Review role order, use master ip even when fqdn are used in the inventory

README.md

@@ -123,14 +123,14 @@ kube-master
     - { role: dnsmasq, tags: dnsmasq }
     - { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
 
-- hosts: kube-node
-  roles:
-    - { role: kubernetes/node, tags: node }
-
 - hosts: kube-master
   roles:
     - { role: kubernetes/master, tags: master }
 
+- hosts: kube-node
+  roles:
+    - { role: kubernetes/node, tags: node }
+
 ```
 
 ### Run

cluster.yml

@@ -11,10 +11,10 @@
     - { role: dnsmasq, tags: dnsmasq }
     - { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
 
-- hosts: kube-node
-  roles:
-    - { role: kubernetes/node, tags: node }
-
 - hosts: kube-master
   roles:
     - { role: kubernetes/master, tags: master }
+
+- hosts: kube-node
+  roles:
+    - { role: kubernetes/node, tags: node }

roles/kubernetes/master/tasks/main.yml

 ---
+- name: Copy kubectl bash completion
+  copy:
+    src: kubectl_bash_completion.sh
+    dest: /etc/bash_completion.d/kubectl.sh
+
 - name: Install kubectl binary
   copy:
      src={{ local_release_dir }}/kubernetes/bin/kubectl
      dest={{ bin_dir }}
      owner=kube
      mode=u+x
-  notify:
-    - restart daemons
-
-- name: Copy kubectl bash completion
-  copy:
-    src: kubectl_bash_completion.sh
-    dest: /etc/bash_completion.d/kubectl.sh
 
 - name: populate users for basic auth in API
   lineinfile:
@@ -58,7 +56,7 @@
 
 - name: Create 'kube-system' namespace
   uri:
-    url: http://{{ groups['kube-master'][0]}}:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
+    url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
     method: POST
     body: '{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"kube-system"}}'
     status_code: 201,409

roles/kubernetes/node/tasks/main.yml

@@ -8,24 +8,27 @@
 - name: Make sure manifest directory exists
   file: path={{ kube_manifest_dir }} state=directory
 
-- include: secrets.yml
-  tags:
-    - secrets
 
-- include: install.yml
+- name: certs | create system kube-cert groups
+  group: name={{ kube_cert_group }} state=present system=yes
 
-- name: write the global config file
-  template:
-    src: config.j2
-    dest: "{{ kube_config_dir }}/config"
-  notify:
-    - restart kubelet
+- name: create system kube user
+  user:
+    name=kube
+    comment="Kubernetes user"
+    shell=/sbin/nologin
+    state=present
+    system=yes
+    groups={{ kube_cert_group }}
 
-- name: Create kubelet environment vars dir
-  file: path=/etc/systemd/system/kubelet.service.d state=directory
+- include: install.yml
+
+- include: secrets.yml
+  tags:
+    - secrets
 
 - name: Write kubelet config file
-  template: src=kubelet.j2 dest=/etc/systemd/system/kubelet.service.d/10-kubelet.conf backup=yes
+  template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.conf backup=yes
   notify:
     - restart kubelet
 

roles/kubernetes/node/tasks/secrets.yml

 ---
-- name: certs | create system kube-cert groups
-  group: name={{ kube_cert_group }} state=present system=yes
-
-- name: create system kube user
-  user:
-    name=kube
-    comment="Kubernetes user"
-    shell=/sbin/nologin
-    state=present
-    system=yes
-    groups={{ kube_cert_group }}
-
 - name: certs | make sure the certificate directory exits
   file:
     path={{ kube_cert_dir }}

roles/kubernetes/node/templates/config.j2

-###
-# kubernetes system config
-#
-# The following values are used to configure various aspects of all
-# kubernetes services, including
-#
-#   kube-apiserver.service
-#   kube-controller-manager.service
-#   kube-scheduler.service
-#   kubelet.service
-#   kube-proxy.service
-
-# Comma separated list of nodes in the etcd cluster
-# KUBE_ETCD_SERVERS="--etcd_servers="
-
-# logging to stderr means we get it in the systemd journal
-KUBE_LOGTOSTDERR="--logtostderr=true"
-
-# journal message level, 0 is debug
-KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
-
-# Should this cluster be allowed to run privileged docker containers
-KUBE_ALLOW_PRIV="--allow_privileged=true"
-
-# How the replication controller, scheduler, and proxy
-KUBE_MASTER="--master=https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}"

roles/kubernetes/node/templates/kubelet.j2

-[Service]
-Environment="KUBE_LOGTOSTDERR=--logtostderr=true"
-Environment="KUBE_LOG_LEVEL=--v={{ kube_log_level | default('2') }}"
-Environment="KUBE_ALLOW_PRIV=--allow_privileged=true"
-Environment="KUBELET_API_SERVER=--api_servers={% for srv in groups['kube-master'] %}https://{{ srv }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+KUBE_LOGTOSTDERR="--logtostderr=true"
+KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
+KUBE_ALLOW_PRIV="--allow_privileged=true"
+KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
 # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
-Environment="KUBELET_ADDRESS=--address=0.0.0.0"
+KUBELET_ADDRESS="--address=0.0.0.0"
 # The port for the info server to serve on
-# Environment="KUBELET_PORT=--port=10250"
+# KUBELET_PORT="--port=10250"
 # You may leave this blank to use the actual hostname
-Environment="KUBELET_HOSTNAME=--hostname_override={{ inventory_hostname }}"
+KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
 {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
-Environment="KUBELET_REGISTER_NODE=--register-node=false"
+KUBELET_REGISTER_NODE="--register-node=false"
 {% endif %}
 # location of the api-server
 {% if dns_setup %}
-Environment="KUBELET_ARGS=--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
 {% else %}
-Environment="KUBELET_ARGS=--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-Environment="KUBELET_NETWORK_PLUGIN=--network_plugin={{ kube_network_plugin }}"
+KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
 {% endif %}
+# Should this cluster be allowed to run privileged docker containers
+KUBE_ALLOW_PRIV="--allow_privileged=true"

roles/kubernetes/node/templates/kubelet.service.j2

@@ -8,7 +8,7 @@ After=docker.service
 {% endif %}
 
 [Service]
-EnvironmentFile=/etc/kubernetes/config
+EnvironmentFile=/etc/kubernetes/kubelet.conf
 EnvironmentFile=/etc/network-environment
 ExecStart={{ bin_dir }}/kubelet \
 	    $KUBE_LOGTOSTDERR \

roles/network_plugin/templates/network-environment.j2

@@ -5,7 +5,7 @@ CALICO_IPAM=true
 DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
 
 # The kubernetes master IP
-KUBERNETES_MASTER={{ groups['kube-master'][0] }}
+KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
 
 # Location of etcd cluster used by Calico.  By default, this uses the etcd
 # instance running on the Kubernetes Master
@@ -16,7 +16,7 @@ ETCD_AUTHORITY="127.0.0.1:23799"
 {% endif %}
 
 # The kubernetes-apiserver location - used by the calico plugin
-KUBE_API_ROOT=http://{{ groups['kube-master'][0] }}:{{kube_apiserver_insecure_port}}/api/v1/
+KUBE_API_ROOT=http://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_insecure_port}}/api/v1/
 
 # Location of the calicoctl binary - used by the calico plugin
 CALICOCTL_PATH="{{ bin_dir }}/calicoctl"