Fixup federation deployment Add idempotency Bump to kubefed v1.7.3 Improve accuracy when checking if resources are set Change-Id: Ia68cc13b6f592998620396d3dc358b01187af970

commit: 998c970994b278c702060d68e7a819e96ec7d6aa [log] [tgz]
author: Matthew Mosesohn <mmosesohn@mirantis.com> Thu Sep 14 19:33:20 2017 +0300
committer: Matthew Mosesohn <mmosesohn@mirantis.com> Thu Sep 14 19:33:20 2017 +0300
tree: 293c74d9b5c1bea4e4445176368ba6e8b7b8a00f
parent: 7059e35e01f3312b5681de7a250eb8e06aed27e5 [diff]
diff --git a/kubernetes/master/federation.sls b/kubernetes/master/federation.sls
index 2becd61..49f7c5a 100644
--- a/kubernetes/master/federation.sls
+++ b/kubernetes/master/federation.sls

@@ -6,7 +6,7 @@
   archive.extracted:
     - name: /tmp/kubernetes-client
     - source: {{ master.federation.source }}
-    {%- if {{ master.federation.get('hash') }} %}
+    {%- if master.federation.get('hash') %}
     - source_hash: sha256={{ master.federation.hash }}
     {%- endif %}
     - tar_options: xzf
@@ -56,10 +56,11 @@
 
 kubefed_init:
   cmd.run:
-  - name: kubefed init {{ master.federation.name }} --host-cluster-context=local --kubeconfig=/etc/kubernetes/federation/federation.kubeconfig --federation-system-namespace={{ master.federation.namespace }} --api-server-service-type={{ master.federation.service_type }} --etcd-persistent-storage=false  --dns-provider={{ master.federation.dns_provider }} --dns-provider-config=/etc/kubernetes/federation/dns.conf --dns-zone-name={{ master.federation.name }} --image={{ common.hyperkube.image }}
+  - name: kubefed init {{ master.federation.name }} --host-cluster-context=local --kubeconfig=/etc/kubernetes/federation/federation.kubeconfig --federation-system-namespace={{ master.federation.namespace }} --api-server-service-type={{ master.federation.service_type }} --api-server-advertise-address={{ master.apiserver.vip_address }} --etcd-persistent-storage=false  --dns-provider={{ master.federation.dns_provider }} --dns-provider-config=/etc/kubernetes/federation/dns.conf --dns-zone-name={{ master.federation.name }} --image={{ common.hyperkube.image }}
   - require:
     - file: /usr/bin/kubefed
     - file: /etc/kubernetes/federation/federation.kubeconfig
+  - timeout: 120
   - unless: kubectl get namespace {{ master.federation.namespace }}
   {%- if grains.get('noservices') %}
   - onlyif: /bin/false
@@ -92,31 +93,32 @@
 # Assumes the following:
 # * Pillar data master.federation.childclusters is populated
 # * kubeconfig data for each cluster exists in /etc/kubernetes/federation/federation.kubeconfig
-{%- if master.federation.get('childclusters') }
+{%- if master.federation.get('childclusters') %}
 {%- for childcluster in master.federation.childclusters %}
 
-federation_verify_kubeconfig_{{ childcluster }}:
+federation_set_insecure_{{ childcluster }}:
   cmd.run:
-  - name: kubectl config get-contexts -o name | grep {{ childcluster }}
+  - name: kubectl config set-cluster {{ childcluster }} --insecure-skip-tls-verify=true
   - env:
     - KUBECONFIG: /etc/kubernetes/federation/childclusters.kubeconfig
   - require:
     - cmd: kubefed_init
   {%- if grains.get('noservices') %}
   - onlyif: /bin/false
+  {%- else %}
+  - unless: kubectl --context {{ childcluster }} config view --minify | egrep "insecure-skip-tls-verify. true"
   {%- endif %}
-
+   
 federation_join_cluster_{{ childcluster }}:
   cmd.run:
-  - name: kubefed join {{ childcluster }} --host-cluster-context=local --context={{ master.federation.name }}
+  - name: kubefed join {{ childcluster }} --host-cluster-context={{ common.cluster_name }} --context={{ master.federation.name }}
   - env:
-    - KUBECONFIG: /etc/kubernetes/federation.kubeconfig
+    - KUBECONFIG: /etc/kubernetes/federation/childclusters.kubeconfig:/etc/kubernetes/federation/federation.kubeconfig
   - require:
-    - cmd: verify_kubeconfig_{{ childcluster }}
-  - unless: kubectl get clusters | grep {{ childcluster }}
+    - cmd: federation_set_insecure_{{ childcluster }}
+  - unless: kubectl --context {{ master.federation.name }} get clusters | grep {{ childcluster }}
 
 {%- endfor %}
 {%- endif %}
 
 {%- endif %}
-

diff --git a/metadata/service/master/cluster.yml b/metadata/service/master/cluster.yml
index f267e5e..a33d788 100644
--- a/metadata/service/master/cluster.yml
+++ b/metadata/service/master/cluster.yml

@@ -62,7 +62,7 @@
         enabled: False
         name: federation
         namespace: federation-system
-        source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
-        hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
+        source: https://dl.k8s.io/v1.7.3/kubernetes-client-linux-amd64.tar.gz
+        hash: 8d66c7912914ac9add514e660fdc8c963b748a7c588c43a14533157a9f0e1c92
         service_type: NodePort
         dns_provider: coredns

diff --git a/metadata/service/master/single.yml b/metadata/service/master/single.yml
index 61464f7..cf71666 100644
--- a/metadata/service/master/single.yml
+++ b/metadata/service/master/single.yml

@@ -84,7 +84,7 @@
         enabled: False
         name: federation
         namespace: federation-system
-        source: https://dl.k8s.io/v1.6.6/kubernetes-client-linux-amd64.tar.gz
-        hash: 94b2c9cd29981a8e150c187193bab0d8c0b6e906260f837367feff99860a6376
+        source: https://dl.k8s.io/v1.7.3/kubernetes-client-linux-amd64.tar.gz
+        hash: 8d66c7912914ac9add514e660fdc8c963b748a7c588c43a14533157a9f0e1c92
         service_type: NodePort
         dns_provider: coredns
commit	998c970994b278c702060d68e7a819e96ec7d6aa	[log] [tgz]
author	Matthew Mosesohn <mmosesohn@mirantis.com>	Thu Sep 14 19:33:20 2017 +0300
committer	Matthew Mosesohn <mmosesohn@mirantis.com>	Thu Sep 14 19:33:20 2017 +0300
tree	293c74d9b5c1bea4e4445176368ba6e8b7b8a00f
parent	7059e35e01f3312b5681de7a250eb8e06aed27e5 [diff]