Merge pull request #38 from QingCloudAppcenter/kubernetes-1.8.4

Kubernetes 1.8.4

ansible/build_images.retry

@@ -0,0 +1 @@
+172.16.2.2

ansible/build_images.yml

@@ -0,0 +1,11 @@
+---
+- name: build Kubernetese images
+  hosts: all
+  remote_user: root
+  roles:
+    - base
+    - docker
+    - qingcloudagent
+    - salt
+    - kubernetes
+    - kubernetes_addon

ansible/group_vars/all

@@ -0,0 +1 @@
+kubernetes_version: v1.8.4

ansible/inventories/hosts

@@ -0,0 +1,2 @@
+[kubernetes]
+172.16.2.2

ansible/roles/base/files/interfaces

@@ -0,0 +1,5 @@
+auto lo
+iface lo inet loopback
+
+allow-hotplug eth0
+iface eth0 inet dhcp

ansible/roles/base/files/logrotate

@@ -0,0 +1,2 @@
+#!/bin/sh
+logrotate /etc/logrotate.conf

ansible/roles/base/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: restart ntpd
+  service: name=ntp state=restarted

ansible/roles/base/tasks/debian.yaml

@@ -0,0 +1,27 @@
+- name: upgrade Debian family
+  apt:
+    upgrade: dist
+
+- name: install utilities 
+  apt:
+    name: "{{item}}"
+    state: latest
+  with_items:
+    - ebtables 
+    - socat 
+    - jq 
+    - apt-transport-https 
+    - ca-certificates
+    - curl
+    - software-properties-common
+    - bash-completion 
+    - ntp 
+    - wget
+    - logrotate
+    - python-pip
+  notify:
+    - restart ntpd
+- name: remove networkmanager
+  apt:
+    name: network-manager
+    state: absent

ansible/roles/base/tasks/main.yaml

@@ -0,0 +1,52 @@
+- name: setup Ubuntu image
+  include_tasks: debian.yaml
+  when: ansible_os_family == 'Debian'
+
+
+- name: setup Centos images
+  include_tasks: redhat.yaml
+  when: ansible_os_family == 'RedHat'
+
+- name: setup logrotate
+  copy:
+    src: files/{{item}}
+    dest: /etc/cron.hourly/{{item}}
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  with_items:
+    - logrotate
+
+- name: setup sysctl
+  sysctl:
+    name: "{{item.name}}"
+    state: present
+    value: "{{item.value }}"
+    sysctl_set: yes
+    reload: yes
+  with_items:
+    - { "name": "net.ipv4.ip_forward", "value": 1 }
+    - { "name": "vm.swappiness", "value": 1}
+    - { "name": "net.ipv4.conf.all.rp_filter", "value":  2}
+    - { "name": "vm.max_map_count", "value":  262144 }
+    - { "name": "fs.file-max", "value":  200000 }
+    - { "name": "fs.inotify.max_user_watches", "value":  1048576}
+    - { "name": "fs.inotify.max_user_instances", "value":  2048}
+
+- name: setup default nic
+  copy:
+    src: files/{{item}}
+    dest: /etc/network/{{item}}
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  with_items:
+    - interfaces
+
+- name: set timezone to UTC
+  timezone:
+    name: UTC
+  notify:
+    - restart ntpd

ansible/roles/base/tasks/redhat.yaml

@@ -0,0 +1,63 @@
+- name: install essential pkgs
+  become: yes
+  become_user: root
+  with_items:
+    - epel-release
+  yum:
+    name: '{{item}}'
+    state: present
+
+- name: install repo tool
+  become: yes
+  become_user: root
+  with_items:
+    - yum-plugin-fastestmirror
+  yum:
+    name: '{{item}}'
+    state: latest
+
+- name: Enable apply fastest mirror
+  ini_file:
+    path: /etc/yum/pluginconf.d/fastestmirror.conf
+    section: main
+    option: enabled
+    value: 1
+    backup: yes
+
+- name: upgrade all packages
+  yum:
+    name: '*'
+    state: latest
+
+- name: install utils pkgs
+  become: yes
+  become_user: root
+  with_items:
+    - yum-updateonboot
+    - yum-cron
+    - yum-plugin-fastestmirror
+    - ntp
+    - bash
+    - openssl
+  yum:
+    name: '{{item}}'
+    state: latest
+
+- name: Enable apply updated packages
+  ini_file:
+    path: /etc/yum/yum-cron.conf
+    section: commands
+    option: apply_updates
+    value: yes
+    backup: yes
+
+- name: enable services
+  become: yes
+  become_user: root
+  with_items:
+    - yum-updateonboot
+    - yum-cron
+    - ntpd
+  service:
+    name: '{{item}}'
+    enabled: yes

ansible/roles/docker/files/daemon.json

@@ -0,0 +1,3 @@
+{
+    "storage-driver": "overlay2"
+  }

ansible/roles/docker/files/docker-containers

@@ -0,0 +1,10 @@
+/data/var/lib/docker/containers/*/*-json.log {
+    rotate 1
+    copytruncate
+    missingok
+    notifempty
+    compress
+    maxsize 10M
+    daily
+    create 0644 root root
+}

ansible/roles/docker/handlers/main.yaml

@@ -0,0 +1,3 @@
+- name: restart docker
+  service: name=docker state=restarted
+

ansible/roles/docker/tasks/debian.yaml

@@ -0,0 +1,28 @@
+- name: remove old version of docker
+  apt:
+    name: "{{item}}"
+    state: absent
+  with_items:
+    - docker
+    - docker-engine
+    - docker.io
+
+- name: install docker repo key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    id: 0EBFCD88
+    state: present
+
+- name: install docker repo
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu {{ansible_lsb.codename}} stable
+    update_cache: true
+
+- name: install docker
+  apt:
+    name: "{{item}}"
+    state: latest
+  with_items:
+    - docker-ce
+  notify:
+    - restart docker

ansible/roles/docker/tasks/main.yaml

@@ -0,0 +1,53 @@
+- name: setup Ubuntu image
+  include_tasks: debian.yaml
+  when: ansible_os_family == 'Debian'
+
+
+- name: setup Centos images
+  include_tasks: redhat.yaml
+  when: ansible_os_family == 'RedHat'
+
+- name: setup docker python client
+  pip:
+    name: docker-py
+
+- name: enable docker
+  service:
+    name: docker
+    enabled: yes
+
+- name: setup logrotate
+  copy:
+    src: files/{{item}}
+    dest: /etc/logrotate.d/{{item}}
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  with_items:
+    - docker-containers
+
+- name: docker login
+  docker_login:
+    username: guest
+    password: guest
+    registry_url: https://dockerhub.qingcloud.com
+    state: present
+
+- name: setup storage driver
+  copy:
+    src: files/{{item}}
+    dest: /etc/docker/{{item}}
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  with_items:
+    - daemon.json
+  notify:
+    - restart docker
+
+- name: enable service def
+  systemd:
+    name: docker
+    enabled: yes

ansible/roles/kubernetes/files/kubelet.service

@@ -0,0 +1,36 @@
+[Unit]
+Description=Kubernetes Kubelet Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+
+[Service]
+WorkingDirectory=/data/var/lib/kubelet
+EnvironmentFile=-/etc/kubernetes/kubelet
+ExecStart=/usr/bin/kubelet \
+            $KUBE_LOGTOSTDERR \
+            $KUBE_LOG_LEVEL \
+            $KUBE_ALLOW_PRIV \
+            $KUBELET_ADDRESS \
+            $KUBELET_PORT \
+            $KUBELET_HOSTNAME \
+            $KUBELET_NETWORK_ARGS \
+            $KUBELET_SYSTEM_PODS_ARGS \
+            $KUBELET_KUBECONFIG_ARGS \
+            $KUBELET_DNS_ARGS \
+            $KUBE_CLOUD_PROVIDER \
+            $KUBELET_AUTHZ_ARGS \
+            $KUBELET_CGROUP_ARGS \
+            $KUBELET_EXTRA_ARGS \
+            $KUBELET_FLAGS \
+Restart=on-failure
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
+
+
+
+
+
+

ansible/roles/kubernetes/tasks/debian.yaml

@@ -0,0 +1,3 @@
+---
+- name: config kubernetes repo
+

ansible/roles/kubernetes/tasks/main.yaml

@@ -0,0 +1,47 @@
+
+- name: download kubernetes repo
+  get_url:
+    url: https://pek3a.qingstor.com/k8s-qingcloud/k8s/{{ kubernetes_version }}/bin/{{item}}
+    dest: /usr/bin/{{item}}
+    mode: 755
+  with_items:
+    - kubelet
+    - kubectl
+    - kubeadm
+
+- name: install shell completion
+  shell: |
+    kubectl completion bash >/etc/profile.d/kubectl.sh
+    kubeadm completion bash >/etc/profile.d/kubeadm.sh
+ 
+- name: install kubelet systemd def
+  copy:
+    src: files/{{item}}
+    dest: /etc/systemd/system/{{item}}
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+  with_items:
+    - kubelet.service
+
+- name: load service def
+  systemd:
+    daemon_reload: yes
+    name: kubelet
+    enabled: yes
+
+- name: pull docker images
+  docker_image:
+    name: dockerhub.qingcloud.com/google_containers/{{item.name}}:{{item.version}}
+    state: present
+  with_items:
+    - { name: "hyperkube-amd64", version: "{{kubernetes_version}}" }
+    - { name: "etcd-amd64", version: "3.0.17" }
+    - { name: "pause-amd64:3.0", version: "3.0"}
+    - { name: "k8s-dns-kube-dns-amd64", version: "1.14.5"}
+    - { name: "k8s-dns-dnsmasq-nanny-amd64", version: "1.14.5"}
+    - { name: "k8s-dns-sidecar-amd64", version: "1.14.5"}
+    - { name: "kube-addon-manager:", version: "v6.4-beta.2"}
+    - { name: "addon-resizer", version: "1.7"}
+

ansible/roles/kubernetes/vars/main.yml

@@ -0,0 +1,2 @@
+---
+kubernetes_version: v1.8.4

ansible/roles/kubernetes_addon/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: download docker images
+  docker_image:
+    name: dockerhub.qingcloud.com/{{item.repo}}/{{ item.name }}:{{item.version}}
+    state: present
+  with_items:
+    - { repo: "google_containers", name: "heapster-amd64", version: "v1.4.3"}
+    - { repo: "google_containers", name: "kibana", version: "v5.4.0"}
+    - { repo: "google_containers", name: "elasticsearch", version: "v5.5.1-1"}
+    - { repo: "google_containers", name: "kubernetes-dashboard-amd64",version: "v1.8.0"}