Merge branch 'master' into multi-arch-support

2026-05-22 08:17:45 -02:30 · 2018-08-17 16:35:50 +02:00
parent 1081f620d2 7e37aa4aca
commit 26bf719a02
191 changed files with 2050 additions and 2634 deletions
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -60,6 +60,9 @@ dashboard_certs_secret_name: kubernetes-dashboard-certs
 dashboard_tls_key_file: dashboard.key
 dashboard_tls_cert_file: dashboard.crt

+# Override dashboard default settings
+dashboard_token_ttl: 900
+
 # SSL
 etcd_cert_dir: "/etc/ssl/etcd/ssl"
 canal_cert_dir: "/etc/canal/certs"
--- a/roles/kubernetes-apps/ansible/tasks/kubedns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
@@ -19,6 +19,7 @@
    - rbac_enabled or item.type not in rbac_resources
  tags:
    - dnsmasq
+    - kubedns

 # see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
 - name: Kubernetes Apps | Patch system:kube-dns ClusterRole
@@ -39,3 +40,4 @@
    - rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
  tags:
    - dnsmasq
+    - kubedns
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -17,6 +17,9 @@
    - inventory_hostname == groups['kube-master'][0]
  tags:
    - upgrade
+    - dnsmasq
+    - coredns
+    - kubedns

 - name: Kubernetes Apps | CoreDNS
  import_tasks: "tasks/coredns.yml"
@@ -56,6 +59,8 @@
  delay: 5
  tags:
    - dnsmasq
+    - coredns
+    - kubedns

 - name: Kubernetes Apps | Netchecker
  import_tasks: tasks/netchecker.yml
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -2,7 +2,7 @@

 - name: Kubernetes Apps | Check if netchecker-server manifest already exists
  stat:
-    path: "{{ kube_config_dir }}/netchecker-server-deployment.yml.j2"
+    path: "{{ kube_config_dir }}/netchecker-server-deployment.yml"
  register: netchecker_server_manifest
  tags:
    - facts
@@ -22,16 +22,16 @@

 - name: Kubernetes Apps | Lay Down Netchecker Template
  template:
-    src: "{{item.file}}"
+    src: "{{item.file}}.j2"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
-    - {file: netchecker-agent-ds.yml.j2, type: ds, name: netchecker-agent}
-    - {file: netchecker-agent-hostnet-ds.yml.j2, type: ds, name: netchecker-agent-hostnet}
-    - {file: netchecker-server-sa.yml.j2, type: sa, name: netchecker-server}
-    - {file: netchecker-server-clusterrole.yml.j2, type: clusterrole, name: netchecker-server}
-    - {file: netchecker-server-clusterrolebinding.yml.j2, type: clusterrolebinding, name: netchecker-server}
-    - {file: netchecker-server-deployment.yml.j2, type: deployment, name: netchecker-server}
-    - {file: netchecker-server-svc.yml.j2, type: svc, name: netchecker-service}
+    - {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent}
+    - {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet}
+    - {file: netchecker-server-sa.yml, type: sa, name: netchecker-server}
+    - {file: netchecker-server-clusterrole.yml, type: clusterrole, name: netchecker-server}
+    - {file: netchecker-server-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-server}
+    - {file: netchecker-server-deployment.yml, type: deployment, name: netchecker-server}
+    - {file: netchecker-server-svc.yml, type: svc, name: netchecker-service}
  register: manifests
  when:
    - inventory_hostname == groups['kube-master'][0]
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -11,7 +11,7 @@ data:
    .:53 {
        errors
        health
-        kubernetes {{ cluster_name }} in-addr.arpa ip6.arpa {
+        kubernetes {{ dns_domain }} in-addr.arpa ip6.arpa {
          pods insecure
          upstream /etc/resolv.conf
          fallthrough in-addr.arpa ip6.arpa
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -34,6 +34,22 @@ spec:
          effect: NoSchedule
        - key: "CriticalAddonsOnly"
          operator: "Exists"
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: "kubernetes.io/hostname"
+            labelSelector:
+              matchLabels:
+                k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: In
+                values:
+                - "true"
      containers:
      - name: coredns
        image: "{{ coredns_image_repo }}:{{ coredns_image_tag }}"
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -166,6 +166,7 @@ spec:
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
+          - --token-ttl={{ dashboard_token_ttl }}
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -30,7 +30,24 @@ spec:
    spec:
      tolerations:
        - effect: NoSchedule
-          operator: Exists
+          operator: Equal
+          key: node-role.kubernetes.io/master
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: "kubernetes.io/hostname"
+            labelSelector:
+              matchLabels:
+                k8s-app: kubedns-autoscaler
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: In
+                values:
+                - "true"
      containers:
      - name: autoscaler
        image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -30,8 +30,25 @@ spec:
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
-      - effect: NoSchedule
-        operator: Exists
+      - effect: "NoSchedule"
+        operator: "Equal"
+        key: "node-role.kubernetes.io/master"
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: "kubernetes.io/hostname"
+            labelSelector:
+              matchLabels:
+                k8s-app: kube-dns
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: In
+                values:
+                - "true"
      volumes:
      - name: kube-dns-config
        configMap: