scl/kubespray
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: scl:v2.9.0
Branches Tags
scl:master scl:release-2.25 scl:release-2.24 scl:reduce-vm-requests scl:packet-test scl:lean/pre-commit-hook-2 scl:test-CI scl:update-approvers-ant31 scl:test-precommit scl:release-2.23 scl:release-2.22 scl:release-2.21 scl:release-2.20 scl:release-2.19 scl:release-2.18 scl:pre-commit-hook scl:floryut-patch-1 scl:release-2.17 scl:release-2.16 scl:release-2.15 scl:release-2.14 scl:release-2.13 scl:release-2.12 scl:release-2.11 scl:release-2.10 scl:release-2.8 scl:release-2.9 scl:release-2.7
scl:v2.24.2 scl:v2.25.0 scl:v2.24.1 scl:v2.22.2 scl:v2.23.3 scl:v2.24.0 scl:v2.23.2 scl:v2.23.1 scl:v2.23.0 scl:v2.22.1 scl:v2.22.0 scl:v2.21.0 scl:v2.20.0 scl:v2.19.1 scl:v2.18.2 scl:v2.19.0 scl:v2.18.1 scl:v2.18.0 scl:v2.17.1 scl:v2.17.0 scl:v2.16.0 scl:v2.15.1 scl:v2.15.0 scl:v2.14.2 scl:v2.14.1 scl:v2.12.10 scl:v2.13.4 scl:v2.14.0 scl:v2.13.3 scl:v2.12.9 scl:v2.12.8 scl:v2.12.7 scl:v2.13.2 scl:v2.13.1 scl:v2.13.0 scl:v2.12.6 scl:v2.12.5 scl:v2.12.4 scl:v2.11.2 scl:v2.11.1 scl:v2.12.3 scl:v2.12.2 scl:v2.12.1 scl:v2.12.0 scl:v2.11.0 scl:v2.10.4 scl:v2.10.3 scl:v2.10.0 scl:v2.8.5 scl:v2.9.0 scl:v2.8.4 scl:v2.8.3 scl:v2.8.2 scl:v2.8.1 scl:v2.8.0 scl:v2.7.0 scl:v2.6.0 scl:v2.5.0 scl:v2.4.0 scl:v2.3.0 scl:v2.2.1 scl:v2.2.0 scl:v2.1.2 scl:v2.1.1 scl:test-tag-1 scl:v2.1.0 scl:v2.0.1 scl:v2.0.0 scl:v1.1.0 scl:v1.0.1 scl:v1.0.0 scl:1.5.0 scl:1.4.0 scl:1.3.0_k1.1.3 scl:1.3.0 scl:v1.1.3 scl:v1.1 scl:v1.0
...
compare: scl:v2.10.0
Branches Tags
scl:release-2.25 scl:master scl:release-2.24 scl:reduce-vm-requests scl:packet-test scl:lean/pre-commit-hook-2 scl:test-CI scl:update-approvers-ant31 scl:test-precommit scl:release-2.23 scl:release-2.22 scl:release-2.21 scl:release-2.20 scl:release-2.19 scl:release-2.18 scl:pre-commit-hook scl:floryut-patch-1 scl:release-2.17 scl:release-2.16 scl:release-2.15 scl:release-2.14 scl:release-2.13 scl:release-2.12 scl:release-2.11 scl:release-2.10 scl:release-2.8 scl:release-2.9 scl:release-2.7
scl:v2.24.2 scl:v2.25.0 scl:v2.24.1 scl:v2.22.2 scl:v2.23.3 scl:v2.24.0 scl:v2.23.2 scl:v2.23.1 scl:v2.23.0 scl:v2.22.1 scl:v2.22.0 scl:v2.21.0 scl:v2.20.0 scl:v2.19.1 scl:v2.18.2 scl:v2.19.0 scl:v2.18.1 scl:v2.18.0 scl:v2.17.1 scl:v2.17.0 scl:v2.16.0 scl:v2.15.1 scl:v2.15.0 scl:v2.14.2 scl:v2.14.1 scl:v2.12.10 scl:v2.13.4 scl:v2.14.0 scl:v2.13.3 scl:v2.12.9 scl:v2.12.8 scl:v2.12.7 scl:v2.13.2 scl:v2.13.1 scl:v2.13.0 scl:v2.12.6 scl:v2.12.5 scl:v2.12.4 scl:v2.11.2 scl:v2.11.1 scl:v2.12.3 scl:v2.12.2 scl:v2.12.1 scl:v2.12.0 scl:v2.11.0 scl:v2.10.4 scl:v2.10.3 scl:v2.10.0 scl:v2.8.5 scl:v2.9.0 scl:v2.8.4 scl:v2.8.3 scl:v2.8.2 scl:v2.8.1 scl:v2.8.0 scl:v2.7.0 scl:v2.6.0 scl:v2.5.0 scl:v2.4.0 scl:v2.3.0 scl:v2.2.1 scl:v2.2.0 scl:v2.1.2 scl:v2.1.1 scl:test-tag-1 scl:v2.1.0 scl:v2.0.1 scl:v2.0.0 scl:v1.1.0 scl:v1.0.1 scl:v1.0.0 scl:1.5.0 scl:1.4.0 scl:1.3.0_k1.1.3 scl:1.3.0 scl:v1.1.3 scl:v1.1 scl:v1.0

123 Commits
v2.9.0 ... v2.10.0

Author SHA1 Message Date
Christoffer Anselm
dcd9c9509b Add etcd role dependency on kube user to avoid etcd role failure when running scale.yml with a fresh node. (#3240) (#4479) 2019-04-30 04:01:36 -07:00
Matthew Mosesohn
15eb7db36d Fix k8s api endpoint for secondary nodes in control plane mode (#4675) 
Change-Id: I1588458b54c52443ad8d0afbd266f77ac0afea67
 2019-04-29 07:50:24 -07:00
Matthew Mosesohn
a5b46bfc8c Run dns_late preinstall tasks on all k8s nodes (#4672) 
* Run dns_late preinstall tasks on all k8s nodes

Related issue: #4656

Change-Id: I63f8559ef1a497b7580ab084561e6603fe647834

* Fix ansible-lint

Change-Id: Ia5b33fa63dbc36d8c3e9557ef3f2ea02af2325a5

* Fix recover_control_plane lint issues

Change-Id: I16643a3193c11b6ba704e9698812cac7e4fd19a8
 2019-04-29 05:12:21 -07:00
Youngchul Bang
fbba259933 ingress-nginx: enable --report-node-internal-ip-address flag (#4114) 
Close #4113
 2019-04-29 01:44:22 -07:00
Florent Monbillard
7b77e2d232 Remove docker-storage-setup dependency if not needed (#4077) 
When docker_container_storage_setup is false,
docker service should not depend on docker-storage-setup service,
because it's not installed.

For example, when using overlay2 on recent RHEL 7/Centos 7 kernels,
you most likely don't need it.
 2019-04-29 01:42:22 -07:00
qvicksilver
48a182844c Documentation and playbook for recovering control plane from node failure (#4146) 2019-04-29 01:40:20 -07:00
MarkusTeufelberger
9335cdcebc ansible-lint: Add exception for invocation of "rm" (#4609) 2019-04-29 01:34:20 -07:00
Andreas Krüger
38af93b60c Remove rkt support (#4671) 2019-04-29 01:14:20 -07:00
Matthew Mosesohn
741de6051c Fix nodeselectors for contiv and nginx-ingress (#4662) 
* Fix nodeselectors for contiv and nginx-ingress

Change-Id: Ib3eb6bd87193c69a90ee944c9164a0b6792c79ba

* Set kube proxy mode to iptables for addons task

Change-Id: Iff71a71f672405c74b4708c71db15ddc4391a53a
 2019-04-28 23:36:19 -07:00
Dmitry
b8f0de3074 Fixed etcd-servers-overrides in kubeadm config (#4668) 
* kube-apiserver will fail if used comma as separator
 2019-04-28 23:02:20 -07:00
MarkusTeufelberger
88d919337e ansible-lint: don't compare to empty string [E602] (#4665) 2019-04-28 23:00:20 -07:00
Jiang Yi Tao
f518b90c6b associate fips for masters with no etcd (#4657) 2019-04-28 22:58:20 -07:00
Maxime Guyot
d5c33e6d6c Refactor test cases (#4655) 2019-04-28 22:56:19 -07:00
Matthew Mosesohn
338eb4ce65 Fix kubeadm upload certs with when condition (#4659) 
* Fix kubeadm upload certs with when condition

Change-Id: I916dd2375b71eea2386047c7f185a2f8361f7a61

* Update kubeadm-secondary-experimental.yml
 2019-04-27 01:14:20 -07:00
Matthew Mosesohn
009e208bcd Remove RHEL from packet deploy (#4661) 
Change-Id: I131d77bb9d16cc0f252dd86166c29f72daa9a64a
 2019-04-26 09:56:29 -07:00
Matthew Mosesohn
81e6877b02 Make cilium tests pass (#4660) 
Cilium requires a high kernel. rhel7 and centos7 are too low, so they are removed.
Bumping ubuntu to ubuntu-1804

Change-Id: Ib1bffa45b8f9ed0ba500f751714372b3a3f7878b
 2019-04-26 05:54:37 -07:00
Andreas Krüger
3722acee85 Fix broken metrics-server deployment not starting (#4651) 
* Fix metrics-server deployment

* Make metrics server work

* Fix sample inventory
 2019-04-26 00:44:26 -07:00
Maxime Guyot
a4a35f8a4f Git checkout a specific version for testing upgrades (#4653) 2019-04-25 05:24:46 -07:00
grialeyur
82119ca923 Add support calico kubernetes datastore and typha. (#4498) 
* Add support calico kubernetes datastore and typha.

* Add typha_enabled to kubespray-defaults.
 2019-04-25 05:00:48 -07:00
gitareest
6ca2019002 Fix issue with etcd arm host installation case (#4589) 
Use host_architecture variable.
 2019-04-25 04:58:47 -07:00
Maxime Guyot
53e3463b5a Fix GCE tests with undefined CI_PLATFORM (#4650) 2019-04-25 04:20:47 -07:00
Matthew Mosesohn
c9ed5f69d7 Prepend docker.io for all docker hub images (#4648) 
Change-Id: I71dc793641bc168e40419e38f33f68f5325e77a9
 2019-04-25 01:34:46 -07:00
Maxime Guyot
696d481e3b Fix dynamic inventory parsing in contrib/tf/packet (#4645) 2019-04-25 00:40:46 -07:00
Maxime Guyot
f5a83ceded Fix typo in test-infra playbook (#4644) 2019-04-24 13:34:46 -07:00
Andreas Krüger
3fe66a1298 Update downloads role to download to correct group (#4638) 2019-04-24 10:48:03 -07:00
Maxime Guyot
6af1f65d3c Fix python syntax in Terraform dynamic inventory (#4643) 2019-04-24 10:34:04 -07:00
Sergey Kolekonov
4a10dca7d4 Add an ability to provide oidc cert in base64 (#4618) 2019-04-24 09:40:01 -07:00
Matthew Mosesohn
4d57ed314d Clean up check for setting kubeadm certificate key (#4634) 
Change-Id: I2c97c4753089eb3ec2e6b01b2681a8be98ecbb57
 2019-04-24 07:14:12 -07:00
Andreas Krüger
86d0e12695 Add missing comma (#4636) 2019-04-24 07:10:02 -07:00
iwankgb
4e81bcc147 Fixing Vagrant cluster provisioning (#4218) 
* Pass ansible_ssh_user as host_var

Co-authored-by: Damian Darczuk <damian.darczuk@intel.com>
Co-authored-by: Paweł Pałucki <pawel.palucki@intel.com>

* Create a directory before downloading container images to ansible host

Co-authored-by: Damian Darczuk <damian.darczuk@intel.com>
Co-authored-by: Paweł Pałucki <pawel.palucki@intel.com>

* Set private key usuing synchronize task options

Co-authored-by: Damian Darczuk <damian.darczuk@intel.com>
Co-authored-by: Paweł Pałucki <pawel.palucki@intel.com>
 2019-04-24 05:42:05 -07:00
andreyshestakov
691baf5b14 Calico fix (#4540) 
* Mark "Calico | Set global as_num" as "unchanged"

This command executes with "--skip-exists" parameter, so it is idempotent
and should not be marked as "changed".

* trigger ci
 2019-04-24 05:40:01 -07:00
Attilio Greco
6243467856 remove duble check for run this task just one time (#4613) 2019-04-24 05:38:01 -07:00
Andreas Krüger
3c5a4474ac Increase ansible-lint speed (#4632) 2019-04-24 05:28:00 -07:00
Maxime Guyot
01da65252b Reduce VM size for Packet CI (#4630) 2019-04-24 04:30:04 -07:00
Andreas Krüger
f3e7615bef Switch deploy-part1 AIO job to Calico (#4628) 
* Switch deploy-part1 AIO job to Calico

* Cleanup file

* Remove newline at end
 2019-04-24 03:32:04 -07:00
Vincent Gramer
f47a666227 support azure loadbalancer standard sku (#4150) (#4476) 
add the support of the folling property in azure-credential-check.yml
  - azure_loadbalancer_sku: Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
  - azure_exclude_master_from_standard_lb: excludes master nodes from standard load balancer.
  - azure_disable_outbound_snat: disables the outbound SNAT for public load balancer rules
  - useInstanceMetadata: Use instance metadata service where possible
  - azure_primary_availability_set: (Optional) The name of the availability set that should be used as the load balancer backend
 2019-04-24 02:14:01 -07:00
Wilmar den Ouden
b708db4cd5 Update to v1.14.1 (#4481) 2019-04-24 02:08:01 -07:00
Maxime Guyot
a3144e7e21 Test with minimum requirements (#4615) 2019-04-24 02:02:03 -07:00
Maxime Guyot
683efc5698 Move on_success test to deploy-part2 (#4627) 2019-04-24 01:42:04 -07:00
Maxime Guyot
38a3075025 Always rebase on master before running a job (#4616) 2019-04-24 01:38:01 -07:00
Matthew Mosesohn
fc072300ea Purge legacy cleanup tasks from older than 1 year (#4450) 
We don't need to support upgrades from 2 year old installs,
just from the last major version.

Also changed most retried tasks to 1s delay instead of longer.
 2019-04-24 00:08:05 -07:00
Chad Swenson
d25ecfe1c1 Update Docker defaults to 18.09.5 and drop deprecated (#4624) 
As of kubernetes v1.14, docker 18.09 is [validated for use](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md#external-dependencies). Docker 1.11 and 1.12 were dropped.

This patch:
- Updates the default docker version to 18.09
- Updates Docker packages to the latest 18.09 patch (18.09.5)
- Removes options for Docker 1.11 and 1.12
 2019-04-23 22:24:01 -07:00
Maxime Guyot
37d98e79ec Pin Terraform provider versions (#4620) 2019-04-23 22:22:01 -07:00
MarkusTeufelberger
a65605b17a ansible-lint: Don't use bare variables (#4608) 
Circumvented one false positive from ansible-lint
Moved a block of jinja magic into its own variable
 2019-04-23 22:20:00 -07:00
MarkusTeufelberger
424e59805f ansible-lint: Fix commands that are also available as module (#4619) 2019-04-23 22:18:00 -07:00
Maxime Guyot
6df8111cd4 Merge 020_check and 030_check (#4623) 
* Merge 020_check and 030_check

* Fix pods output and fail if test pods is not ready
 2019-04-23 16:12:00 -07:00
MarkusTeufelberger
76db060afb Define and implement specs for bootstrap-os (#4455) 
* Add README to bootstrap-os role

* Rework bootstrap-os once more

* Document workarounds for bugs/deficiencies in Ansible modules
* Unify and document role variables
* Remove installation of additional packages and repositories
* Merge Ubuntu and Debian tasks
* Remove pipelining setting from default playbooks
* Fix OpenSUSE not running its required tasks
 2019-04-23 15:46:02 -07:00
Andreas Krüger
d588532c9b Update probe timeouts, delays etc. (#4612) 
* Fix merge conflict

* Add check delay

* Add more liveness and readiness options to metrics-server
 2019-04-23 14:46:02 -07:00
Matthew Mosesohn
d6d7458d68 Fix control plane setup without a hardcoded key (#4610) 2019-04-23 14:37:59 -07:00
Maxime Guyot
228b244c84 Move inline shell into script files (#4604) 2019-04-23 13:36:03 -07:00
Matthew Mosesohn
d89ecb8308 disable metrics server and fix terraform (#4617) 
* disable metrics server in centos7-flannel-addons job

Change-Id: I1d87923547584896f64dda9ea8feb5581ad48cbe

* Fix tf facility->facilities syntax

Change-Id: I434bfe53f47e8e4a546890e0b62d24bde6e6d6a7

* Update Terraform CI for facilities

* Fix undefined variable error
 2019-04-23 12:06:03 -07:00
Maxime Guyot
50751bb610 Revert "Optimize kube resources creation (#4572)" (#4621) 
This reverts commit f8fdc0cd93.
 2019-04-23 20:37:23 +03:00
Justin Chao
64f48bf84c Update ansible.md (#4599) 
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_host.

Updating the docs to be more aligned with the Ansible version used in the sample/inventory.ini file as well.
Also adding `[bastion]` group in the docs to avoid confusion.
 2019-04-22 23:36:09 -07:00
andreyshestakov
f8fdc0cd93 Optimize kube resources creation (#4572) 2019-04-22 23:34:10 -07:00
Matthew Mosesohn
09fe95bc60 Avoid creating k8s cert dir on non-k8s nodes (#4602) 2019-04-21 15:27:43 -07:00
Victor Morales
ada5941a70 Unmask Docker service in ClearLinux (#4583) 
The docker service provided by the containers-basic bundle is masked
in ClearLinux distribution. This is causing errors in the following
steps. This commit ensures that the unit is not masked.
 2019-04-21 07:31:43 -07:00
Maxime Guyot
88fe3403ce Add overcommitment for CPU in Packet CI playbook (#4597) 2019-04-21 02:27:44 -07:00
Maxime Guyot
04f2682ac6 Drop unused dynamic inventory functions (#4138) 2019-04-21 01:59:45 -07:00
rptaylor
873b5608cf add master_allowed_remote_ips (with terraform fmt) (#4022) 2019-04-21 01:57:44 -07:00
Maxime Guyot
12086744e0 Update docs for inventory_builder (#4581) 2019-04-20 11:09:45 -07:00
Vedran Bartonicek
33ab615072 Wait longer for node to join the cluster (#4549) 2019-04-20 07:05:40 -07:00
Maxime Guyot
f696d7abee Simplify syntax-check CI job (#4585) 2019-04-20 06:37:40 -07:00
Rabi Mishra
5a1cf19278 Install cri-tools on fedora (#4350) 2019-04-20 06:29:40 -07:00
Maxime Guyot
416e65509b Add documentation about CPU arch compatibility (#4302) 2019-04-20 06:27:40 -07:00
Maxime Guyot
4de6a78e26 Fix CI for packet_centos7-flannel-addons (#4586) 2019-04-20 06:21:40 -07:00
Maxime Guyot
026088deea Re-Add docker:dind for Packet CI (#4567) 2019-04-20 06:19:40 -07:00
Maxime Guyot
f142e671b3 Cleanup references to Travis CI (#4208) 
Broken since 4efb0b7
 2019-04-20 06:17:40 -07:00
Maxime Guyot
2f49b6caa8 Use yamllint --strict (#4587) 2019-04-20 06:15:41 -07:00
Maxime Guyot
50c86919dc Packet CI: Increasing the time wiating for IP to be assigned (#4584) 2019-04-20 06:13:40 -07:00
Maxime Guyot
781cc00cc4 Add a testcase to check that pods are running (#4555) 2019-04-20 06:11:40 -07:00
Matthew Mosesohn
05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) 
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
 2019-04-19 06:01:54 -07:00
Aleksey Kasatkin
d0e628911c Add sha256 hashes for calicoctl v3.6.1 (#4580) 
Hashes are added to calicoctl_binary_checksums for both adm and arm platforms.
 2019-04-19 05:45:55 -07:00
Andreas Krüger
656633f784 YAMLLint everything (#4576) 2019-04-18 23:59:54 -07:00
Maxime Guyot
530e1c329d Add shellcheck CI (#4562) 2019-04-18 23:57:54 -07:00
Victor Morales
f5aec8add4 Fix runc absolute path (#4542) 
The BINDIR variable defined on the runc's Makefile[1] defines
installation path is on $(PREFIX)/sbin which used for most of the
Linux distributions. This change fixes the absolute path used for
non-ClearLinux distributions (CentOS, Ubuntu).

[1] https://github.com/opencontainers/runc/blob/master/Makefile#L10
 2019-04-18 15:41:58 -07:00
Maxime Guyot
f92309bfd0 Fix ansible-lint for ceph package (#4568) 2019-04-18 13:45:25 -07:00
Maxime Guyot
ef10feb26f Comment loadbalancer_* settings in sample inventory (#4566) 2019-04-18 04:20:10 -07:00
Victor Morales
c6586829de Ensure /etc/bash_completion.d/ folder exists (#4543) 
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.

[1] https://clearlinux.org/features/stateless
 2019-04-18 02:24:10 -07:00
johnstudarus
b103385678 added missing sidebar link to Packet doc (#4513) 2019-04-18 02:22:10 -07:00
Maxime Guyot
848191e97a Enable working Packet CI jobs and delay GCE CI (#4559) 2019-04-18 01:50:09 -07:00
MarkusTeufelberger
04e3fb6a5a Fix ansible-lint error 103 (#4511) 2019-04-18 01:42:10 -07:00
Maxime Guyot
b218e17f44 ansible-lint: E403 Package installs should not use latest (#4500) 2019-04-18 01:34:08 -07:00
Maxime Guyot
bba6d0c613 Fix CI link (#4521) 2019-04-18 01:12:08 -07:00
Maxime Guyot
49af1f9969 Fix ansible-lint e601 in create-vms (#4561) 2019-04-17 10:46:10 -07:00
Maxime Guyot
a6dc50e7cb Add host information for canal readiness probe (#4548) 2019-04-17 10:22:02 -07:00
Maxime Guyot
f69b5f7f33 Upgrade to Ansible 2.7.8 (#4535) 2019-04-17 10:18:05 -07:00
Maxime Guyot
37eac010c8 ansible-lint: Don’t compare to literal True/False (#4499) 2019-04-17 08:42:03 -07:00
Andreas Krüger
d4b9f15c0a PHASE 2 - Enable Packet-CI in gitlab and move unit-tests and deploy-part1 (#4538) 
* PHASE 2 - Enable Packet-CI in gitlab

* Add gitlab files

* Reset files back and only keep Packet

* Include packet

* Add missing Upgrade Tests

* Update GCE jobs etc

* Fix bug

* Yaml lint all gitlab files

* Remove GCE

* Test

* Test again

* Enable GCE again

* Install requirements

* Cleanup the gitlab file

* Cleanup runner tags

* Install requirements

* Test

* Test variables for gce

* Test again

* Test again

* Fix

* Update
 2019-04-17 08:32:03 -07:00
Maxime Guyot
ec3daedf9e Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320)" (#4553) 
This reverts commit 586ad89d50.
 2019-04-17 07:58:06 -07:00
Maxime Guyot
1cf76a10db Disable usage of default security group (#4533) 2019-04-17 02:10:03 -07:00
Jugwan Eom
d83181a2be add RBD Provisioner Addon (#3667) (#3668) 
Based on the CephFS Provisioner Addon, the following changes have been made:
 - Upstream v2.1.1-k8s1.11
 - Configurable Provisioner replicas
 2019-04-16 23:14:02 -07:00
Andreas Krüger
b834a28891 PHASE 1 - Add Packet-CI playbook and configuration (#4537) 2019-04-16 14:49:07 -07:00
andreyshestakov
78f6f6b889 Mark "Calico | Set global as_num" as "unchanged" (#4539) 
This command executes with "--skip-exists" parameter, so it is idempotent
and should not be marked as "changed".
 2019-04-16 09:31:11 -07:00
Maxime Guyot
0b02f6593b Split .gitlab-ci.yml into several files (#4519) 2019-04-16 05:35:05 -07:00
Andreas Holmsten
7f1d9ff543 [contrib/terraform/openstack] Add k8s_allowed_remote_ips variable (#4506) 
* Add k8s_allowed_remote_ips variable

Useful for defining CIDRs allowed to initiate a SSH connection when
you don't want to use a bastion.

* Add TF_VAR_k8s_allowed_remote_ips variable to tf-apply-ovh
 2019-04-15 07:22:08 -07:00
Matthew Mosesohn
c5fb734098 Switch calicoctl from a container to a binary (#4524) 2019-04-15 04:24:04 -07:00
Maxime Guyot
d5d3cfd3fa Sanitize the cluster_name variable (#4509) 2019-04-15 04:22:06 -07:00
Maxime Guyot
cc77a8c395 Add logo folders (#4515) 2019-04-12 11:00:47 -07:00
Matthew Mosesohn
d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode (#4317)" (#4510) 
This reverts commit 316508626d.
 2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d Use K8s 1.14 and add kubeadm experimental control plane mode (#4317) 
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
 2019-04-11 05:30:13 -07:00
Maxime Guyot
46ba6a4154 ansible-lint: when lines should not include Jinja2 variables (#4496) 2019-04-11 03:06:10 -07:00
Maxime Guyot
d8cbbc414e Add a PR template (#4491) 2019-04-11 03:04:14 -07:00
Maxime Guyot
ebae491e3f Add several issue templates (#4493) 2019-04-11 03:02:13 -07:00
Maxime Guyot
6f919e5020 Add CI for Ubuntu 18.04 on Packet (#4439) 2019-04-11 00:26:10 -07:00
Andreas Krüger
4ff851b302 Enable nodelocaldns by default (#4461) 
* Enable nodelocaldns by default

* Enable nodelocaldns by default

* nodelocaldns is now default

* Disable enable_nodelocaldns for the addons CI jobs

Disable enable_nodelocaldns for the addons CI jobs to make sure things still work without nodelocaldns
 2019-04-11 00:24:08 -07:00
Qasim Sarfraz
3af90f8772 disable cloud-routes for non-cloud plugin (#4443) 2019-04-10 23:50:09 -07:00
MarkusTeufelberger
cb54d074b5 Fix syntax of yaml in .gitlab-ci.yml file (#4409) 2019-04-10 23:46:10 -07:00
Andreas Krüger
9032e271f1 Upgrade CoreDNS to 1.5.0 (#4494) 2019-04-10 13:40:08 -07:00
Andreas Krüger
15597aa493 Do not force TCP connections to upstreams. (#4492) 2019-04-10 12:40:09 -07:00
Sergey
3b9d13fda9 Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. (#4489) 2019-04-10 12:20:08 -07:00
Andreas Krüger
5e0249ae7c Add HAProxy as internal loadbalancer (#4480) 2019-04-10 05:56:18 -07:00
Remous-Aris Koutsiamanis
27958e4247 Fix "Prevent inventory.py from configuring an even number of nodes in etcd" #4399 (#4465) 
by making clusters with fewer than 3 nodes have only 1 etcd node
 2019-04-10 05:52:14 -07:00
Maxime Guyot
353afa7cb0 Fix ipip: false in calico v3 (#4473) 2019-04-10 05:50:15 -07:00
Maxime Guyot
e865c50574 Fix terraform fmt on contrib/terraform/aws (#4484) 2019-04-10 04:32:14 -07:00
Neven Miculinic
a30ad1e5a5 Added generic CNI network plugin (#4322) 
* Added generic CNI network plugin

* Added CNI network plugin documentation

* added necessary fix
 2019-04-10 04:16:15 -07:00
Robert Neumann
586ad89d50 Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320) 
* Fix the file path for all.yml and k8s-cluster.yml

* Fix --node-labels namespace error "unknown labels specified"

* Update templates and configs kubelet node-labels
 2019-04-10 04:14:12 -07:00
Sidharth Anupkrishnan
6caa639243 Update CoreDNS label as specified in the kubernetes coredns repository (#3920) 2019-04-10 04:12:13 -07:00
Maxime Guyot
80f31818df Add terraform validate for contrib/terraform/aws (#4438) 2019-04-10 02:14:14 -07:00
Maxime Guyot
854cc53fa5 Add CI for contrib/terraform/openstack (#4475) 2019-04-10 02:12:16 -07:00
MarkusTeufelberger
d2a1ac3b0c Add Ansible-lint CI step (#4411) 
* Add ansible-lint as gitlab-ci step

* Fix jinja2 syntax in include_tasks that breaks ansible-lint

* Use a block scalar to get around gitlab quoting/escaping rules

* Run ansible-lint in verbose mode in CI
 2019-04-10 02:04:16 -07:00
Andreas Krüger
a678d1be9d Update CI to use 2.9.0 release and update Dockerfile to now use 18.04 (#4472) 
* Update CI to use 2.9.0 release and update Dockerfile to now use 18.04

* Update CI to use 2.9.0 release and update Dockerfile to now use 18.04

* Update the kubectl bin
 2019-04-09 05:57:06 -07:00
André R. de Miranda
097806dfe8 Added tag kube-proxy (#4272) 
Signed-off-by: André R. de Miranda <andre@miranda.work>
 2019-04-09 05:25:06 -07:00
Abdulaziz AlMalki
7cdf1fd388 quote values for kube_oidc_groups_prefix and kube_oidc_username_prefix values to accept colon, e.g oidc: (#4305) 
This will fix error: error converting YAML to JSON: yaml: line 36: mapping values are not allowed in this context

Signed-off-by: Abdulaziz AlMalki <almalki.a@gmail.com>
 2019-04-09 05:23:06 -07:00
289 changed files with 6217 additions and 2869 deletions
Expand all files Collapse all files

16
.ansible-lint Normal file
View File

@ -0,0 +1,16 @@
---
parseable: true
skip_list:
# see https://docs.ansible.com/ansible-lint/rules/default_rules.html for a list of all default rules
# The following rules throw errors.
# These either still need to be corrected in the repository and the rules re-enabled or they are skipped on purpose.
- '204'
- '206'
- '301'
- '305'
- '306'
- '404'
- '502'
- '503'
- '504'
- '701'

17
.github/ISSUE_TEMPLATE.md → .github/ISSUE_TEMPLATE/bug-report.md vendored
View File

@ -1,16 +1,11 @@
<!-- Thanks for filing an issue! Before hitting the button, please answer these questions.-->
**Is this a BUG REPORT or FEATURE REQUEST?** (choose one):
---
name: Bug Report
about: Report a bug encountered while operating Kubernetes
labels: kind/bug
---
<!--
If this is a BUG REPORT, please:
- Fill in as much of the template below as you can. If you leave out
information, we can't help you as well.
If this is a FEATURE REQUEST, please:
- Describe *in detail* the feature/behavior/change you'd like to see.
In both cases, be ready for followup questions, and please respond in a timely
Please, be ready for followup questions, and please respond in a timely
manner. If we can't reproduce a bug or think a feature already exists, we
might close your issue. If we're wrong, PLEASE feel free to reopen it and
explain why.

11
.github/ISSUE_TEMPLATE/enhancement.md vendored Normal file
View File

@ -0,0 +1,11 @@
---
name: Enhancement Request
about: Suggest an enhancement to the Kubespray project
labels: kind/feature
---
<!-- Please only use this template for submitting enhancement requests -->
**What would you like to be added**:
**Why is this needed**:

20
.github/ISSUE_TEMPLATE/failing-test.md vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: Failing Test
about: Report test failures in Kubespray CI jobs
labels: kind/failing-test
---
<!-- Please only use this template for submitting reports about failing tests in Kubespray CI jobs -->
**Which jobs are failing**:
**Which test(s) are failing**:
**Since when has it been failing**:
**Testgrid link**:
**Reason for failure**:
**Anything else we need to know**:

18
.github/ISSUE_TEMPLATE/support.md vendored Normal file
View File

@ -0,0 +1,18 @@
---
name: Support Request
about: Support request or question relating to Kubespray
labels: triage/support
---
<!--
STOP -- PLEASE READ!
GitHub is not the right place for support requests.
If you're looking for help, check [Stack Overflow](https://stackoverflow.com/questions/tagged/kubespray) and the [troubleshooting guide](https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/).
You can also post your question on the [Kubernetes Slack](http://slack.k8s.io/) or the [Discuss Kubernetes](https://discuss.kubernetes.io/) forum.
If the matter is security related, please disclose it privately via https://kubernetes.io/security/.
-->

44
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,44 @@
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://git.k8s.io/community/contributors/guide#your-first-contribution and developer guide https://git.k8s.io/community/contributors/devel/development.md#development-guide
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. For reference on required PR/issue labels, read here:
https://git.k8s.io/community/contributors/devel/release.md#issue-kind-label
3. Ensure you have added or ran the appropriate tests for your PR: https://git.k8s.io/community/contributors/devel/testing.md
4. If you want *faster* PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews
5. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/guide/release-notes.md
6. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests
-->
**What type of PR is this?**
> Uncomment only one ` /kind <>` line, hit enter to put that in a new line, and remove leading whitespaces from that line:
>
> /kind api-change
> /kind bug
> /kind cleanup
> /kind design
> /kind documentation
> /kind failing-test
> /kind feature
> /kind flake
**What this PR does / why we need it**:
**Which issue(s) this PR fixes**:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
_If PR is about `failing-tests or flakes`, please post the related issues/tests in a comment and do not use `Fixes`_*
-->
Fixes #
**Special notes for your reviewer**:
**Does this PR introduce a user-facing change?**:
<!--
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
```

783
.gitlab-ci.yml
View File

@ -4,6 +4,7 @@ stages:
- moderator
- deploy-part1
- deploy-part2
- deploy-gce
- deploy-special
variables:
@ -27,785 +28,43 @@ variables:
UPGRADE_TEST: "false"
LOG_LEVEL: "-vv"
# asia-east1-a
# asia-northeast1-a
# europe-west1-b
# us-central1-a
# us-east1-b
# us-west1-a
before_script:
- ./tests/scripts/rebase.sh
- /usr/bin/python -m pip install -r tests/requirements.txt
- mkdir -p /.ssh
.job: &job
tags:
- kubernetes
- docker
image: quay.io/kubespray/kubespray:v2.8
.docker_service: &docker_service
services:
- docker:dind
.create_cluster: &create_cluster
<<: *job
<<: *docker_service
.gce_variables: &gce_variables
GCE_USER: travis
SSH_USER: $GCE_USER
CLOUD_MACHINE_TYPE: "g1-small"
CI_PLATFORM: "gce"
PRIVATE_KEY: $GCE_PRIVATE_KEY
.do_variables: &do_variables
PRIVATE_KEY: $DO_PRIVATE_KEY
CI_PLATFORM: "do"
SSH_USER: root
- packet
variables:
KUBESPRAY_VERSION: v2.9.0
image: quay.io/kubespray/kubespray:$KUBESPRAY_VERSION
.testcases: &testcases
<<: *job
<<: *docker_service
cache:
key: "$CI_BUILD_REF_NAME"
paths:
- downloads/
- $HOME/.cache
services:
- docker:dind
before_script:
- docker info
- /usr/bin/python -m pip install -r requirements.txt
- /usr/bin/python -m pip install -r tests/requirements.txt
- mkdir -p /.ssh
- mkdir -p $HOME/.ssh
- ansible-playbook --version
- export PYPATH=$([[ ! "$CI_JOB_NAME" =~ "coreos" ]] && echo /usr/bin/python || echo /opt/bin/python)
- echo "CI_JOB_NAME is $CI_JOB_NAME"
- echo "PYPATH is $PYPATH"
- ./tests/scripts/rebase.sh
- ./tests/scripts/testcases_prepare.sh
script:
- pwd
- ls
- echo ${PWD}
- echo "${STARTUP_SCRIPT}"
- cd tests && make create-${CI_PLATFORM} -s ; cd -
# Check out latest tag if testing upgrade
- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
# Checkout the CI vars file so it is available
- test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml
# Workaround https://github.com/kubernetes-sigs/kubespray/issues/2021
- 'sh -c "echo ignore_assert_errors: true | tee -a tests/files/${CI_JOB_NAME}.yml"'
# Create cluster
- >
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
-e ansible_ssh_user=${SSH_USER}
-e local_release_dir=${PWD}/downloads
--limit "all:!fake_hosts"
cluster.yml
# Repeat deployment if testing upgrade
- >
if [ "${UPGRADE_TEST}" != "false" ]; then
test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml";
test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml";
git checkout "${CI_BUILD_REF}";
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
-e ansible_ssh_user=${SSH_USER}
-e local_release_dir=${PWD}/downloads
--limit "all:!fake_hosts"
$PLAYBOOK;
fi
# Tests Cases
## Test Master API
- ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL
## Ping the between 2 pod
- ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL
## Advanced DNS checks
- ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL
## Idempotency checks 1/5 (repeat deployment)
- >
if [ "${IDEMPOT_CHECK}" = "true" ]; then
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
-e ansible_python_interpreter=${PYPATH}
-e local_release_dir=${PWD}/downloads
--limit "all:!fake_hosts"
cluster.yml;
fi
## Idempotency checks 2/5 (Advanced DNS checks)
- >
if [ "${IDEMPOT_CHECK}" = "true" ]; then
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
--limit "all:!fake_hosts"
tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
fi
## Idempotency checks 3/5 (reset deployment)
- >
if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
-e ansible_python_interpreter=${PYPATH}
-e reset_confirmation=yes
--limit "all:!fake_hosts"
reset.yml;
fi
## Idempotency checks 4/5 (redeploy after reset)
- >
if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
ansible-playbook
-i ${ANSIBLE_INVENTORY}
-b --become-user=root
--private-key=${HOME}/.ssh/id_rsa
-u $SSH_USER
${SSH_ARGS}
${LOG_LEVEL}
-e @${CI_TEST_VARS}
-e ansible_python_interpreter=${PYPATH}
-e local_release_dir=${PWD}/downloads
--limit "all:!fake_hosts"
cluster.yml;
fi
## Idempotency checks 5/5 (Advanced DNS checks)
- >
if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH}
-u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
--limit "all:!fake_hosts"
tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
fi
- ./tests/scripts/testcases_run.sh
after_script:
- cd tests && make delete-${CI_PLATFORM} -s ; cd -
.gce: &gce
<<: *testcases
variables:
<<: *gce_variables
.do: &do
variables:
<<: *do_variables
<<: *testcases
# Test matrix. Leave the comments for markup scripts.
.coreos_calico_aio_variables: &coreos_calico_aio_variables
# stage: deploy-part1
MOVED_TO_GROUP_VARS: "true"
.ubuntu18_flannel_aio_variables: &ubuntu18_flannel_aio_variables
# stage: deploy-part1
MOVED_TO_GROUP_VARS: "true"
.centos_weave_kubeadm_variables: &centos_weave_kubeadm_variables
# stage: deploy-part1
UPGRADE_TEST: "graceful"
.ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables
# stage: deploy-part1
MOVED_TO_GROUP_VARS: "true"
.ubuntu_canal_ha_variables: &ubuntu_canal_ha_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.ubuntu_contiv_sep_variables: &ubuntu_contiv_sep_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.coreos_cilium_variables: &coreos_cilium_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.ubuntu_cilium_sep_variables: &ubuntu_cilium_sep_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.rhel7_weave_variables: &rhel7_weave_variables
# stage: deploy-part1
MOVED_TO_GROUP_VARS: "true"
.centos7_flannel_addons_variables: &centos7_flannel_addons_variables
# stage: deploy-part2
MOVED_TO_GROUP_VARS: "true"
.debian9_calico_variables: &debian9_calico_variables
# stage: deploy-part2
MOVED_TO_GROUP_VARS: "true"
.coreos_canal_variables: &coreos_canal_variables
# stage: deploy-part2
MOVED_TO_GROUP_VARS: "true"
.rhel7_canal_sep_variables: &rhel7_canal_sep_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.ubuntu_weave_sep_variables: &ubuntu_weave_sep_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.centos7_calico_ha_variables: &centos7_calico_ha_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.centos7_kube_router_variables: &centos7_kube_router_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.centos7_multus_calico_variables: &centos7_multus_calico_variables
# stage: deploy-part2
UPGRADE_TEST: "graceful"
.coreos_alpha_weave_ha_variables: &coreos_alpha_weave_ha_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.coreos_kube_router_variables: &coreos_kube_router_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.ubuntu_rkt_sep_variables: &ubuntu_rkt_sep_variables
# stage: deploy-part1
MOVED_TO_GROUP_VARS: "true"
.ubuntu_flannel_variables: &ubuntu_flannel_variables
# stage: deploy-part2
MOVED_TO_GROUP_VARS: "true"
.ubuntu_kube_router_variables: &ubuntu_kube_router_variables
# stage: deploy-special
MOVED_TO_GROUP_VARS: "true"
.opensuse_canal_variables: &opensuse_canal_variables
# stage: deploy-part2
MOVED_TO_GROUP_VARS: "true"
# Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
### PR JOBS PART1
gce_ubuntu18-flannel-aio:
stage: deploy-part1
<<: *job
<<: *gce
variables:
<<: *ubuntu18_flannel_aio_variables
<<: *gce_variables
when: on_success
except: ['triggers']
only: [/^pr-.*$/]
### PR JOBS PART2
gce_coreos-calico-aio:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *coreos_calico_aio_variables
<<: *gce_variables
when: on_success
except: ['triggers']
only: [/^pr-.*$/]
gce_centos7-flannel-addons:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_flannel_addons_variables
when: on_success
except: ['triggers']
only: [/^pr-.*$/]
### MANUAL JOBS
gce_centos-weave-kubeadm-sep:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos_weave_kubeadm_variables
when: on_success
only: ['triggers']
gce_ubuntu-weave-sep:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_weave_sep_variables
when: manual
only: ['triggers']
gce_coreos-calico-sep-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_calico_aio_variables
when: on_success
only: ['triggers']
gce_ubuntu-canal-ha-triggers:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_canal_ha_variables
when: on_success
only: ['triggers']
gce_centos7-flannel-addons-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_flannel_addons_variables
when: on_success
only: ['triggers']
gce_ubuntu-weave-sep-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_weave_sep_variables
when: on_success
only: ['triggers']
# More builds for PRs/merges (manual) and triggers (auto)
do_ubuntu-canal-ha:
stage: deploy-part2
<<: *job
<<: *do
variables:
<<: *do_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-canal-ha:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_canal_ha_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-canal-kubeadm:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_canal_kubeadm_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-canal-kubeadm-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_canal_kubeadm_variables
when: on_success
only: ['triggers']
gce_ubuntu-flannel-ha:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_flannel_variables
when: manual
except: ['triggers']
gce_centos-weave-kubeadm-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos_weave_kubeadm_variables
when: on_success
only: ['triggers']
gce_ubuntu-contiv-sep:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_contiv_sep_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-cilium:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_cilium_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-cilium-sep:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_cilium_sep_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-weave:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *rhel7_weave_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-weave-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *rhel7_weave_variables
when: on_success
only: ['triggers']
gce_debian9-calico-upgrade:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *debian9_calico_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_debian9-calico-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *debian9_calico_variables
when: on_success
only: ['triggers']
gce_coreos-canal:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_canal_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-canal-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_canal_variables
when: on_success
only: ['triggers']
gce_rhel7-canal-sep:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *rhel7_canal_sep_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-canal-sep-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *rhel7_canal_sep_variables
when: on_success
only: ['triggers']
gce_centos7-calico-ha:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_calico_ha_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_centos7-calico-ha-triggers:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_calico_ha_variables
when: on_success
only: ['triggers']
gce_centos7-kube-router:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_kube_router_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_centos7-multus-calico:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *centos7_multus_calico_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_opensuse-canal:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *opensuse_canal_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
# no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613
gce_coreos-alpha-weave-ha:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_alpha_weave_ha_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-kube-router:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *coreos_kube_router_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-rkt-sep:
stage: deploy-part2
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_rkt_sep_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-kube-router-sep:
stage: deploy-special
<<: *job
<<: *gce
variables:
<<: *gce_variables
<<: *ubuntu_kube_router_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
- ./tests/scripts/testcases_cleanup.sh
# For failfast, at least 1 job must be defined in .gitlab-ci.yml
# Premoderated with manual actions
ci-authorized:
<<: *job
extends: .job
stage: moderator
before_script:
- apt-get -y install jq
script:
- /bin/sh scripts/premoderator.sh
except: ['triggers', 'master']
syntax-check:
<<: *job
stage: unit-tests
script:
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check
- ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check
except: ['triggers', 'master']
yamllint:
<<: *job
stage: unit-tests
script:
- yamllint .
except: ['triggers', 'master']
tox-inventory-builder:
stage: unit-tests
<<: *job
script:
- pip install tox
- cd contrib/inventory_builder && tox
when: manual
except: ['triggers', 'master']
# Tests for contrib/terraform/
.terraform_install: &terraform_install
<<: *job
before_script:
# Set Ansible config
- cp ansible.cfg ~/.ansible.cfg
# Install Terraform
- apt-get install -y unzip
- curl https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip > /tmp/terraform.zip
- unzip /tmp/terraform.zip && mv ./terraform /usr/local/bin/ && terraform --version
# Prepare inventory
- cp -LRp contrib/terraform/$PROVIDER/sample-inventory inventory/$CLUSTER
- cd inventory/$CLUSTER
- ln -s ../../contrib/terraform/$PROVIDER/hosts
- terraform init ../../contrib/terraform/$PROVIDER
# Copy SSH keypair
- mkdir -p ~/.ssh
- echo "$PACKET_PRIVATE_KEY" | base64 -d > ~/.ssh/id_rsa
- chmod 400 ~/.ssh/id_rsa
- echo "$PACKET_PUBLIC_KEY" | base64 -d > ~/.ssh/id_rsa.pub
- export TF_VAR_public_key_path=""
only: ['master', /^pr-.*$/]
.terraform_validate: &terraform_validate
<<: *terraform_install
stage: unit-tests
script:
- terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER
- terraform fmt -check -diff ../../contrib/terraform/$PROVIDER
.terraform_apply: &terraform_apply
<<: *terraform_install
stage: deploy-part2
when: manual
script:
- terraform apply -auto-approve ../../contrib/terraform/$PROVIDER
- ansible-playbook -i hosts ../../cluster.yml
after_script:
# Cleanup regardless of exit code
- cd inventory/$CLUSTER
- terraform destroy -auto-approve ../../contrib/terraform/$PROVIDER
tf-validate-openstack:
<<: *terraform_validate
variables:
TF_VERSION: 0.11.11
PROVIDER: openstack
CLUSTER: $CI_COMMIT_REF_NAME
tf-validate-packet:
<<: *terraform_validate
variables:
TF_VERSION: 0.11.11
PROVIDER: packet
CLUSTER: $CI_COMMIT_REF_NAME
tf-apply-packet:
<<: *terraform_apply
variables:
TF_VERSION: 0.11.11
PROVIDER: packet
CLUSTER: $CI_COMMIT_REF_NAME
TF_VAR_cluster_name: $CI_COMMIT_REF_NAME
TF_VAR_number_of_k8s_masters: "1"
TF_VAR_number_of_k8s_nodes: "1"
TF_VAR_plan_k8s_masters: t1.small.x86
TF_VAR_plan_k8s_nodes: t1.small.x86
TF_VAR_facility: "ewr1"
include:
- .gitlab-ci/lint.yml
- .gitlab-ci/shellcheck.yml
- .gitlab-ci/gce.yml
- .gitlab-ci/digital-ocean.yml
- .gitlab-ci/terraform.yml
- .gitlab-ci/packet.yml

19
.gitlab-ci/digital-ocean.yml Normal file
View File

@ -0,0 +1,19 @@
---
.do_variables: &do_variables
PRIVATE_KEY: $DO_PRIVATE_KEY
CI_PLATFORM: "do"
SSH_USER: root
.do: &do
extends: .testcases
tags:
- do
do_ubuntu-canal-ha:
stage: deploy-part2
extends: .do
variables:
<<: *do_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]

264
.gitlab-ci/gce.yml Normal file
View File

@ -0,0 +1,264 @@
---
.gce_variables: &gce_variables
GCE_USER: travis
SSH_USER: $GCE_USER
CLOUD_MACHINE_TYPE: "g1-small"
CI_PLATFORM: "gce"
PRIVATE_KEY: $GCE_PRIVATE_KEY
.cache: &cache
cache:
key: "$CI_BUILD_REF_NAME"
paths:
- downloads/
- $HOME/.cache
.gce: &gce
extends: .testcases
<<: *cache
variables:
<<: *gce_variables
tags:
- gce
.centos_weave_kubeadm_variables: &centos_weave_kubeadm_variables
# stage: deploy-part1
UPGRADE_TEST: "graceful"
.centos7_multus_calico_variables: &centos7_multus_calico_variables
# stage: deploy-gce
UPGRADE_TEST: "graceful"
# Builds for PRs only (premoderated by unit-tests step) and triggers (auto)
### PR JOBS PART1
gce_ubuntu18-flannel-aio:
stage: deploy-part1
<<: *gce
when: manual
except: ['triggers']
only: [/^pr-.*$/]
### PR JOBS PART2
gce_coreos-calico-aio:
stage: deploy-gce
<<: *gce
when: on_success
except: ['triggers']
only: [/^pr-.*$/]
gce_centos7-flannel-addons:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: [/^pr-.*$/]
### MANUAL JOBS
gce_centos-weave-kubeadm-sep:
stage: deploy-gce
extends: .gce
variables:
<<: *centos_weave_kubeadm_variables
when: on_success
only: ['triggers']
gce_ubuntu-weave-sep:
stage: deploy-gce
<<: *gce
when: manual
only: ['triggers']
gce_coreos-calico-sep-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_ubuntu-canal-ha-triggers:
stage: deploy-special
<<: *gce
when: on_success
only: ['triggers']
gce_centos7-flannel-addons-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_ubuntu-weave-sep-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
# More builds for PRs/merges (manual) and triggers (auto)
gce_ubuntu-canal-ha:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-canal-kubeadm:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-canal-kubeadm-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_ubuntu-flannel-ha:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
gce_centos-weave-kubeadm-triggers:
stage: deploy-gce
extends: .gce
variables:
<<: *centos_weave_kubeadm_variables
when: on_success
only: ['triggers']
gce_ubuntu-contiv-sep:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-cilium:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu18-cilium-sep:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-weave:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-weave-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_debian9-calico-upgrade:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_debian9-calico-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_coreos-canal:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-canal-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_rhel7-canal-sep:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_rhel7-canal-sep-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_centos7-calico-ha:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_centos7-calico-ha-triggers:
stage: deploy-gce
<<: *gce
when: on_success
only: ['triggers']
gce_centos7-kube-router:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_centos7-multus-calico:
stage: deploy-gce
extends: .gce
variables:
<<: *centos7_multus_calico_variables
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_opensuse-canal:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
# no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613
gce_coreos-alpha-weave-ha:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_coreos-kube-router:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-kube-router-sep:
stage: deploy-special
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]

40
.gitlab-ci/lint.yml Normal file
View File

@ -0,0 +1,40 @@
---
yamllint:
extends: .job
stage: unit-tests
script:
- yamllint --strict .
except: ['triggers', 'master']
ansible-lint:
extends: .job
stage: unit-tests
# lint every yml/yaml file that looks like it contains Ansible plays
script: |-
grep -Rl '^- hosts: \|^ hosts: ' --include \*.yml --include \*.yaml . | xargs -P 4 -n 25 ansible-lint -v
except: ['triggers', 'master']
syntax-check:
extends: .job
stage: unit-tests
variables:
ANSIBLE_INVENTORY: inventory/local-tests.cfg
ANSIBLE_REMOTE_USER: root
ANSIBLE_BECOME: "true"
ANSIBLE_BECOME_USER: root
ANSIBLE_VERBOSITY: "3"
script:
- ansible-playbook --syntax-check cluster.yml
- ansible-playbook --syntax-check upgrade-cluster.yml
- ansible-playbook --syntax-check reset.yml
- ansible-playbook --syntax-check extra_playbooks/upgrade-only-k8s.yml
except: ['triggers', 'master']
tox-inventory-builder:
stage: unit-tests
extends: .job
script:
- pip install tox
- cd contrib/inventory_builder && tox
when: manual
except: ['triggers', 'master']

123
.gitlab-ci/packet.yml Normal file
View File

@ -0,0 +1,123 @@
---
.packet_variables: &packet_variables
CI_PLATFORM: "packet"
SSH_USER: "kubespray"
.packet: &packet
extends: .testcases
variables:
<<: *packet_variables
tags:
- packet
.test-upgrade: &test-upgrade
variables:
UPGRADE_TEST: "graceful"
packet_ubuntu18-calico-aio:
stage: deploy-part1
<<: *packet
when: on_success
except: ['triggers']
only: ['master', /^pr-.*$/]
# ### PR JOBS PART2
packet_centos7-flannel-addons:
stage: deploy-part2
<<: *packet
when: on_success
except: ['triggers']
only: [/^pr-.*$/]
# ### MANUAL JOBS
packet_centos-weave-kubeadm-sep:
stage: deploy-part2
<<: *packet
when: on_success
only: ['triggers']
packet_ubuntu-weave-sep:
stage: deploy-part2
<<: *packet
when: manual
only: ['triggers']
# # More builds for PRs/merges (manual) and triggers (auto)
packet_ubuntu-canal-ha:
stage: deploy-special
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu-canal-kubeadm:
stage: deploy-part2
<<: *packet
when: on_success
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu-flannel-ha:
stage: deploy-part2
<<: *packet
when: on_success
except: ['triggers']
packet_ubuntu-contiv-sep:
stage: deploy-special
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu18-cilium-sep:
stage: deploy-special
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_debian9-calico-upgrade:
stage: deploy-part2
<<: *packet
when: on_success
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_centos7-calico-ha:
stage: deploy-part2
<<: *packet
when: on_success
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_centos7-kube-router:
stage: deploy-special
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_centos7-multus-calico:
stage: deploy-part2
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_opensuse-canal:
stage: deploy-part2
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu-kube-router-sep:
stage: deploy-special
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]

15
.gitlab-ci/shellcheck.yml Normal file
View File

@ -0,0 +1,15 @@
---
shellcheck:
extends: .job
stage: unit-tests
variables:
SHELLCHECK_VERSION: v0.6.0
before_script:
- ./tests/scripts/rebase.sh
- curl --silent "https://storage.googleapis.com/shellcheck/shellcheck-"${SHELLCHECK_VERSION}".linux.x86_64.tar.xz" | tar -xJv
- cp shellcheck-"${SHELLCHECK_VERSION}"/shellcheck /usr/bin/
- shellcheck --version
script:
# Run shellcheck for all *.sh except contrib/
- find . -name '*.sh' -not -path './contrib/*' | xargs shellcheck --severity error
except: ['triggers', 'master']

133
.gitlab-ci/terraform.yml Normal file
View File

@ -0,0 +1,133 @@
---
# Tests for contrib/terraform/
.terraform_install:
extends: .job
before_script:
- ./tests/scripts/rebase.sh
# Set Ansible config
- cp ansible.cfg ~/.ansible.cfg
# Install Terraform
- apt-get install -y unzip
- curl https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip > /tmp/terraform.zip
- unzip /tmp/terraform.zip && mv ./terraform /usr/local/bin/ && terraform --version
# Prepare inventory
- cp -LRp contrib/terraform/$PROVIDER/sample-inventory inventory/$CLUSTER
- cd inventory/$CLUSTER
- ln -s ../../contrib/terraform/$PROVIDER/hosts
- terraform init ../../contrib/terraform/$PROVIDER
# Copy SSH keypair
- mkdir -p ~/.ssh
- echo "$PACKET_PRIVATE_KEY" | base64 -d > ~/.ssh/id_rsa
- chmod 400 ~/.ssh/id_rsa
- echo "$PACKET_PUBLIC_KEY" | base64 -d > ~/.ssh/id_rsa.pub
only: ['master', /^pr-.*$/]
.terraform_validate:
extends: .terraform_install
stage: unit-tests
script:
- terraform validate -var-file=cluster.tf ../../contrib/terraform/$PROVIDER
- terraform fmt -check -diff ../../contrib/terraform/$PROVIDER
.terraform_apply:
extends: .terraform_install
stage: deploy-part2
when: manual
variables:
ANSIBLE_INVENTORY_UNPARSED_FAILED: "true"
script:
- terraform apply -auto-approve ../../contrib/terraform/$PROVIDER
- ansible-playbook -i hosts ../../cluster.yml --become
after_script:
# Cleanup regardless of exit code
- cd inventory/$CLUSTER
- terraform destroy -auto-approve ../../contrib/terraform/$PROVIDER
tf-validate-openstack:
extends: .terraform_validate
variables:
TF_VERSION: 0.11.11
PROVIDER: openstack
CLUSTER: $CI_COMMIT_REF_NAME
tf-validate-packet:
extends: .terraform_validate
variables:
TF_VERSION: 0.11.11
PROVIDER: packet
CLUSTER: $CI_COMMIT_REF_NAME
tf-validate-aws:
extends: .terraform_validate
variables:
TF_VERSION: 0.11.11
PROVIDER: aws
CLUSTER: $CI_COMMIT_REF_NAME
tf-packet-ubuntu16-default:
extends: .terraform_apply
variables:
TF_VERSION: 0.11.11
PROVIDER: packet
CLUSTER: $CI_COMMIT_REF_NAME
TF_VAR_cluster_name: $CI_COMMIT_REF_SLUG
TF_VAR_number_of_k8s_masters: "1"
TF_VAR_number_of_k8s_nodes: "1"
TF_VAR_plan_k8s_masters: t1.small.x86
TF_VAR_plan_k8s_nodes: t1.small.x86
TF_VAR_facility: ewr1
TF_VAR_public_key_path: ""
TF_VAR_operating_system: ubuntu_16_04
tf-packet-ubuntu18-default:
extends: .terraform_apply
variables:
TF_VERSION: 0.11.11
PROVIDER: packet
CLUSTER: $CI_COMMIT_REF_NAME
TF_VAR_cluster_name: $CI_COMMIT_REF_SLUG
TF_VAR_number_of_k8s_masters: "1"
TF_VAR_number_of_k8s_nodes: "1"
TF_VAR_plan_k8s_masters: t1.small.x86
TF_VAR_plan_k8s_nodes: t1.small.x86
TF_VAR_facility: ams1
TF_VAR_public_key_path: ""
TF_VAR_operating_system: ubuntu_18_04
.ovh_variables: &ovh_variables
OS_AUTH_URL: https://auth.cloud.ovh.net/v3
OS_PROJECT_ID: 8d3cd5d737d74227ace462dee0b903fe
OS_PROJECT_NAME: "9361447987648822"
OS_USER_DOMAIN_NAME: Default
OS_PROJECT_DOMAIN_ID: default
OS_USERNAME: 8XuhBMfkKVrk
OS_REGION_NAME: UK1
OS_INTERFACE: public
OS_IDENTITY_API_VERSION: "3"
tf-apply-ovh:
extends: .terraform_apply
variables:
<<: *ovh_variables
TF_VERSION: 0.11.11
PROVIDER: openstack
CLUSTER: $CI_COMMIT_REF_NAME
ANSIBLE_TIMEOUT: "60"
TF_VAR_cluster_name: $CI_COMMIT_REF_SLUG
TF_VAR_number_of_k8s_masters: "0"
TF_VAR_number_of_k8s_masters_no_floating_ip: "1"
TF_VAR_number_of_k8s_masters_no_floating_ip_no_etcd: "0"
TF_VAR_number_of_etcd: "0"
TF_VAR_number_of_k8s_nodes: "0"
TF_VAR_number_of_k8s_nodes_no_floating_ip: "1"
TF_VAR_number_of_gfs_nodes_no_floating_ip: "0"
TF_VAR_number_of_bastions: "0"
TF_VAR_number_of_k8s_masters_no_etcd: "0"
TF_VAR_use_neutron: "0"
TF_VAR_floatingip_pool: "Ext-Net"
TF_VAR_external_net: "6011fbc9-4cbf-46a4-8452-6890a340b60b"
TF_VAR_network_name: "Ext-Net"
TF_VAR_flavor_k8s_master: "defa64c3-bd46-43b4-858a-d93bbae0a229" # s1-8
TF_VAR_flavor_k8s_node: "defa64c3-bd46-43b4-858a-d93bbae0a229" # s1-8
TF_VAR_image: "Ubuntu 18.04"
TF_VAR_k8s_allowed_remote_ips: '["0.0.0.0/0"]'

5
Dockerfile
View File

@ -1,4 +1,4 @@
FROM ubuntu:16.04
FROM ubuntu:18.04
RUN mkdir /kubespray
WORKDIR /kubespray
@ -14,6 +14,5 @@ RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - &&
&& apt update -y && apt-get install docker-ce -y
COPY . .
RUN /usr/bin/python -m pip install pip -U && /usr/bin/python -m pip install -r tests/requirements.txt && python -m pip install -r requirements.txt
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.11.3/bin/linux/amd64/kubectl \
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.13.5/bin/linux/amd64/kubectl \
&& chmod a+x kubectl && cp kubectl /usr/local/bin/kubectl

19
README.md
View File

@ -29,7 +29,7 @@ To deploy the cluster you can use :
# Update Ansible inventory file with inventory builder
declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
CONFIG_FILE=inventory/mycluster/hosts.ini python3 contrib/inventory_builder/inventory.py ${IPS[@]}
CONFIG_FILE=inventory/mycluster/hosts.yml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
# Review and change parameters under ``inventory/mycluster/group_vars``
cat inventory/mycluster/group_vars/all/all.yml
@ -39,7 +39,7 @@ To deploy the cluster you can use :
# The option `-b` is required, as for example writing SSL keys in /etc/,
# installing packages and interacting with various systemd daemons.
# Without -b the playbook will fail to run!
ansible-playbook -i inventory/mycluster/hosts.ini --become --become-user=root cluster.yml
ansible-playbook -i inventory/mycluster/hosts.yml --become --become-user=root cluster.yml
Note: When Ansible is already installed via system packages on the control machine, other python packages installed via `sudo pip install -r requirements.txt` will go to a different directory tree (e.g. `/usr/local/lib/python2.7/dist-packages` on Ubuntu) from Ansible's (e.g. `/usr/lib/python2.7/dist-packages/ansible` still on Ubuntu).
As a consequence, `ansible-playbook` command will fail with:
@ -108,10 +108,9 @@ Supported Components
--------------------
- Core
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.13.5
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.1
- [etcd](https://github.com/coreos/etcd) v3.2.26
- [docker](https://www.docker.com/) v18.06 (see note)
- [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)
- [cri-o](http://cri-o.io/) v1.11.5 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
- Network Plugin
- [calico](https://github.com/projectcalico/calico) v3.4.0
@ -124,21 +123,17 @@ Supported Components
- [weave](https://github.com/weaveworks/weave) v2.5.1
- Application
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
- [rbd-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.1-k8s1.11
- [cert-manager](https://github.com/jetstack/cert-manager) v0.5.2
- [coredns](https://github.com/coredns/coredns) v1.4.0
- [coredns](https://github.com/coredns/coredns) v1.5.0
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v0.21.0
Note: The list of validated [docker versions](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md) was updated to 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06. kubeadm now properly recognizes Docker 18.09.0 and newer, but still treats 18.06 as the default supported version. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
Note 2: rkt support as docker alternative is limited to control plane (etcd and
kubelet). Docker is still used for Kubernetes cluster workloads and network
plugins' related OS services. Also note, only one of the supported network
plugins can be deployed for a given single cluster.
Requirements
------------
- **Ansible v2.7.6 (or newer) and python-netaddr is installed on the machine
- **Ansible v2.7.8 (or newer) and python-netaddr is installed on the machine
that will run Ansible commands**
- **Jinja 2.9 (or newer) is required to run the Ansible Playbooks**
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/downloads.md#offline-environment))
@ -205,7 +200,7 @@ Tools and projects on top of Kubespray
CI Tests
--------
[![Build graphs](https://gitlab.com/kubespray-ci/kubernetes-incubator__kubespray/badges/master/build.svg)](https://gitlab.com/kubespray-ci/kubernetes-incubator__kubespray/pipelines)
[![Build graphs](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/badges/master/build.svg)](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/pipelines)
CI/end-to-end tests sponsored by Google (GCE)
See the [test matrix](docs/test_cases.md) for details.

3
Vagrantfile vendored
View File

@ -184,7 +184,8 @@ Vagrant.configure("2") do |config|
"download_run_once": "False",
"download_localhost": "False",
"local_path_provisioner_enabled": "#{$local_path_provisioner_enabled}",
"local_path_provisioner_claim_root": "#{$local_path_provisioner_claim_root}"
"local_path_provisioner_claim_root": "#{$local_path_provisioner_claim_root}",
"ansible_ssh_user": SUPPORTED_OS[$os][:user]
}
# Only execute the Ansible provisioner once, when all the machines are up and ready.

17
cluster.yml
View File

@ -3,11 +3,11 @@
gather_facts: false
become: no
tasks:
- name: "Check ansible version >=2.7.6"
- name: "Check ansible version >=2.7.8"
assert:
msg: "Ansible must be v2.7.6 or higher"
msg: "Ansible must be v2.7.8 or higher"
that:
- ansible_version.string is version("2.7.6", ">=")
- ansible_version.string is version("2.7.8", ">=")
tags:
- check
vars:
@ -22,10 +22,6 @@
- hosts: k8s-cluster:etcd:calico-rr
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
gather_facts: false
vars:
# Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
# fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
ansible_ssh_pipelining: false
roles:
- { role: kubespray-defaults}
- { role: bootstrap-os, tags: bootstrap-os}
@ -113,5 +109,10 @@
roles:
- { role: kubespray-defaults}
- { role: kubernetes-apps, tags: apps }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }
environment: "{{proxy_env}}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }

1
contrib/dind/roles/dind-host/tasks/main.yaml
View File

@ -79,6 +79,7 @@
with_items: "{{ containers.results }}"
- name: Early hack image install to adapt for DIND
# noqa 302 - this task uses the raw module intentionally
raw: |
rm -fv /usr/bin/udevadm /usr/sbin/udevadm
delegate_to: "{{ item._ansible_item_label|default(item.item) }}"

7
contrib/inventory_builder/inventory.py
View File

@ -93,14 +93,15 @@ class KubesprayInventory(object):
self.purge_invalid_hosts(self.hosts.keys(), PROTECTED_NAMES)
self.set_all(self.hosts)
self.set_k8s_cluster()
self.set_etcd(list(self.hosts.keys())[:3])
etcd_hosts_count = 3 if len(self.hosts.keys()) >= 3 else 1
self.set_etcd(list(self.hosts.keys())[:etcd_hosts_count])
if len(self.hosts) >= SCALE_THRESHOLD:
self.set_kube_master(list(self.hosts.keys())[3:5])
self.set_kube_master(list(self.hosts.keys())[etcd_hosts_count:5])
else:
self.set_kube_master(list(self.hosts.keys())[:2])
self.set_kube_node(self.hosts.keys())
if len(self.hosts) >= SCALE_THRESHOLD:
self.set_calico_rr(list(self.hosts.keys())[:3])
self.set_calico_rr(list(self.hosts.keys())[:etcd_hosts_count])
else: # Show help if no options
self.show_help()
sys.exit(0)

20
contrib/kvm-setup/roles/kvm-setup/tasks/main.yml
View File

@ -1,15 +1,9 @@
---
- name: Upgrade all packages to the latest version (yum)
yum:
name: '*'
state: latest
when: ansible_os_family == "RedHat"
- name: Install required packages
yum:
name: "{{ item }}"
state: latest
state: present
with_items:
- bind-utils
- ntp
@ -21,23 +15,13 @@
update_cache: yes
cache_valid_time: 3600
name: "{{ item }}"
state: latest
state: present
install_recommends: no
with_items:
- dnsutils
- ntp
when: ansible_os_family == "Debian"
- name: Upgrade all packages to the latest version (apt)
shell: apt-get -o \
Dpkg::Options::=--force-confdef -o \
Dpkg::Options::=--force-confold -q -y \
dist-upgrade
environment:
DEBIAN_FRONTEND: noninteractive
when: ansible_os_family == "Debian"
# Create deployment user if required
- include: user.yml
when: k8s_deployment_user is defined

4
contrib/network-storage/heketi/roles/provision/templates/glusterfs-daemonset.json.j2
View File

@ -69,7 +69,7 @@
},
"readinessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 60,
"initialDelaySeconds": 3,
"exec": {
"command": [
"/bin/bash",
@ -80,7 +80,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 60,
"initialDelaySeconds": 10,
"exec": {
"command": [
"/bin/bash",

2
contrib/network-storage/heketi/roles/provision/templates/heketi-bootstrap.json.j2
View File

@ -106,7 +106,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 30,
"initialDelaySeconds": 10,
"httpGet": {
"path": "/hello",
"port": 8080

2
contrib/network-storage/heketi/roles/provision/templates/heketi-deployment.json.j2
View File

@ -122,7 +122,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 30,
"initialDelaySeconds": 10,
"httpGet": {
"path": "/hello",
"port": 8080

53
contrib/terraform/aws/sample-inventory/cluster.tf Normal file
View File

@ -0,0 +1,53 @@
#Global Vars
aws_cluster_name = "devtest"
#VPC Vars
aws_vpc_cidr_block = "10.250.192.0/18"
aws_cidr_subnets_private = ["10.250.192.0/20", "10.250.208.0/20"]
aws_cidr_subnets_public = ["10.250.224.0/20", "10.250.240.0/20"]
#Bastion Host
aws_bastion_size = "t2.medium"
#Kubernetes Cluster
aws_kube_master_num = 3
aws_kube_master_size = "t2.medium"
aws_etcd_num = 3
aws_etcd_size = "t2.medium"
aws_kube_worker_num = 4
aws_kube_worker_size = "t2.medium"
#Settings AWS ELB
aws_elb_api_port = 6443
k8s_secure_api_port = 6443
kube_insecure_apiserver_address = "0.0.0.0"
default_tags = {
# Env = "devtest" # Product = "kubernetes"
}
inventory_file = "../../../inventory/hosts"
## Credentials
#AWS Access Key
AWS_ACCESS_KEY_ID = ""
#AWS Secret Key
AWS_SECRET_ACCESS_KEY = ""
#EC2 SSH Key Name
AWS_SSH_KEY_NAME = ""
#AWS Region
AWS_DEFAULT_REGION = "eu-central-1"

1
contrib/terraform/aws/sample-inventory/group_vars Symbolic link
View File

@ -0,0 +1 @@
../../../../inventory/sample/group_vars

2
contrib/terraform/openstack/README.md
View File

@ -243,6 +243,8 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tf`.
|`supplementary_master_groups` | To add ansible groups to the masters, such as `kube-node` for tainting them as nodes, empty by default. |
|`supplementary_node_groups` | To add ansible groups to the nodes, such as `kube-ingress` for running ingress controller pods, empty by default. |
|`bastion_allowed_remote_ips` | List of CIDR allowed to initiate a SSH connection, `["0.0.0.0/0"]` by default |
|`master_allowed_remote_ips` | List of CIDR blocks allowed to initiate an API connection, `["0.0.0.0/0"]` by default |
|`k8s_allowed_remote_ips` | List of CIDR allowed to initiate a SSH connection, empty by default |
|`worker_allowed_ports` | List of ports to open on worker nodes, `[{ "protocol" = "tcp", "port_range_min" = 30000, "port_range_max" = 32767, "remote_ip_prefix" = "0.0.0.0/0"}]` by default |
#### Terraform state files

10
contrib/terraform/openstack/kubespray.tf
View File

@ -1,3 +1,7 @@
provider "openstack" {
version = "~> 1.17"
}
module "network" {
source = "modules/network"
@ -49,9 +53,13 @@ module "compute" {
network_name = "${var.network_name}"
flavor_bastion = "${var.flavor_bastion}"
k8s_master_fips = "${module.ips.k8s_master_fips}"
k8s_master_no_etcd_fips = "${module.ips.k8s_master_no_etcd_fips}"
k8s_node_fips = "${module.ips.k8s_node_fips}"
bastion_fips = "${module.ips.bastion_fips}"
bastion_allowed_remote_ips = "${var.bastion_allowed_remote_ips}"
master_allowed_remote_ips = "${var.master_allowed_remote_ips}"
k8s_allowed_remote_ips = "${var.k8s_allowed_remote_ips}"
k8s_allowed_egress_ips = "${var.k8s_allowed_egress_ips}"
supplementary_master_groups = "${var.supplementary_master_groups}"
supplementary_node_groups = "${var.supplementary_node_groups}"
worker_allowed_ports = "${var.worker_allowed_ports}"
@ -72,7 +80,7 @@ output "router_id" {
}
output "k8s_master_fips" {
value = "${module.ips.k8s_master_fips}"
value = "${concat(module.ips.k8s_master_fips, module.ips.k8s_master_no_etcd_fips)}"
}
output "k8s_node_fips" {

86
contrib/terraform/openstack/modules/compute/main.tf
View File

@ -4,24 +4,27 @@ resource "openstack_compute_keypair_v2" "k8s" {
}
resource "openstack_networking_secgroup_v2" "k8s_master" {
name = "${var.cluster_name}-k8s-master"
description = "${var.cluster_name} - Kubernetes Master"
name = "${var.cluster_name}-k8s-master"
description = "${var.cluster_name} - Kubernetes Master"
delete_default_rules = true
}
resource "openstack_networking_secgroup_rule_v2" "k8s_master" {
count = "${length(var.master_allowed_remote_ips)}"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = "6443"
port_range_max = "6443"
remote_ip_prefix = "0.0.0.0/0"
remote_ip_prefix = "${var.master_allowed_remote_ips[count.index]}"
security_group_id = "${openstack_networking_secgroup_v2.k8s_master.id}"
}
resource "openstack_networking_secgroup_v2" "bastion" {
name = "${var.cluster_name}-bastion"
count = "${var.number_of_bastions ? 1 : 0}"
description = "${var.cluster_name} - Bastion Server"
name = "${var.cluster_name}-bastion"
count = "${var.number_of_bastions ? 1 : 0}"
description = "${var.cluster_name} - Bastion Server"
delete_default_rules = true
}
resource "openstack_networking_secgroup_rule_v2" "bastion" {
@ -36,8 +39,9 @@ resource "openstack_networking_secgroup_rule_v2" "bastion" {
}
resource "openstack_networking_secgroup_v2" "k8s" {
name = "${var.cluster_name}-k8s"
description = "${var.cluster_name} - Kubernetes"
name = "${var.cluster_name}-k8s"
description = "${var.cluster_name} - Kubernetes"
delete_default_rules = true
}
resource "openstack_networking_secgroup_rule_v2" "k8s" {
@ -47,9 +51,29 @@ resource "openstack_networking_secgroup_rule_v2" "k8s" {
security_group_id = "${openstack_networking_secgroup_v2.k8s.id}"
}
resource "openstack_networking_secgroup_rule_v2" "k8s_allowed_remote_ips" {
count = "${length(var.k8s_allowed_remote_ips)}"
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = "22"
port_range_max = "22"
remote_ip_prefix = "${var.k8s_allowed_remote_ips[count.index]}"
security_group_id = "${openstack_networking_secgroup_v2.k8s.id}"
}
resource "openstack_networking_secgroup_rule_v2" "egress" {
count = "${length(var.k8s_allowed_egress_ips)}"
direction = "egress"
ethertype = "IPv4"
remote_ip_prefix = "${var.k8s_allowed_egress_ips[count.index]}"
security_group_id = "${openstack_networking_secgroup_v2.k8s.id}"
}
resource "openstack_networking_secgroup_v2" "worker" {
name = "${var.cluster_name}-k8s-worker"
description = "${var.cluster_name} - Kubernetes worker nodes"
name = "${var.cluster_name}-k8s-worker"
description = "${var.cluster_name} - Kubernetes worker nodes"
delete_default_rules = true
}
resource "openstack_networking_secgroup_rule_v2" "worker" {
@ -76,7 +100,6 @@ resource "openstack_compute_instance_v2" "bastion" {
security_groups = ["${openstack_networking_secgroup_v2.k8s.name}",
"${openstack_networking_secgroup_v2.bastion.name}",
"default",
]
metadata = {
@ -102,20 +125,16 @@ resource "openstack_compute_instance_v2" "k8s_master" {
name = "${var.network_name}"
}
# The join() hack is described here: https://github.com/hashicorp/terraform/issues/11566
# As a workaround for creating "dynamic" lists (when, for example, no bastion host is created)
security_groups = ["${openstack_networking_secgroup_v2.k8s_master.name}",
"${openstack_networking_secgroup_v2.k8s.name}",
]
security_groups = ["${compact(list(
openstack_networking_secgroup_v2.k8s_master.name,
join(" ", openstack_networking_secgroup_v2.bastion.*.id),
openstack_networking_secgroup_v2.k8s.name,
"default",
))}"]
metadata = {
ssh_user = "${var.ssh_user}"
kubespray_groups = "etcd,kube-master,${var.supplementary_master_groups},k8s-cluster,vault"
depends_on = "${var.network_id}"
}
provisioner "local-exec" {
command = "sed s/USER/${var.ssh_user}/ contrib/terraform/openstack/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element( concat(var.bastion_fips, var.k8s_master_fips), 0)}/ > contrib/terraform/group_vars/no-floating.yml"
}
@ -133,11 +152,9 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
name = "${var.network_name}"
}
security_groups = ["${compact(list(
openstack_networking_secgroup_v2.k8s_master.name,
join(" ", openstack_networking_secgroup_v2.bastion.*.id),
openstack_networking_secgroup_v2.k8s.name,
))}"]
security_groups = ["${openstack_networking_secgroup_v2.k8s_master.name}",
"${openstack_networking_secgroup_v2.k8s.name}",
]
metadata = {
ssh_user = "${var.ssh_user}"
@ -185,7 +202,6 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip" {
security_groups = ["${openstack_networking_secgroup_v2.k8s_master.name}",
"${openstack_networking_secgroup_v2.k8s.name}",
"default",
]
metadata = {
@ -230,12 +246,9 @@ resource "openstack_compute_instance_v2" "k8s_node" {
name = "${var.network_name}"
}
security_groups = ["${compact(list(
openstack_networking_secgroup_v2.k8s_master.name,
join(" ", openstack_networking_secgroup_v2.bastion.*.id),
openstack_networking_secgroup_v2.k8s.name,
"default",
))}"]
security_groups = ["${openstack_networking_secgroup_v2.k8s.name}",
"${openstack_networking_secgroup_v2.worker.name}",
]
metadata = {
ssh_user = "${var.ssh_user}"
@ -262,7 +275,6 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
security_groups = ["${openstack_networking_secgroup_v2.k8s.name}",
"${openstack_networking_secgroup_v2.worker.name}",
"default",
]
metadata = {
@ -284,6 +296,12 @@ resource "openstack_compute_floatingip_associate_v2" "k8s_master" {
floating_ip = "${var.k8s_master_fips[count.index]}"
}
resource "openstack_compute_floatingip_associate_v2" "k8s_master_no_etcd" {
count = "${var.number_of_k8s_masters_no_etcd}"
instance_id = "${element(openstack_compute_instance_v2.k8s_master_no_etcd.*.id, count.index)}"
floating_ip = "${var.k8s_master_no_etcd_fips[count.index]}"
}
resource "openstack_compute_floatingip_associate_v2" "k8s_node" {
count = "${var.number_of_k8s_nodes}"
floating_ip = "${var.k8s_node_fips[count.index]}"
@ -309,9 +327,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
name = "${var.network_name}"
}
security_groups = ["${openstack_networking_secgroup_v2.k8s.name}",
"default",
]
security_groups = ["${openstack_networking_secgroup_v2.k8s.name}"]
metadata = {
ssh_user = "${var.ssh_user_gfs}"

16
contrib/terraform/openstack/modules/compute/variables.tf
View File

@ -54,6 +54,10 @@ variable "k8s_master_fips" {
type = "list"
}
variable "k8s_master_no_etcd_fips" {
type = "list"
}
variable "k8s_node_fips" {
type = "list"
}
@ -66,6 +70,18 @@ variable "bastion_allowed_remote_ips" {
type = "list"
}
variable "master_allowed_remote_ips" {
type = "list"
}
variable "k8s_allowed_remote_ips" {
type = "list"
}
variable "k8s_allowed_egress_ips" {
type = "list"
}
variable "supplementary_master_groups" {
default = ""
}

6
contrib/terraform/openstack/modules/ips/main.tf
View File

@ -10,6 +10,12 @@ resource "openstack_networking_floatingip_v2" "k8s_master" {
depends_on = ["null_resource.dummy_dependency"]
}
resource "openstack_networking_floatingip_v2" "k8s_master_no_etcd" {
count = "${var.number_of_k8s_masters_no_etcd}"
pool = "${var.floatingip_pool}"
depends_on = ["null_resource.dummy_dependency"]
}
resource "openstack_networking_floatingip_v2" "k8s_node" {
count = "${var.number_of_k8s_nodes}"
pool = "${var.floatingip_pool}"

4
contrib/terraform/openstack/modules/ips/outputs.tf
View File

@ -2,6 +2,10 @@ output "k8s_master_fips" {
value = ["${openstack_networking_floatingip_v2.k8s_master.*.address}"]
}
output "k8s_master_no_etcd_fips" {
value = ["${openstack_networking_floatingip_v2.k8s_master_no_etcd.*.address}"]
}
output "k8s_node_fips" {
value = ["${openstack_networking_floatingip_v2.k8s_node.*.address}"]
}

18
contrib/terraform/openstack/variables.tf
View File

@ -145,6 +145,24 @@ variable "bastion_allowed_remote_ips" {
default = ["0.0.0.0/0"]
}
variable "master_allowed_remote_ips" {
description = "An array of CIDRs allowed to access API of masters"
type = "list"
default = ["0.0.0.0/0"]
}
variable "k8s_allowed_remote_ips" {
description = "An array of CIDRs allowed to SSH to hosts"
type = "list"
default = []
}
variable "k8s_allowed_egress_ips" {
description = "An array of CIDRs allowed for egress traffic"
type = "list"
default = ["0.0.0.0/0"]
}
variable "worker_allowed_ports" {
type = "list"

12
contrib/terraform/packet/kubespray.tf
View File

@ -1,5 +1,7 @@
# Configure the Packet Provider
provider "packet" {}
provider "packet" {
version = "~> 2.0"
}
resource "packet_ssh_key" "k8s" {
count = "${var.public_key_path != "" ? 1 : 0}"
@ -13,7 +15,7 @@ resource "packet_device" "k8s_master" {
count = "${var.number_of_k8s_masters}"
hostname = "${var.cluster_name}-k8s-master-${count.index+1}"
plan = "${var.plan_k8s_masters}"
facility = "${var.facility}"
facilities = ["${var.facility}"]
operating_system = "${var.operating_system}"
billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}"
@ -26,7 +28,7 @@ resource "packet_device" "k8s_master_no_etcd" {
count = "${var.number_of_k8s_masters_no_etcd}"
hostname = "${var.cluster_name}-k8s-master-${count.index+1}"
plan = "${var.plan_k8s_masters_no_etcd}"
facility = "${var.facility}"
facilities = ["${var.facility}"]
operating_system = "${var.operating_system}"
billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}"
@ -39,7 +41,7 @@ resource "packet_device" "k8s_etcd" {
count = "${var.number_of_etcd}"
hostname = "${var.cluster_name}-etcd-${count.index+1}"
plan = "${var.plan_etcd}"
facility = "${var.facility}"
facilities = ["${var.facility}"]
operating_system = "${var.operating_system}"
billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}"
@ -52,7 +54,7 @@ resource "packet_device" "k8s_node" {
count = "${var.number_of_k8s_nodes}"
hostname = "${var.cluster_name}-k8s-node-${count.index+1}"
plan = "${var.plan_k8s_nodes}"
facility = "${var.facility}"
facilities = ["${var.facility}"]
operating_system = "${var.operating_system}"
billing_cycle = "${var.billing_cycle}"
project_id = "${var.packet_project_id}"

435
contrib/terraform/terraform.py
View File

@ -149,75 +149,6 @@ def parse_bool(string_form):
raise ValueError('could not convert %r to a bool' % string_form)
@parses('triton_machine')
@calculate_mantl_vars
def triton_machine(resource, module_name):
raw_attrs = resource['primary']['attributes']
name = raw_attrs.get('name')
groups = []
attrs = {
'id': raw_attrs['id'],
'dataset': raw_attrs['dataset'],
'disk': raw_attrs['disk'],
'firewall_enabled': parse_bool(raw_attrs['firewall_enabled']),
'image': raw_attrs['image'],
'ips': parse_list(raw_attrs, 'ips'),
'memory': raw_attrs['memory'],
'name': raw_attrs['name'],
'networks': parse_list(raw_attrs, 'networks'),
'package': raw_attrs['package'],
'primary_ip': raw_attrs['primaryip'],
'root_authorized_keys': raw_attrs['root_authorized_keys'],
'state': raw_attrs['state'],
'tags': parse_dict(raw_attrs, 'tags'),
'type': raw_attrs['type'],
'user_data': raw_attrs['user_data'],
'user_script': raw_attrs['user_script'],
# ansible
'ansible_ssh_host': raw_attrs['primaryip'],
'ansible_ssh_port': 22,
'ansible_ssh_user': 'root', # it's "root" on Triton by default
# generic
'public_ipv4': raw_attrs['primaryip'],
'provider': 'triton',
}
# private IPv4
for ip in attrs['ips']:
if ip.startswith('10') or ip.startswith('192.168'): # private IPs
attrs['private_ipv4'] = ip
break
if 'private_ipv4' not in attrs:
attrs['private_ipv4'] = attrs['public_ipv4']
# attrs specific to Mantl
attrs.update({
'consul_dc': _clean_dc(attrs['tags'].get('dc', 'none')),
'role': attrs['tags'].get('role', 'none'),
'ansible_python_interpreter': attrs['tags'].get('python_bin', 'python')
})
# add groups based on attrs
groups.append('triton_image=' + attrs['image'])
groups.append('triton_package=' + attrs['package'])
groups.append('triton_state=' + attrs['state'])
groups.append('triton_firewall_enabled=%s' % attrs['firewall_enabled'])
groups.extend('triton_tags_%s=%s' % item
for item in attrs['tags'].items())
groups.extend('triton_network=' + network
for network in attrs['networks'])
# groups specific to Mantl
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('packet_device')
def packet_device(resource, tfvars=None):
raw_attrs = resource['primary']['attributes']
@ -226,7 +157,7 @@ def packet_device(resource, tfvars=None):
attrs = {
'id': raw_attrs['id'],
'facility': raw_attrs['facility'],
'facilities': parse_list(raw_attrs, 'facilities'),
'hostname': raw_attrs['hostname'],
'operating_system': raw_attrs['operating_system'],
'locked': parse_bool(raw_attrs['locked']),
@ -247,7 +178,6 @@ def packet_device(resource, tfvars=None):
}
# add groups based on attrs
groups.append('packet_facility=' + attrs['facility'])
groups.append('packet_operating_system=' + attrs['operating_system'])
groups.append('packet_locked=%s' % attrs['locked'])
groups.append('packet_state=' + attrs['state'])
@ -259,94 +189,6 @@ def packet_device(resource, tfvars=None):
return name, attrs, groups
@parses('digitalocean_droplet')
@calculate_mantl_vars
def digitalocean_host(resource, tfvars=None):
raw_attrs = resource['primary']['attributes']
name = raw_attrs['name']
groups = []
attrs = {
'id': raw_attrs['id'],
'image': raw_attrs['image'],
'ipv4_address': raw_attrs['ipv4_address'],
'locked': parse_bool(raw_attrs['locked']),
'metadata': json.loads(raw_attrs.get('user_data', '{}')),
'region': raw_attrs['region'],
'size': raw_attrs['size'],
'ssh_keys': parse_list(raw_attrs, 'ssh_keys'),
'status': raw_attrs['status'],
# ansible
'ansible_ssh_host': raw_attrs['ipv4_address'],
'ansible_ssh_port': 22,
'ansible_ssh_user': 'root', # it's always "root" on DO
# generic
'public_ipv4': raw_attrs['ipv4_address'],
'private_ipv4': raw_attrs.get('ipv4_address_private',
raw_attrs['ipv4_address']),
'provider': 'digitalocean',
}
# attrs specific to Mantl
attrs.update({
'consul_dc': _clean_dc(attrs['metadata'].get('dc', attrs['region'])),
'role': attrs['metadata'].get('role', 'none'),
'ansible_python_interpreter': attrs['metadata'].get('python_bin','python')
})
# add groups based on attrs
groups.append('do_image=' + attrs['image'])
groups.append('do_locked=%s' % attrs['locked'])
groups.append('do_region=' + attrs['region'])
groups.append('do_size=' + attrs['size'])
groups.append('do_status=' + attrs['status'])
groups.extend('do_metadata_%s=%s' % item
for item in attrs['metadata'].items())
# groups specific to Mantl
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('softlayer_virtualserver')
@calculate_mantl_vars
def softlayer_host(resource, module_name):
raw_attrs = resource['primary']['attributes']
name = raw_attrs['name']
groups = []
attrs = {
'id': raw_attrs['id'],
'image': raw_attrs['image'],
'ipv4_address': raw_attrs['ipv4_address'],
'metadata': json.loads(raw_attrs.get('user_data', '{}')),
'region': raw_attrs['region'],
'ram': raw_attrs['ram'],
'cpu': raw_attrs['cpu'],
'ssh_keys': parse_list(raw_attrs, 'ssh_keys'),
'public_ipv4': raw_attrs['ipv4_address'],
'private_ipv4': raw_attrs['ipv4_address_private'],
'ansible_ssh_host': raw_attrs['ipv4_address'],
'ansible_ssh_port': 22,
'ansible_ssh_user': 'root',
'provider': 'softlayer',
}
# attrs specific to Mantl
attrs.update({
'consul_dc': _clean_dc(attrs['metadata'].get('dc', attrs['region'])),
'role': attrs['metadata'].get('role', 'none'),
'ansible_python_interpreter': attrs['metadata'].get('python_bin','python')
})
# groups specific to Mantl
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
def openstack_floating_ips(resource):
raw_attrs = resource['primary']['attributes']
attrs = {
@ -444,281 +286,6 @@ def openstack_host(resource, module_name):
return name, attrs, groups
@parses('aws_instance')
@calculate_mantl_vars
def aws_host(resource, module_name):
name = resource['primary']['attributes']['tags.Name']
raw_attrs = resource['primary']['attributes']
groups = []
attrs = {
'ami': raw_attrs['ami'],
'availability_zone': raw_attrs['availability_zone'],
'ebs_block_device': parse_attr_list(raw_attrs, 'ebs_block_device'),
'ebs_optimized': parse_bool(raw_attrs['ebs_optimized']),
'ephemeral_block_device': parse_attr_list(raw_attrs,
'ephemeral_block_device'),
'id': raw_attrs['id'],
'key_name': raw_attrs['key_name'],
'private': parse_dict(raw_attrs, 'private',
sep='_'),
'public': parse_dict(raw_attrs, 'public',
sep='_'),
'root_block_device': parse_attr_list(raw_attrs, 'root_block_device'),
'security_groups': parse_list(raw_attrs, 'security_groups'),
'subnet': parse_dict(raw_attrs, 'subnet',
sep='_'),
'tags': parse_dict(raw_attrs, 'tags'),
'tenancy': raw_attrs['tenancy'],
'vpc_security_group_ids': parse_list(raw_attrs,
'vpc_security_group_ids'),
# ansible-specific
'ansible_ssh_port': 22,
'ansible_ssh_host': raw_attrs['public_ip'],
# generic
'public_ipv4': raw_attrs['public_ip'],
'private_ipv4': raw_attrs['private_ip'],
'provider': 'aws',
}
# attrs specific to Ansible
if 'tags.sshUser' in raw_attrs:
attrs['ansible_ssh_user'] = raw_attrs['tags.sshUser']
if 'tags.sshPrivateIp' in raw_attrs:
attrs['ansible_ssh_host'] = raw_attrs['private_ip']
# attrs specific to Mantl
attrs.update({
'consul_dc': _clean_dc(attrs['tags'].get('dc', module_name)),
'role': attrs['tags'].get('role', 'none'),
'ansible_python_interpreter': attrs['tags'].get('python_bin','python')
})
# groups specific to Mantl
groups.extend(['aws_ami=' + attrs['ami'],
'aws_az=' + attrs['availability_zone'],
'aws_key_name=' + attrs['key_name'],
'aws_tenancy=' + attrs['tenancy']])
groups.extend('aws_tag_%s=%s' % item for item in attrs['tags'].items())
groups.extend('aws_vpc_security_group=' + group
for group in attrs['vpc_security_group_ids'])
groups.extend('aws_subnet_%s=%s' % subnet
for subnet in attrs['subnet'].items())
# groups specific to Mantl
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('google_compute_instance')
@calculate_mantl_vars
def gce_host(resource, module_name):
name = resource['primary']['id']
raw_attrs = resource['primary']['attributes']
groups = []
# network interfaces
interfaces = parse_attr_list(raw_attrs, 'network_interface')
for interface in interfaces:
interface['access_config'] = parse_attr_list(interface,
'access_config')
for key in interface.keys():
if '.' in key:
del interface[key]
# general attrs
attrs = {
'can_ip_forward': raw_attrs['can_ip_forward'] == 'true',
'disks': parse_attr_list(raw_attrs, 'disk'),
'machine_type': raw_attrs['machine_type'],
'metadata': parse_dict(raw_attrs, 'metadata'),
'network': parse_attr_list(raw_attrs, 'network'),
'network_interface': interfaces,
'self_link': raw_attrs['self_link'],
'service_account': parse_attr_list(raw_attrs, 'service_account'),
'tags': parse_list(raw_attrs, 'tags'),
'zone': raw_attrs['zone'],
# ansible
'ansible_ssh_port': 22,
'provider': 'gce',
}
# attrs specific to Ansible
if 'metadata.ssh_user' in raw_attrs:
attrs['ansible_ssh_user'] = raw_attrs['metadata.ssh_user']
# attrs specific to Mantl
attrs.update({
'consul_dc': _clean_dc(attrs['metadata'].get('dc', module_name)),
'role': attrs['metadata'].get('role', 'none'),
'ansible_python_interpreter': attrs['metadata'].get('python_bin','python')
})
try:
attrs.update({
'ansible_ssh_host': interfaces[0]['access_config'][0]['nat_ip'] or interfaces[0]['access_config'][0]['assigned_nat_ip'],
'public_ipv4': interfaces[0]['access_config'][0]['nat_ip'] or interfaces[0]['access_config'][0]['assigned_nat_ip'],
'private_ipv4': interfaces[0]['address'],
'publicly_routable': True,
})
except (KeyError, ValueError):
attrs.update({'ansible_ssh_host': '', 'publicly_routable': False})
# add groups based on attrs
groups.extend('gce_image=' + disk['image'] for disk in attrs['disks'])
groups.append('gce_machine_type=' + attrs['machine_type'])
groups.extend('gce_metadata_%s=%s' % (key, value)
for (key, value) in attrs['metadata'].items()
if key not in set(['sshKeys']))
groups.extend('gce_tag=' + tag for tag in attrs['tags'])
groups.append('gce_zone=' + attrs['zone'])
if attrs['can_ip_forward']:
groups.append('gce_ip_forward')
if attrs['publicly_routable']:
groups.append('gce_publicly_routable')
# groups specific to Mantl
groups.append('role=' + attrs['metadata'].get('role', 'none'))
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('vsphere_virtual_machine')
@calculate_mantl_vars
def vsphere_host(resource, module_name):
raw_attrs = resource['primary']['attributes']
network_attrs = parse_dict(raw_attrs, 'network_interface')
network = parse_dict(network_attrs, '0')
ip_address = network.get('ipv4_address', network['ip_address'])
name = raw_attrs['name']
groups = []
attrs = {
'id': raw_attrs['id'],
'ip_address': ip_address,
'private_ipv4': ip_address,
'public_ipv4': ip_address,
'metadata': parse_dict(raw_attrs, 'custom_configuration_parameters'),
'ansible_ssh_port': 22,
'provider': 'vsphere',
}
try:
attrs.update({
'ansible_ssh_host': ip_address,
})
except (KeyError, ValueError):
attrs.update({'ansible_ssh_host': '', })
attrs.update({
'consul_dc': _clean_dc(attrs['metadata'].get('consul_dc', module_name)),
'role': attrs['metadata'].get('role', 'none'),
'ansible_python_interpreter': attrs['metadata'].get('python_bin','python')
})
# attrs specific to Ansible
if 'ssh_user' in attrs['metadata']:
attrs['ansible_ssh_user'] = attrs['metadata']['ssh_user']
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('azure_instance')
@calculate_mantl_vars
def azure_host(resource, module_name):
name = resource['primary']['attributes']['name']
raw_attrs = resource['primary']['attributes']
groups = []
attrs = {
'automatic_updates': raw_attrs['automatic_updates'],
'description': raw_attrs['description'],
'hosted_service_name': raw_attrs['hosted_service_name'],
'id': raw_attrs['id'],
'image': raw_attrs['image'],
'ip_address': raw_attrs['ip_address'],
'location': raw_attrs['location'],
'name': raw_attrs['name'],
'reverse_dns': raw_attrs['reverse_dns'],
'security_group': raw_attrs['security_group'],
'size': raw_attrs['size'],
'ssh_key_thumbprint': raw_attrs['ssh_key_thumbprint'],
'subnet': raw_attrs['subnet'],
'username': raw_attrs['username'],
'vip_address': raw_attrs['vip_address'],
'virtual_network': raw_attrs['virtual_network'],
'endpoint': parse_attr_list(raw_attrs, 'endpoint'),
# ansible
'ansible_ssh_port': 22,
'ansible_ssh_user': raw_attrs['username'],
'ansible_ssh_host': raw_attrs['vip_address'],
}
# attrs specific to mantl
attrs.update({
'consul_dc': attrs['location'].lower().replace(" ", "-"),
'role': attrs['description']
})
# groups specific to mantl
groups.extend(['azure_image=' + attrs['image'],
'azure_location=' + attrs['location'].lower().replace(" ", "-"),
'azure_username=' + attrs['username'],
'azure_security_group=' + attrs['security_group']])
# groups specific to mantl
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
@parses('clc_server')
@calculate_mantl_vars
def clc_server(resource, module_name):
raw_attrs = resource['primary']['attributes']
name = raw_attrs.get('id')
groups = []
md = parse_dict(raw_attrs, 'metadata')
attrs = {
'metadata': md,
'ansible_ssh_port': md.get('ssh_port', 22),
'ansible_ssh_user': md.get('ssh_user', 'root'),
'provider': 'clc',
'publicly_routable': False,
}
try:
attrs.update({
'public_ipv4': raw_attrs['public_ip_address'],
'private_ipv4': raw_attrs['private_ip_address'],
'ansible_ssh_host': raw_attrs['public_ip_address'],
'publicly_routable': True,
})
except (KeyError, ValueError):
attrs.update({
'ansible_ssh_host': raw_attrs['private_ip_address'],
'private_ipv4': raw_attrs['private_ip_address'],
})
attrs.update({
'consul_dc': _clean_dc(attrs['metadata'].get('dc', module_name)),
'role': attrs['metadata'].get('role', 'none'),
})
groups.append('role=' + attrs['role'])
groups.append('dc=' + attrs['consul_dc'])
return name, attrs, groups
def iter_host_ips(hosts, ips):
'''Update hosts that have an entry in the floating IP list'''
for host in hosts:

2
contrib/vault/roles/vault/tasks/shared/check_vault.yml
View File

@ -1,7 +1,7 @@
---
# Stop temporary Vault if it's running (can linger if playbook fails out)
- name: stop vault-temp container
shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
shell: docker stop {{ vault_temp_container_name }}
failed_when: false
register: vault_temp_stop
changed_when: vault_temp_stop is succeeded

22
contrib/vault/roles/vault/tasks/shared/sync_file.yml
View File

@ -5,17 +5,19 @@
set_fact:
sync_file_dir: "{{ sync_file_path | dirname }}"
sync_file: "{{ sync_file_path | basename }}"
when: sync_file_path is defined and sync_file_path != ''
when:
- sync_file_path is defined
- sync_file_path
- name: "sync_file | Set fact for sync_file_path when undefined"
set_fact:
sync_file_path: "{{ (sync_file_dir, sync_file)|join('/') }}"
when: sync_file_path is not defined or sync_file_path == ''
when: sync_file_path is not defined or not sync_file_path
- name: "sync_file | Set fact for key path name"
set_fact:
sync_file_key_path: "{{ sync_file_path.rsplit('.', 1)|first + '-key.' + sync_file_path.rsplit('.', 1)|last }}"
when: sync_file_key_path is not defined or sync_file_key_path == ''
when: sync_file_key_path is not defined or not sync_file_key_path
- name: "sync_file | Check if {{sync_file_path}} file exists"
stat:
@ -46,17 +48,17 @@
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
set_fact:
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
when: >-
sync_file_srcs|d([])|length > 1 and
inventory_hostname != sync_file_srcs|first
when:
- sync_file_srcs|d([])|length > 1
- inventory_hostname != sync_file_srcs|first
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
set_fact:
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
when: >-
sync_file_is_cert|d() and
sync_file_key_srcs|d([])|length > 1 and
inventory_hostname != sync_file_key_srcs|first
when:
- sync_file_is_cert|d()
- sync_file_key_srcs|d([])|length > 1
- inventory_hostname != sync_file_key_srcs|first
- name: "sync_file | Consolidate file and key sources"
set_fact:

45
contrib/vault/roles/vault/templates/rkt.service.j2
View File

@ -1,45 +0,0 @@
[Unit]
Description=hashicorp vault on rkt
Documentation=https://github.com/hashicorp/vault
Wants=network.target
[Service]
User=root
Restart=on-failure
RestartSec=10s
TimeoutStartSec=5
LimitNOFILE=40000
# Container has the following internal mount points:
# /vault/file/ # File backend storage location
# /vault/logs/ # Log files
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/vault.uuid
ExecStart=/usr/bin/rkt run \
--insecure-options=image \
--volume hosts,kind=host,source=/etc/hosts,readOnly=true \
--mount volume=hosts,target=/etc/hosts \
--volume=volume-vault-file,kind=host,source=/var/lib/vault \
--volume=volume-vault-logs,kind=host,source={{ vault_log_dir }} \
--volume=vault-cert-dir,kind=host,source={{ vault_cert_dir }} \
--mount=volume=vault-cert-dir,target={{ vault_cert_dir }} \
--volume=vault-conf-dir,kind=host,source={{ vault_config_dir }} \
--mount=volume=vault-conf-dir,target={{ vault_config_dir }} \
--volume=vault-secrets-dir,kind=host,source={{ vault_secrets_dir }} \
--mount=volume=vault-secrets-dir,target={{ vault_secrets_dir }} \
--volume=vault-roles-dir,kind=host,source={{ vault_roles_dir }} \
--mount=volume=vault-roles-dir,target={{ vault_roles_dir }} \
--volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }} \
--mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
docker://{{ vault_image_repo }}:{{ vault_image_tag }} \
--uuid-file-save=/var/run/vault.uuid \
--name={{ vault_container_name }} \
--net=host \
--caps-retain=CAP_IPC_LOCK \
--exec vault -- \
server \
--config={{ vault_config_dir }}/config.json
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/vault.uuid
[Install]
WantedBy=multi-user.target

2
contrib/vault/vault.md
View File

@ -93,6 +93,6 @@ Potential Work
- Change the Vault role to not run certain tasks when ``root_token`` and
``unseal_keys`` are not present. Alternatively, allow user input for these
values when missing.
- Add the ability to start temp Vault with Host, Rkt, or Docker
- Add the ability to start temp Vault with Host or Docker
- Add a dynamic way to change out the backend role creation during Bootstrap,
so other services can be used (such as Consul)

1
docs/_sidebar.md
View File

@ -20,6 +20,7 @@
* [AWS](docs/aws.md)
* [Azure](docs/azure.md)
* [OpenStack](/docs/openstack.md)
* [Packet](/docs/packet.md)
* [vSphere](/docs/vsphere.md)
* Operating Systems
* [Atomic](docs/atomic.md)

17
docs/ansible.md
View File

@ -35,12 +35,12 @@ Below is a complete inventory example:
```
## Configure 'ip' variable to bind kubernetes services on a
## different ip than the default iface
node1 ansible_ssh_host=95.54.0.12 ip=10.3.0.1
node2 ansible_ssh_host=95.54.0.13 ip=10.3.0.2
node3 ansible_ssh_host=95.54.0.14 ip=10.3.0.3
node4 ansible_ssh_host=95.54.0.15 ip=10.3.0.4
node5 ansible_ssh_host=95.54.0.16 ip=10.3.0.5
node6 ansible_ssh_host=95.54.0.17 ip=10.3.0.6
node1 ansible_host=95.54.0.12 ip=10.3.0.1
node2 ansible_host=95.54.0.13 ip=10.3.0.2
node3 ansible_host=95.54.0.14 ip=10.3.0.3
node4 ansible_host=95.54.0.15 ip=10.3.0.4
node5 ansible_host=95.54.0.16 ip=10.3.0.5
node6 ansible_host=95.54.0.17 ip=10.3.0.6
[kube-master]
node1
@ -70,7 +70,7 @@ The group variables to control main deployment options are located in the direct
Optional variables are located in the `inventory/sample/group_vars/all.yml`.
Mandatory variables that are common for at least one role (or a node group) can be found in the
`inventory/sample/group_vars/k8s-cluster.yml`.
There are also role vars for docker, rkt, kubernetes preinstall and master roles.
There are also role vars for docker, kubernetes preinstall and master roles.
According to the [ansible docs](http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable),
those cannot be overridden from the group vars. In order to override, one should use
the `-e ` runtime flags (most simple way) or other layers described in the docs.
@ -175,7 +175,8 @@ simply add a line to your inventory, where you have to replace x.x.x.x with the
bastion host.
```
bastion ansible_ssh_host=x.x.x.x
[bastion]
bastion ansible_host=x.x.x.x
```
For more information about Ansible and bastion hosts, read

16
docs/arch.md Normal file
View File

@ -0,0 +1,16 @@
## Architecture compatibility
The following table shows the impact of the CPU architecture on compatible features:
- amd64: Cluster using only x86/amd64 CPUs
- arm64: Cluster using only arm64 CPUs
- amd64 + arm64: Cluster with a mix of x86/amd64 and arm64 CPUs
| kube_network_plugin | amd64 | arm64 | amd64 + arm64 |
| ------------------- | ----- | ----- | ------------- |
| Calico | Y | Y | Y |
| Weave | Y | Y | Y |
| Flannel | Y | N | N |
| Canal | Y | N | N |
| Cilium | Y | N | N |
| Contib | Y | N | N |
| kube-router | Y | N | N |

19
docs/azure.md
View File

@ -51,6 +51,25 @@ This is the AppId from the last command
azure\_aad\_client\_id must be set to the AppId, azure\_aad\_client\_secret is your choosen secret.
#### azure\_loadbalancer\_sku
Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
#### azure\_exclude\_master\_from\_standard\_lb
azure\_exclude\_master\_from\_standard\_lb excludes master nodes from `standard` load balancer.
#### azure\_disable\_outbound\_snat
azure\_disable\_outbound\_snat disables the outbound SNAT for public load balancer rules. It should only be set when azure\_exclude\_master\_from\_standard\_lb is `standard`.
#### azure\_primary\_availability\_set\_name
(Optional) The name of the availability set that should be used as the load balancer backend .If this is set, the Azure
cloudprovider will only add nodes from that availability set to the load balancer backend pool. If this is not set, and
multiple agent pools (availability sets) are used, then the cloudprovider will try to add all nodes to a single backend
pool which is forbidden. In other words, if you use multiple agent pools (availability sets), you MUST set this field.
#### azure\_use\_instance\_metadata
Use instance metadata service where possible
## Provisioning Azure with Resource Group Templates
You'll find Resource Group Templates and scripts to provision the required infrastructure to Azure in [*contrib/azurerm*](../contrib/azurerm/README.md)

10
docs/cni.md Normal file
View File

@ -0,0 +1,10 @@
CNI
==============
This network plugin only unpacks CNI plugins version `cni_version` into `/opt/cni/bin` and instructs kubelet to use cni, that is adds following cli params:
`KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"`
It's intended usage is for custom CNI configuration, e.g. manual routing tables + bridge + loopback CNI plugin outside kubespray scope. Furthermore, it's used for non-kubespray supported CNI plugins which you can install afterward.
You are required to fill `/etc/cni/net.d` with valid CNI configuration after using kubespray.

14
docs/getting-started.md
View File

@ -6,7 +6,7 @@ Building your own inventory
Ansible inventory can be stored in 3 formats: YAML, JSON, or INI-like. There is
an example inventory located
[here](https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/hosts.ini).
[here](https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/inventory.ini).
You can use an
[inventory generator](https://github.com/kubernetes-sigs/kubespray/blob/master/contrib/inventory_builder/inventory.py)
@ -20,7 +20,9 @@ Example inventory generator usage:
cp -r inventory/sample inventory/mycluster
declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
CONFIG_FILE=inventory/mycluster/hosts.ini python3 contrib/inventory_builder/inventory.py ${IPS[@]}
CONFIG_FILE=inventory/mycluster/hosts.yml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
Then use `inventory/mycluster/hosts.yml` as inventory file.
Starting custom deployment
--------------------------
@ -30,7 +32,7 @@ and start the deployment:
**IMPORTANT**: Edit my\_inventory/groups\_vars/\*.yaml to override data vars:
ansible-playbook -i inventory/mycluster/hosts.ini cluster.yml -b -v \
ansible-playbook -i inventory/mycluster/hosts.yml cluster.yml -b -v \
--private-key=~/.ssh/private_key
See more details in the [ansible guide](ansible.md).
@ -43,7 +45,7 @@ You may want to add worker, master or etcd nodes to your existing cluster. This
- Add the new worker node to your inventory in the appropriate group (or utilize a [dynamic inventory](https://docs.ansible.com/ansible/intro_dynamic_inventory.html)).
- Run the ansible-playbook command, substituting `cluster.yml` for `scale.yml`:
ansible-playbook -i inventory/mycluster/hosts.ini scale.yml -b -v \
ansible-playbook -i inventory/mycluster/hosts.yml scale.yml -b -v \
--private-key=~/.ssh/private_key
Remove nodes
@ -53,12 +55,12 @@ You may want to remove **worker** nodes to your existing cluster. This can be do
Add worker nodes to the list under kube-node if you want to delete them (or utilize a [dynamic inventory](https://docs.ansible.com/ansible/intro_dynamic_inventory.html)).
ansible-playbook -i inventory/mycluster/hosts.ini remove-node.yml -b -v \
ansible-playbook -i inventory/mycluster/hosts.yml remove-node.yml -b -v \
--private-key=~/.ssh/private_key
Use `--extra-vars "node=<nodename>,<nodename2>"` to select the node you want to delete.
```
ansible-playbook -i inventory/mycluster/hosts.ini remove-node.yml -b -v \
ansible-playbook -i inventory/mycluster/hosts.yml remove-node.yml -b -v \
--private-key=~/.ssh/private_key \
--extra-vars "node=nodename,nodename2"
```

4
docs/ha-mode.md
View File

@ -24,7 +24,7 @@ where an external LB or virtual IP management is inconvenient. This option is
configured by the variable `loadbalancer_apiserver_localhost` (defaults to
`True`. Or `False`, if there is an external `loadbalancer_apiserver` defined).
You may also define the port the local internal loadbalancer uses by changing,
`nginx_kube_apiserver_port`. This defaults to the value of
`loadbalancer_apiserver_port`. This defaults to the value of
`kube_apiserver_port`. It is also important to note that Kubespray will only
configure kubelet and kube-proxy on non-master nodes to use the local internal
loadbalancer.
@ -114,7 +114,7 @@ Where:
* `ext` - Externally load balanced VIP:port and FQDN, not managed by Kubespray;
* `lc` - localhost;
* `bip` - a custom bind IP or localhost for the default bind IP '0.0.0.0';
* `nsp` - nginx secure port, `nginx_kube_apiserver_port`, defers to `sp`;
* `nsp` - nginx secure port, `loadbalancer_apiserver_port`, defers to `sp`;
* `sp` - secure port, `kube_apiserver_port`;
* `lp` - LB port, `loadbalancer_apiserver.port`, defers to the secure port;
* `ip` - the node IP, defers to the ansible IP;

57
docs/recover-control-plane.md Normal file
View File

@ -0,0 +1,57 @@
Recovering the control plane
============================
To recover from broken nodes in the control plane use the "recover\-control\-plane.yml" playbook.
* Backup what you can
* Provision new nodes to replace the broken ones
* Place the surviving nodes of the control plane first in the "etcd" and "kube-master" groups
* Add the new nodes below the surviving control plane nodes in the "etcd" and "kube-master" groups
Examples of what broken means in this context:
* One or more bare metal node(s) suffer from unrecoverable hardware failure
* One or more node(s) fail during patching or upgrading
* Etcd database corruption
* Other node related failures leaving your control plane degraded or nonfunctional
__Note that you need at least one functional node to be able to recover using this method.__
## If etcd quorum is intact
* Set the etcd member names of the broken node(s) in the variable "old\_etcd\_members", this variable is used to remove the broken nodes from the etcd cluster.
```old_etcd_members=etcd2,etcd3```
* If you reuse identities for your etcd nodes add the inventory names for those nodes to the variable "old\_etcds". This will remove any previously generated certificates for those nodes.
```old_etcds=etcd2.example.com,etcd3.example.com```
* If you would like to remove the broken node objects from the kubernetes cluster add their inventory names to the variable "old\_kube\_masters"
```old_kube_masters=master2.example.com,master3.example.com```
Then run the playbook with ```--limit etcd,kube-master```
When finished you should have a fully working and highly available control plane again.
## If etcd quorum is lost
* If you reuse identities for your etcd nodes add the inventory names for those nodes to the variable "old\_etcds". This will remove any previously generated certificates for those nodes.
```old_etcds=etcd2.example.com,etcd3.example.com```
* If you would like to remove the broken node objects from the kubernetes cluster add their inventory names to the variable "old\_kube\_masters"
```old_kube_masters=master2.example.com,master3.example.com```
Then run the playbook with ```--limit etcd,kube-master```
When finished you should have a fully working and highly available control plane again.
The playbook will attempt to take a snapshot from the first node in the "etcd" group and restore from that. If you would like to restore from an alternate snapshot set the path to that snapshot in the "etcd\_snapshot" variable.
```etcd_snapshot=/tmp/etcd_snapshot```
## Caveats
* The playbook has only been tested on control planes where the etcd and kube-master nodes are the same, the playbook will warn if run on a cluster with separate etcd and kube-master nodes.
* The playbook has only been tested with fairly small etcd databases.
* If your new control plane nodes have new ip addresses you may have to change settings in various places.
* There may be disruptions while running the playbook.
* There are absolutely no guarantees.
If possible try to break a cluster in the same way that your target cluster is broken and test to recover that before trying on the real target cluster.

2
docs/roadmap.md
View File

@ -2,7 +2,7 @@ Kubespray's roadmap
=================
### Self deployment (pull-mode) [#320](https://github.com/kubespray/kubespray/issues/320)
- the playbook would install and configure docker/rkt and the etcd cluster
- the playbook would install and configure docker and the etcd cluster
- the following data would be inserted into etcd: certs,tokens,users,inventory,group_vars.
- a "kubespray" container would be deployed (kubespray-cli, ansible-playbook)
- to be discussed, a way to provide the inventory

30
docs/test_cases.md
View File

@ -1,24 +1,3 @@
Travis CI test matrix
=====================
GCE instances
-------------
Here is the test matrix for the CI gates:
| Network plugin| OS type| GCE region| Nodes layout|
|-------------------------|-------------------------|-------------------------|-------------------------|
| canal| debian-8-kubespray| asia-east1-a| ha-scale|
| calico| debian-8-kubespray| europe-west1-c| default|
| flannel| centos-7| asia-northeast1-c| default|
| calico| centos-7| us-central1-b| ha|
| weave| rhel-7| us-east1-c| default|
| canal| coreos-stable| us-west1-b| ha-scale|
| canal| rhel-7| asia-northeast1-b| separate|
| weave| ubuntu-1604-xenial| europe-west1-d| separate|
| calico| coreos-stable| us-central1-f| separate|
Node Layouts
------------
@ -41,15 +20,6 @@ never actually deployed, but certificates are generated for them.
Note, the canal network plugin deploys flannel as well plus calico policy controller.
Hint: the command
```
bash scripts/gen_matrix.sh
```
will (hopefully) generate the CI test cases from the current ``.travis.yml``.
Gitlab CI test matrix
=====================
GCE instances
-------------

4
docs/vars.md
View File

@ -102,7 +102,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
that correspond to each node.
* *kubelet_deployment_type* - Controls which platform to deploy kubelet on.
Available options are ``host``, ``rkt``, and ``docker``. ``docker`` mode
Available options are ``host`` and ``docker``. ``docker`` mode
is unlikely to work on newer releases. Starting with Kubernetes v1.7
series, this now defaults to ``host``. Before v1.7, the default was Docker.
This is because of cgroup [issues](https://github.com/kubernetes/kubernetes/issues/43704).
@ -113,7 +113,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
* *kubelet_cgroup_driver* - Allows manual override of the
cgroup-driver option for Kubelet. By default autodetection is used
to match Docker configuration.
* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates
* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates
from the kube-apiserver when the certificate expiration approaches.
* *node_labels* - Labels applied to nodes via kubelet --node-labels parameter.
For example, labels can be set in the inventory as variables or more widely in group_vars.

1
index.html
View File

@ -37,6 +37,7 @@
loadSidebar: 'docs/_sidebar.md',
repo: 'https://github.com/kubernetes-sigs/kubespray',
auto2top: true,
logo: '/logo/logo-clear.png'
}
</script>
<script src="//unpkg.com/docsify/lib/docsify.min.js"></script>

9
inventory/sample/group_vars/all/all.yml
View File

@ -21,12 +21,15 @@ bin_dir: /usr/local/bin
## Internal loadbalancers for apiservers
# loadbalancer_apiserver_localhost: true
# valid options are "nginx" or "haproxy"
# loadbalancer_apiserver_type: nginx # valid values "nginx" or "haproxy"
## Local loadbalancer should use this port
## And must be set port 6443
nginx_kube_apiserver_port: 6443
## If nginx_kube_apiserver_healthcheck_port variable defined, enables proxy liveness check.
nginx_kube_apiserver_healthcheck_port: 8081
loadbalancer_apiserver_port: 6443
## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx.
loadbalancer_apiserver_healthcheck_port: 8081
### OTHER OPTIONAL VARIABLES
## For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed

21
inventory/sample/group_vars/k8s-cluster/addons.yml
View File

@ -56,11 +56,30 @@ cephfs_provisioner_enabled: false
# cephfs_provisioner_claim_root: /volumes
# cephfs_provisioner_deterministic_names: true
# RBD provisioner deployment
rbd_provisioner_enabled: false
# rbd_provisioner_namespace: rbd-provisioner
# rbd_provisioner_replicas: 2
# rbd_provisioner_monitors: "172.24.0.1:6789,172.24.0.2:6789,172.24.0.3:6789"
# rbd_provisioner_pool: kube
# rbd_provisioner_admin_id: admin
# rbd_provisioner_secret_name: ceph-secret-admin
# rbd_provisioner_secret: ceph-key-admin
# rbd_provisioner_user_id: kube
# rbd_provisioner_user_secret_name: ceph-secret-user
# rbd_provisioner_user_secret: ceph-key-user
# rbd_provisioner_user_secret_namespace: rbd-provisioner
# rbd_provisioner_fs_type: ext4
# rbd_provisioner_image_format: "2"
# rbd_provisioner_image_features: layering
# rbd_provisioner_storage_class: rbd
# rbd_provisioner_reclaim_policy: Delete
# Nginx ingress controller deployment
ingress_nginx_enabled: false
# ingress_nginx_host_network: false
# ingress_nginx_nodeselector:
# node-role.kubernetes.io/node: ""
# beta.kubernetes.io/os: "linux": ""
# ingress_nginx_tolerations:
# - key: "node-role.kubernetes.io/master"
# operator: "Equal"

10
inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
View File

@ -20,7 +20,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
kube_api_anonymous_auth: true
## Change this to use another Kubernetes version, e.g. a current beta release
kube_version: v1.13.5
kube_version: v1.14.1
# kubernetes image repo define
kube_image_repo: "gcr.io/google-containers"
@ -70,7 +70,7 @@ kube_users:
# kube_oidc_groups_prefix: oidc:
# Choose network plugin (cilium, calico, contiv, weave or flannel)
# Choose network plugin (cilium, calico, contiv, weave or flannel. Use cni for generic cni plugin)
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico
@ -132,7 +132,7 @@ dns_mode: coredns
# Set manual server if using a custom cluster DNS server
# manual_dns_server: 10.x.x.x
# Enable nodelocal dns cache
enable_nodelocaldns: False
enable_nodelocaldns: true
nodelocaldns_ip: 169.254.25.10
# Can be docker_dns, host_resolvconf or none
@ -153,6 +153,10 @@ etcd_deployment_type: docker
kubelet_deployment_type: host
helm_deployment_type: host
# Enable kubeadm experimental control plane
kubeadm_control_plane: false
kubeadm_certificate_key: "{{ lookup('password', credentials_dir + '/kubeadm_certificate_key.creds length=64 chars=hexdigits') | lower }}"
# K8s image pull policy (imagePullPolicy)
k8s_image_pull_policy: IfNotPresent

9
inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
View File

@ -24,3 +24,12 @@
# Advertise Cluster IPs
# calico_advertise_cluster_ips: true
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
# calico_datastore: "etcd"
# Use typha (only with kdd)
# typha_enabled: false
# Number of typha replicas
# typha_replicas: 1

1
logo/LICENSE Normal file
View File

@ -0,0 +1 @@
# The Kubespray logo files are licensed under a choice of either Apache-2.0 or CC-BY-4.0 (Creative Commons Attribution 4.0 International).

4
logo/OWNERS Normal file
View File

@ -0,0 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- thomeced

BIN
logo/logo-clear.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

80
logo/logo-clear.svg Normal file
View File

@ -0,0 +1,80 @@
<svg width="165" height="140" xmlns="http://www.w3.org/2000/svg">
<metadata id="metadata8">image/svg+xml</metadata>
<defs>
<clipPath id="clipPath18" clipPathUnits="userSpaceOnUse">
<path id="path16" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath510" clipPathUnits="userSpaceOnUse">
<path id="path508" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath518" clipPathUnits="userSpaceOnUse">
<path id="path516" d="m80.333,608.499l52.426,0l0,-23.87l-52.426,0l0,23.87z"/>
</clipPath>
<clipPath id="clipPath534" clipPathUnits="userSpaceOnUse">
<path id="path532" d="m724.334,608.499l93.213,0l0,-23.87l-93.213,0l0,23.87z"/>
</clipPath>
</defs>
<g>
<title>background</title>
<rect x="-1" y="-1" width="167" height="142" id="canvas_background" fill="none"/>
</g>
<g>
<title>Layer 1</title>
<g id="svg_2">
<g id="g296" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path298" d="m94.554101,710.072549c1.045,-0.572 2.892,-1.582 3.936,-2.152c0.429,-0.235 1.126,-0.235 1.555,0l3.936,2.152c0.429,0.232 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.431,-0.235 -0.431,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g300" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path302" d="m99.666391,705.922159l0,-4.232c0,-0.491 0.348,-0.698 0.777,-0.461l3.936,2.152c0.43,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.347,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g304" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path306" d="m101.084301,699.754159c1.045,-0.572 2.891,-1.58 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g308" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path310" d="m106.196701,695.603729l0,-4.232c-0.001,-0.489 0.348,-0.696 0.778,-0.461l3.936,2.152c0.429,0.236 0.777,0.822 0.777,1.312l0,4.233c0,0.488 -0.348,0.695 -0.777,0.461c-1.045,-0.572 -2.891,-1.58 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g312" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path314" d="m107.334301,689.222939c1.045,-0.572 2.891,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.232 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g316" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path318" d="m112.446701,685.072549l0,-4.232c-0.001,-0.491 0.348,-0.698 0.778,-0.461l3.936,2.152c0.429,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.348,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g320" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path322" d="m96.160501,689.222939c1.045,-0.572 2.892,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.152c0.429,0.232 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g324" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path326" d="m101.273801,685.072549l0,-4.232c-0.001,-0.491 0.348,-0.698 0.777,-0.461l3.936,2.152c0.43,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.347,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g328" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path330" d="m89.834301,699.754159c1.045,-0.572 2.892,-1.58 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.152c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g332" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path334" d="m94.947601,695.603729l0,-4.232c-0.001,-0.489 0.348,-0.696 0.777,-0.461l3.936,2.152c0.43,0.236 0.777,0.822 0.777,1.312l0,4.233c0,0.488 -0.347,0.695 -0.777,0.461c-1.045,-0.572 -2.891,-1.58 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g336" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path338" d="m84.758211,689.222939c1.045,-0.572 2.891,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.232 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g340" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path342" d="m89.870501,685.072549l0,-4.232c-0.001,-0.491 0.348,-0.698 0.778,-0.461l3.936,2.152c0.429,0.234 0.77699,0.822 0.77699,1.312l0,4.231c0,0.49 -0.348,0.697 -0.77699,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.43001,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g368" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path370" d="m42.914401,682.793249c2.115,1.223 5.543,1.223 7.661,0l12.443,-7.184c0.431,-0.248 0.839,-0.584 1.226,-0.959l14.191,7.756c2.909,1.59 2.909,4.166 0,5.756l-26.639,14.565c-2.907,1.589 -7.622,1.589 -10.529,0l-26.641,-14.565c-2.907,-1.59 -2.907,-4.166 0.001,-5.756c3.812,-2.082 9.198,-5.027 14.463,-7.904c0.429,0.441 0.892,0.824 1.382,1.107l12.442,7.184z" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g372" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path374" d="m81.133211,677.767859c-3.787,-2.07 -9.131,-4.992 -14.363,-7.854c0.051,-0.318 0.078,-0.632 0.078,-0.939l0,-14.369c0,-2.443 -1.713,-5.41 -3.83,-6.631l-12.443,-7.184c-0.403,-0.232 -0.864,-0.406 -1.343,-0.55l-0.001,-14.567c0,-3.314 2.357,-4.711 5.263,-3.121l26.64,14.569c2.907,1.589 5.265,5.566 5.265,8.878l0,28.647c0,3.312 -2.358,4.711 -5.266,3.121" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g376" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path378" d="m30.472001,647.974839c-2.114,1.221 -3.827,4.188 -3.827,6.631l0,14.369c0,0.258 0.029,0.525 0.066,0.793c-5.338,2.918 -10.828,5.92 -14.695,8.035c-2.908,1.59 -5.266,0.192 -5.266,-3.121l0,-28.639c0,-3.314 2.358,-7.289 5.265,-8.879l26.64,-14.57c2.906,-1.59 5.263,-0.191 5.263,3.121l-0.002,14.629c-0.353,0.125 -0.694,0.27 -1.002,0.447l-12.442,7.184z" fill-rule="nonzero" fill="#273945"/>
</g>
<g id="g380" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path382" d="m58.904701,652.707249c-2.338,1.277 -6.203,3.391 -8.982,4.908c-0.465,0.256 -0.908,0.496 -1.299,0.711c-1.123,0.613 -2.942,0.613 -4.065,0l-1.316,-0.719l-8.965,-4.9c-1.123,-0.613 -1.123,-1.607 0,-2.223l9.639,-5.269l0.642,-0.352c1.123,-0.613 2.942,-0.613 4.065,0l0.608,0.332l9.674,5.289c1.122,0.616 1.122,1.61 -0.001,2.223" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g384" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path386" d="m42.517901,662.119339c1.121,0.613 2.031,2.148 2.031,3.426l0,1.273l0,9.785c0,1.28 -0.909,1.81901 -2.031,1.205l-9.735,-5.324l-0.546,-0.299c-1.123,-0.613 -2.032,-2.148 -2.032,-3.427l0,-0.901l0,-10.156c0,-1.279 0.91,-1.818 2.032,-1.205c2.279,1.248 6.008,3.285 8.768,4.795c0.544,0.299 1.064,0.582 1.513,0.828" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g388" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path390" d="m60.914401,672.168249l-0.604,0.33l-9.679,5.293c-1.121,0.613 -2.031,0.076 -2.031,-1.205l0.001,-9.752l0,-1.303c0,-1.279 0.911,-2.814 2.032,-3.427c0.452,-0.247 0.975,-0.534 1.523,-0.832c2.76,-1.51 6.481,-3.543 8.758,-4.79c1.121,-0.611 2.031,-0.074 2.031,1.207l0,10.133l0,0.92c0,1.28 -0.91,2.813 -2.031,3.426" fill-rule="nonzero" fill="#273945"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 8.1 KiB

BIN
logo/logo-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.2 KiB

83
logo/logo-dark.svg Normal file
View File

@ -0,0 +1,83 @@
<svg width="175" height="195" xmlns="http://www.w3.org/2000/svg">
<metadata id="metadata8">image/svg+xml</metadata>
<defs>
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath18">
<path d="m0,720l1280,0l0,-720l-1280,0l0,720z" id="path16"/>
</clipPath>
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath510">
<path d="m0,720l1280,0l0,-720l-1280,0l0,720z" id="path508"/>
</clipPath>
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath518">
<path d="m80.333,608.499l52.426,0l0,-23.87l-52.426,0l0,23.87z" id="path516"/>
</clipPath>
<clipPath clipPathUnits="userSpaceOnUse" id="clipPath534">
<path d="m724.334,608.499l93.213,0l0,-23.87l-93.213,0l0,23.87z" id="path532"/>
</clipPath>
</defs>
<g>
<title>background</title>
<rect fill="none" id="canvas_background" height="197" width="177" y="-1" x="-1"/>
</g>
<g>
<title>Layer 1</title>
<g id="svg_1">
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g244">
<path fill="#3d647f" fill-rule="nonzero" d="m120.688,602.382294l-43.031,-24.842c-6.374,-3.681 -16.707,-3.681 -23.082,0l-43.033,24.842c-6.375,3.68 -11.542,12.631 -11.542,19.992l0,49.688c0,7.358 5.167,16.312 11.542,19.992l43.033,24.843c6.375,3.682 16.708,3.682 23.082,0l43.031,-24.843c6.374,-3.68 11.541,-12.634 11.541,-19.992l0,-49.688c0,-7.361 -5.167,-16.312 -11.541,-19.992" id="path246"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g248">
<path fill="#ffffff" fill-rule="nonzero" d="m99.737805,687.627411c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.126,-0.235 1.555,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.431,-0.235 -0.431,-0.616 0,-0.85" id="path250"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g252">
<path fill="#ffffff" fill-rule="nonzero" d="m104.850095,683.477509l0,-4.232c0,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" id="path254"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g256">
<path fill="#ffffff" fill-rule="nonzero" d="m106.268094,677.309601c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" id="path258"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g260">
<path fill="#ffffff" fill-rule="nonzero" d="m111.380399,673.159698l0,-4.232c-0.001,-0.49 0.348,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" id="path262"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g264">
<path fill="#ffffff" fill-rule="nonzero" d="m112.518094,666.777802c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" id="path266"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g268">
<path fill="#ffffff" fill-rule="nonzero" d="m117.630399,662.627899l0,-4.232c-0.001,-0.49 0.348,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" id="path270"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g272">
<path fill="#ffffff" fill-rule="nonzero" d="m101.344205,666.777802c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" id="path274"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g276">
<path fill="#ffffff" fill-rule="nonzero" d="m106.457501,662.627899l0,-4.232c-0.001,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" id="path278"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g280">
<path fill="#ffffff" fill-rule="nonzero" d="m95.018094,677.309601c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" id="path282"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g284">
<path fill="#ffffff" fill-rule="nonzero" d="m100.131299,673.159698l0,-4.232c-0.001,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" id="path286"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g288">
<path fill="#ffffff" fill-rule="nonzero" d="m89.941891,666.777802c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" id="path290"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g292">
<path fill="#ffffff" fill-rule="nonzero" d="m95.054196,662.627899l0,-4.232c-0.001,-0.49 0.348,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" id="path294"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g344">
<path fill="#ffffff" fill-rule="nonzero" d="m48.098096,660.348114c2.115,1.223 5.543,1.223 7.661,0l12.443,-7.183c0.431,-0.249 0.839,-0.585 1.226,-0.96l14.191,7.757c2.909,1.589 2.909,4.166 0,5.756l-26.639,14.565c-2.907,1.59 -7.622,1.59 -10.529,0l-26.641,-14.565c-2.907,-1.59 -2.907,-4.166 0.001,-5.755c3.812,-2.084 9.198,-5.028 14.463,-7.905c0.429,0.441 0.892,0.825 1.382,1.107l12.442,7.183z" id="path346"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g348">
<path fill="#ffffff" fill-rule="nonzero" d="m86.316891,655.3237c-3.787,-2.071 -9.131,-4.993 -14.363,-7.854c0.051,-0.319 0.078,-0.633 0.078,-0.94l0,-14.368c0,-2.444 -1.713,-5.411 -3.83,-6.632l-12.443,-7.183c-0.403,-0.233 -0.864,-0.407 -1.343,-0.551l-0.001,-14.567c0,-3.313 2.357,-4.711 5.263,-3.121l26.64,14.57c2.907,1.589 5.265,5.565 5.265,8.878l0,28.646c0,3.314 -2.358,4.711 -5.266,3.122" id="path350"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g352">
<path fill="#ffffff" fill-rule="nonzero" d="m35.655797,625.529785c-2.114,1.221 -3.827,4.188 -3.827,6.632l0,14.368c0,0.259 0.029,0.526 0.066,0.794c-5.338,2.918 -10.828,5.92 -14.695,8.035c-2.908,1.589 -5.266,0.192 -5.266,-3.122l0,-28.638c0,-3.314 2.358,-7.289 5.265,-8.879l26.64,-14.569c2.906,-1.59 5.263,-0.193 5.263,3.121l-0.002,14.627c-0.353,0.126 -0.694,0.27 -1.002,0.448l-12.442,7.183z" id="path354"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g356">
<path fill="#ffffff" fill-rule="nonzero" d="m64.088399,630.262207c-2.338,1.278 -6.203,3.392 -8.982,4.91c-0.465,0.254 -0.908,0.496 -1.299,0.71c-1.123,0.613 -2.942,0.613 -4.065,0l-1.316,-0.72l-8.965,-4.9c-1.123,-0.613 -1.123,-1.607 0,-2.221l9.639,-5.27l0.642,-0.352c1.123,-0.614 2.942,-0.614 4.065,0l0.608,0.333l9.674,5.289c1.122,0.614 1.122,1.608 -0.001,2.221" id="path358"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g360">
<path fill="#ffffff" fill-rule="nonzero" d="m47.701695,639.674805c1.121,0.614 2.031,2.148 2.031,3.427l0,1.273l0,9.785c0,1.278 -0.909,1.818 -2.031,1.204l-9.735,-5.324l-0.546,-0.299c-1.123,-0.613 -2.032,-2.148 -2.032,-3.427l0,-0.9l0,-10.156c0,-1.279 0.91,-1.819 2.032,-1.205c2.279,1.247 6.008,3.285 8.768,4.795c0.544,0.297 1.064,0.581 1.513,0.827" id="path362"/>
</g>
<g transform="matrix(1.3333333,0,0,-1.3333333,0,960) " id="g364">
<path fill="#ffffff" fill-rule="nonzero" d="m66.098096,649.724609l-0.604,0.33l-9.679,5.293c-1.121,0.613 -2.031,0.075 -2.031,-1.205l0.001,-9.753l0,-1.302c0,-1.279 0.911,-2.814 2.032,-3.428c0.452,-0.247 0.975,-0.533 1.523,-0.833c2.76,-1.508 6.481,-3.542 8.758,-4.788c1.121,-0.612 2.031,-0.074 2.031,1.206l0,10.133l0,0.92c0,1.279 -0.91,2.813 -2.031,3.427" id="path366"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
logo/logo-text-clear.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

107
logo/logo-text-clear.svg Normal file
View File

@ -0,0 +1,107 @@
<svg width="680" height="130" xmlns="http://www.w3.org/2000/svg">
<metadata id="metadata8">image/svg+xml</metadata>
<defs>
<clipPath id="clipPath18" clipPathUnits="userSpaceOnUse">
<path id="path16" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath510" clipPathUnits="userSpaceOnUse">
<path id="path508" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath518" clipPathUnits="userSpaceOnUse">
<path id="path516" d="m80.333,608.499l52.426,0l0,-23.87l-52.426,0l0,23.87z"/>
</clipPath>
<clipPath id="clipPath534" clipPathUnits="userSpaceOnUse">
<path id="path532" d="m724.334,608.499l93.213,0l0,-23.87l-93.213,0l0,23.87z"/>
</clipPath>
</defs>
<g>
<title>background</title>
<rect x="-1" y="-1" width="682" height="132" id="canvas_background" fill="none"/>
</g>
<g>
<title>Layer 1</title>
<g id="svg_5">
<g id="g124" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path126" d="m87.803987,716.822533c1.045,-0.572 2.892,-1.582 3.936,-2.152c0.429,-0.235 1.126,-0.235 1.555,0l3.936,2.152c0.429,0.232 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.431,-0.235 -0.431,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g128" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path130" d="m92.916287,712.672133l0,-4.232c0,-0.491 0.348,-0.698 0.777,-0.461l3.936,2.152c0.43,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.347,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g132" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path134" d="m94.334317,706.504233c1.045,-0.572 2.891,-1.58 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g136" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path138" d="m99.446627,702.353833l0,-4.232c-0.001,-0.489 0.348,-0.696 0.778,-0.461l3.936,2.152c0.429,0.236 0.777,0.822 0.777,1.312l0,4.233c0,0.488 -0.348,0.695 -0.777,0.461c-1.045,-0.572 -2.891,-1.58 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g140" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path142" d="m100.584317,695.972933c1.045,-0.572 2.891,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.232 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g144" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path146" d="m105.696627,691.822533l0,-4.232c-0.001,-0.491 0.348,-0.698 0.778,-0.461l3.936,2.152c0.429,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.348,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g148" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path150" d="m89.410367,695.972933c1.045,-0.572 2.892,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.152c0.429,0.232 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g152" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path154" d="m94.523717,691.822533l0,-4.232c-0.001,-0.491 0.348,-0.698 0.777,-0.461l3.936,2.152c0.43,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.347,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g156" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path158" d="m83.084317,706.504233c1.045,-0.572 2.892,-1.58 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.152c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g160" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path162" d="m88.197477,702.353833l0,-4.232c-0.001,-0.489 0.348,-0.696 0.777,-0.461l3.936,2.152c0.43,0.236 0.777,0.822 0.777,1.312l0,4.233c0,0.488 -0.347,0.695 -0.777,0.461c-1.045,-0.572 -2.891,-1.58 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g164" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path166" d="m78.008087,695.972933c1.045,-0.572 2.891,-1.582 3.936,-2.152c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.152c0.428,0.232 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.618 0,-0.85" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g168" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path170" d="m83.120397,691.822533l0,-4.232c-0.001,-0.491 0.34799,-0.698 0.778,-0.461l3.936,2.152c0.429,0.234 0.777,0.822 0.777,1.312l0,4.231c0,0.49 -0.348,0.697 -0.777,0.463c-1.045,-0.572 -2.891,-1.582 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g220" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path222" d="m36.164277,689.543233c2.115,1.223 5.543,1.223 7.661,0l12.443,-7.184c0.431,-0.248 0.839,-0.584 1.226,-0.959l14.191,7.756c2.909,1.59 2.909,4.166 0,5.756l-26.639,14.565c-2.907,1.589 -7.622,1.589 -10.529,0l-26.641,-14.565c-2.907,-1.59 -2.907,-4.166 0.001,-5.756c3.812,-2.082 9.198,-5.027 14.463,-7.904c0.429,0.441 0.892,0.824 1.382,1.107l12.442,7.184z" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g224" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path226" d="m74.383087,684.517933c-3.787,-2.07 -9.131,-4.992 -14.363,-7.854c0.051,-0.318 0.078,-0.632 0.078,-0.939l0,-14.369c0,-2.443 -1.713,-5.41 -3.83,-6.631l-12.443,-7.184c-0.403,-0.232 -0.864,-0.406 -1.343,-0.55l-0.001,-14.567c0,-3.314 2.357,-4.711 5.263,-3.121l26.64,14.569c2.907,1.589 5.265,5.566 5.265,8.878l0,28.647c0,3.312 -2.358,4.711 -5.266,3.121" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g228" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path230" d="m23.722017,654.724933c-2.114,1.221 -3.827,4.188 -3.827,6.631l0,14.369c0,0.258 0.029,0.525 0.066,0.793c-5.338,2.918 -10.828,5.92 -14.695,8.035c-2.908,1.59 -5.266,0.192 -5.266,-3.121l0,-28.639c0,-3.314 2.358,-7.289 5.265,-8.879l26.64,-14.57c2.906,-1.59 5.263,-0.191 5.263,3.121l-0.002,14.629c-0.353,0.125 -0.694,0.27 -1.002,0.447l-12.442,7.184z" fill-rule="nonzero" fill="#273945"/>
</g>
<g id="g232" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path234" d="m52.154577,659.457333c-2.338,1.277 -6.203,3.391 -8.982,4.908c-0.46501,0.256 -0.908,0.496 -1.299,0.711c-1.123,0.613 -2.942,0.613 -4.06501,0l-1.316,-0.719l-8.965,-4.9c-1.123,-0.613 -1.123,-1.607 0,-2.223l9.639,-5.269l0.642,-0.352c1.12301,-0.613 2.94201,-0.613 4.06501,0l0.60799,0.332l9.674,5.289c1.122,0.616 1.122,1.61 -0.00099,2.223" fill-rule="nonzero" fill="#518db5"/>
</g>
<g id="g236" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path238" d="m35.767917,668.869433c1.121,0.613 2.031,2.148 2.031,3.426l0,1.273l0,9.785c0,1.28 -0.909,1.819 -2.031,1.205l-9.735,-5.324l-0.546,-0.299c-1.123,-0.613 -2.032,-2.148 -2.032,-3.427l0,-0.901l0,-10.156c0,-1.279 0.91,-1.818 2.032,-1.205c2.279,1.248 6.008,3.285 8.768,4.795c0.544,0.299 1.064,0.582 1.513,0.828" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g240" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path242" d="m54.164277,678.918233l-0.604,0.33l-9.679,5.293c-1.121,0.613 -2.031,0.076 -2.031,-1.205l0.001,-9.752l0,-1.303c0,-1.279 0.911,-2.814 2.032,-3.427c0.452,-0.247 0.975,-0.534 1.523,-0.832c2.76,-1.51 6.481,-3.543 8.758,-4.79c1.121,-0.611 2.031,-0.074 2.031,1.207l0,10.133l0,0.92c0,1.28 -0.91,2.813 -2.031,3.426" fill-rule="nonzero" fill="#273945"/>
</g>
<g id="g464" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path466" d="m133.525727,689.519833l4.193,0c1.5,0 2.723,-1.217 2.723,-2.723l0,-13.179c0,-1.504 0.852,-1.854 1.904,-0.78l14.459,14.739c1.049,1.074 3.124,1.943 4.629,1.943l6.516,0c1.504,0 1.861,-0.863 0.803,-1.93l-14.764,-14.83c-1.059,-1.066 -1.218,-2.926 -0.352,-4.154l16.662,-23.59c0.868,-1.228 0.352,-2.223 -1.153,-2.223l-5.85,0c-1.504,0 -3.422,1 -4.287,2.229l-12.158,17.367c-0.861,1.231 -2.425,1.369 -3.489,0.309l-0.994,-0.991c-1.064,-1.06 -1.926,-3.138 -1.926,-4.644l0,-11.545c0,-1.506 -1.223,-2.725 -2.723,-2.725l-4.193,0c-1.502,0 -2.723,1.219 -2.723,2.725l0,41.279c0,1.506 1.221,2.723 2.723,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g468" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path470" d="m179.244417,646.090133c-3.145,2.725 -4.719,6.639 -4.719,11.734l0,28.973c0,1.506 1.221,2.723 2.723,2.723l4.191,0c1.502,0 2.723,-1.217 2.723,-2.723l0,-28.973c0,-2.441 0.673,-4.425 2.023,-5.947c1.354,-1.525 3.646,-2.287 6.88,-2.287c3.058,0 5.316,0.783 6.779,2.352c1.463,1.568 2.19,3.574 2.19,6.015l0,28.84c0,1.506 1.218,2.723 2.724,2.723l4.191,0c1.505,0 2.723,-1.217 2.723,-2.723l0,-28.973c0,-5.009 -1.54,-8.898 -4.619,-11.664c-3.078,-2.771 -7.676,-4.154 -13.788,-4.154c-6.203,0 -10.876,1.361 -14.021,4.084" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g472" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path474" d="m230.939667,650.633133l8.374,0c2.346,0 4.175,0.58 5.481,1.734c1.305,1.155 1.959,2.692 1.959,4.606c0,2.223 -0.73,3.898 -2.193,5.031c-1.46,1.135 -3.3,1.701 -5.513,1.701l-8.108,0c-1.505,0 -2.723,-1.218 -2.723,-2.722l0,-7.627c0,-1.504 1.218,-2.723 2.723,-2.723m12.825,21.504c1.285,0.957 1.926,2.351 1.926,4.18c0,0.839 -0.142,1.589 -0.425,2.25c-0.503,1.17 -2.359,2.574 -3.782,2.939c-0.784,0.201 -1.662,0.303 -2.635,0.303l-7.909,0c-1.505,0 -2.723,-1.219 -2.723,-2.725l0,-5.664c0,-1.504 1.218,-2.723 2.723,-2.723l7.71,0c2.125,0 3.829,0.479 5.115,1.44m-22.462,17.383l18.543,0c2.566,0 4.816,-0.295 6.744,-0.883c1.925,-0.588 3.507,-1.428 4.749,-2.516c2.527,-2.222 3.789,-5.142 3.789,-8.756c0,-2.4 -0.675,-4.369 -2.026,-5.916c-0.81,-0.925 -1.784,-1.709 -2.92,-2.345c-1.313,-0.739 -2.497,-1.129 -2.497,-1.186c0,-0.053 1.197,-0.39 2.535,-1.078c1.521,-0.781 2.81,-1.85 3.877,-3.199c1.616,-2.051 2.429,-4.508 2.429,-7.387c0,-2.223 -0.346,-4.105 -1.033,-5.652c-0.683,-1.549 -1.741,-2.91 -3.157,-4.084c-1.373,-1.176 -3.079,-2.092 -5.116,-2.746c-2.037,-0.655 -4.319,-0.979 -6.845,-0.979l-19.072,0c-1.505,0 -2.722,1.219 -2.722,2.725l0,41.279c0,1.506 1.217,2.723 2.722,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g476" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path478" d="m264.892917,689.519833l29.508,0c1.504,0 2.722,-1.217 2.722,-2.723l0,-2.527c0,-1.504 -1.218,-2.723 -2.722,-2.723l-19.871,0c-1.504,0 -2.723,-1.216 -2.723,-2.722l0,-5.012c0,-1.506 1.219,-2.725 2.723,-2.725l16.748,0c1.506,0 2.722,-1.216 2.722,-2.722l0,-2.33c0,-1.504 -1.216,-2.723 -2.722,-2.723l-16.748,0c-1.504,0 -2.723,-1.217 -2.723,-2.725l0,-7.162c0,-1.506 1.219,-2.722 2.723,-2.722l20.068,0c1.504,0 2.721,-1.219 2.721,-2.725l0,-2.461c0,-1.506 -1.217,-2.725 -2.721,-2.725l-29.705,0c-1.504,0 -2.723,1.219 -2.723,2.725l0,41.279c0,1.506 1.219,2.723 2.723,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g480" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path482" d="m306.392917,645.767933c-2.852,2.168 -4.607,5.09 -5.266,8.764c-0.265,1.478 0.936,2.701 2.442,2.701l3.988,0c1.506,0 2.822,-1.235 3.33,-2.649c0.531,-1.482 1.352,-2.611 2.449,-3.392c1.684,-1.201 4.231,-1.797 7.641,-1.797c1.24,0 2.416,0.105 3.523,0.324c1.108,0.217 2.082,0.569 2.924,1.047c0.842,0.479 1.518,1.102 2.026,1.861c0.509,0.76 0.763,1.686 0.763,2.778c0,1.133 -0.275,2.068 -0.83,2.812c-0.552,0.739 -1.34,1.362 -2.359,1.862c-1.018,0.5 -2.248,0.935 -3.686,1.308c-1.439,0.367 -3.068,0.748 -4.882,1.143c-2.127,0.478 -4.178,1.011 -6.149,1.599c-1.971,0.588 -3.699,1.383 -5.184,2.387c-1.482,1.002 -2.679,2.287 -3.585,3.856c-0.911,1.568 -1.364,3.572 -1.364,6.011c0,2.309 0.453,4.334 1.364,6.08c0.906,1.741 2.169,3.201 3.787,4.377c1.617,1.178 3.529,2.059 5.748,2.649c2.213,0.588 4.652,0.879 7.308,0.879c5.362,0 9.668,-1.241 12.924,-3.725c2.609,-1.988 4.285,-4.707 5.029,-8.15c0.321,-1.471 -0.834,-2.698 -2.336,-2.698l-3.789,0c-1.505,0 -2.793,1.254 -3.42,2.619c-0.5,1.094 -1.242,1.985 -2.23,2.676c-1.682,1.176 -3.766,1.764 -6.244,1.764c-2.615,0 -4.695,-0.5 -6.248,-1.502c-1.551,-1.004 -2.324,-2.332 -2.324,-3.986c0,-0.961 0.211,-1.756 0.63,-2.387c0.42,-0.633 1.063,-1.188 1.928,-1.666c0.867,-0.479 1.936,-0.895 3.223,-1.242c1.285,-0.348 2.81,-0.719 4.586,-1.112c2.435,-0.521 4.726,-1.101 6.875,-1.73c2.15,-0.635 4.031,-1.473 5.648,-2.518c1.617,-1.045 2.891,-2.373 3.823,-3.984c0.929,-1.617 1.394,-3.686 1.394,-6.211c0,-2.352 -0.465,-4.453 -1.394,-6.309c-0.932,-1.849 -2.215,-3.398 -3.854,-4.636c-1.641,-1.241 -3.59,-2.192 -5.848,-2.846c-2.261,-0.648 -4.718,-0.978 -7.377,-0.978c-6.466,0 -11.463,1.339 -14.984,4.021" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g484" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path486" d="m358.320587,667.430033l7.246,0c2.524,0 4.44,0.631 5.744,1.896c1.307,1.262 1.961,2.961 1.961,5.098c0,2.221 -0.666,3.92 -1.992,5.098c-1.33,1.176 -3.189,1.763 -5.58,1.763l-7.379,0c-1.504,0 -2.721,-1.218 -2.721,-2.724l0,-8.408c0,-1.504 1.217,-2.723 2.721,-2.723m-9.969,22.09l18.145,0c2.791,0 5.203,-0.383 7.238,-1.143c2.039,-0.763 3.768,-1.843 5.186,-3.236c1.328,-1.352 2.369,-2.92 3.125,-4.705c0.752,-1.787 1.13,-3.77 1.13,-5.947c0,-2.221 -0.367,-4.239 -1.101,-6.045c-0.731,-1.809 -1.77,-3.358 -3.121,-4.641c-1.354,-1.285 -3.012,-2.289 -4.983,-3.006c-1.972,-0.719 -4.199,-1.08 -6.679,-1.08l-8.971,0c-1.504,0 -2.721,-1.219 -2.721,-2.723l0,-11.476c0,-1.506 -1.218,-2.725 -2.724,-2.725l-4.524,0c-1.502,0 -2.722,1.219 -2.722,2.725l0,41.279c0,1.506 1.22,2.723 2.722,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g488" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path490" d="m400.314667,668.867533l7.51,0c2.658,0 4.627,0.6 5.914,1.799c1.285,1.197 1.926,2.734 1.926,4.605c0,1.918 -0.62,3.498 -1.86,4.739c-1.24,1.242 -3.144,1.861 -5.713,1.861l-7.777,0c-1.504,0 -2.721,-1.217 -2.721,-2.723l0,-7.556c0,-1.506 1.217,-2.725 2.721,-2.725m-9.635,20.652l19.071,0c2.304,0 4.398,-0.316 6.281,-0.949c1.883,-0.631 3.488,-1.514 4.816,-2.646c1.328,-1.133 2.358,-2.494 3.09,-4.084c0.732,-1.59 1.098,-3.368 1.098,-5.327c0,-2.744 -0.688,-5.107 -2.061,-7.089c-0.955,-1.381 -2.316,-2.479 -4.086,-3.297c-1.361,-0.633 -2.558,-0.963 -2.558,-1.016c0,-0.053 1.201,-0.387 2.519,-1.109c0.996,-0.545 1.83,-1.223 2.498,-2.03c1.174,-1.416 1.912,-3.537 2.227,-6.373c0.174,-1.654 0.297,-3.189 0.363,-4.605c0.066,-1.414 0.141,-2.732 0.203,-3.826c0.029,-0.533 0.016,-0.967 0.016,-1.688c0,-1.64 -1.203,-2.687 -2.656,-2.687l-3.125,0c-1.504,0 -2.641,0.047 -3.012,2.719c-0.043,0.316 -0.092,0.65 -0.129,1.005c-0.111,1.004 -0.211,2.112 -0.303,3.334c-0.086,1.217 -0.174,2.461 -0.262,3.723c-0.222,2.574 -1.076,4.541 -2.56,5.914c-1.484,1.373 -3.732,2.059 -6.742,2.059l-5.053,0c-1.504,0 -2.721,-1.219 -2.721,-2.723l0,-13.307c0,-1.505 -1.218,-2.724 -2.724,-2.724l-4.19,0c-1.506,0 -2.724,1.219 -2.724,2.724l0,41.28c0,1.506 1.218,2.722 2.724,2.722" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g492" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path494" d="m445.963227,659.976833l7.113,0c1.504,0 2.358,1.166 1.903,2.598l-3.432,10.867c-0.223,0.609 -0.434,1.33 -0.633,2.158c-0.197,0.826 -0.408,1.611 -0.629,2.352c-0.115,0.439 -0.226,0.886 -0.338,1.338c-0.183,0.742 -0.582,0.767 -0.814,0.021c-0.143,-0.459 -0.266,-0.912 -0.377,-1.359c-0.221,-0.741 -0.432,-1.526 -0.631,-2.352c-0.199,-0.828 -0.41,-1.549 -0.633,-2.158l-3.431,-10.867c-0.453,-1.432 0.398,-2.598 1.902,-2.598m1.396,29.543l4.524,0c1.5,0 3.133,-1.148 3.639,-2.563l14.906,-41.599c0.512,-1.416 -0.297,-2.565 -1.803,-2.565l-4.588,0c-1.5,0 -3.095,1.161 -3.554,2.59l-1.524,4.75c-0.461,1.432 -2.051,2.596 -3.557,2.596l-11.697,0c-1.502,0 -3.086,-1.164 -3.539,-2.602l-1.492,-4.738c-0.447,-1.435 -2.033,-2.596 -3.539,-2.596l-4.32,0c-1.504,0 -2.317,1.149 -1.815,2.565l14.727,41.596c0.504,1.418 2.131,2.566 3.632,2.566" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g496" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path498" d="m480.463227,663.215133l-13.184,23.92c-0.722,1.318 -0.095,2.385 1.411,2.385l5.052,0c1.504,0 3.283,-1.082 3.975,-2.416l5.926,-11.438c0.353,-0.742 0.715,-1.496 1.095,-2.256c0.375,-0.763 0.719,-1.47 1.028,-2.125c0.176,-0.384 0.343,-0.761 0.506,-1.136c0.277,-0.635 0.808,-0.668 1.132,-0.034c0.198,0.385 0.377,0.774 0.559,1.17c0.307,0.655 0.648,1.362 1.027,2.125c0.377,0.76 0.743,1.514 1.098,2.256l5.809,11.426c0.683,1.34 2.453,2.428 3.955,2.428l4.656,0c1.506,0 2.133,-1.067 1.41,-2.385l-13.189,-23.92c-0.723,-1.316 -1.313,-3.605 -1.313,-5.109l0,-12.588c0,-1.506 -1.221,-2.725 -2.724,-2.725l-4.188,0c-1.504,0 -2.723,1.219 -2.723,2.725l0,12.588c0,1.504 -0.588,3.793 -1.318,5.109" fill-rule="nonzero" fill="#3d647f"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
logo/logo-text-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

110
logo/logo-text-dark.svg Normal file
View File

@ -0,0 +1,110 @@
<svg width="720" height="190" xmlns="http://www.w3.org/2000/svg">
<metadata id="metadata8">image/svg+xml</metadata>
<defs>
<clipPath id="clipPath18" clipPathUnits="userSpaceOnUse">
<path id="path16" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath510" clipPathUnits="userSpaceOnUse">
<path id="path508" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath518" clipPathUnits="userSpaceOnUse">
<path id="path516" d="m80.333,608.499l52.426,0l0,-23.87l-52.426,0l0,23.87z"/>
</clipPath>
<clipPath id="clipPath534" clipPathUnits="userSpaceOnUse">
<path id="path532" d="m724.334,608.499l93.213,0l0,-23.87l-93.213,0l0,23.87z"/>
</clipPath>
</defs>
<g>
<title>background</title>
<rect x="-1" y="-1" width="722" height="192" id="canvas_background" fill="none"/>
</g>
<g>
<title>Layer 1</title>
<g id="svg_4">
<g id="g24" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path26" d="m540.000026,586.999012c0,-6.625 -5.373,-11.998 -12,-11.998l-516,0c-6.628,0 -12,5.373 -12,11.998l0,121.001c0,6.628 5.372,12 12,12l516,0c6.627,0 12,-5.372 12,-12l0,-121.001z" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g76" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path78" d="m103.444306,693.579102c1.045,-0.571 2.892,-1.58 3.936,-2.151c0.429,-0.236 1.126,-0.236 1.555,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.431,-0.235 -0.431,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g80" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path82" d="m108.556606,689.428712l0,-4.231c0,-0.49 0.348,-0.697 0.777,-0.462l3.936,2.153c0.43,0.235 0.777,0.821 0.777,1.311l0,4.233c0,0.488 -0.347,0.695 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g84" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path86" d="m109.974636,683.260712c1.045,-0.57 2.891,-1.58 3.936,-2.15c0.429,-0.236 1.127,-0.236 1.555,0l3.937,2.15c0.428,0.234 0.428,0.615 0,0.851l-3.937,2.151c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.151c-0.43,-0.236 -0.43,-0.617 0,-0.851" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g88" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path90" d="m115.086946,679.111302l0,-4.231c-0.001,-0.491 0.348,-0.698 0.778,-0.462l3.936,2.153c0.429,0.234 0.777,0.821 0.777,1.311l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.57 -2.891,-1.58 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g92" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path94" d="m116.224636,672.729492c1.045,-0.571 2.891,-1.58 3.936,-2.151c0.429,-0.236 1.127,-0.236 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g96" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path98" d="m121.336946,668.579102l0,-4.231c-0.001,-0.49 0.348,-0.697 0.778,-0.462l3.936,2.153c0.429,0.235 0.777,0.821 0.777,1.311l0,4.233c0,0.488 -0.348,0.695 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g100" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path102" d="m105.050686,672.729492c1.045,-0.571 2.892,-1.58 3.936,-2.151c0.429,-0.236 1.127,-0.236 1.556,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g104" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path106" d="m110.164036,668.579102l0,-4.231c-0.001,-0.49 0.348,-0.697 0.777,-0.462l3.936,2.153c0.43,0.235 0.777,0.821 0.777,1.311l0,4.233c0,0.488 -0.347,0.695 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.313" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g108" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path110" d="m98.724636,683.260712c1.045,-0.57 2.892,-1.58 3.936,-2.15c0.429,-0.236 1.127,-0.236 1.556,0l3.936,2.15c0.429,0.234 0.429,0.615 0,0.851l-3.936,2.151c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.151c-0.43,-0.236 -0.43,-0.617 0,-0.851" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g112" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path114" d="m103.837796,679.111302l0,-4.231c-0.001,-0.491 0.348,-0.698 0.777,-0.462l3.936,2.153c0.43,0.234 0.777,0.821 0.777,1.311l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.57 -2.891,-1.58 -3.936,-2.152c-0.429,-0.235 -0.777,-0.823 -0.777,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g116" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path118" d="m93.648406,672.729492c1.045,-0.571 2.891,-1.58 3.936,-2.151c0.429,-0.236 1.127,-0.236 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g120" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path122" d="m98.760716,668.579102l0,-4.231c-0.001,-0.49 0.34799,-0.697 0.778,-0.462l3.936,2.153c0.429,0.235 0.777,0.821 0.777,1.311l0,4.233c0,0.488 -0.348,0.695 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.235 -0.778,-0.823 -0.778,-1.313" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g196" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path198" d="m51.804596,666.299802c2.115,1.223 5.543,1.223 7.661,0l12.443,-7.183c0.431,-0.249 0.839,-0.585 1.226,-0.96l14.191,7.757c2.909,1.589 2.909,4.166 0,5.756l-26.639,14.566c-2.907,1.589 -7.622,1.589 -10.529,0l-26.641,-14.566c-2.907,-1.59 -2.907,-4.167 0.001,-5.755c3.812,-2.084 9.198,-5.027 14.463,-7.905c0.429,0.441 0.892,0.825 1.382,1.107l12.442,7.183z" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g200" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path202" d="m90.023406,661.275392c-3.787,-2.071 -9.131,-4.993 -14.363,-7.854c0.051,-0.319 0.078,-0.633 0.078,-0.94l0,-14.367c0,-2.445 -1.713,-5.412 -3.83,-6.633l-12.443,-7.184c-0.403,-0.232 -0.864,-0.406 -1.343,-0.55l-0.001,-14.567c0,-3.314 2.357,-4.711 5.263,-3.121l26.64,14.569c2.907,1.589 5.265,5.566 5.265,8.878l0,28.647c0,3.314 -2.358,4.711 -5.266,3.122" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g204" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path206" d="m39.362336,631.481402c-2.114,1.221 -3.827,4.188 -3.827,6.633l0,14.367c0,0.26 0.029,0.525 0.066,0.793c-5.338,2.92 -10.828,5.921 -14.695,8.035c-2.908,1.59 -5.266,0.193 -5.266,-3.121l0,-28.639c0,-3.312 2.358,-7.289 5.265,-8.879l26.64,-14.568c2.906,-1.59 5.263,-0.193 5.263,3.121l-0.002,14.627c-0.353,0.125 -0.694,0.27 -1.002,0.447l-12.442,7.184z" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g208" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path210" d="m67.794896,636.213802c-2.338,1.277 -6.203,3.391 -8.982,4.91c-0.46501,0.254 -0.908,0.496 -1.299,0.709c-1.123,0.613 -2.942,0.613 -4.06501,0l-1.316,-0.719l-8.965,-4.9c-1.123,-0.613 -1.123,-1.607 0,-2.221l9.639,-5.271l0.642,-0.352c1.12301,-0.613 2.94201,-0.613 4.06501,0l0.60799,0.334l9.674,5.289c1.122,0.614 1.122,1.608 -0.00099,2.221" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g212" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path214" d="m51.408236,645.625912c1.121,0.615 2.031,2.148 2.031,3.428l0,1.273l0,9.784c0,1.279 -0.909,1.818 -2.031,1.204l-9.735,-5.324l-0.546,-0.299c-1.123,-0.613 -2.032,-2.148 -2.032,-3.427l0,-0.899l0,-10.158c0,-1.277 0.91,-1.818 2.032,-1.203c2.279,1.246 6.008,3.283 8.768,4.795c0.544,0.297 1.064,0.58 1.513,0.826" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g216" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path218" d="m69.804596,655.676692l-0.604,0.33l-9.679,5.293c-1.121,0.613 -2.031,0.074 -2.031,-1.205l0.001,-9.754l0,-1.303c0,-1.277 0.911,-2.812 2.032,-3.427c0.452,-0.247 0.975,-0.534 1.523,-0.832c2.76,-1.508 6.481,-3.543 8.758,-4.788c1.121,-0.613 2.031,-0.074 2.031,1.206l0,10.132l0,0.92c0,1.28 -0.91,2.813 -2.031,3.428" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g428" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path430" d="m152.831996,670.962892l4.194,0c1.499,0 2.723,-1.218 2.723,-2.723l0,-13.178c0,-1.506 0.851,-1.854 1.903,-0.78l14.459,14.738c1.05,1.075 3.125,1.943 4.629,1.943l6.516,0c1.505,0 1.861,-0.863 0.803,-1.931l-14.764,-14.83c-1.059,-1.066 -1.217,-2.926 -0.352,-4.154l16.663,-23.588c0.868,-1.228 0.352,-2.223 -1.153,-2.223l-5.85,0c-1.505,0 -3.423,1 -4.287,2.229l-12.158,17.365c-0.861,1.233 -2.426,1.369 -3.489,0.309l-0.995,-0.989c-1.063,-1.06 -1.925,-3.14 -1.925,-4.644l0,-11.547c0,-1.506 -1.224,-2.723 -2.723,-2.723l-4.194,0c-1.502,0 -2.723,1.217 -2.723,2.723l0,41.28c0,1.505 1.221,2.723 2.723,2.723" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g432" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path434" d="m198.551726,627.534102c-3.146,2.723 -4.72,6.639 -4.72,11.732l0,28.974c0,1.505 1.221,2.723 2.723,2.723l4.191,0c1.502,0 2.723,-1.218 2.723,-2.723l0,-28.974c0,-2.441 0.674,-4.423 2.023,-5.945c1.354,-1.527 3.647,-2.287 6.881,-2.287c3.057,0 5.315,0.781 6.778,2.35c1.463,1.57 2.191,3.574 2.191,6.015l0,28.841c0,1.505 1.217,2.723 2.723,2.723l4.191,0c1.506,0 2.723,-1.218 2.723,-2.723l0,-28.974c0,-5.009 -1.539,-8.898 -4.619,-11.664c-3.077,-2.769 -7.675,-4.152 -13.787,-4.152c-6.203,0 -10.877,1.361 -14.021,4.084" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g436" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path438" d="m250.246006,632.077102l8.375,0c2.346,0 4.174,0.578 5.48,1.732c1.305,1.155 1.959,2.692 1.959,4.606c0,2.225 -0.73,3.898 -2.193,5.033c-1.459,1.133 -3.299,1.699 -5.512,1.699l-8.109,0c-1.504,0 -2.723,-1.216 -2.723,-2.72l0,-7.627c0,-1.506 1.219,-2.723 2.723,-2.723m12.826,21.502c1.285,0.959 1.926,2.352 1.926,4.182c0,0.839 -0.143,1.589 -0.426,2.249c-0.502,1.171 -2.359,2.575 -3.781,2.938c-0.785,0.202 -1.662,0.303 -2.635,0.303l-7.91,0c-1.504,0 -2.723,-1.217 -2.723,-2.723l0,-5.664c0,-1.506 1.219,-2.723 2.723,-2.723l7.711,0c2.125,0 3.828,0.479 5.115,1.438m-22.463,17.384l18.543,0c2.567,0 4.817,-0.295 6.744,-0.882c1.926,-0.588 3.508,-1.428 4.75,-2.516c2.526,-2.223 3.789,-5.143 3.789,-8.758c0,-2.398 -0.675,-4.369 -2.027,-5.914c-0.81,-0.927 -1.783,-1.709 -2.92,-2.347c-1.312,-0.737 -2.496,-1.127 -2.496,-1.184c0,-0.053 1.197,-0.39 2.535,-1.08c1.52,-0.781 2.809,-1.848 3.877,-3.199c1.615,-2.051 2.428,-4.508 2.428,-7.385c0,-2.225 -0.346,-4.105 -1.033,-5.654c-0.682,-1.547 -1.74,-2.908 -3.157,-4.084c-1.373,-1.176 -3.078,-2.09 -5.115,-2.744c-2.037,-0.655 -4.32,-0.979 -6.845,-0.979l-19.073,0c-1.504,0 -2.722,1.217 -2.722,2.723l0,41.28c0,1.505 1.218,2.723 2.722,2.723" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g440" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path442" d="m284.199186,670.962892l29.508,0c1.504,0 2.722,-1.218 2.722,-2.723l0,-2.526c0,-1.505 -1.218,-2.723 -2.722,-2.723l-19.871,0c-1.504,0 -2.723,-1.218 -2.723,-2.722l0,-5.014c0,-1.504 1.219,-2.723 2.723,-2.723l16.748,0c1.506,0 2.722,-1.218 2.722,-2.722l0,-2.33c0,-1.506 -1.216,-2.723 -2.722,-2.723l-16.748,0c-1.504,0 -2.723,-1.219 -2.723,-2.725l0,-7.164c0,-1.504 1.219,-2.722 2.723,-2.722l20.068,0c1.504,0 2.721,-1.219 2.721,-2.723l0,-2.463c0,-1.506 -1.217,-2.723 -2.721,-2.723l-29.705,0c-1.504,0 -2.723,1.217 -2.723,2.723l0,41.28c0,1.505 1.219,2.723 2.723,2.723" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g444" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path446" d="m325.699186,627.209902c-2.852,2.17 -4.607,5.09 -5.266,8.764c-0.265,1.478 0.936,2.703 2.442,2.703l3.988,0c1.506,0 2.822,-1.235 3.33,-2.649c0.531,-1.484 1.352,-2.611 2.449,-3.392c1.684,-1.203 4.231,-1.799 7.641,-1.799c1.24,0 2.416,0.107 3.523,0.324c1.108,0.219 2.082,0.57 2.924,1.047c0.842,0.481 1.518,1.102 2.026,1.863c0.509,0.76 0.763,1.686 0.763,2.776c0,1.133 -0.275,2.07 -0.83,2.812c-0.552,0.74 -1.34,1.364 -2.359,1.864c-1.018,0.5 -2.248,0.935 -3.686,1.306c-1.439,0.369 -3.068,0.75 -4.882,1.143c-2.127,0.478 -4.178,1.013 -6.149,1.601c-1.971,0.588 -3.699,1.383 -5.184,2.385c-1.482,1.002 -2.679,2.287 -3.585,3.857c-0.911,1.569 -1.364,3.571 -1.364,6.012c0,2.308 0.453,4.334 1.364,6.079c0.906,1.742 2.169,3.202 3.787,4.377c1.617,1.178 3.529,2.058 5.748,2.649c2.213,0.587 4.652,0.88 7.308,0.88c5.362,0 9.668,-1.243 12.924,-3.726c2.609,-1.989 4.285,-4.706 5.029,-8.149c0.321,-1.472 -0.834,-2.698 -2.336,-2.698l-3.789,0c-1.505,0 -2.793,1.253 -3.42,2.619c-0.5,1.094 -1.242,1.985 -2.23,2.676c-1.682,1.175 -3.766,1.763 -6.244,1.763c-2.615,0 -4.695,-0.5 -6.248,-1.503c-1.551,-1.002 -2.324,-2.332 -2.324,-3.986c0,-0.959 0.211,-1.756 0.63,-2.385c0.42,-0.633 1.063,-1.19 1.928,-1.668c0.867,-0.479 1.936,-0.893 3.223,-1.242c1.285,-0.348 2.81,-0.717 4.586,-1.112c2.435,-0.521 4.726,-1.099 6.875,-1.73c2.15,-0.633 4.031,-1.471 5.648,-2.516c1.617,-1.045 2.891,-2.375 3.823,-3.986c0.929,-1.615 1.394,-3.684 1.394,-6.211c0,-2.35 -0.465,-4.451 -1.394,-6.307c-0.932,-1.851 -2.215,-3.398 -3.854,-4.638c-1.641,-1.239 -3.59,-2.192 -5.848,-2.844c-2.261,-0.65 -4.718,-0.98 -7.377,-0.98c-6.466,0 -11.463,1.341 -14.984,4.021" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g448" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path450" d="m377.626926,648.873992l7.246,0c2.524,0 4.44,0.629 5.744,1.895c1.307,1.263 1.961,2.962 1.961,5.097c0,2.222 -0.666,3.921 -1.992,5.098c-1.33,1.176 -3.189,1.764 -5.58,1.764l-7.379,0c-1.504,0 -2.721,-1.217 -2.721,-2.723l0,-8.408c0,-1.506 1.217,-2.723 2.721,-2.723m-9.969,22.089l18.145,0c2.791,0 5.203,-0.382 7.238,-1.143c2.039,-0.763 3.768,-1.843 5.186,-3.236c1.328,-1.351 2.369,-2.92 3.125,-4.704c0.752,-1.787 1.13,-3.772 1.13,-5.949c0,-2.221 -0.367,-4.237 -1.101,-6.045c-0.731,-1.809 -1.77,-3.356 -3.121,-4.641c-1.354,-1.283 -3.012,-2.287 -4.983,-3.006c-1.972,-0.717 -4.199,-1.078 -6.679,-1.078l-8.971,0c-1.504,0 -2.721,-1.219 -2.721,-2.725l0,-11.476c0,-1.506 -1.218,-2.723 -2.724,-2.723l-4.524,0c-1.502,0 -2.722,1.217 -2.722,2.723l0,41.28c0,1.505 1.22,2.723 2.722,2.723" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g452" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path454" d="m419.621006,650.311492l7.51,0c2.658,0 4.627,0.598 5.914,1.799c1.285,1.195 1.926,2.732 1.926,4.605c0,1.917 -0.62,3.496 -1.86,4.739c-1.24,1.242 -3.144,1.861 -5.713,1.861l-7.777,0c-1.504,0 -2.721,-1.219 -2.721,-2.723l0,-7.558c0,-1.504 1.217,-2.723 2.721,-2.723m-9.635,20.651l19.071,0c2.304,0 4.398,-0.315 6.281,-0.949c1.883,-0.63 3.488,-1.513 4.816,-2.645c1.328,-1.133 2.358,-2.494 3.09,-4.084c0.732,-1.59 1.098,-3.368 1.098,-5.327c0,-2.746 -0.688,-5.109 -2.061,-7.089c-0.955,-1.381 -2.316,-2.479 -4.086,-3.299c-1.361,-0.633 -2.558,-0.961 -2.558,-1.016c0,-0.053 1.201,-0.385 2.519,-1.109c0.996,-0.545 1.83,-1.223 2.498,-2.028c1.174,-1.416 1.912,-3.539 2.227,-6.373c0.174,-1.654 0.297,-3.191 0.363,-4.605c0.066,-1.416 0.141,-2.732 0.203,-3.826c0.031,-0.533 0.016,-0.969 0.016,-1.688c0,-1.64 -1.203,-2.687 -2.656,-2.687l-3.125,0c-1.502,0 -2.641,0.047 -3.012,2.719c-0.043,0.314 -0.09,0.648 -0.129,1.003c-0.111,1.006 -0.211,2.112 -0.303,3.334c-0.086,1.219 -0.174,2.463 -0.262,3.723c-0.222,2.574 -1.076,4.543 -2.56,5.914c-1.484,1.373 -3.732,2.059 -6.742,2.059l-5.053,0c-1.504,0 -2.721,-1.217 -2.721,-2.723l0,-13.307c0,-1.505 -1.218,-2.722 -2.724,-2.722l-4.19,0c-1.506,0 -2.724,1.217 -2.724,2.722l0,41.281c0,1.505 1.218,2.722 2.724,2.722" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g456" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path458" d="m465.269496,641.420902l7.113,0c1.504,0 2.358,1.164 1.903,2.596l-3.432,10.869c-0.223,0.609 -0.434,1.33 -0.633,2.156c-0.197,0.828 -0.408,1.611 -0.629,2.354c-0.115,0.439 -0.226,0.886 -0.338,1.338c-0.183,0.742 -0.582,0.765 -0.814,0.021c-0.143,-0.461 -0.266,-0.912 -0.377,-1.359c-0.221,-0.743 -0.432,-1.526 -0.631,-2.354c-0.199,-0.826 -0.41,-1.547 -0.633,-2.156l-3.431,-10.869c-0.453,-1.432 0.398,-2.596 1.902,-2.596m1.396,29.542l4.524,0c1.5,0 3.133,-1.147 3.639,-2.563l14.906,-41.6c0.512,-1.414 -0.297,-2.563 -1.803,-2.563l-4.588,0c-1.5,0 -3.095,1.161 -3.554,2.59l-1.524,4.75c-0.461,1.43 -2.051,2.596 -3.557,2.596l-11.697,0c-1.502,0 -3.086,-1.166 -3.539,-2.602l-1.492,-4.738c-0.447,-1.435 -2.033,-2.596 -3.539,-2.596l-4.32,0c-1.504,0 -2.317,1.149 -1.815,2.563l14.727,41.598c0.504,1.418 2.131,2.565 3.632,2.565" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g460" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path462" d="m499.769496,644.659102l-13.184,23.919c-0.722,1.319 -0.095,2.385 1.411,2.385l5.052,0c1.504,0 3.283,-1.081 3.975,-2.417l5.926,-11.438c0.353,-0.742 0.715,-1.494 1.095,-2.254c0.375,-0.763 0.719,-1.47 1.028,-2.125c0.176,-0.386 0.343,-0.763 0.506,-1.138c0.277,-0.633 0.808,-0.668 1.132,-0.032c0.198,0.385 0.377,0.774 0.559,1.17c0.307,0.655 0.648,1.362 1.027,2.125c0.377,0.76 0.743,1.512 1.098,2.254l5.809,11.427c0.683,1.341 2.453,2.428 3.955,2.428l4.656,0c1.506,0 2.133,-1.066 1.41,-2.385l-13.189,-23.919c-0.723,-1.316 -1.313,-3.605 -1.313,-5.111l0,-12.588c0,-1.506 -1.221,-2.723 -2.724,-2.723l-4.188,0c-1.504,0 -2.723,1.217 -2.723,2.723l0,12.588c0,1.506 -0.588,3.795 -1.318,5.111" fill-rule="nonzero" fill="#ffffff"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
logo/logo-text-mixed.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

110
logo/logo-text-mixed.svg Normal file
View File

@ -0,0 +1,110 @@
<svg width="700" height="195" xmlns="http://www.w3.org/2000/svg">
<metadata id="metadata8">image/svg+xml</metadata>
<defs>
<clipPath id="clipPath18" clipPathUnits="userSpaceOnUse">
<path id="path16" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath510" clipPathUnits="userSpaceOnUse">
<path id="path508" d="m0,720l1280,0l0,-720l-1280,0l0,720z"/>
</clipPath>
<clipPath id="clipPath518" clipPathUnits="userSpaceOnUse">
<path id="path516" d="m80.333,608.499l52.426,0l0,-23.87l-52.426,0l0,23.87z"/>
</clipPath>
<clipPath id="clipPath534" clipPathUnits="userSpaceOnUse">
<path id="path532" d="m724.334,608.499l93.213,0l0,-23.87l-93.213,0l0,23.87z"/>
</clipPath>
</defs>
<g>
<title>background</title>
<rect x="-1" y="-1" width="702" height="197" id="canvas_background" fill="none"/>
</g>
<g>
<title>Layer 1</title>
<g id="svg_3">
<g id="g20" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path22" d="m120.688001,602.723581l-43.031,-24.842c-6.374,-3.68 -16.707,-3.68 -23.082,0l-43.033,24.842c-6.375,3.68 -11.542,12.631 -11.542,19.992l0,49.688c0,7.358 5.167,16.312 11.542,19.992l43.033,24.843c6.375,3.682 16.708,3.682 23.082,0l43.031,-24.843c6.374,-3.68 11.541,-12.634 11.541,-19.992l0,-49.688c0,-7.361 -5.167,-16.312 -11.541,-19.992" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g28" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path30" d="m99.737811,687.968781c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.126,-0.235 1.555,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.431,-0.235 -0.431,-0.61599 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g32" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path34" d="m104.850111,683.818881l0,-4.232c0,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g36" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path38" d="m106.268141,677.650881c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g40" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path42" d="m111.380451,673.500981l0,-4.232c-0.001,-0.49 0.348,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g44" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path46" d="m112.518141,667.119181c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g48" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path50" d="m117.630451,662.969301l0,-4.232c-0.001,-0.49 0.348,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g52" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path54" d="m101.344191,667.119181c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g56" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path58" d="m106.457541,662.969301l0,-4.232c-0.001,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g60" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path62" d="m95.018141,677.650881c1.045,-0.571 2.892,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.556,0l3.936,2.151c0.429,0.234 0.429,0.615 0,0.85l-3.936,2.152c-0.429,0.234 -1.127,0.234 -1.556,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g64" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path66" d="m100.131301,673.500981l0,-4.232c-0.001,-0.49 0.348,-0.697 0.777,-0.461l3.936,2.152c0.43,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.347,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.429,-0.234 -0.777,-0.822 -0.777,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g68" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path70" d="m89.941911,667.119181c1.045,-0.571 2.891,-1.581 3.936,-2.151c0.429,-0.235 1.127,-0.235 1.555,0l3.937,2.151c0.428,0.234 0.428,0.615 0,0.85l-3.937,2.152c-0.428,0.234 -1.126,0.234 -1.555,0l-3.936,-2.152c-0.43,-0.235 -0.43,-0.616 0,-0.85" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g72" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path74" d="m95.054221,662.969301l0,-4.232c-0.001,-0.49 0.34799,-0.697 0.778,-0.461l3.936,2.152c0.429,0.235 0.777,0.822 0.777,1.312l0,4.232c0,0.489 -0.348,0.696 -0.777,0.461c-1.045,-0.571 -2.891,-1.58 -3.936,-2.152c-0.43,-0.234 -0.778,-0.822 -0.778,-1.312" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g172" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path174" d="m48.098101,660.689491c2.115,1.223 5.543,1.223 7.661,0l12.443,-7.183c0.431,-0.249 0.839,-0.585 1.226,-0.96l14.191,7.757c2.909,1.589 2.909,4.166 0,5.756l-26.639,14.565c-2.907,1.59 -7.622,1.59 -10.529,0l-26.641,-14.565c-2.907,-1.59 -2.907,-4.166 0.001,-5.755c3.812,-2.084 9.198,-5.028 14.463,-7.905c0.429,0.441 0.892,0.825 1.382,1.107l12.442,7.183z" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g176" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path178" d="m86.316911,655.665101c-3.787,-2.071 -9.131,-4.993 -14.363,-7.85399c0.051,-0.31901 0.078,-0.633 0.078,-0.94l0,-14.368c0,-2.44401 -1.713,-5.411 -3.83,-6.632l-12.443,-7.183c-0.403,-0.233 -0.864,-0.407 -1.343,-0.551l-0.001,-14.567c0,-3.313 2.357,-4.711 5.263,-3.121l26.64,14.57c2.907,1.589 5.265,5.565 5.265,8.878l0,28.646c0,3.314 -2.358,4.711 -5.266,3.122" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g180" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path182" d="m35.655841,625.871101c-2.114,1.221 -3.827,4.188 -3.827,6.632l0,14.368c0,0.259 0.029,0.526 0.066,0.794c-5.338,2.918 -10.828,5.92 -14.695,8.035c-2.908,1.589 -5.266,0.192 -5.266,-3.122l0,-28.638c0,-3.314 2.358,-7.289 5.265,-8.879l26.64,-14.569c2.906,-1.59 5.263,-0.193 5.263,3.121l-0.002,14.627c-0.353,0.126 -0.694,0.27 -1.002,0.448l-12.442,7.183z" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g184" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path186" d="m64.088401,630.603491c-2.338,1.278 -6.203,3.392 -8.982,4.91c-0.46501,0.254 -0.908,0.496 -1.299,0.71c-1.123,0.613 -2.942,0.613 -4.06501,0l-1.316,-0.72l-8.965,-4.9c-1.123,-0.613 -1.123,-1.607 0,-2.221l9.639,-5.27l0.642,-0.352c1.12301,-0.614 2.94201,-0.614 4.06501,0l0.60799,0.333l9.674,5.289c1.122,0.614 1.122,1.608 -0.00099,2.221" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g188" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path190" d="m47.701741,640.016091c1.121,0.614 2.031,2.148 2.031,3.427l0,1.273l0,9.785c0,1.278 -0.909,1.818 -2.031,1.204l-9.735,-5.324l-0.546,-0.299c-1.123,-0.613 -2.032,-2.148 -2.032,-3.427l0,-0.9l0,-10.156c0,-1.279 0.91,-1.819 2.032,-1.205c2.279,1.247 6.008,3.285 8.768,4.795c0.544,0.297 1.064,0.581 1.513,0.827" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g192" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path194" d="m66.098101,650.065891l-0.604,0.33l-9.679,5.293c-1.121,0.613 -2.031,0.075 -2.031,-1.205l0.001,-9.753l0,-1.302c0,-1.279 0.911,-2.814 2.032,-3.428c0.452,-0.247 0.975,-0.533 1.523,-0.833c2.76,-1.508 6.481,-3.542 8.758,-4.788c1.121,-0.612 2.031,-0.074 2.031,1.206l0,10.133l0,0.92c0,1.279 -0.91,2.813 -2.031,3.427" fill-rule="nonzero" fill="#ffffff"/>
</g>
<g id="g392" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path394" d="m148.459551,672.666481l4.193,0c1.5,0 2.723,-1.217 2.723,-2.723l0,-13.178c0,-1.506 0.852,-1.854 1.904,-0.78l14.459,14.738c1.049,1.074 3.124,1.943 4.629,1.943l6.516,0c1.504,0 1.861,-0.863 0.803,-1.93l-14.764,-14.83c-1.059,-1.067 -1.218,-2.926 -0.352,-4.154l16.662,-23.589c0.868,-1.228 0.352,-2.223 -1.153,-2.223l-5.85,0c-1.504,0 -3.422,1 -4.287,2.229l-12.158,17.366c-0.861,1.231 -2.425,1.369 -3.489,0.308l-0.994,-0.989c-1.064,-1.06 -1.926,-3.139 -1.926,-4.645l0,-11.545c0,-1.506 -1.223,-2.724 -2.723,-2.724l-4.193,0c-1.502,0 -2.723,1.218 -2.723,2.724l0,41.279c0,1.506 1.221,2.723 2.723,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g396" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path398" d="m194.178241,629.237801c-3.145,2.724 -4.719,6.638 -4.719,11.733l0,28.973c0,1.505 1.221,2.723 2.723,2.723l4.191,0c1.502,0 2.723,-1.218 2.723,-2.723l0,-28.973c0,-2.441 0.673,-4.425 2.023,-5.946c1.354,-1.526 3.646,-2.287 6.88,-2.287c3.058,0 5.316,0.782 6.779,2.351c1.463,1.568 2.19,3.573 2.19,6.015l0,28.84c0,1.505 1.218,2.723 2.724,2.723l4.191,0c1.505,0 2.723,-1.218 2.723,-2.723l0,-28.973c0,-5.01 -1.54,-8.898 -4.619,-11.664c-3.078,-2.77 -7.676,-4.153 -13.788,-4.153c-6.203,0 -10.876,1.361 -14.021,4.084" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g400" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path402" d="m245.873491,633.780281l8.374,0c2.346,0 4.175,0.58 5.481,1.733c1.305,1.155 1.959,2.692 1.959,4.606c0,2.224 -0.73,3.899 -2.193,5.033c-1.46,1.133 -3.3,1.699 -5.513,1.699l-8.108,0c-1.505,0 -2.723,-1.217 -2.723,-2.721l0,-7.627c0,-1.505 1.218,-2.723 2.723,-2.723m12.825,21.503c1.285,0.958 1.926,2.351 1.926,4.181c0,0.84 -0.142,1.59 -0.425,2.249c-0.503,1.171 -2.359,2.575 -3.782,2.939c-0.784,0.202 -1.662,0.303 -2.635,0.303l-7.909,0c-1.505,0 -2.723,-1.217 -2.723,-2.723l0,-5.664c0,-1.505 1.218,-2.723 2.723,-2.723l7.71,0c2.125,0 3.829,0.478 5.115,1.438m-22.462,17.383l18.543,0c2.566,0 4.816,-0.295 6.744,-0.882c1.925,-0.588 3.507,-1.428 4.749,-2.516c2.527,-2.223 3.79,-5.143 3.79,-8.757c0,-2.398 -0.675,-4.369 -2.027,-5.914c-0.81,-0.927 -1.784,-1.71 -2.92,-2.347c-1.313,-0.737 -2.497,-1.128 -2.497,-1.184c0,-0.053 1.197,-0.391 2.535,-1.08c1.521,-0.781 2.81,-1.848 3.878,-3.199c1.615,-2.051 2.428,-4.508 2.428,-7.386c0,-2.223 -0.346,-4.105 -1.033,-5.653c-0.682,-1.548 -1.74,-2.909 -3.157,-4.084c-1.373,-1.176 -3.079,-2.091 -5.116,-2.745c-2.037,-0.654 -4.319,-0.979 -6.845,-0.979l-19.072,0c-1.505,0 -2.722,1.218 -2.722,2.724l0,41.28c0,1.505 1.217,2.722 2.722,2.722" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g404" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path406" d="m279.826741,672.666481l29.508,0c1.504,0 2.722,-1.217 2.722,-2.723l0,-2.526c0,-1.505 -1.218,-2.723 -2.722,-2.723l-19.871,0c-1.504,0 -2.723,-1.218 -2.723,-2.723l0,-5.012c0,-1.505 1.219,-2.724 2.723,-2.724l16.748,0c1.506,0 2.722,-1.217 2.722,-2.722l0,-2.33c0,-1.505 -1.216,-2.723 -2.722,-2.723l-16.748,0c-1.504,0 -2.723,-1.218 -2.723,-2.725l0,-7.163c0,-1.505 1.219,-2.723 2.723,-2.723l20.068,0c1.504,0 2.721,-1.218 2.721,-2.723l0,-2.462c0,-1.506 -1.217,-2.724 -2.721,-2.724l-29.705,0c-1.504,0 -2.723,1.218 -2.723,2.724l0,41.279c0,1.506 1.219,2.723 2.723,2.723" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g408" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path410" d="m321.326741,628.914101c-2.852,2.169 -4.607,5.09 -5.266,8.764c-0.265,1.479 0.936,2.702 2.442,2.702l3.988,0c1.506,0 2.822,-1.234 3.33,-2.649c0.531,-1.483 1.352,-2.611 2.449,-3.392c1.684,-1.202 4.231,-1.798 7.641,-1.798c1.24,0 2.416,0.106 3.523,0.325c1.108,0.217 2.082,0.569 2.924,1.047c0.842,0.479 1.518,1.101 2.026,1.861c0.509,0.761 0.763,1.686 0.763,2.777c0,1.133 -0.275,2.069 -0.83,2.813c-0.552,0.739 -1.34,1.362 -2.359,1.862c-1.018,0.5 -2.248,0.935 -3.686,1.308c-1.439,0.368 -3.068,0.748 -4.882,1.142c-2.127,0.479 -4.178,1.013 -6.149,1.601c-1.971,0.587 -3.699,1.383 -5.184,2.386c-1.482,1.001 -2.679,2.287 -3.585,3.855c-0.911,1.569 -1.364,3.572 -1.364,6.012c0,2.308 0.453,4.335 1.364,6.08c0.906,1.741 2.169,3.201 3.787,4.377c1.617,1.177 3.529,2.058 5.748,2.648c2.213,0.588 4.652,0.88 7.308,0.88c5.362,0 9.668,-1.242 12.924,-3.726c2.609,-1.988 4.285,-4.706 5.029,-8.149c0.321,-1.472 -0.834,-2.697 -2.336,-2.697l-3.789,0c-1.505,0 -2.793,1.253 -3.42,2.619c-0.5,1.093 -1.242,1.984 -2.23,2.675c-1.682,1.176 -3.766,1.763 -6.244,1.763c-2.615,0 -4.695,-0.5 -6.248,-1.502c-1.551,-1.003 -2.324,-2.332 -2.324,-3.986c0,-0.96 0.211,-1.756 0.63,-2.386c0.42,-0.633 1.063,-1.189 1.928,-1.667c0.867,-0.478 1.936,-0.894 3.223,-1.242c1.285,-0.348 2.81,-0.718 4.586,-1.112c2.435,-0.521 4.726,-1.1 6.875,-1.73c2.15,-0.633 4.031,-1.471 5.648,-2.516c1.617,-1.046 2.891,-2.374 3.823,-3.986c0.929,-1.616 1.394,-3.684 1.394,-6.21c0,-2.352 -0.465,-4.453 -1.394,-6.308c-0.932,-1.851 -2.215,-3.399 -3.854,-4.638c-1.641,-1.239 -3.59,-2.192 -5.848,-2.845c-2.261,-0.649 -4.718,-0.979 -7.377,-0.979c-6.466,0 -11.463,1.34 -14.984,4.021" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g412" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path414" d="m373.254411,650.577181l7.246,0c2.524,0 4.44,0.63 5.744,1.896c1.307,1.263 1.961,2.962 1.961,5.098c0,2.22 -0.666,3.92 -1.992,5.097c-1.33,1.176 -3.189,1.763 -5.58,1.763l-7.379,0c-1.504,0 -2.721,-1.217 -2.721,-2.723l0,-8.408c0,-1.505 1.217,-2.723 2.721,-2.723m-9.969,22.089l18.145,0c2.791,0 5.203,-0.382 7.238,-1.142c2.039,-0.764 3.768,-1.844 5.186,-3.237c1.328,-1.351 2.369,-2.919 3.125,-4.704c0.752,-1.787 1.13,-3.771 1.13,-5.948c0,-2.221 -0.367,-4.237 -1.101,-6.045c-0.731,-1.808 -1.77,-3.356 -3.121,-4.64c-1.354,-1.285 -3.012,-2.289 -4.983,-3.006c-1.972,-0.719 -4.199,-1.08 -6.679,-1.08l-8.971,0c-1.504,0 -2.721,-1.218 -2.721,-2.724l0,-11.476c0,-1.505 -1.218,-2.724 -2.724,-2.724l-4.524,0c-1.502,0 -2.722,1.219 -2.722,2.724l0,41.28c0,1.505 1.22,2.722 2.722,2.722" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g416" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path418" d="m415.248491,652.015201l7.51,0c2.658,0 4.627,0.599 5.914,1.798c1.285,1.197 1.926,2.734 1.926,4.606c0,1.917 -0.62,3.497 -1.86,4.738c-1.24,1.242 -3.144,1.862 -5.713,1.862l-7.777,0c-1.504,0 -2.721,-1.218 -2.721,-2.723l0,-7.557c0,-1.505 1.217,-2.724 2.721,-2.724m-9.635,20.651l19.071,0c2.304,0 4.398,-0.316 6.281,-0.949c1.883,-0.63 3.488,-1.513 4.816,-2.645c1.328,-1.133 2.358,-2.495 3.09,-4.085c0.732,-1.59 1.098,-3.367 1.098,-5.326c0,-2.745 -0.688,-5.108 -2.061,-7.09c-0.955,-1.38 -2.316,-2.478 -4.086,-3.297c-1.361,-0.633 -2.558,-0.963 -2.558,-1.016c0,-0.053 1.201,-0.386 2.519,-1.109c0.996,-0.545 1.83,-1.223 2.498,-2.029c1.174,-1.416 1.912,-3.538 2.227,-6.373c0.174,-1.654 0.297,-3.19 0.363,-4.606c0.066,-1.414 0.141,-2.732 0.203,-3.826c0.029,-0.532 0.016,-0.967 0.016,-1.687c0,-1.641 -1.203,-2.688 -2.656,-2.688l-3.125,0c-1.504,0 -2.641,0.047 -3.012,2.72c-0.043,0.315 -0.092,0.649 -0.129,1.004c-0.111,1.005 -0.211,2.111 -0.303,3.334c-0.086,1.218 -0.174,2.462 -0.262,3.723c-0.222,2.574 -1.076,4.542 -2.56,5.914c-1.484,1.373 -3.732,2.058 -6.742,2.058l-5.053,0c-1.504,0 -2.721,-1.218 -2.721,-2.722l0,-13.307c0,-1.505 -1.218,-2.724 -2.724,-2.724l-4.19,0c-1.506,0 -2.724,1.219 -2.724,2.724l0,41.28c0,1.505 1.218,2.722 2.724,2.722" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g420" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path422" d="m460.897051,643.124491l7.113,0c1.504,0 2.358,1.165 1.903,2.597l-3.432,10.868c-0.223,0.609 -0.434,1.33 -0.633,2.157c-0.197,0.827 -0.408,1.611 -0.629,2.353c-0.115,0.439 -0.226,0.886 -0.338,1.338c-0.183,0.742 -0.582,0.766 -0.814,0.02c-0.143,-0.459 -0.266,-0.911 -0.377,-1.358c-0.221,-0.742 -0.432,-1.526 -0.631,-2.353c-0.199,-0.827 -0.41,-1.548 -0.633,-2.157l-3.431,-10.868c-0.453,-1.432 0.398,-2.597 1.902,-2.597m1.396,29.542l4.524,0c1.5,0 3.133,-1.148 3.639,-2.563l14.906,-41.599c0.512,-1.415 -0.297,-2.564 -1.803,-2.564l-4.588,0c-1.5,0 -3.095,1.16 -3.554,2.59l-1.524,4.75c-0.461,1.43 -2.051,2.595 -3.557,2.595l-11.697,0c-1.502,0 -3.086,-1.165 -3.539,-2.601l-1.492,-4.738c-0.447,-1.436 -2.033,-2.596 -3.539,-2.596l-4.32,0c-1.504,0 -2.317,1.149 -1.815,2.564l14.727,41.597c0.504,1.417 2.131,2.565 3.632,2.565" fill-rule="nonzero" fill="#3d647f"/>
</g>
<g id="g424" transform="matrix(1.3333333,0,0,-1.3333333,0,960) ">
<path id="path426" d="m495.397051,646.362281l-13.184,23.919c-0.722,1.319 -0.095,2.385 1.411,2.385l5.052,0c1.504,0 3.283,-1.081 3.975,-2.416l5.926,-11.437c0.353,-0.743 0.715,-1.495 1.095,-2.256c0.375,-0.763 0.719,-1.47 1.028,-2.124c0.176,-0.386 0.343,-0.763 0.506,-1.138c0.277,-0.634 0.808,-0.668 1.132,-0.033c0.198,0.386 0.377,0.774 0.559,1.171c0.307,0.654 0.648,1.361 1.027,2.124c0.377,0.761 0.743,1.513 1.098,2.256l5.809,11.425c0.683,1.341 2.453,2.428 3.955,2.428l4.656,0c1.506,0 2.133,-1.066 1.41,-2.385l-13.189,-23.919c-0.723,-1.316 -1.313,-3.605 -1.313,-5.11l0,-12.588c0,-1.506 -1.221,-2.724 -2.724,-2.724l-4.188,0c-1.504,0 -2.723,1.218 -2.723,2.724l0,12.588c0,1.505 -0.588,3.794 -1.318,5.11" fill-rule="nonzero" fill="#3d647f"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

1772
logo/logos.pdf Normal file
View File

File diff suppressed because one or more lines are too long

16
logo/usage_guidelines.md Normal file
View File

@ -0,0 +1,16 @@
# Kubernetes Branding Guidelines
These guidelines provide you with guidance for using the Kubespray logo.
All artwork is made available under the Linux Foundation trademark usage
[guidelines](https://www.linuxfoundation.org/trademark-usage/). This text from
those guidelines, and the correct and incorrect usage examples, are particularly
helpful:
>Certain marks of The Linux Foundation have been created to enable you to
>communicate compatibility or interoperability of software or products. In
>addition to the requirement that any use of a mark to make an assertion of
>compatibility must, of course, be accurate, the use of these marks must
>avoid confusion regarding The Linux Foundations association with the
>product. The use of the mark cannot imply that The Linux Foundation or
>its projects are sponsoring or endorsing the product.
Additionally, permission is granted to modify the Kubespray mark for non-commercial uses such as t-shirts and stickers.

37
recover-control-plane.yml Normal file
View File

@ -0,0 +1,37 @@
---
- hosts: localhost
gather_facts: False
tasks:
- name: "Check ansible version !=2.7.0"
assert:
msg: "Ansible V2.7.0 can't be used until: https://github.com/ansible/ansible/issues/46600 is fixed"
that:
- ansible_version.string is version("2.7.0", "!=")
- ansible_version.string is version("2.6.0", ">=")
tags:
- check
vars:
ansible_connection: local
- hosts: bastion[0]
gather_facts: False
roles:
- { role: kubespray-defaults}
- { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
- hosts: "{{ groups['etcd'] | first }}"
roles:
- { role: kubespray-defaults}
- { role: recover_control_plane/pre-recover }
- { role: recover_control_plane/etcd }
- hosts: "{{ groups['kube-master'] | first }}"
roles:
- { role: recover_control_plane/master }
- include: cluster.yml
- hosts: "{{ groups['kube-master'] }}"
roles:
- { role: kubespray-defaults}
- { role: recover_control_plane/post-recover }

6
remove-node.yml
View File

@ -2,11 +2,11 @@
- hosts: localhost
become: no
tasks:
- name: "Check ansible version >=2.7.6"
- name: "Check ansible version >=2.7.8"
assert:
msg: "Ansible must be v2.7.6 or higher"
msg: "Ansible must be v2.7.8 or higher"
that:
- ansible_version.string is version("2.7.6", ">=")
- ansible_version.string is version("2.7.8", ">=")
tags:
- check
vars:

2
requirements.txt
View File

@ -1,4 +1,4 @@
ansible>=2.7.6
ansible>=2.7.8
jinja2>=2.9.6
netaddr
pbr>=1.6

6
reset.yml
View File

@ -2,11 +2,11 @@
- hosts: localhost
become: no
tasks:
- name: "Check ansible version >=2.7.6"
- name: "Check ansible version >=2.7.8"
assert:
msg: "Ansible must be v2.7.6 or higher"
msg: "Ansible must be v2.7.8 or higher"
that:
- ansible_version.string is version("2.7.6", ">=")
- ansible_version.string is version("2.7.8", ">=")
tags:
- check
vars:

59
roles/bootstrap-os/README.md Normal file
View File

@ -0,0 +1,59 @@
# bootstrap-os
Bootstrap an Ansible host to be able to run Ansible modules.
This role will:
* configure the package manager (if applicable) to be able to fetch packages
* install Python
* install the necessary packages to use Ansible's package manager modules
* set the hostname of the host to `{{ inventory_hostname }}` when requested
## Requirements
A host running an operating system that is supported by Kubespray.
See https://github.com/kubernetes-sigs/kubespray#supported-linux-distributions for a current list.
SSH access to the host.
## Role Variables
Variables are listed with their default values, if applicable.
### General variables
* `http_proxy`/`https_proxy`
The role will configure the package manager (if applicable) to download packages via a proxy.
This is currently implemented for CentOS/RHEL (`http_proxy` only) as well as Debian and Ubuntu (both `http_proxy` and `https_proxy` are respected)
* `override_system_hostname: true`
The role will set the hostname of the machine to the name it has according to Ansible's inventory (the variable `{{ inventory_hostname }}`).
### Per distribution variables
#### CoreOS
* `coreos_locksmithd_disable: false`
Whether `locksmithd` (responsible for rolling restarts) should be disabled or be left alone.
#### CentOS/RHEL
* `centos_fastestmirror_enabled: false`
Whether the [fastestmirror](https://wiki.centos.org/PackageManagement/Yum/FastestMirror) yum plugin should be enabled.
## Dependencies
The `kubespray-defaults` role is expected to be run before this role.
## Example Playbook
Remember to disable fact gathering since Python might not be present on hosts.
- hosts: all
gather_facts: false # not all hosts might be able to run modules yet
roles:
- kubespray-defaults
- bootstrap-os
## License
Apache 2.0

24
roles/bootstrap-os/defaults/main.yml
View File

@ -1,16 +1,14 @@
---
pip_python_coreos_modules:
- httplib2
- six
override_system_hostname: true
coreos_auto_upgrade: true
## CentOS/RHEL specific variables
# Install epel repo on Centos/RHEL
epel_enabled: false
centos_epel_enabled: false
# Use the fastestmirror yum plugin
centos_fastestmirror_enabled: false
# CentOS/RedHat Extras repo
extras_rh_repo_base_url: "http://mirror.centos.org/centos/$releasever/extras/$basearch/"
extras_rh_repo_gpgkey: "http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7"
# Caching extras packages after installation
extras_rh_rpm_keepcache: 0
## CoreOS specific variables
# Disable locksmithd or leave it in its current state
coreos_locksmithd_disable: false
## General
# Set the hostname to inventory_hostname
override_system_hostname: true

78
roles/bootstrap-os/tasks/bootstrap-centos.yml
View File

@ -1,10 +1,13 @@
---
- name: Check if atomic host
# CentOS ships with python installed
- name: Check if this is an atomic host
stat:
path: /run/ostree-booted
register: ostree
- set_fact:
- name: Store the fact if this is an atomic host
set_fact:
is_atomic: "{{ ostree.stat.exists }}"
- name: Check presence of fastestmirror.conf
@ -12,79 +15,34 @@
path: /etc/yum/pluginconf.d/fastestmirror.conf
register: fastestmirror
# fastestmirror plugin actually slows down Ansible deployments
- name: Disable fastestmirror plugin
# the fastestmirror plugin can actually slow down Ansible deployments
- name: Disable fastestmirror plugin if requested
lineinfile:
dest: /etc/yum/pluginconf.d/fastestmirror.conf
regexp: "^enabled=.*"
line: "enabled=0"
state: present
become: true
when: fastestmirror.stat.exists
when:
- fastestmirror.stat.exists
- not centos_fastestmirror_enabled
- name: Add proxy to /etc/yum.conf if http_proxy is defined
lineinfile:
path: "/etc/yum.conf"
line: "proxy={{ http_proxy }}"
create: yes
create: true
state: present
become: true
when: http_proxy is defined
when:
- http_proxy is defined
- name: Install libselinux-python and yum-utils for bootstrap
yum:
name:
- libselinux-python
- yum-utils
# libselinux-python is required on SELinux enabled hosts
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
- name: Install libselinux-python
package:
name: libselinux-python
state: present
become: true
when:
- not is_atomic
- name: Check python-pip package
yum:
list=python-pip
register: package_python_pip
when:
- not is_atomic
- name: Install epel-release for bootstrap
yum:
name: epel-release
state: present
become: true
when:
- epel_enabled
- not is_atomic
- package_python_pip.results | length != 0
- name: check python-httplib2 package
yum:
list: "python-httplib2"
register: package_python_httplib2
when:
- not is_atomic
- name: Configure extras repository if python-httplib2 not avaiable in current repos
yum_repository:
name: extras
description: "CentOS-7 - Extras"
state: present
baseurl: "{{ extras_rh_repo_base_url }}"
file: "extras"
gpgcheck: yes
gpgkey: "{{extras_rh_repo_gpgkey}}"
keepcache: "{{ extras_rh_rpm_keepcache | default('1') }}"
proxy: " {{ http_proxy | default('_none_') }}"
when:
- not is_atomic
- package_python_httplib2.results | length == 0
- name: Install pip for bootstrap
yum:
name: python-pip
state: present
become: true
when:
- not is_atomic
- package_python_pip.results | length != 0

13
roles/bootstrap-os/tasks/bootstrap-clearlinux.yml
View File

@ -1,15 +1,16 @@
---
- name: Install basic packages to run containers
# ClearLinux ships with Python installed
- name: Install basic package to run containers
package:
name: "{{ item }}"
name: containers-basic
state: present
with_items:
- containers-basic
- name: Make sure docker service is enabled
systemd:
name: docker
enabled: yes
daemon_reload: yes
masked: false
enabled: true
daemon_reload: true
state: started
become: true

33
roles/bootstrap-os/tasks/bootstrap-coreos.yml
View File

@ -1,4 +1,6 @@
---
# CoreOS ships without Python installed
- name: Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
@ -16,39 +18,20 @@
- name: Run bootstrap.sh
script: bootstrap.sh
when: need_bootstrap.rc != 0
become: true
when:
- need_bootstrap.rc != 0
- set_fact:
- name: Set the ansible_python_interpreter fact
set_fact:
ansible_python_interpreter: "{{ bin_dir }}/python"
tags:
- facts
- name: Install pip3
command: "{{ ansible_python_interpreter }} -m ensurepip"
args:
creates: "{{ bin_dir }}/pypy3/bin/pip3"
register: pip_installed
- name: Install pip3 link
file:
src: "{{ bin_dir }}/pypy3/bin/pip3"
dest: "{{ bin_dir }}/pip3"
mode: 0755
state: link
when: pip_installed.changed
- name: Install required python modules
pip:
name: "{{ item }}"
extra_args: "{{ pip_extra_args | default(omit) }}"
with_items: "{{ pip_python_coreos_modules }}"
environment:
PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}"
- name: Disable auto-upgrade
systemd:
name: locksmithd.service
masked: true
state: stopped
when:
- not coreos_auto_upgrade
- coreos_locksmithd_disable

26
roles/bootstrap-os/tasks/bootstrap-debian.yml
View File

@ -1,17 +1,16 @@
---
# Some Debian based distros ship without Python installed
- name: Check if bootstrap is needed
raw: which "{{ item }}"
raw: which python
register: need_bootstrap
failed_when: false
changed_when: false
# This command should always run, even in check mode
check_mode: false
with_items:
- python
- pip
- dbus-daemon
environment: {}
tags: facts
tags:
- facts
- name: Check http::proxy in /etc/apt/apt.conf
raw: grep -qsi 'Acquire::http::proxy' /etc/apt/apt.conf
@ -51,15 +50,18 @@
- https_proxy is defined
- need_https_proxy.rc != 0
- name: Install python, pip, and dbus
- name: Install python
raw:
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-pip dbus
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal
become: true
environment: {}
when:
need_bootstrap.results | map(attribute='rc') | sort | last | bool
- need_bootstrap.rc != 0
- set_fact:
ansible_python_interpreter: "/usr/bin/python"
tags: facts
# Workaround for https://github.com/ansible/ansible/issues/25543
- name: Install dbus for the hostname module
package:
name: dbus
state: present
become: true

40
roles/bootstrap-os/tasks/bootstrap-fedora.yml
View File

@ -1,22 +1,46 @@
---
# Some Fedora based distros ship without Python installed
- name: Check if this is an atomic host
raw: stat /run/ostree-booted
register: ostree
environment: {}
failed_when: false
changed_when: false
tags:
- facts
- name: Store the fact if this is an atomic host
set_fact:
is_atomic: "{{ ostree.rc == 0 }}"
tags:
- facts
- name: Check if bootstrap is needed
raw: which "{{ item }}"
raw: which python
register: need_bootstrap
failed_when: false
changed_when: false
with_items:
- python
environment: {}
tags: facts
tags:
- facts
# Fedora's policy as of Fedora 30 is to still install python2 as /usr/bin/python
# See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 for the current status
- name: Install python on fedora
raw: "dnf install --assumeyes --quiet python"
raw: "dnf install --assumeyes --quiet python2"
become: true
environment: {}
when: need_bootstrap.results | map(attribute='rc') | sort | last | bool
when:
- need_bootstrap.rc != 0
- not is_atomic
- name: Install required python packages
dnf:
# libselinux-python is required on SELinux enabled hosts
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
- name: Install libselinux-python
package:
name: libselinux-python
state: present
become: true
when:
- not is_atomic

15
roles/bootstrap-os/tasks/bootstrap-opensuse.yml
View File

@ -1,13 +1,10 @@
---
- name: Ensure zypper cache is updated (SUSE)
zypper_repository:
repo: "*"
runrefresh: yes
# OpenSUSE ships with Python installed
- name: Install required packages (SUSE)
package:
name: "{{ item }}"
# Without this package, the get_url module fails when trying to handle https
- name: Install python-cryptography
zypper:
name: python-cryptography
state: present
with_items:
- python-cryptography
update_cache: true
become: true

72
roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
View File

@ -1,72 +0,0 @@
---
- name: List ubuntu_packages
set_fact:
ubuntu_packages:
- python
- python-apt
- python-pip
- dbus
- name: Check if bootstrap is needed
raw: dpkg -l | cut -d' ' -f3 | grep -e ^{{ item }}$
register: need_bootstrap
failed_when: false
changed_when: false
# This command should always run, even in check mode
check_mode: false
with_items: "{{ ubuntu_packages }}"
environment: {}
tags:
- facts
- name: Check http::proxy in /etc/apt/apt.conf
raw: grep -qsi 'Acquire::http::proxy' /etc/apt/apt.conf
register: need_http_proxy
failed_when: false
changed_when: false
# This command should always run, even in check mode
check_mode: false
environment: {}
when:
- http_proxy is defined
- name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
become: true
environment: {}
when:
- http_proxy is defined
- need_http_proxy.rc != 0
- name: Check https::proxy in /etc/apt/apt.conf
raw: grep -qsi 'Acquire::https::proxy' /etc/apt/apt.conf
register: need_https_proxy
failed_when: false
changed_when: false
# This command should always run, even in check mode
check_mode: false
environment: {}
when:
- https_proxy is defined
- name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
become: true
environment: {}
when:
- https_proxy is defined
- need_https_proxy.rc != 0
- name: Install python and pip
raw:
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y {{ ubuntu_packages | join(" ") }}
become: true
environment: {}
when:
- need_bootstrap.results | map(attribute='rc') | sort | last | bool
- set_fact:
ansible_python_interpreter: "/usr/bin/python"
tags:
- facts

44
roles/bootstrap-os/tasks/main.yml
View File

@ -7,55 +7,65 @@
check_mode: false
environment: {}
- include_tasks: bootstrap-ubuntu.yml
when: '"Ubuntu" in os_release.stdout'
- include_tasks: bootstrap-centos.yml
when: '"CentOS" in os_release.stdout or "Red Hat Enterprise Linux" in os_release.stdout'
- include_tasks: bootstrap-debian.yml
when: '"Debian" in os_release.stdout'
- include_tasks: bootstrap-clearlinux.yml
when: '"Clear Linux OS" in os_release.stdout'
- include_tasks: bootstrap-coreos.yml
when: '"CoreOS" in os_release.stdout'
- include_tasks: bootstrap-debian.yml
when: '"Debian" in os_release.stdout or "Ubuntu" in os_release.stdout'
- include_tasks: bootstrap-fedora.yml
when: '"Fedora" in os_release.stdout'
- include_tasks: bootstrap-centos.yml
when: '"CentOS" in os_release.stdout or "Red Hat Enterprise Linux" in os_release.stdout'
- include_tasks: bootstrap-opensuse.yml
when: '"openSUSE" in os_release.stdout'
- include_tasks: bootstrap-clearlinux.yml
when: '"Clear Linux OS" in os_release.stdout'
- name: Create remote_tmp for it is used by another module
file:
path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
state: directory
mode: 0700
- name: Gather nodes hostnames
# Workaround for https://github.com/ansible/ansible/issues/42726
# (1/3)
- name: Gather host facts to get ansible_os_family
setup:
gather_subset: '!all'
filter: ansible_*
- name: Assign inventory name to unconfigured hostnames (non-CoreOS and Tumbleweed)
- name: Assign inventory name to unconfigured hostnames (non-CoreOS, Suse and ClearLinux)
hostname:
name: "{{ inventory_hostname }}"
when:
- override_system_hostname
- ansible_os_family not in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
- ansible_os_family not in ['Suse', 'Container Linux by CoreOS', 'ClearLinux']
- name: Assign inventory name to unconfigured hostnames (CoreOS and Tumbleweed only)
# (2/3)
- name: Assign inventory name to unconfigured hostnames (CoreOS, Suse and ClearLinux only)
command: "hostnamectl set-hostname {{ inventory_hostname }}"
register: hostname_changed
changed_when: false
when:
- override_system_hostname
- ansible_os_family in ['Suse', 'CoreOS', 'Container Linux by CoreOS', 'ClearLinux']
- ansible_os_family in ['Suse', 'Container Linux by CoreOS', 'ClearLinux']
- name: Update hostname fact (CoreOS and Tumbleweed only)
# (3/3)
- name: Update hostname fact (CoreOS, Suse and ClearLinux only)
setup:
gather_subset: '!all'
filter: ansible_hostname
when:
- hostname_changed.changed
- override_system_hostname
- ansible_os_family in ['Suse', 'Container Linux by CoreOS', 'ClearLinux']
- name: "Install ceph-commmon package"
package:
name:
- ceph-common
state: present
when: rbd_provisioner_enabled|default(false)

4
roles/container-engine/cri-o/templates/crio.conf.j2
View File

@ -64,7 +64,11 @@ file_locking = true
# This is a mandatory setting as this runtime will be the default one
# and will also be used for untrusted container workloads if
# runtime_untrusted_workload is not set.
{% if ansible_os_family == "ClearLinux" %}
runtime = "/usr/bin/runc"
{% else %}
runtime = "/usr/sbin/runc"
{% endif %}
# runtime_untrusted_workload is the OCI compatible runtime used for untrusted
# container workloads. This is an optional setting, except if

1
roles/container-engine/cri-o/vars/fedora.yml
View File

@ -1,5 +1,6 @@
---
crio_packages:
- cri-o
- cri-tools
crio_service: cri-o

2
roles/container-engine/docker/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
docker_version: '18.06'
docker_version: '18.09'
docker_selinux_version: '17.03'
docker_package_info:

13
roles/container-engine/docker/handlers/main.yml
View File

@ -5,11 +5,11 @@
- Docker | reload systemd
- Docker | reload docker.socket
- Docker | reload docker
- Docker | pause while Docker restarts
- Docker | wait for docker
- name: Docker | reload systemd
shell: systemctl daemon-reload
systemd:
daemon_reload: true
- name: Docker | reload docker.socket
service:
@ -22,14 +22,9 @@
name: docker
state: restarted
- name: Docker | pause while Docker restarts
pause:
seconds: 10
prompt: "Waiting for docker restart"
- name: Docker | wait for docker
command: "{{ docker_bin_dir }}/docker images"
register: docker_ready
retries: 10
delay: 5
retries: 20
delay: 1
until: docker_ready.rc == 0

4
roles/container-engine/docker/tasks/set_facts_dns.yml
View File

@ -43,12 +43,12 @@
- name: add system nameservers to docker options
set_fact:
docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
when: system_nameservers.stdout != ""
when: system_nameservers.stdout
- name: add system search domains to docker options
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split()|default([])) | unique }}"
when: system_search_domains.stdout != ""
when: system_search_domains.stdout
- name: check number of nameservers
fail:

1
roles/container-engine/docker/tasks/systemd.yml
View File

@ -12,6 +12,7 @@
when: http_proxy is defined or https_proxy is defined
- name: get systemd version
# noqa 303 - systemctl is called intentionally here
shell: systemctl --version | head -n 1 | cut -d " " -f 2
register: systemd_version
when: not is_atomic

4
roles/container-engine/docker/templates/docker.service.j2
View File

@ -2,8 +2,8 @@
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
{% if ansible_os_family == "RedHat" %}
After=network.target docker-storage-setup.service{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
Wants=docker-storage-setup.service
After=network.target {{ ' docker-storage-setup.service' if docker_container_storage_setup else '' }}{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
{{ 'Wants=docker-storage-setup.service' if docker_container_storage_setup else '' }}
{% elif ansible_os_family == "Debian" %}
After=network.target docker.socket{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
Wants=docker.socket

8
roles/container-engine/docker/vars/debian.yml
View File

@ -5,8 +5,6 @@ docker_kernel_min_version: '3.10'
# https://apt.dockerproject.org/repo/dists/debian-wheezy/main/filelist
docker_versioned_pkg:
'latest': docker-ce
'1.11': docker-engine=1.11.2-0~{{ ansible_distribution_release|lower }}
'1.12': docker-engine=1.12.6-0~debian-{{ ansible_distribution_release|lower }}
'1.13': docker-engine=1.13.1-0~debian-{{ ansible_distribution_release|lower }}
'17.03': docker-ce=17.03.2~ce-0~debian-{{ ansible_distribution_release|lower }}
'17.06': docker-ce=17.06.2~ce-0~debian
@ -14,9 +12,9 @@ docker_versioned_pkg:
'17.12': docker-ce=17.12.1~ce-0~debian
'18.03': docker-ce=18.03.1~ce-0~debian
'18.06': docker-ce=18.06.2~ce~3-0~debian
'18.09': docker-ce=5:18.09.2~3-0~debian-{{ ansible_distribution_release|lower }}
'stable': docker-ce=18.06.2~ce~3-0~debian
'edge': docker-ce=17.12.1~ce-0~debian
'18.09': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
'stable': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
'edge': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
docker_package_info:
pkg_mgr: apt

2
roles/container-engine/docker/vars/fedora.yml
View File

@ -2,11 +2,13 @@
docker_kernel_min_version: '0'
# https://docs.docker.com/install/linux/docker-ce/fedora/
# https://download.docker.com/linux/fedora/28/x86_64/stable/Packages/
docker_versioned_pkg:
'latest': docker-ce
'18.03': docker-ce-18.03.1.ce-3.fc28
'18.06': docker-ce-18.06.2.ce-3.fc28
'18.09': docker-ce-18.09.5-3.fc28
#
# This is due to the fact that the docker

10
roles/container-engine/docker/vars/redhat.yml
View File

@ -7,22 +7,18 @@ docker_kernel_min_version: '0'
# or do 'yum --showduplicates list docker-engine'
docker_versioned_pkg:
'latest': docker-ce
'1.11': docker-engine-1.11.2-1.el7.centos
'1.12': docker-engine-1.12.6-1.el7.centos
'1.13': docker-engine-1.13.1-1.el7.centos
'17.03': docker-ce-17.03.2.ce-1.el7.centos
'17.09': docker-ce-17.09.0.ce-1.el7.centos
'17.12': docker-ce-17.12.1.ce-1.el7.centos
'18.03': docker-ce-18.03.1.ce-1.el7.centos
'18.06': docker-ce-18.06.2.ce-3.el7
'18.09': docker-ce-18.09.2-3.el7
'stable': docker-ce-18.06.2.ce-3.el7
'edge': docker-ce-18.09.2-3.el7
'18.09': docker-ce-18.09.5-3.el7
'stable': docker-ce-18.09.5-3.el7
'edge': docker-ce-18.09.5-3.el7
docker_selinux_versioned_pkg:
'latest': docker-ce-selinux
'1.11': docker-engine-selinux-1.11.2-1.el7.centos
'1.12': docker-engine-selinux-1.12.6-1.el7.centos
'1.13': docker-engine-selinux-1.13.1-1.el7.centos
'17.03': docker-ce-selinux-17.03.2.ce-1.el7.centos
'stable': docker-ce-selinux-17.03.2.ce-1.el7.centos

6
roles/container-engine/docker/vars/ubuntu-amd64.yml
View File

@ -11,9 +11,9 @@ docker_versioned_pkg:
'17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
'18.06': docker-ce=18.06.2~ce~3-0~ubuntu
'18.09': docker-ce=5:18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'stable': docker-ce=18.06.2~ce~3-0~ubuntu
'edge': docker-ce=5:18.09.2~ce~3-0~ubuntu
'18.09': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'stable': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'edge': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
docker_package_info:
pkg_mgr: apt

8
roles/container-engine/docker/vars/ubuntu-arm64.yml
View File

@ -1,15 +1,15 @@
---
docker_kernel_min_version: '3.10'
docker_version: 18.06
# https://download.docker.com/linux/ubuntu/
docker_versioned_pkg:
'latest': docker-ce
'17.09': docker-ce=17.09.1~ce-0~ubuntu
'17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
'18.06': docker-ce=18.06.2~ce~3-0~ubuntu
'18.09': docker-ce=5:18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'stable': docker-ce=18.06.2~ce~3-0~ubuntu
'edge': docker-ce=5:18.09.2~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'18.09': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'stable': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
'edge': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
docker_package_info:
pkg_mgr: apt

10
roles/container-engine/meta/main.yml
View File

@ -7,17 +7,9 @@ dependencies:
- container-engine
- crio
- role: container-engine/rkt
when:
- container_manager == 'rkt'
tags:
- container-engine
- rkt
- role: container-engine/docker
when:
- container_manager == 'docker' or container_manager == "rkt"
- container_manager == 'docker'
tags:
- container-engine
- docker
- rkt

6
roles/container-engine/rkt/defaults/main.yml
View File

@ -1,6 +0,0 @@
---
rkt_version: 1.21.0
rkt_pkg_version: "{{ rkt_version }}-1"
rkt_download_src: https://github.com/coreos/rkt
rkt_download_url: "{{ rkt_download_src }}/releases/download/v{{ rkt_version }}"

2
roles/container-engine/rkt/files/rkt-gc.sh
View File

@ -1,2 +0,0 @@
#!/bin/bash
rkt gc

54
roles/container-engine/rkt/tasks/install.yml
View File

@ -1,54 +0,0 @@
---
- name: gather os specific variables for rkt
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
paths:
- ../vars
skip: true
tags:
- facts
- name: install rkt pkg on ubuntu
apt:
deb: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when: ansible_os_family == "Debian"
- name: install rkt pkg on fedora
dnf:
name: rkt
state: present
when: ansible_distribution == "Fedora"
- name: install rkt pkg on centos
yum:
pkg: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution != "Fedora"
- name: install rkt pkg on openSUSE
zypper:
name: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when: ansible_os_family == "Suse"

13
roles/container-engine/rkt/tasks/main.yml
View File

@ -1,13 +0,0 @@
---
- name: Install rkt
import_tasks: install.yml
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: Set up cron job to do garbage cleanup
copy:
src: rkt-gc.sh
dest: /etc/cron.hourly/rkt-gc.sh
owner: root
group: root
mode: 0750
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]

2
roles/container-engine/rkt/vars/debian.yml
View File

@ -1,2 +0,0 @@
---
rkt_pkg_name: "rkt_{{ rkt_pkg_version }}_amd64.deb"

Some files were not shown because too many files have changed in this diff Show More