diff --git a/roles/build-images/defaults/main.yml b/roles/build-images/defaults/main.yml index 28f383fbe..4d9ddb76d 100644 --- a/roles/build-images/defaults/main.yml +++ b/roles/build-images/defaults/main.yml @@ -13,7 +13,7 @@ # limitations under the License. version: - kubernetes: v1.10.9 + kubernetes: v1.13.4 helm: v2.13.0 cni: v0.6.0 diff --git a/tools/deployment/common/005-deploy-k8s.sh b/tools/deployment/common/005-deploy-k8s.sh index da0f00f98..5df68231d 100755 --- a/tools/deployment/common/005-deploy-k8s.sh +++ b/tools/deployment/common/005-deploy-k8s.sh @@ -18,7 +18,7 @@ set -xe : ${HELM_VERSION:="v2.13.0"} -: ${KUBE_VERSION:="v1.12.2"} +: ${KUBE_VERSION:="v1.13.4"} : ${MINIKUBE_VERSION:="v0.30.0"} : ${CALICO_VERSION:="v3.3"} diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile index 78800b4d5..4be767cd5 100644 --- a/tools/images/kubeadm-aio/Dockerfile +++ b/tools/images/kubeadm-aio/Dockerfile @@ -34,7 +34,7 @@ ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL} ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL} -ARG KUBE_VERSION="v1.10.9" +ARG KUBE_VERSION="v1.13.4" ENV KUBE_VERSION ${KUBE_VERSION} ARG CNI_VERSION="v0.6.0" diff --git a/tools/images/kubeadm-aio/assets/entrypoint.sh b/tools/images/kubeadm-aio/assets/entrypoint.sh index 430faa5fd..05561f3fd 100755 --- a/tools/images/kubeadm-aio/assets/entrypoint.sh +++ b/tools/images/kubeadm-aio/assets/entrypoint.sh @@ -18,12 +18,10 @@ set -e if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then : ${TTL:="10m"} DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')" -TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")" DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')" API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()") exec echo "kubeadm join \ ---tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \ ---discovery-token ${DISCOVERY_TOKEN} \ +--token ${DISCOVERY_TOKEN} \ --discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \ ${API_SERVER}" elif [ "x${ACTION}" == "xjoin-kube" ]; then diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml index 3df4fc065..418e2e1bb 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml @@ -43,53 +43,53 @@ delegate_to: 127.0.0.1 block: - name: master | deploy | certs | etcd-ca - command: kubeadm alpha phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | etcd-server - command: kubeadm alpha phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | etcd-peer - command: kubeadm alpha phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | etcd-healthcheck-client - command: kubeadm alpha phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | ca - command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | apiserver - command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | apiserver-etcd-client - command: kubeadm alpha phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | apiserver-kubelet-client - command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | sa - command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs sa - name: master | deploy | certs | front-proxy-ca - command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | certs | front-proxy-client - command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: generating kubeconfigs delegate_to: 127.0.0.1 block: - name: master | deploy | kubeconfig | admin - command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | kubeconfig | kubelet - command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | kubeconfig | controller-manager - command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | kubeconfig | scheduler - command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: generating etcd static manifest delegate_to: 127.0.0.1 - command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: generating controlplane static manifests delegate_to: 127.0.0.1 block: - name: master | deploy | controlplane | apiserver - command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | controlplane | controller-manager - command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: master | deploy | controlplane | scheduler - command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: wait for kube components delegate_to: 127.0.0.1 @@ -118,7 +118,7 @@ - name: deploying kube-proxy delegate_to: 127.0.0.1 - command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - include_tasks: helm-cni.yaml @@ -142,17 +142,19 @@ when: k8s.keystoneAuth|bool == true - include_tasks: helm-deploy.yaml -- name: uploading cluster config to api +- name: uploading kubeadm config delegate_to: 127.0.0.1 - command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + +- name: uploading kubelet config + delegate_to: 127.0.0.1 + command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: generating bootstrap-token objects delegate_to: 127.0.0.1 block: - - name: master | deploy | bootstrap-token | allow-post-csrs - command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs - - name: master | deploy | bootstrap-token | allow-auto-approve - command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve + - name: master | deploy | bootstrap-token + command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf - name: generating bootstrap-token objects delegate_to: 127.0.0.1 @@ -209,7 +211,7 @@ - name: converting the cluster to be selfhosted when: k8s.selfHosted|bool == true delegate_to: 127.0.0.1 - command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml + command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml - name: setting up kubectl client and kubeadm on host block: diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 index c219ca6e5..e0d0f6860 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 @@ -1,49 +1,38 @@ #jinja2: trim_blocks:False -apiVersion: kubeadm.k8s.io/v1alpha1 -kind: MasterConfiguration +apiVersion: kubeadm.k8s.io/v1beta1 +kind: ClusterConfiguration kubernetesVersion: {{ k8s.kubernetesVersion }} imageRepository: {{ k8s.imageRepository }} -nodeName: {{ kubeadm_node_hostname }} -api: - advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} - bindPort: {{ k8s.api.bindPort }} -# etcd: -# endpoints: -# - -# - -# caFile: -# certFile: -# keyFile: -# dataDir: -# extraArgs: -# : -# : -# image: networking: dnsDomain: {{ k8s.networking.dnsDomain }} podSubnet: {{ k8s.networking.podSubnet }} serviceSubnet: {{ k8s.networking.serviceSubnet }} -#cloudProvider: -authorizationModes: -- Node -- RBAC -token: {{ kubeadm_bootstrap_token }} -tokenTTL: 24h0m0s -selfHosted: {{ k8s.selfHosted }} -apiServerExtraArgs: - service-node-port-range: "1024-65535" - feature-gates: "MountPropagation=true,PodShareProcessNamespace=true" -controllerManagerExtraArgs: - address: "0.0.0.0" - port: "10252" +apiServer: + extraArgs: + service-node-port-range: "1024-65535" + feature-gates: "MountPropagation=true,PodShareProcessNamespace=true" +controllerManager: + extraArgs: + address: "0.0.0.0" + port: "10252" + feature-gates: "PodShareProcessNamespace=true" +scheduler: + extraArgs: + address: "0.0.0.0" + port: "10251" feature-gates: "PodShareProcessNamespace=true" -# : -schedulerExtraArgs: - address: "0.0.0.0" - port: "10251" - feature-gates: "PodShareProcessNamespace=true" -# apiServerCertSANs: -# - -# - certificatesDir: {{ k8s.certificatesDir }} -#unifiedControlPlaneImage: +--- +apiVersion: kubeadm.k8s.io/v1beta1 +localAPIEndpoint: + advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} + bindPort: {{ k8s.api.bindPort }} +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: {{ kubeadm_bootstrap_token }} + ttl: 24h0m0s + usages: + - signing + - authentication +kind: InitConfiguration diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 index fdd4f4e30..926040be9 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 @@ -4,10 +4,9 @@ Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manife Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf" Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" -Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0" Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki" Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}" Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true" #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux ExecStart= -ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS +ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml index 2d903803a..28441b8ed 100644 --- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml +++ b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml @@ -34,7 +34,7 @@ all: helm: tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0 k8s: - kubernetesVersion: v1.9.1 + kubernetesVersion: v1.13.4 imageRepository: gcr.io/google_containers certificatesDir: /etc/kubernetes/pki selfHosted: false