Merge branch 'master' into add_set_remote_user

859f6322 · Antoine Legrand · f68d8f37 · 815c5fa4 · d6df09a8 · b5015aed
Commit 859f6322 authored 9 years ago by Antoine Legrand
--- a/k8s-kubedns @ d6df09a8
+++ b/k8s-kubedns @ d6df09a8
-Subproject commit b5015aed8ff5eed9c325911205cfbb23ad0e57be
+Subproject commit d6df09a89721d98e2969a8abf29b4eb5e787fca6
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -32,7 +32,6 @@
  file:
    path: /etc/dnsmasq.d
    state: directory
-  when: inventory_hostname in groups['kube-master']

 - name: Write dnsmasq configuration
  template:
@@ -40,17 +39,14 @@
    dest: /etc/dnsmasq.d/01-kube-dns.conf
    mode: 755
    backup: yes
-  when: inventory_hostname in groups['kube-master']

 - name: Create dnsmasq pod manifest
  template: src=dnsmasq-pod.yml dest=/etc/kubernetes/manifests/dnsmasq-pod.manifest
-  when: inventory_hostname in groups['kube-master']

 - name: Check for dnsmasq port (pulling image and running container)
  wait_for:
    port: 53
    delay: 5
-  when: inventory_hostname in groups['kube-master']

 - name: check resolvconf
  stat: path=/etc/resolvconf/resolv.conf.d/head
@@ -63,22 +59,34 @@

 - name: Add search resolv.conf
  lineinfile:
-    line: search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
+    line: "search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}"
    dest: "{{resolvconffile}}"
    state: present
    insertbefore: BOF
    backup: yes
    follow: yes

- name: Add all masters as nameserver
+- name: Add local dnsmasq to resolv.conf
  lineinfile:
-    line: nameserver {{ hostvars[item]['ansible_default_ipv4']['address'] }}
+    line: "nameserver 127.0.0.1"
    dest: "{{resolvconffile}}"
    state: present
    insertafter: "^search.*$"
    backup: yes
    follow: yes
-  with_items: groups['kube-master']
+
+- name: Add options to resolv.conf
+  lineinfile:
+    line: options {{ item }}
+    dest: "{{resolvconffile}}"
+    state: present
+    regexp: "^options.*{{ item }}$"
+    insertafter: EOF
+    backup: yes
+    follow: yes
+  with_items:
+    - timeout:2
+    - attempts:2

 - name: disable resolv.conf modification by dhclient
  copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate mode=u+x backup=yes

--- a/roles/dnsmasq/templates/01-kube-dns.conf.j2
+++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2
-#Listen on all interfaces
-interface=*
+#Listen on localhost
+bind-interfaces
+listen-address=127.0.0.1

 addn-hosts=/etc/hosts


--- a/roles/kubernetes/node/tasks/secrets.yml
+++ b/roles/kubernetes/node/tasks/secrets.yml
@@ -14,7 +14,6 @@
    group={{ kube_cert_group }}

 - include: gen_certs.yml
-  run_once: true
  when: inventory_hostname == groups['kube-master'][0]

 - include: gen_tokens.yml

--- a/roles/network_plugin/handlers/main.yml
+++ b/roles/network_plugin/handlers/main.yml
@@ -10,6 +10,7 @@
  notify:
    - reload systemd
    - restart docker
+    - restart kubelet

 - name: delete default docker bridge
  command: ip link delete docker0
@@ -28,3 +29,8 @@
  service:
    name: docker
    state: restarted
+
+- name: restart kubelet
+  service:
+    name: kubelet
+    state: restarted