External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-16 16:37:33 -02:30
Code Issues Packages Projects Releases Wiki Activity

Normalize tags in all places to prepare for tag fixing in future (#1739)

Browse Source
This commit is contained in:
Aivars Sterns
2017-10-05 10:43:04 +03:00
committed by Matthew Mosesohn
parent cb611b5ed0
commit 9c86da1403
48 changed files with 501 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/kubernetes/client/tasks/main.yml
View File

@@ -11,7 +11,8 @@
{%- else -%}
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
{%- endif -%}
tags: facts
tags:
- facts
- name: Gather certs for admin kubeconfig
slurp:

3
roles/kubernetes/kubeadm/tasks/main.yml
View File

@@ -8,7 +8,8 @@
{{ kube_apiserver_endpoint }}
{%- endif %}
when: not is_kube_master
tags: facts
tags:
- facts
- name: Check if kubelet.conf exists
stat:

4
roles/kubernetes/master/meta/main.yml
View File

@@ -2,4 +2,6 @@
dependencies:
- role: download
file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube]
tags:
- download
- hyperkube

3
roles/kubernetes/master/tasks/kubeadm-setup.yml
View File

@@ -48,7 +48,8 @@
{%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %}
{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
{%- endfor %}
tags: facts
tags:
- facts
- name: kubeadm | Copy etcd cert dir under k8s cert dir
command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd"

15
roles/kubernetes/master/tasks/main.yml
View File

@@ -1,6 +1,7 @@
---
- include: pre-upgrade.yml
tags: k8s-pre-upgrade
tags:
- k8s-pre-upgrade
# upstream bug: https://github.com/kubernetes/kubeadm/issues/441
- name: Disable kube_basic_auth until kubeadm/441 is fixed
@@ -18,12 +19,16 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, kubectl, upgrade]
tags:
- hyperkube
- kubectl
- upgrade
- name: Install kubectl bash completion
shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
when: ansible_os_family in ["Debian","RedHat"]
tags: kubectl
tags:
- kubectl
- name: Set kubectl bash completion file
file:
@@ -32,7 +37,9 @@
group: root
mode: 0755
when: ansible_os_family in ["Debian","RedHat"]
tags: [kubectl, upgrade]
tags:
- kubectl
- upgrade
- task: Include kubeadm setup if enabled
include: kubeadm-setup.yml

24
roles/kubernetes/master/tasks/static-pod-setup.yml
View File

@@ -4,7 +4,8 @@
src: manifests/kube-apiserver.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
notify: Master | wait for the apiserver to be running
tags: kube-apiserver
tags:
- kube-apiserver
- meta: flush_handlers
@@ -13,7 +14,8 @@
src: namespace.j2
dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
when: inventory_hostname == groups['kube-master'][0]
tags: apps
tags:
- apps
- name: Check if kube system namespace exists
command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
@@ -21,7 +23,8 @@
changed_when: False
failed_when: False
when: inventory_hostname == groups['kube-master'][0]
tags: apps
tags:
- apps
- name: Create kube system namespace
command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
@@ -31,30 +34,35 @@
until: create_system_ns.rc == 0
changed_when: False
when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0
tags: apps
tags:
- apps
- name: Write kube-scheduler kubeconfig
template:
src: kube-scheduler-kubeconfig.yaml.j2
dest: "{{ kube_config_dir }}/kube-scheduler-kubeconfig.yaml"
tags: kube-scheduler
tags:
- kube-scheduler
- name: Write kube-scheduler manifest
template:
src: manifests/kube-scheduler.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-scheduler.manifest"
notify: Master | wait for kube-scheduler
tags: kube-scheduler
tags:
- kube-scheduler
- name: Write kube-controller-manager kubeconfig
template:
src: kube-controller-manager-kubeconfig.yaml.j2
dest: "{{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml"
tags: kube-controller-manager
tags:
- kube-controller-manager
- name: Write kube-controller-manager manifest
template:
src: manifests/kube-controller-manager.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
notify: Master | wait for kube-controller-manager
tags: kube-controller-manager
tags:
- kube-controller-manager

72
roles/kubernetes/node/meta/main.yml
View File

@@ -2,44 +2,90 @@
dependencies:
- role: download
file: "{{ downloads.hyperkube }}"
tags: [download, hyperkube, kubelet, network, canal, calico, weave, kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy, kubectl]
tags:
- download
- hyperkube
- kubelet
- network
- canal
- calico
- weave
- kube-controller-manager
- kube-scheduler
- kube-apiserver
- kube-proxy
- kubectl
- role: download
file: "{{ downloads.pod_infra }}"
tags: [download, kubelet]
tags:
- download
- kubelet
- role: download
file: "{{ downloads.install_socat }}"
tags: [download, kubelet]
when: ansible_os_family in ['CoreOS', 'Container Linux by CoreOS']
tags:
- download
- kubelet
- role: download
file: "{{ downloads.kubeadm }}"
tags: [download, kubelet, kubeadm]
when: kubeadm_enabled
tags:
- download
- kubelet
- kubeadm
- role: kubernetes/secrets
when: not kubeadm_enabled
tags: k8s-secrets
tags:
- k8s-secrets
- role: download
file: "{{ downloads.nginx }}"
tags: [download, nginx]
tags:
- download
- nginx
- role: download
file: "{{ downloads.testbox }}"
tags: download
tags:
- download
- role: download
file: "{{ downloads.netcheck_server }}"
when: deploy_netchecker
tags: [download, netchecker]
tags:
- download
- netchecker
- role: download
file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker
tags: [download, netchecker]
tags:
- download
- netchecker
- role: download
file: "{{ downloads.kubedns }}"
tags: [download, dnsmasq]
tags:
- download
- dnsmasq
- role: download
file: "{{ downloads.dnsmasq_nanny }}"
tags: [download, dnsmasq]
tags:
- download
- dnsmasq
- role: download
file: "{{ downloads.dnsmasq_sidecar }}"
tags: [download, dnsmasq]
tags:
- download
- dnsmasq
- role: download
file: "{{ downloads.kubednsautoscaler }}"
tags: [download, dnsmasq]
tags:
- download
- dnsmasq

12
roles/kubernetes/node/tasks/install.yml
View File

@@ -11,19 +11,22 @@
'/usr/share/ca-certificates',
{% endif -%}
]"
tags: facts
tags:
- facts
- name: Set kubelet deployment to host if kubeadm is enabled
set_fact:
kubelet_deployment_type: host
when: kubeadm_enabled
tags: kubeadm
tags:
- kubeadm
- name: install | Copy kubeadm binary from download dir
command: rsync -piu "{{ local_release_dir }}/kubeadm" "{{ bin_dir }}/kubeadm"
changed_when: false
when: kubeadm_enabled
tags: kubeadm
tags:
- kubeadm
- name: install | Set kubeadm binary permissions
file:
@@ -31,7 +34,8 @@
mode: "0755"
state: file
when: kubeadm_enabled
tags: kubeadm
tags:
- kubeadm
- include: "install_{{ kubelet_deployment_type }}.yml"

4
roles/kubernetes/node/tasks/install_host.yml
View File

@@ -6,7 +6,9 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
tags: [hyperkube, upgrade]
tags:
- hyperkube
- upgrade
notify: restart kubelet
- name: install | Copy socat wrapper for Container Linux

34
roles/kubernetes/node/tasks/main.yml
View File

@@ -1,9 +1,11 @@
---
- include: facts.yml
tags: facts
tags:
- facts
- include: pre_upgrade.yml
tags: kubelet
tags:
- kubelet
- name: Ensure /var/lib/cni exists
file:
@@ -12,11 +14,13 @@
mode: 0755
- include: install.yml
tags: kubelet
tags:
- kubelet
- include: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost|default(true)
tags: nginx
tags:
- nginx
- name: Write kubelet config file (non-kubeadm)
template:
@@ -25,7 +29,8 @@
backup: yes
when: not kubeadm_enabled
notify: restart kubelet
tags: kubelet
tags:
- kubelet
- name: Write kubelet config file (kubeadm)
template:
@@ -34,7 +39,9 @@
backup: yes
when: kubeadm_enabled
notify: restart kubelet
tags: ['kubelet', 'kubeadm']
tags:
- kubelet
- kubeadm
- name: write the kubecfg (auth) file for kubelet
template:
@@ -46,7 +53,8 @@
- kube-proxy
when: not kubeadm_enabled
notify: restart kubelet
tags: kubelet
tags:
- kubelet
- name: Ensure nodePort range is reserved
sysctl:
@@ -56,7 +64,8 @@
state: present
reload: yes
when: kube_apiserver_node_port_range is defined
tags: kube-proxy
tags:
- kube-proxy
- name: Verify if br_netfilter module exists
shell: "modinfo br_netfilter"
@@ -94,14 +103,16 @@
src: manifests/kube-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
when: not kubeadm_enabled
tags: kube-proxy
tags:
- kube-proxy
- name: Purge proxy manifest for kubeadm
file:
path: "{{ kube_manifest_dir }}/kube-proxy.manifest"
state: absent
when: kubeadm_enabled
tags: kube-proxy
tags:
- kube-proxy
# reload-systemd
- meta: flush_handlers
@@ -111,4 +122,5 @@
name: kubelet
enabled: yes
state: started
tags: kubelet
tags:
- kubelet

2
roles/kubernetes/node/tasks/pre_upgrade.yml
View File

@@ -8,4 +8,4 @@
- name: "Pre-upgrade | ensure kubelet container is stopped if using host deployment"
command: docker stop kubelet
failed_when: false
when: kubelet_deployment_type == "host"
when: kubelet_deployment_type == 'host'

5
roles/kubernetes/preinstall/meta/main.yml
View File

@@ -2,5 +2,6 @@
dependencies:
- role: adduser
user: "{{ addusers.kube }}"
tags: kubelet
when: not is_atomic
when: not is_atomic
tags:
- kubelet

99
roles/kubernetes/preinstall/tasks/main.yml
View File

@@ -1,12 +1,14 @@
---
- include: verify-settings.yml
tags: asserts
tags:
- asserts
- name: Force binaries directory for Container Linux by CoreOS
set_fact:
bin_dir: "/opt/bin"
when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags: facts
tags:
- facts
- name: check bin dir exists
file:
@@ -14,10 +16,12 @@
state: directory
owner: root
become: true
tags: bootstrap-os
tags:
- bootstrap-os
- include: set_facts.yml
tags: facts
tags:
- facts
- name: gather os specific variables
include_vars: "{{ item }}"
@@ -32,7 +36,8 @@
paths:
- ../vars
skip: true
tags: facts
tags:
- facts
- name: Create kubernetes directories
file:
@@ -40,7 +45,16 @@
state: directory
owner: kube
when: inventory_hostname in groups['k8s-cluster']
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
- apps
- network
- master
- node
with_items:
- "{{ kube_config_dir }}"
- "{{ kube_config_dir }}/ssl"
@@ -53,13 +67,17 @@
when:
- cloud_provider is defined
- cloud_provider not in ['generic', 'gce', 'aws', 'azure', 'openstack', 'vsphere']
tags: [cloud-provider, facts]
tags:
- cloud-provider
- facts
- include: "{{ cloud_provider }}-credential-check.yml"
when:
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
tags: [cloud-provider, facts]
tags:
- cloud-provider
- facts
- name: Create cni directories
file:
@@ -72,7 +90,12 @@
when:
- kube_network_plugin in ["calico", "weave", "canal", "flannel"]
- inventory_hostname in groups['k8s-cluster']
tags: [network, calico, weave, canal, bootstrap-os]
tags:
- network
- calico
- weave
- canal
- bootstrap-os
- name: Update package management cache (YUM)
yum:
@@ -85,7 +108,8 @@
when:
- ansible_pkg_mgr == 'yum'
- not is_atomic
tags: bootstrap-os
tags:
- bootstrap-os
- name: Install latest version of python-apt for Debian distribs
apt:
@@ -94,7 +118,8 @@
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
tags: bootstrap-os
tags:
- bootstrap-os
- name: Install python-dnf for latest RedHat versions
command: dnf install -y python-dnf yum
@@ -106,7 +131,8 @@
- ansible_distribution == "Fedora"
- ansible_distribution_major_version > 21
changed_when: False
tags: bootstrap-os
tags:
- bootstrap-os
- name: Install epel-release on RedHat/CentOS
shell: rpm -qa | grep epel-release || rpm -ivh {{ epel_rpm_download_url }}
@@ -121,7 +147,8 @@
delay: "{{ retry_stagger | random + 3 }}"
changed_when: False
check_mode: no
tags: bootstrap-os
tags:
- bootstrap-os
- name: Install packages requirements
action:
@@ -134,7 +161,8 @@
delay: "{{ retry_stagger | random + 3 }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
tags: bootstrap-os
tags:
- bootstrap-os
# Todo : selinux configuration
- name: Confirm selinux deployed
@@ -151,7 +179,8 @@
- ansible_os_family == "RedHat"
- slc.stat.exists == True
changed_when: False
tags: bootstrap-os
tags:
- bootstrap-os
- name: Disable IPv6 DNS lookup
lineinfile:
@@ -162,18 +191,21 @@
when:
- disable_ipv6_dns
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags: bootstrap-os
tags:
- bootstrap-os
- name: set default sysctl file path
set_fact:
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
tags: bootstrap-os
tags:
- bootstrap-os
- name: Stat sysctl file configuration
stat:
path: "{{sysctl_file_path}}"
register: sysctl_file_stat
tags: bootstrap-os
tags:
- bootstrap-os
- name: Change sysctl file path to link source if linked
set_fact:
@@ -181,7 +213,8 @@
when:
- sysctl_file_stat.stat.islnk is defined
- sysctl_file_stat.stat.islnk
tags: bootstrap-os
tags:
- bootstrap-os
- name: Enable ip forwarding
sysctl:
@@ -189,7 +222,8 @@
name: net.ipv4.ip_forward
value: 1
state: present
tags: bootstrap-os
tags:
- bootstrap-os
- name: Write cloud-config
template:
@@ -201,39 +235,50 @@
- inventory_hostname in groups['k8s-cluster']
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
tags: [cloud-provider]
tags:
- cloud-provider
- include: etchosts.yml
tags: [bootstrap-os, etchosts]
tags:
- bootstrap-os
- etchosts
- include: resolvconf.yml
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
tags: [bootstrap-os, resolvconf]
tags:
- bootstrap-os
- resolvconf
- include: dhclient-hooks.yml
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags: [bootstrap-os, resolvconf]
tags:
- bootstrap-os
- resolvconf
- include: dhclient-hooks-undo.yml
when:
- dns_mode != 'none'
- resolvconf_mode != 'host_resolvconf'
- not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
tags: [bootstrap-os, resolvconf]
tags:
- bootstrap-os
- resolvconf
- name: Check if we are running inside a Azure VM
stat:
path: /var/lib/waagent/
register: azure_check
tags: bootstrap-os
tags:
- bootstrap-os
- include: growpart-azure-centos-7.yml
when:
- azure_check.stat.exists
- ansible_distribution in ["CentOS","RedHat"]
tags: bootstrap-os
tags:
- bootstrap-os

5
roles/kubernetes/preinstall/tasks/set_facts.yml
View File

@@ -12,4 +12,7 @@
when: is_atomic
- include: set_resolv_facts.yml
tags: [bootstrap-os, resolvconf, facts]
tags:
- bootstrap-os
- resolvconf
- facts

18
roles/kubernetes/secrets/tasks/gen_certs_script.yml
View File

@@ -6,8 +6,17 @@
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false)
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
- apps
- network
- master
- node
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
file:
@@ -16,8 +25,10 @@
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false)
tags:
- k8s-secrets
- bootstrap-os
- name: Gen_certs | write openssl config
template:
@@ -87,7 +98,8 @@
'node-{{ inventory_hostname }}-key.pem',
'kube-proxy-{{ inventory_hostname }}.pem',
'kube-proxy-{{ inventory_hostname }}-key.pem']
tags: facts
tags:
- facts
- name: Gen_certs | Gather master certs
shell: "tar cfz - -C {{ kube_cert_dir }} -T /dev/stdin <<< {{ my_master_certs|join(' ') }} {{ all_node_certs|join(' ') }} | base64 --wrap=0"

32
roles/kubernetes/secrets/tasks/main.yml
View File

@@ -1,9 +1,13 @@
---
- include: check-certs.yml
tags: [k8s-secrets, facts]
tags:
- k8s-secrets
- facts
- include: check-tokens.yml
tags: [k8s-secrets, facts]
tags:
- k8s-secrets
- facts
- name: Make sure the certificate directory exits
file:
@@ -31,8 +35,17 @@
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [kubelet, k8s-secrets, kube-controller-manager, kube-apiserver, bootstrap-os, apps, network, master, node]
when: gen_certs|default(false) or gen_tokens|default(false)
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
- apps
- network
- master
- node
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
file:
@@ -41,8 +54,10 @@
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
tags: [k8s-secrets, bootstrap-os]
when: gen_certs|default(false) or gen_tokens|default(false)
tags:
- k8s-secrets
- bootstrap-os
- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
file:
@@ -55,10 +70,12 @@
when: gen_tokens|default(false)
- include: "gen_certs_{{ cert_management }}.yml"
tags: k8s-secrets
tags:
- k8s-secrets
- include: upd_ca_trust.yml
tags: k8s-secrets
tags:
- k8s-secrets
- name: "Gen_certs | Get certificate serials on kube masters"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
@@ -93,4 +110,5 @@
when: inventory_hostname in groups['k8s-cluster']
- include: gen_tokens.yml
tags: k8s-secrets
tags:
- k8s-secrets

3
roles/kubernetes/secrets/tasks/upd_ca_trust.yml
View File

@@ -9,7 +9,8 @@
{%- elif ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] -%}
/etc/ssl/certs/kube-ca.pem
{%- endif %}
tags: facts
tags:
- facts
- name: Gen_certs | add CA to trusted CA dir
copy: