Merge branch 'master' of https://github.com/kubernetes-sigs/kubespray

* 'master' of https://github.com/kubernetes-sigs/kubespray: Allow hosts with hyphen in name (kubernetes-sigs#6529) Update apiserver-audit-policy.yaml.j2 (kubernetes-sigs#6526) add master_volume_type variable (kubernetes-sigs#6524) Remove unused variable (kubernetes-sigs#6522) Add new cilium options for native routing (kubernetes-sigs#6519) Fixed Kubespray container-engine/docker role to populate docker.service (kubernetes-sigs#6518) Fix cilium_deploy_additionally with kubeadm etcd (kubernetes-sigs#6514) improve Cilium metrics support (kubernetes-sigs#6513)
kubesail · Aug 18, 2020 · 3cd81d6 · 3cd81d6
2 parents 10c243b + 73b2683
commit 3cd81d6
Show file tree

Hide file tree

Showing 13 changed files with 49 additions and 11 deletions.
diff --git a/contrib/inventory_builder/inventory.py b/contrib/inventory_builder/inventory.py
@@ -238,7 +238,7 @@ def ips(start_address, end_address):
             return [ip_address(ip).exploded for ip in range(start, end + 1)]
 
         for host in hosts:
-            if '-' in host and not host.startswith('-'):
+            if '-' in host and not (host.startswith('-') or host[0].isalpha()):
                 start, end = host.strip().split('-')
                 try:
                     reworked_hosts.extend(ips(start, end))

diff --git a/contrib/terraform/openstack/kubespray.tf b/contrib/terraform/openstack/kubespray.tf
@@ -51,6 +51,7 @@ module "compute" {
   node_root_volume_size_in_gb                  = var.node_root_volume_size_in_gb
   gfs_root_volume_size_in_gb                   = var.gfs_root_volume_size_in_gb
   gfs_volume_size_in_gb                        = var.gfs_volume_size_in_gb
+  master_volume_type                           = var.master_volume_type
   public_key_path                              = var.public_key_path
   image                                        = var.image
   image_gfs                                    = var.image_gfs

diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf
@@ -167,6 +167,7 @@ resource "openstack_compute_instance_v2" "k8s_master" {
       uuid                  = data.openstack_images_image_v2.vm_image.id
       source_type           = "image"
       volume_size           = var.master_root_volume_size_in_gb
+      volume_type           = var.master_volume_type
       boot_index            = 0
       destination_type      = "volume"
       delete_on_termination = true
@@ -215,6 +216,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
       uuid                  = data.openstack_images_image_v2.vm_image.id
       source_type           = "image"
       volume_size           = var.master_root_volume_size_in_gb
+      volume_type           = var.master_volume_type
       boot_index            = 0
       destination_type      = "volume"
       delete_on_termination = true
@@ -303,6 +305,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
       uuid                  = data.openstack_images_image_v2.vm_image.id
       source_type           = "image"
       volume_size           = var.master_root_volume_size_in_gb
+      volume_type           = var.master_volume_type
       boot_index            = 0
       destination_type      = "volume"
       delete_on_termination = true
@@ -346,6 +349,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
       uuid                  = data.openstack_images_image_v2.vm_image.id
       source_type           = "image"
       volume_size           = var.master_root_volume_size_in_gb
+      volume_type           = var.master_volume_type
       boot_index            = 0
       destination_type      = "volume"
       delete_on_termination = true

diff --git a/contrib/terraform/openstack/modules/compute/variables.tf b/contrib/terraform/openstack/modules/compute/variables.tf
@@ -38,6 +38,8 @@ variable "gfs_root_volume_size_in_gb" {}
 
 variable "gfs_volume_size_in_gb" {}
 
+variable "master_volume_type" {}
+
 variable "public_key_path" {}
 
 variable "image" {}

diff --git a/contrib/terraform/openstack/variables.tf b/contrib/terraform/openstack/variables.tf
@@ -74,6 +74,10 @@ variable "gfs_volume_size_in_gb" {
   default = 75
 }
 
+variable "master_volume_type" {
+  default = "Default"
+}
+
 variable "public_key_path" {
   description = "The path of the ssh pub key"
   default     = "~/.ssh/id_rsa.pub"

diff --git a/roles/container-engine/docker/tasks/systemd.yml b/roles/container-engine/docker/tasks/systemd.yml
@@ -25,7 +25,7 @@
     dest: /etc/systemd/system/docker.service
   register: docker_service_file
   notify: restart docker
-  when: not (ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"] or is_ostree)
+  when: not ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"]
 
 - name: Write docker options systemd drop-in
   template:

diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -178,5 +178,5 @@
     - etcd_kubeadm_enabled
     - kubeadm_control_plane
     - inventory_hostname not in groups['kube-master']
-    - kube_network_plugin in ["calico", "flannel", "canal", "cilium"]
+    - kube_network_plugin in ["calico", "flannel", "canal", "cilium"] or cilium_deploy_additionally | default(false) | bool
     - kube_network_plugin != "calico" or calico_datastore == "etcd"
diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml
@@ -26,9 +26,6 @@ kube_apiserver_node_port_range: "30000-32767"
 # ETCD backend for k8s data
 kube_apiserver_storage_backend: etcd3
 
-# By default, force back to etcd2. Set to true to force etcd3 (experimental!)
-force_etcd3: false
-
 kube_etcd_cacert_file: ca.pem
 kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
 kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
@@ -166,9 +163,6 @@ kube_encryption_algorithm: "aescbc"
 # Which kubernetes resources to encrypt
 kube_encryption_resources: [secrets]
 
-# You may want to use ca.pem depending on your situation
-kube_front_proxy_ca: "front-proxy-ca.pem"
-
 # If non-empty, will use this string as identification instead of the actual hostname
 kube_override_hostname: >-
   {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}

diff --git a/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2 b/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
@@ -1,4 +1,4 @@
-apiVersion: audit.k8s.io/v1beta1
+apiVersion: audit.k8s.io/v1
 kind: Policy
 rules:
 {% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}

diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
@@ -22,6 +22,7 @@ cilium_cpu_requests: 100m
 cilium_tunnel_mode: vxlan
 # Optional features
 cilium_enable_prometheus: false
+cilium_enable_hubble_metrics: false
 # Enable if you want to make use of hostPort mappings
 cilium_enable_portmap: false
 # Monitor aggregation level (none/low/medium/maximum)
@@ -39,3 +40,12 @@ cilium_enable_legacy_services: false
 # Deploy cilium even if kube_network_plugin is not cilium.
 # This enables to deploy cilium alongside another CNI to replace kube-proxy.
 cilium_deploy_additionally: false
+
+# Auto direct nodes routes can be used to advertise pods routes in your cluster
+# without any tunelling (with `cilium_tunnel_mode` sets to `disabled`).
+# This works only if you have a L2 connectivity between all your nodes.
+# You wil also have to specify the variable `cilium_native_routing_cidr` to
+# make this work. Please refer to the cilium documentation for more
+# information about this kind of setups.
+cilium_auto_direct_node_routes: false
+cilium_native_routing_cidr: ""
diff --git a/roles/network_plugin/cilium/templates/cilium-config.yml.j2 b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
@@ -142,3 +142,6 @@ data:
   enable-legacy-services: "{{cilium_enable_legacy_services}}"
 
   kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"
+
+  native-routing-cidr: "{{ cilium_native_routing_cidr }}"
+  auto-direct-node-routes: "{{ cilium_auto_direct_node_routes }}"
diff --git a/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2 b/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
@@ -20,6 +20,11 @@ spec:
     type: RollingUpdate
   template:
     metadata:
+{% if cilium_enable_prometheus %}
+      annotations:
+        prometheus.io/port: "6942"
+        prometheus.io/scrape: "true"
+{% endif %}
       labels:
         io.cilium/app: operator
         name: cilium-operator
@@ -93,6 +98,13 @@ spec:
           image: "{{ cilium_operator_image_repo }}:{{ cilium_operator_image_tag }}"
           imagePullPolicy: {{ k8s_image_pull_policy }}
           name: cilium-operator
+{% if cilium_enable_prometheus %}
+          ports:
+            - containerPort: 6942
+              hostPort: 6942
+              name: prometheus
+              protocol: TCP
+{% endif %}
           livenessProbe:
             httpGet:
 {% if cilium_enable_ipv4 %}

diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -85,12 +85,20 @@ spec:
           successThreshold: 1
           timeoutSeconds: 5
         name: cilium-agent
-{% if cilium_enable_prometheus %}
+{% if cilium_enable_prometheus or cilium_enable_hubble_metrics %}
         ports:
+{% endif %}
+{% if cilium_enable_prometheus %}
         - containerPort: 9090
           hostPort: 9090
           name: prometheus
           protocol: TCP
+{% endif %}
+{% if cilium_enable_hubble_metrics %}
+        - containerPort: 9091
+          hostPort: 9091
+          name: hubble-metrics
+          protocol: TCP
 {% endif %}
         readinessProbe:
           httpGet: