richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1043 Commits
30 Branches
81 Tags
149 MiB
Tree: 4e34803b1e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4e34803b1e'
${ noResults }
kubespray/docs/ansible.md

111 lines
4.2 KiB
Raw Normal View History

add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
  1. Ansible variables
  2. ===============
  5. Inventory
  6. -------------
  7. The inventory is composed of 3 groups:
  9. * **kube-node** : list of kubernetes nodes where the pods will run.
  10. * **kube-master** : list of servers where kubernetes master components (apiserver, scheduler, controller) will run.
  11. Note: if you want the server to act both as master and node the server must be defined on both groups _kube-master_ and _kube-node_
  12. * **etcd**: list of server to compose the etcd server. you should have at least 3 servers for failover purposes.
  14. Below is a complete inventory example:
  16. ```
  17. ## Configure 'ip' variable to bind kubernetes services on a
  18. ## different ip than the default iface
  19. node1 ansible_ssh_host=95.54.0.12 # ip=10.3.0.1
  20. node2 ansible_ssh_host=95.54.0.13 # ip=10.3.0.2
  21. node3 ansible_ssh_host=95.54.0.14 # ip=10.3.0.3
  22. node4 ansible_ssh_host=95.54.0.15 # ip=10.3.0.4
  23. node5 ansible_ssh_host=95.54.0.16 # ip=10.3.0.5
  24. node6 ansible_ssh_host=95.54.0.17 # ip=10.3.0.6
  26. [kube-master]
  27. node1
  28. node2
  30. [etcd]
  31. node1
  32. node2
  33. node3
  35. [kube-node]
  36. node2
  37. node3
  38. node4
  39. node5
  40. node6
  42. [k8s-cluster:children]
  43. kube-node
  44. kube-master
  45. etcd
  46. ```
  48. Group vars
  49. --------------
  50. The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
  52. Ansible tags
  53. ------------
  55. The following tags are defined in playbooks:
  57. | Tag name | Used for
  58. |--------------------------|---------
  59. | apps | K8s apps definitions
  60. | azure | Cloud-provider Azure
  61. | bootstrap-os | Anything related to host OS configuration
  62. | calico | Network plugin Calico
  63. | canal | Network plugin Canal
  64. | cloud-provider | Cloud-provider related tasks
  65. | dnsmasq | Configuring DNS stack for hosts and K8s apps
  66. | docker | Configuring docker for hosts
  67. | download | Fetching container images
  68. | etcd | Configuring etcd cluster
  69. | etcd-pre-upgrade | Upgrading etcd cluster
  70. | etcd-secrets | Configuring etcd certs/keys
  71. | etchosts | Configuring /etc/hosts entries for hosts
  72. | facts | Gathering facts and misc check results
  73. | flannel | Network plugin flannel
  74. | gce | Cloud-provider GCP
  75. | hyperkube | Manipulations with K8s hyperkube image
  76. | k8s-pre-upgrade | Upgrading K8s cluster
  77. | k8s-secrets | Configuring K8s certs/keys
  78. | kpm | Installing K8s apps definitions with KPM
  79. | kube-apiserver | Configuring self-hosted kube-apiserver
  80. | kube-controller-manager | Configuring self-hosted kube-controller-manager
  81. | kubectl | Installing kubectl and bash completion
  82. | kubelet | Configuring kubelet service
  83. | kube-proxy | Configuring self-hosted kube-proxy
  84. | kube-scheduler | Configuring self-hosted kube-scheduler
  85. | master | Configuring K8s master node role
  86. | netchecker | Installing netchecker K8s app
  87. | network | Configuring networking plugins for K8s
  88. | nginx | Configuring LB for kube-apiserver instances
  89. | node | Configuring K8s minion (compute) node role
  90. | openstack | Cloud-provider OpenStack
  91. | preinstall | Preliminary configuration steps
  92. | resolvconf | Configuring /etc/resolv.conf for hosts/apps
  93. | upgrade | Upgrading, f.e. container images/binaries
  94. | weave | Network plugin Weave
  96. Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
  97. tags found in the codebase. New tags will be listed with the empty "Used for"
  98. field.
  100. Example command to filter and apply only DNS configuration tasks and skip
  101. everything else related to host OS configuration and downloading images of containers:
  103. ```
  104. ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
  105. ```
  106. And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
  107. ```
  108. ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
  109. ```
  111. Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.