From 97c4edc0286bc41e8978edce41842b556eeb9a63 Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smaine.kahlouch@arkena.com>
Date: Fri, 27 Nov 2015 12:32:31 +0100
Subject: [PATCH] Add api runtime config option, review kubernetes handlers

---
 roles/kubernetes/common/defaults/main.yml     |  6 +++-
 roles/kubernetes/master/handlers/main.yml     | 32 ++++++++++++++++---
 roles/kubernetes/master/tasks/config.yml      |  4 +--
 roles/kubernetes/master/tasks/install.yml     |  8 ++---
 .../kubernetes/master/templates/apiserver.j2  |  3 ++
 .../systemd-init/kube-apiserver.service.j2    |  1 +
 roles/kubernetes/node/handlers/main.yml       | 23 ++++++++++---
 7 files changed, 61 insertions(+), 16 deletions(-)

diff --git a/roles/kubernetes/common/defaults/main.yml b/roles/kubernetes/common/defaults/main.yml
index 367a2c34f..fe8cdeb5b 100644
--- a/roles/kubernetes/common/defaults/main.yml
+++ b/roles/kubernetes/common/defaults/main.yml
@@ -31,10 +31,14 @@ kube_cert_group: kube-cert
 dns_domain: "{{ cluster_name }}"
 
 kube_proxy_mode: iptables
-kube_master_port: 443
+
 # IP address of the DNS server.
 # Kubernetes will create a pod with several containers, serving as the DNS
 # server and expose it under this IP address. The IP address must be from
 # the range specified as kube_service_addresses. This magic will actually
 # pick the 10th ip address in the kube_service_addresses range and use that.
 # dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
+
+# kube_api_runtime_config:
+#   - extensions/v1beta1/daemonsets=true
+#   - extensions/v1beta1/deployments=true
diff --git a/roles/kubernetes/master/handlers/main.yml b/roles/kubernetes/master/handlers/main.yml
index 90cd7d5e8..4e7644b32 100644
--- a/roles/kubernetes/master/handlers/main.yml
+++ b/roles/kubernetes/master/handlers/main.yml
@@ -3,30 +3,54 @@
   command: /bin/true
   notify:
     - reload systemd
-    - restart apiserver
-    - restart controller-manager
-    - restart scheduler
-    - restart proxy
+    - restart reloaded-scheduler
+    - restart reloaded-controller-manager
+    - restart reloaded-apiserver
+    - restart reloaded-proxy
 
 - name: reload systemd
   command: systemctl daemon-reload
 
 - name: restart apiserver
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-apiserver
+
+- name: restart reloaded-apiserver
   service:
     name: kube-apiserver
     state: restarted
 
 - name: restart controller-manager
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-controller-manager
+
+- name: restart reloaded-controller-manager
   service:
     name: kube-controller-manager
     state: restarted
 
 - name: restart scheduler
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-scheduler
+
+- name: restart reloaded-scheduler
   service:
     name: kube-scheduler
     state: restarted
 
 - name: restart proxy
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-proxy
+
+- name: restart reloaded-proxy
   service:
     name: kube-proxy
     state: restarted
diff --git a/roles/kubernetes/master/tasks/config.yml b/roles/kubernetes/master/tasks/config.yml
index 8ba0366d8..5c4daeaa2 100644
--- a/roles/kubernetes/master/tasks/config.yml
+++ b/roles/kubernetes/master/tasks/config.yml
@@ -20,7 +20,7 @@
 - name: write the config files for api server
   template: src=apiserver.j2 dest={{ kube_config_dir }}/apiserver backup=yes
   notify:
-    - restart daemons
+    - restart apiserver
 
 - name: write config file for controller-manager
   template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager backup=yes
@@ -48,7 +48,7 @@
 - name: write the config files for proxy
   template: src=proxy.j2 dest={{ kube_config_dir }}/proxy backup=yes
   notify:
-    - restart daemons
+    - restart proxy
 
 - name: write the kubecfg (auth) file for proxy
   template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig backup=yes
diff --git a/roles/kubernetes/master/tasks/install.yml b/roles/kubernetes/master/tasks/install.yml
index c4ec6baee..92d194515 100644
--- a/roles/kubernetes/master/tasks/install.yml
+++ b/roles/kubernetes/master/tasks/install.yml
@@ -1,19 +1,19 @@
 ---
 - name: Write kube-apiserver systemd init file
   template: src=systemd-init/kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service backup=yes
-  notify: restart daemons
+  notify: restart apiserver
 
 - name: Write kube-controller-manager systemd init file
   template: src=systemd-init/kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service backup=yes
-  notify: restart daemons
+  notify: restart controller-manager
 
 - name: Write kube-scheduler systemd init file
   template: src=systemd-init/kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service backup=yes
-  notify: restart daemons
+  notify: restart scheduler
 
 - name: Write kube-proxy systemd init file
   template: src=systemd-init/kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service backup=yes
-  notify: restart daemons
+  notify: restart proxy
 
 - name: Install kubernetes binaries
   copy:
diff --git a/roles/kubernetes/master/templates/apiserver.j2 b/roles/kubernetes/master/templates/apiserver.j2
index 4a69b1cc9..0a38d5c87 100644
--- a/roles/kubernetes/master/templates/apiserver.j2
+++ b/roles/kubernetes/master/templates/apiserver.j2
@@ -21,5 +21,8 @@ KUBE_ETCD_SERVERS="--etcd_servers={% for node in groups['etcd'] %}http://{{ node
 # default admission control policies
 KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
 
+# RUNTIME API CONFIGURATION (e.g. enable extensions)
+KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}"
+
 # Add you own!
 KUBE_API_ARGS="--tls_cert_file={{ kube_cert_dir }}/server.crt --tls_private_key_file={{ kube_cert_dir }}/server.key --client_ca_file={{ kube_cert_dir }}/ca.crt --token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/server.crt"
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
index 1c478c41f..c2dd67484 100644
--- a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
+++ b/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
@@ -19,6 +19,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
 	    $KUBE_ALLOW_PRIV \
 	    $KUBE_SERVICE_ADDRESSES \
 	    $KUBE_ADMISSION_CONTROL \
+	    $KUBE_RUNTIME_CONFIG \
 	    $KUBE_API_ARGS
 Restart=on-failure
 Type=notify
diff --git a/roles/kubernetes/node/handlers/main.yml b/roles/kubernetes/node/handlers/main.yml
index b2327a346..9abb8ff25 100644
--- a/roles/kubernetes/node/handlers/main.yml
+++ b/roles/kubernetes/node/handlers/main.yml
@@ -2,18 +2,31 @@
 - name: restart daemons
   command: /bin/true
   notify:
-    - restart kubelet
-    - restart proxy
+    - reload systemd
+    - restart reloaded-kubelet
+    - restart reloaded-proxy
+
+- name: reload systemd
+  command: systemctl daemon-reload
 
 - name: restart kubelet
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-kubelet
+
+- name: restart reloaded-kubelet
   service:
     name: kubelet
     state: restarted
 
 - name: restart proxy
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-proxy
+
+- name: restart reloaded-proxy
   service:
     name: kube-proxy
     state: restarted
-
-- name: reload systemd
-  command: systemctl daemon-reload
-- 
GitLab