Commit Graph

652 Commits (7dec8e5caa70c4e2b55288e1e20fe7202b3a1ba2)

Author SHA1 Message Date
rptaylor 7dec8e5caa
specify runAsGroup, allow safe sysctls by default (#7399) 2021-03-25 08:03:30 -07:00
Kenichi Omichi 486b223e01
Replace kube-master with kube_control_plane (#7256)
This replaces kube-master with kube_control_plane because of [1]:

  The Kubernetes project is moving away from wording that is
  considered offensive. A new working group WG Naming was created
  to track this work, and the word "master" was declared as offensive.
  A proposal was formalized for replacing the word "master" with
  "control plane". This means it should be removed from source code,
  documentation, and user-facing configuration from Kubernetes and
  its sub-projects.

NOTE: The reason why this changes it to kube_control_plane not
      kube-control-plane is for valid group names on ansible.

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2021-03-23 17:26:05 -07:00
Maciej Wereski 4f89bfac48
MetalLB: bump to v0.9.6 (#7397)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-03-23 13:42:06 -07:00
p53 5fee96b404
Fix cinder cert permissions (#7384)
* Fix permissions of cinder cert

* Change runuser for external_cloud_controller to kube user with id 999, part of 999 - kube-cert group
2021-03-23 11:03:37 -07:00
François Hernandez c7db72e1da
Add nodeselector and tolerations for metallb (#7334)
* add nodeselector and tolerations for metallb

* remove unnecessary commented lines in metallb template

* set default speaker toleration to match original manifest
2021-03-08 07:57:42 -08:00
Etienne Champetier 8800b5c01d Remove rotate_tokens logic
kubeadm never rotates sa.key/sa.pub, so there is no need to delete tokens/restart pods

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-03-04 23:42:22 -08:00
Sergey 2c9fc18903
template crun manifest (#7305)
add missing else to if inline
2021-03-02 01:57:19 -08:00
Florian Ruynat 100d9333ca
Add configmaps to local-path-provisioner CR (#7323) 2021-02-25 16:22:17 -08:00
Sergey Mikhaltsov a4cc416511
use external_openstack_lbaas_use_octavia for template openstack-cloud… (#7298)
* use external_openstack_lbaas_use_octavia for template openstack-cloud-config

* Delete external_openstack_lbaas_use_octavia from default values. Added description and default values of variables to docs

* markdown fix

* make this simple

* set external_openstack_lbaas_use_octavia in default values

* duplicated variable in doc
2021-02-25 11:25:25 -08:00
Etienne Champetier 3749729d5a
Remove calico-upgrade leftovers (#7282)
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 11:24:58 -08:00
Hugo Blom 17143dbc51
write openstack controller manifests with correct perms (#7284) 2021-02-15 00:53:05 -08:00
Etienne Champetier de1d9df787
Only use stat get_checksum: yes when needed (#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-10 05:36:59 -08:00
Sergey a21ee33180
fix typo error in role ingress-nginx (#7272) 2021-02-09 07:53:13 -08:00
David Louks 0cc1726781
Remove deletion of coredns deployment. (#7211)
* Add unique annotation on coredns deployment and only remove existing deployment if annotation is missing.

* Ignore errors when gathering coredns deployment details to handle case where it doesn't exist yet

* Remove run_once, deletegate_to and add to when statement
2021-02-09 06:02:40 -08:00
Sebastian Schmid 1f84d6344b
local-path-provisioner change default version to v0.0.19 and update config template (#7238)
* update local-path-storage config template to version v0.0.19

* changes local_path_provisioner image tag to v0.0.19

* removes copy paste example from rancher local-path-provisioner repo
2021-02-03 06:50:28 -08:00
Maciej b42bf39fb7
MetalLB: bump to v0.9.5 (#7241)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-02-03 01:02:28 -08:00
Florian Ruynat 9007d6621a
Update nginx, minor weave and misc CI tools (vagrant/terraform) (#7215) 2021-01-26 08:22:34 -08:00
Florian Ruynat ef939dee74
Add missing 'ingress-controller' tag to alb (#7204) 2021-01-22 19:11:39 -08:00
Florian Ruynat 222a77dfe7
Change node-role.kubernetes.io from master to control-plane (#7183) 2021-01-21 08:13:03 -08:00
Florian Ruynat 9a75501152 Promote node.k8s.io API groups from v1beta1 to v1 2021-01-19 08:57:45 -08:00
Florian Ruynat f6fbbc17a4
Cleanup old checks for k8s 1.18 (#7192) 2021-01-19 08:43:45 -08:00
Florian Ruynat b493c81ce8
Update metrics-server to 0.4.1 (#7188) 2021-01-19 05:45:44 -08:00
Sergey 02213d6e07
change nodeSelector label from deprecated beta.kubernetes.io/os and arch to kubernetes.io prefix (#7138) 2021-01-13 13:55:02 -08:00
Kenichi Omichi 398a995798
Fix markdownlint failures under ./roles/ (#7089)
This fixes markdownlint failures under roles/
2020-12-30 05:07:49 -08:00
François Travais 98b43bb24f
Removes apps tags from apps meta dependencies (#7041)
Signed-off-by: François Travais <francois@travais.fr>
2020-12-19 08:14:25 -08:00
Cedric Hnyda db17ba54b4
Add cluster-name to external-openstack-cloud-controller-manager (#7055)
If cluster-name is not set, the default value "kubernetes" is used.
The loadbalancees created by Kubernetes follow the format:
  kube_service_clusterName_serviceNamespace_serviceName
If 2 clusters create a loadbalancer for the same service in the same
namespace, they will share the same non-working loadbalancer.

Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2020-12-17 08:23:09 -08:00
Etienne Champetier 68b96bdf1a
Helm v3 only (#6846)
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Victor Morales 4f7a760a94
Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-12-01 11:00:50 -08:00
Barry Melbourne f6a5948f58
Upgrade Jetstack Cert-Manager v1.0.4 (#6937) 2020-11-30 06:52:50 -08:00
Florian Ruynat f6eed8091e
Remove contiv related files (#6964) 2020-11-30 06:48:50 -08:00
Dmitry Chusovitin c09aabab0c
Remove executable bit from yaml and j2 files (#6894) 2020-11-29 20:18:48 -08:00
Clicia Scarlet 97ff67e54a
Fix yaml syntax error when use multilines in dns_etchosts (#6960) 2020-11-28 08:32:47 -08:00
Kenichi Omichi 7a1f033c1d
Update helm stable repo (#6867)
As https://helm.sh/blog/new-location-stable-incubator-charts/
helm stable repo is changed to https://charts.helm.sh/stable
In addition, if using helm v3.4.0+ the old stable repo installation
is failed.
So this updates the stable repo to avoid such error.
2020-10-31 09:54:51 -07:00
David Medinets 12ab8b7af3
update version of ingress-nginx controller in docs. (#6855)
* update version of ingress-nginx controller.

Change tag from controller-v0.34.0 to controller-v0.40.2 to use newest tag.

* Update docs about aws deploy templates.

In the yaml templates, there is no mention of idle timeouts. This is why I removed the documentation about it. This might be a mistake. Please verify this. I don't know enough to verify it myself.

* Change label when checking version.

When checking for `app.kubernetes.io/name=ingress-nginx`, a completed pod was selected which is not helpful when trying to `exec`. Changing the label selects the running controller pod.

* put back the information about ELB Idle Timeouts.

When I removed the information, I had overlooked that it was mentioned in the L7 yaml file. Thanks.
2020-10-28 11:05:57 -07:00
David Louks 79b7f0d592
Use existing variable for tiller service account name (#6829)
* Use existing variable for tiller service account name

* keep crb as tiller
2020-10-19 03:04:13 -07:00
Samuel Liu dbe6eb20c8
Modify imagepullpolicy (#6816) 2020-10-12 17:45:22 -07:00
yelhouti 8bec5beb4b
fix: add tags for set facts nodelocaldns (#6813) 2020-10-12 16:47:21 -07:00
Hans Feldt 92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
rafal-jan 9d7f358d4b
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776) 2020-10-06 06:44:21 -07:00
bozzo b1bb5a4796
Fix cinder & external_openstack cacert deployment (#6745)
The CA cert was only deployed on master nodes
2020-10-06 05:34:21 -07:00
Florian Ruynat c49bda7319
Update nginx ingress controller to 0.40.1 (#6786) 2020-10-06 05:10:21 -07:00
Joren Zandstra 9729b6b75a
Add extra arguments variables for openstack and vsphere cloud controller manager daemonsets (#6783) 2020-10-02 10:14:48 -07:00
dlandtwing bc8e16fc69
nginx ingress: fix yaml for multiple nodeselectors (#6768)
In case multiple nodeselectors are specified in ingress_nginx_nodeselector, the generated daemonset yaml template for nginx is invalid due to missing indentation starting with the second nodeselector
2020-09-30 07:23:26 -07:00
Mateusz Adamek aba63f0f9a
Added support for dynamic tags in AWS and Azure. (#6752)
* Added support for dynamic tags in AWS and Azure.

* Added examples of dynamic tags configuration.
2020-09-26 10:50:48 -07:00
axelgobletbdr 77149e5d89
Fixes #6740: Allow disabling reverse DNS lookups in coredns (#6741)
* created variable to enable/disable reverse dns lookups in coredns

* fixed linting-error in dns-stack.md
2020-09-25 02:33:11 -07:00
Hans Feldt 28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Florian Ruynat 9a8e4381be
Fix snapshot.storage apiVersion (#6711) 2020-09-23 08:32:10 -07:00
Marc-Antoine 5ec2467268
Add external_openstack_lbaas_provider setting for occm (#6566)
* Add external_openstack_lbaas_provider setting for occm

* Integrate with existing lbaas_provider block

* Refactor lbaas_provider config template block

* Remove external_openstack_lbaas_use_octavia from sample inventory
2020-09-21 07:04:32 -07:00
David Louks bd49c993de
Added support for setting tiller_service_account and tiller_replicas (#6696)
* Added support for setting tiller_service_account and tiller_replicas

* Specify helm 2 version to ensure we have a test path that still hits helm 2 code

* Moved tiller_service_account to defaults.yml. Fixed is tiller_replicas defined check.
2020-09-20 23:52:30 -07:00
David Louks 3bf40d5db9
make metallb image repos configurable (#6671) (#6672)
* Make metallb image repos configurable

* Moved metallb image repo definitions to download role defaults

* Removed comment. These are set in download defaults
2020-09-17 02:45:13 -07:00