Commit Graph

1221 Commits (a51104e844001cd5e24a7ddd2cca44c97f288550)

Author SHA1 Message Date
riverzhang 49a223a17d Update elrepo-release rpm version (#1554) 2017-08-23 09:54:51 +03:00
Brad Beam e5cfdc648c Adding ability to override max ttl (#1559)
Prior this would fail because we didnt set max ttl for vault temp
2017-08-23 09:54:01 +03:00
Erik Stidham 9f9f70aade Update Calico to 2.4.1 release.
- Switched Calico images to be pulled from quay.io
- Updated Canal too
2017-08-21 09:33:12 -05:00
Matthew Mosesohn ca3050ec3d Update to Kubernetes v1.7.3 (#1549)
Change kubelet deploy mode to host
Enable cri and qos per cgroup for kubelet
Update CoreOS images
Add upgrade hook for switching from kubelet deployment from docker to host.
Bump machine type for ubuntu-rkt-sep
2017-08-21 10:53:49 +03:00
Vijay Katam 97031f9133 Make epel-release install configurable (#1497) 2017-08-20 14:03:10 +03:00
Vijay Katam c92506e2e7 Add calico variable that enables ignoring Kernel's RPF Setting (#1493) 2017-08-20 14:01:09 +03:00
Kevin Lefevre 65a9772adf Add OpenStack LBaaS support (#1506) 2017-08-20 13:59:15 +03:00
Anton 1e07ee6cc4 etcd_compaction_retention every 8 hour (#1527) 2017-08-20 13:55:48 +03:00
Miad Abrin 3c710219a1 Fix Some Typos in kubernetes master role (#1547)
* Fix Typo etc3 -> etcd3

* Fix typo in post-upgrade of master. stop -> start
2017-08-20 13:54:28 +03:00
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548)
* Added custom ips to etcd vault distributed certificates

* Added custom ips to kube-master vault distributed certificates

* Added comment about issue_cert_copy_ca var in vault/issue_cert role file

* Generate kube-proxy, controller-manager and scheduler certificates by vault

* Revert "Disable vault from CI (#1546)"

This reverts commit 781f31d2b8.

* Fixed upgrade cluster with vault cert manager

* Remove vault dir in reset playbook
2017-08-20 13:53:58 +03:00
Antoine Legrand 72ae7638bc Merge pull request #1446 from matlockx/master
add possibility to ignore the hostname override
2017-08-18 17:03:40 +02:00
Xavier Lange 3bfad5ca73 Bump etcd to 3.2.4 (#1468) 2017-08-18 17:12:33 +03:00
Matthew Mosesohn df28db0066 Fix cert and netchecker upgrade issues (#1543)
* Bump tag for upgrade CI, fix netchecker upgrade

netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.

CI now uses v2.1.1 as a basis for upgrade.

* Fix upgrades for certs from non-rbac to rbac
2017-08-18 15:46:22 +03:00
Jan Jungnickel 20183f3860 Bump Calico CNI Plugin to 1.8.0 (#1458)
This aligns calico component versions with Calico release 2.1.5 and
fixes an issue with nodes being unable to schedule existing workloads
as per [#349](https://github.com/projectcalico/cni-plugin/issues/349)
2017-08-18 15:40:14 +03:00
Matthew Mosesohn 2645e88b0c Fix vault setup partially (#1531)
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00
Vijay Katam 55ba81fee5 Add changed_when: false to rpm query 2017-08-14 12:31:44 -07:00
Brad Beam af007c7189 Fixing netchecker-server type - pod => deployment (#1509) 2017-08-14 18:43:56 +03:00
Seungkyu Ahn b22bef5cfb Apply RBAC to efk and create fluentd.conf
Making fluentd.conf as configmap to change configuration.
Change elasticsearch rc to deployment.
Having installed previous elastaicsearch as rc, first should delete that.
2017-08-11 05:31:50 +00:00
Vijay Katam 7ad5523113 restrict rpm query to redhat 2017-08-10 13:49:14 -07:00
Brad Beam 1155008719 Merge pull request #1481 from magnon-bliex/fluentd-template-fix-typo
fixed typo in fluentd-ds.yml.j2
2017-08-10 08:19:59 -05:00
Vijay Katam 5efda3eda9 Configurable docker yum repos, systemd fix
* Make yum repos used for installing docker rpms configurable
* TasksMax is only supported in systemd version >= 226
* Change to systemd file should restart docker
2017-08-09 15:49:53 -07:00
Brad Beam 383d582b47 Merge pull request #1382 from jwfang/rbac
basic rbac support
2017-08-07 08:01:51 -05:00
Spencer Smith 6eacedc443 Merge pull request #1483 from delfer/patch-3
Update flannel from 0.6.2 to 0.8.0
2017-08-01 13:57:43 -04:00
Spencer Smith e55f8a61cd Merge pull request #1482 from bradbeam/fix1393
Removing run_once in these tasks so that etcd ca certs get propogated…
2017-07-31 13:47:18 -04:00
Spencer Smith cb6892d2ed Merge pull request #1469 from hzamani/etcd_metrics
Add etcd metrics flag
2017-07-31 09:04:07 -04:00
Spencer Smith 43eda8d878 Merge pull request #1471 from whereismyjetpack/fix_1447
add newline after expanding user information
2017-07-31 09:03:04 -04:00
nico cc9f3ea938 Fix enforce-node-allocatable option
Closes #1228
pods is default enforcement

see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add

update
2017-07-31 10:06:53 +02:00
Alexander Chumakov 8bc717a55c Update flannel from 0.6.2 to 0.8.0 2017-07-29 10:54:31 +03:00
Brad Beam d09222c900 Removing run_once in these tasks so that etcd ca certs get propogated properly to worker nodes
without this etcd ca certs dont exist on worker nodes causing calico to fail
2017-07-28 14:34:47 -05:00
magnon-bliex 38eb1d548a fixed typo 2017-07-28 14:10:13 +09:00
Anton e0960f6288 FIX: Unneded (extra) cycles in some tasks (#1393) 2017-07-27 20:46:21 +03:00
timtoum 3e457e4edf Enable weave seed mode for kubespray (#1414)
* Enable weave seed mode for kubespray

* fix task Weave seed | Set peers if existing peers

* fix mac address variabilisation

* fix default values

* fix include seed condition

* change weave var to default values

* fix Set peers if existing peers
2017-07-26 19:09:34 +03:00
Dann Bohn c4894d6092 add newline after expanding user information 2017-07-25 12:59:10 -04:00
Hassan Zamani 3fb0383df4 Add etcd metrics flag 2017-07-25 20:00:30 +04:30
Spencer Smith ee36763f9d Merge pull request #1464 from johnko/patch-4
set loadbalancer_apiserver_localhost default true
2017-07-25 10:00:56 -04:00
Spencer Smith 955c5549ae Merge pull request #1402 from Lendico/fix_failed_when
"failed_when: false" and "|succeeded" checks for registered vars
2017-07-25 09:33:43 -04:00
Spencer Smith 4a34514b21 Merge pull request #1447 from whereismyjetpack/template_known_users
Template out known_users.csv, optionally add groups
2017-07-25 08:55:08 -04:00
Brad Beam 20f29327e9 Merge pull request #1379 from gdmello/etcd_data_dir_fix
Custom `etcd_data_dir` saves etcd data to host, not container
2017-07-20 09:30:18 -05:00
John Ko 018b5039e7 set loadbalancer_apiserver_localhost default true
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs 
related to #1456
@rsmitty
2017-07-20 10:27:05 -04:00
Spencer Smith b5d3d4741f Merge pull request #1454 from Abdelsalam-Abbas/higher_drain_timeout
higher the timeouts for draining nodes while upgrading kubernetes version
2017-07-19 10:39:33 -04:00
Spencer Smith 85c747d444 Merge pull request #1441 from bradbeam/1434
Adding recursive=true for rkt kubelet dir
2017-07-19 10:38:06 -04:00
Spencer Smith 927e6d89d7 Merge pull request #1435 from delfer/master
Kubernetes upgrade to 1.6.7
2017-07-19 05:23:38 -07:00
jwfang 3d87f23bf5 uncomment unintended local changes 2017-07-19 12:11:47 +08:00
jwfang 789910d8eb remote unused netchecker-agent-hostnet-ds.j2 2017-07-17 19:29:59 +08:00
jwfang a8e6a0763d run netchecker-server with list pods 2017-07-17 19:29:59 +08:00
jwfang e1386ba604 only patch system:kube-dns role for old dns 2017-07-17 19:29:59 +08:00
jwfang 83deecb9e9 Revert "no need to patch system:kube-dns"
This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-17 19:29:59 +08:00
jwfang d8dcb8f6e0 no need to patch system:kube-dns 2017-07-17 19:29:59 +08:00
jwfang 552b2f0635 change authorization_modes default value 2017-07-17 19:29:59 +08:00
jwfang 0b3badf3d8 revert calico-related changes 2017-07-17 19:29:59 +08:00
jwfang cea3e224aa change authorization_modes default value 2017-07-17 19:29:59 +08:00
jwfang 1eaf0e1c63 rename task 2017-07-17 19:29:59 +08:00
jwfang 2cda982345 binding group system:nodes to clusterrole calico-role 2017-07-17 19:29:59 +08:00
jwfang c9734b6d7b run calico-policy-controller with proper sa/role/rolebinding 2017-07-17 19:29:59 +08:00
jwfang fd01377f12 remove more bins when reset 2017-07-17 19:29:59 +08:00
jwfang 092bf07cbf basic rbac support 2017-07-17 19:29:59 +08:00
Ubuntu 5145a8e8be higher draining timeouts 2017-07-16 20:52:13 +00:00
Dann Bohn d1f58fed4c Template out known_users.csv, optionally add groups 2017-07-14 09:27:20 -04:00
Martin Joehren 12e918bd31 add possibility to ignore the hostname override 2017-07-13 14:04:39 +00:00
Brad Beam 637f445c3f Merge pull request #1365 from AtzeDeVries/master
Give more control over IPIP, but with same default behaviour
2017-07-12 10:17:17 -05:00
Brad Beam e0bf8b2aab Adding recursive=true for rkt kubelet dir
Fixes #1434
2017-07-12 09:28:54 -05:00
Spencer Smith c75b21a510 Merge pull request #1408 from amitkumarj441/patch-1
Remove deprecated 'enable-cri' flag in kubernetes 1.7
2017-07-11 08:56:14 -04:00
Delfer 9f45eba6f6 Kubernetes upgrade to 1.6.7 2017-07-11 09:11:55 +00:00
AtzeDeVries e160018826 Fixed conflicts, ipip:true as defualt and added ipip_mode 2017-07-08 14:36:44 +02:00
Spencer Smith d1a02bd3e9 match kubespray-defaults dns mode with k8s-cluster setting 2017-07-07 13:13:12 -04:00
Brad Beam 992023288f Merge pull request #1319 from fieryvova/private-dns-server
Add private dns server for a specific zone
2017-07-06 15:02:54 -05:00
Spencer Smith 3ab90db6ee Merge pull request #1411 from kevinjqiu/allow-calico-ipip-subnet-mode
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-06 14:04:03 -04:00
Vladimir Kozyrev e26be9cb8a add private dns server for a specific zone 2017-07-06 16:30:47 +03:00
Spencer Smith bba555bb08 Merge pull request #1346 from Starefossen/patch-1
Set kubedns minimum replicas to 2
2017-07-06 09:14:11 -04:00
Spencer Smith 4b0af73dd2 Merge pull request #1332 from gstorme/kube_apiserver_insecure_port
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-07-06 09:06:50 -04:00
Spencer Smith da72b8c385 Merge pull request #1391 from Abdelsalam-Abbas/master
Uncodron Masters which have scheduling Enabled
2017-07-06 09:06:02 -04:00
Spencer Smith 44079b7176 Merge pull request #1401 from Lendico/better_task_naming
Better naming for recurrent tasks
2017-07-06 09:01:07 -04:00
Kevin Jing Qiu a742d10c54 Allow calico ipPool to be created with mode "cross-subnet" 2017-07-04 19:05:16 -04:00
Hans Kristian Flaatten 38f5d1b18e Set kubedns minimum replicas to 2 2017-07-04 16:58:16 +02:00
Abdelsalam Abbas 5f75d4c099 Uncodron Masters which have scheduling Enabled 2017-07-03 15:30:21 +02:00
Amit Kumar Jaiswal 319a0d65af Update kubelet.j2
Updated with closing endif.
2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal 3d2680a102 Update kubelet.j2
Updated!
2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal c36fb5919a Update kubelet.j2
Updated!!
2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal 46d3f4369e Updated K8s version
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
2017-07-03 04:06:42 +05:30
Martin Joehren c2b3920b50 added flag for not populating inventory entries to etc hosts file 2017-06-30 16:41:03 +00:00
Spencer Smith 6e7323e3e8 Merge pull request #1398 from tanshanshan/fix-reset
clean files in reset roles
2017-06-30 07:59:44 -04:00
Spencer Smith f085419055 Merge pull request #1388 from vgkowski/master
add six package to bootstrap role
2017-06-30 07:30:36 -04:00
Anton Nerozya 1fedbded62 ignore_errors instead of failed_when: false 2017-06-29 20:15:14 +02:00
Anton Nerozya c8258171ca Better naming for recurrent tasks 2017-06-29 19:50:09 +02:00
tanshanshan 007ee0da8e fix reset 2017-06-29 14:45:15 +08:00
Brad Beam 5e1ac9ce87 Merge pull request #1354 from chadswen/kubedns-var-fix
kubedns consistency fixes
2017-06-27 22:26:46 -05:00
Brad Beam a7cd08603e Merge pull request #1384 from gdmello/etcd_backup_dir_fix
Make etcd_backup_prefix configurable.
2017-06-27 22:25:53 -05:00
Brad Beam 854cd1a517 Merge pull request #1380 from jwfang/max-dns
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-27 21:15:12 -05:00
Spencer Smith 23565ebe62 Merge pull request #1356 from rsmitty/rename
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Chad Swenson 8467bce2a6 Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars 2017-06-27 10:19:31 -05:00
gdmelloatpoints 649654207f mount the etcd data directory in the container with the same path as on the host. 2017-06-27 09:29:47 -04:00
gdmelloatpoints 3123502f4c move `etcd_backup_prefix` to new home. 2017-06-27 09:12:34 -04:00
vincent gromakowski 17d54cffbb add six package to bootstrap role 2017-06-27 10:08:57 +02:00
Seungkyu Ahn d5516a4ca9 Make kubedns up to date
Update kube-dns version to 1.14.2
https://github.com/kubernetes/kubernetes/pull/45684
2017-06-27 00:57:29 +00:00
gdmelloatpoints 4ba237c5d8 Make etcd_backup_prefix configurable. Ensures that backups can be stored on a different location other than ${HOST}/var/backups, say an EBS volume on AWS. 2017-06-26 09:42:30 -04:00
jwfang ec2255764a docker_dns_servers_strict to control docker_dns_servers rtrim 2017-06-26 17:29:12 +08:00
Abdelsalam Abbas 1a8e92c922 Fixing cordoning condition that cause fail for upgrading the cluster 2017-06-23 20:41:47 +02:00
gdmelloatpoints 5c1891ec9f In the etcd container, the etcd data directory is always /var/lib/etcd. Reverting to this value, since `etcd_data_dir` on the host maps to `/var/lib/etcd` in the container. 2017-06-23 13:49:31 -04:00
Spencer Smith bae5ce0bfa Merge branch 'master' into rename 2017-06-23 12:23:51 -04:00
AtzeDeVries 61b74f9a5b updated to direct control over ipip 2017-06-23 09:16:05 +02:00