Commit Graph

3408 Commits (058438a25d086ffb4594c7212f0d053a2cba19ee)

Author SHA1 Message Date
Barry Melbourne 058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Maxime Guyot 6e938a3106
Fix E306 in other roles (#6517) 2020-08-28 01:20:53 -07:00
Florian Ruynat 2f93d62aa5
Update nginx ingress to 0.34.1 (#6571) 2020-08-27 10:15:53 -07:00
Florian Ruynat 8ba3d7ec75
Add Kubernetes 1.19 hashes (#6593) 2020-08-27 09:45:53 -07:00
Hans Feldt 9e2d282709
cri-o: add variable to configure unsecure pull (#6568)
By default do not allow "unqualified" (without a registry) images
because it is considered unsecure and subject to mitm attacks.

To enable insecure pull configure for example:

crio_registries:
  - "docker.io"
  - "quay.io"
2020-08-27 09:09:53 -07:00
Florian Ruynat 706c7cb4f1
etcd should not fail when adding an already existing member (#6587) 2020-08-27 02:33:01 -07:00
Florian Ruynat e7ee19bd66
Update bunch of dependencies with minor fixes (#6570) 2020-08-27 02:25:01 -07:00
nic0las f59d3fc4a3
Deviceroutesourceaddress (#6508)
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Barry Melbourne 8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) (#6581) 2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre e6dae03a0d
Add cilium hubble server in config (#6575)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Arthur Outhenin-Chalandre 2f2ed116f7
Improve metallb template for bgp peers (#6574)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Kuralamudhan Ramakrishnan e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 (#6531)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat 1ff95e85f4
Rollback coredns, should not have been updated before 1.19 (#6573) 2020-08-26 03:30:03 -07:00
Sulochan Acharya 36924b63dc
Allow webhook authorization (#6502) 2020-08-24 06:29:41 -07:00
jeanfabrice 411510cbe6
Use proper openssl command to differentiate between host and ip in API certificate check (#6392)
* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
2020-08-21 02:03:39 -07:00
Florian Ruynat 6e2b8a5750
Add timeout to Get current version of calico cluster version, again (#6493) 2020-08-21 00:13:51 -07:00
Lars ca66a96d0a
make pre-remove node draining a failable task (#6442)
and add configuration to allow ungraceful removal
2020-08-21 00:13:39 -07:00
Marc-Antoine 0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 (#6562) 2020-08-21 00:10:03 -07:00
*=0=1=4=* a8e2110b2d
#6552 Update extras_rh_repo_base_url (#6556) 2020-08-21 00:09:55 -07:00
Christian Strack 250541d29d
Use proper pypy download url in bootstrap script (#6555)
The bootstrap-os role uses a bootstrap script to provision a
python interpreter on flatcar and container os hosts. As the
pypy project switched to another hoster, the download url changed.

If applied this will use the new proper pypy download url in bootstrap script
2020-08-21 00:09:47 -07:00
Florian Ruynat 142b9e1eff
Update k8s hashes and set default version to 1.18.8 (#6532) 2020-08-21 00:09:39 -07:00
Michal Petko 91ae87fa60
Fix setting node label if kube_override_hostname is defined (#6557) 2020-08-20 06:23:30 -07:00
tasekida d6456d13c2
Update coredns to 1.7.0 (#6538) 2020-08-20 04:33:44 -07:00
Florian Ruynat 98f7485303
Update weave to 2.7.0 + minor update to Cilium (#6501) 2020-08-20 04:33:36 -07:00
Samuel Liu a42d811420
fix scale playbook (#6482) 2020-08-20 04:33:23 -07:00
Barry Melbourne bf6fdce339
Fix cert-manager E305 ansible-lint error (#6549) 2020-08-20 04:25:45 -07:00
Bernard Landon fa378f09c3
Edited pre-upgrade task to uncordon a node failing to drain (#6546) 2020-08-20 04:25:36 -07:00
holmesb d8a749fd27
Update apiserver-audit-policy.yaml.j2 (#6526) 2020-08-18 00:49:37 -07:00
Florian Ruynat 78ceef6b15
Remove unused variable (#6522) 2020-08-18 00:45:29 -07:00
Arthur Outhenin-Chalandre ca8e59fa85
Add new cilium options for native routing (#6519)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:39:42 -07:00
Bernard Landon b0210567aa
Fixed Kubespray container-engine/docker role to populate docker.service (#6518) 2020-08-18 00:39:30 -07:00
Arthur Outhenin-Chalandre 33ec13293b
Fix cilium_deploy_additionally with kubeadm etcd (#6514)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:36 -07:00
Arthur Outhenin-Chalandre bedb411d06
improve Cilium metrics support (#6513)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:29 -07:00
Erwan Miran ef3e98807e
tlsminversion and tlsciphersuites kubelet (#6490) 2020-08-13 02:48:13 -07:00
Arthur Outhenin-Chalandre 35682b5228
Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix cilium strict kube-proxy in HA

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add a single global endpoint variable

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add cilium docs about kube-proxy replacement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix issues in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Barry Melbourne 9cc70e9e70
Upgrade JetStack Cert-Manager to v0.15.2 (#6414)
* Upgrade JetStack Cert-Manager to v0.15.2

* Add README.md table of contents
2020-08-05 23:26:55 -07:00
Maxime Guyot fc23f37af7
Fix E306 in roles/kubernetes (#6500) 2020-08-05 07:56:28 -07:00
Sulochan Acharya bfe143808f
Allows tls verify skip on webhook auth url (#6472) 2020-08-05 05:02:29 -07:00
Mike Williams e72dbf3dfc
Option for MetalLB to talk BGP (#6383)
* Option for MetalLB to talk BGP

* Check for BGP peers when metallb_protocol is bgp

* README clarification

* Commented values as documentation only in the sample inventory

* layer 2 or BGP, not both
2020-08-05 01:52:40 -07:00
bozzo cc70200a07
Fix Flexvolume mount in Openstack Controller (#6480) 2020-08-04 05:28:35 -07:00
Steven Reitsma f3c17361da
Create a PodDisruptionBudget for the Cinder CSI controllerplugin (#6385) 2020-08-04 05:28:19 -07:00
Victor Morales bdf0238328
Upgrade molecule to v3 (#6468)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-08-04 05:24:19 -07:00
Florent Monbillard 39b907cdfb
Remove workaround for kubeadm upgrade (#6478)
https://github.com/kubernetes/kubeadm/issues/1498 was closed
2020-08-03 01:17:40 -07:00
Florian Ruynat 24a7878e7c
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 (#6479) 2020-08-01 00:34:04 -07:00
Konstantin Lebedev 2364a84579
fix src for audit webhook config yaml (#6470) 2020-08-01 00:33:56 -07:00
Hans Feldt c6e5be91e9
crio: align template crio.conf with upstream (#6432)
* log level by default increased to 'info'
* cgroup manager by default set to 'systemd'
* stream port (used by kubelet) bound to 127.0.0.1 for security reasons
* metrics can be enabled and port specified
2020-08-01 00:33:48 -07:00
fulii ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. (#6396) 2020-08-01 00:33:40 -07:00
Maxime Lavandier bd60df97aa
Fix download calico policy condition (#6474) 2020-08-01 00:29:48 -07:00
Cristian Chiru 94df580674
Moved docker_dns_options to defaults so it can be overridden (#6394)
* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Kuralamudhan Ramakrishnan 90e5f8ffe1
adding ovn4nfv in kubespray (#6381)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00