Merge branch 'master' into master

epcim · Mar 31, 2018 · 16961f6 · 16961f6
2 parents 94a0562 + b9b028a
commit 16961f6
Show file tree

Hide file tree

Showing 141 changed files with 653 additions and 261 deletions.
diff --git a/Vagrantfile b/Vagrantfile
@@ -3,7 +3,7 @@
 
 require 'fileutils'
 
-Vagrant.require_version ">= 1.9.0"
+Vagrant.require_version ">= 2.0.0"
 
 CONFIG = File.join(File.dirname(__FILE__), "vagrant/config.rb")
 
@@ -135,12 +135,6 @@ Vagrant.configure("2") do |config|
 
       config.vm.network :private_network, ip: ip
 
-      # workaround for Vagrant 1.9.1 and centos vm
-      # https://github.com/hashicorp/vagrant/issues/8096
-      if Vagrant::VERSION == "1.9.1" && $os == "centos"
-        config.vm.provision "shell", inline: "service network restart", run: "always"
-      end
-
       # Disable swap for each vm
       config.vm.provision "shell", inline: "swapoff -a"
 
@@ -164,7 +158,7 @@ Vagrant.configure("2") do |config|
           if File.exist?(File.join(File.dirname($inventory), "hosts"))
             ansible.inventory_path = $inventory
           end
-          ansible.sudo = true
+          ansible.become = true
           ansible.limit = "all"
           ansible.host_key_checking = false
           ansible.raw_arguments = ["--forks=#{$num_instances}", "--flush-cache"]

diff --git a/ansible.cfg b/ansible.cfg
@@ -13,3 +13,4 @@ callback_whitelist = profile_tasks
 roles_path = roles:$VIRTUAL_ENV/usr/local/share/kubespray/roles:$VIRTUAL_ENV/usr/local/share/ansible/roles:/usr/share/kubespray/roles
 deprecation_warnings=False
 inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo, .creds
+jinja2_extensions = jinja2.ext.do
diff --git a/contrib/terraform/openstack/ansible_bastion_template.txt b/contrib/terraform/openstack/ansible_bastion_template.txt
@@ -1 +1 @@
-ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -q USER@BASTION_ADDRESS"' 
+ansible_ssh_common_args: "-o ProxyCommand='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q USER@BASTION_ADDRESS {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}'"
diff --git a/contrib/terraform/openstack/modules/network/outputs.tf b/contrib/terraform/openstack/modules/network/outputs.tf
@@ -2,6 +2,6 @@ output "router_id" {
   value = "${openstack_networking_router_interface_v2.k8s.id}"
 }
 
-output "network_id" {
+output "subnet_id" {
   value = "${openstack_networking_subnet_v2.k8s.id}"
 }
diff --git a/docs/vagrant.md b/docs/vagrant.md
@@ -1,7 +1,7 @@
 Vagrant Install
 =================
 
-Assuming you have Vagrant (1.9+) installed with virtualbox (it may work
+Assuming you have Vagrant (2.0+) installed with virtualbox (it may work
 with vmware, but is untested) you should be able to launch a 3 node
 Kubernetes cluster by simply running `$ vagrant up`.<br />
 

diff --git a/docs/vars.md b/docs/vars.md
@@ -118,6 +118,14 @@ Stack](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/dns-st
 * *kubelet_cgroup_driver* - Allows manual override of the
   cgroup-driver option for Kubelet. By default autodetection is used
   to match Docker configuration.
+* *node_labels* - Labels applied to nodes via kubelet --node-labels parameter.
+  For example, labels can be set in the inventory as variables or more widely in group_vars.
+  *node_labels* must be defined as a dict:
+```
+node_labels:
+  label1_name: label1_value
+  label2_name: label2_value
+```
 
 ##### Custom flags for Kube Components
 For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments. This can be done by providing a list of flags. Example:

diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
@@ -6,7 +6,6 @@
 kube_config_dir: /etc/kubernetes
 kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
 kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-system_namespace: kube-system
 
 # This is where all the cert scripts and certs will be located
 kube_cert_dir: "{{ kube_config_dir }}/ssl"
@@ -214,6 +213,10 @@ ingress_nginx_enabled: false
 # ingress_nginx_configmap_udp_services:
 #   53: "kube-system/kube-dns:53"
 
+# Cert manager deployment
+cert_manager_enabled: false
+# cert_manager_namespace: "cert-manager"
+
 # Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now )
 persistent_volumes_enabled: false
 

diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
@@ -91,7 +91,7 @@
 - name: Start Resources
   kube:
     name: "{{item.item.name}}"
-    namespace: "{{system_namespace}}"
+    namespace: "kube-system"
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"

diff --git a/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml b/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml
@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: dnsmasq
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
 subjects:
   - kind: ServiceAccount
     name: dnsmasq
-    namespace: "{{ system_namespace}}"
+    namespace: "kube-system"
 roleRef:
   kind: ClusterRole
   name: cluster-admin

diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: dnsmasq
-  namespace: "{{system_namespace}}"
+  namespace: "kube-system"
   labels:
     k8s-app: dnsmasq
     kubernetes.io/cluster-service: "true"

diff --git a/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml b/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml
@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: dnsmasq
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
   labels:
     kubernetes.io/cluster-service: "true"
diff --git a/roles/dnsmasq/templates/dnsmasq-svc.yml b/roles/dnsmasq/templates/dnsmasq-svc.yml
@@ -6,7 +6,7 @@ metadata:
     kubernetes.io/cluster-service: 'true'
     k8s-app: dnsmasq
   name: dnsmasq
-  namespace: {{system_namespace}}
+  namespace: kube-system
 spec:
   ports:
     - port: 53

diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
@@ -21,6 +21,10 @@ docker_dns_servers_strict: yes
 
 docker_container_storage_setup: false
 
+# Used to override obsoletes=0
+yum_conf: /etc/yum.conf
+docker_yum_conf: /etc/yum_docker.conf
+
 # CentOS/RedHat docker-ce repo
 docker_rh_repo_base_url: 'https://download.docker.com/linux/centos/7/$basearch/stable'
 docker_rh_repo_gpgkey: 'https://download.docker.com/linux/centos/gpg'

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -30,6 +30,8 @@
   tags:
     - facts
 
+- import_tasks: pre-upgrade.yml
+
 - name: ensure docker-ce repository public key is installed
   action: "{{ docker_repo_key_info.pkg_key }}"
   args:
@@ -78,11 +80,27 @@
     dest: "/etc/yum.repos.d/docker.repo"
   when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
 
+- name: Copy yum.conf for editing
+  copy:
+    src: "{{ yum_conf }}"
+    dest: "{{ docker_yum_conf }}"
+    remote_src: yes
+  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
+
+- name: Edit copy of yum.conf to set obsoletes=0
+  lineinfile:
+    path: "{{ docker_yum_conf }}"
+    state: present
+    regexp: '^obsoletes='
+    line: 'obsoletes=0'
+  when: ansible_distribution in ["CentOS","RedHat"] and not is_atomic
+
 - name: ensure docker packages are installed
   action: "{{ docker_package_info.pkg_mgr }}"
   args:
     pkg: "{{item.name}}"
     force: "{{item.force|default(omit)}}"
+    conf_file: "{{item.yum_conf|default(omit)}}"
     state: present
   register: docker_task_result
   until: docker_task_result|succeeded

diff --git a/roles/docker/tasks/pre-upgrade.yml b/roles/docker/tasks/pre-upgrade.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensure old versions of Docker are not installed. | Debian
+  package:
+    name: '{{ item }}'
+    state: absent
+  with_items:
+    - docker
+    - docker-engine
+  when: ansible_os_family == 'Debian' and (docker_versioned_pkg[docker_version | string] | search('docker-ce'))
+
+- name: Ensure old versions of Docker are not installed. | RedHat
+  package:
+    name: '{{ item }}'
+    state: absent
+  with_items:
+    - docker
+    - docker-common
+    - docker-engine
+    - docker-selinux
+  when: ansible_os_family == 'RedHat' and (docker_versioned_pkg[docker_version | string] | search('docker-ce'))
diff --git a/roles/docker/vars/redhat.yml b/roles/docker/vars/redhat.yml
@@ -28,7 +28,9 @@ docker_package_info:
   pkg_mgr: yum
   pkgs:
     - name: "{{ docker_selinux_versioned_pkg[docker_selinux_version | string] }}"
+      yum_conf: "{{ docker_yum_conf }}"
     - name: "{{ docker_versioned_pkg[docker_version | string] }}"
+      yum_conf: "{{ docker_yum_conf }}"
 
 docker_repo_key_info:
   pkg_key: ''
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -q USER@BASTION_ADDRESS"'
		ansible_ssh_common_args: "-o ProxyCommand='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q USER@BASTION_ADDRESS {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}'"