbalancer_apiserver:
-  address: "10.99.0.21"
+#  address: "10.99.0.21"
-  port: "8383"
+#  port: "8383"
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -14,7 +14,7 @@
    regexp: ".*{{ apiserver_loadbalancer_domain_name }}$"
    line: "{{ loadbalancer_apiserver.address }} lb-apiserver.kubernetes.local"
    state: present
-  when: loadbalancer_apiserver is defined
+  when: loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined
 - name: clean hosts file
  lineinfile:

--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -15,7 +15,7 @@ spec:
 {% if inventory_hostname in groups['kube-master'] %}
    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
 {% else %}
-{%   if loadbalancer_apiserver.address is defined | default('') %}
+{%   if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
    - --master=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}
 {%   else %}
    - --master=https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}

--- a/roles/kubernetes/node/templates/openssl.conf.j2
+++ b/roles/kubernetes/node/templates/openssl.conf.j2
@@ -10,7 +10,9 @@ subjectAltName = @alt_names
 DNS.1 = kubernetes
 DNS.2 = kubernetes.default
 DNS.3 = kubernetes.default.svc.{{ dns_domain }}
+{% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
 DNS.4 = {{ apiserver_loadbalancer_domain_name }}
+{% endif %}
 {% for host in groups['kube-master'] %}
 IP.{{ loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
 {% endfor %}