From f49620517e7c9e5573b9deda6d0509117911e1bb Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smaine.kahlouch@arkena.com>
Date: Fri, 11 Dec 2015 11:52:20 +0100
Subject: [PATCH] running kubernetes master processes as pods
---
roles/kubernetes/master/handlers/main.yml | 39 +-------
roles/kubernetes/master/meta/main.yml | 3 +-
roles/kubernetes/master/tasks/config.yml | 94 -------------------
roles/kubernetes/master/tasks/install.yml | 34 -------
roles/kubernetes/master/tasks/main.yml | 82 +++++++++++++++-
.../kubernetes/master/templates/apiserver.j2 | 28 ------
.../master/templates/controller-manager.j2 | 6 --
.../controller-manager.kubeconfig.j2 | 18 ----
...beconfig.j2 => kubectl-kubeconfig.yaml.j2} | 4 +-
.../manifests/kube-apiserver.manifest.j2 | 46 +++++++++
.../kube-controller-manager.manifest.j2 | 38 ++++++++
.../manifests/kube-podmaster.manifest.j2 | 44 +++++++++
.../manifests/kube-scheduler.manifest.j2 | 22 +++++
roles/kubernetes/master/templates/proxy.j2 | 8 --
.../master/templates/proxy.kubeconfig.j2 | 18 ----
.../kubernetes/master/templates/scheduler.j2 | 7 --
.../master/templates/scheduler.kubeconfig.j2 | 18 ----
.../systemd-init/kube-apiserver.service.j2 | 29 ------
.../kube-controller-manager.service.j2 | 20 ----
.../systemd-init/kube-proxy.service.j2 | 22 -----
.../systemd-init/kube-scheduler.service.j2 | 20 ----
21 files changed, 238 insertions(+), 362 deletions(-)
delete mode 100644 roles/kubernetes/master/tasks/config.yml
delete mode 100644 roles/kubernetes/master/tasks/install.yml
delete mode 100644 roles/kubernetes/master/templates/apiserver.j2
delete mode 100644 roles/kubernetes/master/templates/controller-manager.j2
delete mode 100644 roles/kubernetes/master/templates/controller-manager.kubeconfig.j2
rename roles/kubernetes/master/templates/{kubectl.kubeconfig.j2 => kubectl-kubeconfig.yaml.j2} (68%)
create mode 100644 roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
create mode 100644 roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
create mode 100644 roles/kubernetes/master/templates/manifests/kube-podmaster.manifest.j2
create mode 100644 roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
delete mode 100644 roles/kubernetes/master/templates/proxy.j2
delete mode 100644 roles/kubernetes/master/templates/proxy.kubeconfig.j2
delete mode 100644 roles/kubernetes/master/templates/scheduler.j2
delete mode 100644 roles/kubernetes/master/templates/scheduler.kubeconfig.j2
delete mode 100644 roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
delete mode 100644 roles/kubernetes/master/templates/systemd-init/kube-controller-manager.service.j2
delete mode 100644 roles/kubernetes/master/templates/systemd-init/kube-proxy.service.j2
delete mode 100644 roles/kubernetes/master/templates/systemd-init/kube-scheduler.service.j2
diff --git a/roles/kubernetes/master/handlers/main.yml b/roles/kubernetes/master/handlers/main.yml
index 4e7644b32..8b00d1689 100644
--- a/roles/kubernetes/master/handlers/main.yml
+++ b/roles/kubernetes/master/handlers/main.yml
@@ -1,47 +1,16 @@
---
-- name: restart daemons
- command: /bin/true
- notify:
- - reload systemd
- - restart reloaded-scheduler
- - restart reloaded-controller-manager
- - restart reloaded-apiserver
- - restart reloaded-proxy
-
- name: reload systemd
command: systemctl daemon-reload
-- name: restart apiserver
- command: /bin/true
- notify:
- - reload systemd
- - restart reloaded-apiserver
-
-- name: restart reloaded-apiserver
- service:
- name: kube-apiserver
- state: restarted
-
-- name: restart controller-manager
- command: /bin/true
- notify:
- - reload systemd
- - restart reloaded-controller-manager
-
-- name: restart reloaded-controller-manager
- service:
- name: kube-controller-manager
- state: restarted
-
-- name: restart scheduler
+- name: restart kubelet
command: /bin/true
notify:
- reload systemd
- - restart reloaded-scheduler
+ - restart reloaded-kubelet
-- name: restart reloaded-scheduler
+- name: restart reloaded-kubelet
service:
- name: kube-scheduler
+ name: kubelet
state: restarted
- name: restart proxy
diff --git a/roles/kubernetes/master/meta/main.yml b/roles/kubernetes/master/meta/main.yml
index 31675692c..53dd04017 100644
--- a/roles/kubernetes/master/meta/main.yml
+++ b/roles/kubernetes/master/meta/main.yml
@@ -1,3 +1,4 @@
---
dependencies:
- - { role: kubernetes/common }
+ - { role: etcd }
+ - { role: kubernetes/node }
diff --git a/roles/kubernetes/master/tasks/config.yml b/roles/kubernetes/master/tasks/config.yml
deleted file mode 100644
index 2f488a921..000000000
--- a/roles/kubernetes/master/tasks/config.yml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-- name: get the node token values from token files
- slurp:
- src: "{{ kube_token_dir }}/{{ item }}-{{ inventory_hostname }}.token"
- with_items:
- - "system:controller_manager"
- - "system:scheduler"
- - "system:kubectl"
- - "system:proxy"
- register: tokens
- delegate_to: "{{ groups['kube-master'][0] }}"
-
-- name: Set token facts
- set_fact:
- controller_manager_token: "{{ tokens.results[0].content|b64decode }}"
- scheduler_token: "{{ tokens.results[1].content|b64decode }}"
- kubectl_token: "{{ tokens.results[2].content|b64decode }}"
- proxy_token: "{{ tokens.results[3].content|b64decode }}"
-
-- name: write the config files for api server
- template: src=apiserver.j2 dest={{ kube_config_dir }}/apiserver backup=yes
- notify:
- - restart apiserver
-
-- name: write config file for controller-manager
- template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager backup=yes
- notify:
- - restart controller-manager
-
-- name: write the kubecfg (auth) file for controller-manager
- template: src=controller-manager.kubeconfig.j2 dest={{ kube_config_dir }}/controller-manager.kubeconfig backup=yes
- notify:
- - restart controller-manager
-
-- name: write the config file for scheduler
- template: src=scheduler.j2 dest={{ kube_config_dir }}/scheduler backup=yes
- notify:
- - restart scheduler
-
-- name: write the kubecfg (auth) file for scheduler
- template: src=scheduler.kubeconfig.j2 dest={{ kube_config_dir }}/scheduler.kubeconfig backup=yes
- notify:
- - restart scheduler
-
-- name: write the kubecfg (auth) file for kubectl
- template: src=kubectl.kubeconfig.j2 dest={{ kube_config_dir }}/kubectl.kubeconfig backup=yes
-
-- name: Copy kubectl bash completion
- copy: src=kubectl_bash_completion.sh dest=/etc/bash_completion.d/kubectl.sh
-
-- name: Create proxy environment vars dir
- file: path=/etc/systemd/system/kube-proxy.service.d state=directory
-
-- name: Write proxy config file
- template: src=proxy.j2 dest=/etc/systemd/system/kube-proxy.service.d/10-proxy-cluster.conf backup=yes
- notify:
- - restart proxy
-
-- name: write the kubecfg (auth) file for proxy
- template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig backup=yes
-
-- name: populate users for basic auth in API
- lineinfile:
- dest: "{{ kube_users_dir }}/known_users.csv"
- create: yes
- line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
- backup: yes
- with_dict: "{{ kube_users }}"
- notify:
- - restart apiserver
-
-- name: Enable controller-manager
- service:
- name: kube-controller-manager
- enabled: yes
- state: started
-
-- name: Enable scheduler
- service:
- name: kube-scheduler
- enabled: yes
- state: started
-
-- name: Enable kube-proxy
- service:
- name: kube-proxy
- enabled: yes
- state: started
-
-- name: Enable apiserver
- service:
- name: kube-apiserver
- enabled: yes
- state: started
diff --git a/roles/kubernetes/master/tasks/install.yml b/roles/kubernetes/master/tasks/install.yml
deleted file mode 100644
index 92d194515..000000000
--- a/roles/kubernetes/master/tasks/install.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-- name: Write kube-apiserver systemd init file
- template: src=systemd-init/kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service backup=yes
- notify: restart apiserver
-
-- name: Write kube-controller-manager systemd init file
- template: src=systemd-init/kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service backup=yes
- notify: restart controller-manager
-
-- name: Write kube-scheduler systemd init file
- template: src=systemd-init/kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service backup=yes
- notify: restart scheduler
-
-- name: Write kube-proxy systemd init file
- template: src=systemd-init/kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service backup=yes
- notify: restart proxy
-
-- name: Install kubernetes binaries
- copy:
- src={{ local_release_dir }}/kubernetes/bin/{{ item }}
- dest={{ bin_dir }}
- owner=kube
- mode=u+x
- with_items:
- - kube-apiserver
- - kube-controller-manager
- - kube-scheduler
- - kube-proxy
- - kubectl
- notify:
- - restart daemons
-
-- name: Allow apiserver to bind on both secure and insecure ports
- shell: setcap cap_net_bind_service+ep {{ bin_dir }}/kube-apiserver
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 8570db68c..12459956a 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -1,3 +1,81 @@
---
-- include: install.yml
-- include: config.yml
+- name: Install kubectl binary
+ copy:
+ src={{ local_release_dir }}/kubernetes/bin/kubectl
+ dest={{ bin_dir }}
+ owner=kube
+ mode=u+x
+ notify:
+ - restart daemons
+
+- name: Copy kubectl bash completion
+ copy:
+ src: kubectl_bash_completion.sh
+ dest: /etc/bash_completion.d/kubectl.sh
+
+- name: populate users for basic auth in API
+ lineinfile:
+ dest: "{{ kube_users_dir }}/known_users.csv"
+ create: yes
+ line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
+ backup: yes
+ with_dict: "{{ kube_users }}"
+
+# Sync masters
+- name: synchronize auth directories for masters
+ synchronize:
+ src: "{{ item }}"
+ dest: "{{ kube_config_dir }}"
+ recursive: yes
+ delete: yes
+ rsync_opts: [ '--one-file-system']
+ with_items:
+ - "{{ kube_token_dir }}"
+ - "{{ kube_cert_dir }}"
+ - "{{ kube_users_dir }}"
+ delegate_to: "{{ groups['kube-master'][0] }}"
+
+# Write manifests
+- name: Write kube-apiserver manifest
+ template:
+ src: manifests/kube-apiserver.manifest.j2
+ dest: "{{ kube_manifest_dir }}/kube-apisever.manifest"
+ notify:
+ - restart kubelet
+
+- meta: flush_handlers
+
+- name: wait for the apiserver to be running (pulling image and running container)
+ wait_for:
+ port: 8080
+
+- name: install required python module 'httplib2'
+ apt:
+ name: "python-httplib2"
+ state: present
+ when: inventory_hostname == groups['kube-master'][0]
+
+- name: Create 'kube-system' namespace
+ uri:
+ url: http://{{ groups['kube-master'][0]}}:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
+ method: POST
+ body: '{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"kube-system"}}'
+ status_code: 201,409
+ body_format: json
+ run_once: yes
+ when: inventory_hostname == groups['kube-master'][0]
+
+- name: Write kube-controller-manager manifest
+ template:
+ src: manifests/kube-controller-manager.manifest.j2
+ dest: "{{ kube_config_dir }}/kube-controller-manager.manifest"
+
+- name: Write kube-scheduler manifest
+ template:
+ src: manifests/kube-scheduler.manifest.j2
+ dest: "{{ kube_config_dir }}/kube-scheduler.manifest"
+
+- name: Write podmaster manifest
+ template:
+ src: manifests/kube-podmaster.manifest.j2
+ dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest"
diff --git a/roles/kubernetes/master/templates/apiserver.j2 b/roles/kubernetes/master/templates/apiserver.j2
deleted file mode 100644
index 0a38d5c87..000000000
--- a/roles/kubernetes/master/templates/apiserver.j2
+++ /dev/null
@@ -1,28 +0,0 @@
-###
-# kubernetes system config
-#
-# The following values are used to configure the kube-apiserver
-#
-
-# The address on the local server to listen to.
-KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
-
-# The port on the local server to listen on.
-KUBE_API_PORT="--insecure-port={{kube_master_insecure_port}} --secure-port={{ kube_master_port }}"
-
-# KUBELET_PORT="--kubelet_port=10250"
-
-# Address range to use for services
-KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range={{ kube_service_addresses }}"
-
-# Location of the etcd cluster
-KUBE_ETCD_SERVERS="--etcd_servers={% for node in groups['etcd'] %}http://{{ node }}:2379{% if not loop.last %},{% endif %}{% endfor %}"
-
-# default admission control policies
-KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
-
-# RUNTIME API CONFIGURATION (e.g. enable extensions)
-KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}"
-
-# Add you own!
-KUBE_API_ARGS="--tls_cert_file={{ kube_cert_dir }}/server.crt --tls_private_key_file={{ kube_cert_dir }}/server.key --client_ca_file={{ kube_cert_dir }}/ca.crt --token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/server.crt"
diff --git a/roles/kubernetes/master/templates/controller-manager.j2 b/roles/kubernetes/master/templates/controller-manager.j2
deleted file mode 100644
index c7a932900..000000000
--- a/roles/kubernetes/master/templates/controller-manager.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-###
-# The following values are used to configure the kubernetes controller-manager
-
-# defaults from config and apiserver should be adequate
-
-KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig={{ kube_config_dir }}/controller-manager.kubeconfig --service_account_private_key_file={{ kube_cert_dir }}/server.key --root_ca_file={{ kube_cert_dir }}/ca.crt"
diff --git a/roles/kubernetes/master/templates/controller-manager.kubeconfig.j2 b/roles/kubernetes/master/templates/controller-manager.kubeconfig.j2
deleted file mode 100644
index c71ac50f3..000000000
--- a/roles/kubernetes/master/templates/controller-manager.kubeconfig.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Config
-current-context: controller-manager-to-{{ cluster_name }}
-preferences: {}
-clusters:
-- cluster:
- certificate-authority: {{ kube_cert_dir }}/ca.crt
- server: https://{{ groups['kube-master'][0] }}:{{ kube_master_port }}
- name: {{ cluster_name }}
-contexts:
-- context:
- cluster: {{ cluster_name }}
- user: controller-manager
- name: controller-manager-to-{{ cluster_name }}
-users:
-- name: controller-manager
- user:
- token: {{ controller_manager_token }}
diff --git a/roles/kubernetes/master/templates/kubectl.kubeconfig.j2 b/roles/kubernetes/master/templates/kubectl-kubeconfig.yaml.j2
similarity index 68%
rename from roles/kubernetes/master/templates/kubectl.kubeconfig.j2
rename to roles/kubernetes/master/templates/kubectl-kubeconfig.yaml.j2
index dd8f0eabe..5cc74cf9e 100644
--- a/roles/kubernetes/master/templates/kubectl.kubeconfig.j2
+++ b/roles/kubernetes/master/templates/kubectl-kubeconfig.yaml.j2
@@ -4,8 +4,8 @@ current-context: kubectl-to-{{ cluster_name }}
preferences: {}
clusters:
- cluster:
- certificate-authority-data: {{ kube_ca_cert|b64encode }}
- server: https://{{ groups['kube-master'][0] }}:{{ kube_master_port }}
+ certificate-authority-data: {{ kube_node_cert|b64encode }}
+ server: https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}
name: {{ cluster_name }}
contexts:
- context:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
new file mode 100644
index 000000000..320594fa4
--- /dev/null
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-apiserver
+spec:
+ hostNetwork: true
+ containers:
+ - name: kube-apiserver
+ image: {{ hyperkube_image.name }}:{{ hyperkube_image.tag }}
+ command:
+ - /hyperkube
+ - apiserver
+ - --insecure-bind-address=0.0.0.0
+ - --etcd-servers=http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address) }}:2379
+ - --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
+ - --service-cluster-ip-range={{ kube_service_addresses }}
+ - --client-ca-file={{ kube_cert_dir }}/ca.pem
+ - --basic-auth-file={{ kube_users_dir }}/known_users.csv
+ - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
+ - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
+ - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
+ - --secure-port={{ kube_apiserver_port }}
+ - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
+ - --v={{ kube_log_level | default('2') }}
+ - --allow-privileged=true
+ ports:
+ - containerPort: {{ kube_apiserver_port }}
+ hostPort: {{ kube_apiserver_port }}
+ name: https
+ - containerPort: {{ kube_apiserver_insecure_port }}
+ hostPort: {{ kube_apiserver_insecure_port }}
+ name: local
+ volumeMounts:
+ - mountPath: {{ kube_config_dir }}
+ name: kubernetes-config
+ readOnly: true
+ - mountPath: /etc/ssl/certs
+ name: ssl-certs-host
+ readOnly: true
+ volumes:
+ - hostPath:
+ path: {{ kube_config_dir }}
+ name: kubernetes-config
+ - hostPath:
+ path: /usr/share/ca-certificates
+ name: ssl-certs-host
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
new file mode 100644
index 000000000..17052f9f4
--- /dev/null
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-controller-manager
+ namespace: kube-system
+spec:
+ hostNetwork: true
+ containers:
+ - name: kube-controller-manager
+ image: {{ hyperkube_image.name }}:{{ hyperkube_image.tag }}
+ command:
+ - /hyperkube
+ - controller-manager
+ - --master=http://127.0.0.1:8080
+ - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
+ - --root-ca-file={{ kube_cert_dir }}/ca.pem
+ - --v={{ kube_log_level | default('2') }}
+ livenessProbe:
+ httpGet:
+ host: 127.0.0.1
+ path: /healthz
+ port: 10252
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
+ volumeMounts:
+ - mountPath: {{ kube_cert_dir }}
+ name: ssl-certs-kubernetes
+ readOnly: true
+ - mountPath: /etc/ssl/certs
+ name: ssl-certs-host
+ readOnly: true
+ volumes:
+ - hostPath:
+ path: {{ kube_cert_dir }}
+ name: ssl-certs-kubernetes
+ - hostPath:
+ path: /usr/share/ca-certificates
+ name: ssl-certs-host
diff --git a/roles/kubernetes/master/templates/manifests/kube-podmaster.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-podmaster.manifest.j2
new file mode 100644
index 000000000..a75fa3b32
--- /dev/null
+++ b/roles/kubernetes/master/templates/manifests/kube-podmaster.manifest.j2
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-podmaster
+ namespace: kube-system
+spec:
+ hostNetwork: true
+ containers:
+ - name: scheduler-elector
+ image: gcr.io/google_containers/podmaster:1.1
+ command:
+ - /podmaster
+ - --etcd-servers=http://127.0.0.1:2379
+ - --key=scheduler
+ - --source-file={{ kube_config_dir}}/kube-scheduler.manifest
+ - --dest-file={{ kube_manifest_dir }}/kube-scheduler.manifest
+ volumeMounts:
+ - mountPath: {{ kube_config_dir }}
+ name: manifest-src
+ readOnly: true
+ - mountPath: {{ kube_manifest_dir }}
+ name: manifest-dst
+ - name: controller-manager-elector
+ image: gcr.io/google_containers/podmaster:1.1
+ command:
+ - /podmaster
+ - --etcd-servers=http://127.0.0.1:2379
+ - --key=controller
+ - --source-file={{ kube_config_dir }}/kube-controller-manager.manifest
+ - --dest-file={{ kube_manifest_dir }}/kube-controller-manager.manifest
+ terminationMessagePath: /dev/termination-log
+ volumeMounts:
+ - mountPath: {{ kube_config_dir }}
+ name: manifest-src
+ readOnly: true
+ - mountPath: {{ kube_manifest_dir }}
+ name: manifest-dst
+ volumes:
+ - hostPath:
+ path: {{ kube_config_dir }}
+ name: manifest-src
+ - hostPath:
+ path: {{ kube_manifest_dir }}
+ name: manifest-dst
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
new file mode 100644
index 000000000..7a595f2c6
--- /dev/null
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kube-scheduler
+ namespace: kube-system
+spec:
+ hostNetwork: true
+ containers:
+ - name: kube-scheduler
+ image: {{ hyperkube_image.name }}:{{ hyperkube_image.tag }}
+ command:
+ - /hyperkube
+ - scheduler
+ - --master=http://127.0.0.1:8080
+ - --v={{ kube_log_level | default('2') }}
+ livenessProbe:
+ httpGet:
+ host: 127.0.0.1
+ path: /healthz
+ port: 10251
+ initialDelaySeconds: 15
+ timeoutSeconds: 1
diff --git a/roles/kubernetes/master/templates/proxy.j2 b/roles/kubernetes/master/templates/proxy.j2
deleted file mode 100644
index 33f811a53..000000000
--- a/roles/kubernetes/master/templates/proxy.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-###
-# kubernetes proxy config
-
-# default config should be adequate
-
-# Add your own!
-[Service]
-Environment="KUBE_PROXY_ARGS=--kubeconfig={{ kube_config_dir }}/proxy.kubeconfig --proxy-mode={{kube_proxy_mode}}"
diff --git a/roles/kubernetes/master/templates/proxy.kubeconfig.j2 b/roles/kubernetes/master/templates/proxy.kubeconfig.j2
deleted file mode 100644
index 5e35eb5d2..000000000
--- a/roles/kubernetes/master/templates/proxy.kubeconfig.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Config
-current-context: proxy-to-{{ cluster_name }}
-preferences: {}
-contexts:
-- context:
- cluster: {{ cluster_name }}
- user: proxy
- name: proxy-to-{{ cluster_name }}
-clusters:
-- cluster:
- certificate-authority: {{ kube_cert_dir }}/ca.crt
- server: http://{{ groups['kube-master'][0] }}:{{kube_master_insecure_port}}
- name: {{ cluster_name }}
-users:
-- name: proxy
- user:
- token: {{ proxy_token }}
diff --git a/roles/kubernetes/master/templates/scheduler.j2 b/roles/kubernetes/master/templates/scheduler.j2
deleted file mode 100644
index 8af898d0b..000000000
--- a/roles/kubernetes/master/templates/scheduler.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-###
-# kubernetes scheduler config
-
-# default config should be adequate
-
-# Add your own!
-KUBE_SCHEDULER_ARGS="--kubeconfig={{ kube_config_dir }}/scheduler.kubeconfig"
diff --git a/roles/kubernetes/master/templates/scheduler.kubeconfig.j2 b/roles/kubernetes/master/templates/scheduler.kubeconfig.j2
deleted file mode 100644
index bc6203745..000000000
--- a/roles/kubernetes/master/templates/scheduler.kubeconfig.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Config
-current-context: scheduler-to-{{ cluster_name }}
-preferences: {}
-clusters:
-- cluster:
- certificate-authority: {{ kube_cert_dir }}/ca.crt
- server: https://{{ groups['kube-master'][0] }}:{{ kube_master_port }}
- name: {{ cluster_name }}
-contexts:
-- context:
- cluster: {{ cluster_name }}
- user: scheduler
- name: scheduler-to-{{ cluster_name }}
-users:
-- name: scheduler
- user:
- token: {{ scheduler_token }}
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
deleted file mode 100644
index c2dd67484..000000000
--- a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
+++ /dev/null
@@ -1,29 +0,0 @@
-[Unit]
-Description=Kubernetes API Server
-Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-Requires=etcd2.service
-After=etcd2.service
-
-[Service]
-EnvironmentFile=/etc/network-environment
-EnvironmentFile=-/etc/kubernetes/config
-EnvironmentFile=-/etc/kubernetes/apiserver
-User=kube
-ExecStart={{ bin_dir }}/kube-apiserver \
- $KUBE_LOGTOSTDERR \
- $KUBE_LOG_LEVEL \
- $KUBE_ETCD_SERVERS \
- $KUBE_API_ADDRESS \
- $KUBE_API_PORT \
- $KUBELET_PORT \
- $KUBE_ALLOW_PRIV \
- $KUBE_SERVICE_ADDRESSES \
- $KUBE_ADMISSION_CONTROL \
- $KUBE_RUNTIME_CONFIG \
- $KUBE_API_ARGS
-Restart=on-failure
-Type=notify
-LimitNOFILE=65536
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-controller-manager.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-controller-manager.service.j2
deleted file mode 100644
index a308630eb..000000000
--- a/roles/kubernetes/master/templates/systemd-init/kube-controller-manager.service.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Kubernetes Controller Manager
-Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-Requires=etcd2.service
-After=etcd2.service
-
-[Service]
-EnvironmentFile=-/etc/kubernetes/config
-EnvironmentFile=-/etc/kubernetes/controller-manager
-User=kube
-ExecStart={{ bin_dir }}/kube-controller-manager \
- $KUBE_LOGTOSTDERR \
- $KUBE_LOG_LEVEL \
- $KUBE_MASTER \
- $KUBE_CONTROLLER_MANAGER_ARGS
-Restart=on-failure
-LimitNOFILE=65536
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-proxy.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-proxy.service.j2
deleted file mode 100644
index b1170c5d8..000000000
--- a/roles/kubernetes/master/templates/systemd-init/kube-proxy.service.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-[Unit]
-Description=Kubernetes Kube-Proxy Server
-Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-After=docker.service calico-node.service
-{% else %}
-After=docker.service
-{% endif %}
-
-[Service]
-EnvironmentFile=/etc/kubernetes/config
-EnvironmentFile=/etc/network-environment
-ExecStart={{ bin_dir }}/kube-proxy \
- $KUBE_LOGTOSTDERR \
- $KUBE_LOG_LEVEL \
- $KUBE_MASTER \
- $KUBE_PROXY_ARGS
-Restart=on-failure
-LimitNOFILE=65536
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-scheduler.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-scheduler.service.j2
deleted file mode 100644
index c5d93111f..000000000
--- a/roles/kubernetes/master/templates/systemd-init/kube-scheduler.service.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Kubernetes Scheduler Plugin
-Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-Requires=etcd2.service
-After=etcd2.service
-
-[Service]
-EnvironmentFile=-/etc/kubernetes/config
-EnvironmentFile=-/etc/kubernetes/scheduler
-User=kube
-ExecStart={{ bin_dir }}/kube-scheduler \
- $KUBE_LOGTOSTDERR \
- $KUBE_LOG_LEVEL \
- $KUBE_MASTER \
- $KUBE_SCHEDULER_ARGS
-Restart=on-failure
-LimitNOFILE=65536
-
-[Install]
-WantedBy=multi-user.target
--
GitLab