puppetlabs
diff --git a/‎README.md‎
Lines changed: 55 additions & 4 deletions b/‎README.md‎
Lines changed: 55 additions & 4 deletions
diff --git a/‎manifests/cluster_roles.pp‎
Lines changed: 2 additions & 1 deletion b/‎manifests/cluster_roles.pp‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎manifests/config.pp‎
Lines changed: 17 additions & 14 deletions b/‎manifests/config.pp‎
Lines changed: 17 additions & 14 deletions
diff --git a/‎manifests/init.pp‎
Lines changed: 31 additions & 2 deletions b/‎manifests/init.pp‎
Lines changed: 31 additions & 2 deletions
diff --git a/‎manifests/kube_addons.pp‎
Lines changed: 50 additions & 49 deletions b/‎manifests/kube_addons.pp‎
Lines changed: 50 additions & 49 deletions
diff --git a/‎manifests/packages.pp‎
Lines changed: 3 additions & 9 deletions b/‎manifests/packages.pp‎
Lines changed: 3 additions & 9 deletions
@@ -52,7 +52,7 @@ If you do not already have Docker installed on your workstation, install it [her
 
 The kubetool docker image takes each of the parameters as environment variables. When run as follows it will output a `kubernetes.yaml` file in your current working directory:
 ```
-docker run --rm -v $(pwd):/mnt -e OS=debian -e VERSION=1.9.2 -e CONTAINER_RUNTIME=docker -e CNI_PROVIDER=weave -e FQDN=kubernetes -e IP=172.17.10.101 -e BOOTSTRAP_CONTROLLER_IP=172.17.10.101 -e ETCD_INITIAL_CLUSTER="etcd-kube-master=http://172.17.10.101:2380" -e ETCD_IP="%{::ipaddress_enp0s8}" -e KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_enp0s8}" -e INSTALL_DASHBOARD=true puppet/kubetool
+docker run --rm -v $(pwd):/mnt -e OS=debian -e VERSION=1.9.2 -e CONTAINER_RUNTIME=docker -e CNI_PROVIDER=weave -e FQDN=kubernetes -e IP=172.17.10.101 -e BOOTSTRAP_CONTROLLER_IP=172.17.10.101 -e ETCD_INITIAL_CLUSTER="etcd-kube-master=http://172.17.10.101:2380" -e ETCD_IP="%{::ipaddress_enp0s8}" -e KUBE_API_ADVERTISE_ADDRESS="%{::ipaddress_enp0s8}" -e SERVICE_API_IP=10.96.0.1 -e INSTALL_DASHBOARD=true puppet/kubetool
 ```
 
 The parameters are:
@@ -61,10 +61,12 @@ The parameters are:
 * `VERSION`: the version of kubernetes you want to deploy
 * `CONTAINER_RUNTIME`: the container runtime kubernetes will use, this can only be set to `docker` or `cri_containerd`
 * `CNI_PROVIDER` : This is the CNI network to install. This can be set to `weave` or `flannel`
-* `FQDN`: the cluster fqdn.
+* `FQDN`: the cluster api fqdn. Should resolve to `IP`.
+* `IP`: the cluster api IP. When in production, should be load balanced between the controllers.
 * `BOOTSTRAP_CONTROLLER_IP`: the ip address of the controller puppet will use to create things like cluster role bindings, kube dns, and the Kubernetes dashboard.
 * `ETCD_INITIAL_CLUSTER`: the server addresses. When in production, include three, five, or seven nodes for etcd.
-* `ETCD_IP` and `ETCD_IP KUBE_API_ADVERTISE_ADDRESS`: we recommend passing the fact for the interface to be used by the cluster.
+* `ETCD_IP` and `KUBE_API_ADVERTISE_ADDRESS`: the IP each etcd/apiserver instance will use on each controller. We recommend passing the fact for the interface to be used by the cluster.
+* `SERVICE_API_IP`: the IP that the kubernetes service will be available on inside the cluster. Dependent on overlay network range.
 * `INSTALL_DASHBOARD`: a boolean to install the dashboard or not.
 
 The kubetool creates a `kubernetes.yaml` file. To view the file contents on
@@ -88,7 +90,7 @@ After your `kubernetes.yaml` file has been added to the Hiera directory on your
 
 #### Bootstrap Controller
 
-A bootstrap controller is the node a cluster uses to add cluster addons (such as kube dns, cluster role bindings etc). After the cluster is bootstrapped, the bootstrap controller becomes a normal controller.
+A bootstrap controller is the node a cluster uses to add cluster addons (such as kube dns, cluster role bindings etc). *After the cluster is bootstrapped, the bootstrap controller should be changed to a normal controller.*
 
 To make a node a bootstrap controller, add the following code to the manifest:
 
@@ -437,6 +439,55 @@ Allows the user to override the label of a node.
 
 Defaults for hostname
 
+#### `docker_version`
+
+This is the version of the docker runtime that you want to install.
+
+Defaults to `1.12.6` on RedHat
+Defaults to `1.12.0-0~xenial` on Debian
+
+#### `kube_dns_version`
+
+The version of kube DNS you would like to install
+
+Defaults to `1.14.2`
+
+#### `kube_proxy_version`
+
+The version of kube-proxy you would like to install
+
+Defaults to match the `kubernetes_version`
+
+#### `cni_cluster_cidr`
+
+The overlay (internal) network range to use.
+
+Defaults to `undef` (don't specify for kube-controller-manager). kube_tool sets this per cni provider.
+
+#### `cni_node_cidr`
+
+This triggers `allocate-node-cidrs=true` to be added to the controller-manager.
+
+Defaults to `false`.
+
+#### `cluster_service_cidr`
+
+The overlay (internal) network range to use for cluster services. This should be a subset of the `cni_cluster_cidr`. `kube_api_ip` and `kube_dns_ip` should be in this range.
+
+Defaults to `undef` (don't specify for kube-apiserver). kube_tool sets this per cni provider.
+
+#### `kube_dns_ip`
+
+The cluster service IP to use for kube-dns.
+
+Defaults to `10.96.0.10`
+
+#### `kube_api_ip`
+
+The cluster service IP to use for the kube api.
+
+Defaults to `10.96.0.1`
+
 ## Limitations
 
 This module supports [Kubernetes 1.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#v160) and above.
 
@@ -34,8 +34,9 @@
 
   if $kubernetes_version =~ /1[.](8|9)[.]\d/ {
 
-    exec { 'Create role biniding for system nodes':
+    exec { 'Create role binding for system nodes':
       command => 'kubectl set subject clusterrolebinding system:node --group=system:nodes',
+      unless  => 'kubectl describe clusterrolebinding system:node | tr -s \' \' | grep \'Group system:nodes\'',
       }
     }
   }
 
@@ -5,8 +5,11 @@
   String $kubernetes_version                                       = $kubernetes::kubernetes_version,
   String $container_runtime                                        = $kubernetes::container_runtime,
   Optional[String] $cni_cluster_cidr                               = $kubernetes::cni_cluster_cidr,
-  Optional[String] $cni_node_cidr                                  = $kubernetes::cni_node_cidr,
+  Optional[Boolean] $cni_node_cidr                                 = $kubernetes::cni_node_cidr,
+  Optional[String] $cluster_service_cidr                           = $kubernetes::cluster_service_cidr,
+  String $kube_dns_ip                                              = $kubernetes::kube_dns_ip,
   String $kube_dns_version                                         = $kubernetes::kube_dns_version,
+  String $kube_proxy_version                                       = $kubernetes::kube_proxy_version,
   String $kubernetes_fqdn                                          = $kubernetes::kubernetes_fqdn,
   Boolean $controller                                              = $kubernetes::controller,
   Boolean $bootstrap_controller                                    = $kubernetes::bootstrap_controller,
@@ -107,24 +110,24 @@
 
   #TODO fix secuirty issue that the bootstarp token is left on the server.
 
-  file {'/etc/kubernetes/secrets/bootstraptoken.yaml':
-    ensure  => present,
-    content => template('kubernetes/secrets/bootstraptoken.yaml.erb'),
-    require => File['/etc/kubernetes/secrets/'],
-  }
-
-  $kube_addons_files.each | String $addons_file | {
-    file { "/etc/kubernetes/addons/${addons_file}":
+    file {'/etc/kubernetes/secrets/bootstraptoken.yaml':
       ensure  => present,
-      content => template("kubernetes/addons/${addons_file}.erb"),
-      require => File['/etc/kubernetes/addons'],
-      }
-  }
+      content => template('kubernetes/secrets/bootstraptoken.yaml.erb'),
+      require => File['/etc/kubernetes/secrets/'],
+    }
+
+    $kube_addons_files.each | String $addons_file | {
+      file { "/etc/kubernetes/addons/${addons_file}":
+        ensure  => present,
+        content => template("kubernetes/addons/${addons_file}.erb"),
+        require => File['/etc/kubernetes/addons'],
+        }
+    }
 
     file {'/root/admin.conf':
       ensure  => present,
       content => template('kubernetes/admin.conf.erb'),
-      }
+    }
 
     file { '/etc/profile.d/kubectl.sh':
       mode    => '0644',
 
@@ -20,6 +20,11 @@
 #   It can only be set to "cri_containerd" or "docker"
 #   Defaults to docker
 #
+# [*docker_version]
+#   This is the version of the docker runtime that you want to install.
+#   Defaults to 1.12.6 on RedHat
+#   Defaults to 1.12.0-0~xenial on Debian
+#
 # [*cni_version*]
 #   The version of the cni package you would like to install
 #   Defaults to 0.6.0
@@ -201,10 +206,30 @@
 #   We will support any networking provider that supports cni
 #   This defaults to https://git.io/weave-kube-1.6
 #
+# [*cni_cluster_cidr*]
+#   The overlay (internal) network range to use.
+#   Defaults to undef. kube_tool sets this per cni provider.
+#
+# [*cni_node_cidr*]
+#   This triggers 'allocate-node-cidrs=true' to be added to the controller-manager.
+#   Defaults to false.
+#
 # [*install_dashboard*]
 #   This is a bool that determines if the kubernetes dashboard is installed.
 #   Defaults to false
 #
+# [*kube_dns_ip*]
+#   The service IP to use for kube-dns.
+#   Defaults to 10.96.0.10
+#
+# [*kube_api_ip*]
+#   The service IP to use for the kube api.
+#   Defaults to 10.96.0.1
+#
+# [*kube_proxy_version*]
+#   The version of kube-proxy you would like to install
+#   Defaults to $kubernetes_version
+#
 #
 # Authors
 # -------
@@ -213,15 +238,16 @@
 #
 #
 #
-
 class kubernetes (
   String $kubernetes_version                                       = $kubernetes::params::kubernetes_version,
   Optional[String] $kubernetes_package_version                     = $kubernetes::params::kubernetes_package_version,
   String $kubernetes_fqdn                                          = $kubernetes::params::kubernetes_fqdn,
   String $container_runtime                                        = $kubernetes::params::container_runtime,
+  Optional[String] $docker_version                                 = $kubernetes::params::docker_version,
   Optional[String] $cni_version                                    = $kubernetes::params::cni_version,
   Optional[String] $cni_cluster_cidr                               = $kubernetes::params::cni_cluster_cidr,
-  Optional[String] $cni_node_cidr                                  = $kubernetes::params::cni_node_cidr,
+  Optional[Boolean] $cni_node_cidr                                 = $kubernetes::params::cni_node_cidr,
+  Optional[String] $cluster_service_cidr                           = $kubernetes::params::cluster_service_cidr,
   String $kube_dns_version                                         = $kubernetes::params::kube_dns_version,
   Boolean $controller                                              = $kubernetes::params::controller,
   Boolean $bootstrap_controller                                    = $kubernetes::params::bootstrap_controller,
@@ -267,6 +293,9 @@
   Boolean $install_dashboard                                       = $kubernetes::params::install_dashboard,
   Boolean $taint_master                                            = $kubernetes::params::taint_master,
   String $node_label                                               = $kubernetes::params::node_label,
+  String $kube_dns_ip                                              = $kubernetes::params::kube_dns_ip,
+  String $kube_api_ip                                              = $kubernetes::params::kube_api_ip,
+  String $kube_proxy_version                                       = $kubernetes::params::kube_proxy_version,
 
   )  inherits kubernetes::params {
 
 
@@ -2,7 +2,7 @@
 class kubernetes::kube_addons (
 
   Boolean $bootstrap_controller          = $kubernetes::bootstrap_controller,
-  Optional[String]$cni_network_provider  = $kubernetes::cni_network_provider,
+  Optional[String] $cni_network_provider = $kubernetes::cni_network_provider,
   Boolean $install_dashboard             = $kubernetes::install_dashboard,
   String $kubernetes_version             = $kubernetes::kubernetes_version,
   Boolean $controller                    = $kubernetes::controller,
@@ -20,64 +20,65 @@
 
   if $bootstrap_controller {
 
-  $addon_dir = '/etc/kubernetes/addons'
+    $addon_dir = '/etc/kubernetes/addons'
 
-  exec { 'Install cni network provider':
-    command => "kubectl apply -f ${cni_network_provider}",
-    onlyif  => 'kubectl get nodes',
-    }
-
-  exec { 'Create kube proxy service account':
-    command     => 'kubectl create -f kube-proxy-sa.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-proxy-sa.yaml'],
-    refreshonly => true,
-    require     => Exec['Install cni network provider'],
-  }
-
-  exec { 'Create kube proxy ConfigMap':
-    command     => 'kubectl create -f kube-proxy.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-proxy.yaml'],
-    refreshonly => true,
-    require     => Exec['Create kube proxy service account'],
-  }
-
-  exec { 'Create kube proxy daemonset':
-    command     => 'kubectl create -f kube-proxy-daemonset.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-proxy-daemonset.yaml'],
-    refreshonly => true,
-    require     => Exec['Create kube proxy ConfigMap'],
-  }
+    exec { 'Install cni network provider':
+      command => "kubectl apply -f ${cni_network_provider}",
+      onlyif  => 'kubectl get nodes',
+      }
 
-  exec { 'Create kube dns service account':
-    command     => 'kubectl create -f kube-dns-sa.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-dns-sa.yaml'],
-    refreshonly => true,
+    exec { 'Create kube proxy service account':
+      command     => 'kubectl apply -f kube-proxy-sa.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-proxy-sa.yaml'],
+      refreshonly => true,
+      require     => Exec['Install cni network provider'],
     }
 
-  exec { 'Create kube dns service':
-    command     => 'kubectl create -f kube-dns-service.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-dns-service.yaml'],
-    refreshonly => true,
-    require     => Exec['Create kube dns service account'],
+    exec { 'Create kube proxy ConfigMap':
+      command     => 'kubectl apply -f kube-proxy.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-proxy.yaml'],
+      refreshonly => true,
+      require     => Exec['Create kube proxy service account'],
     }
 
-  exec { 'Create kube dns deployment':
-    command     => 'kubectl create -f kube-dns-deployment.yaml',
-    cwd         => $addon_dir,
-    subscribe   => File['/etc/kubernetes/addons/kube-dns-deployment.yaml'],
-    refreshonly => true,
-    require     => Exec['Create kube dns service account'],
+    exec { 'Create kube proxy daemonset':
+      command     => 'kubectl apply -f kube-proxy-daemonset.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-proxy-daemonset.yaml'],
+      refreshonly => true,
+      require     => Exec['Create kube proxy ConfigMap'],
     }
+
+    exec { 'Create kube dns service account':
+      command     => 'kubectl apply -f kube-dns-sa.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-dns-sa.yaml'],
+      refreshonly => true,
+      }
+
+    exec { 'Create kube dns service':
+      command     => 'kubectl apply -f kube-dns-service.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-dns-service.yaml'],
+      refreshonly => true,
+      require     => Exec['Create kube dns service account'],
+      }
+
+    exec { 'Create kube dns deployment':
+      command     => 'kubectl apply -f kube-dns-deployment.yaml',
+      cwd         => $addon_dir,
+      subscribe   => File['/etc/kubernetes/addons/kube-dns-deployment.yaml'],
+      refreshonly => true,
+      require     => Exec['Create kube dns service account'],
+      }
   }
 
   if $controller {
     exec { 'Assign master role to controller':
       command => "kubectl label node ${node_label} node-role.kubernetes.io/master=",
+      onlyif  => 'kubectl get nodes',
       unless  => "kubectl describe nodes ${node_label} | tr -s ' ' | grep 'Roles: master'",
     }
 
@@ -93,9 +94,9 @@
         }
 
       exec { 'Taint master node':
-        command => "kubectl taint nodes ${node_label} key=value:NoSchedule",
+        command => "kubectl taint nodes ${node_label} node-role.kubernetes.io/master=value:NoSchedule",
         onlyif  => 'kubectl get nodes',
-        unless  => "kubectl describe nodes ${node_label} | tr -s ' ' | grep 'Taints: key=value:NoSchedule'"
+        unless  => "kubectl describe nodes ${node_label} | tr -s ' ' | grep 'Taints: node-role.kubernetes.io/master=value:NoSchedule'"
       }
     }
   }
 
@@ -5,7 +5,7 @@
   Optional[String] $kubernetes_package_version = $kubernetes::kubernetes_package_version,
   String $container_runtime                    = $kubernetes::container_runtime,
   String $cni_version                          = $kubernetes::cni_version,
-
+  String $docker_version                       = $kubernetes::docker_version,
 ) {
 
   $kube_packages = ['kubelet', 'kubectl']
@@ -23,15 +23,9 @@
 
   if $container_runtime == 'docker' {
     case $::osfamily {
-      'Debian' : {
-        package { 'docker-engine':
-        ensure => '1.12.0-0~xenial',
-        }
-      }
-
-      'RedHat' : {
+      'Debian','RedHat' : {
         package { 'docker-engine':
-          ensure => '1.12.6',
+          ensure => $docker_version,
         }
       }
Original file line number	Diff line number	Diff line change
`@@ -34,8 +34,9 @@`
`34`	`34`
`35`	`35`	`if $kubernetes_version =~ /1[.](8\|9)[.]\d/ {`
`36`	`36`
`37`		`- exec { 'Create role biniding for system nodes':`
	`37`	`+ exec { 'Create role binding for system nodes':`
`38`	`38`	`command => 'kubectl set subject clusterrolebinding system:node --group=system:nodes',`
	`39`	`+ unless => 'kubectl describe clusterrolebinding system:node \| tr -s \' \' \| grep \'Group system:nodes\'',`
`39`	`40`	`}`
`40`	`41`	`}`
`41`	`42`	`}`