CiscoCloud · altvnk · Dec 1, 2015 · Nov 26, 2015 · Nov 26, 2015 · Nov 26, 2015
diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -1,9 +1,11 @@
 # ansible remote user account
 # ansible_ssh_user: centos
 
-# Kubernetes build to use, stable is used by default.
-# Place "testing" here to use latest build avialable.
-kube_build: stable
+# Which type of packages should be used for deployment: stable, testing
+package_channel: stable
+
+# The version of software to install for Kubernetes.
+kube_version: v1.1.2
 
 # Users to create for basic auth in Kubernetes API via HTTP
 kube_users:
@@ -57,3 +59,16 @@ enable_logging: true
 
 # Set to "false' to disable default Monitoring (cAdvisor + heapster + influxdb + grafana)
 enable_monitoring: true
+
+# etcd specific variables
+# TCP port used for client communications
+etcd_client_port: 2379
+
+# TCP port used for intra-cluster communications
+etcd_peer_port: 2380
+
+# Client communication protocol (http/https)
+etcd_url_scheme: http
+
+# Intra-cluster communication protocol (http/https)
+etcd_peer_url_scheme: http
diff --git a/roles/minion/files/fluentd-es.yaml → roles/addons/files/fluentd-es.yaml b/roles/minion/files/fluentd-es.yaml → roles/addons/files/fluentd-es.yaml
diff --git a/roles/addons/files/grafana-service.yaml b/roles/addons/files/grafana-service.yaml
@@ -6,10 +6,13 @@ metadata:
   labels: 
     kubernetes.io/cluster-service: "true"
     kubernetes.io/name: "Grafana"
-spec: 
+spec:
+  # On production clusters, consider setting up auth for grafana, and
+  # exposing Grafana either using a LoadBalancer or a public IP.
+  # type: LoadBalancer
   ports: 
     - port: 80
-      targetPort: 8080
+      targetPort: 3000
   selector: 
     k8s-app: influxGrafana
 
diff --git a/roles/addons/files/heapster-controller.yaml b/roles/addons/files/heapster-controller.yaml
@@ -1,32 +1,34 @@
 apiVersion: v1
 kind: ReplicationController
 metadata:
-  name: monitoring-heapster-v8
+  name: heapster-v10
   namespace: kube-system
   labels:
     k8s-app: heapster
-    version: v8
+    version: v10
     kubernetes.io/cluster-service: "true"
 spec:
   replicas: 1
   selector:
     k8s-app: heapster
-    version: v8
+    version: v10
   template:
     metadata:
       labels:
         k8s-app: heapster
-        version: v8
+        version: v10
         kubernetes.io/cluster-service: "true"
     spec:
       containers:
-        - image: gcr.io/google_containers/heapster:v0.17.0
+        - image: gcr.io/google_containers/heapster:v0.18.2
           name: heapster
           resources:
             limits:
               cpu: 100m
-              memory: 300Mi
+              memory: 500Mi
           command:
             - /heapster
             - --source=kubernetes:''
             - --sink=influxdb:http://monitoring-influxdb:8086
+            - --stats_resolution=10s
+            - --sink_frequency=10s
diff --git a/roles/addons/files/heapster-service.yaml b/roles/addons/files/heapster-service.yaml
@@ -1,7 +1,7 @@
 kind: Service
 apiVersion: v1
 metadata:
-  name: monitoring-heapster
+  name: heapster
   namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"

diff --git a/roles/addons/files/influxdb-grafana-controller.yaml b/roles/addons/files/influxdb-grafana-controller.yaml
@@ -1,26 +1,26 @@
 apiVersion: v1
 kind: ReplicationController
 metadata:
-  name: monitoring-influx-grafana-v1
+  name: monitoring-influxdb-grafana-v2
   namespace: kube-system
   labels: 
     k8s-app: influxGrafana
-    version: v1
+    version: v2
     kubernetes.io/cluster-service: "true"
 spec: 
   replicas: 1
   selector: 
     k8s-app: influxGrafana
-    version: v1
+    version: v2
   template: 
     metadata: 
       labels: 
         k8s-app: influxGrafana
-        version: v1
+        version: v2
         kubernetes.io/cluster-service: "true"
     spec: 
       containers: 
-        - image: gcr.io/google_containers/heapster_influxdb:v0.3
+        - image: gcr.io/google_containers/heapster_influxdb:v0.4
           name: influxdb
           resources:
             limits:
@@ -34,20 +34,37 @@ spec:
           volumeMounts:
           - name: influxdb-persistent-storage
             mountPath: /data
-        - image: gcr.io/google_containers/heapster_grafana:v0.7
+        - image: gcr.io/google_containers/heapster_grafana:v2.1.1
           name: grafana
+          env:
           resources:
             limits:
               cpu: 100m
               memory: 100Mi
-          env: 
-            - name: INFLUXDB_EXTERNAL_URL
-              value: /api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb:api/db/
-            - name: INFLUXDB_HOST
-              value: monitoring-influxdb
-            - name: INFLUXDB_PORT
-              value: "8086"
+          env:
+            # This variable is required to setup templates in Grafana.
+            - name: INFLUXDB_SERVICE_URL
+              value: http://monitoring-influxdb:8086
+              # The following env variables are required to make Grafana accessible via
+              # the kubernetes api-server proxy. On production clusters, we recommend
+              # removing these env variables, setup auth for grafana, and expose the grafana
+              # service using a LoadBalancer or a public IP.
+            - name: GF_AUTH_BASIC_ENABLED
+              value: "false"
+            - name: GF_AUTH_ANONYMOUS_ENABLED
+              value: "true"
+            - name: GF_AUTH_ANONYMOUS_ORG_ROLE
+              value: Admin
+            - name: GF_SERVER_ROOT_URL
+              value: /api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/
+          volumeMounts:
+          - name: grafana-persistent-storage
+            mountPath: /var
+
       volumes:
       - name: influxdb-persistent-storage
         emptyDir: {}
+      - name: grafana-persistent-storage
+        emptyDir: {}
+
 
diff --git a/roles/addons/files/kube-ui-rc.yaml b/roles/addons/files/kube-ui-rc.yaml
@@ -1,27 +1,27 @@
 apiVersion: v1
 kind: ReplicationController
 metadata:
-  name: kube-ui-v1
+  name: kube-ui-v3
   namespace: kube-system
   labels:
     k8s-app: kube-ui
-    version: v1
+    version: v3
     kubernetes.io/cluster-service: "true"
 spec:
   replicas: 1
   selector:
     k8s-app: kube-ui
-    version: v1
+    version: v3
   template:
     metadata:
       labels:
         k8s-app: kube-ui
-        version: v1
+        version: v3
         kubernetes.io/cluster-service: "true"
     spec:
       containers:
       - name: kube-ui
-        image: gcr.io/google_containers/kube-ui:v1.1
+        image: gcr.io/google_containers/kube-ui:v3
         resources:
           limits:
             cpu: 100m

diff --git a/roles/addons/tasks/kube-ui.yml b/roles/addons/tasks/kube-ui.yml
@@ -26,7 +26,7 @@
   kube:
     namespace: kube-system
     resource: rc
-    name: kube-ui-v1
+    name: kube-ui-v3
     filename: "{{ kube_manifest_dir }}/kube-ui-rc.yaml"
     state: "{{ kube_ui_rc_def.changed | ternary('latest','present') }}"
   when: enable_ui
@@ -45,4 +45,4 @@
   when: enable_ui
   tags:
     - addons
-    - kube-ui
+    - kube-ui
diff --git a/roles/addons/tasks/logging.yml b/roles/addons/tasks/logging.yml
@@ -93,4 +93,4 @@
   when: enable_logging
   tags:
     - addons
-    - logging
+    - logging
diff --git a/roles/addons/tasks/main.yml b/roles/addons/tasks/main.yml
@@ -1,47 +1,4 @@
 ---
-- name: Write kube-system namespace manifest
-  sudo: yes
-  copy:
-    src=kube-system.yaml
-    dest={{ kube_manifest_dir }}/kube-system.yaml
-
-- name: Create kube-system namespace
-  sudo: yes
-  kube:
-    resource: namespace
-    name: kube-system
-    filename: "{{ kube_manifest_dir }}/kube-system.yaml"
-    state: present
-  when: "'first_master' in group_names"
-  tags:
-    - addons
-
-- name: tokens | generate tokens for addons
-  local_action: command
-    bash -c "{{ playbook_dir }}/{{ cert_syncdir.path }}/kube-gen-token.sh {{ item }}"
-  environment:
-    TOKEN_DIR: "{{ tokens_syncdir.path }}"
-  with_items:
-    - "system:dns"
-    - "system:monitoring"
-    - "system:logging"
-  register: gentoken
-  run_once: true
-  changed_when: "'Added' in gentoken.stdout"
-
-- name: tokens | upload known_tokens to master
-  sudo: yes
-  copy:
-    src: "{{ tokens_syncdir.path }}/known_tokens.csv"
-    dest: "{{ kube_token_dir }}"
-    group: "{{ kube_cert_group }}"
-    owner: kube
-    mode: 0440
-  notify:
-    - restart apiserver
-  tags:
-    - addons
-
 - include: skydns.yml
   when: dns_setup and 'first_master' in group_names
 

diff --git a/roles/addons/tasks/monitoring.yml b/roles/addons/tasks/monitoring.yml
@@ -59,7 +59,7 @@
   kube:
     namespace: kube-system
     resource: rc
-    name: monitoring-influx-grafana-v1
+    name: monitoring-influxdb-grafana-v2
     filename: "{{ kube_manifest_dir }}/influxdb-grafana-controller.yaml"
     state: "{{ influxdb_rc_def.changed | ternary('latest','present') }}"
   when: enable_monitoring
@@ -98,7 +98,7 @@
   kube:
     namespace: kube-system
     resource: rc
-    name: monitoring-heapster-v8
+    name: heapster-v10
     filename: "{{ kube_manifest_dir }}/heapster-controller.yaml"
     state: "{{ heapster_rc_def.changed | ternary('latest','present') }}"
   when: enable_monitoring
@@ -111,11 +111,10 @@
   kube:
     namespace: kube-system
     resource: svc
-    name: monitoring-heapster
+    name: heapster
     filename: "{{ kube_manifest_dir }}/heapster-service.yaml"
     state: "{{ heapster_svc_def.changed | ternary('latest','present') }}"
   when: enable_monitoring
   tags:
     - addons
     - monitoring
-
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
@@ -24,6 +24,21 @@
   tags:
     - common
 
+- name: check if selinux enforcing
+  sudo: yes
+  command: getenforce
+  register: selinux
+  changed_when: false
+  tags:
+    - common
+
+- name: set selinux permissive
+  sudo: yes
+  selinux: state=permissive policy=targeted
+  when: "'Enforcing' in selinux.stdout"
+  tags:
+    - common
+
 # add hosts to /etc/hosts
 - name: populate inventory into hosts file
   sudo: yes
@@ -49,6 +64,12 @@
   tags:
     - common
 
+- name: upgrade all packages
+  sudo: yes
+  yum: name=* state=latest
+  tags:
+    - common
+
 - name: enable EPEL repo
   sudo: yes
   yum:
@@ -62,6 +83,14 @@
   copy:
     src=virt7-docker-common-candidate.repo
     dest=/etc/yum.repos.d/virt7-docker-common-candidate.repo
-  when: kube_build == "testing"
+  when: package_channel == "testing"
+  tags:
+    - common
+
+- name: evaluate first_master
+  add_host:
+    name: "{{ groups['master'][0] }}"
+    groups: first_master
+    when: "master in groups and groups['master'] | length > 1"
   tags:
     - common
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-docker_version: 1.7.1
+docker_version: 1.8.2
diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-ectd_version: 2.0.13
+ectd_version: 2.1.1
 etcd_client_port: 2379
 etcd_peer_port: 2380
 etcd_url_scheme: http
@@ -22,4 +22,3 @@ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ ansible_hostname }}:{{ e
 etcd_listen_client_urls: "{{ etcd_url_scheme }}://0.0.0.0:{{ etcd_client_port }}"
 
 etcd_data_dir: /var/lib/etcd
-
diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml
@@ -6,7 +6,6 @@
     - stop docker
     - delete docker0
     - start docker
-  when: inventory_hostname in groups['node']
 
 - name: restart flannel
   sudo: yes

diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
@@ -9,10 +9,10 @@
     - flannel
 
 - include: stable.yml
-  when: kube_build == "stable"
+  when: package_channel == "stable"
 
 - include: testing.yml
-  when: kube_build == "testing"
+  when: package_channel == "testing"
 
 - name: install flannel sysconfig file
   sudo: yes
-Original file line number
+Diff line change
@@ Expand Up / @@ -93,4 +93,4 @@ @@
       when: enable_logging
       tags:
         - addons
-        - logging
+        - logging