Commit Graph

456 Commits (2c132dccba3426fe67de0f2038f530d0995eba0e)

Author SHA1 Message Date
Andreas Krüger 656633f784 YAMLLint everything (#4576) 2019-04-18 23:59:54 -07:00
MarkusTeufelberger 04e3fb6a5a Fix ansible-lint error 103 (#4511) 2019-04-18 01:42:10 -07:00
Maxime Guyot 49af1f9969 Fix ansible-lint e601 in create-vms (#4561) 2019-04-17 10:46:10 -07:00
Andreas Krüger d4b9f15c0a PHASE 2 - Enable Packet-CI in gitlab and move unit-tests and deploy-part1 (#4538)
* PHASE 2 - Enable Packet-CI in gitlab

* Add gitlab files

* Reset files back and only keep Packet

* Include packet

* Add missing Upgrade Tests

* Update GCE jobs etc

* Fix bug

* Yaml lint all gitlab files

* Remove GCE

* Test

* Test again

* Enable GCE again

* Install requirements

* Cleanup the gitlab file

* Cleanup runner tags

* Install requirements

* Test

* Test variables for gce

* Test again

* Test again

* Fix

* Update
2019-04-17 08:32:03 -07:00
Andreas Krüger b834a28891 PHASE 1 - Add Packet-CI playbook and configuration (#4537) 2019-04-16 14:49:07 -07:00
Matthew Mosesohn d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode (#4317)" (#4510)
This reverts commit 316508626d.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn 316508626d Use K8s 1.14 and add kubeadm experimental control plane mode (#4317)
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Andreas Krüger 4ff851b302 Enable nodelocaldns by default (#4461)
* Enable nodelocaldns by default

* Enable nodelocaldns by default

* nodelocaldns is now default

* Disable enable_nodelocaldns for the addons CI jobs

Disable enable_nodelocaldns for the addons CI jobs to make sure things still work without nodelocaldns
2019-04-11 00:24:08 -07:00
Andreas Krüger 5e0249ae7c Add HAProxy as internal loadbalancer (#4480) 2019-04-10 05:56:18 -07:00
MarkusTeufelberger d2a1ac3b0c Add Ansible-lint CI step (#4411)
* Add ansible-lint as gitlab-ci step

* Fix jinja2 syntax in include_tasks that breaks ansible-lint

* Use a block scalar to get around gitlab quoting/escaping rules

* Run ansible-lint in verbose mode in CI
2019-04-10 02:04:16 -07:00
Matthew Mosesohn 5f12b7aedf Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406)
Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.
2019-04-01 12:32:34 -07:00
MarkusTeufelberger 9ffc65f8f3 Yamllint fixes (#4410)
* Lint everything in the repository with yamllint

* yamllint fixes: syntax fixes only

* yamllint fixes: move comments to play names

* yamllint fixes: indent comments in .gitlab-ci.yml file
2019-04-01 02:38:33 -07:00
Maxime Guyot 3511b55cf5 Increase CPU flavor for CI (#4389) 2019-03-27 16:26:48 -07:00
Maxime Guyot 7fb5fbac37 Use wide for netchecker debug output (#4383) 2019-03-22 19:41:06 -07:00
Peter Metz 26ca58419f feat(external-provisioner): adds support for local-path-provisioner (#4232)
* feat(external-provisioner/local-path-provisioner): adds support for local path provisioner

Helpful for local development but also in production workloads (once the
permission model is worked out) where you have redundancy built into the
software uses the PVCs (e.g. database cluster with synchronous
replication)

* feat(local-path-provisioner): adds debug flag, image tag group var

* fix(local-path-provisioner): moves image repo/tag to download role

* test(gce_centos7-flannel): enables local-path-provisioner in test case

* fix(addons): add image repo/tag to commented default values

* fix(local-path-provisioner): typo in jinja template for local path provisioner

* style(local-path-provisioner): debug flag condition re-formatted

* fix(local-path-provisioner): adds missing default value for debug flag

* fix(local-path-provisioner): syntax fix for debug if condition end

* fix(local-path-provisioner): jinja template syntax: if condition white space
2019-02-25 22:45:30 -08:00
Erwan Miran 7f93a5a0f5 Fix deprecation warnings (#4130)
* use not deprecated ansible_play_hosts variable

* Using tests as filters is deprecated

* Fix deprecation warning about pkg list
2019-01-31 14:57:22 -08:00
Erwan Miran d790ec96d8 Fixup 4125: Debug agents when requests time out (#4132) 2019-01-28 10:22:43 -08:00
Erwan Miran 5e260fe23a Fixup 4094: Debug agents when nothing is return (#4125) 2019-01-28 03:33:18 -08:00
Erwan Miran 61d88b8db2 Fix random failure in debug: var=result.content|from_json (#4094)
* Fix random failure in debug: var=result.content|from_json

* netchecker agents are deployed on all k8s-cluster group members

* reducing limits/requests is not enough, switching to n1-standard-2

* gce_centos7 need more cpu
2019-01-25 08:14:22 -08:00
Thomas Nys 3e3ee0aeb1 Add support for running a nodelocal dns cache (#3861)
* Add support for running a nodelocal dns cache

After encountering dns issues in a cluster I was recently working on I
noticed Kubernetes 1.13 introduced support for running a nodelocal dns
cache.

I believe this can usefull for more people.

73b548db06
https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md

* Add requested changes

* Add additional requested changes + documentation

* Add requested changes after review

* Replace incorrect variable
2018-12-10 17:28:03 -08:00
Andreas Krüger ddffdb63bf Remove non-kubeadm deployment (#3811)
* Remove non-kubeadm deployment

* More cleanup

* More cleanup

* More cleanup

* More cleanup

* Fix gitlab

* Try stop gce first before absent to make the delete process work

* More cleanup

* Fix bug with checking if kubeadm has already run

* Fix bug with checking if kubeadm has already run

* More fixes

* Fix test

* fix

* Fix gitlab checkout untill kubespray 2.8 is on quay

* Fixed

* Add upgrade path from non-kubeadm to kubeadm. Revert ssl path

* Readd secret checking

* Do gitlab checks from v2.7.0 test upgrade path to 2.8.0

* fix typo

* Fix CI jobs to kubeadm again. Fix broken hyperkube path

* Fix gitlab

* Fix rotate tokens

* More fixes

* More fixes

* Fix tokens
2018-12-06 02:33:38 -08:00
Rong Zhang 9051aa5296 Fix ubuntu-contiv test failed (#3808)
netchecker agent status is pending
2018-12-03 23:01:32 -08:00
Andreas Krüger 432f8e9841 Fix basic auth tokens for kubeadm deployment. (#3801)
* Fix basic auth tokens for kubeadm deployment.

* Tokens should be a dependancy on master, not nodes
2018-12-03 10:44:29 -08:00
Andreas Krüger bad886ca9b Update defaults to match k8s 1.12 suggestions (#3760)
* Update defaults to match k8s 1.12 suggestions

* Test if Netchecker works with node ip instead of localhost

* Update defaults to ipvs and coredns

* Update defaults for kube_apiserver_insecure_port

* Update main.yaml
2018-11-26 15:36:39 -08:00
Rong Zhang 07d2f1aa36 Add some warning information about deprecating non-kubeadm code (#3759) 2018-11-26 01:17:31 -08:00
okamototk c5e425b02b Support Metrics Server as addon (#3560). (#3563)
* Support Metrics Server as addon (#3560).

* Update metrics server v0.3.1.

* Add metrics server test.

* Replace metrics server manifests with kubernetes/cluster/addons's.

* Modify metrics server manifests for kubespray.

* Follow PR#3558 node label node-role.kubernetes.io/master change

* Fix metrics server parameters base_metrics_server_... to metrics_server_...

* Fix too hard corded metrics_server_memory_per_node

* Add configurable insecure tls for metrics-apiservice

* Downloadable addon-resizer and extract parameter as variables

* Remove metrics server version from deployment name

* Metrics Server work when all masters has node role

* Download metrics-server and add-resizer container only on master

* ServiceAccount and ConfigMap is separated and fix application name

* Remove old metrics server clusterrole template

* Fix addon-resizer image specify

* Make InternalIP default for metrics_server_kubelet_preferred_address_types

Make InternalIP default because multiple preferrred address types does not work.
2018-11-23 00:36:21 -08:00
Rong Zhang 0cfcd39d55 Switch to kubeadm deployment mode (#3461)
* Switch to kubeadm deployment mode

Discuss:https://github.com/kubernetes-incubator/kubespray/issues/3301

* Add non-kubeadm upgrage to kubeadm cluster
2018-11-21 01:35:40 -08:00
Andreas Krüger 17f07e2613 Enable DNS AutoScaler for CoreDNS (#3707)
* Enable AutoScaler for CoreDNS

* Only use one template for dns autoscaler

* Rename a few variables for replicas and minimum pods

* Rename a few variables for replicas and minimum pods

* Remove replicas to make autoscale work

* Cleanup kubedns-autoscaler as it has been renamed
2018-11-15 01:28:03 -08:00
Antoine Legrand 3dcb914607 Remove Vault (#3684)
* Remove Vault

* Remove reference to 'kargo' in the doc

* change check order
2018-11-10 08:51:24 -08:00
Louis Woods bc9e14a762 Adds support for Multus (multiple interfaces) CNI plugin (#3166)
* Adds support for Multus (multiple interfaces) CNI plugin

Multus is a latin word for "Multi". As the name suggests, it acts as a
Multi plugin in Kubernetes and provides multiple network interface
support in a pod. Multus uses the concept of invoking delegates by
grouping multiple plugins into delegates and invoking them in the
sequential order of the CNI configuration file provided in json format.

* Change CNI version (0.1.0->0.3.1) of Contiv to be compatible with Multus
2018-11-04 01:07:38 -08:00
Antoine Legrand 2a3aa591e0
Download role (#3553)
* codestyle tests

* Download destination can be different than local_release_dir
2018-10-20 13:56:55 +02:00
Erwan Miran 7bec169d58 Fix ansible syntax to avoid ansible deprecation warnings (#3512)
* failed

* version_compare

* succeeded

* skipped

* success

* version_compare becomes version since ansible 2.5

* ansible minimal version updated in doc and spec

* last version_compare
2018-10-16 15:33:30 -07:00
JuanJo Ciarlante a5edd0d709 [jjo] add kube-router support (#3339)
* [jjo] add kube-router support

Fixes cloudnativelabs/kube-router#147.

* add kube-router as another network_plugin choice
* support most used kube-router flags via
  `kube_router_foo` vars as other plugins
* implement replacing kube-proxy (--run-service-proxy=true) via
  `kube_proxy_mode: none`, verified in a _non kubeadm_enabled_
  install, should also work for recent kubeadm releases via
  `skipKubeProxyInstall: true` config

* [jjo] address PR#3339 review from @woopstar

* add busybox image used by kube-router to downloads

* fix busybox download groups key

* rework kubeadm_enabled + kube_router_run_service_proxy

- verify it working ok w/the kubeadm_enabled and
  kube_router_run_service_proxy true or false

- introduce `kube_proxy_remove` fact, to decouple logic
  from kube_proxy_mode (which affects kubeadm configmap
  settings, thus no-good to ab-use it to 'none')

* improve kube-router.md re: kubeadm_enabled and kube_router_run_service_proxy

* address @woopstar latest review

* add inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml

* fix kube_router_run_service_proxy conditional for kube-proxy removal

* fix kube_proxy_remove fact (w/ |bool), add some needed kube-proxy tags on my and existing changes

* update kube-router tolerations for 1.12 compatibility

* add PriorityClass to kube-router DaemonSet
2018-10-16 07:15:05 -07:00
Erwan Miran dd5327ef9e Fix ansible syntax to avoid ansible warnings (#3499) 2018-10-11 00:45:00 -07:00
Giacomo Longo 3f786542d3 Automatically infer bootstrap_os (#3498)
* Automatically infer bootstrap_os

* Rename bootstrap os to os_family
2018-10-10 23:32:10 -07:00
Antoine Legrand c27a91f7f0 Split deploy steps in separate playbooks: part1 (#3451)
* Fix bootstrap_os/ubuntu idempotency

* Update bastion role

* move container_engine in sub-roles

* requires ansible 2.5

* ubuntu18 as first CI job
2018-10-09 19:14:33 -07:00
Rong Zhang af97febb04 Upgrade kubernetes to v1.12.0 (#3410)
* Upgrade kubernetes to v1.12.0

Use kubeadm v1alpha3 config

* Upgrade coredns and etcd

* Upgrage docker to 18.06
2018-10-04 02:05:55 -07:00
Andreas Kruger 09b67c1ad5 Remove EFK from Kubespray 2018-09-20 10:44:17 +02:00
Aivars Sterns 847390dd9c
Merge pull request #3225 from niallmcandrew/patch-1
Fix test readme formatting
2018-09-19 16:06:21 +03:00
rongzhang 77e08ba204 Support dynamic kubelet config
https://kubernetes.io/blog/2018/07/11/dynamic-kubelet-configuration/
2018-09-18 08:44:39 +08:00
Matthew Mosesohn ea918e1999 Reduce instance sizes in gce 2018-09-06 15:22:46 +03:00
Erwan Miran a644b7c267 Introducing credentials_dir in order to be able to override it 2018-09-03 18:04:50 +02:00
niallmcandrew 8745486fb3
Fix test readme formatting
Adds a missing vertical bar at the star of a table so its correct markdown.
2018-09-03 08:38:21 +12:00
Antoine Legrand 78be27e18f Add ubuntu18 job 2018-08-22 16:02:07 +02:00
rongzhang 2ffc1afe40 Support audit 2018-08-16 14:38:07 +08:00
Rong Zhang a11e1eba9e Upgrade kubernetes to V1.11.x (#3078)
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
2018-08-14 15:13:44 +03:00
rongzhang ea6af449a8 Remove istio support
Use helm install or support in future
2018-08-08 11:10:09 +08:00
Matthew Mosesohn 7c93e71801
Upgrade k8s to 1.10.2 (#2748)
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Matthew Mosesohn 07cc981971
refactor vault role (#2733)
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
2018-05-11 19:11:38 +03:00
Markos Chandras 9168c71359 Revert "Revert "Add openSUSE support" (#2697)" (#2699)
This reverts commit 51f4e6585a.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn 51f4e6585a
Revert "Add openSUSE support" (#2697) 2018-04-23 14:28:24 +03:00
Andreas Krüger ddd200bbfa
Merge pull request #2604 from shravanpn7/shravan-pr
kubectl get pods from 'test' namespace as the pods were created in test ns
2018-04-19 09:27:53 +02:00
Matthew Mosesohn 02cd5418c2
Weave limits (#2660)
* Raise limits for weave

* Adjust weave limits
2018-04-15 18:32:49 +03:00
Matthew Mosesohn 49e3665d96
Remove prometheus operator from Kubespray (#2658)
Kubespray should not install any helm charts. This is a task
that a user should do on his/her own through ansible or another
tool. It opens the door to wrapping installation of any helm
chart.
2018-04-13 18:53:39 +03:00
Michal Rostecki bc3abad602 tests: Add CI jobs for openSUSE 2018-04-11 20:55:20 +01:00
Matthew Mosesohn 09f93d9e0c
Fix CI upgrade scenario by using dynamic inventory file (#2635)
Also updates the commit ID we use as a basis for upgrade tests.
2018-04-10 16:02:33 +03:00
Shravan Papanaidu f26e16bf79 kubectl get pods from 'test' namespace as the pods were created in 'test' ns 2018-04-04 13:26:16 -07:00
bobahspb 16961f69f2
Merge branch 'master' into master 2018-03-31 21:48:39 +03:00
Wong Hoi Sing Edison 195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
Vladimir Vasilkin 94a0562c93 adding prometheus_operator_enabled, k8s_metrics_enabled parameters to tests 2018-03-30 12:29:04 +03:00
RongZhang 5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
Wong Hoi Sing Edison 3f5c60886b Upgrade Weave to 2.2.1
- Fix #2414, so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
2018-03-24 17:27:12 +08:00
Chad Swenson bbb6e7b3da
Merge pull request #2508 from melkosoft/cilium
Cilium v.1.0.0-rc8
2018-03-21 20:25:43 -05:00
Erwan Miran 8b71ef8ceb Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet 2018-03-21 09:19:05 +01:00
mirwan ee8f678010 Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446) 2018-03-21 10:50:32 +03:00
melkosoft ae30009fbc changed version to 1.0.0-rc8 2018-03-20 14:18:56 -07:00
Andreas Krüger 1a35948ff6
Enable encrypting the secrets
Enable the CI test to check the encryption of secrets
2018-03-15 20:33:57 +01:00
RongZhang 67ffd8e923 Add etcd-events cluster for kube-apiserver (#2385)
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Maxim Krasilnikov ba91304636 Fixed generate front proxy client certs with vault (#2359)
* Fixed generate front proxy client certs with vault

* fix vault cert management

* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
melkosoft f13e76d022 Added cilium support (#2236)
* Added cilium support

* Fix typo in debian test config

* Remove empty lines

* Changed cilium version from <latest> to <v1.0.0-rc3>

* Add missing changes for cilium

* Add cilium to CI pipeline

* Fix wrong file name

* Check kernel version for cilium

* fixed ci error

* fixed cilium-ds.j2 template

* added waiting for cilium pods to run

* Fixed missing EOF

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed too many blank lines

* Updated tolerations,annotations in cilium DS template

* Set cilium_version to iptables-1.9 to see if bug is fixed in CI

* Update cilium image tag to v1.0.0-rc4

* Update Cilium test case CI vars filenames

* Add optional prometheus flag, adjust initial readiness delay

* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand 7a20d69809 fix inventory paths 2018-02-12 17:38:32 +01:00
Antoine Legrand c187ae22e5 Force to /usr/bin/python in CI 2018-02-12 17:38:32 +01:00
Antoine Legrand cb202a76df Fix tests 2018-02-12 17:38:32 +01:00
Antoine Legrand ce25fa4302 Enable multiple CI platform / Add DigitalOcean 2018-02-12 17:38:32 +01:00
Antoine Legrand 3ef7c25a16 Add digitalocean test case 2018-02-12 17:38:32 +01:00
Antoine Legrand 442d211ee3 Add DigitalOcean playbook to create VM 2018-02-12 17:38:32 +01:00
RongZhang c0aad0a6d5 Fix install etcd by host service (#2297)
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Matthew Mosesohn 5903aea86f
Update coreos-calico-aio scenario to test no group vars (#2314)
This updated scenario ensures deployment still passes without
having any group_vars available.
2018-02-12 12:38:06 +01:00
Wong Hoi Sing Edison 1a1d154e14 Support multiple inventory files under individual inventory directory 2018-02-08 08:08:15 +08:00
Erwan Miran 8006a6cd82 local_volumes_enabled replaced by local_volume_provisioner_enabled 2018-02-06 17:12:09 +01:00
Matthew Mosesohn ad6fecefa8
Update Kubernetes to v1.9.0 (#2100)
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.

Change region for tests to us-central1 to
improve ansible performance
2017-12-25 08:57:45 +00:00
unclejack e5d353d0a7 contiv network support (#1914)
* Add Contiv support

Contiv is a network plugin for Kubernetes and Docker. It supports
vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies,
multiple networks and bridging pods onto physical networks.

* Update contiv version to 1.1.4

Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config.

* Load openvswitch module to workaround on CentOS7.4

* Set contiv cni version to 0.1.0

Correct contiv CNI version to 0.1.0.

* Use kube_apiserver_endpoint for K8S_API_SERVER

Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks
to a available endpoint no matter if there's a loadbalancer or not.

* Make contiv use its own etcd

Before this commit, contiv is using a etcd proxy mode to k8s etcd,
this work fine when the etcd hosts are co-located with contiv etcd
proxy, however the k8s peering certs are only in etcd group, as a
result the etcd-proxy is not able to peering with the k8s etcd on
etcd group, plus the netplugin is always trying to find the etcd
endpoint on localhost, this will cause problem for all netplugins
not runnign on etcd group nodes.
This commit make contiv uses its own etcd, separate from k8s one.
on kube-master nodes (where net-master runs), it will run as leader
mode and on all rest nodes it will run as proxy mode.

* Use cp instead of rsync to copy cni binaries

Since rsync has been removed from hyperkube, this commit changes it
to use cp instead.

* Make contiv-etcd able to run on master nodes

* Add rbac_enabled flag for contiv pods

* Add contiv into CNI network plugin lists

* migrate contiv test to tests/files

Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>

* Add required rules for contiv netplugin

* Better handling json return of fwdMode

* Make contiv etcd port configurable

* Use default var instead of templating

* roles/download/defaults/main.yml: use contiv 1.1.7

Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
Matthew Mosesohn c0e989b17c
New addon: local_volume_provisioner (#1909) 2017-11-01 14:25:35 +00:00
Matthew Mosesohn ec53b8b66a Move cluster roles and system namespace to new role
This should be done after kubeconfig is set for admin and
before network plugins are up.
2017-10-26 14:36:05 +01:00
Matthew Mosesohn a52bc44f5a Fix broken CI jobs (#1854)
* Fix broken CI jobs

Adjust image and image_family scenarios for debian.
Checkout CI file for upgrades

* add debugging to file download

* Fix download for alternate playbooks

* Update ansible ssh args to force ssh user

* Update sync_container.yml
2017-10-25 11:45:54 +01:00
Matthew Mosesohn cb97c2184e typo fix for ci job name (#1847) 2017-10-20 08:26:42 +01:00
Matthew Mosesohn 4efb0b78fa Move CI vars out of gitlab and into var files (#1808) 2017-10-18 17:28:54 +01:00
Matthew Mosesohn d487b2f927 Security best practice fixes (#1783)
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Matthew Mosesohn 994324e19c Update gce CI (#1748)
Use image family for picking latest coreos image
Update python deps
2017-10-05 16:52:28 +01:00
Matthew Mosesohn bd272e0b3c Upgrade to kubeadm (#1667)
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 10:38:58 +01:00
Matthew Mosesohn 188bae142b Fix wait for hosts in CI (#1679)
Also fix usage of failed_when and handling exit code.
2017-09-20 14:30:09 +01:00
Matthew Mosesohn ef8e35e39b Create admin credential kubeconfig (#1647)
New files: /etc/kubernetes/admin.conf
           /root/.kube/config
           $GITDIR/artifacts/{kubectl,admin.conf}

Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
2017-09-18 13:30:57 +01:00
Matthew Mosesohn 975accbe1d just use public_ip in creating gce temporary waitfor hosts (#1646)
* just use public_ip in creating gce temporary waitfor hosts

* Update create-gce.yml
2017-09-18 13:24:57 +01:00
Matthew Mosesohn 0aab3c97a0 Add all-in-one CI mode and make coreos test aio (#1665) 2017-09-15 22:28:37 +01:00
Matthew Mosesohn 8e731337ba Enable HA deploy of kubeadm (#1658)
* Enable HA deploy of kubeadm

* raise delay to 60s for starting gce hosts
2017-09-15 22:28:15 +01:00
Matthew Mosesohn b294db5aed fix apply for netchecker upgrade (#1659)
* fix apply for netchecker upgrade and graceful upgrade

* Speed up daemonset upgrades. Make check wait for ds upgrades.
2017-09-15 13:19:37 +01:00
Matthew Mosesohn 8d766a2ca9 Enable ssh opts by in config, set 100 connection retries (#1662)
Also update to ansible 2.3.2
2017-09-15 10:19:36 +01:00
Matthew Mosesohn 0f231f0e76 Improve method to create and wait for gce instances (#1645) 2017-09-09 23:41:31 +03:00
Matthew Mosesohn 649388188b Fix netchecker update side effect (#1644)
* Fix netchecker update side effect

kubectl apply should only be used on resources created
with kubectl apply. To workaround this, we should apply
the old manifest before upgrading it.

* Update 030_check-network.yml
2017-09-09 23:38:38 +03:00
Matthew Mosesohn f29a42721f Clean up debug in check apiserver test (#1638)
* Clean up debug in check apiserver test

* Change password generation for kube_user

Special characters are not allowed in known_users.csv file
2017-09-08 15:47:13 +03:00
Matthew Mosesohn 7117614ee5 Use a generated password for kube user (#1624)
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556)
* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
2017-08-24 12:09:52 +03:00
Spencer Smith b2a409fd4d turn off coreos updates 2017-06-26 15:45:08 -04:00
Matthew Mosesohn fd20e0de90 Wait for container creation in check network test 2017-04-04 13:12:24 +03:00
Matthew Mosesohn 48beef25fa delete master containers forcefully 2017-03-27 19:08:22 +03:00
Matthew Mosesohn 3889c2e01c Add KVM hypervisor playbook to contrib
Optional Ansible playbook for preparing a host for running Kargo.
This includes creation of a user account, some basic packages,
and sysctl values required to allow CNI networking on a libvirt network.
2017-03-21 19:50:01 +03:00
Sergii Golovatiuk d31c040dc0 Change kube-api default port from 443 to 6443
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.

Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Antoine Legrand 08d9d24320 Add subnet var in tests 2017-02-23 15:14:28 +01:00
Matthew Mosesohn 19d0159e33 Raise timeout for get netchecker agents 2017-02-21 14:48:25 +03:00
Matthew Mosesohn 475a42767a Suppress logging for download image
This generates too much output and during upgrade scenarios
can bring us over the 4mb limit.
2017-02-18 19:10:26 +04:00
Matthew Mosesohn ce4eefff6a Use first kube-master to check results 2017-02-18 14:11:51 +04:00
Matthew Mosesohn 82b247d1a4 Adapt advanced network checker for scale
Skip nodes not in ansible play (via --limit)
2017-02-18 14:09:57 +04:00
Matthew Mosesohn 9c1701f2aa Add synthetic scale deployment mode
New deploy modes: scale, ha-scale, separate-scale
Creates 200 fake hosts for deployment with fake hostvars.

Useful for testing certificate generation and propagation to other
master nodes.

Updated test cases descriptions.
2017-02-18 14:09:55 +04:00
Antoine Legrand b84cc14694 Merge pull request #1029 from mattymo/graceful
Add graceful upgrade process
2017-02-17 21:24:32 +01:00
Matthew Mosesohn a510e7b8f3 Use gce hostname as inventory name
Calico does not allow renaming hosts
2017-02-17 20:21:58 +03:00
Sergii Golovatiuk c5ea29649b Add timings to RECAP output.
- Starting from version 2.0 ansible has 'callback_whitelist =
  profile_tasks'. It allows to analyze CI to find some time regressions.
- Add skippy to CI's ansible.cfg

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-14 18:47:02 +01:00
Matthew Mosesohn ee15f99dd7 Add CI cases for testing upgrade from v2.0.1 release
These are manual trigger jobs, but should be run if any PR
impacts upgrades.
2017-02-10 10:20:58 +04:00
Josh Conant 245e05ce61 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
crodetsky 8e29b08070 Genericize test cases and namespace create pod
This change modifies 020_check-create-pod and 030_check-network test cases to
target `kube-master[0]` instead of `node1` as these tests can be useful in
deployments that do not use the same naming convention as the basic tests.

This change also modifies 020_check-create-pod to namespace into a `test`
namespace allowing the `get pods` command to get its expected number of
running containers.

Closes #866 and #867.
2017-01-18 14:52:35 -05:00
Spencer Smith aa33613b98 Merge pull request #863 from bogdando/coreos_facts
[WIP] Better fix for different CoreOS os family facts
2017-01-05 13:22:35 -05:00
Bogdan Dobrelya f365b32c60 Non preempt GCE instances for CI
Revert preemptible GCE instances for CI as they are too
much of UNREACHABLE. Later we could return to them after
figured out how to mitigate preepted instances with
automated CI retries.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 17:08:57 +01:00
Bogdan Dobrelya 5af2c42bde Better fix for different CoreOS os family facts
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 16:32:08 +01:00
Bogdan Dobrelya f7447837c5 Rename CoreOS fact
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Antoine Legrand 399cb9707a Merge pull request #828 from bogdando/triggers
Rework CI triggers/pipeline
2016-12-27 15:20:42 +01:00
Bogdan Dobrelya 622537bd33 Rework CI triggers/pipeline
* Run CI triggers in one step
* Run all test matrix for triggers
* Switch back to g1-small

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 14:39:52 +01:00
Bogdan Dobrelya 79996b557b Rework ignore_errors to report no reds
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00
Bogdan Dobrelya 89a4b92753 Raise ansible forks for CI test config
As we raised the flavor from small to standard, raise the ansible
forks from default 5 to 20 to speed up deployment.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-22 15:12:47 +01:00
Antoine Legrand 9885fe73dc use standard vm 2016-12-21 11:43:52 +01:00
Antoine Legrand fbc13ea6dc Use preemptible instances 2016-12-21 09:27:21 +01:00
Bogdan Dobrelya ad68b23d8a Manual steps for Gitlab CI pipeline
* Reduce default testcase to 2 nodes, add HA case.
* Adjust gen_matrix script for Travis/Gitlab CIs.
* Enable netchecker deploy foro gitlab CI.
* Sync other things from travis matrix and reorder them as build steps
  for pull requests, master branch, auto/manual.
* Do auto-step1 from part1 and manual step2,3 for branches/PRs.
* Do manual steps from part2, special for master merges.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-15 17:23:18 +01:00
Antoine Legrand 670d977dfb Merge pull request #756 from bogdando/skip_netcheck
Consider netcheck passed if agents can't report in time
2016-12-15 14:48:09 +01:00
Bogdan Dobrelya d7b0ff3de6 Consider netcheck passed if agents can't report in time
Double the time to wait for the netcheck agents.
Do not fail CI build, if agents can't report in time.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-15 10:28:03 +01:00
Antoine Legrand 6b1dfa4ae6 Add deployment from gitlab-ci 2016-12-15 09:12:19 +01:00
Bogdan Dobrelya 8d7b25d4f0 Enable netchecker for CI
* Enable netchecker app for CI postinstall tests
* Rework outputs and better coverage to the ping between pods post
intall test case. With netchecker deployed, the test covers hostnet
to hostnet and standard to standrad pods ping check as well.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-14 13:42:19 +01:00
Antoine Legrand b60d5647a2 Merge pull request #635 from kubernetes-incubator/download_images
Download images as dependencies of roles
2016-11-22 14:53:12 +01:00
Bogdan Dobrelya 66f27ed1f3 Download images as dependencies of roles
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Bogdan Dobrelya 97d126ac8b Increase wait for pods post-install test
The test deployment/rc/pods creation time
is near 2m on slow CI instances with 1 CPU/1.7G RAM.
Increase wait time to allow the post test fail less often.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 18:50:05 +01:00
Bogdan Dobrelya 952191db99 Fix collect/upload logs for CoreOS
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-17 15:54:41 +01:00
Bogdan Dobrelya e4d240b1b7 Improve CI test matrix
For Travis CI and GCE, add a naive generator script into a markdown table.
Add GCE/Travis CI matrix docs.
Add CoreOS test cases.
Rework existing cases w/o loosing of coverage.
Rework postinstall tests to support CoreOS as well.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-15 18:17:30 +01:00
Bogdan Dobrelya cf7c60029b Label k8s apps, adjust collect/upload info steps
- Drop debugs from collect-info playbook
- Drop sudo from collect-info step and add target dir var (required for travis jobs)
- Label all k8s apps, including static manifests
- Add logs for K8s apps to be collected as well
- Fix upload to GCS as a public-read tarball

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-10 16:05:50 +01:00
Bogdan Dobrelya d197130148 Fix uploading CI logs to GCS
* Use gsutil to configure the logs bucket's lifecycle,
  which is not in the gc_storage module yet.
  (See https://cloud.google.com/storage/docs/gsutil_install).
* Generate uniq bucket names extended with the build's OS type info as well.
* Ignore boto related errors for the gc_storage module.
* Use no_log when needed to supress noise/secrets in output

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-08 16:17:10 +01:00
Bogdan Dobrelya 39b8336f3f Fix upload logs
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-07 10:48:01 +01:00
Bogdan Dobrelya 3b2554217b Upload logs to GCS after failure
Delete configure logs script as not needed
Rework collect info script defaults

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-03 15:25:37 +01:00
Bogdan Dobrelya 50f77cca1d Add CI test layouts
* Drop Wily from test matrix
* Replace the Wily cases dropped with extra cases to test separate
  roles deployment

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-28 16:42:03 +02:00
Bogdan Dobrelya 93f7a26896 Enable smart facts cache for CI jobs
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-25 12:23:49 +02:00
Bogdan Dobrelya e6cfbe42db Revert "Merge pull request #393 from bogdando/ci_changes"
This reverts commit 4662b41de6, reversing
changes made to 4fb4ac120b.
2016-08-03 12:42:52 +02:00
Bogdan Dobrelya ff5a48c9f9 Add CI test layouts
* Drop Trusty from test matrix
* Add extra cases to test separate roles deployment

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-01 14:07:59 +02:00
Smana 0b67c23d42 test the apiserver from the masters instead of the deployment machine 2016-07-03 16:18:04 +02:00
Smana 608e7dfab2 upgrade k8s vers, and add a script for future upgrades 2016-05-12 15:56:30 +02:00
Smaine Kahlouch 68fafd030d choose between gce and aws cloud providers 2016-03-23 17:27:06 +01:00
Jean-Christophe Sirot f5f6e44369 Move common groovy test code for jenkins into git repo and add test result matrix 2016-03-10 22:45:54 +01:00
Antoine Legrand e737ed8105 Merge pull request #146 from kubespray/rollback_docker_1.9
Rollback docker 1.9
2016-02-13 18:34:55 +01:00
Jean-Christophe Sirot 323ff78206 Update playbooks for automatic deployment tests 2016-02-13 17:57:10 +01:00
Smana 8659693c76 fix testcases 2016-02-13 17:29:41 +01:00
Smana 2feac2956a change tests, full path of kubectl binary 2016-02-13 14:47:53 +01:00
ant31 caa2555b1d Add complete test integration 2016-02-10 22:58:57 +01:00