Test dependencies

ansible/roles/kubernetes/defaults/main.yml

@@ -0,0 +1,41 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kubernetes_goarch: "amd64"
+
+kubernetes_bins:
+- kubeadm
+- kubectl
+- kubelet
+
+kubernetes_primary_imgs:
+- kube-apiserver.tar
+- kube-controller-manager.tar
+- kube-scheduler.tar
+- kube-proxy.tar
+
+kubernetes_additional_imgs:
+- pause.tar
+- coredns.tar
+- etcd.tar
+
+kubernetes_load_additional_imgs: false
+
+kubernetes_imgs: "{{ kubernetes_primary_imgs | union(kubernetes_additional_imgs) if kubernetes_load_additional_imgs | bool else kubernetes_primary_imgs }}"
+
+kubernetes_cni_http_checksum: "sha1:{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz.sha1"
+
+kubeadm_template: "etc/kubeadm.yml"
+
+kubelet_extra_args: "--pod-infra-container-image={{ pause_image }}"

ansible/roles/kubernetes/tasks/crictl-url.yml

@@ -0,0 +1,54 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Download crictl checksum
+  get_url:
+    url: "{{ crictl_sha256 }}"
+    dest: /tmp/crictl.tar.gz.sha256
+    mode: 0600
+
+- name: Register checksum value for crictl
+  slurp:
+    src: /tmp/crictl.tar.gz.sha256
+  register: csum
+
+- name: download crictl
+  vars:
+    sha256: "{{ csum['content'] | b64decode | trim }}"
+  get_url:
+    url: "{{ crictl_url }}"
+    checksum: "sha256:{{ sha256 }}"
+    dest: /tmp/crictl.tar.gz
+    mode: 0600
+
+- name: Create "{{ sysusrlocal_prefix }}/bin" directory
+  file:
+    state: directory
+    path: "{{ sysusrlocal_prefix }}/bin"
+    mode: 0755
+    owner: root
+    group: root
+
+- name: unpack crictl
+  unarchive:
+    remote_src: True
+    src: /tmp/crictl.tar.gz
+    dest: "{{ sysusrlocal_prefix }}/bin"
+    extra_opts:
+      - --no-overwrite-dir
+
+- name: Remove crictl tarball
+  file:
+    state: absent
+    path: /tmp/crictl.tar.gz

ansible/roles/kubernetes/tasks/debian.yml

@@ -0,0 +1,36 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add the Kubernetes repo key
+  apt_key:
+    url: "{{ kubernetes_deb_gpg_key }}"
+    state: present
+
+- name: Add the Kubernetes repo
+  apt_repository:
+    repo: "deb {{ kubernetes_deb_repo }} main"
+    update_cache: True
+    state: present
+    mode: 0644
+    filename: kubernetes
+
+- name: Install Kubernetes
+  apt:
+    name: "{{ packages }}"
+  vars:
+    packages:
+      - "kubelet={{ kubernetes_deb_version }}"
+      - "kubeadm={{ kubernetes_deb_version }}"
+      - "kubectl={{ kubernetes_deb_version }}"
+      - "kubernetes-cni={{ kubernetes_cni_deb_version }}"

ansible/roles/kubernetes/tasks/ecrpull.yml

@@ -0,0 +1,29 @@
+# TODO: This task will be deprecated once https://github.com/containerd/cri/issues/1131 is fixed
+- name: Create kubeadm config file
+  template:
+    dest: /etc/kubeadm.yml
+    src: etc/kubeadm.yml
+    mode: 0600
+
+- name: Get images list
+  shell: 'kubeadm config images list --config /etc/kubeadm.yml'
+  register: images_list
+
+- name: Log into ECR
+  command: >
+    aws ecr get-authorization-token
+    --registry-ids {{ kubernetes_container_registry.split('.')[0] }}
+    --region {{ kubernetes_container_registry.split('.')[3] }}
+    --output text
+    --query 'authorizationData[].authorizationToken'
+  register: credentials
+
+- name: Pull images
+  command: "crictl pull --creds {{ credentials.stdout | b64decode }} {{ item }}"
+  loop: "{{ images_list.stdout_lines }}"
+
+- name: Delete kubeadm config
+  file:
+    path: /etc/kubeadm.yml
+    state: absent
+  when: ansible_os_family != "Flatcar"

ansible/roles/kubernetes/tasks/kubeadmpull.yml

@@ -0,0 +1,14 @@
+- name: Create kubeadm config file
+  template:
+    dest: /etc/kubeadm.yml
+    src: "{{ kubeadm_template }}"
+    mode: 0600
+
+- name: Kubeadm pull images
+  shell: 'kubeadm config images pull --config /etc/kubeadm.yml --cri-socket {{ containerd_cri_socket }}'
+
+- name: Delete kubeadm config
+  file:
+    path: /etc/kubeadm.yml
+    state: absent
+  when: ansible_os_family != "Flatcar"

ansible/roles/kubernetes/tasks/main.yml

@@ -0,0 +1,75 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- import_tasks: debian.yml
+  when: kubernetes_source_type == "pkg" and ansible_os_family == "Debian"
+
+- import_tasks: redhat.yml
+  when: kubernetes_source_type == "pkg" and ansible_os_family == "RedHat"
+
+- import_tasks: photon.yml
+  when: kubernetes_source_type == "pkg" and ansible_os_family == "VMware Photon OS"
+
+- name: Symlink cri-tools
+  file:
+    src:   "/usr/local/bin/{{ item }}"
+    dest:  "/usr/bin/{{ item }}"
+    mode: 0777
+    state: link
+    force: yes
+  loop:
+  - ctr
+  - crictl
+  - critest
+  when: ansible_os_family != "Flatcar"
+
+- import_tasks: url.yml
+  when: kubernetes_source_type == "http" and kubernetes_cni_source_type == "http"
+
+# must include crictl-url.yml after installing containerd,
+# as the cri-containerd tarball also includes crictl.
+- import_tasks: crictl-url.yml
+  when: crictl_source_type == "http"
+
+- name: Create kubelet default config file
+  template:
+    src: etc/sysconfig/kubelet
+    dest: "{{ '/etc/default/kubelet' if ansible_os_family == 'Debian' else '/etc/sysconfig/kubelet'}}"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Enable kubelet service
+  systemd:
+    name: kubelet
+    daemon_reload: yes
+    enabled: True
+    state: stopped
+
+- name: Create the Kubernetes version file
+  template:
+    dest: /etc/kubernetes-version
+    src: etc/kubernetes-version
+    mode: 0644
+
+# TODO: This section will be deprecated once https://github.com/containerd/cri/issues/1131 is fixed. It is used to support ECR with containerd.
+- name: Check if Kubernetes container registry is using Amazon ECR
+  set_fact:
+    ecr: '{{ kubernetes_container_registry is regex("^[0-9]{12}.dkr.ecr.[^.]+.amazonaws.com$") }}'
+
+- import_tasks: kubeadmpull.yml
+  when: (kubernetes_source_type == "pkg" and ecr != true) or ansible_os_family == "Flatcar"
+
+- import_tasks: ecrpull.yml
+  when: kubernetes_source_type != "http" and ecr == true

ansible/roles/kubernetes/tasks/photon.yml

@@ -0,0 +1,24 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add the kubernetes repo
+  template:
+    dest: /etc/yum.repos.d/kubernetes.repo
+    src: etc/yum.repos.d/kubernetes.repo
+    mode: 0644
+
+- name: Install Kubernetes
+  command: tdnf install {{ packages }} --nogpgcheck -y
+  vars:
+    packages: "kubelet-{{ kubernetes_rpm_version }} kubeadm-{{ kubernetes_rpm_version }} kubectl-{{ kubernetes_rpm_version }} kubernetes-cni-{{kubernetes_cni_rpm_version }}"

ansible/roles/kubernetes/tasks/redhat.yml

@@ -0,0 +1,34 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add the Kubernetes repo
+  yum_repository:
+    name: kubernetes
+    description: the kubernetes yum repo
+    baseurl: "{{ kubernetes_rpm_repo }}"
+    gpgcheck: "{{ kubernetes_rpm_gpg_check }}"
+    gpgkey: "{{ kubernetes_rpm_gpg_key }}"
+
+- name: Install Kubernetes
+  yum:
+    name: "{{ packages }}"
+    allow_downgrade: True
+    state: present
+    lock_timeout: 60
+  vars:
+    packages:
+      - "kubelet-{{ kubernetes_rpm_version }}"
+      - "kubeadm-{{ kubernetes_rpm_version }}"
+      - "kubectl-{{ kubernetes_rpm_version }}"
+      - "kubernetes-cni-{{kubernetes_cni_rpm_version }}"

ansible/roles/kubernetes/tasks/url.yml

@@ -0,0 +1,115 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Create CNI directory
+  file:
+    state: directory
+    path: /opt/cni/bin
+    mode: 0755
+    owner: root
+    group: root
+
+- name: Download CNI tarball
+  get_url:
+    url: "{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-linux-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz"
+    checksum: "{{ kubernetes_cni_http_checksum }}"
+    dest: /tmp/cni.tar.gz
+    mode: 0755
+    owner: root
+    group: root
+
+- name: Install CNI
+  unarchive:
+    remote_src: yes
+    dest: /opt/cni/bin
+    src: /tmp/cni.tar.gz
+
+- name: Remove CNI tarball
+  file:
+    state: absent
+    path: /tmp/cni.tar.gz
+
+- name: Download Kubernetes binaries
+  get_url:
+    url: "{{ kubernetes_http_source }}/{{ kubernetes_semver }}/bin/linux/{{ kubernetes_goarch }}/{{ item }}"
+    # TODO(akutz) Write a script to separately download the checksum
+    #             and verify the associated file using the correct
+    #             checksum file format
+    #checksum: "sha1:{{ kubernetes_http_source }}/bin/linux/amd64/{{ item }}.sha1"
+    dest: "{{ sysusr_prefix }}/bin/{{ item }}"
+    mode: 0755
+    owner: root
+    group: root
+  loop: "{{ kubernetes_bins }}"
+
+- name: Download Kubernetes images
+  get_url:
+    url: "{{ kubernetes_http_source }}/{{ kubernetes_semver }}/bin/linux/{{ kubernetes_goarch }}/{{ item }}"
+    # TODO(akutz) Write a script to separately download the checksum
+    #             and verify the associated file using the correct
+    #             checksum file format
+    #checksum: "sha1:{{ kubernetes_http_source }}/bin/linux/amd64/{{ item }}.sha1"
+    dest: "/tmp/{{ item }}"
+    mode: 0600
+  loop: "{{ kubernetes_imgs }}"
+
+- name: Load Kubernetes images
+  shell: 'CONTAINERD_NAMESPACE="k8s.io" {{ sysusr_prefix }}/bin/ctr --address={{ containerd_cri_socket }} images import /tmp/{{ item }}'
+  loop: "{{ kubernetes_imgs }}"
+
+- name: Remove Kubernetes images
+  file:
+    state: absent
+    path: "/tmp/{{ item }}"
+  loop: "{{ kubernetes_imgs }}"
+
+- name: Create Kubernetes manifests directory
+  file:
+    state: directory
+    path: /etc/kubernetes/manifests
+    mode: 0755
+    owner: root
+    group: root
+
+- name: Create kubelet sysconfig directory
+  file:
+    state: directory
+    path: /etc/sysconfig
+    mode: 0755
+    owner: root
+    group: root
+
+- name: Create kubelet drop-in directory
+  file:
+    state: directory
+    path: "{{ systemd_prefix }}/system/kubelet.service.d"
+    mode: 0755
+    owner: root
+    group: root
+
+- name: Create kubelet kubeadm drop-in file
+  template:
+    src: usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
+    dest: "{{ systemd_prefix }}/system/kubelet.service.d/10-kubeadm.conf"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Create kubelet systemd file
+  template:
+    src: usr/lib/systemd/system/kubelet.service
+    dest: "{{ systemd_prefix }}/system/kubelet.service"
+    owner: root
+    group: root
+    mode: 0644

ansible/roles/kubernetes/templates/etc/kubeadm.yml

@@ -0,0 +1,11 @@
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+imageRepository: {{ kubernetes_container_registry }}
+kubernetesVersion: {{ kubernetes_semver }}
+dns:
+  imageRepository: {{ kubernetes_container_registry }}/coredns
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+nodeRegistration:
+  criSocket: {{ containerd_cri_socket }}

ansible/roles/kubernetes/templates/etc/kubernetes-version

@@ -0,0 +1 @@
+{{ kubernetes_semver }}

ansible/roles/kubernetes/templates/etc/sysconfig/kubelet

@@ -0,0 +1 @@
+KUBELET_EXTRA_ARGS={{ kubelet_extra_args }}

ansible/roles/kubernetes/templates/etc/yum.repos.d/kubernetes.repo

@@ -0,0 +1,7 @@
+[kubernetes]
+name=kubernetes
+description=the kubernetes yum repo
+baseurl={{ kubernetes_rpm_repo }}
+gpgcheck={{ kubernetes_rpm_gpg_check }}
+gpgkey={{ kubernetes_rpm_gpg_key }}
+enabled=1

ansible/roles/kubernetes/templates/usr/lib/systemd/system/kubelet.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=kubelet: The Kubernetes Node Agent
+Documentation=https://kubernetes.io/docs/home/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart={{ sysusr_prefix }}/bin/kubelet
+Restart=always
+StartLimitInterval=0
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/kubernetes/templates/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

@@ -0,0 +1,11 @@
+# Note: This dropin only works with kubeadm and kubelet v1.11+
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/sysconfig/kubelet
+ExecStart=
+ExecStart={{ sysusr_prefix }}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS