Upgraded to flannel 0.9.0 and Docker 17.09. Switched to overlay2 as default storage driver.

Author: SitoCH

kubernetes/defaults/main.yml

@@ -4,18 +4,19 @@ network:
   service_subnet: 10.200.100.0/24
   pod_subnet: 10.1.0.0/16
 images:
-  flannel: quay.io/coreos/flannel:v0.7.1-arm
+  flannel: quay.io/coreos/flannel:v0.9.0-arm
   weave: weaveworks/weave-kube:1.9.4
   weave_npc: weaveworks/weave-npc:1.9.4
 k8s:
+  version: 1.8.0*
   # Timing is good for demos. Defaults are 5min eviction and 40s node grace period
   # TODO: Not yet put into the k8s configuration
   pod_eviction_timeout: 20s
   node_monitor_grace_period: 40s
 docker:
   # devicemapper or overlay2
-  storage_driver: overlay
+  storage_driver: overlay2
   expose_tcp: true
-  version: "1.12*"
+  version: "17.09*"
 
 debug_level: 2

kubernetes/tasks/apt.yml

@@ -4,7 +4,7 @@
     force: yes
     state: present
   with_items:
-    - kubelet
-    - kubeadm
-    - kubectl
+    - kubelet={{ k8s.version }}
+    - kubeadm={{ k8s.version }}
+    - kubectl={{ k8s.version }}
     - kubernetes-cni

kubernetes/tasks/docker.yml

@@ -4,7 +4,7 @@
 - name: Downgrade docker
   apt:
     state: present
-    name: docker-engine={{ docker.version }}
+    name: docker-ce={{ docker.version }}
     autoremove: yes
     force: yes
 
@@ -13,7 +13,7 @@
     dockerd_extra_args: "{{ '-H tcp://' + inventory_hostname + ':2375' if docker.expose_tcp else '' }}"
 
 - name: Update docker service startup
-  template: src=docker-1.12.service dest=/etc/systemd/system/docker.service
+  template: src=docker.service dest=/etc/systemd/system/docker.service
   register: result
   notify:
     - restart docker
@@ -24,3 +24,9 @@
 
 - name: Notify Docker service right now to restart
   meta: flush_handlers
+
+- name: Set the iptables to FORWARD ACCEPT
+  command: iptables -P FORWARD ACCEPT
+
+- name: Save the iptables
+  command: iptables-save

kubernetes/tasks/master.yml

@@ -1,36 +1,28 @@
-- name: Check for an already generated token
-  become: no
-  stat: path={{ playbook_dir }}/run/kubeadm-token.txt
-  delegate_to: localhost
-  register: kubeadm_token
-
-- block:
-  - name: Create a token from master
-    command: kubeadm token generate
-    register: kubeadm_gen_token
-  - name: Copy token to local file 'kubernetes-token'
-    become: no
-    copy: content={{ kubeadm_gen_token.stdout }} dest={{ playbook_dir }}/run/kubeadm-token.txt
-    delegate_to: localhost
-  when: kubeadm_token.stat.exists == false and mode == "master"
-
-- name: Register token as fact
-  set_fact:
-    kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
-
 - name: Copy init file for kubeadm
   template: src=kubeadm.yml dest=/etc/kubernetes/kubeadm.yml mode=0755
 
-- name: Run kubeadm reset on master
-  command: kubeadm reset 
-  register: kubeadm_reset
-
+- name: Clean up /var/lib/kubelet/ 
+  file: path=/var/lib/kubelet/pki state=absent
+    
 - name: Run kubeadm init on master
   command: kubeadm init --config /etc/kubernetes/kubeadm.yml
   register: kubeadm_init
 
+- name: Create a dedicated token from master
+  command: kubeadm token create --ttl 0 --groups system:bootstrappers:kubeadm:default-node-token --description "Bootstrap token which does not expire"
+  register: kubeadm_gen_token
+
+- name: Copy token to local file 'kubernetes-token'
+  become: no
+  copy: content={{ kubeadm_gen_token.stdout }} dest={{ playbook_dir }}/run/kubeadm-token.txt
+  delegate_to: localhost
+
+- name: Register token as fact
+  set_fact:
+    kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
+
 - name: Copy Kubernetes access config to ~/.kube/config on nodes
-  copy: remote_src=True src=/etc/kubernetes/admin.conf dest=/home/pi/.kube/config owner=pi
+  copy: remote_src=True src=/etc/kubernetes/admin.conf dest=/home/pi/.kube/config owner=pi group=pi
 
 # - debug: var=kubeadm_init.stdout
 
@@ -53,4 +45,4 @@
     src: "/etc/kubernetes/admin.conf"
     dest: "{{ playbook_dir }}/run/"
     flat: true
-  
+  

kubernetes/tasks/node.yml

@@ -2,9 +2,20 @@
   set_fact:
     kubeadm_token: "{{ lookup('file', playbook_dir + '/run/kubeadm-token.txt') }}"
 
-- name: Run kubeadm reset on node
-  command: kubeadm reset 
+- name: Clean up /var/lib/kubelet/ 
+  file: path=/var/lib/kubelet/pki state=absent
 
 - name: Run kubeadm join on node
-  command: kubeadm join --token={{ kubeadm_token }} master:6443
+  command: kubeadm join --token={{ kubeadm_token }} --discovery-token-unsafe-skip-ca-verification master:6443
 
+- name: Wait for /etc/kubernetes/kubelet.conf to be created
+  wait_for: path=/etc/kubernetes/kubelet.conf
+  
+- name: Copy Kubernetes access config to ~/.kube/config on nodes
+  copy: remote_src=True src=/etc/kubernetes/kubelet.conf dest=/home/pi/.kube/config owner=pi group=pi
+  
+- name: Fix permission for kubelet-client.key
+  file: path=/var/lib/kubelet/pki/kubelet-client.key mode="660" group=pi
+
+- name: Fix permission for kubelet.key
+  file: path=/var/lib/kubelet/pki/kubelet.key mode="660" group=pi

kubernetes/templates/docker-1.12.service kubernetes/templates/docker.servicekubernetes/templates/docker-1.12.service renamed to kubernetes/templates/docker.service

@@ -1,18 +1,12 @@
 kind: MasterConfiguration
 apiVersion: kubeadm.k8s.io/v1alpha1
-token: "{{ kubeadm_token }}"
 networking:
   podSubnet: "{{ network.pod_subnet }}"
 #  serviceSubnet: "{{ network.service_subnet }}"
 controllerManagerExtraArgs:
-  controllers: "*,bootstrapsigner,tokencleaner"
   horizontal-pod-autoscaler-use-rest-clients: "true"
   horizontal-pod-autoscaler-sync-period: "20s"
-  node-monitor-grace-period: "30s"
+  node-monitor-grace-period: "15s"
 apiServerExtraArgs:
   runtime-config: "api/all=true"
-  feature-gates: "TaintBasedEvictions=true"
-# Disabled for now, requires 1.7.0 alpha:
-#  proxy-client-cert-file: "/etc/kubernetes/pki/front-proxy-client.crt"
-#  proxy-client-key-file: "/etc/kubernetes/pki/front-proxy-client.key"
-# selfHosted: true
+kubernetesVersion: "latest-1.8"