Smaine Kahlouch
8 years ago
19 changed files with 365 additions and 88 deletions
Split View
Diff Options
-
8roles/download/defaults/main.yml
-
2roles/etcd/tasks/configure.yml
-
17roles/kubernetes/master/handlers/main.yml
-
24roles/kubernetes/master/tasks/gen_kube_tokens.yml
-
71roles/kubernetes/master/tasks/main.yml
-
118roles/kubernetes/master/templates/deb-kube-apiserver.initd.j2
-
44roles/kubernetes/master/templates/kube-apiserver.j2
-
28roles/kubernetes/master/templates/kube-apiserver.service.j2
-
3roles/kubernetes/node/defaults/main.yml
-
8roles/kubernetes/node/handlers/main.yml
-
27roles/kubernetes/node/tasks/gen_calico_tokens.yml
-
48roles/kubernetes/node/tasks/gen_tokens.yml
-
3roles/kubernetes/node/tasks/install.yml
-
34roles/kubernetes/node/tasks/main.yml
-
2roles/kubernetes/node/tasks/secrets.yml
-
2roles/kubernetes/node/templates/deb-kubelet.initd.j2
-
10roles/kubernetes/node/templates/kubelet.j2
-
2roles/kubernetes/node/templates/kubelet.service.j2
-
2roles/kubernetes/node/templates/rh-kubelet.initd.j2
@ -1,14 +1,25 @@ |
|||
--- |
|||
- name: reload systemd |
|||
command: systemctl daemon-reload |
|||
|
|||
- name: restart systemd-kubelet |
|||
command: /bin/true |
|||
notify: |
|||
- reload systemd |
|||
- restart kubelet |
|||
|
|||
- name: restart systemd-kube-apiserver |
|||
command: /bin/true |
|||
notify: |
|||
- reload systemd |
|||
- restart kube-apiserver |
|||
|
|||
- name: reload systemd |
|||
command: systemctl daemon-reload |
|||
|
|||
- name: restart kubelet |
|||
service: |
|||
name: kubelet |
|||
state: restarted |
|||
|
|||
- name: restart kube-apiserver |
|||
service: |
|||
name: kube-apiserver |
|||
state: restarted |
@ -0,0 +1,24 @@ |
|||
--- |
|||
- name: tokens | generate tokens for master components |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ "system:kubectl" ] |
|||
- "{{ groups['kube-master'] }}" |
|||
register: gentoken_master |
|||
changed_when: "'Added' in gentoken_master.stdout" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
notify: restart kube-apiserver |
|||
|
|||
- name: tokens | generate tokens for node components |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ 'system:kubelet' ] |
|||
- "{{ groups['kube-node'] }}" |
|||
register: gentoken_node |
|||
changed_when: "'Added' in gentoken_node.stdout" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
notify: restart kube-apiserver |
@ -0,0 +1,118 @@ |
|||
#!/bin/bash |
|||
# |
|||
### BEGIN INIT INFO |
|||
# Provides: kube-apiserver |
|||
# Required-Start: $local_fs $network $syslog |
|||
# Required-Stop: |
|||
# Default-Start: 2 3 4 5 |
|||
# Default-Stop: 0 1 6 |
|||
# Short-Description: The Kubernetes apiserver |
|||
# Description: |
|||
# The Kubernetes apiserver. |
|||
### END INIT INFO |
|||
|
|||
|
|||
# PATH should only include /usr/* if it runs after the mountnfs.sh script |
|||
PATH=/sbin:/usr/sbin:/bin:/usr/bin |
|||
DESC="The Kubernetes apiserver" |
|||
NAME=kube-apiserver |
|||
DAEMON={{ bin_dir }}/kube-apiserver |
|||
DAEMON_LOG_FILE=/var/log/$NAME.log |
|||
PIDFILE=/var/run/$NAME.pid |
|||
SCRIPTNAME=/etc/init.d/$NAME |
|||
DAEMON_USER=root |
|||
|
|||
# Exit if the package is not installed |
|||
[ -x "$DAEMON" ] || exit 0 |
|||
|
|||
# Read configuration variable file if it is present |
|||
[ -r /etc/kubernetes/$NAME.env ] && . /etc/kubernetes/$NAME.env |
|||
|
|||
# Define LSB log_* functions. |
|||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present |
|||
# and status_of_proc is working. |
|||
. /lib/lsb/init-functions |
|||
|
|||
# |
|||
# Function that starts the daemon/service |
|||
# |
|||
do_start() |
|||
{ |
|||
# Return |
|||
# 0 if daemon has been started |
|||
# 1 if daemon was already running |
|||
# 2 if daemon could not be started |
|||
start-stop-daemon --start --quiet --background --no-close \ |
|||
--make-pidfile --pidfile $PIDFILE \ |
|||
--exec $DAEMON -c $DAEMON_USER --test > /dev/null \ |
|||
|| return 1 |
|||
start-stop-daemon --start --quiet --background --no-close \ |
|||
--make-pidfile --pidfile $PIDFILE \ |
|||
--exec $DAEMON -c $DAEMON_USER -- \ |
|||
$DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ |
|||
|| return 2 |
|||
} |
|||
|
|||
# |
|||
# Function that stops the daemon/service |
|||
# |
|||
do_stop() |
|||
{ |
|||
# Return |
|||
# 0 if daemon has been stopped |
|||
# 1 if daemon was already stopped |
|||
# 2 if daemon could not be stopped |
|||
# other if a failure occurred |
|||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME |
|||
RETVAL="$?" |
|||
[ "$RETVAL" = 2 ] && return 2 |
|||
# Many daemons don't delete their pidfiles when they exit. |
|||
rm -f $PIDFILE |
|||
return "$RETVAL" |
|||
} |
|||
|
|||
|
|||
case "$1" in |
|||
start) |
|||
log_daemon_msg "Starting $DESC" "$NAME" |
|||
do_start |
|||
case "$?" in |
|||
0|1) log_end_msg 0 || exit 0 ;; |
|||
2) log_end_msg 1 || exit 1 ;; |
|||
esac |
|||
;; |
|||
stop) |
|||
log_daemon_msg "Stopping $DESC" "$NAME" |
|||
do_stop |
|||
case "$?" in |
|||
0|1) log_end_msg 0 ;; |
|||
2) exit 1 ;; |
|||
esac |
|||
;; |
|||
status) |
|||
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? |
|||
;; |
|||
|
|||
restart|force-reload) |
|||
log_daemon_msg "Restarting $DESC" "$NAME" |
|||
do_stop |
|||
case "$?" in |
|||
0|1) |
|||
do_start |
|||
case "$?" in |
|||
0) log_end_msg 0 ;; |
|||
1) log_end_msg 1 ;; # Old process is still running |
|||
*) log_end_msg 1 ;; # Failed to start |
|||
esac |
|||
;; |
|||
*) |
|||
# Failed to stop |
|||
log_end_msg 1 |
|||
;; |
|||
esac |
|||
;; |
|||
*) |
|||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 |
|||
exit 3 |
|||
;; |
|||
esac |
@ -0,0 +1,44 @@ |
|||
### |
|||
# kubernetes system config |
|||
# |
|||
# The following values are used to configure the kube-apiserver |
|||
|
|||
{% if init_system == "sysvinit" %} |
|||
# Logging directory |
|||
KUBE_LOGGING="--log-dir={{ kube_log_dir }} --logtostderr=true" |
|||
{% else %} |
|||
# logging to stderr means we get it in the systemd journal |
|||
KUBE_LOGGING="--logtostderr=true" |
|||
{% endif %} |
|||
|
|||
# Apiserver Log level, 0 is debug |
|||
KUBE_LOG_LEVEL="{{ kube_log_level | default('--v=2') }}" |
|||
|
|||
# Should this cluster be allowed to run privileged docker containers |
|||
KUBE_ALLOW_PRIV="--allow_privileged=true" |
|||
|
|||
# The port on the local server to listen on. |
|||
KUBE_API_PORT="--insecure-port={{kube_apiserver_insecure_port}} --secure-port={{ kube_apiserver_port }}" |
|||
|
|||
# Address range to use for services |
|||
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range={{ kube_service_addresses }}" |
|||
|
|||
# Location of the etcd cluster |
|||
KUBE_ETCD_SERVERS="--etcd_servers={% for host in groups['etcd'] %}http://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:2379{% if not loop.last %},{% endif %}{% endfor %}" |
|||
|
|||
# default admission control policies |
|||
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" |
|||
|
|||
# RUNTIME API CONFIGURATION (e.g. enable extensions) |
|||
KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}" |
|||
|
|||
# TLS CONFIGURATION |
|||
KUBE_TLS_CONFIG="--tls_cert_file={{ kube_cert_dir }}/apiserver.pem --tls_private_key_file={{ kube_cert_dir }}/apiserver-key.pem --client_ca_file={{ kube_cert_dir }}/ca.pem" |
|||
|
|||
# Add you own! |
|||
KUBE_API_ARGS="--token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/apiserver-key.pem" |
|||
|
|||
{% if init_system == "sysvinit" %} |
|||
DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBE_API_PORT $KUBE_SERVICE_ADDRESSES \ |
|||
$KUBE_ETCD_SERVERS $KUBE_ADMISSION_CONTROL $KUBE_RUNTIME_CONFIG $KUBE_TLS_CONFIG $KUBE_API_ARGS" |
|||
{% endif %} |
@ -0,0 +1,28 @@ |
|||
[Unit] |
|||
Description=Kubernetes API Server |
|||
Documentation=https://github.com/GoogleCloudPlatform/kubernetes |
|||
Requires=kube-apiserver.service |
|||
After=kube-apiserver.service |
|||
|
|||
[Service] |
|||
EnvironmentFile=/etc/kubernetes/kube-apiserver.env |
|||
User=kube |
|||
ExecStart={{ bin_dir }}/kube-apiserver \ |
|||
$KUBE_LOGTOSTDERR \ |
|||
$KUBE_LOG_LEVEL \ |
|||
$KUBE_ETCD_SERVERS \ |
|||
$KUBE_API_ADDRESS \ |
|||
$KUBE_API_PORT \ |
|||
$KUBELET_PORT \ |
|||
$KUBE_ALLOW_PRIV \ |
|||
$KUBE_SERVICE_ADDRESSES \ |
|||
$KUBE_ADMISSION_CONTROL \ |
|||
$KUBE_RUNTIME_CONFIG \ |
|||
$KUBE_TLS_CONFIG \ |
|||
$KUBE_API_ARGS |
|||
Restart=on-failure |
|||
Type=notify |
|||
LimitNOFILE=65536 |
|||
|
|||
[Install] |
|||
WantedBy=multi-user.target |
@ -0,0 +1,27 @@ |
|||
--- |
|||
- name: tokens | copy the token gen script |
|||
copy: |
|||
src=kube-gen-token.sh |
|||
dest={{ kube_script_dir }} |
|||
mode=u+x |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: tokens | generate tokens for calico |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ "system:calico" ] |
|||
- "{{ groups['k8s-cluster'] }}" |
|||
register: gentoken_calico |
|||
changed_when: "'Added' in gentoken_calico.stdout" |
|||
when: kube_network_plugin == "calico" |
|||
delegate_to: "{{ groups['kube-master'][0] }}" |
|||
notify: set is_gentoken_calico fact |
|||
|
|||
- name: tokens | get the calico token values |
|||
slurp: |
|||
src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token" |
|||
register: calico_token |
|||
when: kube_network_plugin == "calico" |
|||
delegate_to: "{{ groups['kube-master'][0] }}" |
@ -1,48 +0,0 @@ |
|||
--- |
|||
- name: tokens | copy the token gen script |
|||
copy: |
|||
src=kube-gen-token.sh |
|||
dest={{ kube_script_dir }} |
|||
mode=u+x |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: tokens | generate tokens for master components |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ "system:kubectl" ] |
|||
- "{{ groups['kube-master'] }}" |
|||
register: gentoken |
|||
changed_when: "'Added' in gentoken.stdout" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: tokens | generate tokens for node components |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ 'system:kubelet' ] |
|||
- "{{ groups['kube-node'] }}" |
|||
register: gentoken |
|||
changed_when: "'Added' in gentoken.stdout" |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: tokens | generate tokens for calico |
|||
command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}" |
|||
environment: |
|||
TOKEN_DIR: "{{ kube_token_dir }}" |
|||
with_nested: |
|||
- [ "system:calico" ] |
|||
- "{{ groups['k8s-cluster'] }}" |
|||
register: gentoken |
|||
changed_when: "'Added' in gentoken.stdout" |
|||
when: kube_network_plugin == "calico" |
|||
delegate_to: "{{ groups['kube-master'][0] }}" |
|||
|
|||
- name: tokens | get the calico token values |
|||
slurp: |
|||
src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token" |
|||
register: calico_token |
|||
when: kube_network_plugin == "calico" |
|||
delegate_to: "{{ groups['kube-master'][0] }}" |
Write
Preview
Loading…
Cancel
Save