Matthew Mosesohn
85c851f519
scale down coredns on each master during graceful upgrade ( #5344 )
...
This fixes the scenario where masters are upgraded one at a time
and coredns gets improperly scaled back up to 2 replicas.
Change-Id: I7cc9283f40efcfd61b5813c89a5805c95d901567
2019-11-18 00:13:41 -08:00
Matthew Mosesohn
8b67159239
Do not run kubeadm upgrade on first deploy ( #5339 )
...
Change-Id: I68a962a9dd28c83ef07eaeaf53eb98287f38bca9
2019-11-14 02:05:34 -08:00
LuciferInLove
4f70da2731
Added Amazon Linux 2 support for deploying with docker ( #5301 )
2019-11-11 07:05:41 -08:00
Matthew Mosesohn
db5040e6ea
Set certs and files with kubeadm token to mode 0640 ( #5325 )
...
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
2019-11-11 05:41:41 -08:00
Jacopo Secchiero
97764921ed
Fix calico name resolution ( #5291 )
2019-11-11 04:01:41 -08:00
Bjoern Teipel
8c15db53b2
Fix helm for Kubernetes 1.16.2 ( #5332 )
...
Since upgrading k8s beyond 1.16.0 version, helm init does
no longer work with helm < 2.16.0 due to
https://github.com/helm/helm/issues/6374
This PR closes issue #5331
2019-11-11 03:53:41 -08:00
Julien Pervillé
0200138a5d
Pass `ingress_nginx_extra_args` when deploying the nginx-ingress addon ( #5321 )
2019-11-11 03:51:40 -08:00
Florent Monbillard
14af98ebdc
Respect cri-tool supported version matrix ( #5241 )
...
| Kubernetes Version | cri-tools Version |
|--------------------|-------------------|
| 1.16.x | v1.16.0 |
| 1.15.X | v1.15.0 |
| 1.14.X | v1.14.0 |
| 1.13.X | v1.13.0 |
| 1.12.X | v1.12.0 |
| 1.11.X | v1.11.1 |
- Upgrade to cri-tools 1.16.1
- Add checksums for cri-tools 1.16.1
2019-11-11 03:45:42 -08:00
YichenWong
8a5434419b
fix useradd etcd ( #5281 )
2019-11-11 03:27:41 -08:00
Quentin Gliech
8a406be48a
Fix indentation in cilium-ds.yml template ( #5305 )
2019-11-11 03:25:41 -08:00
Junho Suh
076f254a67
Add cilium_tunnel_mode variable to the cilium config ( #5295 )
2019-11-11 03:19:42 -08:00
Dmitry Chusovitin
45d151a69d
containerd installation on Debian ( #5326 )
2019-11-11 02:41:41 -08:00
Matthew Mosesohn
bd014c409b
Skip coredns image when evaluating kubeadm images ( #5327 )
...
It will be enabled correctly in downloads
Change-Id: Ief0b7aa2a8ee2ba6a6849820802f8542584b2c04
Related-story: PRODX-1171
2019-11-09 00:51:39 -08:00
Matthew Mosesohn
1c25ed669c
Remove unnecessary and risky reload network for resolvconf propagation ( #5322 )
...
Change-Id: I54d706f7941b4b86c4c6cd45340295577155b884
2019-11-06 10:11:52 -08:00
Matthew Mosesohn
a005d19f6f
Enable systemd-resolved DNS resolution mode ( #5318 )
...
Change-Id: If3e253a40782e03cde7fc4a91493517ae31fda17
2019-11-06 03:33:52 -08:00
Matthew Mosesohn
471589f1f4
Scale down coredns created by kubeadm upgrade to 0 replicas ( #5308 )
...
Change-Id: I128b0f9c1acbb956d9a6c4e5510b45a36e296af7
2019-11-05 03:34:38 -08:00
Ali Sanhaji
b0ee1f6cc6
Deploy Cinder CSI driver to provision volumes over OpenStack ( #5184 )
...
* Deploy Cinder CSI driver to provision volumes over OpenStack
* Deploy Cinder CSI StorageClass
* Cinder CSI doc
2019-11-01 00:59:24 -07:00
Matthew Mosesohn
186ec13579
Fix incorrect suggestion to enable old k8s apis ( #5292 )
...
Change-Id: If965cc6aa0daaca232dcf2ca0efd649aa097497f
2019-10-30 01:58:53 -07:00
Matthew Mosesohn
2c4e6b65d7
Raise delay and retry for rotate tokens ( #5304 )
...
Change-Id: I87844b43b9a18064e7a99567ce57c1ca1ffcc4a8
2019-10-30 01:56:52 -07:00
Matthew Mosesohn
94d4ce5a6f
Retry cleaning up calico-node container ( #5302 )
...
Change-Id: Iad27b107860213759c7ae51f0891d7e5e7c6d96b
2019-10-28 05:11:25 -07:00
Matthew Mosesohn
81da231b1e
Set cluster DNS in kubeadm config for kubelet dynamic config ( #5293 )
...
Change-Id: I23116efefe8626d361d1904fc6fb8448f66cf3c5
2019-10-25 02:23:40 -07:00
Matthew Mosesohn
a1fff30bd9
Generate TLS certs for calico typha ( #5258 )
...
* Generate TLS certs for calico typha
Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707
* Add group vars note
Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Sergey
81d57fe658
set calico_datastore default value in role kubespray-default ( #5259 )
2019-10-17 05:58:38 -07:00
Sergey
3118437e10
check on all cluster node - kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix | int)) - 2 ( #5279 )
2019-10-17 05:48:38 -07:00
Sergey
65e461a7c0
download container always been on download_delegate host ( #5177 )
...
* download container always been on download_delegate host
* fix also check pull required
2019-10-17 05:38:38 -07:00
Michael Oglesby
c672681ce5
Revert Pull Request #5084 ( #5120 )
...
Kubespray Pull Request #5084 (https://github.com/kubernetes-sigs/kubespray/pull/5084 ) caused more problems than it solved due to limitations with the synchronize module. See comments on Kubespray Issues #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059 ) and #5116 (https://github.com/kubernetes-sigs/kubespray/issues/5116 ). Details from Ansible documentation: "Currently, synchronize is limited to elevating permissions via passwordless sudo. This is because rsync itself is connecting to the remote machine and rsync doesn’t give us a way to pass sudo credentials in. ... Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been determined for those connection types. Note that the connection for these must not need a password as rsync itself is making the connection and rsync does not provide us a way to pass a password to the connection. ..." Thus, reverting Pull Request #5084 .
2019-10-17 05:26:37 -07:00
yelhouti
d332a254ee
install python3 instead of python2 for fedora >= 30 fixes 5056, fixes 4802 ( #5111 )
2019-10-17 05:04:38 -07:00
Matthew Rapa
3debb8aab5
add KUBELET_VOLUME_PLUGIN to kubelet.env ( #5128 )
2019-10-16 20:08:38 -07:00
YichenWong
aada6e7e40
Add etcd_data_dir variable to the kubeadm config ( #5263 )
2019-10-16 19:50:39 -07:00
Matthew Mosesohn
ac60786c6f
Add support for restart handlers for control plane on crio/containerd ( #5250 )
...
* Add support for restart handlers for control plane on crio/containerd
Change-Id: I8343cc4e9df7f55b732628ed01cc6e7ea5dcee85
* Update main.yml
2019-10-16 18:58:39 -07:00
Hugo Blom
db33dc6938
Add support for Kubernetes 1.16.2 ( #5272 )
...
* Add support for Kubernetes 1.16.1
* Defaults to 1.16.1
* add 1.16.2 checksums and set new version as default
* correct 1.16.2 checksums and add 1.15.5 checksums
2019-10-16 18:34:38 -07:00
Hugo Blom
9dfb25cafd
fix typo ( #5275 )
2019-10-16 18:26:38 -07:00
Maxime Guyot
df8d2285b6
Update ingress-nginx to v0.26.1 ( #5268 )
2019-10-16 18:22:39 -07:00
Matthew Mosesohn
af6456d1ea
Fix selector for calico-typha deployment ( #5253 )
...
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
2019-10-16 07:53:42 -07:00
Maxime Guyot
6f57f7dd2f
Update nginx image to latest ( #5270 )
2019-10-16 04:37:42 -07:00
Xiaodu
bec23c8a41
Add k8s v1.15.4 hashes ( #5235 )
2019-10-16 04:33:41 -07:00
Robin Elfrink
faaff8bd72
Add RotateCertificates to kubelet config if kubelet_rotate_certificates is set. ( #5152 )
...
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
2019-10-16 04:31:41 -07:00
andreyshestakov
8031c6c1e7
Update template for dashboard to support v2.x ( #5187 )
...
Secrets and ConfigMap should be created before dashboard pod run.
2019-10-16 04:29:41 -07:00
Erwan Miran
9d8fc8caad
Fix getting nameserver and search for /etc/resolv.conf with comments ( #5197 )
2019-10-16 04:27:40 -07:00
Qingkun Li
a51b729817
add ignore_errors to the kube-proxy deletion task ( #5236 )
...
When using cluster.yml or scale.yml to add/scale nodes in the existing
k8s cluster, the `kubeadm init` wouldn't run. As a result, kube-proxy
wouldn't be created, and therefore the kube-proxy deletion task would
fail, e.g. in the case where kube-router is used and "kube_proxy_remove"
is set to true. As a workaround, add ignore_errors to the kube-proxy
deletion task.
2019-10-16 04:23:40 -07:00
Maxime Guyot
19bc79b1a6
Update cert-manager to v0.11.0 ( #5269 )
2019-10-16 04:21:40 -07:00
Sergey
932935ecc7
fix wrong path in include install_host.yml in etcd role ( #5256 )
2019-10-13 18:16:34 -07:00
BenoitBOULANGER
e01118d36d
Fix issue in remove-node/post-remove task ( #5185 ) ( #5186 )
2019-10-10 05:17:43 -07:00
Matthew Mosesohn
dea9304968
Enable openstack_cacert to be either file or base64 string ( #5243 )
2019-10-09 02:19:49 -07:00
Matthew Mosesohn
2864e13ff9
Reset between kubeadm secondary control plane join attempts ( #5240 )
...
Change-Id: Ic9425bf90552d7e3d42b02409af9773d99376384
2019-10-08 00:15:12 -07:00
Erwan Miran
0ba336b04e
install helm client separately ( #5212 )
2019-10-04 05:14:02 -07:00
Matthew Mosesohn
89f1223f64
Fix selector workaround for helm install ( #5237 )
...
Change-Id: I826337b59814674c3feb4cd6a4904d9d53e01652
2019-10-03 23:41:56 -07:00
陈谭军
8bc0710073
clean up document ( #5214 )
2019-10-02 04:41:07 -07:00
Matthew Mosesohn
fb591bf232
Apply workaround for NetworkManager and calico ( #5230 )
...
Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4
2019-10-02 04:37:07 -07:00
Matthew Mosesohn
a43e0d3f95
Switch to Kubernetes v1.16.0 ( #5189 )
...
* Switch to Kubernetes v1.16.0
Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158
* Fix download localhost cached file path
Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47
* fix kubeadm etcd for v1.16
Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2
* disable tf packet jobs
Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154
* Disable contiv packet jobs. Fix kube-router
Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d
* bump sonobuoy version
Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
2019-10-02 02:21:07 -07:00
陈谭军
99dbc6d780
clean-up doc,spelling mistakes ( #5206 )
2019-09-26 04:25:08 -07:00
Richard Scott
75e4cc2fd9
Updated kubectl.sh ( #5156 )
...
The script is not usable unless you are in the '.vagrant/provisioners/ansible/inventory/artifacts' folder.
This update makes this usable from anywhere.
2019-09-26 04:23:07 -07:00
Etienne Champetier
81cb302399
MetalLB: fail if kube_proxy_strict_arp is false ( #5180 )
...
When using IPVS, kube_proxy_strict_arp = true is required
https://github.com/danderson/metallb/issues/153#issuecomment-518651132
Add kube_proxy_strict_arp to inventory/sample
2019-09-26 04:21:06 -07:00
陈谭军
3bcdf46937
fix-up some spelling mistakes ( #5202 )
2019-09-25 23:27:08 -07:00
Sergey
1cf6a99df4
generate kubeadm download image list with options useHyperKubeImage ( #5203 )
2019-09-25 18:03:06 -07:00
Erwan Miran
f18e77f1db
Blocksize for calico default pool should be configurable ( #5198 )
2019-09-25 04:44:00 -07:00
陈谭军
2fc02ed456
fix-typo ( #5199 )
2019-09-25 04:04:00 -07:00
pando85
9db61c45ed
Upgrade nodelocaldns to 1.15.5 ( #5191 )
2019-09-22 20:13:22 -07:00
Sergey
8cb54cd74d
fix broken scale procedure: ( #5193 )
...
- do not run etcd role when etcd_kubeadm_enabled == true
- remove default value 'systemd' for cgroup driver in containerd role.
this value override autodetect in kubelet_cgroup_driver_detected from docker info
2019-09-22 01:07:22 -07:00
Florent Monbillard
a3f1ce25f8
Add support for k8s v1.14.6 ( #5182 )
2019-09-18 02:53:30 -07:00
Qingkun Li
3c7f682e90
Parameterize gcr, quay, and docker image repo defines ( #5146 )
...
This allows to easily override the gcr, quay, and docker repos with the
mirror repos in countries like China, where the default accesses are
blocked or unstable.
2019-09-18 02:49:30 -07:00
Sergey
8984096f35
use hyperkubeimage to run controlplane containers ( #5178 )
2019-09-17 18:33:28 -07:00
Mario
1ce7831f6d
Update main.yml ( #5166 )
2019-09-17 05:36:24 -07:00
Matthew Mosesohn
6fe2248314
Use more native way to update kubeconfigs using kubeadm ( #5165 )
...
Change-Id: I1076b418f85a26d9896be69910052128afc51cee
2019-09-13 03:40:29 -07:00
andreyshestakov
cb4f797d32
Fix macro on local_volume_provisioner ( #5168 )
...
mydict.keys() should be converted to list,
otherwise it causes errors in loop iteration.
Remove extra space after class name, which broke configmap.
Also allow set reclaimPolicy property.
2019-09-13 00:50:33 -07:00
Matthew Mosesohn
eb40ac163f
Move cri_socket var to kubespray-defaults ( #5149 )
2019-09-10 12:30:55 -07:00
Matthew Mosesohn
27ec548b88
Add support for k8s v1.16.0-beta.2 ( #5148 )
...
Cleaned up deprecated APIs:
apps/v1beta1
apps/v1beta2
extensions/v1beta1 for ds,deploy,rs
Add workaround for deploying helm using incompatible
deployment manifest.
Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
2019-09-10 12:06:54 -07:00
Florent Monbillard
637f09f140
Fix ansible task titles ( #5154 )
...
* Fix ansible task titles for CRI connection tasks
* Fix Azure subscription ID check task title
2019-09-10 01:34:54 -07:00
Matthew Mosesohn
9b0f57a0a6
Adjust endpoints for kube-proxy,controller,scheduler to proper ip ( #5150 )
...
Change-Id: I5aa009358bee7035922b5a10327997e47c9ba434
2019-09-09 10:33:20 -07:00
Matthew Mosesohn
7f74906d33
Make haproxy/nginx client timeout configurable ( #5140 )
...
Change-Id: I61319a06eb33d9fc868e19941924f387088b856b
2019-09-05 00:32:51 -07:00
Richard Arends
4d95bb1421
Use python3-libselinux on RHEL8/Centos8 ( #5127 )
...
* Use python3-libselinux on RHEL8/Centos8
* The fact ansible_facts.distribution_major_version is not present on older Ansible version.
Default it to 0 in when not present and use libselinux-python as package to get current
default behaviour.
2019-08-28 02:33:15 -07:00
Matthew Mosesohn
184ac6a4e6
Parse calico nodes as json ( #5114 )
2019-08-27 10:16:42 -07:00
rptaylor
10e0fe86fb
remove unimplemented custom_flags vars, document the extra_args vars (issue 4352) ( #5108 )
2019-08-23 01:21:18 -07:00
Matthew Mosesohn
7e1645845f
Allow calico settings to be modified ( #5101 )
...
Previous logic used calicoctl.sh create --skip-exists, which
allowed setting initial values, but not permitting changes.
2019-08-23 00:01:19 -07:00
Neven Miculinic
f255ce3f02
Added CRI-O support for ubuntu ( #4629 )
...
* Added CRI-O support for ubuntu
* implemented feedback
* set crictl to fixed version
* Fix errors during rebasing
* Fix linting errors
2019-08-22 03:54:31 -07:00
Michael Oglesby
07ecef86e3
Replace fetch with synchronize due to memory error ( #5084 )
...
Fix for Kubespray Issue #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059 ). There is a known issue with the 'fetch' module that will sometimes lead to it failing with a memory error. See ansible/ansible#11702 (https://github.com/ansible/ansible/issues/11702 ). I encountered this issue with the "Copy kubectl binary to ansible host" task in kubespray/roles/kubernetes/client/tasks/main.yml, and it caused my entire deployment to error out (see "Output of ansible run" above). Replacing 'fetch' with 'synchronize' fixes this issue.
2019-08-22 02:40:32 -07:00
ewtang
3bc4b4c174
Use raw module for bootstrap-debian.yml ( #5061 )
...
Updated Openstack to terraform 0.12 (#5062 )
* update openstack to terraform 0.12(.5)
* replace cluter.tf with cluster.tfvars
* update README.md to terraform 0.12
* update Openstack CI tests to use terraform 0.12
* specify terraform version in openstack README
* gitlab CI to copy cluster.tfvars in case of openstack provider
* The terraform/openstack dynamic inventory can read
tfstate v4 (generated by terraform 0.12) and convert them internally
ro v3 (as generated by terraform 0.11.x).
Additionally the script has been updated to Python 3.
2019-08-22 01:46:31 -07:00
Victor Morales
da089b5fca
Update CRI-O in CentOS ( #4582 )
...
According to their compatibility matrix[1] the 1.11.5 version seems to
be deprecated. This change updates the CentOS repository reference.
[1] https://github.com/cri-o/cri-o#compatibility-matrix-cri-o---kubernetes-clusters
2019-08-22 01:16:32 -07:00
Sergey
494a6512b8
fix bug: run Copy image to ansible host cache on download_delegate host ( #5094 )
...
* run 'task download_container | Copy image to ansible host cache' with synchronize on download_delegate host
* try to run task copy file to ansible host on all inventory, not only on first random host
2019-08-21 23:38:30 -07:00
Tony Fouchard
f6a63d88a7
Allow to configure strict ARP on kube-proxy ( #5092 )
2019-08-20 18:21:17 -07:00
Andreas Krüger
86cc703c75
Upgrade to Kubernetes 1.15.3 ( #5091 )
2019-08-20 02:05:32 -07:00
Hugo Blom
4dba34bd02
add cinder max attached volumes ( #5089 )
2019-08-19 23:45:32 -07:00
Xiaodu
b0437516c1
Kube-router annotate.yml: Use group 'k8s-cluster' instead of 'all' ( #5087 ) ( #5088 )
2019-08-19 04:53:29 -07:00
Ali Sanhaji
a1ff1de975
fix openstack_cacert conditional ( #5078 )
2019-08-15 05:50:34 -07:00
Zou Nengren
1bfbc5bbc4
remove resource-container default value for kube-proxy ( #4994 )
2019-08-15 05:30:33 -07:00
Bort Verwilst
c5b4d3ceaa
upgrade Helm to 2.14.3 ( #5075 )
...
Signed-off-by: Bart Verwilst <bart@verwilst.be>
2019-08-15 04:34:33 -07:00
w33dw0r7d
8fc9c5d025
Upgrade ingress nginx to 0.25.1 ( #5081 )
2019-08-15 04:14:34 -07:00
刘旭
53bc80bb59
Ingress nginx ( #5066 )
...
* remove svc-default-backend
* update ingress-nginx clusterrole
2019-08-15 02:34:33 -07:00
Matthew Mosesohn
771ce96e6d
Set initial kubeadm token if specified in kubeadm init ( #5057 )
...
Change-Id: I7fd94ec6d195af60d237b3cfe91668ca1f707d26
2019-08-15 02:26:33 -07:00
Oilbeater
fc456ff0cd
move kube-ovn images to dockerhub ( #5063 )
2019-08-14 04:02:24 -07:00
Sergey Kolekonov
b4f70db878
Fix broken containerd pinning on Ubuntu ( #5072 )
2019-08-13 19:26:23 -07:00
Matthew Mosesohn
0a2f4edfc6
Always download coredns images with kubeadm ( #5071 )
...
Fixes situation when using manual mode because it
tries to download coredns v1.3.1 from the same
image repository where kubernetes images are
downloaded from.
Change-Id: Ibbec8a72c8162ce8befa74e2013a268737ea5f8a
2019-08-13 08:53:43 -07:00
Danilo Riecken P. de Morais
56fa46716e
Add missing coredns tag. ( #5054 )
2019-08-09 02:29:27 -07:00
Simon Lelievre
62aecd1e4a
multus | fix use last version ( #5041 )
2019-08-08 23:05:25 -07:00
Mario
973afef96e
Fix variable for rbd_provisioner_user_secret ( #5042 )
...
* Update main.yml
* fix dead link 404
2019-08-08 20:03:25 -07:00
Bort Verwilst
a235605d2c
go to k8s 1.15.2, update nodelocaldns to latest bugfix release ( #5048 )
2019-08-08 19:49:25 -07:00
Matthew Mosesohn
023108a733
Refactor calico route reflector to run in k8s cluster ( #4975 )
...
* Refactor calico-rr to run in k8s cluster with taint
Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa
* add preinstall checks
* rework calico/rr role
Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8
* add empty calico-rr group
Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
2019-08-08 07:37:22 -07:00
Matthew Mosesohn
75d1be8272
Fix check for removing etcd member ( #5051 )
...
Change-Id: Ib27d051ff111f813097a9b33a86465a2a30a6db0
2019-08-07 08:26:51 -07:00
Matthew Mosesohn
a44235d11b
Refactor remove node to allow removing dead nodes and etcd members ( #5009 )
...
Change-Id: I1c59249f08f16d0f6fd60df6ab61f17a0a7df189
2019-08-07 04:46:50 -07:00
Matthew Mosesohn
7abf6a6958
Allow etcd member join by checking cluster health only on first etcd ( #5032 )
...
Change-Id: I9cc01cef3a437893225e2d9f58495826bbce7be9
2019-08-07 04:44:50 -07:00