Commit Graph

1894 Commits (63fdfae9183ea2fc6ad5c7c017239f683e5a1e34)

Author SHA1 Message Date
Markos Chandras 02bf742e15 roles: rkt: Add support for SUSE distributions
The RPM file that's provided by upstream can be used for SUSE
distributions as well. Moreover we simplify the playbook to use
the 'package' module to install packages across different distros.

Link: https://github.com/rkt/rkt/pull/3904
2018-04-11 20:55:20 +01:00
Markos Chandras d07f75b389 roles: kubernetes: secrets: Add SUSE support
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Markos Chandras 2d34781259 roles: etcd: Add support for SUSE distributions
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:53:43 +01:00
Markos Chandras cdb63a8c49 roles: docker: Ensure service is started if docker is already installed
If the 'docker' package is already installed, then the handlers will not
run and the service will not be (re-)started. As such, lets make sure
that the service is started even if the packages are already installed.
2018-04-11 17:46:14 +01:00
Markos Chandras 44a0626fc8 roles: docker: Add support for SUSE distributions
Add support for installing Docker on SUSE distributions. The Docker
repository at https://yum.dockerproject.org/repo/main/ does not support
recent openSUSE distributions so the only alternative is to use the
packages from the distro repositories. This however renders the
'docker_version' Ansible variable useless on SUSE.
2018-04-11 17:46:14 +01:00
Nirmoy Das 45eac53ec7 roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.

Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras e42203a13e roles: kubernetes: preinstall: Add SUSE support
Add support for installing package dependencies and refreshing metadata
on SUSE distributions

Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Nirmoy Das 4ba25326ed roles: bootstrap-os: Use 'hostname' command on Tumbleweed
openSUSE Tumbleweed is having the same problems with CoreOS when it
comes to using the hostname ansible module (#1588, #1600) so we need
to apply a similar workaround.

Co-authored-by: Markos Chandras <mchandras@suse.de>
Link: http://bugzilla.opensuse.org/show_bug.cgi?id=997614
2018-04-11 17:46:14 +01:00
Markos Chandras dca4777347 roles: bootstrap-os: Add support for SUSE distributions
Install some required packages when running on SUSE distributions.
2018-04-11 17:46:14 +01:00
Atoms 6c954df636 move when condition to main.yml 2018-04-11 12:05:33 +03:00
Christian Phu 3535c29e59 Fix apiserver manifest for kube version < 1.9 2018-04-10 18:17:56 +02:00
Marcelo Grebois 88765f62e6
Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen 0f35e17e23 Fix new envvar for setting openstack_tenant_id (#2641)
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam 77b3f9bb97 Removing default for volume-plugins mountpoint (#2618)
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn 45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" (#2640) 2018-04-10 14:37:24 +03:00
Aivars Sterns 913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00
Aivars Sterns a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do
Remove jinja2 dependency of do
2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen 0c0f6b755d Fix new envvar for setting openstack_tenant_id
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 13:30:48 +02:00
Vikas Kumar 94eb18b3d9 Replaced ansible_ssh_host with ansible_host in sample inventory file as the former is deprecated since Ansible v2.0
Fixed the reference of ansible_user in kubespray-defaults role

References:
 - http://docs.ansible.com/ansible/latest/intro_inventory.html
2018-04-10 15:21:40 +10:00
Marcelo Grebois 4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Atoms b68854f79d fix kubectl download location and kubectl.sh helper owner/group remove 2018-04-09 13:19:26 +03:00
Matthew Mosesohn f954bc0a5a Remove jinja2 dependency of do
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
2018-04-09 12:27:53 +03:00
rongzhang 66b61866cd Fix check docker error for atomic
Fix issues #2611
2018-04-08 17:53:16 +08:00
Brad Beam dfc46f02d7 Adding missing service-account certificate for vault
Missed in #2554
2018-04-06 15:29:52 -05:00
Daniel Hoherd ca40d51bc6 Fix typos (no logic changes) 2018-04-05 15:54:58 -07:00
Chen Hong 973e7372b4 content: | 2018-04-04 23:05:27 +08:00
Chen Hong b54e091886 Persist ip_vs modules 2018-04-04 18:18:51 +08:00
Andreas Krüger 6c220e4e4b
Merge pull request #2495 from holmsten/rotate-provisioner-token
Rotate local-volume-provisioner token
2018-04-04 10:21:12 +02:00
Andreas Krüger 2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
Andreas Krüger 0f5ea5474c
Merge pull request #2593 from vterdunov/fix-check-vsphere_cloud_provider
Properly check vsphere_cloud_provider.rc
2018-04-03 20:35:59 +02:00
Andreas Krüger 6567b8e012
Merge pull request #2590 from hswong3i/istio-download
istio: container download related things should defined in the download role
2018-04-03 13:57:43 +02:00
Wong Hoi Sing Edison 428a554ddb istio: container download related things should defined in the download role 2018-04-03 14:29:50 +08:00
Xiaoxi He 32f4194cf8 Bump ingress-nginx-controller to version 0.12.0 2018-04-03 10:39:17 +08:00
georgejdli 76bb5f8d75 check if dedicated service account token signing key exists 2018-04-02 10:57:24 -05:00
vterdunov 4b98537f79
Properly check vsphere_cloud_provider.rc 2018-04-02 18:45:42 +03:00
Andreas Krüger cac2196ad5
Merge pull request #2575 from hswong3i/local-volume-provisioner-download
local-volume-provisioner: container download related things should defined in the download role
2018-04-02 10:32:43 +02:00
Andreas Krüger ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs
Move cloud config configurations to proper location
2018-04-02 10:31:38 +02:00
Matthew Mosesohn 3004791c64
Add pre-upgrade task for moving credentials file (#2394)
* Add pre-upgrade task for moving credentials file

This reverts commit 7ef9f4dfdd.

* add python interpreter workaround for localhost
2018-04-02 11:19:23 +03:00
Wong Hoi Sing Edison b1a7889ff5 local-volume-provisioner: container download related things should defined in the download role 2018-04-02 13:50:11 +08:00
Wong Hoi Sing Edison 4f714b07b8 cephfs-provisioner: container download related things should defined in the download role 2018-04-01 20:35:44 +08:00
Wong Hoi Sing Edison 4c0e9ba890 registry: container download related things should defined in the download role 2018-04-01 06:51:57 +08:00
Andreas Krüger deac627dc7
Merge pull request #2571 from hswong3i/ingress-nginx-download
ingress-nginx: container download related things should defined in the download role
2018-03-31 20:51:50 +02:00
bobahspb 16961f69f2
Merge branch 'master' into master 2018-03-31 21:48:39 +03:00
Andreas Krüger b9b028a735 Update etcd deployment to use correct cert and key (#2572)
* Update etcd deployment to use correct cert and key

* Update to use admin cert for etcdctl commands

* Update handler to use admin cert too
2018-03-31 14:06:09 -04:00
Wong Hoi Sing Edison 5fe144aa0f ingress-nginx: container download related things should defined in the download role 2018-04-01 00:22:33 +08:00
Andreas Krüger 5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 18:15:25 +02:00
Andreas Krüger 1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling
node_labels documentation and kube-ingress label definition as role_node_label
2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison 195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
avoidik aa301c31d1 Move credential checks into proper folder 2018-03-31 13:29:00 +03:00
Andreas Krüger d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
Andreas Krüger 2c89a02db3 Only download container/file if host is in defined group (#2565)
* Only download container/file if host is in defined group

* Set correct when clause

* Fix last entries

* Update download groups
2018-03-30 22:40:01 -04:00
Chad Swenson 0ca08e03af
Merge pull request #2566 from woopstar/etcd-fix-2
Fix etcd from import task to include task
2018-03-30 20:53:32 -04:00
avoidik 15efdf0c16 Move credential checks 2018-03-31 03:26:37 +03:00
avoidik ab8760cc83 Move credentials pre-check 2018-03-31 03:24:57 +03:00
avoidik b6da596ec1 Move default configuration parameters for cloud-config 2018-03-31 03:18:23 +03:00
avoidik 3c12c6beb3 Move cloud config configurations to proper location 2018-03-31 02:59:59 +03:00
Erwan Miran 8ece922ef0 node_labels documentation + kube-ingress label handling as role_node_label 2018-03-31 00:36:11 +02:00
Andreas Krüger 887a468d32
Merge pull request #2562 from avoidik/fix-indexes-pr-2251
Fix kubecert_node.results indexes
2018-03-31 00:16:11 +02:00
woopstar 859a7f32fb Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time 2018-03-31 00:06:34 +02:00
Andreas Krüger 1f28764ca1
Merge pull request #2512 from woopstar/hyperkube-fix-1
Switch hyperkube from CoreOS to Google
2018-03-30 21:58:03 +02:00
Andreas Krüger 76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
Andreas Krüger 7ddd4cd38c
Merge pull request #2561 from rsmitty/no_proxy
only set no_proxy if other proxy vars are defined
2018-03-30 21:43:23 +02:00
Andreas Krüger c1eb975545
Merge pull request #2557 from chenhonggc/vault_health_check_delay
Maybe vault health check needs delay
2018-03-30 21:39:15 +02:00
georgejdli 572ab650db copy dedicated service account token signing key for kubeadm migration 2018-03-30 13:03:32 -05:00
avoidik 72c2a8982b Fix kubecert_node.results indexes 2018-03-30 17:24:50 +03:00
Spencer Smith 13c57147eb only set no_proxy if other proxy vars are defined 2018-03-30 09:48:55 -04:00
Matthew Mosesohn 03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545)
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Andreas Kruger af5f376163 Revert 2018-03-30 11:42:20 +02:00
woopstar 004b0a3fcf Fix merge conflict 2018-03-30 11:38:59 +02:00
Andreas Kruger 4bb7d2b566 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into cert-fix-2 2018-03-30 11:34:05 +02:00
Andreas Krüger f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
Andreas Krüger 55195fe546
Merge pull request #2500 from gorazio/patch-1
Add prometheus annotations to spec in ingress
2018-03-30 11:02:31 +02:00
RongZhang 5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
Chen Hong 4a705b3fba May vault health check needs delay 2018-03-30 16:42:08 +08:00
陈宏 4d85e3765e remove redundancy code 2018-03-30 09:19:00 +08:00
Vladimir Vasilkin f0a04b4d65 wait 5 * 4 secs until Tiller starts 2018-03-30 00:09:36 +03:00
Vladimir Vasilkin 760ca1c3a9 adding checking for prometheus_operator_enabled 2018-03-29 23:03:43 +03:00
Vladimir Vasilkin 23b3833806 running on the first master only. 2018-03-29 22:51:46 +03:00
Kuldip Madnani daeeae1a91 Added retries in pre-upgrade.yml and retries while applying kube-dns.yml (#2553)
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml

* Removed trailing spaces
2018-03-29 11:37:32 -05:00
georgejdli c8f857eae4 configure kubespray to sign service account tokens with a dedicated and stable key 2018-03-29 09:50:31 -05:00
Andreas Krüger 270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing
Write cloud-config during kubelet configuration
2018-03-29 09:12:18 +02:00
Andreas Kruger bf29198efd Fix merge conflict 2018-03-29 09:11:13 +02:00
Kuldip Madnani 9ebbf1c3cd Added a fix in openssl.conf template to check if IP of loadbalncer is available or not. 2018-03-28 16:34:26 -05:00
Chad Swenson ef7f5edbb3
Remove old docker packages and other docker upgrade fixes (#2536)
* Remove old docker packages

This removes docker packages that are obsolete if docker-ce packages are to be installed, which fixes some package conflict issues that can occur during upgrades.

* Add support for setting obsoletes=0 when installing docker with yum
2018-03-28 15:10:39 -05:00
woopstar 0b5404b2b7 Fix 2018-03-28 20:28:04 +02:00
Vladimir Vasilkin 19e1b11d98 prometheus operator, metrics for k8s cluster
install using Helm:
- Prometheus Operator
- metrics for k8s cluster including: grafana dashboard, alertmanager, node exporters

base project:
https://github.com/coreos/prometheus-operator

the issue:
https://github.com/kubernetes-incubator/kubespray/issues/2042

Previous PR, raw ansible without Helm:
https://github.com/kubernetes-incubator/kubespray/pull/2499
2018-03-28 21:23:30 +03:00
woopstar 0df32b03ca Update openssl.conf to count better and work with Jinja 2.9 2018-03-28 17:48:56 +02:00
Matthew Mosesohn 72a4223884 Write cloud-config during kubelet configuration
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
2018-03-28 16:26:36 +03:00
Andreas Krüger 03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role
Dedicated node for ingress nginx controller
2018-03-28 14:07:40 +02:00
Wong Hoi Sing Edison 848fc323db Fixup for #2523:
- Rename template for /etc/cni/net.d/00-weave.conflist to 00-weave.conflist.j2
- Apply resources requests/limits to both container weave and weave-npc
2018-03-28 11:16:42 +08:00
Brad Beam 015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7
Update Calico and Canal
2018-03-27 21:07:28 -05:00
Andreas Krüger 2ca7087018
Merge pull request #2524 from avoidik/systemd_user_kubelet
Set exact user for Kubelet services
2018-03-27 16:41:10 +02:00
Andreas Krüger d665f14682
Merge pull request #2526 from mzehrer/patch-1
Remove  kibana_base_url
2018-03-27 12:40:31 +02:00
avoidik e375678674 Set exact user for Kubelet services 2018-03-27 11:13:52 +03:00
Sergey Bondarev 4f7479d94d add etc tunning options
https://coreos.com/etcd/docs/latest/tuning.html

etcd_snapshot_count
and
ionice priority
2018-03-26 17:25:51 +03:00
Michael Zehrer b8d1652baf
Remove kibana_base_url
The default for kibana_base_url does not make sense an makes kibana unusable. The default path forces a 404 when you try to open kibana in the browser. Not setting kibana_base_url works just fine.
2018-03-25 16:08:07 +02:00
Andreas Krüger f7dc73b830
Merge pull request #2521 from f84anton/patch-1
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
2018-03-24 18:37:03 +01:00
Dann Bohn 1d0415a6cf fixes typo in kube_override_hostname for kubeadm 2018-03-24 13:29:07 -04:00
Wong Hoi Sing Edison 3f5c60886b Upgrade Weave to 2.2.1
- Fix #2414, so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
2018-03-24 17:27:12 +08:00
Anton Fayzrahmanov a75598b3f4
IP_AUTODETECTION_METHOD docs 2018-03-24 01:54:17 +03:00