89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
b7e06085c7
Upgrade to Kubernetes v1.9.3 ( #2323 )
...
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
...
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
...
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
c874f16c02
Fixing credential lookup for fe proxy and vault ( #2361 )
2018-02-22 15:09:26 +03:00
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
85c69c2a4a
Add check for atomic hosts in template
2018-02-21 08:26:18 -08:00
c20f38b89c
retry unmount kubelet dirs
2018-02-21 14:41:57 +03:00
c19d8994b9
Set TasksMax to infinity on any OS with systemd
2018-02-20 11:55:13 -08:00
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
...
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
f13e76d022
Added cilium support ( #2236 )
...
* Added cilium support
* Fix typo in debian test config
* Remove empty lines
* Changed cilium version from <latest> to <v1.0.0-rc3>
* Add missing changes for cilium
* Add cilium to CI pipeline
* Fix wrong file name
* Check kernel version for cilium
* fixed ci error
* fixed cilium-ds.j2 template
* added waiting for cilium pods to run
* Fixed missing EOF
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed too many blank lines
* Updated tolerations,annotations in cilium DS template
* Set cilium_version to iptables-1.9 to see if bug is fixed in CI
* Update cilium image tag to v1.0.0-rc4
* Update Cilium test case CI vars filenames
* Add optional prometheus flag, adjust initial readiness delay
* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
...
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
c0aad0a6d5
Fix install etcd by host service ( #2297 )
...
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
41ca67bf54
Added iptables lock fix and ajusted oom-score
...
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
d72232f15b
Increased timeout values for k8s API server restart
2018-02-12 07:35:29 +00:00
03c61685fb
Added apiserver extra args variable for kubeadm config ( #2291 )
2018-02-12 10:29:46 +03:00
46284198f8
Merge pull request #2298 from clkao/patch-2
...
Fix version comparison
2018-02-11 17:22:39 +01:00
bbb1da1a83
Fix default_resolver is undefined
...
fix issues #2265
2018-02-10 10:08:26 -06:00
07075add3d
Add optional StorageClass name with cephfs_provisioner_storage_class
2018-02-10 20:31:34 +08:00
338238d086
Fix version comparison
...
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
03bb729fea
Making status and detection mo betta
2018-02-09 12:30:46 -06:00
4e61fb9cd3
Refactored kubeadm join process and fixed uncrodonng for master nodes
2018-02-09 15:51:47 +01:00
b472c2df98
Fix safe upgrade
...
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335 , so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
bc67deee78
Added missing cephfs_provisioner_enabled to kubespray-defaults vars
2018-02-09 17:03:38 +03:00
f57abae01e
Remove redundant python-apt install
...
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
275b1d6897
Merge pull request #2274 from mirwan/local_volume_provisioner_configmap_in_daemonset
...
Local volume provisioner fixes
2018-02-09 00:59:47 +01:00
e9a676951b
storageClass name template as suggested by @eyeofthefrog
2018-02-09 00:11:07 +01:00
b31d905704
Merge pull request #2230 from hswong3i/cephfs_provisioner
...
Add cephfs_provisioner Support for Kubespray
2018-02-08 16:52:15 +01:00
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
...
baremetal tweaks
2018-02-08 15:48:55 +00:00
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
...
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
...
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
b25e0f82b1
Add cephfs_provisioner Support for Kubespray
2018-02-08 22:27:54 +08:00
cae1c683aa
Merge pull request #2271 from leseb/retry-get-token
...
kubernetes-apps: retry get default token name
2018-02-08 16:46:32 +03:00
57e7a5a34a
Merge pull request #2233 from hswong3i/multiple_inventory_dir
...
Support multiple inventory files under individual inventory directory
2018-02-08 11:57:04 +01:00
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
...
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
e1aaef7d4d
Removal of surnumerary slash
2018-02-08 09:06:17 +01:00
1a1d154e14
Support multiple inventory files under individual inventory directory
2018-02-08 08:08:15 +08:00
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
...
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
abfb147292
MountDir in configmap and daemonset must be the same
2018-02-07 18:42:42 +01:00
44eb03f78a
typo
2018-02-07 17:57:54 +01:00
857784747b
local-provisioner:v1.0.1 still expects json configmap
2018-02-07 17:47:05 +01:00
7a2cb5e41c
local-provisioner:v1.0.1 still uses VOLUME_CONFIG_NAME env to read ConfigMap
2018-02-07 17:01:19 +01:00
712bdfc82f
Merge pull request #2260 from mirwan/local_volume_provisioner_fixes
...
local_volume_provisioner_enabled replacement
2018-02-07 13:42:00 +01:00
34bd47de79
kubernetes-apps: retry get default token name
...
In some installation, it can take up to 3sec to get the value. Retrying
for 5 sec will ensure the command won't return 1.
Signed-off-by: Sébastien Han <seb@redhat.com>
2018-02-07 12:09:51 +01:00
fe57c13b51
Merge pull request #2172 from leseb/etcd-auth
...
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
2018-02-07 11:25:56 +01:00
f9df692056
Issue front proxy certs for vault
2018-02-07 11:03:10 +01:00
Brad Beam
RongZhang
Chad Swenson
Maxim Krasilnikov
Andreas Krüger
Chris Mildebrandt
Matthew Mosesohn
melkosoft
Antoine Legrand
Virgil Chereches
Wong Hoi Sing Edison
Chia-liang Kao
Brad Beam
mlushpenko
mkrasilnikov
jasdeep-hundal
Erwan Miran
Aivars Sterns
Sébastien Han