richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1034 Commits
29 Branches
81 Tags
150 MiB
Tree: 6e080cd9b0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6e080cd9b0'
${ noResults }
kubespray/docs/ansible.md

110 lines
4.2 KiB
Raw Normal View History

add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
add documentation
8 years ago
Add tags Add tags to allow more granular tasks filtering. Add generator script for MD formatted tags found. Add docs for tags how-to. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
  1. Ansible variables
  2. ===============
  5. Inventory
  6. -------------
  7. The inventory is composed of 3 groups:
  9. * **kube-node** : list of kubernetes nodes where the pods will run.
  10. * **kube-master** : list of servers where kubernetes master components (apiserver, scheduler, controller) will run.
  11. Note: if you want the server to act both as master and node the server must be defined on both groups _kube-master_ and _kube-node_
  12. * **etcd**: list of server to compose the etcd server. you should have at least 3 servers for failover purposes.
  14. Below is a complete inventory example:
  16. ```
  17. ## Configure 'ip' variable to bind kubernetes services on a
  18. ## different ip than the default iface
  19. node1 ansible_ssh_host=95.54.0.12 # ip=10.3.0.1
  20. node2 ansible_ssh_host=95.54.0.13 # ip=10.3.0.2
  21. node3 ansible_ssh_host=95.54.0.14 # ip=10.3.0.3
  22. node4 ansible_ssh_host=95.54.0.15 # ip=10.3.0.4
  23. node5 ansible_ssh_host=95.54.0.16 # ip=10.3.0.5
  24. node6 ansible_ssh_host=95.54.0.17 # ip=10.3.0.6
  26. [kube-master]
  27. node1
  28. node2
  30. [etcd]
  31. node1
  32. node2
  33. node3
  35. [kube-node]
  36. node2
  37. node3
  38. node4
  39. node5
  40. node6
  42. [k8s-cluster:children]
  43. kube-node
  44. kube-master
  45. etcd
  46. ```
  48. Group vars
  49. --------------
  50. The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
  52. Ansible tags
  53. ------------
  55. The following tags are defined in playbooks:
  57. | Tag name | Used for
  58. |--------------------------|---------
  59. | apps | K8s apps definitions
  60. | azure | Cloud-provider Azure
  61. | bootstrap-os | Anything related to host OS configuration
  62. | calico | Network plugin Calico
  63. | canal | Network plugin Canal
  64. | cloud-provider | Cloud-provider related tasks
  65. | dnsmasq | Configuring DNS stack for hosts and K8s apps
  66. | download | Fetching container images
  67. | etcd | Configuring etcd cluster
  68. | etcd-pre-upgrade | Upgrading etcd cluster
  69. | etcd-secrets | Configuring etcd certs/keys
  70. | etchosts | Configuring /etc/hosts entries for hosts
  71. | facts | Gathering facts and misc check results
  72. | flannel | Network plugin flannel
  73. | gce | Cloud-provider GCP
  74. | hyperkube | Manipulations with K8s hyperkube image
  75. | k8s-pre-upgrade | Upgrading K8s cluster
  76. | k8s-secrets | Configuring K8s certs/keys
  77. | kpm | Installing K8s apps definitions with KPM
  78. | kube-apiserver | Configuring self-hosted kube-apiserver
  79. | kube-controller-manager | Configuring self-hosted kube-controller-manager
  80. | kubectl | Installing kubectl and bash completion
  81. | kubelet | Configuring kubelet service
  82. | kube-proxy | Configuring self-hosted kube-proxy
  83. | kube-scheduler | Configuring self-hosted kube-scheduler
  84. | master | Configuring K8s master node role
  85. | netchecker | Installing netchecker K8s app
  86. | network | Configuring networking plugins for K8s
  87. | nginx | Configuring LB for kube-apiserver instances
  88. | node | Configuring K8s minion (compute) node role
  89. | openstack | Cloud-provider OpenStack
  90. | preinstall | Preliminary configuration steps
  91. | resolvconf | Configuring /etc/resolv.conf for hosts/apps
  92. | upgrade | Upgrading, f.e. container images/binaries
  93. | weave | Network plugin Weave
  95. Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
  96. tags found in the codebase. New tags will be listed with the empty "Used for"
  97. field.
  99. Example command to filter and apply only DNS configuration tasks and skip
  100. everything else related to host OS configuration and downloading images of containers:
  102. ```
  103. ansible-playbook -i inventory/inventory.ini cluster.yml --tags preinstall,dnsmasq,facts --skip-tags=download,bootstrap-os
  104. ```
  105. And this play only removes the K8s cluster DNS resolver IP from hosts' /etc/resolv.conf files:
  106. ```
  107. ansible-playbook -i inventory/inventory.ini -e dns_server='' cluster.yml --tags resolvconf
  108. ```
  110. Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you're doing.