Sergii Golovatiuk
61d05dea58
Allow to specify number of concurrent DNS queries
...
ndots creates overhead as every pod creates 5 concurrent connections
that are forwarded to sky dns. Under some circumstances dnsmasq may
prevent forwarding traffic with "Maximum number of concurrent DNS
queries reached" in the logs.
This patch allows to configure the number of concurrent forwarded DNS
queries "dns-forward-max" as well as "cache-size" leaving the default
values as they were before.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-19 11:47:37 +01:00
Matthew Mosesohn
5420fa942e
Merge pull request #897 from holser/flush_handlers_before_etcd
...
Flush handlers before etcd restart
2017-01-18 12:27:01 +03:00
Matthew Mosesohn
1ee33d3a8d
Merge pull request #910 from mattymo/escape_curly
...
Fix ansible 2.2.1 handling of registered vars
2017-01-18 11:13:01 +03:00
Matthew Mosesohn
b2a27ed089
Fix bash completion installation
2017-01-17 20:36:58 +03:00
Matthew Mosesohn
d8ae50800a
Work around escaping curly braces for docker inspect
2017-01-17 20:35:38 +03:00
Sergii Golovatiuk
43fa72b7b7
Flush handlers before etcd restart
...
systemctl daemon-reload should be run before when task modifies/creates
union for etcd. Otherwise etcd won't be able to start
Closes #892
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-17 15:04:25 +01:00
Matthew Mosesohn
73204c868d
Merge pull request #909 from mattymo/docker-upgrade
...
Always trigger docker restart when docker package changes
2017-01-17 11:37:42 +03:00
Matthew Mosesohn
74b78e75a1
Always trigger docker restart when docker package changes
...
Docker upgrade doesn't auto-restart docker, causing failures
when trying to start another container
2017-01-16 17:52:28 +03:00
Greg Althaus
95bf380d07
If the inventory name of the host exceeds 63 characters,
...
the openssl tools will fail to create signing requests because
the CN is too long. This is mainly a problem when FQDNs are used
in the inventory file.
THis will truncate the hostname for the CN field only at the
first dot. This should handle the issue for most cases.
2017-01-13 10:02:23 -06:00
Matthew Mosesohn
80703010bd
Use only one certificate for all apiservers
...
https://github.com/kubernetes/kubernetes/issues/25063
2017-01-13 14:03:20 +03:00
Bogdan Dobrelya
e88c10670e
Merge pull request #891 from galthaus/selinux-order
...
preinstall fails on AWS CentOS7 image
2017-01-13 11:51:18 +01:00
Alexander Block
1054f37765
Don't try to delete kargo specific config from dhclient when file does not exist
...
Also remove the check for != "RedHat" when removing the dhclient hook,
as this had also to be done on other distros. Instead, check if the
dhclienthookfile is defined.
2017-01-13 10:56:10 +01:00
Greg Althaus
f77257cf79
When running on CentOS7 image in AWS with selinux on, the order of
...
the tasks fail because selinux prevents ip-forwarding setting.
Moving the tasks around addresses two issues. Makes sure that
the correct python tools are in place before adjusting of selinux
and makes sure that ipforwarding is toggled after selinux adjustments.
2017-01-12 10:12:21 -06:00
Bogdan Dobrelya
f004cc07df
Merge pull request #830 from mattymo/k8sperhost
...
Generate individual certificates for k8s hosts
2017-01-12 12:42:14 +01:00
Alexander Block
a7bf7867d7
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
2017-01-11 16:56:16 +01:00
Matthew Mosesohn
3f274115b0
Generate individual certificates for k8s hosts
2017-01-11 12:58:07 +03:00
Matthew Mosesohn
3b0918981e
Merge pull request #878 from bradbeam/rkt-cni
...
Adding /opt/cni /etc/cni to rkt run kubelet
2017-01-11 12:22:04 +03:00
Bogdan Dobrelya
d8cef34d6c
Merge pull request #872 from mattymo/bug868
...
Bind nginx localhost proxy to localhost
2017-01-10 17:09:25 +01:00
Brad Beam
db8173da28
Adding /opt/cni /etc/cni to rkt run kubelet
2017-01-10 08:48:58 -06:00
Bogdan Dobrelya
bcdfb3cfb0
Merge pull request #793 from kubernetes-incubator/fix_dhclientconf_path
...
Fix wrong path of dhclient on CentOS+Azure
2017-01-10 13:23:55 +01:00
Bogdan Dobrelya
79aeb10431
Merge pull request #858 from bradbeam/calicoctl-canal
...
Misc updates for canal
2017-01-10 12:24:59 +01:00
Matthew Mosesohn
38338e848d
Merge pull request #860 from adidenko/fix-calico-rr-certs
...
Fix etcd cert generation for calico-rr role
2017-01-09 18:34:02 +03:00
Bogdan Dobrelya
10dbd0afbd
Merge pull request #871 from mattymo/fix_system_search_domains
...
Fix docker dns host scenario with no search domains
2017-01-09 15:52:12 +01:00
Matthew Mosesohn
e22f938ae5
Bind nginx localhost proxy to localhost
...
This proxy should only be listening for local connections, not 0.0.0.0.
Fixes #868
2017-01-09 17:19:54 +03:00
Matthew Mosesohn
1dce56e2f8
Fix docker dns host scenario with no search domains
...
Fixes scenario where docker-dns.conf tries to create an empty
search entry
2017-01-09 16:36:44 +03:00
Aleksandr Didenko
d9539e0f27
Fix etcd cert generation for calico-rr role
...
"etcd_node_cert_data" variable is undefinded for "calico-rr" role.
This patch adds "calico-rr" nodes to task where "etcd_node_cert_data"
variable is registered.
2017-01-09 12:06:25 +01:00
Aleksandr Didenko
0909368339
Set latest stable versions for Calico images
...
Change version for calico images to v1.0.0. Also bump versions for
CNI and policy controller.
Also removing images repo and tag duplication from netchecker role
2017-01-09 12:05:49 +01:00
Bogdan Dobrelya
091b634ea1
Merge pull request #799 from kubernetes-incubator/docker_dns
...
Implement "dockerd --dns-xxx" based dns mode
2017-01-09 11:38:02 +01:00
Alexander Block
a8b5b856d1
Only use default resolver in dnsmasq when we are using host_resolvconf mode
2017-01-06 10:21:07 +01:00
Alexander Block
1d2a18b355
Introduce dns_mode and resolvconf_mode and implement docker_dns mode
...
Also update reset.yml to do more dns/network related cleanup.
2017-01-05 23:38:51 +01:00
Spencer Smith
4a59340182
remove assertion for family not being CoreOS
2017-01-05 13:36:25 -05:00
Brad Beam
cf042b2a4c
Create network policy directory for canal
2017-01-05 10:54:27 -06:00
Brad Beam
65c86377fc
Adding calicoctl to canal deployment
2017-01-05 10:54:27 -06:00
Bogdan Dobrelya
5af2c42bde
Better fix for different CoreOS os family facts
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 16:32:08 +01:00
Bogdan Dobrelya
f7447837c5
Rename CoreOS fact
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Bogdan Dobrelya
6546869c42
Merge branch 'master' into rkt
2017-01-05 10:34:18 +01:00
Brad Beam
4b6f29d5e1
Adding kubelet in rkt
2017-01-03 14:49:48 -06:00
Brad Beam
8dc19374cc
Allowing etcd to run via rkt
2017-01-03 10:10:38 -06:00
Brad Beam
a8f2af0503
Adding initial rkt support
2017-01-03 10:08:43 -06:00
Bogdan Dobrelya
d8a2941e9e
Fix cert paths for flannel/calico policy apps
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-03 16:12:54 +01:00
Alexander Block
ab7df10a7d
Upgrade docker version and do some cleanups for unsupported distros/docker versions
2017-01-02 18:05:50 +01:00
Bogdan Dobrelya
93663e987c
Merge pull request #847 from bogdando/bug_769
...
Fix etc hosts for cluster nodes
2017-01-02 17:47:23 +01:00
Bogdan Dobrelya
97f96a6376
Fix etc hosts for cluster nodes
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 13:20:51 +01:00
Bogdan Dobrelya
58062be2a3
Drop non systemd OS types support
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 12:14:03 +01:00
Matthew Mosesohn
1f9f885379
Fix etcd cert generation to support large deployments
...
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.
Fixes #832
2016-12-30 12:55:26 +03:00
Bogdan Dobrelya
a56d9de502
Systemd units, limits, and bin path fixes
...
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
systemd limits due to the lack of consensus in the kernel community
requires out-of-tree kernel patches.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-28 15:49:42 +01:00
Matthew Mosesohn
f0c0390646
Fix creation and sync of etcd certs
...
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
2016-12-28 14:21:17 +04:00
Matthew Mosesohn
e7a1949d85
Merge pull request #818 from mattymo/calico-rr-certs
...
Fix calico-rr to use etcd certs instead of kube certs
2016-12-28 08:47:16 +03:00
Matthew Mosesohn
6d9cd2d720
Fix calico-rr to use etcd certs instead of kube certs
2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
79996b557b
Rework ignore_errors to report no reds
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00