richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1108 Commits
30 Branches
81 Tags
149 MiB
Tree: 046f3eebcb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '046f3eebcb'
${ noResults }
kubespray/inventory/group_vars/all.yml

201 lines
7.7 KiB
Raw Normal View History

Disable fastestmirror on CentOS It actually slows down things dramatically when used in combination with Ansible.
8 years ago
combine bootstrap options, add xenial support
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
add missing vars file
9 years ago
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Move kube_version to group_vars/all to allow easier changing of version Also allows to perform version dependent logic in Ansible roles.
8 years ago
Fix kube_version to include 'v' again https://github.com/kubernetes-incubator/kargo/pull/736 missed this
8 years ago
Move kube_version to group_vars/all to allow easier changing of version Also allows to perform version dependent logic in Ansible roles.
8 years ago
add missing vars file
9 years ago
Add retry_stagger var for failed download/pushes. * Add the retry_stagger var to tweak push and retry time strategies. * Add large deployments related docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Using one var file per environment is simplier
9 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
moving kube-cert group into group_vars
8 years ago
Quickstart documentation
9 years ago
Pass --anonymous-auth to apiserver Fixes #732
8 years ago
Using one var file per environment is simplier
9 years ago
fix api auth issue for ci tests
8 years ago
Quickstart documentation
9 years ago
fix api auth issue for ci tests
8 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add advanced net check for DNS K8s app * Add an option to deploy K8s app to test e2e network connectivity and cluster DNS resolve via Kubedns for nethost/simple pods (defaults to false). * Parametrize existing k8s apps templates with kube_namespace and kube_config_dir instead of hardcode. * For CoreOS, ensure nameservers from inventory to be put in the first place to allow hostnet pods connectivity via short names or FQDN and hostnet agents to pass as well, if netchecker deployed. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Using one var file per environment is simplier
9 years ago
Add variables and defaults for multiple types of ip addresses. Each node can have 3 IPs. 1. ansible_default_ip4 - whatever ansible things is the first IPv4 address usually with the default gw. 2. ip - An address to use on the local node to bind listeners and do local communication. For example, Vagrant boxes have a first address that is the NAT bridge and is common for all nodes. The second address/interface should be used. 3. access_ip - An address to use for node-to-node access. This is assumed to be used by other nodes to access the node and may not be actually assigned on the node. For example, AWS public ip that is not assigned to node. This updates the places addresses are used to use either ip or access_ip and walk up the list to find an address.
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
Remove etcd-proxy from all nodes and use etcd multiaccess
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
use nginx proxy on non-master nodes to proxy apiserver traffic Also adds all masters by hostname and localhost/127.0.0.1 to apiserver SSL certificate. Includes documentation update on how localhost loadbalancer works.
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
specify weave version
8 years ago
Add pseudo network plugin called "cloud" to use cloud provider for network Allow to let the cloud provider configure proper routing for nodes.
8 years ago
redirecting to new doc page
8 years ago
split network plugins into distinct roles
8 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Revert "Add HA/LB endpoints for kube-apiserver" This reverts commit a70c3b661e12d75ca01f8c0b38ef6af625d3383a.
8 years ago
Using one var file per environment is simplier
9 years ago
Make dnsmasq daemon set optional Change additional dnsmasq opts: - Adjust caching size and TTL - Disable resolve conf to not create loops - Change dnsPolicy to default (similarly to kubedns's dnsmasq). The ClusterFirst should not be used to not create loops - Disable negative NXDOMAIN replies to be cached - Make its very installation as optional step (enabled by default). If you don't want more than 3 DNS servers, including 1 for K8s, disable it. - Add docs and a drawing to clarify DNS setup. - Fix stdout logs for dnsmasq/kubedns app configs - Add missed notifies to resolvconf -u handler - Fix idempotency of resolvconf head file changes Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Using one var file per environment is simplier
9 years ago
upgrade to kubernetes version 1.4.0 test to change the machine type Revert "test to change the machine type" This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1. use google dns server when no upstream dns are defined comment upstream_dns_servers update documentation remove deprecated kubelet flags Revert "remove deprecated kubelet flags" This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
8 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Use dnsmasq inside pods
8 years ago
Use second ip address in order to avoid any ip range problem
9 years ago
kube-proxy loadbalancing, need an external loadbalancer
9 years ago
choose between gce and aws cloud providers
8 years ago
add basic azure support for kargo
8 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
8 years ago
add basic azure support for kargo
8 years ago
choose between gce and aws cloud providers
8 years ago
add basic azure support for kargo
8 years ago
Add check for azure_route_table_name and add it to all.yml
8 years ago
add basic azure support for kargo
8 years ago
example env allow insecure-registry Many use cases of k8s involve running a local registry, chances are the person running this will learn the hard way that they need to allow insecure registry on the `kube_service_addresses` network. We should just default to settings this in `inventory/group_vars/all.yml` to help reduce potential friction for first time users.
8 years ago
Docker Options Refactor
8 years ago
example env allow insecure-registry Many use cases of k8s involve running a local registry, chances are the person running this will learn the hard way that they need to allow insecure registry on the `kube_service_addresses` network. We should just default to settings this in `inventory/group_vars/all.yml` to help reduce potential friction for first time users.
8 years ago
Docker Options Refactor
8 years ago
Add kubedns as default package to install
8 years ago
Allow to specify docker storage driver
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add kubedns as default package to install
8 years ago
App deployer plugins
8 years ago
Add kubedns as default package to install
8 years ago
  1. # Valid bootstrap options (required): ubuntu, coreos, centos, none
  2. bootstrap_os: none
  4. # Directory where the binaries will be installed
  5. bin_dir: /usr/local/bin
  7. # Kubernetes configuration dirs and system namespace.
  8. # Those are where all the additional config stuff goes
  9. # the kubernetes normally puts in /srv/kubernets.
  10. # This puts them in a sane location and namespace.
  11. # Editting those values will almost surely break something.
  12. kube_config_dir: /etc/kubernetes
  13. kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
  14. kube_manifest_dir: "{{ kube_config_dir }}/manifests"
  15. system_namespace: kube-system
  17. # Logging directory (sysvinit systems)
  18. kube_log_dir: "/var/log/kubernetes"
  20. # This is where all the cert scripts and certs will be located
  21. kube_cert_dir: "{{ kube_config_dir }}/ssl"
  23. # This is where all of the bearer tokens will be stored
  24. kube_token_dir: "{{ kube_config_dir }}/tokens"
  26. # This is where to save basic auth file
  27. kube_users_dir: "{{ kube_config_dir }}/users"
  29. ## Change this to use another Kubernetes version, e.g. a current beta release
  30. kube_version: v1.4.6
  32. # Where the binaries will be downloaded.
  33. # Note: ensure that you've enough disk space (about 1G)
  34. local_release_dir: "/tmp/releases"
  35. # Random shifts for retrying failed ops like pushing/downloading
  36. retry_stagger: 5
  38. # Uncomment this line for CoreOS only.
  39. # Directory where python binary is installed
  40. # ansible_python_interpreter: "/opt/bin/python"
  42. # This is the group that the cert creation scripts chgrp the
  43. # cert files to. Not really changable...
  44. kube_cert_group: kube-cert
  46. # Cluster Loglevel configuration
  47. kube_log_level: 2
  49. # Kubernetes 1.5 added a new flag to the apiserver to disable anonymous auth. In previos versions, anonymous auth was
  50. # not implemented. As the new flag defaults to true, we have to explicetely disable it. Change this line if you want the
  51. # 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5
  52. kube_api_anonymous_auth: false
  54. # Users to create for basic auth in Kubernetes API via HTTP
  55. kube_api_pwd: "changeme"
  56. kube_users:
  57. kube:
  58. pass: "{{kube_api_pwd}}"
  59. role: admin
  60. root:
  61. pass: "changeme"
  62. role: admin
  64. # Kubernetes cluster name, also will be used as DNS domain
  65. cluster_name: cluster.local
  66. # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
  67. ndots: 2
  68. # Deploy netchecker app to verify DNS resolve as an HTTP service
  69. deploy_netchecker: false
  71. # For some environments, each node has a pubilcally accessible
  72. # address and an address it should bind services to. These are
  73. # really inventory level variables, but described here for consistency.
  74. #
  75. # When advertising access, the access_ip will be used, but will defer to
  76. # ip and then the default ansible ip when unspecified.
  77. #
  78. # When binding to restrict access, the ip variable will be used, but will
  79. # defer to the default ansible ip when unspecified.
  80. #
  81. # The ip variable is used for specific address binding, e.g. listen address
  82. # for etcd. This is use to help with environments like Vagrant or multi-nic
  83. # systems where one address should be preferred over another.
  84. # ip: 10.2.2.2
  85. #
  86. # The access_ip variable is used to define how other nodes should access
  87. # the node. This is used in flannel to allow other flannel nodes to see
  88. # this node for example. The access_ip is really useful AWS and Google
  89. # environments where the nodes are accessed remotely by the "public" ip,
  90. # but don't know about that address themselves.
  91. # access_ip: 1.1.1.1
  93. # Etcd access modes:
  94. # Enable multiaccess to configure clients to access all of the etcd members directly
  95. # as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers.
  96. # This may be the case if clients support and loadbalance multiple etcd servers natively.
  97. etcd_multiaccess: true
  99. # Assume there are no internal loadbalancers for apiservers exist and listen on
  100. # kube_apiserver_port (default 443)
  101. loadbalancer_apiserver_localhost: true
  103. # Choose network plugin (calico, weave or flannel)
  104. # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
  105. kube_network_plugin: flannel
  107. # Kubernetes internal network for services, unused block of space.
  108. kube_service_addresses: 10.233.0.0/18
  110. # internal network. When used, it will assign IP
  111. # addresses from this range to individual pods.
  112. # This network must be unused in your network infrastructure!
  113. kube_pods_subnet: 10.233.64.0/18
  115. # internal network total size (optional). This is the prefix of the
  116. # entire network. Must be unused in your environment.
  117. # kube_network_prefix: 18
  119. # internal network node size allocation (optional). This is the size allocated
  120. # to each node on your network. With these defaults you should have
  121. # room for 4096 nodes with 254 pods per node.
  122. kube_network_node_prefix: 24
  124. # With calico it is possible to distributed routes with border routers of the datacenter.
  125. peer_with_router: false
  126. # Warning : enabling router peering will disable calico's default behavior ('node mesh').
  127. # The subnets of each nodes will be distributed by the datacenter router
  129. # The port the API Server will be listening on.
  130. kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
  131. kube_apiserver_port: 443 # (https)
  132. kube_apiserver_insecure_port: 8080 # (http)
  134. # Internal DNS configuration.
  135. # Kubernetes can create and mainatain its own DNS server to resolve service names
  136. # into appropriate IP addresses. It's highly advisable to run such DNS server,
  137. # as it greatly simplifies configuration of your applications - you can use
  138. # service names instead of magic environment variables.
  139. # You still must manually configure all your containers to use this DNS server,
  140. # Kubernetes won't do this for you (yet).
  142. # Do not install additional dnsmasq
  143. skip_dnsmasq: false
  144. # Upstream dns servers used by dnsmasq
  145. #upstream_dns_servers:
  146. # - 8.8.8.8
  147. # - 8.8.4.4
  148. #
  149. # # Use dns server : https://github.com/ansibl8s/k8s-skydns/blob/master/skydns-README.md
  150. dns_setup: true
  151. dns_domain: "{{ cluster_name }}"
  152. #
  153. # # Ip address of the kubernetes skydns service
  154. skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
  155. dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
  157. # There are some changes specific to the cloud providers
  158. # for instance we need to encapsulate packets with some network plugins
  159. # If set the possible values are either 'gce', 'aws', 'azure' or 'openstack'
  160. # When openstack is used make sure to source in the openstack credentials
  161. # like you would do when using nova-client before starting the playbook.
  162. # When azure is used, you need to also set the following variables.
  163. # cloud_provider:
  165. # see docs/azure.md for details on how to get these values
  166. #azure_tenant_id:
  167. #azure_subscription_id:
  168. #azure_aad_client_id:
  169. #azure_aad_client_secret:
  170. #azure_resource_group:
  171. #azure_location:
  172. #azure_subnet_name:
  173. #azure_security_group_name:
  174. #azure_vnet_name:
  175. #azure_route_table_name:
  178. ## Set these proxy values in order to update docker daemon to use proxies
  179. # http_proxy: ""
  180. # https_proxy: ""
  181. # no_proxy: ""
  183. # Path used to store Docker data
  184. docker_daemon_graph: "/var/lib/docker"
  186. ## A string of extra options to pass to the docker daemon.
  187. ## This string should be exactly as you wish it to appear.
  188. ## An obvious use case is allowing insecure-registry access
  189. ## to self hosted registries like so:
  190. docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }}"
  192. ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
  193. ## Please note that overlay2 is only supported on newer kernels
  194. #docker_storage_options: -s overlay2
  196. # K8s image pull policy (imagePullPolicy)
  197. k8s_image_pull_policy: IfNotPresent
  199. # default packages to install within the cluster
  200. kpm_packages: []
  201. # - name: kube-system/grafana