Merge branch 'master' into fail-when-init-failed

geerlingguy · web-flow · commit d47b792630f4 · 2020-03-18T19:44:04.000-05:00
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,3 @@
+skip_list:
+  - '306'
+  - '405'
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+---
+github: geerlingguy
+patreon: geerlingguy
diff --git a/.github/stale.yml b/.github/stale.yml
@@ -0,0 +1,56 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 90
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 30
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+  - planned
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+pulls:
+  markComment: |-
+    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
+
+  unmarkComment: >-
+    This pull request is no longer marked for closure.
+
+  closeComment: >-
+    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
+
+issues:
+  markComment: |-
+    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+
+    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+
+  unmarkComment: >-
+    This issue is no longer marked for closure.
+
+  closeComment: >-
+    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
diff --git a/.travis.yml b/.travis.yml
@@ -6,13 +6,17 @@ env:
   global:
     - ROLE_NAME: kubernetes
   matrix:
+    - MOLECULE_DISTRO: centos8
     - MOLECULE_DISTRO: centos7
     - MOLECULE_DISTRO: ubuntu1804
-    - MOLECULE_DISTRO: debian9
+    - MOLECULE_DISTRO: debian10
+
+    - MOLECULE_DISTRO: debian10
+      MOLECULE_PLAYBOOK: playbook-calico.yml
 
 install:
   # Install test dependencies.
-  - pip install molecule docker
+  - pip install molecule yamllint ansible-lint docker
 
 before_script:
   # Use actual Ansible Galaxy role name for the project directory.
diff --git a/.yamllint b/.yamllint
diff --git a/README.md b/README.md
@@ -24,8 +24,8 @@ Available variables are listed below, along with default values (see `defaults/m
 
 Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc.
 
-    kubernetes_version: '1.13'
-    kubernetes_version_rhel_package: '1.13.1'
+    kubernetes_version: '1.16'
+    kubernetes_version_rhel_package: '1.16.4'
 
 The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers.
 
@@ -42,6 +42,10 @@ Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start
 
 Extra args to pass to `kubeadm init` during K8s control plane initialization. E.g. to specify extra Subject Alternative Names for API server certificate, set this to: `"--apiserver-cert-extra-sans my-custom.host"`
 
+    kubernetes_join_command_extra_opts: ""
+
+Extra args to pass to the generated `kubeadm join` command during K8s node initialization. E.g. to ignore certain preflight errors like swap being enabled, set this to: `--ignore-preflight-errors=Swap`
+
     kubernetes_allow_pods_on_master: true
 
 Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods.
@@ -51,12 +55,21 @@ Whether to remove the taint that denies pods from being deployed to the Kubernet
 
 Whether to enable the Kubernetes web dashboard UI (only accessible on the master itself, or proxied), and the file containing the web dashboard UI manifest.
 
-    kubernetes_pod_network_cidr: '10.244.0.0/16'
+    kubernetes_pod_network:
+      # Flannel CNI.
+      cni: 'flannel'
+      cidr: '10.244.0.0/16'
+      # Calico CNI.
+      # cni: 'calico'
+      # cidr: '192.168.0.0/16'
+
+This role currently supports `flannel` (default) or `calico` for cluster pod networking. Choose one or the other for your cluster; converting between the two is not done automatically and could result in broken networking, and should be done outside of this role.
+
     kubernetes_apiserver_advertise_address: ''
     kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
     kubernetes_ignore_preflight_errors: 'all'
 
-Options passed to `kubeadm init` when initializing the Kubernetes master. The `apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
+Options passed to `kubeadm init` when initializing the Kubernetes master. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty.
 
     kubernetes_apt_release_channel: main
     kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}"
@@ -85,7 +98,7 @@ None.
 - hosts: all
 
   vars:
-    kubernetes_allow_pods_on_master: True
+    kubernetes_allow_pods_on_master: true
 
   roles:
     - geerlingguy.docker
@@ -112,7 +125,7 @@ Playbook:
 - hosts: all
 
   vars:
-    kubernetes_allow_pods_on_master: True
+    kubernetes_allow_pods_on_master: true
 
   roles:
     - geerlingguy.docker
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -9,19 +9,27 @@ kubernetes_packages:
   - name: kubernetes-cni
     state: present
 
-kubernetes_version: '1.13'
-kubernetes_version_rhel_package: '1.13.1'
+kubernetes_version: '1.16'
+kubernetes_version_rhel_package: '1.16.4'
 
 kubernetes_role: master
 
 kubernetes_kubelet_extra_args: ""
 kubernetes_kubeadm_init_extra_opts: ""
+kubernetes_join_command_extra_opts: ""
 
 kubernetes_allow_pods_on_master: true
 kubernetes_enable_web_ui: true
-kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
+kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
+
+kubernetes_pod_network:
+  # Flannel CNI.
+  cni: 'flannel'
+  cidr: '10.244.0.0/16'
+  # Calico CNI.
+  # cni: 'calico'
+  # cidr: '192.168.0.0/16'
 
-kubernetes_pod_network_cidr: '10.244.0.0/16'
 kubernetes_apiserver_advertise_address: ''
 kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}'
 kubernetes_ignore_preflight_errors: 'all'
@@ -36,3 +44,6 @@ kubernetes_yum_arch: x86_64
 # Flannel config files.
 kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
 kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+
+# Calico config files
+kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml
diff --git a/meta/main.yml b/meta/main.yml
@@ -11,9 +11,11 @@ galaxy_info:
     - name: EL
       versions:
         - 7
+        - 8
     - name: Debian
       versions:
         - stretch
+        - buster
     - name: Ubuntu
       versions:
         - xenial
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -0,0 +1,46 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  vars:
+    # Allow swap in test environments (hard to control in some Docker envs).
+    kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
+    docker_install_compose: false
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=true cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Ensure test dependencies are installed (RedHat).
+      package: name=iproute state=present
+      when: ansible_os_family == 'RedHat'
+
+    - name: Ensure test dependencies are installed (Debian).
+      package: name=iproute2 state=present
+      when: ansible_os_family == 'Debian'
+
+    - name: Gather facts.
+      action: setup
+
+  roles:
+    - role: geerlingguy.docker
+    - role: geerlingguy.kubernetes
+
+  post_tasks:
+    - name: Get cluster info.
+      command: kubectl cluster-info
+      changed_when: false
+      register: kubernetes_info
+
+    - name: Print cluster info.
+      debug: var=kubernetes_info.stdout
+
+    - name: Get all running pods.
+      command: kubectl get pods --all-namespaces
+      changed_when: false
+      register: kubernetes_pods
+
+    - name: Print list of running pods.
+      debug: var=kubernetes_pods.stdout
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -3,10 +3,10 @@ dependency:
   name: galaxy
 driver:
   name: docker
-lint:
-  name: yamllint
-  options:
-    config-file: molecule/default/yaml-lint.yml
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
 platforms:
   - name: instance
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
@@ -18,13 +18,5 @@ platforms:
     pre_build_image: true
 provisioner:
   name: ansible
-  lint:
-    name: ansible-lint
   playbooks:
-    converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
-scenario:
-  name: default
-verifier:
-  name: testinfra
-  lint:
-    name: flake8
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
diff --git a/molecule/default/playbook-calico.yml b/molecule/default/playbook-calico.yml
@@ -4,8 +4,12 @@
   become: true
 
   vars:
+    kubernetes_pod_network:
+      cni: 'calico'
+      cidr: '192.168.0.0/16'
+
     # Allow swap in test environments (hard to control in some Docker envs).
-    kubernetes_kubelet_extra_args: "--fail-swap-on=false"
+    kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs"
     docker_install_compose: false
 
   pre_tasks:
@@ -24,11 +28,6 @@
     - name: Gather facts.
       action: setup
 
-    - name: Use cgroupfs cgroup driver instead of systemd (RedHat).
-      set_fact:
-        kubernetes_kubelet_extra_args: '"--fail-swap-on=false --cgroup-driver=cgroupfs"'
-      when: ansible_os_family == 'RedHat'
-
   roles:
     - role: geerlingguy.docker
     - role: geerlingguy.kubernetes
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
diff --git a/tasks/kubelet-setup.yml b/tasks/kubelet-setup.yml
@@ -15,7 +15,7 @@
   set_fact:
     kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf'
     kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}"
-    kubelet_args_regexp: '^Environment='
+    kubelet_args_regexp: '^Environment="KUBELET_EXTRA_ARGS='
   when: not kubelet_environment_file.stat.exists
 
 - name: Configure KUBELET_EXTRA_ARGS.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -44,7 +44,9 @@
 
 - name: Set the kubeadm join command globally.
   set_fact:
-    kubernetes_join_command: "{{ kubernetes_join_command_result.stdout }}"
+    kubernetes_join_command: >
+      {{ kubernetes_join_command_result.stdout }}
+      {{ kubernetes_join_command_extra_opts }}
   when: kubernetes_join_command_result.stdout is defined
   delegate_to: "{{ item }}"
   delegate_facts: true
diff --git a/tasks/master-setup.yml b/tasks/master-setup.yml
@@ -2,12 +2,18 @@
 - name: Initialize Kubernetes master with kubeadm init.
   command: >
     kubeadm init
-    --pod-network-cidr={{ kubernetes_pod_network_cidr }}
-    --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address) }}
+    --pod-network-cidr={{ kubernetes_pod_network.cidr }}
+    --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
     --kubernetes-version {{ kubernetes_version_kubeadm }}
     --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
     {{ kubernetes_kubeadm_init_extra_opts }}
+  register: kubeadmin_init
+  when: not kubernetes_init_stat.stat.exists
 
+- name: Print the init output to screen.
+  debug:
+    var: kubeadmin_init.stdout
+    verbosity: 2
   when: not kubernetes_init_stat.stat.exists
 
 - name: Ensure .kube directory exists.
@@ -28,24 +34,33 @@
     - kubectl apply -f {{ kubernetes_flannel_manifest_file }}
   register: flannel_result
   changed_when: "'created' in flannel_result.stdout"
+  when: kubernetes_pod_network.cni == 'flannel'
+
+- name: Configure Calico networking.
+  command: "{{ item }}"
+  with_items:
+    - kubectl apply -f {{ kubernetes_calico_manifest_file }}
+  register: calico_result
+  changed_when: "'created' in calico_result.stdout"
+  when: kubernetes_pod_network.cni == 'calico'
 
 # TODO: Check if taint exists with something like `kubectl describe nodes`
 # instead of using kubernetes_init_stat.stat.exists check.
 - name: Allow pods on master node (if configured).
   command: "kubectl taint nodes --all node-role.kubernetes.io/master-"
   when:
-    - kubernetes_allow_pods_on_master
+    - kubernetes_allow_pods_on_master | bool
     - not kubernetes_init_stat.stat.exists
 
 - name: Check if Kubernetes Dashboard UI service already exists.
   shell: kubectl get services --namespace kube-system | grep -q kubernetes-dashboard
   changed_when: false
   failed_when: false
   register: kubernetes_dashboard_service
-  when: kubernetes_enable_web_ui
+  when: kubernetes_enable_web_ui | bool
 
 - name: Enable the Kubernetes Web Dashboard UI (if configured).
   command: "kubectl create -f {{ kubernetes_web_ui_manifest_file }}"
   when:
-    - kubernetes_enable_web_ui
+    - kubernetes_enable_web_ui | bool
     - kubernetes_dashboard_service is failed

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+skip_list:`
	`2`	`+ - '306'`
	`3`	`+ - '405'`