Merge "Update kubeadm kubernetes version to 1.13.4"

This commit is contained in:
Zuul 2019-03-20 02:28:35 +00:00 committed by Gerrit Code Review
commit e97faaaf0f
8 changed files with 64 additions and 76 deletions

View File

@ -13,7 +13,7 @@
# limitations under the License.
version:
kubernetes: v1.10.9
kubernetes: v1.13.4
helm: v2.13.0
cni: v0.6.0

View File

@ -18,7 +18,7 @@
set -xe
: ${HELM_VERSION:="v2.13.0"}
: ${KUBE_VERSION:="v1.12.2"}
: ${KUBE_VERSION:="v1.13.4"}
: ${MINIKUBE_VERSION:="v0.30.0"}
: ${CALICO_VERSION:="v3.3"}

View File

@ -34,7 +34,7 @@ ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL}
ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm
ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL}
ARG KUBE_VERSION="v1.10.9"
ARG KUBE_VERSION="v1.13.4"
ENV KUBE_VERSION ${KUBE_VERSION}
ARG CNI_VERSION="v0.6.0"

View File

@ -18,12 +18,10 @@ set -e
if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then
: ${TTL:="10m"}
DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')"
TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")"
DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')"
API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()")
exec echo "kubeadm join \
--tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \
--discovery-token ${DISCOVERY_TOKEN} \
--token ${DISCOVERY_TOKEN} \
--discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \
${API_SERVER}"
elif [ "x${ACTION}" == "xjoin-kube" ]; then

View File

@ -43,53 +43,53 @@
delegate_to: 127.0.0.1
block:
- name: master | deploy | certs | etcd-ca
command: kubeadm alpha phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | etcd-server
command: kubeadm alpha phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | etcd-peer
command: kubeadm alpha phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | etcd-healthcheck-client
command: kubeadm alpha phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | ca
command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | apiserver
command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | apiserver-etcd-client
command: kubeadm alpha phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | apiserver-kubelet-client
command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | sa
command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs sa
- name: master | deploy | certs | front-proxy-ca
command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | certs | front-proxy-client
command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: generating kubeconfigs
delegate_to: 127.0.0.1
block:
- name: master | deploy | kubeconfig | admin
command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | kubeconfig | kubelet
command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | kubeconfig | controller-manager
command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | kubeconfig | scheduler
command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: generating etcd static manifest
delegate_to: 127.0.0.1
command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: generating controlplane static manifests
delegate_to: 127.0.0.1
block:
- name: master | deploy | controlplane | apiserver
command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | controlplane | controller-manager
command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: master | deploy | controlplane | scheduler
command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: wait for kube components
delegate_to: 127.0.0.1
@ -118,7 +118,7 @@
- name: deploying kube-proxy
delegate_to: 127.0.0.1
command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- include_tasks: helm-cni.yaml
@ -142,17 +142,19 @@
when: k8s.keystoneAuth|bool == true
- include_tasks: helm-deploy.yaml
- name: uploading cluster config to api
- name: uploading kubeadm config
delegate_to: 127.0.0.1
command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: uploading kubelet config
delegate_to: 127.0.0.1
command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: generating bootstrap-token objects
delegate_to: 127.0.0.1
block:
- name: master | deploy | bootstrap-token | allow-post-csrs
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
- name: master | deploy | bootstrap-token | allow-auto-approve
command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
- name: master | deploy | bootstrap-token
command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf
- name: generating bootstrap-token objects
delegate_to: 127.0.0.1
@ -209,7 +211,7 @@
- name: converting the cluster to be selfhosted
when: k8s.selfHosted|bool == true
delegate_to: 127.0.0.1
command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
- name: setting up kubectl client and kubeadm on host
block:

View File

@ -1,49 +1,38 @@
#jinja2: trim_blocks:False
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: {{ k8s.kubernetesVersion }}
imageRepository: {{ k8s.imageRepository }}
nodeName: {{ kubeadm_node_hostname }}
api:
advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
bindPort: {{ k8s.api.bindPort }}
# etcd:
# endpoints:
# - <endpoint1|string>
# - <endpoint2|string>
# caFile: <path|string>
# certFile: <path|string>
# keyFile: <path|string>
# dataDir: <path|string>
# extraArgs:
# <argument>: <value|string>
# <argument>: <value|string>
# image: <string>
networking:
dnsDomain: {{ k8s.networking.dnsDomain }}
podSubnet: {{ k8s.networking.podSubnet }}
serviceSubnet: {{ k8s.networking.serviceSubnet }}
#cloudProvider: <string>
authorizationModes:
- Node
- RBAC
token: {{ kubeadm_bootstrap_token }}
tokenTTL: 24h0m0s
selfHosted: {{ k8s.selfHosted }}
apiServerExtraArgs:
service-node-port-range: "1024-65535"
feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
controllerManagerExtraArgs:
address: "0.0.0.0"
port: "10252"
apiServer:
extraArgs:
service-node-port-range: "1024-65535"
feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
controllerManager:
extraArgs:
address: "0.0.0.0"
port: "10252"
feature-gates: "PodShareProcessNamespace=true"
scheduler:
extraArgs:
address: "0.0.0.0"
port: "10251"
feature-gates: "PodShareProcessNamespace=true"
# <argument>: <value|string>
schedulerExtraArgs:
address: "0.0.0.0"
port: "10251"
feature-gates: "PodShareProcessNamespace=true"
# apiServerCertSANs:
# - <name1|string>
# - <name2|string>
certificatesDir: {{ k8s.certificatesDir }}
#unifiedControlPlaneImage: <string>
---
apiVersion: kubeadm.k8s.io/v1beta1
localAPIEndpoint:
advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
bindPort: {{ k8s.api.bindPort }}
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: {{ kubeadm_bootstrap_token }}
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration

View File

@ -4,10 +4,9 @@ Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manife
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf"
Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true"
#ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS

View File

@ -34,7 +34,7 @@ all:
helm:
tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0
k8s:
kubernetesVersion: v1.9.1
kubernetesVersion: v1.13.4
imageRepository: gcr.io/google_containers
certificatesDir: /etc/kubernetes/pki
selfHosted: false