Fixing #12: Flannel needs to be present on ALL nodes! Also on the mas…

…ter nodes, otherwise the kube-apiserver can´t access the services and pods inside the Flannel network on the worker nodes.
jonashackt · Sep 26, 2018 · fcd203d · fcd203d
1 parent ba411b4
commit fcd203d
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 44 deletions.
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
@@ -1,23 +1,4 @@
-- name: Set flannel network conf on etcd
-  uri:
-    client_cert: /var/lib/kubelet/{{ ansible_hostname }}.pem
-    client_key: /var/lib/kubelet/{{ ansible_hostname }}-key.pem
-    validate_certs: no
-    url: https://master-0.k8s:2379/v2/keys/kubernetes-cluster/network/config
-    body:
-      'value={"Network": "{{ kubernetes_cluster_cidr }}",
-         "SubnetLen": 24,
-         "Backend": {
-             "Type": "vxlan",
-             "VNI": 1
-         }
-       }'
-    status_code: 200,201
-    method: PUT
-    return_content: yes
-  run_once: true
-
-- name: install package
+- name: Install flannel package
   apt:
     name: flannel
     update_cache: yes
@@ -27,17 +8,25 @@
     src: flannel.service.j2
     dest: /lib/systemd/system/flannel.service
 
-- name: restart flannel
+- name: Restart flannel
   systemd:
     daemon_reload: yes
     enabled: yes
     name: flannel
     state: restarted
 
-# Configure flannel-flavoured Docker systemd service
-- name: Copy Docker systemd unit file
-  template:
-    src: docker.service.j2
-    dest: /lib/systemd/system/docker.service
+- name: Verify if flannel is added as network interface
+  shell: ip addr
+  register: ip_addr_result
+  until: ip_addr_result.stdout.find("flannel.1") != -1
+  retries: 5
+  delay: 10
+  tags: network
+  run_once: true
 
+- name: Show, if network interface flannel.1 was created
+  debug:
+    msg: "{{ ip_addr_result.stdout_lines }}"
+  tags: network
+  run_once: true
 
diff --git a/roles/flannel/templates/flannel.service.j2 b/roles/flannel/templates/flannel.service.j2
@@ -10,8 +10,8 @@ Before=docker.service
 Type=notify
 ExecStart=/usr/bin/flannel \
   --etcd-cafile=/var/lib/kubernetes/ca.pem \
-  --etcd-certfile=/var/lib/kubelet/{{ ansible_hostname }}.pem \
-  --etcd-keyfile=/var/lib/kubelet/{{ ansible_hostname }}-key.pem \
+  --etcd-certfile={{ etcd_certfile }} \
+  --etcd-keyfile={{ etcd_keyfile }} \
   --etcd-endpoints={% for item in groups['master'] %}https://{{ hostvars[item].ansible_host }}:2379{{ "," if not loop.last else ""}}{% endfor %} \
   --etcd-prefix=/kubernetes-cluster/network \
   --public-ip={{ hostvars[inventory_hostname]['ansible_enp0s8']['ipv4']['address'] }} \

diff --git a/roles/k8s-master/tasks/main.yml b/roles/k8s-master/tasks/main.yml
@@ -20,6 +20,33 @@
     - certificates/service-account.pem
     - encryption/encryption-config.yaml
 
+- name: Set flannel network conf on etcd
+  uri:
+    client_cert: /var/lib/kubernetes/kube-apiserver.pem
+    client_key: /var/lib/kubernetes/kube-apiserver-key.pem
+    validate_certs: no
+    url: https://master-0.k8s:2379/v2/keys/kubernetes-cluster/network/config
+    body:
+      'value={"Network": "{{ kubernetes_cluster_cidr }}",
+         "SubnetLen": 24,
+         "Backend": {
+             "Type": "vxlan",
+             "VNI": 1
+         }
+       }'
+    status_code: 200,201
+    method: PUT
+    return_content: yes
+  run_once: true
+
+# Also bring Flannel onto the master nodes
+- name: Install and configure Flannel networking
+  include_role:
+    name: flannel
+  vars:
+    etcd_certfile: "/var/lib/kubernetes/kube-apiserver.pem"
+    etcd_keyfile: "/var/lib/kubernetes/kube-apiserver-key.pem"
+
 - name: download master component binaries
   get_url:
     url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubernetes_version }}/bin/linux/amd64/{{ item }}"

diff --git a/roles/k8s-worker/tasks/main.yml b/roles/k8s-worker/tasks/main.yml
@@ -27,9 +27,18 @@
     name: docker
 
 # Then Flannel has to be installed and configured, so that the Environment variables are present for the Docker service to startup.
-- name: install and configure flannel CNI networking & configure Docker to use Flannel
+- name: Install and configure Flannel networking & configure Docker to use Flannel
   include_role:
     name: flannel
+  vars:
+    etcd_certfile: "/var/lib/kubelet/{{ ansible_hostname }}.pem"
+    etcd_keyfile: "/var/lib/kubelet/{{ ansible_hostname }}-key.pem"
+
+# Configure flannel-flavoured Docker systemd service
+- name: Copy Docker systemd unit file
+  template:
+    src: docker.service.j2
+    dest: /lib/systemd/system/docker.service
 
 # Finally the Docker service could be started.
 - name: starting the Docker service will only work after Flannel has been installed
@@ -39,21 +48,6 @@
     daemon_reload: true
     enabled: yes
 
-- name: Verify if flannel is added as network interface
-  shell: ip addr
-  register: ip_addr_result
-  until: ip_addr_result.stdout.find("flannel.1") != -1
-  retries: 5
-  delay: 10
-  tags: network
-  when: inventory_hostname == 'worker-0'
-
-- name: Show, if network interface flannel.1 was created
-  debug:
-    msg: "{{ ip_addr_result.stdout_lines }}"
-  tags: network
-  when: inventory_hostname == 'worker-0'
-
 - name: install packages
   apt:
     name: "{{ item }}"

diff --git a/roles/flannel/templates/docker.service.j2 → roles/k8s-worker/templates/docker.service.j2 b/roles/flannel/templates/docker.service.j2 → roles/k8s-worker/templates/docker.service.j2