Browse Source
Upgrade kubernetes to v1.13.0 (#3810)
Upgrade kubernetes to v1.13.0 (#3810)
* Upgrade kubernetes to v1.13.0 * Remove all precense of scheduler.alpha.kubernetes.io/critical-pod in templates * Fix cert dir * Use kubespray v2.8 as baseline for gitlabpull/3839/head
Rong Zhang
6 years ago
committed by
Kubernetes Prow Robot
Kubernetes Prow Robot
35 changed files with 325 additions and 77 deletions
Split View
Diff Options
-
6.gitlab-ci.yml
-
2README.md
-
2inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
-
1roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
-
4roles/download/defaults/main.yml
-
1roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
-
1roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
-
2roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/templates/k8s-device-plugin-nvidia-daemonset.yml.j2
-
2roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/templates/nvidia-driver-install-daemonset.yml.j2
-
1roles/kubernetes-apps/metrics_server/templates/metrics-server-deployment.yaml.j2
-
2roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
-
9roles/kubernetes/kubeadm/tasks/main.yml
-
2roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha1.j2
-
2roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
-
2roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
-
27roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
-
18roles/kubernetes/master/tasks/kubeadm-setup.yml
-
7roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
-
7roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
-
7roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
-
258roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
-
2roles/kubespray-defaults/defaults/main.yaml
-
1roles/network_plugin/calico/templates/calico-node.yml.j2
-
3roles/network_plugin/canal/templates/canal-node.yaml.j2
-
6roles/network_plugin/cilium/templates/cilium-ds.yml.j2
-
3roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
-
3roles/network_plugin/contiv/templates/contiv-cleanup.yml.j2
-
2roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
-
2roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
-
3roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
-
3roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
-
3roles/network_plugin/contiv/templates/contiv-ovs.yml.j2
-
3roles/network_plugin/flannel/templates/cni-flannel.yml.j2
-
2roles/network_plugin/kube-router/templates/kube-router.yml.j2
-
3roles/network_plugin/weave/templates/weave-net.yml.j2
@ -0,0 +1,27 @@ |
|||
apiVersion: kubeadm.k8s.io/v1beta1 |
|||
kind: JoinConfiguration |
|||
discovery: |
|||
bootstrapToken: |
|||
{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %} |
|||
apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} |
|||
{% else %} |
|||
apiServerEndpoint: {{ kubeadm_discovery_address | replace("https://", "")}} |
|||
{% endif %} |
|||
token: {{ kubeadm_token }} |
|||
unsafeSkipCAVerification: true |
|||
timeout: {{ discovery_timeout }} |
|||
tlsBootstrapToken: {{ kubeadm_token }} |
|||
{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %} |
|||
controlPlane: |
|||
localAPIEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} |
|||
{% endif %} |
|||
caCertPath: {{ kube_cert_dir }}/ca.crt |
|||
nodeRegistration: |
|||
name: {{ inventory_hostname }} |
|||
{% if container_manager == 'crio' %} |
|||
criSocket: /var/run/crio/crio.sock |
|||
{% elif container_manager == 'rkt' %} |
|||
criSocket: /var/run/rkt.sock |
|||
{% else %} |
|||
criSocket: /var/run/dockershim.sock |
|||
{% endif %} |
|||
@ -0,0 +1,258 @@ |
|||
apiVersion: kubeadm.k8s.io/v1beta1 |
|||
kind: InitConfiguration |
|||
localAPIEndpoint: |
|||
advertiseAddress: {{ ip | default(ansible_default_ipv4.address) }} |
|||
bindPort: {{ kube_apiserver_port }} |
|||
nodeRegistration: |
|||
{% if kube_override_hostname|default('') %} |
|||
name: {{ kube_override_hostname }} |
|||
{% endif %} |
|||
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %} |
|||
taints: |
|||
- key: "kubeadmNode" |
|||
value: "master" |
|||
effect: "NoSchedule" |
|||
{% endif %} |
|||
{% if container_manager == 'crio' %} |
|||
criSocket: /var/run/crio/crio.sock |
|||
{% elif container_manager == 'rkt' %} |
|||
criSocket: /var/run/rkt.sock |
|||
{% else %} |
|||
criSocket: /var/run/dockershim.sock |
|||
{% endif %} |
|||
--- |
|||
apiVersion: kubeadm.k8s.io/v1beta1 |
|||
kind: ClusterConfiguration |
|||
clusterName: {{ cluster_name }} |
|||
etcd: |
|||
external: |
|||
endpoints: |
|||
{% for endpoint in etcd_access_addresses.split(',') %} |
|||
- {{ endpoint }} |
|||
{% endfor %} |
|||
caFile: {{ etcd_cert_dir }}/ca.pem |
|||
certFile: {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem |
|||
keyFile: {{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem |
|||
networking: |
|||
dnsDomain: {{ dns_domain }} |
|||
serviceSubnet: {{ kube_service_addresses }} |
|||
podSubnet: {{ kube_pods_subnet }} |
|||
podNetworkCidr: "{{ kube_network_node_prefix }}" |
|||
kubernetesVersion: {{ kube_version }} |
|||
{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %} |
|||
controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} |
|||
{% else %} |
|||
controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }} |
|||
{% endif %} |
|||
certificatesDir: {{ kube_cert_dir }} |
|||
imageRepository: {{ kube_image_repo }} |
|||
UseHyperKubeImage: false |
|||
apiServer: |
|||
extraArgs: |
|||
authorization-mode: {{ authorization_modes | join(',') }} |
|||
bind-address: {{ kube_apiserver_bind_address }} |
|||
{% if kube_apiserver_insecure_port|string != "0" %} |
|||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }} |
|||
{% endif %} |
|||
insecure-port: "{{ kube_apiserver_insecure_port }}" |
|||
{% if kube_version is version('v1.10', '<') %} |
|||
admission-control: {{ kube_apiserver_admission_control | join(',') }} |
|||
{% else %} |
|||
{% if kube_apiserver_enable_admission_plugins|length > 0 %} |
|||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }} |
|||
{% endif %} |
|||
{% if kube_apiserver_disable_admission_plugins|length > 0 %} |
|||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }} |
|||
{% endif %} |
|||
{% endif %} |
|||
apiserver-count: "{{ kube_apiserver_count }}" |
|||
{% if kube_version is version('v1.9', '>=') %} |
|||
endpoint-reconciler-type: lease |
|||
{% endif %} |
|||
storage-backend: etcd3 |
|||
{% if etcd_events_cluster_enabled %} |
|||
etcd-servers-overrides: "/events#{{ etcd_events_access_addresses }}" |
|||
{% endif %} |
|||
service-node-port-range: {{ kube_apiserver_node_port_range }} |
|||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}" |
|||
{% if kube_basic_auth|default(true) %} |
|||
basic-auth-file: {{ kube_users_dir }}/known_users.csv |
|||
{% endif %} |
|||
{% if kube_token_auth|default(true) %} |
|||
token-auth-file: {{ kube_token_dir }}/known_tokens.csv |
|||
{% endif %} |
|||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} |
|||
oidc-issuer-url: {{ kube_oidc_url }} |
|||
oidc-client-id: {{ kube_oidc_client_id }} |
|||
{% if kube_oidc_ca_file is defined %} |
|||
oidc-ca-file: {{ kube_oidc_ca_file }} |
|||
{% endif %} |
|||
{% if kube_oidc_username_claim is defined %} |
|||
oidc-username-claim: {{ kube_oidc_username_claim }} |
|||
{% endif %} |
|||
{% if kube_oidc_groups_claim is defined %} |
|||
oidc-groups-claim: {{ kube_oidc_groups_claim }} |
|||
{% endif %} |
|||
{% endif %} |
|||
{% if kube_encrypt_secret_data %} |
|||
encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml |
|||
{% endif %} |
|||
storage-backend: {{ kube_apiserver_storage_backend }} |
|||
{% if kube_api_runtime_config is defined %} |
|||
runtime-config: {{ kube_api_runtime_config | join(',') }} |
|||
{% endif %} |
|||
allow-privileged: "true" |
|||
{% if kubernetes_audit %} |
|||
audit-log-path: "{{ audit_log_path }}" |
|||
audit-log-maxage: "{{ audit_log_maxage }}" |
|||
audit-log-maxbackup: "{{ audit_log_maxbackups }}" |
|||
audit-log-maxsize: "{{ audit_log_maxsize }}" |
|||
audit-policy-file: {{ audit_policy_file }} |
|||
{% endif %} |
|||
{% for key in kube_kubeadm_apiserver_extra_args %} |
|||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}" |
|||
{% endfor %} |
|||
{% if kube_feature_gates %} |
|||
feature-gates: {{ kube_feature_gates|join(',') }} |
|||
{% endif %} |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} |
|||
cloud-provider: {{cloud_provider}} |
|||
cloud-config: {{ kube_config_dir }}/cloud_config |
|||
{% elif cloud_provider is defined and cloud_provider in ["external"] %} |
|||
cloud-config: {{ kube_config_dir }}/cloud_config |
|||
{% endif %} |
|||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %} |
|||
extraVolumes: |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} |
|||
- name: cloud-config |
|||
hostPath: {{ kube_config_dir }}/cloud_config |
|||
mountPath: {{ kube_config_dir }}/cloud_config |
|||
{% endif %} |
|||
{% if kube_basic_auth|default(true) %} |
|||
- name: basic-auth-config |
|||
hostPath: {{ kube_users_dir }} |
|||
mountPath: {{ kube_users_dir }} |
|||
{% endif %} |
|||
{% if kube_token_auth|default(true) %} |
|||
- name: token-auth-config |
|||
hostPath: {{ kube_token_dir }} |
|||
mountPath: {{ kube_token_dir }} |
|||
{% endif %} |
|||
{% if kubernetes_audit %} |
|||
- name: {{ audit_policy_name }} |
|||
hostPath: {{ audit_policy_hostpath }} |
|||
mountPath: {{ audit_policy_mountpath }} |
|||
{% if audit_log_path != "-" %} |
|||
- name: {{ audit_log_name }} |
|||
hostPath: {{ audit_log_hostpath }} |
|||
mountPath: {{ audit_log_mountpath }} |
|||
writable: true |
|||
{% endif %} |
|||
{% endif %} |
|||
{% for volume in apiserver_extra_volumes %} |
|||
- name: {{ volume.name }} |
|||
hostPath: {{ volume.hostPath }} |
|||
mountPath: {{ volume.mountPath }} |
|||
writable: {{ volume.writable | default(false)}} |
|||
{% endfor %} |
|||
{% endif %} |
|||
certSANs: |
|||
{% for san in apiserver_sans.split(' ') | unique %} |
|||
- {{ san }} |
|||
{% endfor %} |
|||
timeoutForControlPlane: 5m0s |
|||
controllerManager: |
|||
extraArgs: |
|||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} |
|||
node-monitor-period: {{ kube_controller_node_monitor_period }} |
|||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }} |
|||
{% if kube_feature_gates %} |
|||
feature-gates: {{ kube_feature_gates|join(',') }} |
|||
{% endif %} |
|||
{% for key in kube_kubeadm_controller_extra_args %} |
|||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" |
|||
{% endfor %} |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} |
|||
cloud-provider: {{cloud_provider}} |
|||
cloud-config: {{ kube_config_dir }}/cloud_config |
|||
{% elif cloud_provider is defined and cloud_provider in ["external"] %} |
|||
cloud-config: {{ kube_config_dir }}/cloud_config |
|||
{% endif %} |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %} |
|||
extraVolumes: |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %} |
|||
- name: openstackcacert |
|||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" |
|||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" |
|||
{% endif %} |
|||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} |
|||
- name: cloud-config |
|||
hostPath: {{ kube_config_dir }}/cloud_config |
|||
mountPath: {{ kube_config_dir }}/cloud_config |
|||
{% endif %} |
|||
{% for volume in controller_manager_extra_volumes %} |
|||
- name: {{ volume.name }} |
|||
hostPath: {{ volume.hostPath }} |
|||
mountPath: {{ volume.mountPath }} |
|||
writable: {{ volume.writable | default(false)}} |
|||
{% endfor %} |
|||
{% endif %} |
|||
scheduler: |
|||
extraArgs: |
|||
{% if kube_feature_gates %} |
|||
feature-gates: {{ kube_feature_gates|join(',') }} |
|||
{% endif %} |
|||
{% if kube_kubeadm_scheduler_extra_args|length > 0 %} |
|||
{% for key in kube_kubeadm_scheduler_extra_args %} |
|||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" |
|||
{% endfor %} |
|||
{% endif %} |
|||
extraVolumes: |
|||
{% if scheduler_extra_volumes %} |
|||
extraVolumes: |
|||
{% for volume in scheduler_extra_volumes %} |
|||
- name: {{ volume.name }} |
|||
hostPath: {{ volume.hostPath }} |
|||
mountPath: {{ volume.mountPath }} |
|||
writable: {{ volume.writable | default(false)}} |
|||
{% endfor %} |
|||
{% endif %} |
|||
--- |
|||
apiVersion: kubeproxy.config.k8s.io/v1alpha1 |
|||
kind: KubeProxyConfiguration |
|||
bindAddress: 0.0.0.0 |
|||
clientConnection: |
|||
acceptContentTypes: "" |
|||
burst: 10 |
|||
contentType: application/vnd.kubernetes.protobuf |
|||
kubeconfig: /var/lib/kube-proxy/kubeconfig.conf |
|||
qps: 5 |
|||
clusterCIDR: "" |
|||
configSyncPeriod: 15m0s |
|||
conntrack: |
|||
max: null |
|||
maxPerCore: 32768 |
|||
min: 131072 |
|||
tcpCloseWaitTimeout: 1h0m0s |
|||
tcpEstablishedTimeout: 24h0m0s |
|||
enableProfiling: false |
|||
healthzBindAddress: 0.0.0.0:10256 |
|||
iptables: |
|||
masqueradeAll: false |
|||
masqueradeBit: 14 |
|||
minSyncPeriod: 0s |
|||
syncPeriod: 30s |
|||
ipvs: |
|||
excludeCIDRs: null |
|||
minSyncPeriod: 0s |
|||
scheduler: "" |
|||
syncPeriod: 30s |
|||
metricsBindAddress: 127.0.0.1:10249 |
|||
mode: {{ kube_proxy_mode }} |
|||
{% if kube_proxy_nodeport_addresses %} |
|||
nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}] |
|||
{% endif %} |
|||
oomScoreAdj: -999 |
|||
portRange: "" |
|||
resourceContainer: "" |
|||
udpIdleTimeout: 250ms |
|||
Write
Preview
Loading…
Cancel
Save