diff --git a/.gitmodules b/.gitmodules
index c5638a401065d277a036edd3b2758a78ca1ce111..594915b402ac9c0d88a6c80fdc0a0bbe12e860e0 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,43 +1,43 @@
[submodule "roles/apps/k8s-kube-ui"]
- path = roles/apps/k8s-kube-ui
- url = https://github.com/ansibl8s/k8s-kube-ui.git
- branch = v1.0
+ path = roles/apps/k8s-kube-ui
+ url = https://github.com/ansibl8s/k8s-kube-ui.git
+ branch = v1.0
[submodule "roles/apps/k8s-kubedns"]
- path = roles/apps/k8s-kubedns
- url = https://github.com/ansibl8s/k8s-kubedns.git
- branch = v1.0
+ path = roles/apps/k8s-kubedns
+ url = https://github.com/ansibl8s/k8s-kubedns.git
+ branch = v1.0
[submodule "roles/apps/k8s-common"]
- path = roles/apps/k8s-common
- url = https://github.com/ansibl8s/k8s-common.git
- branch = v1.0
+ path = roles/apps/k8s-common
+ url = https://github.com/ansibl8s/k8s-common.git
+ branch = v1.0
[submodule "roles/apps/k8s-redis"]
- path = roles/apps/k8s-redis
- url = https://github.com/ansibl8s/k8s-redis.git
- branch = v1.0
+ path = roles/apps/k8s-redis
+ url = https://github.com/ansibl8s/k8s-redis.git
+ branch = v1.0
[submodule "roles/apps/k8s-elasticsearch"]
- path = roles/apps/k8s-elasticsearch
- url = https://github.com/ansibl8s/k8s-elasticsearch.git
+ path = roles/apps/k8s-elasticsearch
+ url = https://github.com/ansibl8s/k8s-elasticsearch.git
[submodule "roles/apps/k8s-fabric8"]
- path = roles/apps/k8s-fabric8
- url = https://github.com/ansibl8s/k8s-fabric8.git
- branch = v1.0
+ path = roles/apps/k8s-fabric8
+ url = https://github.com/ansibl8s/k8s-fabric8.git
+ branch = v1.0
[submodule "roles/apps/k8s-memcached"]
- path = roles/apps/k8s-memcached
- url = https://github.com/ansibl8s/k8s-memcached.git
- branch = v1.0
+ path = roles/apps/k8s-memcached
+ url = https://github.com/ansibl8s/k8s-memcached.git
+ branch = v1.0
[submodule "roles/apps/k8s-postgres"]
- path = roles/apps/k8s-postgres
- url = https://github.com/ansibl8s/k8s-postgres.git
- branch = v1.0
+ path = roles/apps/k8s-postgres
+ url = https://github.com/ansibl8s/k8s-postgres.git
+ branch = v1.0
[submodule "roles/apps/k8s-kubedash"]
- path = roles/apps/k8s-kubedash
- url = https://github.com/ansibl8s/k8s-kubedash.git
+ path = roles/apps/k8s-kubedash
+ url = https://github.com/ansibl8s/k8s-kubedash.git
[submodule "roles/apps/k8s-heapster"]
- path = roles/apps/k8s-heapster
- url = https://github.com/ansibl8s/k8s-heapster.git
+ path = roles/apps/k8s-heapster
+ url = https://github.com/ansibl8s/k8s-heapster.git
[submodule "roles/apps/k8s-influxdb"]
- path = roles/apps/k8s-influxdb
- url = https://github.com/ansibl8s/k8s-influxdb.git
+ path = roles/apps/k8s-influxdb
+ url = https://github.com/ansibl8s/k8s-influxdb.git
[submodule "roles/apps/k8s-kube-logstash"]
path = roles/apps/k8s-kube-logstash
url = https://github.com/ansibl8s/k8s-kube-logstash.git
@@ -47,3 +47,6 @@
[submodule "roles/apps/k8s-rabbitmq"]
path = roles/apps/k8s-rabbitmq
url = https://github.com/ansibl8s/k8s-rabbitmq.git
+[submodule "roles/apps/k8s-pgbouncer"]
+ path = roles/apps/k8s-pgbouncer
+ url = https://github.com/ansibl8s/k8s-pgbouncer.git
diff --git a/README.md b/README.md
index a18eae22a580c5b52a4ca92cec3ecae0e1b8e91b..78494424bbb05e5270dce7ca686cc72e97303a57 100644
--- a/README.md
+++ b/README.md
@@ -8,10 +8,14 @@ This project allows to
- A **set of roles** in order to install applications over the k8s cluster
- A **flexible method** which helps to create new roles for apps.
+Linux distributions tested:
+* **Debian** Wheezy, Jessie
+* **Ubuntu** 14.10, 15.04, 15.10
+* **Fedora** 23
+* **CentOS** 7 (Currently with flannel only)
+
### Requirements
-Tested on **Debian Wheezy/Jessie** and **Ubuntu** (14.10, 15.04, 15.10).
-Should work on **RedHat/Fedora/Centos** platforms (to be tested)
-* The target servers must have access to the Internet in order to pull docker imaqes.
+* The target servers must have **access to the Internet** in order to pull docker imaqes.
* The firewalls are not managed, you'll need to implement your own rules the way you used to.
in order to avoid any issue during deployment you should **disable your firewall**
* **Copy your ssh keys** to all the servers part of your inventory.
@@ -272,6 +276,53 @@ calicoctl pool show
```
calicoctl endpoint show --detail
```
+
#### Flannel networking
+* Flannel configuration file should have been created there
+```
+cat /run/flannel/subnet.env
+FLANNEL_NETWORK=10.233.0.0/18
+FLANNEL_SUBNET=10.233.16.1/24
+FLANNEL_MTU=1450
+FLANNEL_IPMASQ=false
+```
+
+* Check if the network interface has been created
+```
+ip a show dev flannel.1
+4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default
+ link/ether e2:f3:a7:0f:bf:cb brd ff:ff:ff:ff:ff:ff
+ inet 10.233.16.0/18 scope global flannel.1
+ valid_lft forever preferred_lft forever
+ inet6 fe80::e0f3:a7ff:fe0f:bfcb/64 scope link
+ valid_lft forever preferred_lft forever
+```
+
+* Docker must be configured with a bridge ip in the flannel subnet.
+```
+ps aux | grep docker
+root 20196 1.7 2.7 1260616 56840 ? Ssl 10:18 0:07 /usr/bin/docker daemon --bip=10.233.16.1/24 --mtu=1450
+```
+
+* Try to run a container and check its ip address
+```
+kubectl run test --image=busybox --command -- tail -f /dev/null
+replicationcontroller "test" created
+
+kubectl describe po test-34ozs | grep ^IP
+IP: 10.233.16.2
+```
+
+```
+kubectl exec test-34ozs -- ip a show dev eth0
+8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
+ link/ether 02:42:0a:e9:2b:03 brd ff:ff:ff:ff:ff:ff
+ inet 10.233.16.2/24 scope global eth0
+ valid_lft forever preferred_lft forever
+ inet6 fe80::42:aff:fee9:2b03/64 scope link tentative flags 08
+ valid_lft forever preferred_lft forever
+```
+
+
Congrats ! now you can walk through [kubernetes basics](http://kubernetes.io/v1.1/basicstutorials.html)
diff --git a/roles/apps/k8s-pgbouncer b/roles/apps/k8s-pgbouncer
new file mode 160000
index 0000000000000000000000000000000000000000..61c41e80e3da8938c7896c07822c19c060be4491
--- /dev/null
+++ b/roles/apps/k8s-pgbouncer
@@ -0,0 +1 @@
+Subproject commit 61c41e80e3da8938c7896c07822c19c060be4491
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index b9f8341a6a63c89131ffd5c7f62cf96f99a00cd0..f8b9fa197cf9acee66ea77a09720db43dbad77c6 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -34,7 +34,7 @@
state: directory
when: inventory_hostname in groups['kube-master']
-- name: configure dnsmasq
+- name: Write dnsmasq configuration
template:
src: 01-kube-dns.conf.j2
dest: /etc/dnsmasq.d/01-kube-dns.conf
@@ -42,15 +42,14 @@
backup: yes
when: inventory_hostname in groups['kube-master']
-- name: create dnsmasq pod template
+- name: Create dnsmasq pod manifest
template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
when: inventory_hostname in groups['kube-master']
-- name: Check for dnsmasq port
+- name: Check for dnsmasq port (pulling image and running container)
wait_for:
port: 53
delay: 5
- timeout: 100
when: inventory_hostname in groups['kube-master']
- name: check resolvconf
@@ -67,7 +66,7 @@
line: search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
dest: "{{resolvconffile}}"
state: present
- insertafter: EOF
+ insertbefore: BOF
backup: yes
follow: yes
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index bf268cf934d28e4b51a4ec9fedf4cae9a533e03b..08c5f0e2534452d35c176e55c8b61b0947ed9714 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -20,14 +20,6 @@
{{ ansible_distribution }}-{{ ansible_distribution_version }}
when: ansible_kernel|version_compare(docker_kernel_min_version, "<")
-- name: ensure docker requirements packages are installed
- action: "{{ docker_package_info.pkg_mgr }}"
- args:
- name: "{{item}}"
- state: latest
- update_cache: yes
- with_items: docker_package_info.pre_pkgs
- when: docker_package_info.pre_pkgs|length > 0
- name: ensure docker repository public key is installed
action: "{{ docker_repo_key_info.pkg_key }}"
diff --git a/roles/docker/vars/centos-6.yml b/roles/docker/vars/centos-6.yml
index a95320f449b29dd4391be0ddbd9af6e824b378d6..b657b386d7346c959a347c6469a8c05896723e78 100644
--- a/roles/docker/vars/centos-6.yml
+++ b/roles/docker/vars/centos-6.yml
@@ -2,10 +2,6 @@ docker_kernel_min_version: '2.6.32-431'
docker_package_info:
pkg_mgr: yum
- pre_pkgs:
- - epel-release
- - curl
- - device-mapper-libs
pkgs:
- docker-io
diff --git a/roles/docker/vars/debian.yml b/roles/docker/vars/debian.yml
index 6140f47d32144aafac87a913b23e29ce5fb1d61e..f97dd9116d0e71da08eb99d23aa15b49d50d4a7c 100644
--- a/roles/docker/vars/debian.yml
+++ b/roles/docker/vars/debian.yml
@@ -2,10 +2,6 @@ docker_kernel_min_version: '3.2'
docker_package_info:
pkg_mgr: apt
- pre_pkgs:
- - apt-transport-https
- - curl
- - software-properties-common
pkgs:
- docker-engine
diff --git a/roles/docker/vars/fedora-20.yml b/roles/docker/vars/fedora-20.yml
index 1c89e4b9569bd1dcd972619ec4b14daa9028a588..87fdcccd89527fb9eaee478bda914ab11787a39e 100644
--- a/roles/docker/vars/fedora-20.yml
+++ b/roles/docker/vars/fedora-20.yml
@@ -2,8 +2,6 @@ docker_kernel_min_version: '0'
docker_package_info:
pkg_mgr: yum
- pre_pkgs:
- - curl
pkgs:
- docker-io
diff --git a/roles/docker/vars/fedora.yml b/roles/docker/vars/fedora.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c40c1097365216fccb435d41e3c4f930642490e0
--- /dev/null
+++ b/roles/docker/vars/fedora.yml
@@ -0,0 +1,14 @@
+docker_kernel_min_version: '0'
+
+docker_package_info:
+ pkg_mgr: dnf
+ pkgs:
+ - docker-io
+
+docker_repo_key_info:
+ pkg_key: ''
+ repo_keys: []
+
+docker_repo_info:
+ pkg_repo: ''
+ repos: []
diff --git a/roles/docker/vars/redhat.yml b/roles/docker/vars/redhat.yml
index 9d0dd2c49671f10fb42a169c20de3d0e1102f088..24018dedf4c51e2c66974b354fa48085a16f10b4 100644
--- a/roles/docker/vars/redhat.yml
+++ b/roles/docker/vars/redhat.yml
@@ -2,8 +2,6 @@ docker_kernel_min_version: '0'
docker_package_info:
pkg_mgr: yum
- pre_pkgs:
- - curl
pkgs:
- docker
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 5ba5104fdbf0aaca798b23ea2c41f0db6fbbd348..5181f0783a6ad41c4389e6eb4e814d91e2edded1 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -1,7 +1,6 @@
---
local_release_dir: /tmp
-flannel_version: 0.5.5
calico_version: v0.13.0
calico_plugin_version: v0.7.0
kube_version: v1.1.3
@@ -11,8 +10,6 @@ kubelet_checksum: "62191c66f2d670dd52ddf1d88ef81048977abf1ffaa95ee6333299447eb6a
kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
-flannel_download_url: "https://github.com/coreos/flannel/releases/download/v{{ flannel_version }}/flannel-{{ flannel_version }}-linux-amd64.tar.gz"
-
calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
calico_plugin_download_url: "https://github.com/projectcalico/calico-kubernetes/releases/download/{{calico_plugin_version}}/calico_kubernetes"
@@ -26,11 +23,6 @@ downloads:
dest: calico/bin/calico
url: "{{calico_plugin_download_url}}"
- - name: flannel
- dest: flannel/flannel-{{ flannel_version }}-linux-amd64.tar.gz
- url: "{{flannel_download_url}}"
- unarchive: yes
-
- name: kubernetes-kubelet
dest: kubernetes/bin/kubelet
sha256: "{{kubelet_checksum}}"
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 3a2902a1f9b457f7389b2b4241cc26fca5740910..7a9fd3fcd5a2a3839e0664a390eef4be7a1b765b 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -1,13 +1,12 @@
---
-- name: ETCD2 | Stop etcd2 service
+- name: Stop etcd2 service
service: name=etcd state=stopped
ignore_errors: yes
-- name: ETCD2 | create etcd pod template
+- name: Create etcd pod manifest
template: src=etcd-pod.yml dest=/etc/kubernetes/manifests/etcd-pod.manifest
-- name: ETCD2 | Check for etcd2 port
+- name: Check for etcd2 port (pulling image and running container)
wait_for:
port: 2379
delay: 5
- timeout: 100
diff --git a/roles/kubernetes/master/files/kubectl_bash_completion.sh b/roles/kubernetes/master/files/kubectl_bash_completion.sh
index f6d0f25b51bc2e5ffc2d3ed312c21e1158704484..bf378a5e0367395f0872130dc255ffb3dd124414 100644
--- a/roles/kubernetes/master/files/kubectl_bash_completion.sh
+++ b/roles/kubernetes/master/files/kubectl_bash_completion.sh
@@ -265,6 +265,7 @@ _kubectl_get()
flags_completion=()
flags+=("--all-namespaces")
+ flags+=("--export")
flags+=("--filename=")
flags_with_completion+=("--filename")
flags_completion+=("__handle_filename_extension_flag json|yaml|yml")
@@ -401,10 +402,204 @@ _kubectl_describe()
must_have_one_noun+=("serviceaccount")
}
+_kubectl_create_namespace()
+{
+ last_command="kubectl_create_namespace"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--dry-run")
+ flags+=("--generator=")
+ flags+=("--output=")
+ two_word_flags+=("-o")
+ flags+=("--output-version=")
+ flags+=("--save-config")
+ flags+=("--schema-cache-dir=")
+ flags+=("--validate")
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
+_kubectl_create_secret_docker-registry()
+{
+ last_command="kubectl_create_secret_docker-registry"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--docker-email=")
+ flags+=("--docker-password=")
+ flags+=("--docker-server=")
+ flags+=("--docker-username=")
+ flags+=("--dry-run")
+ flags+=("--generator=")
+ flags+=("--output=")
+ two_word_flags+=("-o")
+ flags+=("--output-version=")
+ flags+=("--save-config")
+ flags+=("--schema-cache-dir=")
+ flags+=("--validate")
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_flag+=("--docker-email=")
+ must_have_one_flag+=("--docker-password=")
+ must_have_one_flag+=("--docker-username=")
+ must_have_one_noun=()
+}
+
+_kubectl_create_secret_generic()
+{
+ last_command="kubectl_create_secret_generic"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--dry-run")
+ flags+=("--from-file=")
+ flags+=("--from-literal=")
+ flags+=("--generator=")
+ flags+=("--output=")
+ two_word_flags+=("-o")
+ flags+=("--output-version=")
+ flags+=("--save-config")
+ flags+=("--schema-cache-dir=")
+ flags+=("--type=")
+ flags+=("--validate")
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
+_kubectl_create_secret()
+{
+ last_command="kubectl_create_secret"
+ commands=()
+ commands+=("docker-registry")
+ commands+=("generic")
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
_kubectl_create()
{
last_command="kubectl_create"
commands=()
+ commands+=("namespace")
+ commands+=("secret")
flags=()
two_word_flags=()
@@ -945,6 +1140,125 @@ _kubectl_scale()
must_have_one_noun=()
}
+_kubectl_cordon()
+{
+ last_command="kubectl_cordon"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
+_kubectl_drain()
+{
+ last_command="kubectl_drain"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--force")
+ flags+=("--grace-period=")
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
+_kubectl_uncordon()
+{
+ last_command="kubectl_uncordon"
+ commands=()
+
+ flags=()
+ two_word_flags=()
+ flags_with_completion=()
+ flags_completion=()
+
+ flags+=("--alsologtostderr")
+ flags+=("--api-version=")
+ flags+=("--certificate-authority=")
+ flags+=("--client-certificate=")
+ flags+=("--client-key=")
+ flags+=("--cluster=")
+ flags+=("--context=")
+ flags+=("--insecure-skip-tls-verify")
+ flags+=("--kubeconfig=")
+ flags+=("--log-backtrace-at=")
+ flags+=("--log-dir=")
+ flags+=("--log-flush-frequency=")
+ flags+=("--logtostderr")
+ flags+=("--match-server-version")
+ flags+=("--namespace=")
+ flags+=("--password=")
+ flags+=("--server=")
+ two_word_flags+=("-s")
+ flags+=("--stderrthreshold=")
+ flags+=("--token=")
+ flags+=("--user=")
+ flags+=("--username=")
+ flags+=("--v=")
+ flags+=("--vmodule=")
+
+ must_have_one_flag=()
+ must_have_one_noun=()
+}
+
_kubectl_attach()
{
last_command="kubectl_attach"
@@ -1164,6 +1478,7 @@ _kubectl_run()
two_word_flags+=("-r")
flags+=("--requests=")
flags+=("--restart=")
+ flags+=("--rm")
flags+=("--save-config")
flags+=("--service-generator=")
flags+=("--service-overrides=")
@@ -2045,6 +2360,9 @@ _kubectl()
commands+=("logs")
commands+=("rolling-update")
commands+=("scale")
+ commands+=("cordon")
+ commands+=("drain")
+ commands+=("uncordon")
commands+=("attach")
commands+=("exec")
commands+=("port-forward")
diff --git a/roles/kubernetes/node/handlers/main.yml b/roles/kubernetes/node/handlers/main.yml
index 22af4890166906a73e02ef65f4dfda63d9ca75e0..268715e59d8fb71c307c95c9570318a3d9957636 100644
--- a/roles/kubernetes/node/handlers/main.yml
+++ b/roles/kubernetes/node/handlers/main.yml
@@ -1,13 +1,13 @@
---
-- name: reload systemd
- command: systemctl daemon-reload
-
- name: restart systemd-kubelet
command: /bin/true
notify:
- reload systemd
- restart kubelet
+- name: reload systemd
+ command: systemctl daemon-reload
+
- name: restart kubelet
service:
name: kubelet
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index 339e25a7444ec8b578bf0f00a2ff891ca8e30006..6fd5b1e921633fb4ad03fdb38cab784905e0bb97 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -46,3 +46,4 @@
- name: install | Perms calico plugin binary
file: path=/usr/libexec/kubernetes/kubelet-plugins/net/exec/calico/calico owner=kube mode=0755 state=file
+ when: kube_network_plugin == "calico"
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 4b2e6e36fa05e23966cebbed2d9280caaff96edc..3e503a246b9fee2cb280d4a2178a93df54f218d4 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -3,13 +3,7 @@ common_required_pkgs:
- python-httplib2
- openssl
- curl
-
-debian_required_pkgs:
- - python-apt
- - python-pip
-
-rh_required_pkgs:
- - libselinux-python
+ - rsync
pypy_version: 2.4.0
python_pypy_url: "https://bitbucket.org/pypy/pypy/downloads/pypy-{{ pypy_version }}.tar.bz2"
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index d4ff74d523af6bbca062a5c04e0abf03f47062a0..cc1cc092f717cf7a8986cede9da527b3b128be58 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -1,4 +1,17 @@
---
+- name: gather os specific variables
+ include_vars: "{{ item }}"
+ with_first_found:
+ - files:
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+ - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+ - "{{ ansible_distribution|lower }}.yml"
+ - "{{ ansible_os_family|lower }}.yml"
+ - defaults.yml
+ paths:
+ - ../vars
+
- name: "Identify init system"
shell: >
$(pgrep systemd > /dev/null && systemctl status > /dev/null);
@@ -14,27 +27,29 @@
- set_fact:
init_system: "{{ init_system_output.stdout }}"
-- name: Install packages requirements
- action:
- module: "{{ ansible_pkg_mgr }}"
- name: "{{ item }}"
- state: latest
- with_items: common_required_pkgs
-
-- name: Install debian packages requirements
- apt:
- name: "{{ item }}"
- state: latest
+- name: Install python-apt for Debian distribs
+ shell: apt-get install -y python-apt
when: ansible_os_family == "Debian"
- with_items: debian_required_pkgs
+ changed_when: False
+
+- name: Install python-dnf for latest RedHat versions
+ shell: dnf install -y python-dnf yum
+ when: ansible_distribution == "Fedora" and
+ ansible_distribution_major_version > 21
+ changed_when: False
-- name: Install redhat packages requirements
+- name: Install packages requirements
action:
module: "{{ ansible_pkg_mgr }}"
name: "{{ item }}"
state: latest
+ with_items: "{{required_pkgs | union(common_required_pkgs)}}"
+
+# Todo : selinux configuration
+- name: Set selinux policy to permissive
+ selinux: policy=targeted state=permissive
when: ansible_os_family == "RedHat"
- with_items: rh_required_pkgs
+ changed_when: False
- include: python-bootstrap.yml
when: ansible_os_family not in [ "Debian", "RedHat" ]
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a42e8b5804f096905e3d15aff805386fa3a42a29
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -0,0 +1,4 @@
+required_pkgs:
+ - epel-release
+ - libselinux-python
+ - device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5b77dd75cd1b6f1e9a7ef05a63b3ea17094073e3
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -0,0 +1,4 @@
+required_pkgs:
+ - python-apt
+ - apt-transport-https
+ - software-properties-common
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c1be4b9b353bcd478302b47dbaab426213804ef2
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -0,0 +1,3 @@
+required_pkgs:
+ - libselinux-python
+ - device-mapper-libs
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c1be4b9b353bcd478302b47dbaab426213804ef2
--- /dev/null
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -0,0 +1,3 @@
+required_pkgs:
+ - libselinux-python
+ - device-mapper-libs
diff --git a/roles/network_plugin/handlers/main.yml b/roles/network_plugin/handlers/main.yml
index d692e7d79124eaa851ad3c4eed6311e7d4ec790b..a62817981cbc46f5cfeaf66ba7850ae447124d6d 100644
--- a/roles/network_plugin/handlers/main.yml
+++ b/roles/network_plugin/handlers/main.yml
@@ -1,36 +1,30 @@
---
-- name : reload systemd
- shell: systemctl daemon-reload
-
- name: restart systemd-calico-node
command: /bin/true
notify:
- reload systemd
- restart calico-node
-- name: restart calico-node
- service:
- name: calico-node
- state: restarted
-
-- name: restart docker
- service: name=docker state=restarted
-
-- name: restart flannel
- service: name=flannel state=restarted
+- name: restart systemd-docker
+ command: /bin/true
notify:
- reload systemd
- - stop docker
- - delete docker0
- - start docker
- when: inventory_hostname in groups['kube-node']
-
-- name: stop docker
- service: name=docker state=stopped
+ - restart docker
-- name: delete docker0
+- name: delete default docker bridge
command: ip link delete docker0
ignore_errors: yes
+ notify: restart docker
-- name: start docker
- service: name=docker state=started
+- name : reload systemd
+ shell: systemctl daemon-reload
+
+- name: restart calico-node
+ service:
+ name: calico-node
+ state: restarted
+
+- name: restart docker
+ service:
+ name: docker
+ state: restarted
diff --git a/roles/network_plugin/tasks/calico.yml b/roles/network_plugin/tasks/calico.yml
index 055df85e8444b98b6bec6fc9322e461fc60da168..b7b53a2e16cce4fdc7c83ddace29b426dc33f242 100644
--- a/roles/network_plugin/tasks/calico.yml
+++ b/roles/network_plugin/tasks/calico.yml
@@ -1,5 +1,4 @@
---
-
- name: Calico | Install calicoctl bin
synchronize:
src: "{{ local_release_dir }}/calico/bin/calicoctl"
@@ -18,6 +17,10 @@
dest: /usr/bin/calicoctl
state: link
+- wait_for:
+ port: 2379
+ when: inventory_hostname in groups['kube-master']
+
- name: Calico | Check if calico network pool has already been configured
uri:
url: "http://127.0.0.1:2379/v2/keys/calico/v1/ipam/v4/pool"
@@ -71,3 +74,16 @@
- name: Calico | Enable calico-node
service: name=calico-node enabled=yes state=started
+
+- name: Calico | Disable node mesh
+ shell: calicoctl bgp node-mesh off
+ environment:
+ ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
+ when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
+
+- name: Calico | Configure peering with router(s)
+ shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
+ environment:
+ ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
+ with_items: peers
+ when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
diff --git a/roles/network_plugin/tasks/flannel.yml b/roles/network_plugin/tasks/flannel.yml
index 1585d378a625ed27b154f0f8dfb5dbe0a9a02542..e0b3391aaa6341b64aa9ba43c4f41c355e5a02b2 100644
--- a/roles/network_plugin/tasks/flannel.yml
+++ b/roles/network_plugin/tasks/flannel.yml
@@ -1,57 +1,34 @@
---
-- name: Create flannel user
- user: name=flannel shell=/bin/nologin
-
-- name: Install flannel binaries
- synchronize:
- src: "{{ local_release_dir }}/flannel/bin/flanneld"
- dest: "{{ bin_dir }}/flanneld"
- archive: no
- times: yes
- delegate_to: "{{ groups['downloader'][0] }}"
- notify:
- - restart flannel
-
-- name: Perms flannel binary
- file: path={{ bin_dir }}/flanneld owner=flannel mode=0755 state=file
-
-- name: Write flannel.service systemd file
+- name: Flannel | Write flannel configuration
template:
- src: flannel/systemd-flannel.service.j2
- dest: /etc/systemd/system/flannel.service
- notify: restart flannel
+ src: flannel/network.json
+ dest: /etc/flannel-network.json
+ backup: yes
+ when: inventory_hostname in groups['kube-node']
-- name: Write docker.service systemd file
+- name: Flannel | Create flannel pod manifest
template:
- src: flannel/systemd-docker.service.j2
- dest: /lib/systemd/system/docker.service
- notify: restart docker
-
-- name: Set fact for ectcd command conf file location
- set_fact:
- conf_file: "/tmp/flannel-conf.json"
- run_once: true
- delegate_to: "{{ groups['kube-master'][0] }}"
-
-- name: Create flannel config file to go in etcd
- template: src=flannel/flannel-conf.json.j2 dest={{ conf_file }}
- run_once: true
- delegate_to: "{{ groups['kube-master'][0] }}"
-
-- name: Flannel configuration into etcd
- shell: "{{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config < {{ conf_file }}"
- delegate_to: "{{ groups['kube-master'][0] }}"
- notify: restart flannel
-
-- name: Clean up the flannel config file
- file: path=/tmp/flannel-config.json state=absent
- run_once: true
- delegate_to: "{{ groups['kube-master'][0] }}"
-
-- name: Launch Flannel
- service: name=flannel state=started enabled=yes
- notify:
- - restart flannel
-
-- name: Enable Docker
- service: name=docker enabled=yes state=started
+ src: flannel/flannel-pod.yml
+ dest: /etc/kubernetes/manifests/flannel-pod.manifest
+ notify: delete default docker bridge
+
+- name: Flannel | Wait for flannel subnet.env file presence
+ wait_for:
+ path: /run/flannel/subnet.env
+ delay: 5
+
+- name: Get flannel_subnet from subnet.env
+ shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_SUBNET" {print $2}'
+ register: flannel_subnet_output
+ changed_when: false
+
+- set_fact:
+ flannel_subnet: "{{ flannel_subnet_output.stdout }}"
+
+- name: Get flannel_mtu from subnet.env
+ shell: cat /run/flannel/subnet.env | awk -F'=' '$1 == "FLANNEL_MTU" {print $2}'
+ register: flannel_mtu_output
+ changed_when: false
+
+- set_fact:
+ flannel_mtu: "{{ flannel_mtu_output.stdout }}"
diff --git a/roles/network_plugin/tasks/main.yml b/roles/network_plugin/tasks/main.yml
index 16a80e09661f803cd35e3f639b21c1cfd30db812..6aa1c2e48e8ee9b25187abe7d4dbb65dac35a138 100644
--- a/roles/network_plugin/tasks/main.yml
+++ b/roles/network_plugin/tasks/main.yml
@@ -7,7 +7,24 @@
- include: flannel.yml
when: kube_network_plugin == "flannel"
-- include: calico.yml
- when: kube_network_plugin == "calico"
+- name: Set docker daemon options
+ template:
+ src: docker
+ dest: "/etc/default/docker"
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - restart docker
+
+- name: Write docker.service systemd file
+ template:
+ src: systemd-docker.service
+ dest: /lib/systemd/system/docker.service
+ notify: restart systemd-docker
+ when: init_system == "systemd"
- meta: flush_handlers
+
+- include: calico.yml
+ when: kube_network_plugin == "calico"
diff --git a/roles/network_plugin/templates/docker b/roles/network_plugin/templates/docker
new file mode 100644
index 0000000000000000000000000000000000000000..eefd150e1b1cd7093d82c71cb31f6a5851b0ee5b
--- /dev/null
+++ b/roles/network_plugin/templates/docker
@@ -0,0 +1,6 @@
+# Deployed by Ansible
+{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
+DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" %}
+OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% endif %}
diff --git a/roles/network_plugin/templates/flannel/flannel-pod.yml b/roles/network_plugin/templates/flannel/flannel-pod.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8306c91bbc5fc133bd9e2b19434f4625d6fcde00
--- /dev/null
+++ b/roles/network_plugin/templates/flannel/flannel-pod.yml
@@ -0,0 +1,46 @@
+---
+ kind: "Pod"
+ apiVersion: "v1"
+ metadata:
+ name: "flannel"
+ namespace: "kube-system"
+ labels:
+ app: "flannel"
+ version: "v0.1"
+ spec:
+ volumes:
+ - name: "subnetenv"
+ hostPath:
+ path: "/run/flannel"
+ - name: "networkconfig"
+ hostPath:
+ path: "/etc/flannel-network.json"
+ containers:
+ - name: "flannel-server-helper"
+ image: "gcr.io/google_containers/flannel-server-helper:0.1"
+ args:
+ - "--network-config=/etc/flannel-network.json"
+ - "--etcd-prefix=/{{ cluster_name }}/network"
+ - "--etcd-server=http://{{ groups['etcd'][0] }}:2379"
+ volumeMounts:
+ - name: "networkconfig"
+ mountPath: "/etc/flannel-network.json"
+ imagePullPolicy: "Always"
+ - name: "flannel-container"
+ image: "quay.io/coreos/flannel:0.5.5"
+ command:
+ - "/bin/sh"
+ - "-c"
+ - "/opt/bin/flanneld -etcd-endpoints {% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %} -etcd-prefix /{{ cluster_name }}/network 1>>/var/log/flannel_server.log 2>&1"
+ ports:
+ - hostPort: 10253
+ containerPort: 10253
+ resources:
+ limits:
+ cpu: "100m"
+ volumeMounts:
+ - name: "subnetenv"
+ mountPath: "/run/flannel"
+ securityContext:
+ privileged: true
+ hostNetwork: true
diff --git a/roles/network_plugin/templates/flannel/flannel-conf.json.j2 b/roles/network_plugin/templates/flannel/network.json
similarity index 100%
rename from roles/network_plugin/templates/flannel/flannel-conf.json.j2
rename to roles/network_plugin/templates/flannel/network.json
diff --git a/roles/network_plugin/templates/flannel/systemd-docker.service.j2 b/roles/network_plugin/templates/flannel/systemd-docker.service.j2
deleted file mode 100644
index c38a25e62fd4fd8ac4738b2bdd321a44e7e6b8c3..0000000000000000000000000000000000000000
--- a/roles/network_plugin/templates/flannel/systemd-docker.service.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-After=network.target docker.socket flannel.service
-Requires=docker.socket
-
-[Service]
-EnvironmentFile=/run/flannel/subnet.env
-EnvironmentFile=-/etc/default/docker
-ExecStart=/usr/bin/docker -d -H fd:// --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} $DOCKER_OPTS
-MountFlags=slave
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/network_plugin/templates/flannel/systemd-flannel.service.j2 b/roles/network_plugin/templates/flannel/systemd-flannel.service.j2
deleted file mode 100644
index 38ac1c40a6166988bdd1e9324e684473b9649760..0000000000000000000000000000000000000000
--- a/roles/network_plugin/templates/flannel/systemd-flannel.service.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Flannel Network Overlay
-Documentation=https://coreos.com/flannel/docs/latest
-
-[Service]
-EnvironmentFile=/etc/network-environment
-ExecStart={{ bin_dir }}/flanneld \
- $FLANNEL_ETCD_PREFIX
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/network_plugin/templates/systemd-docker.service b/roles/network_plugin/templates/systemd-docker.service
new file mode 100644
index 0000000000000000000000000000000000000000..3275c6e2414b15d3d73326664b998877f2c765c2
--- /dev/null
+++ b/roles/network_plugin/templates/systemd-docker.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Requires=docker.socket
+{% endif %}
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/default/docker
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/docker daemon \
+ $OPTIONS \
+ $DOCKER_STORAGE_OPTIONS \
+ $DOCKER_NETWORK_OPTIONS \
+ $INSECURE_REGISTRY
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+MountFlags=slave
+TimeoutStartSec=1min
+
+[Install]
+WantedBy=multi-user.target