Merge from upstream (#4)

* Upgrade to k8s 1.13.5

* Increase CPU flavor for CI (kubernetes-sigs#4389)

* Fix CA cert environment variable for ectd v3 (kubernetes-sigs#4381)

* Added livenessProbe for local nginx apiserver proxy liveness probe (kubernetes-sigs#4222)

* Added configurable local apiserver proxy liveness probe

* Enable API LB healthcheck by default

* Fix template spacing and moved healthz location to nginx http section

* Fix healthcheck listen address to allow kubelet request healthcheck

* Default values for variable dns_servers and dns_domain  are set in two files: (kubernetes-sigs#3999)

values from inventory in roles/kubespray-defaults/defaults/main.yml
hardcoded values in roles/container-engine/defaults/main.yml

dns_servers set empty in roles/container-engine/defaults/main.yml and skydns_server not set in docker_dns_servers variables
also set default value for manual_dns_serve

another variables in roles/container-engine/defaults not need to set

* Fix bootsrap-os role, failing to create remote_tmp (kubernetes-sigs#4384)

* Fix bootsrap-os role, failing to create remote_tmp

* use ansible_remote_tmp hostvar

* Use static files in KubeDNS templating task (kubernetes-sigs#4379)

This commit adapts the "Lay Down KubeDNS Template" task to use the static
files moved by pull request [1]

[1] kubernetes-sigs#4341

* Fix supplementary_addresses rendering error (kubernetes-sigs#4403)

* Corrected cloud name (kubernetes-sigs#4316)

The correct name is Packet, not Packet Host.

* adapt inventory script to python 2.7 version (kubernetes-sigs#4407)

* Calico felix - Fix jinja2 boolean condition (kubernetes-sigs#4348)

* Fix jinja2 boolean condition

* Convert all felix variable to booleans instead.

README.md

@@ -112,7 +112,7 @@ Supported Components
 --------------------
 
 -   Core
-    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.13.4
+    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.13.5
     -   [etcd](https://github.com/coreos/etcd) v3.2.24
     -   [docker](https://www.docker.com/) v18.06 (see note)
     -   [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)

contrib/inventory_builder/inventory.py

@@ -197,8 +197,14 @@ def range2ips(self, hosts):
         reworked_hosts = []
 
         def ips(start_address, end_address):
-            start = int(ip_address(start_address).packed.hex(), 16)
-            end = int(ip_address(end_address).packed.hex(), 16)
+            try:
+                # Python 3.x
+                start = int(ip_address(start_address))
+                end   = int(ip_address(end_address))
+            except:
+                # Python 2.7
+                start = int(ip_address(unicode(start_address)))
+                end   = int(ip_address(unicode(end_address)))
             return [ip_address(ip).exploded for ip in range(start, end+1)]
 
         for host in hosts:

docs/packet.md

@@ -1,7 +1,7 @@
-Packet Host
+Packet
 ===============
 
-Kubespray provides support for bare metal deployments using the [Packet Host bare metal cloud](http://www.packet.com).
+Kubespray provides support for bare metal deployments using the [Packet bare metal cloud](http://www.packet.com).
 Deploying upon bare metal allows Kubernetes to run at locations where an existing public or private cloud might not exist such
 as cell tower, edge collocated installations. The deployment mechanism used by Kubespray for Packet is similar to that used for
 AWS and OpenStack clouds (notably using Terraform to deploy the infrastructure). Terraform uses the Packet provider plugin
@@ -10,7 +10,7 @@ dynamically from the Terraform state file.
 
 ## Local Host Configuration
 
-To perform this installation, you will need a localhost to run Terraform/Ansible (laptop, VM, etc) and an account with Packet Host.
+To perform this installation, you will need a localhost to run Terraform/Ansible (laptop, VM, etc) and an account with Packet.
 In this example, we're using an m1.large CentOS 7 OpenStack VM as the localhost to kickoff the Kubernetes installation.
 You'll need Ansible, Git, and PIP.
 

inventory/sample/group_vars/all/all.yml

@@ -24,6 +24,8 @@ bin_dir: /usr/local/bin
 ## Local loadbalancer should use this port
 ## And must be set port 6443
 nginx_kube_apiserver_port: 6443
+## If nginx_kube_apiserver_healthcheck_port variable defined, enables proxy liveness check.
+nginx_kube_apiserver_healthcheck_port: 8081
 
 ### OTHER OPTIONAL VARIABLES
 ## For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed

inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml

@@ -19,7 +19,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.13.4
+kube_version: v1.13.5
 
 # kubernetes image repo define
 kube_image_repo: "gcr.io/google-containers"

roles/bootstrap-os/tasks/main.yml

@@ -30,7 +30,7 @@
 
 - name: Create remote_tmp for it is used by another module
   file:
-    path: "{{ lookup('config', 'DEFAULT_REMOTE_TMP', on_missing='skip', wantlist=True) | first | default('~/.ansible/tmp') }}"
+    path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
     state: directory
     mode: 0700
 

roles/download/defaults/main.yml

@@ -35,7 +35,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube
 image_arch: "{{host_architecture | default('amd64')}}"
 
 # Versions
-kube_version: v1.13.4
+kube_version: v1.13.5
 kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.24
 
@@ -71,6 +71,7 @@ cni_download_url: "https://github.com/containernetworking/plugins/releases/downl
 # Checksums
 hyperkube_checksums:
   arm64:
+    v1.13.5: 8ffd84ba0cb6382a0ff96000458db8a83c92cac09458defe8496f0f0e155a6a8
     v1.13.4: b9e909e388634d103fe5376aafa313bed5e69293383b0c740de4fe8e18d42d12
     v1.13.3: 588037923b7f4090f5f7a3de23ea49a10345295f0b39bd0c1ebdaa24eaa76731
     v1.13.2: 7f2c2b0c6dcc81102a89fa41957db214416fc8a0cfae664fc0e150a7d3ad337b
@@ -89,6 +90,7 @@ hyperkube_checksums:
     v1.11.1: 43be988ec21bc34c0d1a838098b542016199e4f42466fdf8b0edb26718a1338f
     v1.11.0: 1422f67530888947cc5a7e71a12757ef496efa91cf68888a315d4803cc414294
   amd64:
+    v1.13.5: 1a8a357ebfeab8ec62d0c6f11b59df1a93d6711c3a16e1501da32b55c144c73a
     v1.13.4: 6f2d755a350efec8b3b29e0ddf8362f60475cc10d42dea37f8f2159f7776867b
     v1.13.3: b238c772b5e4b9deed0cdc695fe86324660d037b38c6d6d7eeae7d7a657840c7
     v1.13.2: f159b587ec80ad03bf3b9bb09de5d64b773d01b0e34f2a4f1c816879c56aae6d
@@ -108,6 +110,7 @@ hyperkube_checksums:
     v1.11.0: 7e191c164dc2c942abd37e4b50846e0be31ca959afffeff6b034beacbc2a106a
 kubeadm_checksums:
   arm64:
+    v1.13.5: 59a1995c171e5c1e74f5d02657eb2c155706f2d159ec1847b64dc866228c40d2
     v1.13.4: 4de71d4cfa4dc64127148d48f3a1a1fa7ea24cf0c4fa42957459d0e7f9c03799
     v1.13.3: bef1cbc2d199d32a1a31e70b864dc539b24e3c1cb87b50a1295cf03bec4832b0
     v1.13.2: 08279a3bfeff8c4f6768d6fd92ceff8276a555f9e81bf9d541112fc8eb29963e
@@ -126,6 +129,7 @@ kubeadm_checksums:
     v1.11.1: 6d7c7d5d4b8295ebe18aa2e9fb29917018e41628390909d0de6accbd0f2d56f5
     v1.11.0: f61d9bacdb8306c7e8662010817e0f9d2f380aeb87b2b0fe7801e83843b83d0e
   amd64:
+    v1.13.5: 274bf887039a9993e30f96047a4a474c39e8471c4094acb75aea6beed793f079
     v1.13.4: c4300d1f3ebccad48c8e267e45a736c7d227b0e45ef36582fa8dcfe2ef7b1b10
     v1.13.3: ab767ea53e45aceba628977ef6c8c62eace72d6d232efeaf35ac50cbea5f3739
     v1.13.2: 7cb0ce57c1e6e2d85e05de3780a2f35a191fe93f89cfc5816b424efcf39834b9

roles/etcd/handlers/backup.yml

@@ -52,7 +52,7 @@
     ETCDCTL_API: 3
     ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
     ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
-    ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
   retries: 3
   register: etcd_backup_v3_command
   until: etcd_backup_v3_command.rc == 0

roles/kubernetes-apps/ansible/tasks/kubedns.yml

@@ -1,18 +1,19 @@
 ---
 
 - name: Kubernetes Apps | Lay Down KubeDNS Template
-  template:
-    src: "{{ item.file }}.j2"
+  action: "{{ item.module }}"
+  args:
+    src: "{{ item.file }}{% if item.module == 'template' %}.j2{% endif %}"
     dest: "{{ kube_config_dir }}/{{ item.file }}"
   with_items:
-    - { name: kube-dns, file: kubedns-sa.yml, type: sa }
-    - { name: kube-dns, file: kubedns-config.yml, type: configmap }
-    - { name: kube-dns, file: kubedns-deploy.yml, type: deployment }
-    - { name: kube-dns, file: kubedns-svc.yml, type: svc }
-    - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: dns-autoscaler, file: dns-autoscaler.yml, type: deployment }
+    - { name: kube-dns, module: template, file: kubedns-sa.yml, type: sa }
+    - { name: kube-dns, module: template, file: kubedns-config.yml, type: configmap }
+    - { name: kube-dns, module: template, file: kubedns-deploy.yml, type: deployment }
+    - { name: kube-dns, module: template, file: kubedns-svc.yml, type: svc }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-sa.yml, type: sa }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
+    - { name: dns-autoscaler, module: template, file: dns-autoscaler.yml, type: deployment }
   register: kubedns_manifests
   when:
     - dns_mode in ['kubedns','dnsmasq_kubedns']

roles/kubernetes/master/tasks/kubeadm-setup.yml

@@ -63,10 +63,10 @@
       {% endif %}
       {{ hostvars[host]['ip'] | default(fallback_ips[host]) }}
       {%- endfor %}
-      {%- if supplementary_addresses_in_ssl_keys is defined -%}
+      {% if supplementary_addresses_in_ssl_keys is defined -%}
       {% for addr in supplementary_addresses_in_ssl_keys %}
       {{ addr }}
-      {%- endfor %}
+      {% endfor %}
       {%- endif %}
   tags: facts
 

roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2

@@ -25,6 +25,12 @@ spec:
         memory: {{ nginx_memory_requests }}
     securityContext:
       privileged: true
+    {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: {{ nginx_kube_apiserver_healthcheck_port }}
+    {% endif -%}
     volumeMounts:
     - mountPath: /etc/nginx
       name: etc-nginx

roles/kubernetes/node/templates/nginx.conf.j2

@@ -12,7 +12,7 @@ stream {
             least_conn;
             {% for host in groups['kube-master'] -%}
             server {{ hostvars[host]['access_ip'] | default(hostvars[host]['ip'] | default(fallback_ips[host])) }}:{{ kube_apiserver_port }};
-            {% endfor %}
+            {% endfor -%}
         }
 
         server {
@@ -22,5 +22,16 @@ stream {
             proxy_connect_timeout 1s;
 
         }
+}
 
+http {
+        {% if nginx_kube_apiserver_healthcheck_port is defined -%}
+        server {
+            listen {{ nginx_kube_apiserver_healthcheck_port }};
+            location /healthz {
+              access_log off;
+              return 200;
+            }
+        }
+        {% endif -%}  
 }

roles/kubespray-defaults/defaults/main.yaml

@@ -12,7 +12,7 @@ is_atomic: false
 disable_swap: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.13.4
+kube_version: v1.13.5
 
 ## Kube Proxy mode One of ['iptables','ipvs']
 kube_proxy_mode: ipvs
@@ -63,7 +63,7 @@ enable_nodelocaldns: False
 nodelocaldns_ip: 169.254.25.10
 
 # Should be set to a cluster IP if using a custom cluster DNS
-# manual_dns_server: 10.x.x.x
+manual_dns_server: ""
 
 # Can be docker_dns, host_resolvconf or none
 resolvconf_mode: docker_dns

roles/network_plugin/calico/defaults/main.yml

@@ -35,10 +35,10 @@ calicoctl_memory_requests: 32M
 calicoctl_cpu_requests: 250m
 
 # Enable Prometheus Metrics endpoint for felix
-calico_felix_prometheusmetricsenabled: "false"
+calico_felix_prometheusmetricsenabled: false
 calico_felix_prometheusmetricsport: 9091
-calico_felix_prometheusgometricsenabled: "true"
-calico_felix_prometheusprocessmetricsenabled: "true"
+calico_felix_prometheusgometricsenabled: true
+calico_felix_prometheusprocessmetricsenabled: true
 
 ### check latest version https://github.com/projectcalico/calico-upgrade/releases
 calico_upgrade_enabled: true

tests/files/gce_centos7-multus-calico.yml

@@ -1,7 +1,7 @@
 # Instance settings
 cloud_image_family: centos-7
 cloud_region: us-central1-c
-cloud_machine_type: "n1-standard-1"
+cloud_machine_type: "n1-standard-2"
 mode: default
 
 # Deployment settings

tests/files/gce_coreos-kube-router.yml

@@ -1,6 +1,7 @@
 # Instance settings
 cloud_image_family: coreos-stable
 cloud_region: us-central1-c
+cloud_machine_type: "n1-standard-2"
 mode: default
 startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
 

tests/files/gce_ubuntu-flannel-ha.yml

@@ -1,7 +1,7 @@
 # Instance settings
 cloud_image_family: ubuntu-1604-lts
 cloud_region: us-central1-b
-cloud_machine_type: "n1-standard-1"
+cloud_machine_type: "n1-standard-2"
 mode: ha
 
 # Deployment settings

tests/files/gce_ubuntu-kube-router-sep.yml

@@ -1,6 +1,7 @@
 # Instance settings
 cloud_image_family: ubuntu-1604-lts
 cloud_region: us-central1-c
+cloud_machine_type: "n1-standard-2"
 mode: separate
 
 # Deployment settings