Multiple fixes to deployment scripts and lab

- Clean up private/pub keys from k8s nodes - Install kpm on k8s nodes, not on master node
Fixes and improvements
2026-06-03 10:07:58 +00:00 · 2016-06-20 12:02:25 +02:00 · 2016-06-20 11:06:01 +02:00 · 2016-06-20 09:58:09 +02:00 · 2016-06-20 09:13:07 +02:00 · 2016-06-16 17:50:44 +02:00
88 changed files with 200 additions and 4123 deletions
@@ -0,0 +1 @@
+ssh
@@ -1,49 +0,0 @@
-[submodule "roles/apps/k8s-kube-ui"]
-    path = roles/apps/k8s-kube-ui
-    url = https://github.com/ansibl8s/k8s-kube-ui.git
-    branch = v1.0
-[submodule "roles/apps/k8s-kubedns"]
-    path = roles/apps/k8s-kubedns
-    url = https://github.com/ansibl8s/k8s-kubedns.git
-    branch = v1.0
-[submodule "roles/apps/k8s-common"]
-    path = roles/apps/k8s-common
-    url = https://github.com/ansibl8s/k8s-common.git
-    branch = v1.0
-[submodule "roles/apps/k8s-redis"]
-    path = roles/apps/k8s-redis
-    url = https://github.com/ansibl8s/k8s-redis.git
-    branch = v1.0
-[submodule "roles/apps/k8s-elasticsearch"]
-    path = roles/apps/k8s-elasticsearch
-    url = https://github.com/ansibl8s/k8s-elasticsearch.git
-[submodule "roles/apps/k8s-fabric8"]
-    path = roles/apps/k8s-fabric8
-    url = https://github.com/ansibl8s/k8s-fabric8.git
-    branch = v1.0
-[submodule "roles/apps/k8s-memcached"]
-    path = roles/apps/k8s-memcached
-    url = https://github.com/ansibl8s/k8s-memcached.git
-    branch = v1.0
-[submodule "roles/apps/k8s-postgres"]
-    path = roles/apps/k8s-postgres
-    url = https://github.com/ansibl8s/k8s-postgres.git
-    branch = v1.0
-[submodule "roles/apps/k8s-kubedash"]
-    path = roles/apps/k8s-kubedash
-    url = https://github.com/ansibl8s/k8s-kubedash.git
-[submodule "roles/apps/k8s-heapster"]
-    path = roles/apps/k8s-heapster
-    url = https://github.com/ansibl8s/k8s-heapster.git
-[submodule "roles/apps/k8s-influxdb"]
-    path = roles/apps/k8s-influxdb
-    url = https://github.com/ansibl8s/k8s-influxdb.git
-[submodule "roles/apps/k8s-kube-logstash"]
-	path = roles/apps/k8s-kube-logstash
-	url = https://github.com/ansibl8s/k8s-kube-logstash.git
-[submodule "roles/apps/k8s-etcd"]
-	path = roles/apps/k8s-etcd
-	url = https://github.com/ansibl8s/k8s-etcd.git
-[submodule "roles/apps/k8s-rabbitmq"]
-	path = roles/apps/k8s-rabbitmq
-	url = https://github.com/ansibl8s/k8s-rabbitmq.git
@@ -1,288 +1,33 @@
-kubernetes-ansible
-========
+vagrant-k8s
+===========
+Scripts to create libvirt lab with vagrant and prepare some stuff for `k8s` deployment with `kargo`.

-Install and configure a kubernetes cluster including network plugin.

-### Requirements
-Tested on **Debian Jessie** and **Ubuntu** (14.10, 15.04, 15.10).
-* The target servers must have access to the Internet in order to pull docker imaqes.
-* The firewalls are not managed, you'll need to implement your own rules the way you used to.
+Requirements
+============

-Ansible v1.9.x
+* `libvirt`
+* `vagrant`
+* `vagrant-libvirt` plugin
+* `$USER` should be able to connect to libvirt (test with `virsh list --all`)

-### Components
-* [kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.1.3
-* [etcd](https://github.com/coreos/etcd/releases) v2.2.2
-* [calicoctl](https://github.com/projectcalico/calico-docker/releases) v0.13.0
-* [flanneld](https://github.com/coreos/flannel/releases) v0.5.5
-* [docker](https://www.docker.com/) v1.9.1
+How-to
+======

-Quickstart
-------------------------
-The following steps will quickly setup a kubernetes cluster with default configuration.
-These defaults are good for tests purposes.
+* Prepare the virtual lab:

-Edit the inventory according to the number of servers
-```
-[downloader]
-10.115.99.1
-
-[kube-master]
-10.115.99.31
-
-[etcd]
-10.115.99.31
-10.115.99.32
-10.115.99.33
-
-[kube-node]
-10.115.99.32
-10.115.99.33
-
-[k8s-cluster:children]
-kube-node
-kube-master
+```bash
+export VAGRANT_POOL="10.100.0.0/16"
+git clone https://github.com/adidenko/vagrant-k8s
+cd vagrant-k8s
+vagrant up
 ```

-Run the playbook
+* Login to master node and deploy k8s with kargo:
+
+```bash
+vagrant ssh $USER-k8s-01
+# Inside your master VM run this:
+sudo su -
+./deploy-k8s.kargo.sh
 ```
-ansible-playbook -i inventory/inventory.cfg cluster.yml -u root
-```
-
-You can jump directly to "*Available apps, installation procedure*"
-
-
-Ansible
-------------------------
-### Download binaries
-A role allows to download required binaries. They will be stored in a directory defined by the variable
-**'local_release_dir'** (by default /tmp).
-Please ensure that you have enough disk space there (about **300M**).
-
-**Note**: Whenever you'll need to change the version of a software, you'll have to erase the content of this directory.
-
-
-### Variables
-The main variables to change are located in the directory ```inventory/group_vars/all.yml```.
-
-### Inventory
-Below is an example of an inventory.
-Note : The bgp vars local_as and peers are not mandatory if the var **'peer_with_router'** is set to false
-By default this variable is set to false and therefore all the nodes are configure in **'node-mesh'** mode.
-In node-mesh mode the nodes peers with all the nodes in order to exchange routes.
-
-```
-
-[downloader]
-node1 ansible_ssh_host=10.99.0.26
-
-[kube-master]
-node1 ansible_ssh_host=10.99.0.26
-node2 ansible_ssh_host=10.99.0.27
-
-[etcd]
-node1 ansible_ssh_host=10.99.0.26
-node2 ansible_ssh_host=10.99.0.27
-node3 ansible_ssh_host=10.99.0.4
-
-[kube-node]
-node2 ansible_ssh_host=10.99.0.27
-node3 ansible_ssh_host=10.99.0.4
-node4 ansible_ssh_host=10.99.0.5
-node5 ansible_ssh_host=10.99.0.36
-node6 ansible_ssh_host=10.99.0.37
-
-[paris]
-node1 ansible_ssh_host=10.99.0.26
-node3 ansible_ssh_host=10.99.0.4 local_as=xxxxxxxx
-node4 ansible_ssh_host=10.99.0.5 local_as=xxxxxxxx
-
-[new-york]
-node2 ansible_ssh_host=10.99.0.27
-node5 ansible_ssh_host=10.99.0.36 local_as=xxxxxxxx
-node6 ansible_ssh_host=10.99.0.37 local_as=xxxxxxxx
-
-[k8s-cluster:children]
-kube-node
-kube-master
-```
-
-### Playbook
-```
---
- hosts: downloader
-  sudo: no
-  roles:
-    - { role: download, tags: download }
-
- hosts: k8s-cluster
-  roles:
-    - { role: etcd, tags: etcd }
-    - { role: docker, tags: docker }
-    - { role: dnsmasq, tags: dnsmasq }
-    - { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
-
- hosts: kube-master
-  roles:
-    - { role: kubernetes/master, tags: master }
-
- hosts: kube-node
-  roles:
-    - { role: kubernetes/node, tags: node }
-
-```
-
-### Run
-It is possible to define variables for different environments.
-For instance, in order to deploy the cluster on 'dev' environment run the following command.
-```
-ansible-playbook -i inventory/dev/inventory.cfg cluster.yml -u root
-```
-
-Kubernetes
-------------------------
-### Multi master notes
-* You can choose where to install the master components. If you want your master node to act both as master (api,scheduler,controller) and node (e.g. accept workloads, create pods ...), 
-the server address has to be present on both groups 'kube-master' and 'kube-node'.
-
-* Almost all kubernetes components are running into pods except *kubelet*. These pods are managed by kubelet which ensure they're always running
-
-* For safety reasons, you should have at least two master nodes and 3 etcd servers
-
-* Kube-proxy doesn't support multiple apiservers on startup ([Issue 18174](https://github.com/kubernetes/kubernetes/issues/18174)). An external loadbalancer needs to be configured.
-In order to do so, some variables have to be used '**loadbalancer_apiserver**' and '**apiserver_loadbalancer_domain_name**' 
- 
-
-### Network Overlay
-You can choose between 2 network plugins. Only one must be chosen.
-
-* **flannel**: gre/vxlan (layer 2) networking. ([official docs](https://github.com/coreos/flannel))
-
-* **calico**: bgp (layer 3) networking. ([official docs](http://docs.projectcalico.org/en/0.13/))
-
-The choice is defined with the variable '**kube_network_plugin**'
-
-### Expose a service
-There are several loadbalancing solutions.
-The one i found suitable for kubernetes are [Vulcand](http://vulcand.io/) and [Haproxy](http://www.haproxy.org/)
-
-My cluster is working with haproxy and kubernetes services are configured with the loadbalancing type '**nodePort**'.
-eg: each node opens the same tcp port and forwards the traffic to the target pod wherever it is located.
-
-Then Haproxy can be configured to request kubernetes's api in order to loadbalance on the proper tcp port on the nodes.
-
-Please refer to the proper kubernetes documentation on [Services](https://github.com/kubernetes/kubernetes/blob/release-1.0/docs/user-guide/services.md)
-
-### Check cluster status
-
-#### Kubernetes components
-
-* Check the status of the processes
-```
-systemctl status kubelet
-```
-
-* Check the logs
-```
-journalctl -ae -u kubelet
-```
-
-* Check the NAT rules
-```
-iptables -nLv -t nat
-```
-
-For the master nodes you'll have to see the docker logs for the apiserver
-```
-docker logs [apiserver docker id]
-```
-
-
-### Available apps, installation procedure
-
-There are two ways of installing new apps
-
-#### Ansible galaxy
-
-Additionnal apps can be installed with ```ansible-galaxy```.
-
-ou'll need to edit the file '*requirements.yml*' in order to chose needed apps.
-The list of available apps are available [there](https://github.com/ansibl8s)
-
-For instance it is **strongly recommanded** to install a dns server which resolves kubernetes service names.
-In order to use this role you'll need the following entries in the file '*requirements.yml*' 
-Please refer to the [k8s-kubedns readme](https://github.com/ansibl8s/k8s-kubedns) for additionnal info.
-```
- src: https://github.com/ansibl8s/k8s-common.git
-  path: roles/apps
-  # version: v1.0
-
- src: https://github.com/ansibl8s/k8s-kubedns.git
-  path: roles/apps
-  # version: v1.0
-```
-**Note**: the role common is required by all the apps and provides the tasks and libraries needed.
-
-And empty the apps directory
-```
-rm -rf roles/apps/*
-```
-
-Then download the roles with ansible-galaxy
-```
-ansible-galaxy install -r requirements.yml
-```
-
-#### Git submodules
-Alternatively the roles can be installed as git submodules.
-That way is easier if you want to do some changes and commit them.
-
-You can list available submodules with the following command:
-```
-grep path .gitmodules | sed 's/.*= //'
-```
-
-In order to install the dns addon you'll need to follow these steps
-```
-git submodule init roles/apps/k8s-common roles/apps/k8s-kubedns
-git submodule update
-```
-
-Finally update the playbook ```apps.yml``` with the chosen roles, and run it
-```
-...
- hosts: kube-master
-  roles:
-    - { role: apps/k8s-kubedns, tags: ['kubedns', 'apps']  }
-...
-```
-
-```
-ansible-playbook -i environments/dev/inventory apps.yml -u root
-```
-
-
-#### Calico networking
-Check if the calico-node container is running
-```
-docker ps | grep calico
-```
-
-The **calicoctl** command allows to check the status of the network workloads.
-* Check the status of Calico nodes
-```
-calicoctl status
-```
-
-* Show the configured network subnet for containers
-```
-calicoctl pool show
-```
-
-* Show the workloads (ip addresses of containers and their located)
-```
-calicoctl endpoint show --detail
-```
-#### Flannel networking
-
-Congrats ! now you can walk through [kubernetes basics](http://kubernetes.io/v1.1/basicstutorials.html)
@@ -0,0 +1,88 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ENV["VAGRANT_DEFAULT_PROVIDER"] = "libvirt"
+pool = ENV["VAGRANT_POOL"] || "10.210.0.0/16"
+prefix = pool.gsub(/\.\d+\.\d+\/16$/, "")
+
+$num_instances = 7
+$vm_memory = 2048
+$vm_cpus = 2
+
+$user = ENV["USER"]
+$public_subnet = prefix.to_s + ".0"
+$private_subnet = prefix.to_s + ".1"
+$mgmt_cidr = prefix.to_s + ".2.0/24"
+
+$instance_name_prefix = "#{$user}-k8s"
+
+# Boxes with libvirt provider support:
+#$box = "yk0/ubuntu-xenial" #900M
+#$box = "centos/7"
+$box = "nrclark/xenial64-minimal-libvirt"
+
+# Create SSH keys for future lab
+system 'bash ssh-keygen.sh'
+
+# Create nodes list for future kargo deployment
+nodes=""
+(2..$num_instances).each do |i|
+  ip = "#{$private_subnet}.#{i+10}"
+  nodes = "#{nodes}#{ip}\n"
+end
+File.open("nodes", 'w') { |file| file.write(nodes) }
+
+# Create the lab
+Vagrant.configure("2") do |config|
+  (1..$num_instances).each do |i|
+    # First node would be master node
+    if i == 1
+      master = true
+    else
+      master = false
+    end
+
+    config.ssh.insert_key = false
+    vm_name = "%s-%02d" % [$instance_name_prefix, i]
+
+    config.vm.define vm_name do |test_vm|
+      test_vm.vm.box = $box
+      test_vm.vm.hostname = vm_name
+
+      # Libvirt provider settings
+      test_vm.vm.provider :libvirt do |domain|
+        domain.uri = "qemu+unix:///system"
+        domain.memory = $vm_memory
+        domain.cpus = $vm_cpus
+        domain.driver = "kvm"
+        domain.host = "localhost"
+        domain.connect_via_ssh = false
+        domain.username = $user
+        domain.storage_pool_name = "default"
+        domain.nic_model_type = "e1000"
+        domain.management_network_name = "#{$instance_name_prefix}-mgmt-net"
+        domain.management_network_address = $mgmt_cidr
+        domain.nested = true
+        domain.cpu_mode = "host-passthrough"
+        domain.volume_cache = "unsafe"
+        domain.disk_bus = "virtio"
+      end
+
+      ip = "#{$private_subnet}.#{i+10}"
+      test_vm.vm.network :private_network, :ip => "#{ip}"
+
+      # Provisioning
+      config.vm.provision "file", source: "ssh", destination: "~/ssh"
+      if master
+        config.vm.provision "deploy-k8s", type: "file", source: "deploy-k8s.kargo.sh", destination: "~/deploy-k8s.kargo.sh"
+        config.vm.provision "custom.yaml", type: "file", source: "custom.yaml", destination: "~/custom.yaml"
+        config.vm.provision "kubedns.yaml", type: "file", source: "kubedns.yaml", destination: "~/kubedns.yaml"
+        config.vm.provision "nodes", type: "file", source: "nodes", destination: "~/nodes"
+        config.vm.provision "bootstrap", type: "shell", path: "bootstrap-master.sh"
+      else
+        config.vm.provision "bootstrap", type: "shell", path: "bootstrap-node.sh"
+      end
+
+    end
+  end
+end
@@ -1,29 +0,0 @@
---
- hosts: kube-master
-  roles:
-    # System
-    - { role: apps/k8s-kubedns, tags: ['kubedns', 'kube-system'] }
-
-    # Databases
-    - { role: apps/k8s-postgres, tags: 'postgres' }
-    - { role: apps/k8s-elasticsearch, tags: 'elasticsearch' }
-    - { role: apps/k8s-memcached, tags: 'memcached' }
-    - { role: apps/k8s-redis, tags: 'redis' }
-
-    # Msg Broker
-    - { role: apps/k8s-rabbitmq, tags: 'rabbitmq' }
-
-    # Monitoring
-    - { role: apps/k8s-influxdb, tags: ['influxdb', 'kube-system']}
-    - { role: apps/k8s-heapster, tags: ['heapster', 'kube-system']}
-    - { role: apps/k8s-kubedash, tags: ['kubedash', 'kube-system']}
-
-    # logging
-    - { role: apps/k8s-kube-logstash, tags: 'kube-logstash'}
-
-    # Console
-    - { role: apps/k8s-fabric8, tags: 'fabric8' }
-    - { role: apps/k8s-kube-ui, tags: ['kube-ui', 'kube-system']}
-
-    # ETCD
-    - { role: apps/k8s-etcd, tags: 'etcd'}
@@ -0,0 +1,31 @@
+#!/bin/bash
+echo master > /var/tmp/role
+
+# Packages
+sudo apt-get --yes update
+sudo apt-get --yes upgrade
+sudo apt-get --yes install git screen vim telnet tcpdump python-setuptools gcc python-dev python-pip libssl-dev libffi-dev software-properties-common
+
+# Get ansible-2.1+, vanilla ubuntu-16.04 ansible (2.0.0.2) is broken due to https://github.com/ansible/ansible/issues/13876
+sudo sh -c 'apt-add-repository -y ppa:ansible/ansible;apt-get update;apt-get install -y ansible'
+
+# Kargo-cli
+sudo git clone https://github.com/kubespray/kargo-cli.git /root/kargo-cli
+sudo sh -c 'cd /root/kargo-cli && python setup.py install'
+
+# k8s deploy script and configs
+sudo sh -c 'cp -a ~vagrant/deploy-k8s.kargo.sh /root/ && chmod 755 /root/deploy-k8s.kargo.sh'
+sudo cp -a ~vagrant/custom.yaml /root/custom.yaml
+sudo cp -a ~vagrant/kubedns.yaml /root/kubedns.yaml
+
+# SSH keys and config
+sudo rm -rf /root/.ssh
+sudo mv ~vagrant/ssh /root/.ssh
+sudo echo -e 'Host 10.*\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile=/dev/null' >> /root/.ssh/config
+sudo chown -R root: /root/.ssh
+
+# Copy nodes list
+sudo cp ~vagrant/nodes /root/nodes
+
+# README
+sudo echo 'cd /root/kargo ; ansible-playbook -vvv -i inv/inventory.cfg cluster.yml -u root -f 7' > /root/README
@@ -0,0 +1,17 @@
+#!/bin/bash
+echo node > /var/tmp/role
+
+# Packages
+sudo apt-get --yes update
+sudo apt-get --yes upgrade
+sudo apt-get --yes install screen vim telnet tcpdump python-pip
+
+# Pip
+sudo pip install kpm
+
+# SSH
+sudo rm -rf /root/.ssh
+sudo mv ~vagrant/ssh /root/.ssh
+sudo rm -f /root/.ssh/id_rsa*
+sudo chown -R root: /root/.ssh
+
@@ -1,20 +0,0 @@
---
- hosts: downloader
-  sudo: no
-  roles:
-    - { role: download, tags: download }
-
- hosts: k8s-cluster
-  roles:
-    - { role: etcd, tags: etcd }
-    - { role: docker, tags: docker }
-    - { role: dnsmasq, tags: dnsmasq }
-    - { role: network_plugin, tags: ['calico', 'flannel', 'network'] }
-
- hosts: kube-master
-  roles:
-    - { role: kubernetes/master, tags: master }
-
- hosts: kube-node
-  roles:
-    - { role: kubernetes/node, tags: node }
@@ -0,0 +1,3 @@
+kube_network_plugin: "calico"
+kube_proxy_mode: "iptables"
+local_release_dir: "/var/tmp/releases"
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+INVENTORY="kargo/inventory/inventory.cfg"
+
+nodes=""
+i=1
+for nodeip in `cat /root/nodes` ; do
+  i=$(( $i+1 ))
+  nodes+=" node${i}[ansible_ssh_host=${nodeip},ip=${nodeip}]"
+done
+
+if [ -f "$INVENTORY" ] ; then
+  echo "$INVENTORY already exists, if you want to recreate, pls remove it and re-run this script"
+else
+  echo "Preparing inventory..."
+  kargo prepare -y --nodes $nodes
+fi
+
+echo "Running deployment..."
+kargo deploy -y --ansible-opts="-e @custom.yaml"
+deploy_res=$?
+
+if [ "$deploy_res" -eq "0" ]; then
+  echo "Setting up kubedns..."
+  ansible-playbook -i $INVENTORY kubedns.yaml
+fi
@@ -1,86 +0,0 @@
- # Directory where the binaries will be installed
-bin_dir: /usr/local/bin
-
-# Where the binaries will be downloaded.
-# Note: ensure that you've enough disk space (about 1G)
-local_release_dir: "/tmp/releases"
-
-# Cluster Loglevel configuration
-kube_log_level: 2
-
-# Users to create for basic auth in Kubernetes API via HTTP
-kube_users:
-  kube:
-    pass: changeme
-    role: admin
-#   root:
-#     pass: changeme
-#     role: admin
-
-# Kubernetes cluster name, also will be used as DNS domain
-cluster_name: cluster.local
-
-# set this variable to calico if needed. keep it empty if flannel is used
-kube_network_plugin: calico
-
-# Kubernetes internal network for services, unused block of space.
-kube_service_addresses: 10.233.0.0/18
-
-# internal network. When used, it will assign IP
-# addresses from this range to individual pods.
-# This network must be unused in your network infrastructure!
-kube_pods_subnet: 10.233.64.0/18
-
-# internal network total size (optional). This is the prefix of the
-# entire network. Must be unused in your environment.
-# kube_network_prefix: 18
-
-# internal network node size allocation (optional). This is the size allocated
-# to each node on your network.  With these defaults you should have
-# room for 4096 nodes with 254 pods per node.
-kube_network_node_prefix: 24
-
-# With calico it is possible to distributed routes with border routers of the datacenter.
-peer_with_router: false
-# Warning : enabling router peering will disable calico's default behavior ('node mesh').
-# The subnets of each nodes will be distributed by the datacenter router
-
-# The port the API Server will be listening on.
-kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
-kube_apiserver_port: 443 # (https)
-kube_apiserver_insecure_port: 8080 # (http)
-
-# Internal DNS configuration.
-# Kubernetes can create and mainatain its own DNS server to resolve service names
-# into appropriate IP addresses. It's highly advisable to run such DNS server,
-# as it greatly simplifies configuration of your applications - you can use
-# service names instead of magic environment variables.
-# You still must manually configure all your containers to use this DNS server,
-# Kubernetes won't do this for you (yet).
-
-# Upstream dns servers used by dnsmasq
-upstream_dns_servers:
-  - 8.8.8.8
-  - 4.4.8.8
-#
-# # Use dns server : https://github.com/ansibl8s/k8s-skydns/blob/master/skydns-README.md
-dns_setup: true
-dns_domain: "{{ cluster_name }}"
-#
-# # Ip address of the kubernetes dns service
-dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
-
-# For multi masters architecture:
-# kube-proxy doesn't support multiple apiservers for the time being so you'll need to configure your own loadbalancer
-# This domain name will be inserted into the /etc/hosts file of all servers
-# configuration example with haproxy :
-# listen kubernetes-apiserver-https
-#   bind 10.99.0.21:8383
-#    option ssl-hello-chk
-#    mode tcp
-#    timeout client 3h
-#    timeout server 3h
-#    server master1 10.99.0.26:443
-#    server master2 10.99.0.27:443
-#    balance roundrobin
-# apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
@@ -1,10 +0,0 @@
-#---
-#peers:
-#  -router_id: "10.99.0.34"
-#   as: "65xxx"
-#  - router_id: "10.99.0.35"
-#   as: "65xxx"
-#
-#loadbalancer_apiserver:
-#  address: "10.99.0.44"
-#  port: "8383"
@@ -1,10 +0,0 @@
-#---
-#peers:
-#  -router_id: "10.99.0.2"
-#   as: "65xxx"
-#  - router_id: "10.99.0.3"
-#   as: "65xxx"
-#
-#loadbalancer_apiserver:
-#  address: "10.99.0.21"
-#  port: "8383"
@@ -1,32 +0,0 @@
-[downloader]
-node1 ansible_ssh_host=10.99.0.26
-
-[kube-master]
-node1 ansible_ssh_host=10.99.0.26
-node2 ansible_ssh_host=10.99.0.27
-
-[etcd]
-node1 ansible_ssh_host=10.99.0.26
-node2 ansible_ssh_host=10.99.0.27
-node3 ansible_ssh_host=10.99.0.4
-
-[kube-node]
-node2 ansible_ssh_host=10.99.0.27
-node3 ansible_ssh_host=10.99.0.4
-node4 ansible_ssh_host=10.99.0.5
-node5 ansible_ssh_host=10.99.0.36
-node6 ansible_ssh_host=10.99.0.37
-
-[paris]
-node1 ansible_ssh_host=10.99.0.26
-node3 ansible_ssh_host=10.99.0.4 local_as=xxxxxxxx
-node4 ansible_ssh_host=10.99.0.5 local_as=xxxxxxxx
-
-[new-york]
-node2 ansible_ssh_host=10.99.0.27
-node5 ansible_ssh_host=10.99.0.36 local_as=xxxxxxxx
-node6 ansible_ssh_host=10.99.0.37 local_as=xxxxxxxx
-
-[k8s-cluster:children]
-kube-node
-kube-master
@@ -0,0 +1,5 @@
+- hosts: kube-master
+  tasks:
+    - name: setup-kubedns
+      shell: kpm deploy kube-system/kubedns --namespace=kube-system
+      run_once: true
@@ -1,41 +0,0 @@
---
- src: https://github.com/ansibl8s/k8s-common.git
-  path: roles/apps
-  version: v1.0
-
- src: https://github.com/ansibl8s/k8s-kubedns.git
-  path: roles/apps
-  version: v1.0
-
-#- src: https://github.com/ansibl8s/k8s-kube-ui.git
-#  path: roles/apps
-#  version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-fabric8.git
-#  path: roles/apps
-#  version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-elasticsearch.git
-#  path: roles/apps
-#  # version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-redis.git
-#  path: roles/apps
-#  # version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-memcached.git
-#  path: roles/apps
-#  version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-postgres.git
-#  path: roles/apps
-#  version: v1.0
-#
-#- src: https://github.com/ansibl8s/k8s-heapster.git
-#  path: roles/apps
-#
-#- src: https://github.com/ansibl8s/k8s-influxdb.git
-#  path: roles/apps
-#
-#- src: https://github.com/ansibl8s/k8s-kubedash.git
-#  path: roles/apps
@@ -1,4 +0,0 @@
-#!/bin/sh
-make_resolv_conf() {
-    :
-}
@@ -1,3 +0,0 @@
---
- name: restart dnsmasq
-  command: systemctl restart dnsmasq
@@ -1,69 +0,0 @@
---
- name: populate inventory into hosts file
-  lineinfile:
-    dest: /etc/hosts
-    regexp: "^{{ hostvars[item].ansible_default_ipv4.address }} {{ item }}$"
-    line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ item }}"
-    state: present
-  when: hostvars[item].ansible_default_ipv4.address is defined
-  with_items: groups['all']
-
- name: populate kubernetes loadbalancer address into hosts file
-  lineinfile:
-    dest: /etc/hosts
-    regexp: ".*{{ apiserver_loadbalancer_domain_name }}$"
-    line: "{{ loadbalancer_apiserver.address }} lb-apiserver.kubernetes.local"
-    state: present
-  when: loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined
-
- name: clean hosts file
-  lineinfile:
-    dest: /etc/hosts
-    regexp: "{{ item }}"
-    state: absent
-  with_items:
-    - '^127\.0\.0\.1(\s+){{ inventory_hostname }}.*'
-    - '^::1(\s+){{ inventory_hostname }}.*'
-
- name: install dnsmasq and bindr9utils
-  apt:
-    name: "{{ item }}"
-    state: present
-    update_cache: yes
-  with_items:
-    - dnsmasq
-    - bind9utils
-  when: inventory_hostname in groups['kube-master']
-
- name: ensure dnsmasq.d directory exists
-  file:
-    path: /etc/dnsmasq.d
-    state: directory
-  when: inventory_hostname in groups['kube-master']
-
- name: configure dnsmasq
-  template:
-    src: 01-kube-dns.conf.j2
-    dest: /etc/dnsmasq.d/01-kube-dns.conf
-    mode: 755
-  notify:
-    - restart dnsmasq
-  when: inventory_hostname in groups['kube-master']
-
- name: enable dnsmasq
-  service:
-    name: dnsmasq
-    state: started
-    enabled: yes
-  when: inventory_hostname in groups['kube-master']
-
- name: update resolv.conf with new DNS setup
-  template:
-    src: resolv.conf.j2
-    dest: /etc/resolv.conf
-    mode: 644
-
- name: disable resolv.conf modification by dhclient
-  copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate mode=u+x
-
- meta: flush_handlers
@@ -1,19 +0,0 @@
-#Listen on all interfaces
-interface=*
-
-addn-hosts=/etc/hosts
-
-bogus-priv
-
-#Set upstream dns servers
-{% if upstream_dns_servers is defined %}
-{% for srv in upstream_dns_servers %}
-server={{ srv }}
-{% endfor %}
-{% else %}
- server=8.8.8.8
- server=8.8.4.4
-{% endif %}
-
-# Forward k8s domain to kube-dns
-server=/{{ dns_domain }}/{{ dns_server }}
@@ -1,9 +0,0 @@
-; generated by ansible
-search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }}
-{% if inventory_hostname in groups['kube-master'] %}
-nameserver {{ ansible_default_ipv4.address }}
-{% else %}
-{% for host in groups['kube-master'] %}
-nameserver {{ hostvars[host]['ansible_default_ipv4']['address'] }}
-{% endfor %}
-{% endif %}
@@ -1,17 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network.target docker.socket
-Requires=docker.socket
-
-[Service]
-EnvironmentFile=-/etc/default/docker
-Type=notify
-ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
-MountFlags=slave
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-
-[Install]
-WantedBy=multi-user.target
@@ -1,12 +0,0 @@
---
- name: restart docker
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart docker service
-
- name: reload systemd
-  shell: systemctl daemon-reload
-
- name: restart docker service
-  service: name=docker state=restarted
@@ -1,16 +0,0 @@
---
- name: enable docker
-  service:
-    name: docker
-    enabled: yes
-    state: started
-  tags:
-    - docker
-
-#- name: login to arkena's docker registry
-#  shell : >
-#    docker login --username={{ dockerhub_user }}
-#    --password={{ dockerhub_pass }}
-#    --email={{ dockerhub_email }}
-
- meta: flush_handlers
@@ -1,24 +0,0 @@
---
- name: Install prerequisites for https transport
-  apt: pkg={{ item }} state=present update_cache=yes
-  with_items:
-    - apt-transport-https
-    - ca-certificates
-
- name: Configure docker apt repository
-  template: src=docker.list.j2 dest=/etc/apt/sources.list.d/docker.list backup=yes
-
- name: Install docker-engine
-  apt: pkg={{ item }} state=present force=yes update_cache=yes
-  with_items:
-    - aufs-tools
-    - cgroupfs-mount
-    - docker-engine=1.9.1-0~{{ ansible_distribution_release }}
-
- name: Copy default docker configuration
-  template: src=default-docker.j2 dest=/etc/default/docker backup=yes
-  notify: restart docker
-
- name: Copy Docker systemd unit file
-  copy: src=systemd-docker.service dest=/lib/systemd/system/docker.service backup=yes
-  notify: restart docker
@@ -1,3 +0,0 @@
---
- include: install.yml
- include: configure.yml
@@ -1,13 +0,0 @@
-# Docker Upstart and SysVinit configuration file
-
-# Customize location of Docker binary (especially for development testing).
-#DOCKER="/usr/local/bin/docker"
-
-# Use DOCKER_OPTS to modify the daemon startup options.
-#DOCKER_OPTS=""
-
-# If you need Docker to use an HTTP proxy, it can also be specified here.
-#export http_proxy="http://127.0.0.1:3128/"
-
-# This is also a handy place to tweak where Docker's temporary files go.
-#export TMPDIR="/mnt/bigdrive/docker-tmp"
@@ -1 +0,0 @@
-deb https://apt.dockerproject.org/repo {{ansible_distribution|lower}}-{{ ansible_distribution_release}} main
@@ -1,4 +0,0 @@
---
-#dockerhub_user:
-#dockerhub_pass:
-#dockerhub_email:
@@ -1,15 +0,0 @@
---
-etcd_version: v2.2.2
-flannel_version: 0.5.5
-
-kube_version: v1.1.3
-kubectl_checksum: "01b9bea18061a27b1cf30e34fd8ab45cfc096c9a9d57d0ed21072abb40dd3d1d"
-kubelet_checksum: "62191c66f2d670dd52ddf1d88ef81048977abf1ffaa95ee6333299447eb6a482"
-
-calico_version: v0.13.0
-
-etcd_download_url: "https://github.com/coreos/etcd/releases/download"
-flannel_download_url: "https://github.com/coreos/flannel/releases/download"
-kube_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/amd64"
-calico_download_url: "https://github.com/Metaswitch/calico-docker/releases/download"
-
@@ -1,21 +0,0 @@
---
- name: Create calico release directory
-  local_action: file
-     path={{ local_release_dir }}/calico/bin
-     recurse=yes
-     state=directory
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Check if calicoctl has been downloaded
-  local_action: stat
-     path={{ local_release_dir }}/calico/bin/calicoctl
-  register: c_tar
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
-# issues with get_url module and redirects, to be tested again in the near future
- name: Download calico
-  local_action: shell
-    curl -o {{ local_release_dir }}/calico/bin/calicoctl -Ls {{ calico_download_url }}/{{ calico_version }}/calicoctl
-  when: not c_tar.stat.exists
-  register: dl_calico
-  delegate_to: "{{ groups['kube-master'][0] }}"
@@ -1,42 +0,0 @@
---
- name: Create etcd release directory
-  local_action: file
-     path={{ local_release_dir }}/etcd/bin
-     recurse=yes
-     state=directory
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Check if etcd release archive has been downloaded
-  local_action: stat
-     path={{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz
-  register: e_tar
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
-# issues with get_url module and redirects, to be tested again in the near future
- name: Download etcd
-  local_action: shell
-    curl -o {{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz -Ls {{ etcd_download_url }}/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz
-  when: not e_tar.stat.exists
-  register: dl_etcd
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Extract etcd archive
-  local_action: unarchive
-     src={{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz
-     dest={{ local_release_dir }}/etcd copy=no
-  when: dl_etcd|changed
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Pick up only etcd binaries
-  local_action: copy
-     src={{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64/{{ item }}
-     dest={{ local_release_dir }}/etcd/bin
-  with_items:
-    - etcdctl
-    - etcd
-  when: dl_etcd|changed
-
- name: Delete unused etcd files
-  local_action: file
-     path={{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64 state=absent
-  when: dl_etcd|changed
@@ -1,39 +0,0 @@
---
- name: Create flannel release directory
-  local_action: file
-     path={{ local_release_dir }}/flannel
-     recurse=yes
-     state=directory
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Check if flannel release archive has been downloaded
-  local_action: stat
-     path={{ local_release_dir }}/flannel/flannel-{{ flannel_version }}-linux-amd64.tar.gz
-  register: f_tar
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
-# issues with get_url module and redirects, to be tested again in the near future
- name: Download flannel
-  local_action: shell
-    curl -o {{ local_release_dir }}/flannel/flannel-{{ flannel_version }}-linux-amd64.tar.gz -Ls {{ flannel_download_url }}/v{{ flannel_version }}/flannel-{{ flannel_version }}-linux-amd64.tar.gz
-  when: not f_tar.stat.exists
-  register: dl_flannel
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Extract flannel archive
-  local_action: unarchive
-     src={{ local_release_dir }}/flannel/flannel-{{ flannel_version }}-linux-amd64.tar.gz
-     dest={{ local_release_dir }}/flannel copy=no
-  when: dl_flannel|changed
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Pick up only flannel binaries
-  local_action: copy
-     src={{ local_release_dir }}/flannel/flannel-{{ flannel_version }}/flanneld
-     dest={{ local_release_dir }}/flannel/bin
-  when: dl_flannel|changed
-
- name: Delete unused flannel files
-  local_action: file
-     path={{ local_release_dir }}/flannel/flannel-{{ flannel_version }} state=absent
-  when: dl_flannel|changed
@@ -1,17 +0,0 @@
---
- name: Create kubernetes binary directory
-  local_action: file
-     path="{{ local_release_dir }}/kubernetes/bin"
-     state=directory
-     recurse=yes
-
- name: Download kubelet and kubectl
-  local_action: get_url
-    url="{{ kube_download_url }}/{{ item.name }}"
-    dest="{{ local_release_dir }}/kubernetes/bin"
-    sha256sum="{{ item.checksum }}"
-  with_items:
-    - name: kubelet
-      checksum: "{{ kubelet_checksum }}"
-    - name: kubectl
-      checksum: "{{ kubectl_checksum }}"
@@ -1,5 +0,0 @@
---
- include: kubernetes.yml
- include: etcd.yml
- include: calico.yml
- include: flannel.yml
@@ -1,14 +0,0 @@
---
- name: reload systemd
-  command: systemctl daemon-reload
-
- name: restart reloaded-etcd2
-  service:
-    name: etcd2
-    state: restarted
-
- name: restart etcd2
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart reloaded-etcd2
@@ -1,16 +0,0 @@
---
- name: Copy etcd2.service systemd file
-  template:
-    src: systemd-etcd2.service.j2
-    dest: /lib/systemd/system/etcd2.service
-    backup: yes
-  notify:
-    - restart etcd2
-
- name: Create etcd2 environment vars file
-  template:
-    src: etcd2-environment.j2
-    dest: /etc/etcd2-environment
-
- name: Ensure etcd2 is running
-  service: name=etcd2 state=started enabled=yes
@@ -1,17 +0,0 @@
---
- name: Create etcd user
-  user: name=etcd shell=/bin/nologin home=/var/lib/etcd2
-
- name: Install etcd binaries
-  copy:
-     src={{ local_release_dir }}/etcd/bin/{{ item }}
-     dest={{ bin_dir }}
-     owner=etcd
-     mode=0755
-  with_items:
-    - etcdctl
-    - etcd
-  notify: restart etcd2
-
- name: Create etcd2 binary symlink
-  file: src=/usr/local/bin/etcd dest=/usr/local/bin/etcd2 state=link
@@ -1,3 +0,0 @@
---
- include: install.yml
- include: configure.yml
@@ -1,20 +0,0 @@
-ETCD_DATA_DIR="/var/lib/etcd2"
-{% if inventory_hostname in groups['etcd'] %}
-{% set etcd = {} %}
-{% for host in groups['etcd'] %}
-{% if inventory_hostname == host %}
-{% set _dummy = etcd.update({'name':"master"+loop.index|string}) %}
-{% endif %}
-{% endfor %}
-ETCD_ADVERTISE_CLIENT_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address) }}:2379"
-ETCD_INITIAL_ADVERTISE_PEER_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address)  }}:2380"
-ETCD_INITIAL_CLUSTER="{% for host in groups['etcd'] %}master{{ loop.index|string }}=http://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:2380{% if not loop.last %},{% endif %}{% endfor %}"
-ETCD_INITIAL_CLUSTER_STATE="new"
-ETCD_INITIAL_CLUSTER_TOKEN="k8s_etcd"
-ETCD_LISTEN_CLIENT_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address)  }}:2379,http://127.0.0.1:2379"
-ETCD_LISTEN_PEER_URLS="http://{{ hostvars[inventory_hostname]['ip'] | default( ansible_default_ipv4.address)  }}:2380"
-ETCD_NAME="{{ etcd.name }}"
-{% else  %}
-ETCD_INITIAL_CLUSTER="{% for host in groups['etcd'] %}master{{ loop.index|string }}=http://{{ host }}:2380{% if not loop.last %},{% endif %}{% endfor %}"
-ETCD_LISTEN_CLIENT_URLS="http://127.0.0.1:23799"
-{% endif %}
@@ -1,18 +0,0 @@
-[Unit]
-Description=etcd2
-Conflicts=etcd.service
-
-[Service]
-User=etcd
-EnvironmentFile=/etc/etcd2-environment
-{% if inventory_hostname in groups['etcd'] %}
-ExecStart={{ bin_dir }}/etcd2
-{% else %}
-ExecStart={{ bin_dir }}/etcd2 -proxy on
-{% endif %}
-Restart=always
-RestartSec=10s
-LimitNOFILE=40000
-
-[Install]
-WantedBy=multi-user.target
@@ -1,25 +0,0 @@
---
- name: reload systemd
-  command: systemctl daemon-reload
-
- name: restart kubelet
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart reloaded-kubelet
-
- name: restart reloaded-kubelet
-  service:
-    name: kubelet
-    state: restarted
-
- name: restart proxy
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart reloaded-proxy
-
- name: restart reloaded-proxy
-  service:
-    name: kube-proxy
-    state: restarted
@@ -1,4 +0,0 @@
---
-dependencies:
-  - { role: etcd }
-  - { role: kubernetes/node }
@@ -1,80 +0,0 @@
---
- name: Copy kubectl bash completion
-  copy:
-    src: kubectl_bash_completion.sh
-    dest: /etc/bash_completion.d/kubectl.sh
-
- name: Install kubectl binary
-  copy:
-     src={{ local_release_dir }}/kubernetes/bin/kubectl
-     dest={{ bin_dir }}
-     owner=kube
-     mode=0755
-
- name: populate users for basic auth in API
-  lineinfile:
-    dest: "{{ kube_users_dir }}/known_users.csv"
-    create: yes
-    line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
-    backup: yes
-  with_dict: "{{ kube_users }}"
-
-# Sync masters
- name: synchronize auth directories for masters
-  synchronize:
-    src: "{{ item }}"
-    dest: "{{ kube_config_dir }}"
-    recursive: yes
-    delete: yes
-    rsync_opts: [ '--one-file-system']
-  with_items:
-    - "{{ kube_token_dir }}"
-    - "{{ kube_cert_dir }}"
-    - "{{ kube_users_dir }}"
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
-# Write manifests
- name: Write kube-apiserver manifest
-  template:
-    src: manifests/kube-apiserver.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-apisever.manifest"
-  notify:
-    - restart kubelet
-
- meta: flush_handlers
-
- name: wait for the apiserver to be running (pulling image and running container)
-  wait_for:
-    port: "{{kube_apiserver_insecure_port}}"
-    delay: 10
-
- name: install required python module 'httplib2'
-  apt:
-    name: "python-httplib2"
-    state: present
-  when: inventory_hostname == groups['kube-master'][0]
-
- name: Create 'kube-system' namespace
-  uri:
-    url: http://127.0.0.1:{{ kube_apiserver_insecure_port }}/api/v1/namespaces
-    method: POST
-    body: '{"apiVersion":"v1","kind":"Namespace","metadata":{"name":"kube-system"}}'
-    status_code: 201,409
-    body_format: json
-  run_once: yes
-  when: inventory_hostname == groups['kube-master'][0]
-
- name: Write kube-controller-manager manifest
-  template:
-    src: manifests/kube-controller-manager.manifest.j2
-    dest: "{{ kube_config_dir }}/kube-controller-manager.manifest"
-
- name: Write kube-scheduler manifest
-  template:
-    src: manifests/kube-scheduler.manifest.j2
-    dest: "{{ kube_config_dir }}/kube-scheduler.manifest"
-
- name: Write podmaster manifest
-  template:
-    src: manifests/kube-podmaster.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-podmaster.manifest"
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Config
-current-context: kubectl-to-{{ cluster_name }}
-preferences: {}
-clusters:
- cluster:
-    certificate-authority-data: {{ kube_node_cert|b64encode }}
-    server: https://{{ groups['kube-master'][0] }}:{{ kube_apiserver_port }}
-  name: {{ cluster_name }}
-contexts:
- context:
-    cluster: {{ cluster_name }}
-    user: kubectl
-  name: kubectl-to-{{ cluster_name }}
-users:
- name: kubectl
-  user:
-    token: {{ kubectl_token }}
@@ -1,53 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-apiserver
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-apiserver
-    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-    command:
-    - /hyperkube
-    - apiserver
-    - --insecure-bind-address=0.0.0.0
-    - --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
-
-    - --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
-    - --service-cluster-ip-range={{ kube_service_addresses }}
-    - --client-ca-file={{ kube_cert_dir }}/ca.pem
-    - --basic-auth-file={{ kube_users_dir }}/known_users.csv
-    - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
-    - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
-    - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
-    - --secure-port={{ kube_apiserver_port }}
-    - --insecure-port={{ kube_apiserver_insecure_port }}
-{% if kube_api_runtime_config is defined %}
-{%   for conf in kube_api_runtime_config %}
-    - --runtime-config={{ conf }}
-{%   endfor %}
-{% endif %}
-    - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
-    - --v={{ kube_log_level | default('2') }}
-    - --allow-privileged=true
-    ports:
-    - containerPort: {{ kube_apiserver_port }}
-      hostPort: {{ kube_apiserver_port }}
-      name: https
-    - containerPort: {{ kube_apiserver_insecure_port }}
-      hostPort: {{ kube_apiserver_insecure_port }}
-      name: local
-    volumeMounts:
-    - mountPath: {{ kube_config_dir }}
-      name: kubernetes-config
-      readOnly: true
-    - mountPath: /etc/ssl/certs
-      name: ssl-certs-host
-      readOnly: true
-  volumes:
-  - hostPath:
-      path: {{ kube_config_dir }}
-    name: kubernetes-config
-  - hostPath:
-      path: /usr/share/ca-certificates
-    name: ssl-certs-host
@@ -1,38 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-controller-manager
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-controller-manager
-    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-    command:
-    - /hyperkube
-    - controller-manager
-    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
-    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
-    - --root-ca-file={{ kube_cert_dir }}/ca.pem
-    - --v={{ kube_log_level | default('2') }}
-    livenessProbe:
-      httpGet:
-        host: 127.0.0.1
-        path: /healthz
-        port: 10252
-      initialDelaySeconds: 15
-      timeoutSeconds: 1
-    volumeMounts:
-    - mountPath: {{ kube_cert_dir }}
-      name: ssl-certs-kubernetes
-      readOnly: true
-    - mountPath: /etc/ssl/certs
-      name: ssl-certs-host
-      readOnly: true
-  volumes:
-  - hostPath:
-      path: {{ kube_cert_dir }}
-    name: ssl-certs-kubernetes
-  - hostPath:
-      path: /usr/share/ca-certificates
-    name: ssl-certs-host
@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-podmaster
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: scheduler-elector
-    image: gcr.io/google_containers/podmaster:1.1
-    command:
-    - /podmaster
-    - --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
-
-    - --key=scheduler
-    - --source-file={{ kube_config_dir}}/kube-scheduler.manifest
-    - --dest-file={{ kube_manifest_dir }}/kube-scheduler.manifest
-    volumeMounts:
-    - mountPath: {{ kube_config_dir }}
-      name: manifest-src
-      readOnly: true
-    - mountPath: {{ kube_manifest_dir }}
-      name: manifest-dst
-  - name: controller-manager-elector
-    image: gcr.io/google_containers/podmaster:1.1
-    command:
-    - /podmaster
-    - --etcd-servers={% for srv in groups['etcd'] %}http://{{ srv }}:2379{% if not loop.last %},{% endif %}{% endfor %}
-
-    - --key=controller
-    - --source-file={{ kube_config_dir }}/kube-controller-manager.manifest
-    - --dest-file={{ kube_manifest_dir }}/kube-controller-manager.manifest
-    terminationMessagePath: /dev/termination-log
-    volumeMounts:
-    - mountPath: {{ kube_config_dir }}
-      name: manifest-src
-      readOnly: true
-    - mountPath: {{ kube_manifest_dir }}
-      name: manifest-dst
-  volumes:
-  - hostPath:
-      path: {{ kube_config_dir }}
-    name: manifest-src
-  - hostPath:
-      path: {{ kube_manifest_dir }}
-    name: manifest-dst
@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-scheduler
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-scheduler
-    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-    command:
-    - /hyperkube
-    - scheduler
-    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
-    - --v={{ kube_log_level | default('2') }}
-    livenessProbe:
-      httpGet:
-        host: 127.0.0.1
-        path: /healthz
-        port: 10251
-      initialDelaySeconds: 15
-      timeoutSeconds: 1
@@ -1,49 +0,0 @@
-# This directory is where all the additional scripts go
-# that Kubernetes normally puts in /srv/kubernetes.
-# This puts them in a sane location
-kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
-
-# This directory is where all the additional config stuff goes
-# the kubernetes normally puts in /srv/kubernets.
-# This puts them in a sane location.
-# Editting this value will almost surely break something. Don't
-# change it. Things like the systemd scripts are hard coded to
-# look in here. Don't do it.
-kube_config_dir: /etc/kubernetes
-
-# This is where all the cert scripts and certs will be located
-kube_cert_dir: "{{ kube_config_dir }}/ssl"
-
-# This is where all of the bearer tokens will be stored
-kube_token_dir: "{{ kube_config_dir }}/tokens"
-
-# This is where to save basic auth file
-kube_users_dir: "{{ kube_config_dir }}/users"
-
-# This is where you can drop yaml/json files and the kubelet will run those
-# pods on startup
-kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-
-# This is the group that the cert creation scripts chgrp the
-# cert files to. Not really changable...
-kube_cert_group: kube-cert
-
-dns_domain: "{{ cluster_name }}"
-
-kube_proxy_mode: userspace
-
-# Temporary image, waiting for official google release
-#  hyperkube_image_repo: gcr.io/google_containers/hyperkube
-hyperkube_image_repo: quay.io/smana/hyperkube
-hyperkube_image_tag: v1.1.3
-
-# IP address of the DNS server.
-# Kubernetes will create a pod with several containers, serving as the DNS
-# server and expose it under this IP address. The IP address must be from
-# the range specified as kube_service_addresses. This magic will actually
-# pick the 10th ip address in the kube_service_addresses range and use that.
-dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
-
-kube_api_runtime_config:
-  - extensions/v1beta1/daemonsets=true
-  - extensions/v1beta1/deployments=true
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-# Copyright 2015 The Kubernetes Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-token_dir=${TOKEN_DIR:-/var/srv/kubernetes}
-token_file="${token_dir}/known_tokens.csv"
-
-create_accounts=($@)
-
-touch "${token_file}"
-for account in "${create_accounts[@]}"; do
-  if grep ",${account}," "${token_file}" ; then
-    continue
-  fi
-  token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null)
-  echo "${token},${account},${account}" >> "${token_file}"
-  echo "${token}" > "${token_dir}/${account}.token"
-  echo "Added ${account}"
-done
@@ -1,107 +0,0 @@
-#!/bin/bash
-
-# Author: skahlouc@skahlouc-laptop
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -o errexit
-set -o pipefail
-
-usage()
-{
-    cat << EOF
-Create self signed certificates
-
-Usage : $(basename $0) -f <config> [-c <cloud_provider>] [-d <ssldir>] [-g <ssl_group>]
-      -h | --help         : Show this message
-      -f | --config       : Openssl configuration file
-      -c | --cloud        : Cloud provider (GCE, AWS or AZURE)
-      -d | --ssldir       : Directory where the certificates will be installed
-      -g | --sslgrp       : Group of the certificates
-               
-               ex : 
-               $(basename $0) -f openssl.conf -c GCE -d /srv/ssl -g kube
-EOF
-}
-
-# Options parsing
-while (($#)); do
-    case "$1" in
-        -h | --help)   usage;   exit 0;;
-        -f | --config) CONFIG=${2}; shift 2;;
-        -c | --cloud) CLOUD=${2}; shift 2;;
-        -d | --ssldir) SSLDIR="${2}"; shift 2;; 
-        -g | --group) SSLGRP="${2}"; shift 2;;
-        *)
-            usage
-            echo "ERROR : Unknown option"
-            exit 3
-        ;;
-    esac
-done
-
-if [ -z ${CONFIG} ]; then
-    echo "ERROR: the openssl configuration file is missing. option -f"
-    exit 1
-fi
-if [ -z ${SSLDIR} ]; then
-    SSLDIR="/etc/kubernetes/certs"
-fi
-if [ -z ${SSLGRP} ]; then
-    SSLGRP="kube-cert"
-fi
-
-#echo "config=$CONFIG, cloud=$CLOUD, certdir=$SSLDIR, certgroup=$SSLGRP"
-
-SUPPORTED_CLOUDS="GCE AWS AZURE"
-
-# TODO: Add support for discovery on other providers?
-if [ "${CLOUD}" == "GCE" ]; then
-  CLOUD_IP=$(curl -s -H Metadata-Flavor:Google http://metadata.google.internal./computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip)
-fi
-
-if [ "${CLOUD}" == "AWS" ]; then
-  CLOUD_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
-fi
-
-if [ "${CLOUD}" == "AZURE" ]; then
-  CLOUD_IP=$(uname -n | awk -F. '{ print $2 }').cloudapp.net
-fi
-
-tmpdir=$(mktemp -d --tmpdir kubernetes_cacert.XXXXXX)
-trap 'rm -rf "${tmpdir}"' EXIT
-cd "${tmpdir}"
-
-mkdir -p "${SSLDIR}"
-
-# Root CA
-openssl genrsa -out ca-key.pem 2048 > /dev/null 2>&1
-openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca" > /dev/null 2>&1
-
-# Apiserver
-openssl genrsa -out apiserver-key.pem 2048 > /dev/null 2>&1
-openssl req -new -key apiserver-key.pem -out apiserver.csr -subj "/CN=kube-apiserver" -config ${CONFIG} > /dev/null 2>&1
-openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out apiserver.pem -days 365 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1
-
-# Nodes and Admin
-for i in node admin; do
-    openssl genrsa -out ${i}-key.pem 2048 > /dev/null 2>&1
-    openssl req -new -key ${i}-key.pem -out ${i}.csr -subj "/CN=kube-${i}" > /dev/null 2>&1
-    openssl x509 -req -in ${i}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${i}.pem -days 365 > /dev/null 2>&1
-done
-
-# Install certs
-mv *.pem ${SSLDIR}/
-chgrp ${SSLGRP} ${SSLDIR}/*
-chmod 600 ${SSLDIR}/*-key.pem
-chown root:root ${SSLDIR}/*-key.pem
@@ -1,20 +0,0 @@
---
- name: restart daemons
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart reloaded-kubelet
-
- name: reload systemd
-  command: systemctl daemon-reload
-
- name: restart kubelet
-  command: /bin/true
-  notify:
-    - reload systemd
-    - restart reloaded-kubelet
-
- name: restart reloaded-kubelet
-  service:
-    name: kubelet
-    state: restarted
@@ -1,28 +0,0 @@
---
- name: certs | install cert generation script
-  copy:
-    src=make-ssl.sh
-    dest={{ kube_script_dir }}
-    mode=0500
-  changed_when: false
-
- name: certs | write openssl config
-  template:
-    src: "openssl.conf.j2"
-    dest: "{{ kube_config_dir }}/.openssl.conf"
-
- name: certs | run cert generation script
-  shell: >
-    {{ kube_script_dir }}/make-ssl.sh
-    -f {{ kube_config_dir }}/.openssl.conf
-    -g {{ kube_cert_group }}
-    -d {{ kube_cert_dir }}
-  args:
-    creates: "{{ kube_cert_dir }}/apiserver.pem"
-
- name: certs | check certificate permissions
-  file:
-    path={{ kube_cert_dir }}
-    group={{ kube_cert_group }}
-    owner=kube
-    recurse=yes
@@ -1,26 +0,0 @@
---
- name: tokens | copy the token gen script
-  copy:
-    src=kube-gen-token.sh
-    dest={{ kube_script_dir }}
-    mode=u+x
-
- name: tokens | generate tokens for master components
-  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
-  environment:
-    TOKEN_DIR: "{{ kube_token_dir }}"
-  with_nested:
-    - [ "system:kubectl" ]
-    - "{{ groups['kube-master'] }}"
-  register: gentoken
-  changed_when: "'Added' in gentoken.stdout"
-
- name: tokens | generate tokens for node components
-  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
-  environment:
-    TOKEN_DIR: "{{ kube_token_dir }}"
-  with_nested:
-    - [ 'system:kubelet' ]
-    - "{{ groups['kube-node'] }}"
-  register: gentoken
-  changed_when: "'Added' in gentoken.stdout"
@@ -1,13 +0,0 @@
---
- name: Write kubelet systemd init file
-  template: src=kubelet.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes
-  notify: restart kubelet
-
- name: Install kubelet binary
-  copy:
-     src={{ local_release_dir }}/kubernetes/bin/kubelet
-     dest={{ bin_dir }}
-     owner=kube
-     mode=0755
-  notify:
-    - restart kubelet
@@ -1,49 +0,0 @@
---
- name: create kubernetes config directory
-  file: path={{ kube_config_dir }} state=directory
-
- name: create kubernetes script directory
-  file: path={{ kube_script_dir }} state=directory
-
- name: Make sure manifest directory exists
-  file: path={{ kube_manifest_dir }} state=directory
-
-
- name: certs | create system kube-cert groups
-  group: name={{ kube_cert_group }} state=present system=yes
-
- name: create system kube user
-  user:
-    name=kube
-    comment="Kubernetes user"
-    shell=/sbin/nologin
-    state=present
-    system=yes
-    groups={{ kube_cert_group }}
-
- include: install.yml
-
- include: secrets.yml
-  tags:
-    - secrets
-
- name: Write kubelet config file
-  template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.conf backup=yes
-  notify:
-    - restart kubelet
-
- name: write the kubecfg (auth) file for kubelet
-  template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
-  notify:
-    - restart kubelet
-
- name: Write proxy manifest
-  template: 
-    src: manifests/kube-proxy.manifest.j2
-    dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
-
- name: Enable kubelet
-  service:
-    name: kubelet
-    enabled: yes
-    state: started
@@ -1,52 +0,0 @@
---
- name: certs | make sure the certificate directory exits
-  file:
-    path={{ kube_cert_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
-
- name: tokens | make sure the tokens directory exits
-  file:
-    path={{ kube_token_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
-
- include: gen_certs.yml
-  run_once: true
-  when: inventory_hostname == groups['kube-master'][0]
-
- include: gen_tokens.yml
-  run_once: true
-  when: inventory_hostname == groups['kube-master'][0]
-
-# Sync certs between nodes
- user:
-    name: '{{ansible_user_id}}'
-    generate_ssh_key: yes
-  delegate_to: "{{ groups['kube-master'][0] }}"
-  run_once: yes
-
- name: 'get ssh keypair'
-  slurp: path=~/.ssh/id_rsa.pub
-  register: public_key
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: 'setup keypair on nodes'
-  authorized_key:
-    user: '{{ansible_user_id}}'
-    key: "{{public_key.content|b64decode }}"
-
- name: synchronize certificates for nodes
-  synchronize:
-    src: "{{ item }}"
-    dest: "{{ kube_cert_dir }}"
-    recursive: yes
-    delete: yes
-    rsync_opts: [ '--one-file-system']
-  with_items:
-    - "{{ kube_cert_dir}}/ca.pem"
-    - "{{ kube_cert_dir}}/node.pem"
-    - "{{ kube_cert_dir}}/node-key.pem"
-  delegate_to: "{{ groups['kube-master'][0] }}"
@@ -1,24 +0,0 @@
-KUBE_LOGTOSTDERR="--logtostderr=true"
-KUBE_LOG_LEVEL="--v={{ kube_log_level | default('2') }}"
-KUBE_ALLOW_PRIV="--allow_privileged=true"
-KUBELET_API_SERVER="--api_servers={% for host in groups['kube-master'] %}https://{{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
-KUBELET_ADDRESS="--address=0.0.0.0"
-# The port for the info server to serve on
-# KUBELET_PORT="--port=10250"
-# You may leave this blank to use the actual hostname
-KUBELET_HOSTNAME="--hostname_override={{ inventory_hostname }}"
-{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
-KUBELET_REGISTER_NODE="--register-node=false"
-{% endif %}
-# location of the api-server
-{% if dns_setup %}
-KUBELET_ARGS="--cluster_dns={{ dns_server }} --cluster_domain={{ dns_domain }} --kubeconfig={{ kube_config_dir}}/node-kubeconfig.yaml --config={{ kube_manifest_dir }}"
-{% else %}
-KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --config={{ kube_manifest_dir }}"
-{% endif %}
-{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-KUBELET_NETWORK_PLUGIN="--network_plugin={{ kube_network_plugin }}"
-{% endif %}
-# Should this cluster be allowed to run privileged docker containers
-KUBE_ALLOW_PRIV="--allow_privileged=true"
@@ -1,27 +0,0 @@
-[Unit]
-Description=Kubernetes Kubelet Server
-Documentation=https://github.com/GoogleCloudPlatform/kubernetes
-{% if kube_network_plugin is defined and kube_network_plugin == "calico" %}
-After=docker.service calico-node.service
-{% else %}
-After=docker.service
-{% endif %}
-
-[Service]
-EnvironmentFile=/etc/kubernetes/kubelet.conf
-EnvironmentFile=/etc/network-environment
-ExecStart={{ bin_dir }}/kubelet \
-	    $KUBE_LOGTOSTDERR \
-	    $KUBE_LOG_LEVEL \
-	    $KUBELET_API_SERVER \
-	    $KUBELET_ADDRESS \
-	    $KUBELET_PORT \
-	    $KUBELET_HOSTNAME \
-	    $KUBE_ALLOW_PRIV \
-	    $KUBELET_ARGS \
-	    $KUBELET_REGISTER_NODE \
-	    $KUBELET_NETWORK_PLUGIN
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: kube-proxy
-  namespace: kube-system
-spec:
-  hostNetwork: true
-  containers:
-  - name: kube-proxy
-    image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-    command:
-    - /hyperkube
-    - proxy
-    - --v={{ kube_log_level | default('2') }}
-{% if inventory_hostname in groups['kube-master'] %}
-    - --master=http://127.0.0.1:{{kube_apiserver_insecure_port}}
-{% else %}
-{%   if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
-    - --master=https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port }}
-{%   else %}
-    - --master=https://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{ kube_apiserver_port }}
-{%   endif%}
-    - --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
-{% endif %}
-    securityContext:
-      privileged: true
-    volumeMounts:
-    - mountPath: /etc/ssl/certs
-      name: ssl-certs-host
-      readOnly: true
-    - mountPath: /etc/kubernetes/node-kubeconfig.yaml
-      name: "kubeconfig"
-      readOnly: true
-    - mountPath: /etc/kubernetes/ssl
-      name: "etc-kube-ssl"
-      readOnly: true
-  volumes:
-  - name: ssl-certs-host
-    hostPath:
-      path: /usr/share/ca-certificates
-  - name: "kubeconfig"
-    hostPath:
-      path: "/etc/kubernetes/node-kubeconfig.yaml"
-  - name: "etc-kube-ssl"
-    hostPath:
-      path: "/etc/kubernetes/ssl"
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
- name: local
-  cluster:
-    certificate-authority: {{ kube_cert_dir }}/ca.pem
-users:
- name: kubelet
-  user:
-    client-certificate: {{ kube_cert_dir }}/node.pem
-    client-key: {{ kube_cert_dir }}/node-key.pem
-contexts:
- context:
-    cluster: local
-    user: kubelet
-  name: kubelet-{{ cluster_name }}
-current-context: kubelet-{{ cluster_name }}
@@ -1,20 +0,0 @@
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = kubernetes
-DNS.2 = kubernetes.default
-DNS.3 = kubernetes.default.svc.{{ dns_domain }}
-{% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
-DNS.4 = {{ apiserver_loadbalancer_domain_name }}
-{% endif %}
-{% for host in groups['kube-master'] %}
-IP.{{ loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
-{% endfor %}
-{% set idx =  groups['kube-master'] | length | int + 1 %}
-IP.{{ idx | string }} = {{ kube_apiserver_ip }}
@@ -1,28 +0,0 @@
---
- name: restart calico-node
-  service: name=calico-node state=restarted
-
- name: restart docker
-  service: name=docker state=restarted
-
- name: restart flannel
-  service: name=flannel state=restarted
-  notify:
-    - reload systemd
-    - stop docker
-    - delete docker0
-    - start docker
-  when: inventory_hostname in groups['kube-node']
-
- name: stop docker
-  service: name=docker state=stopped
-
- name: delete docker0
-  command: ip link delete docker0
-  ignore_errors: yes
-
- name: start docker
-  service: name=docker state=started
-
- name : reload systemd
-  shell: systemctl daemon-reload
@@ -1,41 +0,0 @@
---
- name: Calico | Install calicoctl bin
-  copy:
-     src={{ local_release_dir }}/calico/bin/calicoctl
-     dest={{ bin_dir }}
-     mode=0755
-  notify: restart calico-node
-
- name: Calico | Create calicoctl symlink (needed by kubelet)
-  file: src=/usr/local/bin/calicoctl dest=/usr/bin/calicoctl state=link
-
- name: Calico | Configure calico-node desired pool
-  shell: calicoctl pool add {{ kube_pods_subnet }}
-  environment:
-     ETCD_AUTHORITY: "{{ groups['etcd'][0] }}:2379"
-  run_once: true
-  delegate_to: "{{ groups['etcd'][0] }}"
-
- name: Calico | Write calico-node systemd init file
-  template: src=calico/calico-node.service.j2 dest=/etc/systemd/system/calico-node.service
-  register: newservice
-  notify:
-    - reload systemd
-    - restart calico-node
-
- name: Calico | daemon-reload
-  command: systemctl daemon-reload
-  when: newservice|changed
-  changed_when: False
-
- name: Calico | Enable calico-node
-  service: name=calico-node enabled=yes state=started
-
- name: Calico | Disable node mesh
-  shell: calicoctl bgp node-mesh off
-  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
-
- name: Calico | Configure peering with router(s)
-  shell: calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}
-  with_items: peers
-  when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
@@ -1,53 +0,0 @@
---
- name: Create flannel user
-  user: name=flannel shell=/bin/nologin
-
- name: Install flannel binaries
-  copy: 
-     src={{ local_release_dir }}/flannel/bin/flanneld
-     dest={{ bin_dir }}
-     owner=flannel
-     mode=u+x
-  notify:
-    - restart flannel
-
- name: Write flannel.service systemd file
-  template:
-    src: flannel/systemd-flannel.service.j2
-    dest: /etc/systemd/system/flannel.service
-  notify: restart flannel
-
- name: Write docker.service systemd file
-  template:
-    src: flannel/systemd-docker.service.j2
-    dest: /lib/systemd/system/docker.service
-  notify: restart docker
-
- name: Set fact for ectcd command conf file location
-  set_fact:
-    conf_file: "/tmp/flannel-conf.json"
-  run_once: true
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Create flannel config file to go in etcd
-  template: src=flannel/flannel-conf.json.j2 dest={{ conf_file }}
-  run_once: true
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Flannel configuration into etcd
-  shell: "{{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config < {{ conf_file }}"
-  delegate_to: "{{ groups['kube-master'][0] }}"
-  notify: restart flannel
-
- name: Clean up the flannel config file
-  file: path=/tmp/flannel-config.json state=absent
-  run_once: true
-  delegate_to: "{{ groups['kube-master'][0] }}"
-
- name: Launch Flannel
-  service: name=flannel state=started enabled=yes
-  notify:
-    - restart flannel
-
- name: Enable Docker
-  service: name=docker enabled=yes state=started
@@ -1,16 +0,0 @@
---
- name: "Test if network plugin is defined"
-  fail: msg="ERROR, One network_plugin variable must be defined (Flannel or Calico)"
-  when: ( kube_network_plugin is defined and kube_network_plugin == "calico" and kube_network_plugin == "flannel" ) or
-        kube_network_plugin is not defined 
-
- name: Write network-environment
-  template: src=network-environment.j2 dest=/etc/network-environment mode=u+x
-
- include: flannel.yml
-  when: kube_network_plugin == "flannel"
-
- include: calico.yml
-  when: kube_network_plugin == "calico"
-
- meta: flush_handlers
@@ -1,20 +0,0 @@
-[Unit]
-Description=Calico per-node agent
-Documentation=https://github.com/projectcalico/calico-docker
-Requires=docker.service
-After=docker.service etcd2.service
-
-[Service]
-EnvironmentFile=/etc/network-environment
-User=root
-PermissionsStartOnly=true
-{% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip=${DEFAULT_IPV4} --as={{ local_as }} --detach=false
-{%     else %}
-ExecStart={{ bin_dir }}/calicoctl node --kubernetes --ip=${DEFAULT_IPV4} --detach=false
-{%     endif %}
-Restart=always
-Restart=10
-
-[Install]
-WantedBy=multi-user.target
@@ -1 +0,0 @@
-{ "Network": "{{ kube_service_addresses }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "vxlan" } }
@@ -1,17 +0,0 @@
-[Unit]
-Description=Docker Application Container Engine
-Documentation=http://docs.docker.com
-After=network.target docker.socket flannel.service
-Requires=docker.socket
-
-[Service]
-EnvironmentFile=/run/flannel/subnet.env
-EnvironmentFile=-/etc/default/docker
-ExecStart=/usr/bin/docker -d -H fd:// --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} $DOCKER_OPTS
-MountFlags=slave
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-
-[Install]
-WantedBy=multi-user.target
@@ -1,12 +0,0 @@
-[Unit]
-Description=Flannel Network Overlay
-Documentation=https://coreos.com/flannel/docs/latest
-
-[Service]
-EnvironmentFile=/etc/network-environment
-ExecStart={{ bin_dir }}/flanneld \
-       $FLANNEL_ETCD_PREFIX
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
@@ -1,22 +0,0 @@
-#! /usr/bin/bash
-{% if kube_network_plugin == "calico" %}
-# This node's IPv4 address
-CALICO_IPAM=true
-DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
-
-# The kubernetes master IP
-KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}
-
-# Location of etcd cluster used by Calico.  By default, this uses the etcd
-# instance running on the Kubernetes Master
-{% if inventory_hostname in groups['etcd'] %}
-ETCD_AUTHORITY="127.0.0.1:2379"
-{% else %}
-ETCD_AUTHORITY="127.0.0.1:23799"
-{% endif %}
-
-# The kubernetes-apiserver location - used by the calico plugin
-KUBE_API_ROOT=http://{{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address']) }}:{{kube_apiserver_insecure_port}}/api/v1/
-{% else %}
-FLANNEL_ETCD_PREFIX="--etcd-prefix=/{{ cluster_name }}/network"
-{% endif %}
@@ -0,0 +1,5 @@
+#!/bin/bash
+mkdir -p ssh
+if ! [ -f ssh/id_rsa ] ; then
+  ssh-keygen -N '' -t rsa -f ssh/id_rsa && cp ssh/id_rsa.pub ssh/authorized_keys
+fi
Author	SHA1	Message	Date
Aleksandr Didenko	0e48ce51ce	Multiple fixes to deployment scripts and lab - Clean up private/pub keys from k8s nodes - Install kpm on k8s nodes, not on master node	2016-06-20 12:02:25 +02:00
Aleksandr Didenko	bc29db7bd2	Fixes and improvements - Move kubedns to a separate mini playbook - Fix custom.yaml location	2016-06-20 11:06:01 +02:00
Aleksandr Didenko	8d8622bbb9	Switch to ansible-2.1	2016-06-20 09:58:09 +02:00
Aleksandr Didenko	943edb6dd2	Fix permissions and kargo custom.yaml	2016-06-20 09:13:07 +02:00
Aleksandr Didenko	c81457c617	Update README	2016-06-16 17:50:44 +02:00
Aleksandr Didenko	4c6f85b8ae	Start counting k8s nodes from 2 First node is our master node.	2016-06-16 14:42:53 +02:00
Aleksandr Didenko	60fa68e5f7	Bugfix: return missing deploy command	2016-06-16 14:36:07 +02:00
Aleksandr Didenko	ea5b40ae0e	Fix ssh config	2016-06-16 14:28:29 +02:00
Aleksandr Didenko	daf02e029c	Fix nodes list	2016-06-16 13:00:51 +02:00
Aleksandr Didenko	3824493b1d	Added README	2016-06-16 12:36:58 +02:00
Aleksandr Didenko	cdfbcc1046	Remove SSH keys and generate them instead	2016-06-16 12:29:33 +02:00
Aleksandr Didenko	62e98bd4b0	Removing deprecated stuff	2016-06-16 12:19:27 +02:00
Aleksandr Didenko	43b2b5b464	Bugfixing for newly added code with kargo-clu support	2016-06-16 12:00:18 +02:00
Aleksandr Didenko	531f611ea3	Add support for deployment via kargo-cli	2016-06-16 11:49:17 +02:00
Aleksandr Didenko	b9ed54812b	Remove controlled by puppet line	2016-06-15 11:50:09 +02:00
Aleksandr Didenko	338749be16	Added README for master node with usefill commands	2016-06-15 11:48:50 +02:00
Aleksandr Didenko	a2f3048e7a	Added some packages to bootstrap script	2016-06-15 10:26:44 +02:00
Aleksandr Didenko	b009ca3ff8	Fix inv dir copy command	2016-06-14 19:10:20 +02:00
Aleksandr Didenko	c714660c0b	Updates to use new inventory settings	2016-06-14 19:04:09 +02:00
Aleksandr Didenko	70519e2c5a	Refactor inventroty for the lab	2016-06-14 19:02:27 +02:00
Aleksandr Didenko	d365fab9ec	Add inventory.cfg download to bootstrap script	2016-06-14 18:51:43 +02:00
Aleksandr Didenko	785169b934	Added inventory.cfg for the lab	2016-06-14 18:49:31 +02:00
Aleksandr Didenko	48e2062d92	Added apt-get commands to bootstrap-node	2016-06-14 18:40:41 +02:00
Aleksandr Didenko	d894529f07	Update ssh/config on master node	2016-06-14 18:30:30 +02:00
Oleksandr Didenko	7e08800876	Initial commit	2016-06-14 18:21:56 +02:00
				`@@ -1 +0,0 @@`
				`deb https://apt.dockerproject.org/repo {{ansible_distribution\|lower}}-{{ ansible_distribution_release}} main`
				`@@ -1 +0,0 @@`
				`{ "Network": "{{ kube_service_addresses }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "vxlan" } }`