Merge pull request Project31#29 from rhuss/master

Update to Hypriot 1.6.0 and Kubernetes 1.8.0
rhuss · Oct 10, 2017 · 2016399 · 2016399
2 parents cd6858b + 35e2992
commit 2016399
Show file tree

Hide file tree

Showing 14 changed files with 224 additions and 202 deletions.
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ Thanks to [Hypriot](https://github.com/hypriot/image-builder-rpi/releases/latest
 
 1. Download the latest Hyoriot image and store it as `hypriot.zip` :
 
-        curl -L https://github.com/hypriot/image-builder-rpi/releases/download/v1.5.0/hypriotos-rpi-v1.5.0.img.zip -o hypriot.zip
+        curl -L https://github.com/hypriot/image-builder-rpi/releases/download/v1.6.0/hypriotos-rpi-v1.6.0.img.zip -o hypriot.zip
 
 2. Install Hypriots' [flash](https://github.com/hypriot/flash) installer script. Follow the directions on the installation page.
 
@@ -137,8 +137,6 @@ The following steps will be applied by this command (which may take a bit):
 
 With this basic setup you have already a working Docker environment.
 
-**Now its time to reboot the whole cluster since some required boot params has been added. Plug the wire.**
-
 ### Kubernetes Setup
 
 The final step for a working Kubernetes cluster is to run

diff --git a/roles/base/tasks/apt.yml b/roles/base/tasks/apt.yml
@@ -7,10 +7,18 @@
 - name: Add Kubernetes Repo Key
   apt_key: url=https://packages.cloud.google.com/apt/doc/apt-key.gpg
 
+- name: Add Docker Repo Key
+  apt_key: 
+    id: F76221572C52609D
+    keyserver: hkp://keyserver.ubuntu.com:80
+
 - name: Add Kubernetes Repo
   # Try to pick up latest stable builds. Switch over to '-unstable' if targeting latest releases
   apt_repository: repo='deb http://apt.kubernetes.io/ kubernetes-xenial main' state=present
 
+- name: Add Docker Repo
+  apt_repository: repo='deb [arch=armhf] https://apt.dockerproject.org/repo raspbian-jessie main' state=present
+
 - name: Update APT package cache and upgrade
   apt:
     update_cache: yes

diff --git a/roles/base/tasks/user.yml b/roles/base/tasks/user.yml
@@ -7,7 +7,7 @@
 - name: Add user pi to group docker
   user: name=pi groups=docker,pi,video append=yes shell=/bin/bash
 
-- name: Add pi to to sudoers
+- name: Add pi to sudoers
   lineinfile:
     dest: /etc/sudoers
     state: present

diff --git a/roles/kubernetes/defaults/main.yml b/roles/kubernetes/defaults/main.yml
@@ -5,9 +5,10 @@ network:
   pod_subnet: 10.1.0.0/16
 images:
   flannel: quay.io/coreos/flannel:v0.7.0-arm
-  weave: weaveworks/weave-kube:1.9.4
-  weave_npc: weaveworks/weave-npc:1.9.4
+  weave: weaveworks/weave-kube:2.0.4
+  weave_npc: weaveworks/weave-npc:2.0.4
 k8s:
+  version: 1.8.0*
   # Timing is good for demos. Defaults are 5min eviction and 40s node grace period
   # TODO: Not yet put into the k8s configuration
   pod_eviction_timeout: 5s
@@ -16,6 +17,5 @@ docker:
   # devicemapper or overlay2
   storage_driver: devicemapper
   expose_tcp: true
-  version: "1.12*"
-
+  version: "17.03*"
 debug_level: 2
diff --git a/roles/kubernetes/tasks/apt.yml b/roles/kubernetes/tasks/apt.yml
@@ -4,7 +4,7 @@
     force: yes
     state: present
   with_items:
-    - kubelet
-    - kubeadm
-    - kubectl
+    - kubelet={{ k8s.version }}
+    - kubeadm={{ k8s.version }}
+    - kubectl={{ k8s.version }}
     - kubernetes-cni
diff --git a/roles/kubernetes/tasks/docker.yml b/roles/kubernetes/tasks/docker.yml
@@ -13,7 +13,7 @@
     dockerd_extra_args: "{{ '-H tcp://' + inventory_hostname + ':2375' if docker.expose_tcp else '' }}"
 
 - name: Update docker service startup
-  template: src=docker-1.12.service dest=/etc/systemd/system/multi-user.target.wants/docker.service
+  template: src=docker.service dest=/etc/systemd/system/docker.service
   register: result
   notify:
     - restart docker

diff --git a/roles/kubernetes/tasks/master.yml b/roles/kubernetes/tasks/master.yml
@@ -1,35 +1,28 @@
-- name: Check for an already generated token
-  become: no
-  stat: path={{ playbook_dir }}/run/kubeadm-token.txt
-  delegate_to: localhost
-  register: kubeadm_token
-
-- block:
-  - name: Create a token from master
-    command: kubeadm token generate
-    register: kubeadm_gen_token
-  - name: Copy token to local file 'kubernetes-token'
-    become: no
-    copy: content={{ kubeadm_gen_token.stdout }} dest={{ playbook_dir }}/run/kubeadm-token.txt
-    delegate_to: localhost
-  when: kubeadm_token.stat.exists == false and mode == "master"
-
-- name: Register token as fact
-  set_fact:
-    kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
-
 - name: Copy init file for kubeadm
   template: src=kubeadm.yml dest=/etc/kubernetes/kubeadm.yml mode=0755
 
+- name: Clean up /var/lib/kubelet/ 
+  file: path=/var/lib/kubelet/pki state=absent
+
 - name: Run kubeadm init on master
-#  environment:
-    # Temporary until 1.6 is released
-#    KUBE_HYPERKUBE_IMAGE: luxas/hyperkube:v1.6.0-and-PR-42911
   command: kubeadm init --config /etc/kubernetes/kubeadm.yml
   register: kubeadm_init
 
+- name: Create a dedicated token from master
+  command: kubeadm token create --ttl 0 --groups system:bootstrappers:kubeadm:default-node-token --description "Bootstrap token which does not expire"
+  register: kubeadm_gen_token
+
+- name: Copy token to local file 'kubernetes-token'
+  become: no
+  copy: content={{ kubeadm_gen_token.stdout }} dest={{ playbook_dir }}/run/kubeadm-token.txt
+  delegate_to: localhost
+
+- name: Register token as fact
+  set_fact:
+    kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
+
 - name: Copy Kubernetes access config to ~/.kube/config on nodes
-  copy: remote_src=True src=/etc/kubernetes/admin.conf dest=/home/pi/.kube/config owner=pi
+  copy: remote_src=True src=/etc/kubernetes/admin.conf dest=/home/pi/.kube/config owner=pi group=pi
 
 # - debug: var=kubeadm_init.stdout
 

diff --git a/roles/kubernetes/tasks/node.yml b/roles/kubernetes/tasks/node.yml
@@ -2,8 +2,20 @@
   set_fact:
     kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
 
+- name: Clean up /var/lib/kubelet/ 
+  file: path=/var/lib/kubelet/pki state=absent
+
 - name: Run kubeadm join on node
-  command: kubeadm join --token={{ kubeadm_token }} master:6443
+  command: kubeadm join --token={{ kubeadm_token }} --discovery-token-unsafe-skip-ca-verification master:6443
 
+- name: Wait for /etc/kubernetes/kubelet.conf to be created
+  wait_for: path=/etc/kubernetes/kubelet.conf
+
 - name: Copy Kubernetes access config to ~/.kube/config on nodes
-  copy: remote_src=True src=/etc/kubernetes/kubelet.conf dest=/home/pi/.kube/config owner=pi
+  copy: remote_src=True src=/etc/kubernetes/kubelet.conf dest=/home/pi/.kube/config owner=pi group=pi
+
+- name: Fix permission for kubelet-client.key
+  file: path=/var/lib/kubelet/pki/kubelet-client.key mode="660" group=pi
+
+- name: Fix permission for kubelet.key
+  file: path=/var/lib/kubelet/pki/kubelet.key mode="660" group=pi