From b3841659d7e92d06febc9c94ea97fc0fff32ff48 Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smaine.kahlouch@arkena.com>
Date: Wed, 16 Dec 2015 23:49:01 +0100
Subject: [PATCH] Review role order, use master ip even when fqdn are used in
the inventory
---
README.md | 8 ++---
cluster.yml | 8 ++---
roles/kubernetes/master/tasks/main.yml | 14 ++++-----
roles/kubernetes/node/tasks/main.yml | 29 ++++++++++---------
roles/kubernetes/node/tasks/secrets.yml | 12 --------
roles/kubernetes/node/templates/config.j2 | 26 -----------------
roles/kubernetes/node/templates/kubelet.j2 | 25 ++++++++--------
.../node/templates/kubelet.service.j2 | 2 +-
.../templates/network-environment.j2 | 4 +--
9 files changed, 46 insertions(+), 82 deletions(-)
delete mode 100644 roles/kubernetes/node/templates/config.j2
diff --git a/README.md b/README.md
index 89c4771c7..9015f737c 100644
--- a/README.md
+++ b/README.md
@@ -123,14 +123,14 @@ kube-master
- { role: dnsmasq, tags: dnsmasq }
- { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
-- hosts: kube-node
- roles:
- - { role: kubernetes/node, tags: node }
-
- hosts: kube-master
roles:
- { role: kubernetes/master, tags: master }
+- hosts: kube-node
+ roles:
+ - { role: kubernetes/node, tags: node }
+
```
### Run
diff --git a/cluster.yml b/cluster.yml
index ef91f27ac..1b93addf4 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -11,10 +11,10 @@
- { role: dnsmasq, tags: dnsmasq }
- { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
-- hosts: kube-node
- roles:
- - { role: kubernetes/node, tags: node }
-
- hosts: kube-master
roles:
- { role: kubernetes/master, tags: master }
+
+- hosts: kube-node
+ roles:
+ - { role: kubernetes/node, tags: node }
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 6426a0e0d..d0aa31877 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -1,17 +1,15 @@
---
+- name: Copy kubectl bash completion
+ copy:
+ src: kubectl_bash_completion.sh
+ dest: /etc/bash_completion.d/kubectl.sh
+
- name: Install kubectl binary
copy:
src={{ local_release_dir }}/kubernetes/bin/kubectl
dest={{ bin_dir }}
owner=kube
mode=u+x
- notify:
- - restart daemons
-
-- name: Copy kubectl bash completion
- copy:
- src: kubectl_bash_completion.sh
- dest: /etc/bash_completion.d/kubectl.sh
- name: populate users for basic auth in API
lineinfile:
@@ -58,7 +56,7 @@
- name: Create 'kube-system' namespace
uri:
- url: http://{{ groups['kube-master'][0]}}:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
+ url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
method: POST
body: '{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"kube-system"}}'
status_code: 201,409
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 7b5e29da9..b37c1c60c 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -8,24 +8,27 @@
- name: Make sure manifest directory exists
file: path={{ kube_manifest_dir }} state=directory
-- include: secrets.yml
- tags:
- - secrets
-- include: install.yml
+- name: certs | create system kube-cert groups
+ group: name={{ kube_cert_group }} state=present system=yes
-- name: write the global config file
- template:
- src: config.j2
- dest: "{{ kube_config_dir }}/config"
- notify:
- - restart kubelet
+- name: create system kube user
+ user:
+ name=kube
+ comment="Kubernetes user"
+ shell=/sbin/nologin
+ state=present
+ system=yes
+ groups={{ kube_cert_group }}
-- name: Create kubelet environment vars dir
- file: path=/etc/systemd/system/kubelet.service.d state=directory
+- include: install.yml
+
+- include: secrets.yml
+ tags:
+ - secrets
- name: Write kubelet config file
- template: src=kubelet.j2 dest=/etc/systemd/system/kubelet.service.d/10-kubelet.conf backup=yes
+ template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.conf backup=yes
notify:
- restart kubelet
diff --git a/roles/kubernetes/node/tasks/secrets.yml b/roles/kubernetes/node/tasks/secrets.yml
index 1fdb99f98..3d0c76734 100644
--- a/roles/kubernetes/node/tasks/secrets.yml
+++ b/roles/kubernetes/node/tasks/secrets.yml
@@ -1,16 +1,4 @@
---
-- name: certs | create system kube-cert groups
- group: name={{ kube_cert_group }} state=present system=yes
-
-- name: create system kube user
- user:
- name=kube
- comment="Kubernetes user"
- shell=/sbin/nologin
- state=present
- system=yes
- groups={{ kube_cert_group }}
-
- name: certs | make sure the certificate directory exits
file:
path={{ kube_cert_dir }}
diff --git a/roles/kubernetes/node/templates/config.j2 b/roles/kubernetes/node/templates/config.j2
deleted file mode 100644
index 03752e1c9..000000000
--- a/roles/kubernetes/node/templates/config.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-###
-# kubernetes system config
-#
-# The following values are used to configure various aspects of all
-# kubernetes services, including
-#
-# kube-apiserver.service
-# kube-controller-manager.service
-# kube-scheduler.service
-# kubelet.service
-# kube-proxy.service
-
-# Comma separated list of nodes in the etcd cluster
-# KUBE_ETCD_SERVERS="--etcd_servers="
-
-# logging to stderr means we get it in the systemd journal
-KUBE_LOGTOSTDERR="--logtostderr=true"
-
-# journal message level, 0 is debug
-KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
-
-# Should this cluster be allowed to run privileged docker containers
-KUBE_ALLOW_PRIV="--allow_privileged=true"
-
-# How the replication controller, scheduler, and proxy
-KUBE_MASTER="--master=https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}"
diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2
index 02fce526f..eff4ccc9b 100644
--- a/roles/kubernetes/node/templates/kubelet.j2
+++ b/roles/kubernetes/node/templates/kubelet.j2
@@ -1,23 +1,24 @@
-[Service]
-Environment="KUBE_LOGTOSTDERR=--logtostderr=true"
-Environment="KUBE_LOG_LEVEL=--v={{ kube_log_level | default('2') }}"
-Environment="KUBE_ALLOW_PRIV=--allow_privileged=true"
-Environment="KUBELET_API_SERVER=--api_servers={% for srv in groups['kube-master'] %}https://{{ srv }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+KUBE_LOGTOSTDERR="--logtostderr=true"
+KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
+KUBE_ALLOW_PRIV="--allow_privileged=true"
+KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
-Environment="KUBELET_ADDRESS=--address=0.0.0.0"
+KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
-# Environment="KUBELET_PORT=--port=10250"
+# KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
-Environment="KUBELET_HOSTNAME=--hostname_override={{ inventory_hostname }}"
+KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
-Environment="KUBELET_REGISTER_NODE=--register-node=false"
+KUBELET_REGISTER_NODE="--register-node=false"
{% endif %}
# location of the api-server
{% if dns_setup %}
-Environment="KUBELET_ARGS=--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
{% else %}
-Environment="KUBELET_ARGS=--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-Environment="KUBELET_NETWORK_PLUGIN=--network_plugin={{ kube_network_plugin }}"
+KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
{% endif %}
+# Should this cluster be allowed to run privileged docker containers
+KUBE_ALLOW_PRIV="--allow_privileged=true"
diff --git a/roles/kubernetes/node/templates/kubelet.service.j2 b/roles/kubernetes/node/templates/kubelet.service.j2
index c09ff795d..afbfeffff 100644
--- a/roles/kubernetes/node/templates/kubelet.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.service.j2
@@ -8,7 +8,7 @@ After=docker.service
{% endif %}
[Service]
-EnvironmentFile=/etc/kubernetes/config
+EnvironmentFile=/etc/kubernetes/kubelet.conf
EnvironmentFile=/etc/network-environment
ExecStart={{ bin_dir }}/kubelet \
$KUBE_LOGTOSTDERR \
diff --git a/roles/network_plugin/templates/network-environment.j2 b/roles/network_plugin/templates/network-environment.j2
index 5793e8818..84ec866f7 100755
--- a/roles/network_plugin/templates/network-environment.j2
+++ b/roles/network_plugin/templates/network-environment.j2
@@ -5,7 +5,7 @@ CALICO_IPAM=true
DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
# The kubernetes master IP
-KUBERNETES_MASTER={{ groups['kube-master'][0] }}
+KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
# Location of etcd cluster used by Calico. By default, this uses the etcd
# instance running on the Kubernetes Master
@@ -16,7 +16,7 @@ ETCD_AUTHORITY="127.0.0.1:23799"
{% endif %}
# The kubernetes-apiserver location - used by the calico plugin
-KUBE_API_ROOT=http://{{ groups['kube-master'][0] }}:{{kube_apiserver_insecure_port}}/api/v1/
+KUBE_API_ROOT=http://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_insecure_port}}/api/v1/
# Location of the calicoctl binary - used by the calico plugin
CALICOCTL_PATH="{{ bin_dir }}/calicoctl"
--
GitLab