weave network plugin

roles/download/defaults/main.yml

@@ -13,11 +13,13 @@ etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_ver
 calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download/{{calico_version}}/calicoctl"
 calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
 calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
+weave_download_url: "http://git.io/weave"
 
 # Checksums
 calico_checksum: "cfbbcad4b3b7d79be9a25bcdc153ec1d139eecd54840914a363b0710eebc5c51"
 calico_cni_checksum: "cfbb95d4416cb65845a188f3bd991fff232bd5ce3463b2919d586ab77967aecd"
 calico_cni_ipam_checksum: "93ebf8756b26314e1e3f612f1e824418cbb0a8df2942664422e697bcb109fbb2"
+weave_checksum: "152942c330f87ab475d87d9311b91674b90f25ea685bd4e04e0495d5fe09a957"
 etcd_checksum: "6c4e5cdeaaac1a70b8f06b5dd6b82c37ff19993c9bca81248975610e555c4b9b"
 kubectl_checksum: "873ba19926d17a3287dc8639ea1434fe3cd0cb4e61d82101ba754922cfc7a633"
 kubelet_checksum: "f2d1eae3fa6e304f6cbc9b2621e4b86fc3bcb4e74a15d35f58bf00e45c706e0a"
@@ -45,6 +47,13 @@ downloads:
     owner: "root"
     mode: "0755"
 
+  - name: weave
+    dest: weave/bin/weave
+    url: "{{weave_download_url}}"
+    sha256: "{{ weave_checksum }}"
+    owner: "root"
+    mode: "0755"
+
   - name: etcd
     dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
     sha256: "{{ etcd_checksum }}"

roles/kubernetes/node/templates/kubelet.j2

@@ -25,10 +25,12 @@ KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ k
 {% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
 KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d"
+{% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
+DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow_privileged=true"
 {% if init_system == "sysvinit" %}
 DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
-$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN"
+$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN"
 {% endif %}

roles/kubernetes/node/templates/kubelet.service.j2

@@ -10,16 +10,17 @@ After=docker.service
 [Service]
 EnvironmentFile=/etc/kubernetes/kubelet.env
 ExecStart={{ bin_dir }}/kubelet \
-	    $KUBE_LOGTOSTDERR \
-	    $KUBE_LOG_LEVEL \
-	    $KUBELET_API_SERVER \
-	    $KUBELET_ADDRESS \
-	    $KUBELET_PORT \
-	    $KUBELET_HOSTNAME \
-	    $KUBE_ALLOW_PRIV \
-	    $KUBELET_ARGS \
-	    $KUBELET_REGISTER_NODE \
-	    $KUBELET_NETWORK_PLUGIN
+		$KUBE_LOGTOSTDERR \
+		$KUBE_LOG_LEVEL \
+		$KUBELET_API_SERVER \
+		$KUBELET_ADDRESS \
+		$KUBELET_PORT \
+		$KUBELET_HOSTNAME \
+		$KUBE_ALLOW_PRIV \
+		$KUBELET_ARGS \
+		$DOCKER_SOCKET \
+		$KUBELET_REGISTER_NODE \
+		$KUBELET_NETWORK_PLUGIN
 Restart=on-failure
 
 [Install]

roles/network_plugin/meta/main.yml

@@ -4,3 +4,5 @@ dependencies:
    when: kube_network_plugin == 'calico'
  - role: network_plugin/flannel
    when: kube_network_plugin == 'flannel'
+ - role: network_plugin/weave
+   when: kube_network_plugin == 'weave'

roles/network_plugin/weave/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+
+# Flannel public IP
+# The address that flannel should advertise as how to access the system
+flannel_public_ip: "{{ access_ip|default(ip|default(ansible_default_ipv4.address)) }}"
+
+## interface that should be used for flannel operations
+## This is actually an inventory node-level item
+# flannel_interface:
+
+# cloud_provider: no

roles/network_plugin/weave/handlers/main.yml

@@ -0,0 +1,48 @@
+---
+- name: restart docker
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload docker
+
+- name : reload systemd
+  shell: systemctl daemon-reload
+  when: init_system == "systemd"
+
+- name: restart weave
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload weave
+
+- name: restart weaveproxy
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload weaveproxy
+
+- name: restart weaveexpose
+  command: /bin/true
+  notify:
+    - reload systemd
+    - reload weaveexpose
+
+- name: reload docker
+  service:
+    name: docker
+    state: restarted
+
+- name: reload weave
+  service:
+    name: weave
+    state: restarted
+
+- name: reload weaveproxy
+  service:
+    name: weaveproxy
+    state: restarted
+
+- name: reload weaveexpose
+  service:
+    name: weaveexpose
+    state: restarted

roles/network_plugin/weave/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Set docker daemon options
+  template:
+    src: docker
+    dest: "/etc/default/docker"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart docker
+
+- name: Write docker.service systemd file
+  template:
+    src: systemd-docker.service
+    dest: /lib/systemd/system/docker.service
+  notify: restart docker
+  when: init_system == "systemd"
+
+- meta: flush_handlers
+
+- name: Weave | Install weave
+  command: rsync -piu "{{ local_release_dir }}/weave/bin/weave" "{{ bin_dir }}/weave"
+  changed_when: false
+
+- name: Weave | pull weave images
+  shell: "{{ bin_dir }}/weave setup"
+  changed_when: false
+
+- name: Weave | set perms
+  file: path="{{ bin_dir }}/weave" mode=0755 state=file
+
+- name: Weave | Set options
+  template:
+    src: weave.j2
+    dest: "/etc/weave.env"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart systemd-weave
+
+- name: Weave | Write weave systemd init file
+  template: src=weave.service.j2 dest=/etc/systemd/system/weave.service
+  when: init_system == "systemd"
+  notify: restart systemd-weave
+
+- name: Weave | Write weaveproxy systemd init file
+  template: src=weaveproxy.service.j2 dest=/etc/systemd/system/weaveproxy.service
+  when: init_system == "systemd"
+  notify: restart systemd-weaveproxy
+
+- name: Weave | Write weaveexpose systemd init file
+  template: src=weaveexpose.service.j2 dest=/etc/systemd/system/weaveexpose.service
+  when: init_system == "systemd"
+  notify: restart systemd-weaveexpose
+
+- name: Weave | Enable weave
+  service: name=weave enabled=yes state=started
+
+- name: Weave | Enable weaveproxy
+  service: name=weaveproxy enabled=yes state=started
+
+- name: Weave | Enable weaveexpose
+  service: name=weaveexpose enabled=yes state=started

roles/network_plugin/weave/templates/docker

@@ -0,0 +1,6 @@
+# Deployed by Ansible
+{% if init_system == "sysvinit" and kube_network_plugin == "flannel" and ansible_os_family == "Debian" %}
+DOCKER_OPTS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% elif kube_network_plugin == "flannel" %}
+OPTIONS="--bip={{ flannel_subnet }} --mtu={{ flannel_mtu }}"
+{% endif %}

roles/network_plugin/weave/templates/systemd-docker.service

@@ -0,0 +1,28 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Requires=docker.socket
+{% endif %}
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/default/docker
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/docker daemon \
+          $OPTIONS \
+          $DOCKER_STORAGE_OPTIONS \
+          $DOCKER_NETWORK_OPTIONS \
+          $INSECURE_REGISTRY
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+MountFlags=slave
+TimeoutStartSec=1min
+
+[Install]
+WantedBy=multi-user.target

roles/network_plugin/weave/templates/weave

@@ -0,0 +1,4 @@
+PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}"
+{% if weave_password is defined %}
+WEAVE_PASSWORD="{{ weave_password }}"
+{% endif %}

roles/network_plugin/weave/templates/weave.j2

@@ -0,0 +1,6 @@
+WEAVE_PEERS="{% for host in groups['k8s-cluster'] %}{{ hostvars[host]['ip'] | default( hostvars[host]['ansible_default_ipv4']['address']) }}{% if not loop.last %} {% endif %}{% endfor %}"
+WEAVEPROXY_ARGS="--rewrite-inspect --without-dns"
+WEAVE_SUBNET="--ipalloc-range {{ kube_pods_subnet }}"
+{% if weave_password is defined %}
+WEAVE_PASSWORD="{{ weave_password }}"
+{% endif %}

roles/network_plugin/weave/templates/weave.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Weave Network
+Documentation=http://docs.weave.works/weave/latest_release/
+Requires=docker.service
+After=docker.service
+
+[Service]
+EnvironmentFile=-/etc/weave.env
+ExecStartPre={{ bin_dir }}/weave launch-router \
+            $WEAVE_SUBNET \
+            $WEAVE_PEERS
+ExecStart=/usr/bin/docker attach weave
+ExecStop={{ bin_dir }}/weave stop-router
+
+[Install]
+WantedBy=multi-user.target

roles/network_plugin/weave/templates/weaveexpose.service.j2

@@ -0,0 +1,18 @@
+[Unit]
+Documentation=http://docs.weave.works/
+Requires=docker.service
+Requires=weave.service
+After=weave.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+TimeoutStartSec=0
+EnvironmentFile=-/etc/weave.%H.env
+EnvironmentFile=-/etc/weave.env
+ExecStart={{ bin_dir }}/weave expose
+ExecStop={{ bin_dir }}/weave hide
+
+[Install]
+WantedBy=weave-network.target

roles/network_plugin/weave/templates/weaveproxy.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Weave proxy for Docker API
+Documentation=http://docs.weave.works/
+Requires=docker.service
+After=docker.service
+
+[Service]
+EnvironmentFile=-/etc/weave.%H.env
+EnvironmentFile=-/etc/weave.env
+ExecStartPre={{ bin_dir }}/weave launch-proxy $WEAVEPROXY_ARGS
+ExecStart=/usr/bin/docker attach weaveproxy
+Restart=on-failure
+ExecStop=/opt/bin/weave stop-proxy
+
+[Install]
+WantedBy=weave-network.target