Commit Graph

112 Commits (0232e755f3577926fda423e9bd604c19cf486374)

Author SHA1 Message Date
Matthew Mosesohn cc6e3d14ce Add host-based kubelet deployment
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Brad Beam b60a897265 Explicitly create cni bin dir
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Matthew Mosesohn b4d06ff8dd Add /var/lib/cni to kubelet
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Sergii Golovatiuk f144fd1ed3 Refactor etcd role
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Bogdan Dobrelya 069606947c Merge pull request #1063 from bogdando/fix
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Bogdan Dobrelya f2a4619c57 Align LB defaults with the HA docs
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Andrew Greenwood ca9ea097df Cleanup legacy syntax, spacing, files all to yml
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Brad Beam 4c891b8bb0 Adding support for proxy w/ rkt kubelet 2017-02-14 08:09:49 -06:00
Sergii Golovatiuk aeadaa1184 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Josh Conant 245e05ce61 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Matthew Mosesohn f3a0f73588 Prevent dynamic port allocation in nodePort range
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Brad Beam 4b6f29d5e1 Adding kubelet in rkt 2017-01-03 14:49:48 -06:00
Bogdan Dobrelya 58062be2a3 Drop non systemd OS types support
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 12:14:03 +01:00
Bogdan Dobrelya c75f394707 Address standalone kubelet config case
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 16:35:53 +01:00
Bogdan Dobrelya 8cc84e132a Add tags
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Aleksandr Didenko e3470b28c5 Move CNI config and add MTU support for calico-cni
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
Aleksandr Didenko caa81f3ac2 Fix etcd ssl for canal
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Aleksandr Didenko 309240cd6f Adding support for canal network plugin
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:

https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Matthew Mosesohn 84052ff0b6 use nginx proxy on non-master nodes to proxy apiserver traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.

Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Matthew Mosesohn 6f07da9f41 Restart kubelet if launcher changed
Fixes #409
2016-08-18 19:00:05 +03:00
Matthew Mosesohn d0a1e15ef3 Deploy kubelet and kube-apiserver as containers
kubelet via docker
kube-apiserver as a static pod

Fixed etcd service start to be more tolerant of slow start.

Workaround for kube_version to stay in download role, but not
download an files by creating a new "nothing" download entry.
2016-07-22 16:42:34 +03:00
Smana fca384e24c first version of CoreOS on GCE
Please enter the commit message for your changes. Lines starting
2016-02-21 00:06:36 +01:00
Smana a649aa8b7e use ansible_service_mgr to detect init system 2016-02-13 11:46:53 +01:00
Smana 91fca69aa0 generate secrets on deployment machine
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00
Smaine Kahlouch 4f92417a5d split network plugins into distinct roles 2016-02-09 11:42:00 +01:00
Antoine Legrand b9781fa7c2 Symlink dnsmasq conf 2016-01-26 00:30:29 +01:00
Smaine Kahlouch baaa6efc2b workaround_ha_apiserver 2016-01-25 12:07:32 +01:00
ant31 56b92812fa Fix systemd reload and calico unit 2016-01-25 10:54:07 +01:00
Smaine Kahlouch 4984b57aa2 use rsync instead of command 2016-01-23 18:26:07 +01:00
Smaine Kahlouch 283c4169ac run apiserver as a service
reorder master handlers

typo for sysvinit
2016-01-23 14:21:04 +01:00
Smaine Kahlouch 391413f7e7 missing commits for the PR #86 2016-01-22 17:10:31 +01:00
Smaine Kahlouch cb59559835 use command instead of synchronize 2016-01-22 16:37:07 +01:00
Antoine Legrand 078b67c50f Remove downloader host 2016-01-22 09:59:39 +01:00
Antoine Legrand 859f6322a0 Merge branch 'master' into add_set_remote_user 2016-01-19 21:08:52 +01:00
Greg Althaus 10b2466d82 run_once only works if master[0] is first in inventory list
of all nodes.
2016-01-19 13:10:54 -06:00
Antoine Legrand f68d8f3757 Add seT_remote_user in synchronize 2016-01-19 14:20:05 +01:00
Antoine Legrand 9b083b62cf Rename tasks 2016-01-19 14:20:05 +01:00
Smaine Kahlouch 8127e8f8e8 Flannel running as pod 2016-01-15 13:03:27 +01:00
ant31 f49aa90bf7 fix synchronize pull mode 2016-01-08 11:32:06 +01:00
Antoine Legrand 7913d62749 Merge pull request #44 from ansibl8s/travis
Travis  tests
2016-01-07 23:46:02 +01:00
Smaine Kahlouch d5320961e9 enforce user root when sudo is used 2016-01-05 15:33:23 +01:00
ant31 9a03249446 Add travis tests 2016-01-05 12:31:49 +01:00
ant31 8fa0110e28 Remove local dep. downloader 2016-01-04 16:10:29 +01:00
Smaine Kahlouch 6103d673b7 New calico's configuration 2016-01-04 14:30:37 +01:00
Smaine Kahlouch 29bf90a858 review handlers for sysvinit 2016-01-04 14:30:37 +01:00
Smaine Kahlouch 1695682d85 handle sysvinit 2015-12-31 14:05:55 +01:00
Smaine Kahlouch c9d9ccf025 move network-environment template into node role, required by kubelet 2015-12-29 21:36:51 +01:00
ant31 e378f4fb14 Install calico-plugin before running calico 2015-12-28 22:04:39 +01:00
Smaine Kahlouch 680864f95c don't sync certs on masters, already done in another task 2015-12-21 14:24:57 +01:00
Smaine Kahlouch fec1dc9041 A single file for tokens tasks 2015-12-19 11:00:22 +01:00
Smaine Kahlouch e7e03bae9f calico talks to apiserver with https 2015-12-18 22:22:52 +01:00
Smaine Kahlouch c6d65cb535 remove temporary workaround due to node reboot issue with calico 2 2015-12-18 13:25:46 +01:00
Smaine Kahlouch a0746a3efd remove temporary workaround due to node reboot issue with calico 2015-12-18 13:22:32 +01:00
Antoine Legrand 184bb8c94d Use 0755 mode for binaries 2015-12-17 22:46:50 +01:00
Smaine Kahlouch b3841659d7 Review role order, use master ip even when fqdn are used in the inventory 2015-12-16 23:49:01 +01:00
Smaine Kahlouch d1e19563b0 Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs 2015-12-12 19:37:08 +01:00
Smaine Kahlouch 126d4e36c8 Fix kube-proxy on master 2015-11-30 16:41:22 +01:00
Antoine Legrand 7f73bb5522 Keep workaround 2015-11-21 14:04:42 +01:00
ant31 8fa7811b63 Remove workaround 2015-11-20 11:36:32 +01:00
ant31 c352df6fc8 Add Backup 2015-11-20 11:18:37 +01:00
Smaine Kahlouch 347bc4a79c remove fluentd configuration on nodes 2015-10-12 17:28:17 +02:00
Smaine Kahlouch 00c562828f Initial commit 2015-10-03 22:19:50 +02:00