Merge branch 'master' into reverselookups

2026-02-01 01:28:11 -03:30 · 2016-10-05 14:46:47 +03:00
parent 5579cddbdb 4f33c6cfe6
commit 2e90d3fe76
7 changed files with 23 additions and 23 deletions
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -9,8 +9,6 @@
 - name: Create dest directories
  file: path={{local_release_dir}}/{{download.dest|dirname}} state=directory recurse=yes
  when: "{{ download.enabled|bool and not download.container|bool }}"
-  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
-  run_once: "{{ download_run_once|bool }}"

 - name: Download items
  get_url:
@@ -24,8 +22,6 @@
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when: "{{ download.enabled|bool and not download.container|bool }}"
-  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
-  run_once: "{{ download_run_once|bool }}"

 - name: Extract archives
  unarchive:
@@ -35,8 +31,6 @@
    mode: "{{ download.mode|default(omit) }}"
    copy: no
  when: "{{ download.enabled|bool and not download.container|bool and download.unarchive is defined and download.unarchive == True }}"
-  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
-  run_once: "{{ download_run_once|bool }}"

 - name: Fix permissions
  file:
@@ -45,8 +39,6 @@
    owner: "{{ download.owner|default(omit) }}"
    mode: "{{ download.mode|default(omit) }}"
  when: "{{ download.enabled|bool and not download.container|bool and (download.unarchive is not defined or download.unarchive == False) }}"
-  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
-  run_once: "{{ download_run_once|bool }}"

 - name: pulling...
  debug:
@@ -65,7 +57,7 @@
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  when: "{{ download.enabled|bool and download.container|bool }}"
-  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else omit }}"
+  delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else inventory_hostname }}"
  run_once: "{{ download_run_once|bool }}"

 - set_fact:
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -13,6 +13,7 @@ spec:
    - apiserver
    - --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
    - --etcd-servers={{ etcd_access_endpoint }}
+    - --etcd-quorum-read=true
    - --insecure-bind-address={{ kube_apiserver_insecure_bind_address }}
    - --apiserver-count={{ kube_apiserver_count }}
    - --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -8,6 +8,9 @@ kube_resolv_conf: "/etc/resolv.conf"

 kube_proxy_mode: iptables

+# If using the pure iptables proxy, SNAT everything
+kube_proxy_masquerade_all: true
+
 # kube_api_runtime_config:
 #   - extensions/v1beta1/daemonsets=true
 #   - extensions/v1beta1/deployments=true
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -18,6 +18,9 @@ spec:
 {% endif %}
    - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
    - --proxy-mode={{ kube_proxy_mode }}
+{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
+    - --masquerade-all
+{% endif %}
    securityContext:
      privileged: true
    volumeMounts:
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -5,5 +5,6 @@ nat_outgoing: true
 # Use IP-over-IP encapsulation across hosts
 ipip: false

-# cloud_provider can only be set to 'gce' or 'aws'
-# cloud_provider:
+# Set to true if you want your calico cni binaries to overwrite the
+# ones from hyperkube while leaving other cni plugins intact.
+overwrite_hyperkube_cni: false
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -32,18 +32,8 @@
    use_hyperkube_cni: true
  when: kube_version | version_compare('v1.3.4','>=')

- name: Calico | Install calico cni bin
-  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
-  changed_when: false
-  when: "{{ not use_hyperkube_cni|bool }}"
-
- name: Calico | Install calico-ipam cni bin
-  command: rsync -piu "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico-ipam"
-  changed_when: false
-  when: "{{ not use_hyperkube_cni|bool }}"
-
 - name: Calico | Copy cni plugins from hyperkube
-  command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
+  command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
@@ -51,6 +41,16 @@
  changed_when: false
  when: "{{ use_hyperkube_cni|bool }}"

+- name: Calico | Install calico cni bin
+  command: rsync -pi "{{ local_release_dir }}/calico/bin/calico" "/opt/cni/bin/calico"
+  changed_when: false
+  when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
+
+- name: Calico | Install calico-ipam cni bin
+  command: rsync -pi "{{ local_release_dir }}/calico/bin/calico-ipam" "/opt/cni/bin/calico-ipam"
+  changed_when: false
+  when: "{{ not use_hyperkube_cni|bool or overwrite_hyperkube_cni|bool }}"
+
 - name: Calico | wait for etcd
  uri: url=http://localhost:2379/health
  register: result