split network plugins into distinct roles

2026-02-23 22:16:05 -03:30 · 2016-01-30 16:04:47 +01:00
parent 3016ab79cb
commit 4f92417a5d
38 changed files with 235 additions and 168 deletions
--- a/roles/kubernetes/node/files/kube-gen-token.sh
+++ b/roles/kubernetes/node/files/kube-gen-token.sh
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-# Copyright 2015 The Kubernetes Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-token_dir=${TOKEN_DIR:-/var/srv/kubernetes}
-token_file="${token_dir}/known_tokens.csv"
-
-create_accounts=($@)
-
-if [ ! -e "${token_file}" ]; then
-  touch "${token_file}"
-fi
-
-for account in "${create_accounts[@]}"; do
-  if grep ",${account}," "${token_file}" ; then
-    continue
-  fi
-  token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null)
-  echo "${token},${account},${account}" >> "${token_file}"
-  echo "${token}" > "${token_dir}/${account}.token"
-  echo "Added ${account}"
-done
--- a/roles/kubernetes/node/handlers/main.yml
+++ b/roles/kubernetes/node/handlers/main.yml
@@ -9,10 +9,6 @@
    - reload systemd
    - reload kubelet

- name: set is_gentoken_calico fact
-  set_fact:
-    is_gentoken_calico: true
-
 - name: reload kubelet
  service:
    name: kubelet
--- a/roles/kubernetes/node/tasks/gen_calico_tokens.yml
+++ b/roles/kubernetes/node/tasks/gen_calico_tokens.yml
@@ -1,27 +0,0 @@
---
- name: tokens | copy the token gen script
-  copy:
-    src=kube-gen-token.sh
-    dest={{ kube_script_dir }}
-    mode=u+x
-  when: inventory_hostname == groups['kube-master'][0]
-
- name: tokens | generate tokens for calico
-  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
-  environment:
-    TOKEN_DIR: "{{ kube_token_dir }}"
-  with_nested:
-    - [ "system:calico" ]
-    - "{{ groups['k8s-cluster'] }}"
-  register: gentoken_calico
-  changed_when: "'Added' in gentoken_calico.stdout"
-  when: kube_network_plugin == "calico"
-  delegate_to: "{{ groups['kube-master'][0] }}"
-  notify: set is_gentoken_calico fact
-
- name: tokens | get the calico token values
-  slurp:
-    src: "{{ kube_token_dir }}/system:calico-{{ inventory_hostname }}.token"
-  register: calico_token
-  when: kube_network_plugin == "calico"
-  delegate_to: "{{ groups['kube-master'][0] }}"
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -1,32 +1,12 @@
 ---
- name: Create kubernetes config directory
-  file:
-    path: "{{ kube_config_dir }}"
-    state: directory
+- name: Write Calico cni config
+  template:
+    src: "cni-calico.conf.j2"
+    dest: "/etc/cni/net.d/10-calico.conf"
    owner: kube
-
- name: Create kubernetes script directory
-  file:
-    path: "{{ kube_script_dir }}"
-    state: directory
-    owner: kube
-
- name: Create kubernetes manifests directory
-  file:
-    path: "{{ kube_manifest_dir }}"
-    state: directory
-    owner: kube
-
- name: Create kubernetes logs directory
-  file:
-    path: "{{ kube_log_dir }}"
-    state: directory
-    owner: kube
-  when: init_system == "sysvinit"
+  when: kube_network_plugin == "calico"

 - include: secrets.yml
-  tags:
-    - secrets

 - include: install.yml

--- a/roles/kubernetes/node/tasks/secrets.yml
+++ b/roles/kubernetes/node/tasks/secrets.yml
@@ -16,8 +16,6 @@
 - include: gen_certs.yml
  when: inventory_hostname == groups['kube-master'][0]

- include: gen_calico_tokens.yml
-
 # Sync certs between nodes
 - name: Secrets | create user
  user:
--- a/roles/kubernetes/node/templates/cni-calico.conf.j2
+++ b/roles/kubernetes/node/templates/cni-calico.conf.j2
@@ -0,0 +1,9 @@
+{
+  "name": "calico-k8s-network",
+  "type": "calico",
+  "etcd_authority": "127.0.0.1:2379",
+  "log_level": "info",
+  "ipam": {
+    "type": "calico-ipam"
+  }
+}
--- a/roles/kubernetes/node/templates/kubelet.j2
+++ b/roles/kubernetes/node/templates/kubelet.j2
@@ -24,7 +24,7 @@ KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} -
 KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
 {% endif %}
 {% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
+KUBELET_NETWORK_PLUGIN="--network_plugin=cni --network-plugin-dir=/etc/cni/net.d"
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow_privileged=true"