diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml new file mode 100644 index 0000000..f545f70 --- /dev/null +++ b/roles/dnsmasq/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: restart dnsmasq + sudo: yes + command: systemctl restart dnsmasq \ No newline at end of file diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml new file mode 100644 index 0000000..e24e043 --- /dev/null +++ b/roles/dnsmasq/tasks/main.yml @@ -0,0 +1,62 @@ +--- +- name: install dnsmasq and bind-utils + sudo: yes + yum: + name: "{{ item }}" + state: latest + with_items: + - dnsmasq + - bind-utils + when: inventory_hostname in groups[master_group_name] + tags: + - dnsmasq + +- name: ensure dnsmasq.d directory exists + sudo: yes + file: + path: /etc/dnsmasq.d + state: directory + when: inventory_hostname in groups[master_group_name] + tags: + - dnsmasq + +- name: configure dnsmasq + sudo: yes + template: + src: 01-kube-dns.conf.j2 + dest: /etc/dnsmasq.d/01-kube-dns.conf + mode: 755 + notify: + - restart dnsmasq + when: inventory_hostname in groups[master_group_name] + tags: + - dnsmasq + +- name: enable dnsmasq + sudo: yes + service: + name: dnsmasq + state: started + enabled: yes + when: inventory_hostname in groups[master_group_name] + tags: + - dnsmasq + +- name: update resolv.conf with new DNS setup + sudo: yes + template: + src: resolv.conf.j2 + dest: /etc/resolv.conf + mode: 644 + tags: + - dnsmasq + +- name: disable resolv.conf modification by dhclient + sudo: yes + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4.interface }}" + state: present + regexp: '^PEERDNS' + line: 'PEERDNS="no"' + tags: + - dnsmasq \ No newline at end of file diff --git a/roles/dnsmasq/templates/01-kube-dns.conf.j2 b/roles/dnsmasq/templates/01-kube-dns.conf.j2 new file mode 100644 index 0000000..0d4df73 --- /dev/null +++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2 @@ -0,0 +1,13 @@ +#Listen on all interfaces +interface=* + +addn-hosts=/etc/hosts + +bogus-priv + +#Set upstream dns servers +server=8.8.8.8 +server=8.8.4.4 + +# Forward k8s domain to kube-dns +server=/{{ dns_domain }}/{{ dns_server }} \ No newline at end of file diff --git a/roles/dnsmasq/templates/resolv.conf.j2 b/roles/dnsmasq/templates/resolv.conf.j2 new file mode 100644 index 0000000..c9ef825 --- /dev/null +++ b/roles/dnsmasq/templates/resolv.conf.j2 @@ -0,0 +1,5 @@ +; generated by ansible +search {{ [ 'default.svc.' + dns_domain, 'svc.' + dns_domain, dns_domain ] | join(' ') }} +{% for host in groups[master_group_name] %} +nameserver {{ hostvars[host]['ansible_default_ipv4']['address'] }} +{% endfor %} \ No newline at end of file diff --git a/roles/kubernetes/tasks/gen_tokens.yml b/roles/kubernetes/tasks/gen_tokens.yml index 821418c..2ce702d 100644 --- a/roles/kubernetes/tasks/gen_tokens.yml +++ b/roles/kubernetes/tasks/gen_tokens.yml @@ -12,7 +12,7 @@ environment: TOKEN_DIR: "{{ kube_token_dir }}" with_nested: - - [ "system:controller_manager", "system:scheduler", "system:kubectl" ] + - [ "system:controller_manager", "system:scheduler", "system:kubectl", 'system:proxy' ] - "{{ groups[master_group_name] }}" register: gentoken changed_when: "'Added' in gentoken.stdout" diff --git a/roles/master/handlers/main.yml b/roles/master/handlers/main.yml index 2b50991..84b1e53 100644 --- a/roles/master/handlers/main.yml +++ b/roles/master/handlers/main.yml @@ -6,6 +6,7 @@ - restart apiserver - restart controller-manager - restart scheduler + - restart proxy - name: restart apiserver sudo: yes @@ -24,3 +25,9 @@ service: name: kube-scheduler state: restarted + +- name: restart proxy + sudo: yes + service: + name: kube-proxy + state: restarted \ No newline at end of file diff --git a/roles/master/tasks/main.yml b/roles/master/tasks/main.yml index 53d481a..4a41c7e 100644 --- a/roles/master/tasks/main.yml +++ b/roles/master/tasks/main.yml @@ -2,7 +2,7 @@ - name: install kubernetes master sudo: yes yum: - pkg=kubernetes-master + pkg=kubernetes state=latest enablerepo=virt7-docker-common-candidate notify: @@ -18,6 +18,7 @@ - "system:controller_manager" - "system:scheduler" - "system:kubectl" + - "system:proxy" register: tokens delegate_to: "{{ groups[master_group_name][0] }}" tags: @@ -28,6 +29,7 @@ controller_manager_token: "{{ tokens.results[0].content|b64decode }}" scheduler_token: "{{ tokens.results[1].content|b64decode }}" kubectl_token: "{{ tokens.results[2].content|b64decode }}" + proxy_token: "{{ tokens.results[3].content|b64decode }}" tags: - master @@ -77,6 +79,20 @@ tags: - master +- name: write the config files for proxy + sudo: yes + template: src=proxy.j2 dest={{ kube_config_dir }}/proxy + notify: + - restart daemons + tags: + - master + +- name: write the kubecfg (auth) file for proxy + sudo: yes + template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig + tags: + - master + - name: populate users for basic auth in API sudo: yes lineinfile: @@ -113,5 +129,14 @@ name: kube-scheduler enabled: yes state: started + tags: + - master + +- name: Enable kube-proxy + sudo: yes + service: + name: kube-proxy + enabled: yes + state: started tags: - master \ No newline at end of file diff --git a/roles/master/templates/proxy.j2 b/roles/master/templates/proxy.j2 new file mode 100644 index 0000000..1a1f7b1 --- /dev/null +++ b/roles/master/templates/proxy.j2 @@ -0,0 +1,7 @@ +### +# kubernetes proxy config + +# default config should be adequate + +# Add your own! +KUBE_PROXY_ARGS="--kubeconfig={{ kube_config_dir }}/proxy.kubeconfig" diff --git a/roles/master/templates/proxy.kubeconfig.j2 b/roles/master/templates/proxy.kubeconfig.j2 new file mode 100644 index 0000000..43aba40 --- /dev/null +++ b/roles/master/templates/proxy.kubeconfig.j2 @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Config +current-context: proxy-to-{{ cluster_name }} +preferences: {} +contexts: +- context: + cluster: {{ cluster_name }} + user: proxy + name: proxy-to-{{ cluster_name }} +clusters: +- cluster: + certificate-authority: {{ kube_cert_dir }}/ca.crt + server: https://{{ groups[master_group_name][0] }}:{{ kube_master_port }} + name: {{ cluster_name }} +users: +- name: proxy + user: + token: {{ proxy_token }} diff --git a/setup.yml b/setup.yml index 7807774..289158d 100644 --- a/setup.yml +++ b/setup.yml @@ -13,6 +13,7 @@ - flannel - master - addons + - dnsmasq # provide the execution plane - hosts: role=node @@ -21,3 +22,4 @@ - docker - flannel - minion + - dnsmasq