Commit Graph

1938 Commits (3d819a6edd16398a6807488175c8e279ea51f786)

Author SHA1 Message Date
Brad Beam 3d819a6edd Adding cluster_name to api cert alt name for vault 2018-06-12 14:15:07 -05:00
Rong Zhang 10c9fe96b0
Merge pull request #2859 from riverzhang/nginx
Fix nginx-proxy HA when kubeadm enable
2018-06-08 01:10:01 +08:00
Rong Zhang 42b24616ac
Merge pull request #2856 from alvistack/kubernetes-1.10.4
Upgrade Kubernetes to 10.0.4 and etcd to 3.2.18
2018-06-07 23:54:03 +08:00
rongzhang f9ccb93825 Fix nginx-proxy HA when kubeadm enable 2018-06-07 14:27:19 +00:00
Aivars Sterns daeea75fbb
Merge pull request #2835 from oracle/bm_fix-apiserver-access-ip
roles/kubernetes/client: kubeconfig template should use access_ip
2018-06-07 11:50:57 +03:00
Wong Hoi Sing Edison 0ad0202e8f Upgrade Kubernetes to 10.0.4 and etcd to 3.2.18 2018-06-07 16:20:29 +08:00
Brad Beam 1f02cc70f1
Merge pull request #2825 from dshuvar/dshuvar/docker-options.conf
Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments
2018-06-06 12:56:18 -05:00
Brad Beam fe010504aa
Merge pull request #2851 from bradbeam/vaultnotify
Adding wait for vault up handler in service restart
2018-06-06 12:49:03 -05:00
Brad Beam 63a458063b Adding missing rkt template for etcd-events 2018-06-06 10:43:30 -05:00
Brad Beam a8715f9f0f Adding wait for vault up handler in service restart 2018-06-06 10:40:27 -05:00
Matthew Mosesohn 59be578842
Revert "wip pr for improved cert sync" (#2849) 2018-06-06 17:22:25 +03:00
Aivars Sterns cb0a257349
Merge pull request #2819 from oleh-ozimok/fix-cidr-assert
Fix enough network address space assert
2018-06-06 07:32:16 +03:00
Aivars Sterns 69ea28e187
Merge pull request #2827 from mattymo/testpr
wip pr for improved cert sync
2018-06-04 12:43:00 +03:00
Ben Meier 2f5a9e180c kubernetes/client: kubeconfig template should use the access_ip for the chosen master node 2018-06-04 09:51:05 +01:00
Dmitry f912a4ece5 Fix compare AnsibleUnsafeText with int (#2828) 2018-06-04 11:34:10 +03:00
Rong Zhang d1e66f9cc8 Add label to kubelet env for kubeadm deploy cluster (#2841) 2018-06-04 11:26:47 +03:00
Aivars Sterns b67cf74c5e
Merge pull request #2823 from scality/dashboard_in_cluster_info
Dashboard in cluster info
2018-05-31 15:48:25 +03:00
Erwan Miran 11d87ecc37 removed surnumerary definition of contiv_etcd_init_image_* (already in download role) 2018-05-31 00:02:11 +02:00
Matthew Mosesohn 7433348aae wip pr for improved cert sync 2018-05-30 12:15:11 +03:00
Erwan Miran 3673ed6262 include contiv_etcd_init_image to downloads role 2018-05-29 17:05:33 +02:00
Dmitrii Shuvar 16f860bbc2
Update docker-options.conf.j2
Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments
try fix ci error previous commit
2018-05-29 12:40:33 +03:00
dshuvar d973ecf5cc fix error message: '[/etc/systemd/system/docker.service.d/docker-options.conf:3] Failed to parse mount flag , ignoring.' 2018-05-28 18:23:15 +03:00
Julien Girardin f88cd27686 Add dashboard url as part of `kubectl cluster-info` output 2018-05-28 11:46:11 +02:00
Erwan Miran 2a4fc70e1c contiv-etcd-init image as default instead hardcoded 2018-05-28 11:11:18 +02:00
Oleg Ozimok 38f7ba2584 Fix enough network address space assert 2018-05-27 18:01:17 +03:00
Andreas Krüger a67bdff28c
Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl
opensuse: Fix OpenSSL package name
2018-05-22 11:21:04 +02:00
Andreas Krüger e3c8b230a0
Merge pull request #2806 from Miouge1/no-kpm
Remove KPM support
2018-05-22 11:17:52 +02:00
Miouge1 095d33bc51 Remove KPM support 2018-05-21 22:28:08 +02:00
Mikhail Vasilenko 821966b319 Update Helm version to 2.9.1 2018-05-21 17:36:51 +03:00
Andreas Krüger e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Andreas Krüger a2a7bcd43d
Merge pull request #2786 from cruwe/cjr-assert-maximum-pods-on-node-cidr
assert that number of pods on node does not exceed CIDR address range
2018-05-16 19:57:43 +02:00
Christopher J. Ruwe c1bc4615fe assert that number of pods on node does not exceed CIDR address range
The number of pods on a given node is determined by the  --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.

The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.

Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
2018-05-16 11:55:46 +00:00
Aivars Sterns eba486f229 add posibility to provide different yum repository directory (#2787) 2018-05-16 13:56:04 +03:00
Andreas Krüger 4ac79993e2
Merge pull request #2666 from AnatolyRugalev/master
Added MountFlags variable to docker options
2018-05-16 09:34:34 +02:00
Matthew Mosesohn 7c93e71801
Upgrade k8s to 1.10.2 (#2748)
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Andreas Krüger 1be399ab7b
Merge pull request #2772 from cruwe/cjr-correct-perms-on-kubeconfig
make admin.conf -> .kube/config non-executable
2018-05-15 13:26:33 +02:00
Anatoly Rugalev eae4fa040a Added docker_mount_flags option (fixes #2624) 2018-05-15 11:57:18 +02:00
Christopher J. Ruwe 73800ef111 make certificates non-executable 2018-05-15 07:54:32 +00:00
rongzhang 742a8782dd Bump kube-dns to 1.14.10
Upgrade kube-dns to 1.14.10
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns
2018-05-15 03:29:10 +00:00
Christopher J. Ruwe 49d106f615 make admin.conf -> .kube/config non-executable
Almost certainly, the .kube/config file (YAML) should not be executable.
2018-05-14 09:29:48 +00:00
Miouge1 ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Matthew Mosesohn 07cc981971
refactor vault role (#2733)
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
2018-05-11 19:11:38 +03:00
woopstar 7df5edef52 Fix path for pip and python 2018-05-11 16:01:52 +02:00
Cédric de Saint Martin 7507031cb1 CoreOS bootstrap: set bin_dir and PATH for pip. 2018-05-08 22:20:58 +02:00
Andreas Krüger d73d60c9b0
Merge pull request #2600 from maximegaillard/master
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Andreas Krüger 004b4a0436
Merge pull request #2729 from Ashon/issues/fix-python-compat
Use 'items()' for python compatibility
2018-05-08 12:02:28 +02:00
Andreas Krüger 67ce8925e4
Merge pull request #2742 from woopstar/coredns-update
Update CoreDNS to version 1.1.2
2018-05-08 12:01:42 +02:00
Michal Rostecki 066016cd3e opensuse: Fix OpenSSL package name
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
2018-05-08 10:03:30 +02:00
Andreas Krüger 28d6eb6af1
Merge pull request #2644 from cp3hu/master
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
woopstar 1a47a9b850 Update CoreDNS to version 1.1.2 2018-05-08 09:14:01 +02:00