Merge branch 'master' into master

2025-10-24 11:16:22 +02:00 · 2018-09-28 11:00:02 +03:00 · 2018-09-28 11:00:02 +03:00 · a256d2cf6e
commit a256d2cf6e
parent 192e4cb431 0379cc47db
19 changed files with 199 additions and 99 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 *.retry
-tests/test.sh
+*/__pycache__
+*.pyc
--- a/.travis.yml
+++ b/.travis.yml
@ -1,25 +1,31 @@
 ---
+language: python
 services: docker

 env:
-  - distro: centos7
-  - distro: ubuntu1604
-  - distro: debian9
+  global:
+    - ROLE_NAME: kubernetes
+  matrix:
+    - MOLECULE_DISTRO: centos7
+      MOLECULE_DOCKER_COMMAND: /usr/lib/systemd/systemd
+    - MOLECULE_DISTRO: ubuntu1604
+      MOLECULE_DOCKER_COMMAND: /lib/systemd/systemd
+    - MOLECULE_DISTRO: debian9
+      MOLECULE_DOCKER_COMMAND: /lib/systemd/systemd
+
+install:
+  # Install test dependencies.
+  - pip install molecule docker
+
+before_script:
+  # Use actual Ansible Galaxy role name for the project directory.
+  - cd ../
+  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
+  - cd geerlingguy.$ROLE_NAME

 script:
-  # Configure test script so we can run extra tests after playbook is run.
-  - export container_id=$(date +%s)
-  - export cleanup=false
-
-  # Download test shim.
-  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
-  - chmod +x ${PWD}/tests/test.sh
-
  # Run tests.
-  - ${PWD}/tests/test.sh
-
-  # Test whether Kubernetes is running correctly.
-  # - docker exec --tty ${container_id} command-goes-here
+  - molecule test

 notifications:
  webhooks: https://galaxy.ansible.com/api/v1/notifications/
--- a/README.md
+++ b/README.md
@ -15,6 +15,8 @@ Available variables are listed below, along with default values (see `defaults/m
    kubernetes_packages:
      - name: kubelet
        state: present
+      - name: kubectl
+        state: present
      - name: kubeadm
        state: present
      - name: kubernetes-cni
@ -22,6 +24,11 @@ Available variables are listed below, along with default values (see `defaults/m

 Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc.

+    kubernetes_version: '1.11'
+    kubernetes_version_rhel_package: '1.11.3'
+
+The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers.
+
    kubernetes_role: master

 Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`.
@ -35,28 +42,28 @@ Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start

 Extra args to pass to `kubeadm init` during K8s control plane initialization. E.g. to specify extra Subject Alternative Names for API server certificate, set this to: `"--apiserver-cert-extra-sans my-custom.host"`

-    kubernetes_allow_pods_on_master: True
+    kubernetes_allow_pods_on_master: true

 Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods.

-    kubernetes_enable_web_ui: False
+    kubernetes_enable_web_ui: false

 Whether to enable the Kubernetes web dashboard UI (only accessible on the master itself, or proxied).

-    kuberenetes_debug: False
+    kuberenetes_debug: false

 Whether to show extra debug info in Ansible's logs (e.g. the output of the `kubeadm init` command).

-    kubernetes_pod_network_cidr: '10.0.1.0/16'
+    kubernetes_pod_network_cidr: '10.244.0.0/16'
    kubernetes_apiserver_advertise_address: ''
-    kubernetes_version: 'stable-1.11'
+    kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
    kubernetes_ignore_preflight_errors: 'all'

 Options passed to `kubeadm init` when initializing the Kubernetes master. The `apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.

    kubernetes_apt_release_channel: main
    kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
-    kubernetes_apt_ignore_key_error: False
+    kubernetes_apt_ignore_key_error: false

 Apt repository options for Kubernetes installation.

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,31 +2,34 @@
 kubernetes_packages:
  - name: kubelet
    state: present
-  - name: kubeadm
-    state: present
  - name: kubectl
    state: present
+  - name: kubeadm
+    state: present
  - name: kubernetes-cni
    state: present

+kubernetes_version: '1.11'
+kubernetes_version_rhel_package: '1.11.3'
+
 kubernetes_role: master

 kubernetes_kubelet_extra_args: ""
 kubernetes_kubeadm_init_extra_opts: ""

-kubernetes_allow_pods_on_master: True
-kubernetes_enable_web_ui: True
-kuberenetes_debug: False
+kubernetes_allow_pods_on_master: true
+kubernetes_enable_web_ui: true
+kuberenetes_debug: false

-kubernetes_pod_network_cidr: '10.0.1.0/16'
+kubernetes_pod_network_cidr: '10.244.0.0/16'
 kubernetes_apiserver_advertise_address: ''
-kubernetes_version: 'stable-1.11'
+kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
 kubernetes_ignore_preflight_errors: 'all'

 kubernetes_apt_release_channel: main
 # Note that xenial repo is used for all Debian derivatives at this time.
 kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
-kubernetes_apt_ignore_key_error: False
+kubernetes_apt_ignore_key_error: false

 kubernetes_yum_arch: x86_64

--- a/meta/main.yml
+++ b/meta/main.yml
@ -8,16 +8,16 @@ galaxy_info:
  license: "license (BSD, MIT)"
  min_ansible_version: 2.4
  platforms:
-  - name: EL
-    versions:
-    - 7
-  - name: Debian
-    versions:
-    - stretch
-  - name: Ubuntu
-    versions:
-    - xenial
-    - bionic
+    - name: EL
+      versions:
+        - 7
+    - name: Debian
+      versions:
+        - stretch
+    - name: Ubuntu
+      versions:
+        - xenial
+        - bionic
  galaxy_tags:
    - system
    - containers
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -0,0 +1,30 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+  options:
+    config-file: molecule/default/yaml-lint.yml
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible
+    command: ${MOLECULE_DOCKER_COMMAND:-"sleep infinity"}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /var/lib/docker
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
+scenario:
+  name: default
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/molecule/default/playbook.yml
+++ b/molecule/default/playbook.yml
@ -0,0 +1,46 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  vars:
+    # Allow swap in test environments (hard to control in some Docker envs).
+    kubernetes_kubelet_extra_args: "--fail-swap-on=false"
+    docker_install_compose: false
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=true cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Ensure test dependencies are installed.
+      package: name=iproute state=present
+
+    - name: Gather facts.
+      action: setup
+
+    - name: Use cgroupfs cgroup driver instead of systemd (Red Hat).
+      set_fact:
+        kubernetes_kubelet_extra_args: '"--fail-swap-on=false --cgroup-driver=cgroupfs"'
+      when: ansible_os_family == 'RedHat'
+
+  roles:
+    - role: geerlingguy.docker
+    - role: geerlingguy.kubernetes
+
+  post_tasks:
+    - name: Get cluster info.
+      command: kubectl cluster-info
+      changed_when: false
+      register: kubernetes_info
+
+    - name: Print cluster info.
+      debug: var=kubernetes_info.stdout
+
+    - name: Get all running pods.
+      command: kubectl get pods --all-namespaces
+      changed_when: false
+      register: kubernetes_pods
+
+    - name: Print list of running pods.
+      debug: var=kubernetes_pods.stdout
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -0,0 +1,14 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_hosts_file(host):
+    f = host.file('/etc/hosts')
+
+    assert f.exists
+    assert f.user == 'root'
+    assert f.group == 'root'
--- a/molecule/default/yaml-lint.yml
+++ b/molecule/default/yaml-lint.yml
@ -0,0 +1,6 @@
+---
+extends: default
+rules:
+  line-length:
+    max: 150
+    level: warning
--- a/tasks/kubelet-setup.yml
+++ b/tasks/kubelet-setup.yml
@ -16,7 +16,7 @@
    kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf'
    kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}"
    kubelet_args_regexp: '^Environment='
-  when: kubelet_environment_file.stat.exists == False
+  when: kubelet_environment_file.stat.exists == false

 - name: Configure KUBELET_EXTRA_ARGS.
  lineinfile:
@ -29,6 +29,6 @@
 - name: Reload systemd unit if args were changed.
  systemd:
    state: restarted
-    daemon_reload: yes
+    daemon_reload: true
    name: kubelet
  when: kubelet_config_file is changed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -24,7 +24,7 @@
  service:
    name: kubelet
    state: started
-    enabled: yes
+    enabled: true

 - name: Check if Kubernetes has already been initialized.
  stat:
@ -37,8 +37,8 @@

 # Set up nodes.
 - name: Get the kubeadm join command from the Kubernetes master.
-  shell: kubeadm token create --print-join-command
-  changed_when: False
+  command: kubeadm token create --print-join-command
+  changed_when: false
  when: kubernetes_role == 'master'
  register: kubernetes_join_command_result

@ -47,7 +47,7 @@
    kubernetes_join_command: "{{ kubernetes_join_command_result.stdout }}"
  when: kubernetes_join_command_result.stdout is defined
  delegate_to: "{{ item }}"
-  delegate_facts: True
+  delegate_facts: true
  with_items: "{{ groups['all'] }}"

 - include_tasks: node-setup.yml
--- a/tasks/master-setup.yml
+++ b/tasks/master-setup.yml
@ -4,19 +4,19 @@
    kubeadm init
    --pod-network-cidr={{ kubernetes_pod_network_cidr }}
    --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address) }}
-    --kubernetes-version {{ kubernetes_version }}
+    --kubernetes-version {{ kubernetes_version_kubeadm }}
    --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
    {{ kubeadm_init_opts }}
    
  register: kubeadmin_init
-  failed_when: False
-  when: kubernetes_init_stat.stat.exists == False
+  failed_when: false
+  when: kubernetes_init_stat.stat.exists == false

 - name: Print the init output to screen.
  debug: var=kubeadmin_init.stdout
  when:
    - kuberenetes_debug
-    - kubernetes_init_stat.stat.exists == False
+    - kubernetes_init_stat.stat.exists == false

 - name: Ensure .kube directory exists.
  file:
@ -43,12 +43,12 @@
  command: "kubectl taint nodes --all node-role.kubernetes.io/master-"
  when:
    - kubernetes_allow_pods_on_master
-    - kubernetes_init_stat.stat.exists == False
+    - kubernetes_init_stat.stat.exists == false

 - name: Check if Kubernetes Dashboard UI service already exists.
  shell: kubectl get services --namespace kube-system | grep -q kubernetes-dashboard
-  changed_when: False
-  failed_when: False
+  changed_when: false
+  failed_when: false
  register: kubernetes_dashboard_service
  when: kubernetes_enable_web_ui

--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@ -1,11 +1,10 @@
 ---
 - name: Ensure dependencies are installed.
  apt:
-    name: "{{ item }}"
+    name:
+      - apt-transport-https
+      - ca-certificates
    state: present
-  with_items:
-    - apt-transport-https
-    - ca-certificates

 - name: Add Kubernetes apt key.
  apt_key:
@ -18,4 +17,9 @@
  apt_repository:
    repo: "{{ kubernetes_apt_repository }}"
    state: present
-    update_cache: yes
+    update_cache: true
+
+- name: Add Kubernetes apt preferences file to pin a version.
+  template:
+    src: apt-preferences-kubernetes.j2
+    dest: /etc/apt/preferences.d/kubernetes
--- a/tasks/setup-RedHat.yml
+++ b/tasks/setup-RedHat.yml
@ -3,9 +3,9 @@
  yum_repository:
    name: kubernetes
    description: Kubernetes
-    enabled: yes
-    gpgcheck: yes
-    repo_gpgcheck: yes
+    enabled: true
+    gpgcheck: true
+    repo_gpgcheck: true
    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ kubernetes_yum_arch }}
    gpgkey:
      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
@ -24,4 +24,4 @@
  command: "yum -q makecache -y --disablerepo='*' --enablerepo='kubernetes'"
  when: kubernetes_rpm_key is changed
  args:
-    warn: no
+    warn: false
--- a/templates/apt-preferences-kubernetes.j2
+++ b/templates/apt-preferences-kubernetes.j2
@ -0,0 +1,11 @@
+Package: kubectl
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
+
+Package: kubeadm
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
+
+Package: kubelet
+Pin: version {{ kubernetes_version }}.*
+Pin-Priority: 1000
--- a/tests/README.md
+++ b/tests/README.md
@ -1,11 +0,0 @@
-# Ansible Role tests
-
-To run the test playbook(s) in this directory:
-
-  1. Install and start Docker.
-  1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`:
-    - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/`
-  1. Make the test shim executable: `chmod +x tests/test.sh`.
-  1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh`
-
-If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)`
--- a/tests/test.yml
+++ b/tests/test.yml
@ -1,26 +0,0 @@
---
- hosts: all
-
-  vars:
-    # Allow swap in test environments (hard to control in some Docker envs).
-    kubernetes_kubelet_extra_args: "--fail-swap-on=false"
-    docker_install_compose: False
-
-  pre_tasks:
-    - name: Update apt cache.
-      apt: update_cache=yes cache_valid_time=600
-      when: ansible_os_family == 'Debian'
-
-    - name: Ensure test dependencies are installed.
-      package: name=iproute state=present
-
-    - action: setup
-
-    - name: Use cgroupfs cgroup driver instead of systemd (Red Hat).
-      set_fact:
-        kubernetes_kubelet_extra_args: '"--fail-swap-on=false --cgroup-driver=cgroupfs"'
-      when: ansible_os_family == 'RedHat'
-
-  roles:
-    - geerlingguy.docker
-    - role_under_test
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@ -1,2 +1,11 @@
 ---
 kubelet_environment_file_path: /etc/sysconfig/kubelet
+kubernetes_packages:
+  - name: kubelet-{{ kubernetes_version_rhel_package }}-0
+    state: present
+  - name: kubectl-{{ kubernetes_version_rhel_package }}-0
+    state: present
+  - name: kubeadm-{{ kubernetes_version_rhel_package }}-0
+    state: present
+  - name: kubernetes-cni
+    state: present