From c402feffbd9d8038f69ea9d56c823db51d18e5ca Mon Sep 17 00:00:00 2001
From: Chad Swenson <chadswen@gmail.com>
Date: Fri, 14 Oct 2016 16:46:44 -0500
Subject: [PATCH] Parameterize several dependency endpoints so that they can be
overridden with internal mirrors.
Signed-off-by: Chad Swenson <chadswen@gmail.com>
---
roles/dnsmasq/defaults/main.yml | 7 +++++++
roles/dnsmasq/templates/dnsmasq-ds.yml | 2 +-
roles/download/defaults/main.yml | 7 +++++++
roles/kubernetes-apps/ansible/defaults/main.yml | 12 ++++++++++++
.../kubernetes-apps/ansible/templates/kubedns-rc.yml | 6 +++---
roles/kubernetes/node/meta/main.yml | 2 ++
roles/kubernetes/node/templates/kubelet.j2 | 6 +++---
roles/kubernetes/preinstall/defaults/main.yml | 2 ++
roles/kubernetes/preinstall/tasks/main.yml | 2 +-
9 files changed, 38 insertions(+), 8 deletions(-)
create mode 100644 roles/kubernetes-apps/ansible/defaults/main.yml
diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml
index 48b52c121..7a1e77023 100644
--- a/roles/dnsmasq/defaults/main.yml
+++ b/roles/dnsmasq/defaults/main.yml
@@ -10,3 +10,10 @@
# Max of 2 is allowed here (a 1 is reserved for the dns_server)
#nameservers:
# - 127.0.0.1
+
+# Versions
+dnsmasq_version: 2.72
+
+# Images
+dnsmasq_image_repo: "andyshinn/dnsmasq"
+dnsmasq_image_tag: "{{ dnsmasq_version }}"
\ No newline at end of file
diff --git a/roles/dnsmasq/templates/dnsmasq-ds.yml b/roles/dnsmasq/templates/dnsmasq-ds.yml
index f1f622bbd..49223124e 100644
--- a/roles/dnsmasq/templates/dnsmasq-ds.yml
+++ b/roles/dnsmasq/templates/dnsmasq-ds.yml
@@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: dnsmasq
- image: andyshinn/dnsmasq:2.72
+ image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
command:
- dnsmasq
args:
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 1ef7b45df..56b21fe06 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -15,6 +15,7 @@ calico_cni_version: v1.4.2
weave_version: v1.6.1
flannel_version: v0.6.2
flannel_server_helper_version: 0.1
+pod_infra_version: 3.0
# Download URL's
etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
@@ -43,6 +44,8 @@ calico_node_image_repo: "calico/node"
calico_node_image_tag: "{{ calico_version }}"
hyperkube_image_repo: "quay.io/coreos/hyperkube"
hyperkube_image_tag: "{{ kube_version }}_coreos.0"
+pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
+pod_infra_image_tag: "{{ pod_infra_version }}"
downloads:
calico_cni_plugin:
@@ -108,6 +111,10 @@ downloads:
repo: "{{ calico_node_image_repo }}"
tag: "{{ calico_node_image_tag }}"
enabled: "{{ kube_network_plugin == 'calico' }}"
+ pod_infra:
+ container: true
+ repo: "{{ pod_infra_image_repo }}"
+ tag: "{{ pod_infra_image_tag }}"
download:
container: "{{ file.container|default('false') }}"
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
new file mode 100644
index 000000000..b1086aa0d
--- /dev/null
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -0,0 +1,12 @@
+# Versions
+kubedns_version: 1.7
+kubednsmasq_version: 1.3
+exechealthz_version: 1.1
+
+# Images
+kubedns_image_repo: "gcr.io/google_containers/kubedns-amd64"
+kubedns_image_tag: "{{ kubedns_version }}"
+kubednsmasq_image_repo: "gcr.io/google_containers/kube-dnsmasq-amd64"
+kubednsmasq_image_tag: "{{ kubednsmasq_version }}"
+exechealthz_image_repo: "gcr.io/google_containers/exechealthz-amd64"
+exechealthz_image_tag: "{{ exechealthz_version }}"
\ No newline at end of file
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
index 3d193d1dc..ed38d671d 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
@@ -21,7 +21,7 @@ spec:
spec:
containers:
- name: kubedns
- image: gcr.io/google_containers/kubedns-amd64:1.7
+ image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
@@ -63,7 +63,7 @@ spec:
name: dns-tcp-local
protocol: TCP
- name: dnsmasq
- image: gcr.io/google_containers/kube-dnsmasq-amd64:1.3
+ image: "{{ kubednsmasq_image_repo }}:{{ kubednsmasq_image_tag }}"
args:
- --log-facility=-
- --cache-size=1000
@@ -77,7 +77,7 @@ spec:
name: dns-tcp
protocol: TCP
- name: healthz
- image: gcr.io/google_containers/exechealthz-amd64:1.1
+ image: "{{ exechealthz_image_repo }}:{{ exechealthz_image_tag }}"
resources:
# keep request = limit to keep this container in guaranteed class
limits:
diff --git a/roles/kubernetes/node/meta/main.yml b/roles/kubernetes/node/meta/main.yml
index b9cbbd9ff..9c52b2d80 100644
--- a/roles/kubernetes/node/meta/main.yml
+++ b/roles/kubernetes/node/meta/main.yml
@@ -2,4 +2,6 @@
dependencies:
- role: download
file: "{{ downloads.hyperkube }}"
+ - role: download
+ file: "{{ downloads.pod_infra }}"
- role: kubernetes/secrets
diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2
index f55feefa9..53f2915d9 100644
--- a/roles/kubernetes/node/templates/kubelet.j2
+++ b/roles/kubernetes/node/templates/kubelet.j2
@@ -20,11 +20,11 @@ KUBELET_REGISTER_NODE="--register-node=false"
{% endif %}
# location of the api-server
{% if dns_setup|bool and skip_dnsmasq|bool %}
-KUBELET_ARGS="--cluster_dns={{ skydns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }}"
+KUBELET_ARGS="--cluster_dns={{ skydns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
{% elif dns_setup|bool %}
-KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }}"
+KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }} --resolv-conf={{ kube_resolv_conf }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
{% else %}
-KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
+KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }} --pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }}"
{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "weave"] %}
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 5d1b2cd2e..61cad7467 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -21,6 +21,8 @@ kube_log_dir: "/var/log/kubernetes"
# pods on startup
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
+epel_rpm_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
+
# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 8c2aecec5..49e69a907 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -91,7 +91,7 @@
changed_when: False
- name: Install epel-release on RedHat/CentOS
- shell: rpm -qa | grep epel-release || rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+ shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
when: ansible_distribution in ["CentOS","RedHat"] and
ansible_distribution_major_version >= 7
changed_when: False
--
GitLab