Chad Swenson
f4fe9e3421
Merge pull request #2171 from ArchiFleKs/kubeproxy-lvs
...
Add lib/modules to kube-proxy to enable LVS
2018-01-29 22:58:02 -06:00
Brad Beam
da173615e4
Merge pull request #2048 from xizhibei/master
...
Fix: always only one container got synced after download
2018-01-29 16:01:11 -06:00
Matthew Mosesohn
dc6a17e092
Use include/import tasks ( #2192 )
...
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
2018-01-29 14:37:48 +03:00
Miouge1
240d4193ae
Update information about network sizes
2018-01-26 15:23:21 +01:00
Matthew Mosesohn
ac66e98ae9
Upgrade to Kubernetes v1.9.1 ( #2152 )
...
Raise drain timeout to 5m
2018-01-25 18:44:44 +03:00
Matthew Mosesohn
d2935ffed0
Optionally ignore the presence of extra calico pools ( #2190 )
2018-01-25 18:44:20 +03:00
Chad Swenson
c6e0fcea31
Merge pull request #1948 from sgmitchell/secured-etcd
...
Enable etcd secure client to prevent etcdctl access without cert and key
2018-01-25 09:35:51 -06:00
Chad Swenson
5d014d986b
Merge pull request #1992 from manics/flannel-hairpin
...
Enable flannel hairpin mode
2018-01-24 21:20:03 -06:00
mirwan
714994cad8
iptables: flush nat table as well as filter table upon reset ( #2174 )
...
* iptables: flush nat table as well as filter table upon reset
* Indentation fix
2018-01-24 20:22:49 -06:00
Brad Beam
08fe61e058
Merge pull request #2071 from riverzhang/dashboard
...
Update dashboard version to v1.8.1
2018-01-24 20:10:05 -06:00
Brad Beam
0c8bed21ee
Merge pull request #2019 from chadswen/disable-api-insecure-port
...
Support for disabling apiserver insecure port (the sequel)
2018-01-24 19:58:53 -06:00
Brad Beam
98eb845f8c
Merge pull request #2173 from mirwan/hardcoded_dnsmasq-autoscaler_image
...
Dnsmasq autoscaler image should be a variable
2018-01-24 16:15:59 -06:00
Brad Beam
98300e3165
Merge pull request #2155 from brutus333/fix/pvc
...
Fix for Issue #2141
2018-01-24 16:15:33 -06:00
Cornelius Keller
e22759d8f0
fix nodePort for weave
2018-01-24 10:31:51 +01:00
Matthew Mosesohn
bf1411060e
Add optional manual dns_mode ( #2178 )
2018-01-23 14:28:42 +01:00
Virgil Chereches
a4d142368b
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
2018-01-23 13:14:00 +00:00
Brad Beam
eb80f9b606
Merge pull request #2154 from tdihp/proxy-conf-restart-docker
...
Restart docker when http-proxy.conf changed.
2018-01-22 08:39:05 -06:00
Stanislav Makar
ae47b617e3
Fix 'no such host' problem ( #2148 )
...
Fix 'no such host' problem reported by commands *kubectl logs* and *kubectl exec*
when cloud_provider is OpenStack
Closes : #2147
2018-01-22 16:08:24 +03:00
Erwan Miran
e5b4011aa4
move hardcoded dnsmasq autoscaler image to its own variable
2018-01-18 16:04:29 +01:00
Virgil Chereches
3125f93b3f
Added disable_volume_zone_conflict variable
2018-01-18 10:55:23 +00:00
Spencer Smith
f19c8e8c1d
Merge pull request #2132 from PhilippeChepy/flex-volumes
...
Add support for flex volumes plugins.
2018-01-17 15:00:45 -05:00
ArchiFleKs
637604d08f
Add lib/modules to kube-proxy to enable LVS
...
kube-proxy is complaining of missing modules at startup. There is a plan
to also support an LVS implementation of kube-proxy in additon to
userspace and iptables
2018-01-17 16:35:53 +01:00
Jonas Kongslund
11844c987c
Make the Kubelet read-only port configurable and disable it by default. Fixes #2159 .
2018-01-16 11:11:41 +04:00
Virgil Chereches
8c45c88d15
Fix for Issue #2141 - added policy file
2018-01-12 07:15:35 +00:00
Virgil Chereches
c87bb2f239
Fix for Issue #2141
2018-01-12 07:07:02 +00:00
heping
32eeb9a0e0
Restart docker when http-proxy.conf changed.
2018-01-12 10:56:25 +08:00
rong.zhang
df21fc8643
Remove initContainer
2018-01-10 12:17:17 +08:00
Spencer Smith
ccd9cc3dce
Merge pull request #2146 from abelgana/master
...
Manage deprecated kubelet option
2018-01-09 17:19:42 -05:00
Spencer Smith
81867402f6
Merge pull request #2145 from pslijkhuis/master
...
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
2018-01-09 17:19:09 -05:00
Spencer Smith
4f5d61212b
Merge pull request #2144 from neith00/weave-2.1.3
...
updated weave to 2.1.3
2018-01-09 17:18:26 -05:00
Spencer Smith
ef96123482
Merge pull request #2068 from chadswen/remove-container-retries
...
Retry kube container removal during upgrade
2018-01-09 15:03:50 -05:00
Spencer Smith
ee27ab0052
Merge pull request #2124 from riverzhang/patch-3
...
Remove blank lines
2018-01-09 14:58:49 -05:00
Spencer Smith
57f87ba083
Merge pull request #2142 from trilogy-group/hotfix/fluentd-template
...
fix fluentd template
2018-01-09 14:44:50 -05:00
abelgana
a9bb72c6fd
require-kubeconfig is depricated since k8s v1.8
2018-01-09 14:35:42 -05:00
abelgana
9506c2e597
require-kubeconfig is deprecated since K8s v1.8
2018-01-09 14:33:05 -05:00
Peter Slijkhuis
32884357ff
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
2018-01-09 14:04:36 +01:00
neith00
88204642b7
updated weave to 2.1.3
2018-01-09 13:50:42 +01:00
Matthew Mosesohn
1401286910
Add support for cert alt names for etcd ( #2139 )
...
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
2018-01-09 14:37:34 +03:00
Lukasz Piatkowski
12eb242224
fix fluentd template
2018-01-08 13:40:47 +00:00
Philippe Chepy
df9faa1743
Add support for flex volumes plugins.
2018-01-05 17:56:36 +01:00
ArchiFleKs
ce85bcaee7
Simplify and update OpenStack cloud provider
...
Simplify the number of variables necessary to "just" enable OpenStack
cloud provider. Also add the new options available in K8s 1.9.
2018-01-05 12:05:24 +01:00
rong.zhang
6ed2a60978
fix run dashboard error
2018-01-04 13:13:36 +08:00
Bogdan Dobrelya
bac3bf1a5f
Fix auto-evaluated API access endpoint for bind IP ( #2086 )
...
Auto configure API access endpoint with a custom bind IP, if provided.
Fix HA docs' http URLs are https in fact, clarify the insecure vs secure
API access modes as well.
Closes: #issues/2051
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-03 17:40:21 +01:00
RongZhang
e3b684df21
Remove blank lines
...
Remove blank lines
2018-01-03 00:54:04 -06:00
Steve Mitchell
e45b30d033
Add etcd key and cert environment variables for use with client auth
2018-01-02 13:52:17 -05:00
Matthew Mosesohn
ad6fecefa8
Update Kubernetes to v1.9.0 ( #2100 )
...
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.
Change region for tests to us-central1 to
improve ansible performance
2017-12-25 08:57:45 +00:00
Jan Jungnickel
3fdb2ccf55
Revert back to using an empty var as default to exclude hostname ( #2110 )
2017-12-22 22:09:59 +00:00
Matthew Mosesohn
29f5b55d42
remove unwanted whitespace for kube_override_hostname ( #2105 )
2017-12-22 11:31:18 +00:00
rong.zhang
5aef52e8c0
fix dashboard certs secret
2017-12-22 11:17:05 +08:00
Matthew Mosesohn
6bb46e3ecb
Fix param names in preparation for Kubernetes v1.9.0 ( #2098 )
...
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
2017-12-20 10:48:09 +00:00
Matthew Mosesohn
127bc01857
Do not override kubelet hostname if cloud_provider is used ( #2095 )
...
Starting with Kubernetes v1.8.4, kubelet ignores the AWS cloud
provider string and uses the override hostname, which fails
Node admission checks.
Fixes #2094
2017-12-19 20:18:20 +00:00
Evan Zeimet
a6975c1850
Rename runtime docker_version ( #2082 )
...
Renaming runtime docker_version to prevent setting that
value on the command line from breaking the play run.
This fixes #2081
2017-12-19 14:47:54 +00:00
Stanislav Makar
b2cb0725ac
Default OpenStack Cinder Storage Class ( #2083 )
...
Add possibility to create default OpenStack Cinder Storage Class
Closes : #1609
2017-12-19 14:47:00 +00:00
rong.zhang
b974b144a8
Add RBAC to binding Dahsboard UI
2017-12-18 23:07:19 +08:00
Matthew Mosesohn
bfb25fa47b
Change vault cert ttl to 8y ( #2013 )
2017-12-15 13:34:00 +00:00
Wei Tie
3bb505d43f
Remove unrequired mounts
2017-12-14 14:59:40 -08:00
Matthew Mosesohn
b135bcb9d9
Split download container task for delegate and non-delegate modes ( #2077 )
...
Ansible cannot seem to handle omitting delegate_to since v2.4.0.0.
Possibly related: https://github.com/ansible/ansible/issues/30760
2017-12-14 16:45:54 +00:00
Wei Tie
4e97225424
Add quote for etcd endpoints
2017-12-13 18:35:12 -08:00
rong.zhang
0771cd8599
Remove dashboard_tls_key and dashboard_tls_cert
2017-12-13 15:42:20 +08:00
Fang Zhen
91d848f98a
Make spliting system_search_domains more robust
...
The search line in /etc/resolv.conf could have
multiple spaces or tabs between domains.
split(' ') will give wrong results in some case,
use split() without argument instead.
e.g.
>>> 'domain.tld cluster.tld '.split(' ')
['domain.tld\tcluster.tld', '']
>>> 'domain.tld cluster.tld '.split()
['domain.tld', 'cluster.tld']
2017-12-13 15:39:38 +08:00
rong.zhang
40edf8c6f5
Update dashboard version to v1.8.0
...
Update dependencies to be compatible with Kubernetes v1.8
2017-12-13 12:50:44 +08:00
Chad Swenson
e78562830f
Retry kube container removal during upgrade
...
As we have seen with other containers, sometimes container removal fails on the first attempt due to some Docker bugs. Retrying typically corrects the issue.
2017-12-12 12:06:41 -06:00
Simon Li
bef259a6eb
Always set net.bridge.bridge-nf-call-* sysctl
2017-12-12 17:11:35 +00:00
Brad Beam
39ce1bd8be
Merge pull request #2059 from bradbeam/vaultalt
...
Fixing alt_names for vault cert generation
2017-12-12 09:28:51 -06:00
Spencer Smith
6291881943
Merge pull request #2057 from rsmitty/master
...
set docker_version fact regardless of docker_dns in use
2017-12-12 10:28:14 -05:00
Brad Beam
802fd94dad
Merge pull request #2054 from ArchiFleKs/os-cloud-provider-domain-fix
...
Fix domain id for OpenStack provider
2017-12-11 21:06:16 -06:00
Xu Zhipei
66f38a1b31
fix: always only one docker image got synced after download
2017-12-12 09:51:03 +08:00
Brad Beam
d3850a4da5
Fixing alt_names for vault cert generation
2017-12-11 17:28:18 -06:00
Spencer Smith
53a4355e60
set docker_version fact regardless of docker_dns in use
2017-12-11 17:48:11 -05:00
Brad Beam
19def41fdf
Merge pull request #2047 from bradbeam/vaulttime
...
Adding retries for vault-temp to come online
2017-12-11 09:04:57 -06:00
ArchiFleKs
44b9dce134
Fix domain id for OpenStack provider
...
OpenStack authentication does not support using a mix of DomainID and
DomainName, only one or the other should be used.
2017-12-11 15:57:33 +01:00
Brad Beam
fa5a538fe5
Merge pull request #2050 from jbonachera/fix-vault-tls-validation
...
append newline char to vault generated certs
2017-12-11 08:41:34 -06:00
Brad Beam
9643c2c1e3
Fixes to reset ( #2046 )
...
- adding additional directories to cleanup (rkt/vault)
- targeting kubespray ansible groups instead of all
2017-12-11 12:49:21 +00:00
Brad Beam
93f3614382
Fixes #2039 - changing alt_names to be string instead of list ( #2043 )
2017-12-11 12:48:07 +00:00
Brad Beam
cbc8a7d679
Merge pull request #1995 from b0r1sp/patch-1
...
Update main.yml
2017-12-10 21:45:02 -06:00
Julien BONACHERA
290bc993a5
append newline char to vault generated certs
2017-12-10 13:06:28 +01:00
Brad Beam
3694657eb6
Adding retries for vault-init to come online
2017-12-09 17:40:44 -06:00
Thomas Sarboni
79417e07ca
Fix systemd service unit for docker >= 17.03 ( #1844 )
2017-12-08 13:12:45 +00:00
Wei Tie
dad95c873b
Remove templating for etcd members
...
Use a etcd-initer init container to generate etcd args, it determines
etcd name by comparing its ip and etcd cluster ips. This way will
make etcd configuration independent to the ansible templating so
that could be easier on adding master nodes.
2017-12-07 23:33:29 -08:00
Spencer Smith
626b35e1b0
Merge pull request #2005 from riverzhang/patch-1
...
Delete helm home
2017-12-07 11:23:30 -05:00
Wei Tie
5881ba43f8
Split contiv etcd and etcd-proxy into two daemonsets
...
Putting contiv etcd and etcd-proxy into the same daemonset and manage
the difference by a env file is not good for scaling (adding nodes).
This commit split them into two daemonsets so that when adding nodes,
k8s could automatically starting a etcd-proxy on new nodes without need
to run related play that putting env file.
2017-12-06 22:21:50 -08:00
Brad Beam
fed7b97dcb
Merge pull request #2030 from mattymo/removerbaccheck
...
Remove RBAC from boolean checks
2017-12-06 23:41:13 -06:00
Spencer Smith
c4458c9d9a
Merge pull request #1997 from mrbobbytables/feature-keepalived-cloud-provider
...
Add minimal keepalived-cloud-provider support
2017-12-06 23:28:27 -05:00
riverzhang
aeb3e647d4
Remove the network device created by the flannel ( #2006 )
...
* Remove the network device created by the flannel
Remove the network device created by the flannel
* Modify flannel.1 device path
Modify flannel.1 device path
* remove trailing spaces
2017-12-06 14:15:39 +00:00
Kuldip Madnani
fe036cbe77
Adding changes to handle updation of yum Management cache in rhel. ( #2026 )
...
* Adding changes to handle updation of yum cache in rhel.
* Removed the redundant spaces
2017-12-06 09:00:41 +00:00
Matthew Mosesohn
952ec65a40
Remove RBAC from boolean checks
2017-12-06 11:57:40 +03:00
Chad Swenson
b8788421d5
Support for disabling apiserver insecure port
...
This allows `kube_apiserver_insecure_port` to be set to 0 (disabled).
Rework of #1937 with kubeadm support
Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
2017-12-05 09:13:45 -06:00
Brad Beam
c2347db934
Merge pull request #1953 from chadswen/dashboard-refactor
...
Kubernetes Dashboard v1.7.1 Refactor
2017-12-05 08:50:55 -06:00
Brad Beam
27ead5d4fa
Merge pull request #2003 from abelgana/master
...
Change altnames to alt_names
2017-12-05 08:48:32 -06:00
Stanislav Makar
6ade7c0a8d
Update k8s version to 1.8.4 ( #2015 )
...
* Update k8s version to 1.8.4
* Update main.yml
2017-12-04 16:23:04 +00:00
Matthew Mosesohn
a0225507a0
Set helm deployment type to host ( #2012 )
2017-11-29 19:52:54 +00:00
Steven Hardy
d39a88d63f
Allow setting --bind-address for apiserver hyperkube ( #1985 )
...
* Allow setting --bind-address for apiserver hyperkube
This is required if you wish to configure a loadbalancer (e.g haproxy)
running on the master nodes without choosing a different port for the
vip from that used by the API - in this case you need the API to bind to
a specific interface, then haproxy can bind the same port on the VIP:
root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
tcp 0 0 192.168.24.6:6443 0.0.0.0:* LISTEN 0 680613 134504/haproxy
tcp 0 0 192.168.24.16:6443 0.0.0.0:* LISTEN 0 653329 131423/hyperkube
tcp 0 0 192.168.24.16:6443 192.168.24.16:58404 ESTABLISHED 0 652991 131423/hyperkube
tcp 0 0 192.168.24.16:58404 192.168.24.16:6443 ESTABLISHED 0 652986 131423/hyperkube
This can be achieved e.g via:
kube_apiserver_bind_address: 192.168.24.16
* Address code review feedback
* Update kube-apiserver.manifest.j2
2017-11-29 15:24:02 +00:00
unclejack
e5d353d0a7
contiv network support ( #1914 )
...
* Add Contiv support
Contiv is a network plugin for Kubernetes and Docker. It supports
vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies,
multiple networks and bridging pods onto physical networks.
* Update contiv version to 1.1.4
Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config.
* Load openvswitch module to workaround on CentOS7.4
* Set contiv cni version to 0.1.0
Correct contiv CNI version to 0.1.0.
* Use kube_apiserver_endpoint for K8S_API_SERVER
Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks
to a available endpoint no matter if there's a loadbalancer or not.
* Make contiv use its own etcd
Before this commit, contiv is using a etcd proxy mode to k8s etcd,
this work fine when the etcd hosts are co-located with contiv etcd
proxy, however the k8s peering certs are only in etcd group, as a
result the etcd-proxy is not able to peering with the k8s etcd on
etcd group, plus the netplugin is always trying to find the etcd
endpoint on localhost, this will cause problem for all netplugins
not runnign on etcd group nodes.
This commit make contiv uses its own etcd, separate from k8s one.
on kube-master nodes (where net-master runs), it will run as leader
mode and on all rest nodes it will run as proxy mode.
* Use cp instead of rsync to copy cni binaries
Since rsync has been removed from hyperkube, this commit changes it
to use cp instead.
* Make contiv-etcd able to run on master nodes
* Add rbac_enabled flag for contiv pods
* Add contiv into CNI network plugin lists
* migrate contiv test to tests/files
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
* Add required rules for contiv netplugin
* Better handling json return of fwdMode
* Make contiv etcd port configurable
* Use default var instead of templating
* roles/download/defaults/main.yml: use contiv 1.1.7
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
Di Xu
de422c822d
update nginx tag to use multi-arch docker image ( #2009 )
2017-11-29 10:39:52 +00:00
Matthew Mosesohn
4d3326b542
Raise default vault lease TTL to 10y ( #2008 )
2017-11-29 10:38:59 +00:00
riverzhang
1b82138142
Delete helm home
...
Delete helm home
2017-11-29 13:27:09 +08:00
Christopher Randles
208ff8e350
Allow for more customization of the tiller deploy ( #1946 )
2017-11-28 18:33:57 +00:00
Matthew Mosesohn
ec54b36e05
add retries for calico/canal etcd commands ( #2007 )
2017-11-28 16:39:55 +00:00
Spencer Smith
38e8522cbf
Merge pull request #1983 from tomdee/bump-flannel-ver
...
Bump flannel version to v0.9.1
2017-11-28 11:38:55 -05:00
Spencer Smith
52f8687397
Merge pull request #1977 from mattymo/initializers
...
Disable initializers feature gate if istio is not used
2017-11-28 11:37:41 -05:00
Spencer Smith
43600ffcf8
Merge pull request #1972 from chadswen/master-static-pod-flush
...
Additional flush for static pod master upgrade
2017-11-28 11:36:38 -05:00
Christopher Randles
938d2d9e6e
update helm/tiller to v2.7.2 -- security bugfix ( #1986 )
2017-11-28 14:52:42 +00:00
Kevin Lefevre
9368dbe0e7
update calico to 2.6.2 ( #1874 )
...
Move RS to deployment so no need to take care of the revision history
limits :
- Delete the old RS
- Make Calico manifest a deployment
- move deployments to apps/v1beta2 API since Kubernetes 1.8
2017-11-28 12:01:30 +00:00
abelgana
fe3290601a
The variable altnames is used by this task.
...
Since the value will change on the default. It needs to change here also.
2017-11-27 06:57:16 -05:00
abelgana
e7173e1d62
Change altnames to alt_names
...
Hi,
Could you please check if it was a typo?
https://www.vaultproject.io/api/secret/pki/
Regards,
2017-11-25 17:29:21 -05:00
brx
2ffcfdcd25
Update main.yml
2017-11-24 20:13:38 +01:00
Bogdan Dobrelya
8aafe64397
Defaults for apiserver_loadbalancer_domain_name ( #1993 )
...
* Defaults for apiserver_loadbalancer_domain_name
When loadbalancer_apiserver is defined, use the
apiserver_loadbalancer_domain_name with a given default value.
Fix unconsistencies for checking if apiserver_loadbalancer_domain_name
is defined AND using it with a default value provided at once.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
* Define defaults for LB modes in common defaults
Adjust the defaults for apiserver_loadbalancer_domain_name and
loadbalancer_apiserver_localhost to come from a single source, which is
kubespray-defaults. Removes some confusion and simplefies the code.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-11-23 16:15:48 +00:00
Bob Killen
2140303fcc
add minimal keepalived-cloud-provider support
2017-11-23 08:43:36 -05:00
brx
b80ded63ca
Update main.yml
...
just a small spelling mistake
2017-11-21 22:37:52 +01:00
Simon Li
7be2521a31
Add flannel hairping mode
2017-11-21 10:43:50 +00:00
Tom Denham
15b9d54a32
Bump flannel version to v0.9.1
2017-11-16 12:52:18 -07:00
Spencer Smith
bc1a4e12ad
fix broken variable in ansible 2.4.1.0 and ensure tasks for calico-rr ( #1982 )
2017-11-16 18:44:15 +00:00
Matthew Mosesohn
67419e8d0a
Run rotate_tokens role only once ( #1970 )
2017-11-15 18:50:23 +00:00
Chad Swenson
849aaf7435
Update to k8s 1.8.3 ( #1971 )
2017-11-15 17:43:22 +00:00
Chad Swenson
a89ee8c406
Add ability to use custom cert secret instead of init container provisioned self-signed certs
2017-11-15 10:05:52 -06:00
Chad Swenson
0c6f172e75
Kubernetes Dashboard v1.7.1 Refactor
...
This version required changing the previous access model for dashboard completely but it's a change for the better. Docs were updated.
* New login/auth options that use apiserver auth proxying by default
* Requires RBAC in `authorization_modes`
* Only serves over https
* No longer available at https://first_master:6443/ui until apiserver is updated with the https proxy URL:
* Can access from https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login you will be prompted for credentials
* Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
* It is recommended to access dashboard from behind a gateway that enforces an authentication token, details and other access options here: https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
2017-11-15 10:05:48 -06:00
Matthew Mosesohn
a67349b076
Disable initializers feature gate if istio is not used
2017-11-15 12:56:36 +00:00
Matthew Mosesohn
f9b68a5d17
Revert "Support for disabling apiserver insecure port" ( #1974 )
2017-11-14 13:41:28 +00:00
chenhonggc
c7910b51a1
--peers DEPRECATED - --endpoints should be used instead ( #1943 )
2017-11-14 11:28:35 +00:00
Chad Swenson
1f99710b21
Additional flush for static pod master upgrade
...
Thought this wasn't required at first but I forgot there's no auto flush at the end of these tasks since the `kubernetes/master` role is not the end of the play.
2017-11-13 18:11:57 -06:00
Aivars Sterns
5e558c361b
update weave-net to 2.0.5 version ( #1877 )
2017-11-13 16:11:47 +00:00
neith00
5f39efcdfd
adding mount for kubelet to enable rbd mounts ( #1957 )
...
* adding mount for kubelet to enable rbd mounts
* fix conditionnal variable name
2017-11-13 14:04:13 +00:00
Stanislav Makar
037edf1215
Fix failed task of setting up bash completion for helm ( #1968 )
...
Closes : #1967
2017-11-13 10:15:53 +00:00
Hyunsun Moon
37125866ca
Make calico_node_ignorelooserpf have an effect ( #1945 )
2017-11-13 09:35:13 +00:00
Günther Grill
421e73b87c
Add missing exclamation mark in shebang line ( #1966 )
2017-11-13 09:34:21 +00:00
Brad Beam
c115e5677e
Merge pull request #1828 from hzamani/patch-1
...
Use etcd_access_addresses for vault_etcd_url
2017-11-10 10:56:37 -05:00
Spencer Smith
09d85631dc
Merge pull request #1944 from chadswen/reload-master-pods
...
Master component and kubelet container upgrade fixes
2017-11-08 22:23:12 -05:00
Brad Beam
f25e4dc3ed
Merge pull request #1937 from chadswen/disable-api-insecure-port
...
Support for disabling apiserver insecure port
2017-11-08 18:13:49 -05:00
Spencer Smith
0126168472
provide environment for rkt trust and run with etcd
2017-11-08 12:57:22 -05:00
Chad Swenson
e9f795c5ce
Master component and kubelet container upgrade fixes
...
* Fixes an issue where apiserver and friends (controller manager, scheduler) were prevented from restarting after manifests/secrets are changed. This occurred when a replaced kubelet doesn't reconcile new master manifests, which caused old master component versions to linger during deployment. In my case this was causing upgrades from k8s 1.6/1.7 -> k8s 1.8 to fail
* Improves transitions from kubelet container to host kubelet by preventing issues where kubelet container reappeared during the deployment
2017-11-08 01:40:33 -06:00
Chad Swenson
0c7e1889e4
Support for disabling apiserver insecure port
...
This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). It's working, but so far I have had to:
1. Make the `uri` module "Wait for apiserver up" checks use `kube_apiserver_port` (HTTPS)
2. Add apiserver client cert/key to the "Wait for apiserver up" checks
3. Update apiserver liveness probe to use HTTPS ports
4. Set `kube_api_anonymous_auth` to true to allow liveness probe to hit apiserver's /healthz over HTTPS (livenessProbes can't use client cert/key unfortunately)
5. RBAC has to be enabled. Anonymous requests are in the `system:unauthenticated` group which is granted access to /healthz by one of RBAC's default ClusterRoleBindings. An equivalent ABAC rule could allow this as well.
Changes 1 and 2 should work for everyone, but 3, 4, and 5 require new coupling of currently independent configuration settings. So I also added a new settings check.
Options:
1. The problem goes away if you have both anonymous-auth and RBAC enabled. This is how kubeadm does it. This may be the best way to go since RBAC is already on by default but anonymous auth is not.
2. Include conditional templates to set a different liveness probe for possible combinations of `kube_apiserver_insecure_port = 0`, RBAC, and `kube_api_anonymous_auth` (won't be possible to cover every case without a guaranteed authorizer for the secure port)
3. Use basic auth headers for the liveness probe (I really don't like this, it adds a new dependency on basic auth which I'd also like to leave independently configurable, and it requires encoded passwords in the apiserver manifest)
Option 1 seems like the clear winner to me, but is there a reason we wouldn't want anonymous-auth on by default? The apiserver binary defaults anonymous-auth to true, but kubespray's default was false.
2017-11-06 14:01:10 -06:00
Günther Grill
0d55ed3600
Avoid that some read-only tasks cause an ansible-change ( #1910 )
2017-11-06 13:51:07 +00:00
Haiwei Liu
ad0cd6939a
Add support cAdvisor ( #1908 )
...
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-11-06 13:50:28 +00:00
Stanislav Makar
33adb334cd
Fix openstack tenant id variable name ( #1932 )
2017-11-05 08:40:41 +00:00
Spencer Smith
ef87a8a1f0
Merge pull request #1916 from vtomasr5/master
...
Fix bad handler directory name in kubeadm role
2017-11-03 18:14:48 -04:00
Spencer Smith
a595c84f7e
Merge pull request #1928 from chadswen/flannel-rbac-fix
...
Flannel RBAC Fix
2017-11-03 18:12:16 -04:00
Chad Swenson
b158dbcf79
Docker Version Update
...
Update default docker version to 17.03.1
2017-11-03 12:34:45 -05:00
Matthew Mosesohn
ab3832f3e7
Set host IP for kubelet always ( #1924 )
...
* Set host IP for kubelet always
Use ansible default IP if ip var is not set.
* Update main.yml
2017-11-03 10:19:37 +00:00
Kevin Lefevre
9bf415f749
update helm to v2.7.0 ( #1875 )
...
* update helm to v2.7.0
* Update main.yml
2017-11-03 07:15:00 +00:00
Günther Grill
a2bda9e5f1
Eliminate jinja2 template expression warning and rename coreos-python var ( #1911 )
...
* Change deprecated vagrant ansible flag 'sudo' to 'become'
* Emphasize, that the name of the pip_pyton_modules is only considered in coreos
* Remove useless unused variable
* Fix warning when jinja2 template-delimiters used in when statement
There is no need for jinja2 template-delimiters like {{ }} or {% %}
any more. They can just be omitted as described in https://github.com/ansible/ansible/issues/22397
* Fix broken link in getting-started guide
2017-11-03 07:11:36 +00:00
Günther Grill
0195725563
Workaround ansible bug where access var via dict doesn't get real value ( #1912 )
...
* Change deprecated vagrant ansible flag 'sudo' to 'become'
* Workaround ansible bug where access var via dict doesn't get real value
When accessing a variable via it's name "{{ foo }}" its value is
retrieved. But when the variable value is retrieved via the vars-dict
"{{ vars['foo'] }}" this doesn't resolve the expression of the variable
any more due to a bug. So e.g. a expression foo="{{ 1 == 1 }}" isn't
longer resolved but just returned as string "1 == 1".
* Make file yamllint complient
2017-11-03 07:11:14 +00:00
Spencer Smith
ec1170bd37
only mount volumes if local_volumes_enabled is true. fix mount flags in rkt. ( #1923 )
2017-11-03 07:10:37 +00:00
Matthew Mosesohn
66c67dbe73
Add optional helm deployment mode for host ( #1920 )
2017-11-03 07:09:24 +00:00
Chad Swenson
16ae2c1809
Flannel RBAC Fix
...
Fixes a bug that can occur if `cni-flannel-rbac.yml` was written but the playbook failed before it was applied. Uses the same approach as calico.
2017-11-02 23:20:23 -05:00
Spencer Smith
4771716ab2
Merge pull request #1907 from mattymo/disable_anon_auth
...
Block anonymous auth requests to kubelet
2017-11-02 12:01:39 -04:00
Spencer Smith
b156585739
Merge pull request #1917 from chadswen/docker-daemon-graph
...
Fix kubelet container with alternate Docker data paths
2017-11-02 11:58:55 -04:00
Matthew Mosesohn
520103df78
Change namespace for provisioner account
2017-11-02 10:16:08 +00:00
Matthew Mosesohn
3e3787de15
Fix local volume provisioner mount point for rkt
2017-11-02 09:45:26 +00:00
Chad Swenson
0c824d5ef1
Fix kubelet container with alternate Docker data paths
...
Some time ago I think the hardcoded `/var/lib/docker` was required, but kubelet running in a container has been aware of the Docker path since at least as far back as k8s 1.6.
Without this change, you see a large number of errors in the kubelet logs if you installed with a non-default `docker_daemon_graph`
2017-11-01 13:25:15 -05:00
Matthew Mosesohn
c0e989b17c
New addon: local_volume_provisioner ( #1909 )
2017-11-01 14:25:35 +00:00
Vicenç Juan Tomàs Montserrat
5218b3af82
Fix bad handler directory name in kubeadm role
2017-11-01 14:36:28 +01:00
Spencer Smith
ef0a91da27
Merge pull request #1891 from rsmitty/proxy-fixes
...
Improved proxy support
2017-10-31 14:32:12 -04:00
Spencer Smith
8412181746
Merge pull request #1899 from skyscooby/update_kube182
...
Update to Kubernetes 1.8.2
2017-10-31 14:30:56 -04:00
Spencer Smith
400ee2aa57
Merge pull request #1898 from skyscooby/update_kubedns
...
Update kubedns to 1.14.7 release
2017-10-31 14:30:36 -04:00
Spencer Smith
05b8466f87
Merge pull request #1890 from chadswen/apt-repo-params
...
Parameterize dockerproject apt repo endpoints
2017-10-31 14:29:19 -04:00
Spencer Smith
19962f6b6a
fix indentation for master template ( #1906 )
2017-10-31 06:43:54 +00:00
Matthew Mosesohn
f7703dbca3
Block anonymous auth requests to kubelet
2017-10-30 19:06:54 +00:00
Spencer Smith
74a9eedb93
helm template check for http/https_proxy
2017-10-30 13:11:04 -04:00
Spencer Smith
6df104b275
don't check for no_proxy, only http/https_proxy. fix linting issues.
2017-10-30 11:42:14 -04:00
Spencer Smith
b27453d8d8
improved proxy support
2017-10-30 11:42:14 -04:00
Spencer Smith
4470ee4ccf
Merge pull request #1887 from mattymo/fix_indent_apiserver
...
fix indentation for network policy option
2017-10-30 11:33:13 -04:00
Andrew Greenwood
8a86acf75d
Update kubespray-defaults kubernetes to v1.8.2
2017-10-30 09:34:32 -04:00
abelgana
d738acf638
Update kubelet.kubeadm.env.j2 ( #1901 )
2017-10-30 11:33:02 +00:00
tanshanshan
84d92aa3c7
fix-bug ( #1900 )
2017-10-30 11:23:24 +00:00
Andrew Greenwood
dd01cabcdc
Update to kubernetes 1.8.2
2017-10-29 22:13:06 -04:00
Andrew Greenwood
c383c7e2c1
Update kubedns image to latest
2017-10-29 21:58:05 -04:00
Andrew Greenwood
958bb5285d
Update kubedns image to latest
2017-10-29 21:57:32 -04:00
Spencer Smith
f0317ae70b
Merge pull request #1876 from ArchiFleKs/update_flannel
...
update flannel
2017-10-27 15:22:54 -04:00
Spencer Smith
591941bd39
Merge pull request #1884 from abelgana/master
...
Sysctl reload if needed after IP forward enabling
2017-10-27 15:12:08 -04:00
Spencer Smith
e90769c869
Merge pull request #1888 from chapsuk/issue_1885
...
Disable swap in vagrant vms
2017-10-27 15:10:16 -04:00
Chad Swenson
256bbb1a8a
Parameterize apt repo endpoints
...
This allows overriding of apt repo endpoints when internet sources are not accessible. Additionally, switch to using the dockerproject.org gpg key url for apt instead of keyservers.net
2017-10-27 13:48:11 -05:00
mkrasilnikov
2c7c956be9
Disable swap in vagrant vms
2017-10-27 19:57:54 +03:00
Matthew Mosesohn
fe81bba08d
Force kubelet certificates to be generated as lowercase ( #1886 )
...
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
2017-10-27 15:58:25 +01:00
Matthew Mosesohn
564de07963
fix indentation for network policy option
2017-10-27 14:56:22 +01:00
Aivars Sterns
84cf6fbe83
change ssh_args/bastion configuration ( #1883 )
2017-10-27 12:18:39 +01:00
abelgana
d9160f19c0
Sysctl reload if needed after IP forward enabling
...
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
tags:
- bootstrap-os
2017-10-26 13:06:21 -04:00
Brad Beam
ba0a03a8ba
Merge pull request #1880 from mattymo/node_auth_fixes2
...
Move cluster roles and system namespace to new role
2017-10-26 10:02:24 -05:00
Matthew Mosesohn
b0f04d925a
Update network policy setting for Kubernetes 1.8 ( #1879 )
...
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
2017-10-26 15:35:26 +01:00
Matthew Mosesohn
ec53b8b66a
Move cluster roles and system namespace to new role
...
This should be done after kubeconfig is set for admin and
before network plugins are up.
2017-10-26 14:36:05 +01:00
ArchiFleKs
6e949bf951
update flannel
2017-10-26 11:18:06 +02:00
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
2017-10-25 21:19:40 +01:00
Matthew Mosesohn
7123956ecd
update checksum for kubeadm ( #1869 )
2017-10-25 21:15:16 +01:00
Spencer Smith
46cf6b77cf
Merge pull request #1857 from pmontanari/patch-1
...
Use same kubedns_version: 1.14.5 in downloads and kubernetes-apps/ansible roles
2017-10-25 10:05:43 -04:00
Matthew Mosesohn
a52bc44f5a
Fix broken CI jobs ( #1854 )
...
* Fix broken CI jobs
Adjust image and image_family scenarios for debian.
Checkout CI file for upgrades
* add debugging to file download
* Fix download for alternate playbooks
* Update ansible ssh args to force ssh user
* Update sync_container.yml
2017-10-25 11:45:54 +01:00
Matthew Mosesohn
acb63a57fa
Only limit etcd memory on small hosts ( #1860 )
...
Also disable oom killer on etcd
2017-10-25 10:25:15 +01:00
Flavio Percoco Premoli
5b08277ce4
Access dict item's value keys using .value ( #1865 )
2017-10-24 20:49:36 +01:00
Chiang Fong Lee
5dc56df64e
Fix ordering of kube-apiserver admission control plug-ins ( #1841 )
2017-10-24 17:28:07 +01:00
Matthew Mosesohn
33c4d64b62
Make ClusterRoleBinding to admit all nodes with right cert ( #1861 )
...
This is to work around #1856 which can occur when kubelet
hostname and resolvable hostname (or cloud instance name)
do not match.
2017-10-24 17:05:58 +01:00
Matthew Mosesohn
25de6825df
Update Kubernetes to v1.8.1 ( #1858 )
2017-10-24 17:05:45 +01:00
Peter Lee
0b60201a1e
fix etcd health check bug ( #1480 )
2017-10-24 16:10:56 +01:00
Haiwei Liu
cfea99c4ee
Fix scale.yml to supoort kubeadm ( #1863 )
...
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-10-24 16:08:48 +01:00
Matthew Mosesohn
cea41a544e
Use include instead of import tasks to support v2.3 ( #1855 )
...
Eventually 2.3 support will be dropped, so this is
a temporary change.
2017-10-23 13:56:03 +01:00
pmontanari
8371a060a0
Update main.yml
...
Match kubedns_version with roles/download/defaults/main.yml:kubedns_version: 1.14.5
2017-10-22 23:48:51 +02:00
Matthew Mosesohn
7ed140cea7
Update refs to kubernetes version to v1.8.0 ( #1845 )
2017-10-20 08:29:28 +01:00
Matthew Mosesohn
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
2017-10-20 08:25:57 +01:00
Matthew Mosesohn
514359e556
Improve etcd scale up ( #1846 )
...
Now adding unjoined members to existing etcd cluster
occurs one at a time so that the cluster does not
lose quorum.
2017-10-20 08:02:31 +01:00
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
...
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
2017-10-19 09:17:11 +01:00
Jan Jungnickel
49dff97d9c
Relabel controler-manager to kube-controller-manager ( #1830 )
...
Fixes #1129
2017-10-18 17:29:18 +01:00
Matthew Mosesohn
4efb0b78fa
Move CI vars out of gitlab and into var files ( #1808 )
2017-10-18 17:28:54 +01:00
Hassan Zamani
c9fe8fde59
Use fail-swap-on flag only for kube_version >= 1.8 ( #1829 )
2017-10-18 16:32:38 +01:00
Matthew Mosesohn
16462292e1
Properly skip extra SANs when not specified for kubeadm ( #1831 )
2017-10-18 12:04:13 +01:00
pmontanari
20d80311f0
Update main.yml ( #1822 )
...
* Update main.yml
Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).
* Update main.yml
Removing trailing spaces
2017-10-18 11:42:00 +01:00
Hassan Zamani
3acc42c5b3
Use etcd_access_addresses for vault_etcd_url
2017-10-17 19:27:36 +03:30
Tennis Smith
54320c5b09
set to 3 digit version number ( #1817 )
2017-10-17 11:14:29 +01:00
Seungkyu Ahn
291b71ea3b
Changing default value string to boolean. ( #1669 )
...
When downloading containers or files, use boolean
as a default value.
2017-10-17 11:14:12 +01:00
Rémi de Passmoilesel
356515222a
Add possibility to insert more ip adresses in certificates ( #1678 )
...
* Add possibility to insert more ip adresses in certificates
* Add newline at end of files
* Move supp ip parameters to k8s-cluster group file
* Add supplementary addresses in kubeadm master role
* Improve openssl indexes
2017-10-17 11:06:07 +01:00
Aivars Sterns
688e589e0c
fix #1788 lock dashboard version to 1.6.3 version while 1.7.x is not working ( #1805 )
2017-10-17 11:04:55 +01:00
刘旭
6c98201aa4
remove kube-dns versions and images in kubernetes-apps/ansible/defaults/main.yaml ( #1807 )
2017-10-17 11:03:53 +01:00
Matthew Mosesohn
d4b10eb9f5
Fix path for calico get node names ( #1816 )
2017-10-17 10:54:48 +01:00
Jiří Stránský
728d56e74d
Only write bastion ssh config when needed ( #1810 )
...
This will allow running Kubespray when the user who runs it doesn't
have write permissions to the Kubespray dir, at least when not using
bastion.
2017-10-17 10:28:45 +01:00
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
...
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
2017-10-16 14:09:24 +01:00
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
...
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
2017-10-16 08:22:54 +01:00
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
...
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
2017-10-16 08:03:33 +01:00
Kevin Lefevre
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
...
Portmap allow to use hostPort with CNI plugins. Should fix #1675
2017-10-16 07:11:38 +01:00
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
2017-10-16 07:06:06 +01:00
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
...
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
...
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
2017-10-15 20:22:17 +01:00
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
...
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
2017-10-15 10:33:22 +01:00
Matthew Mosesohn
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
...
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
2017-10-14 11:28:46 +01:00
abelgana
2972bceb90
Changre raw execution to use yum module ( #1785 )
...
* Changre raw execution to use yum module
Changed raw exection to use yum module provided by Ansible.
* Replace ansible_ssh_* by ansible_*
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.
I am not sure about the broader impact of this change. But I have seen on the requirements the version required is ansible>=2.4.0.
http://docs.ansible.com/ansible/latest/intro_inventory.html
2017-10-14 09:52:40 +01:00
刘旭
cb0a60a0fe
calico v2.5.0 should use calico/routereflector:v0.4.0 ( #1792 )
2017-10-14 09:51:48 +01:00
Matthew Mosesohn
3ee91e15ff
Use commas in no_proxy ( #1782 )
2017-10-13 15:43:10 +01:00
Matthew Mosesohn
ef47a73382
Add new addon Istio ( #1744 )
...
* add istio addon
* add addons to a ci job
2017-10-13 15:42:54 +01:00
Matthew Mosesohn
dc515e5ac5
Remove kernel-upgrade role ( #1798 )
...
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
2017-10-13 15:36:21 +01:00
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
2017-10-13 10:50:29 +01:00
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
...
This reverts commit 4209f1cbfd
.
2017-10-12 14:02:51 +01:00
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
...
* Security fixes for etcd
* Use certs when querying etcd
2017-10-12 13:32:54 +01:00
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
...
* Clear admin kubeconfig when rotating certs
* Update main.yml
2017-10-12 09:55:46 +01:00
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
...
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
2017-10-11 20:40:21 +01:00
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
2017-10-11 19:49:31 +01:00
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
2017-10-11 19:47:42 +01:00
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
...
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
2017-10-11 19:47:27 +01:00
Matthew Mosesohn
83be0735cd
Fix setting etcd client cert serial ( #1775 )
2017-10-11 19:47:11 +01:00
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
...
Fixes #1741
2017-10-11 15:28:42 +01:00
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
...
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
2017-10-11 14:55:51 +01:00
Spencer Smith
e5426f74a8
Merge pull request #1762 from manics/bindir-helm
...
Include bin_dir when patching helm tiller with kubectl
2017-10-10 10:40:47 -04:00
Spencer Smith
f5212d3b79
Merge pull request #1752 from pmontanari/patch-1
...
Force synchronize to use ssh_args so it works when using bastion
2017-10-10 10:40:01 -04:00
Spencer Smith
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
...
Fix bool check assert
2017-10-10 10:38:53 -04:00
Spencer Smith
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
...
add hosts to rkt kubelet
2017-10-10 10:37:36 -04:00
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
2017-10-09 16:41:51 +02:00
Simon Li
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
2017-10-09 15:17:52 +01:00
ant31
1be4c1935a
Fix bool check assert
2017-10-06 17:02:38 +00:00
pmontanari
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
...
In case ssh.config is set to use bastion, synchronize needs to use it too.
2017-10-06 00:21:54 +02:00
Spencer Smith
d13b07ba59
Merge pull request #1751 from bradbeam/calicoprometheus
...
Adding calico/node env vars for prometheus configuration
2017-10-05 17:29:12 -04:00
Brad Beam
55dfae2a52
Followup fix for CVE-2017-14491
2017-10-05 11:31:04 -05:00
Brad Beam
b81c0d869c
Adding calico/node env vars for prometheus configuration
2017-10-05 08:46:01 -05:00
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
...
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
2017-10-05 08:43:04 +01:00
Spencer Smith
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
...
Move set_facts to kubespray-defaults defaults
2017-10-04 15:46:39 -04:00
Spencer Smith
ab171a1d6d
don't delegate cert slurp
2017-10-04 13:06:51 -04:00
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
...
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
2017-10-03 08:30:45 +01:00
Brad Beam
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
2017-10-03 08:30:28 +01:00
Brad Beam
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
2017-10-03 08:30:14 +01:00
Matthew Mosesohn
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
...
* Test if tokens are expired from host instead of inside container
* Update main.yml
2017-10-02 13:14:50 +01:00
Julian Poschmann
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
2017-10-01 10:43:00 +01:00
Brad Beam
1b9a6d7ad8
Merge pull request #1672 from manics/bastion-proxycommand-newline
...
Insert a newline in bastion ssh config after ProxyCommand conditional
2017-09-29 11:37:47 -05:00
Peter Slijkhuis
371fa51e82
Make installation of EPEL optional ( #1721 )
2017-09-29 13:44:29 +01:00
Matthew Mosesohn
a55675acf8
Enable RBAC with kubeadm always ( #1711 )
2017-09-29 09:18:24 +01:00
Matthew Mosesohn
25dd3d476a
Fix error for azure+calico assert ( #1717 )
...
Fixes #1716
2017-09-29 08:17:18 +01:00
Matthew Mosesohn
3ff5f40bdb
fix graceful upgrade ( #1704 )
...
Fix system namespace creation
Only rotate tokens when necessary
2017-09-27 14:49:20 +01:00
Matthew Mosesohn
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
2017-09-27 14:48:18 +01:00
Matthew Mosesohn
327ed157ef
Verify valid settings before deploy ( #1705 )
...
Also fix yaml lint issues
Fixes #1703
2017-09-27 14:47:47 +01:00
tanshanshan
477afa8711
when and run_once are reduplicative ( #1694 )
2017-09-26 14:48:05 +01:00
Matthew Mosesohn
bd272e0b3c
Upgrade to kubeadm ( #1667 )
...
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 10:38:58 +01:00
Brad Beam
14c232e3c4
Merge pull request #1663 from foxyriver/fix-shell
...
use command module instead of shell module
2017-09-25 13:24:45 -05:00
Brad Beam
57f5fb1f4f
Merge pull request #1661 from neith00/master
...
upgrading from weave version 2.0.1 to 2.0.4
2017-09-25 13:23:57 -05:00
Bogdan Dobrelya
bcddfb786d
Merge pull request #1692 from mattymo/old-etcd-logic
...
drop unused etcd logic
2017-09-25 17:44:33 +02:00
Martin Uddén
20db1738fa
feature: install project atomic CSS on RedHat family ( #1499 )
...
* feature: install project atomic CSS on RedHat family
* missing patch for this feature
* sub-role refactor
* Yamllint fix
2017-09-25 12:29:17 +01:00
Hassan Zamani
b23d81f825
Add etcd_blkio_weight var ( #1690 )
2017-09-25 12:20:24 +01:00
Matthew Mosesohn
a1cde03b20
Correct master manifest cleanup logic ( #1693 )
...
Fixes #1666
2017-09-25 12:19:04 +01:00
Bogdan Dobrelya
cfce23950a
Merge pull request #1687 from jistr/cgroup-driver-kubeadm
...
Set correct kubelet cgroup-driver also for kubeadm deployments
2017-09-25 11:16:40 +02:00
Deni Bertovic
64740249ab
Adds tags for asserts ( #1639 )
2017-09-25 08:41:03 +01:00
Matthew Mosesohn
126f42de06
drop unused etcd logic
...
Fixes #1660
2017-09-25 07:52:55 +01:00
Matthew Mosesohn
d94e3a81eb
Use api lookup for kubelet hostname when using cloudprovider ( #1686 )
...
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
2017-09-24 09:22:15 +01:00
Jiri Stransky
70d0235770
Set correct kubelet cgroup-driver also for kubeadm deployments
...
This follows pull request #1677 , adding the cgroup-driver
autodetection also for kubeadm way of deploying.
Info about this and the possibility to override is added to the docs.
2017-09-22 13:19:04 +02:00
foxyriver
30b5493fd6
use command module instead of shell module
2017-09-22 15:47:03 +08:00
Jiri Stransky
dbbe9419e5
Allow setting cgroup driver for kubelet
...
Red Hat family platforms run docker daemon with `--exec-opt
native.cgroupdriver=systemd`. When kubespray tried to start kubelet
service, it failed with:
Error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
Setting kubelet's cgroup driver to the correct value for the platform
fixes this issue. The code utilizes autodetection of docker's cgroup
driver, as different RPMs for the same distro may vary in that regard.
2017-09-21 11:58:11 +02:00
Matthew Mosesohn
188bae142b
Fix wait for hosts in CI ( #1679 )
...
Also fix usage of failed_when and handling exit code.
2017-09-20 14:30:09 +01:00
Simon Li
7c2b12ebd7
Insert a newline in bastion after ProxyCommand conditional
2017-09-18 16:29:12 +01:00
Matthew Mosesohn
ef8e35e39b
Create admin credential kubeconfig ( #1647 )
...
New files: /etc/kubernetes/admin.conf
/root/.kube/config
$GITDIR/artifacts/{kubectl,admin.conf}
Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
2017-09-18 13:30:57 +01:00
Brad Beam
aaa27d0a34
Adding quotes around parameters in cloud_config ( #1664 )
...
This is to help support escapes and special characters
2017-09-16 08:43:47 +01:00
Kevin Lefevre
9302ce0036
Enhanced OpenStack cloud provider ( #1627 )
...
- Enable Cinder API version for block storage
- Enable floating IP for LBaaS
2017-09-16 08:43:24 +01:00
Matthew Mosesohn
8e731337ba
Enable HA deploy of kubeadm ( #1658 )
...
* Enable HA deploy of kubeadm
* raise delay to 60s for starting gce hosts
2017-09-15 22:28:15 +01:00
Matthew Mosesohn
b294db5aed
fix apply for netchecker upgrade ( #1659 )
...
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
2017-09-15 13:19:37 +01:00
Brad Beam
f2ae16e71d
Merge pull request #1651 from bradbeam/vaultnocontent
...
Fixing condition where vault CA already exists
2017-09-14 17:04:15 -05:00
Brad Beam
ac281476c8
Prune unnecessary certs from vault setup ( #1652 )
...
* Cleaning up cert checks for vault
* Removing all unnecessary etcd certs from each node
* Removing all unnecessary kube certs from each node
2017-09-14 12:28:11 +01:00
neith00
1b1c8d31a9
upgrading from weave version 2.0.1 to 2.0.4
...
This upgrade has been testing offline on a 1.7.5 cluster
2017-09-14 10:29:28 +02:00
Brad Beam
4b587aaf99
Adding ability to specify altnames for vault cert ( #1640 )
2017-09-14 07:19:44 +01:00
Kyle Bai
016301508e
Update to Kubernetes v1.7.5 ( #1649 )
2017-09-14 07:18:03 +01:00
Matthew Mosesohn
6744726089
kubeadm support ( #1631 )
...
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
2017-09-13 19:00:51 +01:00
Brad Beam
0a89f88b89
Fixing condition where CA already exists
2017-09-13 03:40:46 +00:00
Brad Beam
69fac8ea58
Merge pull request #1634 from bradbeam/calico_cni
...
fix for calico cni plugin node name
2017-09-11 22:18:06 -05:00
Seungkyu Ahn
e8bde03a50
Setting kubectl bin directory ( #1635 )
2017-09-09 23:54:13 +03:00
Matthew Mosesohn
75b13caf0b
Fix kube-apiserver status checks when changing insecure bind addr ( #1633 )
2017-09-09 23:41:48 +03:00
Matthew Mosesohn
5d99fa0940
Purge old upgrade hooks and unused tasks ( #1641 )
2017-09-09 23:41:20 +03:00
Matthew Mosesohn
649388188b
Fix netchecker update side effect ( #1644 )
...
* Fix netchecker update side effect
kubectl apply should only be used on resources created
with kubectl apply. To workaround this, we should apply
the old manifest before upgrading it.
* Update 030_check-network.yml
2017-09-09 23:38:38 +03:00
Matthew Mosesohn
9fa1873a65
Add kube dashboard, enabled by default ( #1643 )
...
* Add kube dashboard, enabled by default
Also add rbac role for kube user
* Update main.yml
2017-09-09 23:38:03 +03:00
Matthew Mosesohn
f2057dd43d
Refactor downloads ( #1642 )
...
* Refactor downloads
Add prefixes to tasks (file vs container)
Remove some delegates
Clean up some conditions
* Update ansible.cfg
2017-09-09 23:32:12 +03:00
Brad Beam
eeffbbb43c
Updating calicocni.hostname to calicocni.nodename
2017-09-08 12:47:40 +00:00
Brad Beam
aaa0105f75
Flexing calicocni.hostname based on cloud provider
2017-09-08 12:47:40 +00:00
Matthew Mosesohn
079d317ade
Default is_atomic to false ( #1637 )
2017-09-08 15:00:57 +03:00
Maxim Krasilnikov
e16b57aa05
Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster ( #1632 )
2017-09-07 23:30:16 +03:00
Matthew Mosesohn
7117614ee5
Use a generated password for kube user ( #1624 )
...
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Chad Swenson
e26aec96b0
Consolidate kube-proxy module and sysctl loading ( #1586 )
...
This sets br_netfilter and net.bridge.bridge-nf-call-iptables sysctl from a single play before kube-proxy is first ran instead of from the flannel and weave network_plugin roles after kube-proxy is started
2017-09-06 15:11:51 +03:00
Sam Powers
c60d104056
Update checksums (etcd calico calico-cni weave) to fix uploads.yml ( #1584 )
...
the uploads.yml playbook was broken with checksum mismatch errors in
various kubespray commits, for example, 3bfad5ca73
which updated the version from 3.0.6 to 3.0.17 without updating the
corresponding checksums.
2017-09-06 15:11:13 +03:00
Oliver Moser
e6ff8c92a0
Using 'hostnamectl' to set unconfigured hostname on CoreOS ( #1600 )
2017-09-06 15:10:52 +03:00
Chad Swenson
cbaa2b5773
Retry Remove all Docker containers in reset ( #1623 )
...
Due to various occasional docker bugs, removing a container will sometimes fail. This can often be mitigated by trying again.
2017-09-06 14:23:16 +03:00
Matthieu
0453ed8235
Fix an error with Canal when RBAC are disabled ( #1619 )
...
* Fix an error with Canal when RBAC are disabled
* Update using same rbac strategy used elsewhere
2017-09-06 11:32:32 +03:00
Brad Beam
a341adb7f3
Updating CN for node certs generated by vault ( #1622 )
...
This allows the node authorization plugin to function correctly
2017-09-06 10:55:08 +03:00
mkrasilnikov
957b7115fe
Remove node name from kube-proxy and admin certificates
2017-09-05 14:40:26 +03:00
mkrasilnikov
b930b0ef5a
Place vault role credentials only to vault group hosts
2017-09-05 11:16:18 +03:00
mkrasilnikov
ad313c9d49
typo fix
2017-09-05 09:07:36 +03:00
mkrasilnikov
e1384f6618
Using issue cert result var instead hostvars
2017-09-05 09:07:36 +03:00
mkrasilnikov
3acb86805b
Rename vault_address to vault_bind_address
2017-09-05 09:07:35 +03:00
mkrasilnikov
bf0af1cd3d
Vault role updates:
...
* using separated vault roles for generate certs with different `O` (Organization) subject field;
* configure vault roles for issuing certificates with different `CN` (Common name) subject field;
* set `CN` and `O` to `kubernetes` and `etcd` certificates;
* vault/defaults vars definition was simplified;
* vault dirs variables defined in kubernetes-defaults foles for using
shared tasks in etcd and kubernetes/secrets roles;
* upgrade vault to 0.8.1;
* generate random vault user password for each role by default;
* fix `serial` file name for vault certs;
* move vault auth request to issue_cert tasks;
* enable `RBAC` in vault CI;
2017-09-05 09:07:35 +03:00
ArthurMa
c77d11f1c7
Bugfix ( #1616 )
...
lost executable path
2017-09-05 08:35:14 +03:00
Matthew Mosesohn
d279d145d5
Fix non-rbac deployment of resources as a list ( #1613 )
...
* Use kubectl apply instead of create/replace
Disable checks for existing resources to speed up execution.
* Fix non-rbac deployment of resources as a list
* Fix autoscaler tolerations field
* set all kube resources to state=latest
* Update netchecker and weave
2017-09-05 08:23:12 +03:00
Matthew Mosesohn
fc7905653e
Add socat for CoreOS when using host deploy kubelet ( #1575 )
2017-09-04 11:30:18 +03:00
Matthew Mosesohn
660282e82f
Make daemonsets upgradeable ( #1606 )
...
Canal will be covered by a separate PR
2017-09-04 11:30:01 +03:00
Matthew Mosesohn
77602dbb93
Move calico to daemonset ( #1605 )
...
* Drop legacy calico logic
* add calico as a daemonset
2017-09-04 11:29:51 +03:00
Matthew Mosesohn
a3e6896a43
Add RBAC support for canal ( #1604 )
...
Refactored how rbac_enabled is set
Added RBAC to ubuntu-canal-ha CI job
Added rbac for calico policy controller
2017-09-04 11:29:40 +03:00
Dann
702ce446df
Apply ClusterRoleBinding to dnsmaq when rbac_enabled ( #1592 )
...
* Add RBAC policies to dnsmasq
* fix merge conflict
* yamllint
* use .j2 extension for dnsmasq autoscaler
2017-09-03 10:53:45 +03:00
Brad Beam
8ae77e955e
Adding in certificate serial numbers to manifests ( #1392 )
2017-09-01 09:02:23 +03:00
sgmitchell
783924e671
Change backup handler to only run v2 data backup if snap directory exists ( #1594 )
2017-08-31 18:23:24 +03:00
Julian Poschmann
93304e5f58
Fix calico leaving service behind. ( #1599 )
2017-08-31 12:00:05 +03:00
Brad Beam
917373ee55
Merge pull request #1595 from bradbeam/cacerts
...
Fixing CA certificate locations for k8s components
2017-08-30 21:31:19 -05:00
Brad Beam
7a98ad50b4
Fixing CA certificate locations for k8s components
2017-08-30 15:30:40 -05:00
Brad Beam
982058cc19
Merge pull request #1514 from vijaykatam/docker_systemd
...
Configurable docker yum repos, systemd fix
2017-08-30 11:50:23 -05:00
Oliver Moser
576beaa6a6
Include /opt/bin in PATH for host deployed kubelet on CoreOS ( #1591 )
...
* Include /opt/bin in PATH for host deployed kubelet on CoreOS
* Removing conditional check for CoreOS
2017-08-30 16:50:33 +03:00
Maxim Krasilnikov
6eb22c5db2
Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s ( #1552 )
...
* Added update CA trust step for etcd and kube/secrets roles
* Added load_balancer_domain_name to certificate alt names if defined. Reset CA's in RedHat os.
* Rename kube-cluster-ca.crt to vault-ca.crt, we need separated CA`s for vault, etcd and kube.
* Vault role refactoring, remove optional cert vault auth because not not used and worked. Create separate CA`s fro vault and etcd.
* Fixed different certificates set for vault cert_managment
* Update doc/vault.md
* Fixed condition create vault CA, wrong group
* Fixed missing etcd_cert_path mount for rkt deployment type. Distribute vault roles for all vault hosts
* Removed wrong when condition in create etcd role vault tasks.
2017-08-30 16:03:22 +03:00
Brad Beam
72a0d78b3c
Merge pull request #1585 from mattymo/canal_upgrade
...
Fix upgrade for canal and apiserver cert
2017-08-29 18:45:21 -05:00
Matthew Mosesohn
13d08af054
Fix upgrade for canal and apiserver cert
...
Fixes #1573
2017-08-29 22:08:30 +01:00
Eric Hoffmann
6c30a7b2eb
update calico version
...
update calico releases link
2017-08-28 16:23:51 -07:00
Matthew Mosesohn
76b72338da
Add CNI config for rkt kubelet ( #1579 )
2017-08-28 21:11:01 +03:00
Chad Swenson
a39e78d42d
Initial version of Flannel using CNI ( #1486 )
...
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
2017-08-25 10:07:50 +03:00
Brad Beam
4550dccb84
Fixing reference to vault leader url ( #1569 )
2017-08-24 23:21:39 +03:00
Hassan Zamani
01ce09f343
Add feature_gates var for customizing Kubernetes feature gates ( #1520 )
2017-08-24 23:18:38 +03:00
Brad Beam
71dca67ca2
Merge pull request #1508 from tmjd/update-calico-2-4-0
...
Update Calico to 2.4.1 release.
2017-08-24 14:57:29 -05:00
Yuki KIRII
a98b866a66
Verify if br_netfilter module exists ( #1492 )
2017-08-24 17:47:32 +03:00
Xavier Mehrenberger
3aabba7535
Remove discontinued option --reconcile-cidr if kube_network_plugin=="cloud" ( #1568 )
2017-08-24 17:01:30 +03:00
Mohamed Mehany
c22cfa255b
Added private key file to ssh bastion conf ( #1563 )
...
* Added private key file to ssh bastion conf
* Used regular if condition insted of inline conditional
2017-08-24 17:00:45 +03:00
Matthew Mosesohn
6bb3463e7c
Enable scheduling of critical pods and network plugins on master
...
Added toleration to DNS, netchecker, fluentd, canal, and
calico policy.
Also small fixes to make yamllint pass.
2017-08-24 10:41:17 +01:00
Brad Beam
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
...
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
2017-08-24 12:09:52 +03:00
Ian Lewis
ecb6dc3679
Register standalone master w/ taints ( #1426 )
...
If Kubernetes > 1.6 register standalone master nodes w/ a
node-role.kubernetes.io/master=:NoSchedule taint to allow
for more flexible scheduling rather than just marking unschedulable.
2017-08-23 16:44:11 +03:00
riverzhang
49a223a17d
Update elrepo-release rpm version ( #1554 )
2017-08-23 09:54:51 +03:00
Brad Beam
e5cfdc648c
Adding ability to override max ttl ( #1559 )
...
Prior this would fail because we didnt set max ttl for vault temp
2017-08-23 09:54:01 +03:00
Erik Stidham
9f9f70aade
Update Calico to 2.4.1 release.
...
- Switched Calico images to be pulled from quay.io
- Updated Canal too
2017-08-21 09:33:12 -05:00
Matthew Mosesohn
ca3050ec3d
Update to Kubernetes v1.7.3 ( #1549 )
...
Change kubelet deploy mode to host
Enable cri and qos per cgroup for kubelet
Update CoreOS images
Add upgrade hook for switching from kubelet deployment from docker to host.
Bump machine type for ubuntu-rkt-sep
2017-08-21 10:53:49 +03:00
Vijay Katam
97031f9133
Make epel-release install configurable ( #1497 )
2017-08-20 14:03:10 +03:00
Vijay Katam
c92506e2e7
Add calico variable that enables ignoring Kernel's RPF Setting ( #1493 )
2017-08-20 14:01:09 +03:00
Kevin Lefevre
65a9772adf
Add OpenStack LBaaS support ( #1506 )
2017-08-20 13:59:15 +03:00
Anton
1e07ee6cc4
etcd_compaction_retention every 8 hour ( #1527 )
2017-08-20 13:55:48 +03:00
Miad Abrin
3c710219a1
Fix Some Typos in kubernetes master role ( #1547 )
...
* Fix Typo etc3 -> etcd3
* Fix typo in post-upgrade of master. stop -> start
2017-08-20 13:54:28 +03:00
Maxim Krasilnikov
2ba285a544
Fixed deploy cluster with vault cert manager ( #1548 )
...
* Added custom ips to etcd vault distributed certificates
* Added custom ips to kube-master vault distributed certificates
* Added comment about issue_cert_copy_ca var in vault/issue_cert role file
* Generate kube-proxy, controller-manager and scheduler certificates by vault
* Revert "Disable vault from CI (#1546 )"
This reverts commit 781f31d2b8
.
* Fixed upgrade cluster with vault cert manager
* Remove vault dir in reset playbook
2017-08-20 13:53:58 +03:00
Antoine Legrand
72ae7638bc
Merge pull request #1446 from matlockx/master
...
add possibility to ignore the hostname override
2017-08-18 17:03:40 +02:00
Xavier Lange
3bfad5ca73
Bump etcd to 3.2.4 ( #1468 )
2017-08-18 17:12:33 +03:00
Matthew Mosesohn
df28db0066
Fix cert and netchecker upgrade issues ( #1543 )
...
* Bump tag for upgrade CI, fix netchecker upgrade
netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.
CI now uses v2.1.1 as a basis for upgrade.
* Fix upgrades for certs from non-rbac to rbac
2017-08-18 15:46:22 +03:00
Jan Jungnickel
20183f3860
Bump Calico CNI Plugin to 1.8.0 ( #1458 )
...
This aligns calico component versions with Calico release 2.1.5 and
fixes an issue with nodes being unable to schedule existing workloads
as per [#349 ](https://github.com/projectcalico/cni-plugin/issues/349 )
2017-08-18 15:40:14 +03:00
Matthew Mosesohn
2645e88b0c
Fix vault setup partially ( #1531 )
...
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00
Vijay Katam
55ba81fee5
Add changed_when: false to rpm query
2017-08-14 12:31:44 -07:00
Brad Beam
af007c7189
Fixing netchecker-server type - pod => deployment ( #1509 )
2017-08-14 18:43:56 +03:00
Seungkyu Ahn
b22bef5cfb
Apply RBAC to efk and create fluentd.conf
...
Making fluentd.conf as configmap to change configuration.
Change elasticsearch rc to deployment.
Having installed previous elastaicsearch as rc, first should delete that.
2017-08-11 05:31:50 +00:00
Vijay Katam
7ad5523113
restrict rpm query to redhat
2017-08-10 13:49:14 -07:00
Brad Beam
1155008719
Merge pull request #1481 from magnon-bliex/fluentd-template-fix-typo
...
fixed typo in fluentd-ds.yml.j2
2017-08-10 08:19:59 -05:00
Vijay Katam
5efda3eda9
Configurable docker yum repos, systemd fix
...
* Make yum repos used for installing docker rpms configurable
* TasksMax is only supported in systemd version >= 226
* Change to systemd file should restart docker
2017-08-09 15:49:53 -07:00
Brad Beam
383d582b47
Merge pull request #1382 from jwfang/rbac
...
basic rbac support
2017-08-07 08:01:51 -05:00
Spencer Smith
6eacedc443
Merge pull request #1483 from delfer/patch-3
...
Update flannel from 0.6.2 to 0.8.0
2017-08-01 13:57:43 -04:00
Spencer Smith
e55f8a61cd
Merge pull request #1482 from bradbeam/fix1393
...
Removing run_once in these tasks so that etcd ca certs get propogated…
2017-07-31 13:47:18 -04:00
Spencer Smith
cb6892d2ed
Merge pull request #1469 from hzamani/etcd_metrics
...
Add etcd metrics flag
2017-07-31 09:04:07 -04:00
Spencer Smith
43eda8d878
Merge pull request #1471 from whereismyjetpack/fix_1447
...
add newline after expanding user information
2017-07-31 09:03:04 -04:00
nico
cc9f3ea938
Fix enforce-node-allocatable option
...
Closes #1228
pods is default enforcement
see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add
update
2017-07-31 10:06:53 +02:00
Alexander Chumakov
8bc717a55c
Update flannel from 0.6.2 to 0.8.0
2017-07-29 10:54:31 +03:00
Brad Beam
d09222c900
Removing run_once in these tasks so that etcd ca certs get propogated properly to worker nodes
...
without this etcd ca certs dont exist on worker nodes causing calico to fail
2017-07-28 14:34:47 -05:00
magnon-bliex
38eb1d548a
fixed typo
2017-07-28 14:10:13 +09:00
Anton
e0960f6288
FIX: Unneded (extra) cycles in some tasks ( #1393 )
2017-07-27 20:46:21 +03:00
timtoum
3e457e4edf
Enable weave seed mode for kubespray ( #1414 )
...
* Enable weave seed mode for kubespray
* fix task Weave seed | Set peers if existing peers
* fix mac address variabilisation
* fix default values
* fix include seed condition
* change weave var to default values
* fix Set peers if existing peers
2017-07-26 19:09:34 +03:00
Dann Bohn
c4894d6092
add newline after expanding user information
2017-07-25 12:59:10 -04:00
Hassan Zamani
3fb0383df4
Add etcd metrics flag
2017-07-25 20:00:30 +04:30
Spencer Smith
ee36763f9d
Merge pull request #1464 from johnko/patch-4
...
set loadbalancer_apiserver_localhost default true
2017-07-25 10:00:56 -04:00
Spencer Smith
955c5549ae
Merge pull request #1402 from Lendico/fix_failed_when
...
"failed_when: false" and "|succeeded" checks for registered vars
2017-07-25 09:33:43 -04:00
Spencer Smith
4a34514b21
Merge pull request #1447 from whereismyjetpack/template_known_users
...
Template out known_users.csv, optionally add groups
2017-07-25 08:55:08 -04:00
Brad Beam
20f29327e9
Merge pull request #1379 from gdmello/etcd_data_dir_fix
...
Custom `etcd_data_dir` saves etcd data to host, not container
2017-07-20 09:30:18 -05:00
John Ko
018b5039e7
set loadbalancer_apiserver_localhost default true
...
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs
related to #1456
@rsmitty
2017-07-20 10:27:05 -04:00
Spencer Smith
b5d3d4741f
Merge pull request #1454 from Abdelsalam-Abbas/higher_drain_timeout
...
higher the timeouts for draining nodes while upgrading kubernetes version
2017-07-19 10:39:33 -04:00
Spencer Smith
85c747d444
Merge pull request #1441 from bradbeam/1434
...
Adding recursive=true for rkt kubelet dir
2017-07-19 10:38:06 -04:00
Spencer Smith
927e6d89d7
Merge pull request #1435 from delfer/master
...
Kubernetes upgrade to 1.6.7
2017-07-19 05:23:38 -07:00
jwfang
3d87f23bf5
uncomment unintended local changes
2017-07-19 12:11:47 +08:00
jwfang
789910d8eb
remote unused netchecker-agent-hostnet-ds.j2
2017-07-17 19:29:59 +08:00
jwfang
a8e6a0763d
run netchecker-server with list pods
2017-07-17 19:29:59 +08:00
jwfang
e1386ba604
only patch system:kube-dns role for old dns
2017-07-17 19:29:59 +08:00
jwfang
83deecb9e9
Revert "no need to patch system:kube-dns"
...
This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-17 19:29:59 +08:00
jwfang
d8dcb8f6e0
no need to patch system:kube-dns
2017-07-17 19:29:59 +08:00
jwfang
552b2f0635
change authorization_modes default value
2017-07-17 19:29:59 +08:00
jwfang
0b3badf3d8
revert calico-related changes
2017-07-17 19:29:59 +08:00
jwfang
cea3e224aa
change authorization_modes default value
2017-07-17 19:29:59 +08:00
jwfang
1eaf0e1c63
rename task
2017-07-17 19:29:59 +08:00
jwfang
2cda982345
binding group system:nodes to clusterrole calico-role
2017-07-17 19:29:59 +08:00
jwfang
c9734b6d7b
run calico-policy-controller with proper sa/role/rolebinding
2017-07-17 19:29:59 +08:00
jwfang
fd01377f12
remove more bins when reset
2017-07-17 19:29:59 +08:00
jwfang
092bf07cbf
basic rbac support
2017-07-17 19:29:59 +08:00
Ubuntu
5145a8e8be
higher draining timeouts
2017-07-16 20:52:13 +00:00
Dann Bohn
d1f58fed4c
Template out known_users.csv, optionally add groups
2017-07-14 09:27:20 -04:00
Martin Joehren
12e918bd31
add possibility to ignore the hostname override
2017-07-13 14:04:39 +00:00
Brad Beam
637f445c3f
Merge pull request #1365 from AtzeDeVries/master
...
Give more control over IPIP, but with same default behaviour
2017-07-12 10:17:17 -05:00
Brad Beam
e0bf8b2aab
Adding recursive=true for rkt kubelet dir
...
Fixes #1434
2017-07-12 09:28:54 -05:00
Spencer Smith
c75b21a510
Merge pull request #1408 from amitkumarj441/patch-1
...
Remove deprecated 'enable-cri' flag in kubernetes 1.7
2017-07-11 08:56:14 -04:00
Delfer
9f45eba6f6
Kubernetes upgrade to 1.6.7
2017-07-11 09:11:55 +00:00
AtzeDeVries
e160018826
Fixed conflicts, ipip:true as defualt and added ipip_mode
2017-07-08 14:36:44 +02:00
Spencer Smith
d1a02bd3e9
match kubespray-defaults dns mode with k8s-cluster setting
2017-07-07 13:13:12 -04:00
Brad Beam
992023288f
Merge pull request #1319 from fieryvova/private-dns-server
...
Add private dns server for a specific zone
2017-07-06 15:02:54 -05:00
Spencer Smith
3ab90db6ee
Merge pull request #1411 from kevinjqiu/allow-calico-ipip-subnet-mode
...
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-06 14:04:03 -04:00
Vladimir Kozyrev
e26be9cb8a
add private dns server for a specific zone
2017-07-06 16:30:47 +03:00
Spencer Smith
bba555bb08
Merge pull request #1346 from Starefossen/patch-1
...
Set kubedns minimum replicas to 2
2017-07-06 09:14:11 -04:00
Spencer Smith
4b0af73dd2
Merge pull request #1332 from gstorme/kube_apiserver_insecure_port
...
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-07-06 09:06:50 -04:00
Spencer Smith
da72b8c385
Merge pull request #1391 from Abdelsalam-Abbas/master
...
Uncodron Masters which have scheduling Enabled
2017-07-06 09:06:02 -04:00
Spencer Smith
44079b7176
Merge pull request #1401 from Lendico/better_task_naming
...
Better naming for recurrent tasks
2017-07-06 09:01:07 -04:00
Kevin Jing Qiu
a742d10c54
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-04 19:05:16 -04:00
Hans Kristian Flaatten
38f5d1b18e
Set kubedns minimum replicas to 2
2017-07-04 16:58:16 +02:00
Abdelsalam Abbas
5f75d4c099
Uncodron Masters which have scheduling Enabled
2017-07-03 15:30:21 +02:00
Amit Kumar Jaiswal
319a0d65af
Update kubelet.j2
...
Updated with closing endif.
2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal
3d2680a102
Update kubelet.j2
...
Updated!
2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal
c36fb5919a
Update kubelet.j2
...
Updated!!
2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal
46d3f4369e
Updated K8s version
...
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
2017-07-03 04:06:42 +05:30
Martin Joehren
c2b3920b50
added flag for not populating inventory entries to etc hosts file
2017-06-30 16:41:03 +00:00
Spencer Smith
6e7323e3e8
Merge pull request #1398 from tanshanshan/fix-reset
...
clean files in reset roles
2017-06-30 07:59:44 -04:00
Spencer Smith
f085419055
Merge pull request #1388 from vgkowski/master
...
add six package to bootstrap role
2017-06-30 07:30:36 -04:00
Anton Nerozya
1fedbded62
ignore_errors instead of failed_when: false
2017-06-29 20:15:14 +02:00
Anton Nerozya
c8258171ca
Better naming for recurrent tasks
2017-06-29 19:50:09 +02:00
tanshanshan
007ee0da8e
fix reset
2017-06-29 14:45:15 +08:00
Brad Beam
5e1ac9ce87
Merge pull request #1354 from chadswen/kubedns-var-fix
...
kubedns consistency fixes
2017-06-27 22:26:46 -05:00
Brad Beam
a7cd08603e
Merge pull request #1384 from gdmello/etcd_backup_dir_fix
...
Make etcd_backup_prefix configurable.
2017-06-27 22:25:53 -05:00
Brad Beam
854cd1a517
Merge pull request #1380 from jwfang/max-dns
...
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-27 21:15:12 -05:00
Spencer Smith
23565ebe62
Merge pull request #1356 from rsmitty/rename
...
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Chad Swenson
8467bce2a6
Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars
2017-06-27 10:19:31 -05:00
gdmelloatpoints
649654207f
mount the etcd data directory in the container with the same path as on the host.
2017-06-27 09:29:47 -04:00
gdmelloatpoints
3123502f4c
move `etcd_backup_prefix` to new home.
2017-06-27 09:12:34 -04:00
vincent gromakowski
17d54cffbb
add six package to bootstrap role
2017-06-27 10:08:57 +02:00
Seungkyu Ahn
d5516a4ca9
Make kubedns up to date
...
Update kube-dns version to 1.14.2
https://github.com/kubernetes/kubernetes/pull/45684
2017-06-27 00:57:29 +00:00
gdmelloatpoints
4ba237c5d8
Make etcd_backup_prefix configurable. Ensures that backups can be stored on a different location other than ${HOST}/var/backups, say an EBS volume on AWS.
2017-06-26 09:42:30 -04:00
jwfang
ec2255764a
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-26 17:29:12 +08:00
Abdelsalam Abbas
1a8e92c922
Fixing cordoning condition that cause fail for upgrading the cluster
2017-06-23 20:41:47 +02:00
gdmelloatpoints
5c1891ec9f
In the etcd container, the etcd data directory is always /var/lib/etcd. Reverting to this value, since `etcd_data_dir` on the host maps to `/var/lib/etcd` in the container.
2017-06-23 13:49:31 -04:00
Spencer Smith
bae5ce0bfa
Merge branch 'master' into rename
2017-06-23 12:23:51 -04:00
AtzeDeVries
61b74f9a5b
updated to direct control over ipip
2017-06-23 09:16:05 +02:00
AtzeDeVries
7332679678
Give more control over IPIP, but with same default behaviour
2017-06-20 14:50:08 +02:00
Seungkyu Ahn
91dff61008
Fixed helm bash complete
2017-06-19 15:33:50 +09:00
Spencer Smith
8203383c03
rename almost all mentions of kargo
2017-06-16 13:25:46 -04:00
Gregory Storme
fff0aec720
add configurable parameter for etcd_auto_compaction_retention
2017-06-14 10:39:38 +02:00
Brad Beam
b73786c6d5
Merge pull request #1335 from bradbeam/imagerepo
...
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Gregory Storme
266ca9318d
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-06-12 09:20:59 +02:00
Brad Beam
db3e8edacd
Fixing up vault variables
2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
...
Fixes #1334
2017-06-08 12:22:16 -05:00
Brad Beam
780308c194
Merge pull request #1174 from jlothian/atomic-docker-restart
...
Fix docker restart in atomic
2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae
Merge pull request #1092 from bradbeam/rkt_docker
...
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
01c0ab4f06
check if cloud_provider is defined
2017-05-31 08:24:24 -04:00
Spencer Smith
7220b09ff9
Merge pull request #1315 from rsmitty/hostnames-upgrade
...
Resolve upgrade issues
2017-05-30 11:40:19 -04:00
Spencer Smith
56b86bbfca
inventory hostname for cordoning/uncordoning
2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76
add direct path for cert in AWS with RHEL family
2017-05-26 17:32:50 -04:00
Justin Hunthrop
af55e179c7
adding --skip-exists flag for peer_with_router
2017-05-25 14:29:18 -05:00
zoues
43408634bb
Merge branch 'master' into master
2017-05-23 09:32:28 +08:00
zouyee
d47fce6ce7
upgrade k8s version to 1.6.4
2017-05-23 09:30:03 +08:00
Matthew Mosesohn
9e64267867
Merge pull request #1293 from mattymo/kubelet_host_mode
...
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Josh Lothian
7ae5785447
Removed the other unused handler
...
With live-restore: true, we don't need a special docker restart
2017-05-19 09:50:10 -05:00
Josh Lothian
ef8d3f684f
Remove unused handler
...
Previous patch removed the step that sets live-restore
back to false, so don't try to notify that handler any more
2017-05-19 09:45:46 -05:00
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Spencer Smith
005b01bd9a
Merge pull request #1299 from bradbeam/kubelet
...
Minor kubelet updates
2017-05-18 12:52:43 -04:00
Josh Lothian
6f67367b57
Leave 'live-restore' false
...
Leave live-restore false to updates always pick
up new network configuration
2017-05-17 14:31:49 -05:00
Josh Lothian
9ee0600a7f
Update handler names and explanation
2017-05-17 14:31:49 -05:00
Josh Lothian
30cc7c847e
Reconfigure docker restart behavior on atomic
...
Before restarting docker, instruct it to kill running
containers when it restarts.
Needs a second docker restart after we restore the original
behavior, otherwise the next time docker is restarted by
an operator, it will unexpectedly bring down all running
containers.
2017-05-17 14:31:49 -05:00
Josh Lothian
a5bb24b886
Fix docker restart in atomic
...
In atomic, containers are left running when docker is restarted.
When docker is restarted after the flannel config is put in place,
the docker0 interface isn't re-IPed because docker sees the running
containers and won't update the previous config.
This patch kills all the running containers after docker is stopped.
We can't simply `docker stop` the running containers, as they respawn
before we've got a chance to stop the docker daemon, so we need to
use runc to do this after dockerd is stopped.
2017-05-17 14:31:49 -05:00
Brad Beam
b999ee60aa
Fixing typo in kubelet cluster-dns and cluster-domain flags
2017-05-16 15:43:29 -05:00
Brad Beam
85afd3ef14
Removing old sysv reference
2017-05-16 15:28:39 -05:00
Spencer Smith
1907030d89
issue raw yum command since we don't have facts in bootstrapping
2017-05-16 10:07:38 -04:00
xuhuilong
71dabf9fb3
fix curl get calico status error ( error in tls version) : https://bugzilla.redhat.com/show_bug.cgi?id=1272504
2017-05-15 08:12:26 -04:00
Spencer Smith
efa2dff681
remove conditional
2017-05-12 17:16:49 -04:00
Spencer Smith
31a7b7d24e
default to kubedns and set nxdomain in kubedns deployment if that's the dns_mode
2017-05-12 15:57:24 -04:00
moss2k13
791ea89b88
Updated helm installation
...
Added full path for helm
2017-05-08 09:27:06 +02:00
Spencer Smith
c572760a66
Merge pull request #1254 from iJanki/cert_group
...
Adding /O=system:masters to admin certificate
2017-05-05 10:58:42 -04:00
Brad Beam
69fc19f7e0
Merge pull request #1252 from adidenko/separate-tags-for-netcheck-containers
...
Add support for different tags for netcheck containers
2017-05-05 08:04:54 -05:00
Spencer Smith
b939c24b3d
Merge pull request #1250 from digitalrebar/master
...
bootstrap task on centos missing packages
2017-05-02 12:24:11 -04:00
Spencer Smith
3eb494dbe3
Merge pull request #1259 from bradbeam/calico214
...
Updating calico to v2.1.4
2017-05-02 12:20:47 -04:00
Spencer Smith
0afbc19ffb
ensure the /etc/os-release is mounted read only
2017-05-01 14:51:40 -04:00
Spencer Smith
ac9290f985
add for rkt as well
2017-04-28 17:45:10 -04:00
Brad Beam
a133ba1998
Updating calico to v2.1.4
2017-04-28 14:04:25 -05:00
Spencer Smith
5657738f7e
mount os-release to ensure the node's OS is what's seen in k8s api
2017-04-28 13:40:54 -04:00
Aleksandr Didenko
883ba7aa90
Add support for different tags for netcheck containers
...
Replace 'netcheck_tag' with 'netcheck_version' and add additional
'netcheck_server_tag' and 'netcheck_agent_tag' config options to
provide ability to use different tags for server and agent
containers.
2017-04-27 17:15:28 +02:00
Sergii Golovatiuk
674b71b535
Ansible 2.3 support
...
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-26 15:22:10 +02:00
Aleksey Kasatkin
2638ab98ad
add MY_NODE_NAME variable into netchecker-agent environment
2017-04-24 17:19:42 +03:00
Matthew Mosesohn
bc3068c2f9
Merge pull request #1251 from FengyunPan/fix-helm-home
...
Specify a dir and attach it to helm for HELM_HOME
2017-04-24 15:17:28 +03:00
FengyunPan
2bde9bea1c
Specify a dir and attach it to helm for HELM_HOME
2017-04-21 10:51:27 +08:00
Greg Althaus
041d4d666e
Install required selinux-python bindings in bootstrap
...
on centos. The bootstrap tty fixup needs it.
2017-04-20 11:17:01 -05:00
Spencer Smith
88b5065e7d
fix stray 'in' and break into multiple lines for clarity
2017-04-20 09:53:01 -04:00
Spencer Smith
b690008192
allow for correct aws default resolver
2017-04-20 09:32:03 -04:00
Matthew Mosesohn
2d6bc9536c
Merge pull request #1246 from holser/disable_dns_for_kube_services
...
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
01dc6b2f0e
Add aws to default_resolver
...
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
d8aa2d0a9e
Change DNS policy for kubernetes components
...
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Matthew Mosesohn
19bb97d24d
Merge pull request #1238 from Starefossen/fix/namespace-template-file
...
Move namespace file to template directory
2017-04-20 12:19:55 +03:00
Matthew Mosesohn
9f4f168804
Merge pull request #1241 from bradbeam/rktcnidir
...
Explicitly create cni bin dir
2017-04-20 12:19:26 +03:00
Matthew Mosesohn
cf3083d68e
Merge pull request #1239 from mattymo/resettags
...
Add tags to reset playbook and make iptables flush optional
2017-04-20 11:35:08 +03:00
Sergii Golovatiuk
e796cdbb27
Fix restart kube-controller ( #1242 )
...
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
2017-04-20 11:26:01 +03:00
Matthew Mosesohn
2d44582f88
Add tags to reset playbook and make iptables flush optional
...
Fixes #1229
2017-04-19 19:32:18 +03:00
Brad Beam
b60a897265
Explicitly create cni bin dir
...
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
d68cfeed6e
Move namespace file to template directory
2017-04-19 13:37:02 +02:00
Spencer Smith
c3c9e955e5
Merge pull request #1232 from rsmitty/custom-flags
...
add ability for custom flags
2017-04-17 14:01:32 -04:00
Spencer Smith
72d5db92a8
remove stray spaces in templating
2017-04-17 12:24:24 -04:00
Spencer Smith
3f302c8d47
ensure spacing on string of flags
2017-04-17 12:13:39 -04:00
Spencer Smith
04a769bb37
ensure spacing on string of flags
2017-04-17 11:11:10 -04:00
Spencer Smith
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
2017-04-17 11:09:34 -04:00
Matthew Mosesohn
3e7db46195
Merge pull request #1233 from gbolo/master
...
allow admission control plug-ins to be easily customized
2017-04-17 12:59:49 +03:00
Matthew Mosesohn
e52aca4837
Merge pull request #1223 from mattymo/vault_cert_skip
...
Skip vault cert task evaluation when using script certs
2017-04-17 12:52:42 +03:00
Matthew Mosesohn
5ec503bd6f
Merge pull request #1222 from bradbeam/calico
...
Updating calico versions
2017-04-17 12:52:20 +03:00
gbolo
49be805001
allow admission control plug-ins to be easily customized
2017-04-16 22:03:45 -04:00
Spencer Smith
94596388f7
add ability for custom flags
2017-04-14 17:33:04 -04:00
Spencer Smith
5c4980c6e0
Merge pull request #1231 from holser/fix_netchecker-server
...
Reschedule netchecker-server in case of HW failure.
2017-04-14 10:50:07 -04:00
Matthew Mosesohn
d7b8fb3113
Update start_vault_temp.yml
2017-04-14 13:32:41 +03:00
Sergii Golovatiuk
45044c2d75
Reschedule netchecker-server in case of HW failure.
...
Pod opbject is not reschedulable by kubernetes. It means that if node
with netchecker-server goes down, netchecker-server won't be scheduled
somewhere. This commit changes the type of netchecker-server to
Deployment, so netchecker-server will be scheduled on other nodes in
case of failures.
2017-04-14 10:49:16 +02:00
Joe Duhamel
a9f260d135
Update dnsmasq-autoscaler
...
changed target to be a deployment rather than a replicationcontroller.
2017-04-13 15:07:06 -04:00
Joe Duhamel
072b3b9d8c
Update kubedns-autoscaler change target
...
The target was a replicationcontroller but kubedns is currently a deployment
2017-04-13 14:55:25 -04:00
Matthew Mosesohn
ae7f59e249
Skip vault cert task evaluation completely when using script cert generation
2017-04-13 19:29:07 +03:00
Brad Beam
bce1c62308
Updating calico versions
2017-04-11 20:52:04 -05:00
Spencer Smith
9b3aa3451e
Merge pull request #1218 from bradbeam/efkidempotent
...
Fixing resource type for kibana
2017-04-11 19:04:13 -04:00
Spencer Smith
436c0b58db
Merge pull request #1217 from bradbeam/helmcompletion
...
Excluding bash completion for helm on CoreOS
2017-04-11 17:34:11 -04:00
zouyee
0bcecae2a3
upgrade etcd version from v3.0.6 to v3.0.17
2017-04-11 10:42:35 +08:00
Brad Beam
bd130315b6
Excluding bash completion for helm on CoreOS
2017-04-10 11:07:15 -05:00
Brad Beam
504711647e
Fixing resource type for kibana
2017-04-10 11:01:12 -05:00
Antoine Legrand
ab12b23e6f
Merge pull request #1173 from bradbeam/dockerlogs
...
Setting defaults for docker log rotation
2017-04-09 11:50:01 +02:00
Matthew Mosesohn
1c45d37348
Update kubelet.j2
2017-04-06 22:59:18 +03:00
Matthew Mosesohn
b521255ec9
Unbreak 1.5 deployment with kubelet
...
1.5 kubelet fails to start when using unknown params
2017-04-06 21:07:48 +03:00
Matthew Mosesohn
75ea001bfe
Merge pull request #1208 from mattymo/1.6-flannel
...
Update to k8s 1.6 with flannel and centos fixes
2017-04-06 13:04:02 +03:00
Matthew Mosesohn
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
2017-04-06 10:06:21 +04:00
Matthew Mosesohn
acae0fe4a3
Merge pull request #1205 from holser/resolv_updates
...
Refactoring resolv.conf
2017-04-05 14:22:52 +03:00
Matthew Mosesohn
ccc11e5680
Upgrade to Kubernetes 1.6.1
2017-04-05 13:26:36 +03:00
Sergii Golovatiuk
2670eefcd4
Refactoring resolv.conf
...
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-05 09:28:01 +02:00
Matthew Mosesohn
c0cae9e8a0
Merge pull request #1204 from mattymo/resolvconf-nodes
...
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 22:03:44 +03:00
Matthew Mosesohn
f8cf6b4f7c
Merge pull request #1186 from holser/resolv_conf
...
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
2017-04-04 20:49:55 +03:00
Matthew Mosesohn
a29182a010
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 20:43:47 +03:00
Sergii Golovatiuk
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
...
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-04 16:34:13 +02:00
Matthew Mosesohn
798f90c4d5
Merge pull request #1153 from mattymo/graceful_drain
...
Move graceful upgrade test to Ubuntu canal HA, adjust drain
2017-04-04 17:33:53 +03:00
Matthew Mosesohn
f8d44a8a88
Merge pull request #1200 from mattymo/issue1190
...
Fix multiline condition for k8s check certs
2017-04-04 15:48:05 +03:00
Matthew Mosesohn
b4d06ff8dd
Add /var/lib/cni to kubelet
...
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Matthew Mosesohn
7581705007
Merge pull request #1185 from intelsdi-x/hostname
...
Use hostname module to set hostname, and do it for all Os not only Co…
2017-04-03 19:01:12 +03:00
Matthew Mosesohn
5a5707159a
Fix multiline condition for k8s check certs
...
Fixes #1190
2017-04-03 17:44:55 +03:00
Matthew Mosesohn
742a1681ce
Merge pull request #1166 from rogerwelin/master
...
add iptables --flush to reset role
2017-04-03 17:25:10 +03:00
Matthew Mosesohn
fba9b9cb65
Merge pull request #1182 from artem-panchenko/bumpCalicoPolicyControllerVersion
...
Bump calico policy controller version
2017-04-03 17:21:52 +03:00
Paweł Skrzyński
61b2d7548a
Use hostname module to set hostname, and do it for all Os not only CoreOS
2017-04-03 15:09:33 +02:00
Matthew Mosesohn
80828a7c77
use etcd2 when upgrading unless forced
2017-04-03 15:07:42 +03:00
Matthew Mosesohn
f5af86c9d5
Merge pull request #1194 from adidenko/fix-sync_certs
...
Fix multiline when condition in sync_certs task
2017-03-31 17:39:40 +03:00
Aleksandr Didenko
58acbe7caf
Fix multiline when condition in sync_certs task
...
Folded style in multiline 'when' condition causes error with
unexpected ident. Changing it to literal style should fix
the issue.
Closes #1190
2017-03-30 22:21:04 +02:00
Spencer Smith
355b92d7ba
Merge pull request #1170 from jlothian/atomic-docker-network
...
1169 - fix docker systemd unit
2017-03-30 13:13:28 -07:00
Matthew Mosesohn
d42e4f2344
Update .gitlab-ci.yml
2017-03-30 12:19:15 +04:00
Matthew Mosesohn
fb467df47c
fix etcd restart
2017-03-29 23:22:49 +04:00
Matthew Mosesohn
48beef25fa
delete master containers forcefully
2017-03-27 19:08:22 +03:00
Matthew Mosesohn
a3f568fc64
restart scheduler and controller-manager too
2017-03-27 13:51:35 +03:00
Matthew Mosesohn
57ee304260
ensure post-upgrade purge ones only once
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
0794a866a7
switch debian8-canal-ha to ubuntu
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
49e4d344da
move network plugins out of grouped upgrades
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
6e505c0c3f
Fix delegate tasks for kubectl and etcdctl
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
e9a294fd9c
Significantly reduce memory requirements
...
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
44d851d5bb
Only cordon Ready nodes
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
c1b9660ec8
Move graceful upgrade test to debian canal HA, adjust drain
...
Graceful upgrades require 3 nodes
Drain now has a command timeout of 40s
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
c2c334d22f
Merge pull request #1181 from holser/refactor_etcd
...
Refactor etcd role
2017-03-27 13:05:35 +03:00
Sergii Golovatiuk
f144fd1ed3
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Artem Panchenko
e96557f410
Bump calico policy controller version
...
Latest released version of kube-policy-controller
contains important bug fixes and should be used
by default.
2017-03-24 12:13:09 +02:00
Matthew Mosesohn
b2af19471e
Merge pull request #1177 from rutsky/replace-nbsp
...
replace non-breakable space with regular space
2017-03-23 12:59:45 +03:00
Matthew Mosesohn
6805d0ff2b
Merge pull request #1179 from kubernetes-incubator/missing_defaults
...
Add missing defaults
2017-03-23 12:16:13 +03:00
Antoine Legrand
6e1de9d820
Add missing defaults
2017-03-23 10:05:34 +01:00
Vladimir Rutsky
c4e57477fb
replace non-breakable space with regular space
...
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.
To find one:
$ git grep -I -P '\xc2\xa0'
To replace with regular space:
$ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'
This commit doesn't include changes that will overlap with commit f1c59a91a1
.
2017-03-23 00:25:01 +03:00
Matthew Mosesohn
5f082bc0e5
Merge pull request #1172 from mattymo/dnsmasq_upgrade
...
Use checksum of dnsmasq config to trigger updates of dnsmasq
2017-03-22 18:00:10 +03:00
Matthew Mosesohn
0e3b7127b5
Merge pull request #1167 from mattymo/dnsmasq_when_deploying_master
...
Change wait for dnsmasq to skip if there are no kube-nodes in play
2017-03-22 17:59:56 +03:00
Brad Beam
5d3414a40b
Setting defaults for docker log rotation
2017-03-22 09:40:10 -04:00
Roger Welin
f4638c7580
add iptables --flush to reset role
2017-03-22 11:10:24 +01:00
Matthew Mosesohn
8b0b500c89
Use checksum of dnsmasq config to trigger updates of dnsmasq
...
Allows config changes made by Ansible to restart dnsmasq deployment
2017-03-22 13:03:55 +03:00
Josh Lothian
5e2f78424f
1169 - fix docker systemd unit
...
The docker-network environment file masks the new values
put into /etc/systemd/system/docker.service.d/flannel-options.conf
to renumber the docker0 to work correctly with flannel.
2017-03-21 15:22:14 -05:00
Matthew Mosesohn
1887e984a0
Change wait for dnsmasq to skip if there are no kube-nodes in play
...
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)
Also rename play_hosts to ansible_play_hosts
2017-03-21 18:55:22 +03:00
Matthew Mosesohn
cd429d3654
Merge pull request #1159 from holser/etcd_backup_restore
...
Backup etcd
2017-03-21 13:07:44 +03:00
Matthew Mosesohn
0f64f8db90
Merge pull request #1155 from mattymo/helm
...
Add helm deployment
2017-03-20 17:00:06 +03:00
Sergii Golovatiuk
c04a6254b9
Backup etcd data before restarting etcd
...
etcd is crucial part of kubernetes cluster. Ansible restarts etcd on
reconfiguration. Backup helps operator to restore cluster manually in
case of any issues.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-20 14:50:52 +01:00
Matthew Mosesohn
939c1def5d
Merge pull request #1152 from mattymo/redhat_weave
...
Fix weave on RHEL deployment
2017-03-19 16:45:20 +03:00
Matthew Mosesohn
b7ab80e8ea
Merge pull request #1149 from mattymo/centos-retries
...
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
b69d4b0ecc
Add helm deployment
2017-03-17 20:24:41 +03:00
Matthew Mosesohn
7760c3e4aa
Retry yum/apt/rpm download commands, fix succeeded filter
2017-03-17 18:56:26 +03:00
Matthew Mosesohn
3cfb76e57f
Merge pull request #1146 from mattymo/resolvconf_optimize
...
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
e1faeb0f6c
Fix weave on RHEL deployment
...
Reduce retry delay checking weave
Always load br_netfilter module
2017-03-17 18:17:47 +03:00
Matthew Mosesohn
25bff851dd
Merge pull request #1136 from adidenko/fix-calico-policy-order
...
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
a52064184e
Condense resolvconf sources before starting loop
2017-03-17 13:06:56 +03:00
Matthew Mosesohn
0b49eeeba3
Update calico to 1.1.0-rc8
...
Fixes bug in CentOS/RHEL in felix related to overlayfs driver.
2017-03-16 19:23:36 +03:00
Matthew Mosesohn
b0830f0cd7
Merge pull request #1087 from bradbeam/openstack
...
Adding openstack domain id
2017-03-16 17:53:14 +03:00
Matthew Mosesohn
565d4a53b0
Merge pull request #1108 from idcrook/issue_1107-docker-versioning
...
Adding Docker CE 'stable' and 'edge' version packages
2017-03-16 16:32:13 +03:00
Matthew Mosesohn
8195957461
Merge branch 'master' into idempotency2
2017-03-16 09:29:43 +03:00
Matthew Mosesohn
02fed4a082
Merge pull request #1138 from mattymo/idempotency-fixes
...
Idempotency fixes for etcd certs and resolvconf tasks
2017-03-16 09:20:28 +03:00
Matthew Mosesohn
a422ad0d50
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
096d96e344
Merge pull request #1137 from holser/bug/1135
...
Turn on iptables for flannel
2017-03-15 17:06:42 +03:00
Matthew Mosesohn
4354162067
Merge pull request #1080 from VincentS/Granular_Auth_Control
...
Granular authentication Control
2017-03-15 13:12:51 +03:00
Matthew Mosesohn
a62a444229
Merge pull request #1117 from mattymo/etcd3-upgrade
...
Migrate k8s data to etcd3 api store
2017-03-15 12:56:06 +03:00
Matthew Mosesohn
f6b72fa830
Make resolvconf preinstall idempotent
2017-03-15 01:20:13 +04:00
Sergii Golovatiuk
9667e8615f
Turn on iptables for flannel
...
Closes : #1135
Closes : #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-14 17:54:55 +01:00
Vincent Schwarzer
026da060f2
Granular authentication Control
...
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Matthew Mosesohn
3feab1cb2d
Merge pull request #1134 from mattymo/1.6-support
...
Explicitly set cni-bin-dir
2017-03-14 17:53:08 +03:00
Matthew Mosesohn
804e9a09c0
Migrate k8s data to etcd3 api store
...
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
2017-03-14 17:50:20 +03:00
Matthew Mosesohn
4c6829513c
Fix etcd idempotency
2017-03-14 17:23:29 +03:00
Matthew Mosesohn
4038954f96
Merge pull request #1078 from VincentS/oidc_support
...
Added Support for OpenID Connect Authentication
2017-03-14 12:07:21 +03:00
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00
Matthew Mosesohn
c301dd5d94
Merge pull request #1118 from mattymo/noderolelabels
...
Add node labels in kubelet
2017-03-13 19:04:21 +03:00
Cesarini, Daniele
69636d2453
Adding /O=system:masters to admin certificate
...
Issue #1125 . Make RBAC authorization plugin work out of the box.
"When bootstrapping, superuser credentials should include the system:masters group, for example by creating a client cert with /O=system:masters. This gives those credentials full access to the API and allows an admin to then set up bindings for other users."
2017-03-08 14:42:25 +00:00
David Crook
a52e1069ce
updated debian and ubuntu package names based on testing
...
docker-ce is not the .deb package until the repositories are switched over to new "downloads" docker webserver
2017-03-06 16:54:39 -07:00
David Crook
a8e5002aeb
removed irrelevant comments
2017-03-06 16:02:53 -07:00
David Crook
c515a351c6
Merge branch 'master' into issue_1107-docker-versioning
2017-03-06 16:00:31 -07:00
Brad Beam
d04fbf3f78
Removing cloud_provider tag to fix scenario where cloud_provider is not defined
2017-03-06 10:52:38 -06:00
Matthew Mosesohn
54207877bd
Add node labels in kubelet
...
Related-issue: https://github.com/kubernetes/community/issues/300
Upgraded nodes do not obtain labels automatically.
See https://github.com/kubernetes/kubernetes/pull/29459 for more details.
2017-03-06 17:18:42 +03:00
Vincent Schwarzer
b075960e3b
Added Support for OpenID Connect Authentication
...
To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.
2017-03-06 12:40:35 +01:00
Antoine Legrand
85596c2610
Merge pull request #1045 from bradbeam/vsphere
...
Adding vsphere cloud provider support
2017-03-06 12:34:05 +01:00
Antoine Legrand
ee5f009b95
Merge pull request #1112 from mattymo/skip_vault_if_disabled
...
Disable vault role properly on ansible 2.2.0
2017-03-06 11:27:53 +01:00
Matthew Mosesohn
45274560ec
Disable vault role properly on ansible 2.2.0
...
when condition does not seem to work correctly at playbook
level for ansible 2.2.0.
2017-03-05 00:43:01 +04:00
Matthew Mosesohn
02a8e78902
Remove standalone etcd specific play, cleanup host mode
...
Now etcd role can optionally disable etcd cluster setup for faster
deployment when it is combined with etcd role.
2017-03-04 00:34:26 +04:00
Matthew Mosesohn
8f3d9e93ce
Merge pull request #1111 from mattymo/use_find_for_certs
...
Use find module for checking for certificates
2017-03-03 20:08:33 +03:00
Matthew Mosesohn
d176818c44
Use find module for checking for certificates
...
Also generate certs only when absent on master (rather than
when absent on target node)
2017-03-03 16:21:01 +03:00
Bogdan Dobrelya
aeec0f9a71
Merge pull request #1071 from vijaykatam/atomic_host
...
Add support for atomic host
2017-03-03 13:03:59 +01:00
Matthew Mosesohn
08a02af833
Merge pull request #1075 from VincentS/loadbalancer_aws
...
Possibility to add Loadbalancers without static IP (e.g. AWS ELB) #1074
2017-03-03 14:07:22 +03:00
David Crook
3f4a375ac4
first pass at adding 'stable' and 'edge' version packages
...
- Only have ubuntu to test on
- fedora and redhat are placeholders/guesses
- the "old" package repositories seem to have the "new" CE version which is `1.13.1` based
- `docker-ce` looks like it is named as a backported `docker-engine` package in some
places
- Did not change the `defaults` version anywhere, so should work as before
- Did not point to new package repositories, as existing ones have the new packages.
2017-03-02 13:48:09 -07:00
Matthew Mosesohn
5ebc9a380c
Merge pull request #1060 from holser/etcdv3
...
Allow to specify etcd backend for kube-api
2017-03-02 17:24:09 +03:00
Matthew Mosesohn
6453650895
Merge pull request #1093 from mattymo/scaledns
...
Add autoscalers for dnsmasq and kubedns
2017-03-02 16:58:56 +03:00
Matthew Mosesohn
9cb12cf250
Add autoscalers for dnsmasq and kubedns
...
By default kubedns and dnsmasq scale when installed.
Dnsmasq is no longer a daemonset. It is now a deployment.
Kubedns is no longer a replicationcluster. It is now a deployment.
Minimum replicas is two (to enable rolling updates).
Reduced memory erquirements for dnsmasq and kubedns
2017-03-02 13:44:22 +03:00
Vincent Schwarzer
68e8d74545
Changes based on feedback (additional ansible checks)
2017-03-02 11:04:10 +01:00
Vincent Schwarzer
fc054e21f6
Modified how adding LB for the Kube API is handled (AWS)
...
Until now it was not possible to add an API Loadbalancer
without an static IP Address. But certain Loadbalancers
like AWS Elastic Loadbalanacer dontt have an fixed IP address.
With this commit it is possible to add these kind of Loadbalancers
to the Kargo deployment.
2017-03-02 11:04:10 +01:00
Matthew Mosesohn
efbb5b2db3
Merge pull request #1101 from retr0h/docker-1.13.1
...
Use docker-engine 1.13.1
2017-03-02 12:31:58 +03:00
John Dewey
a43569c8a5
Use docker-engine 1.13.1
...
The default version of Docker was switched to 1.13 in #1059 . This
change also bumped ubuntu from installing docker-engine 1.13.0 to
1.13.1. This PR updates os families which had 1.13 defined, but
were using 1.13.0.
The impetus for this change is an issue running tiller 1.2.3 on
docker 1.13.0. See discussion [1][2].
[1] https://github.com/kubernetes/helm/issues/1838
[2] https://github.com/kubernetes-incubator/kargo/pull/1100
2017-03-01 12:53:39 -08:00
Matthew Mosesohn
a5cd73d047
Merge pull request #959 from galthaus/host-mode-restart
...
Restart kube-controller for host_resolvconf mode
2017-03-01 20:54:21 +03:00
Vijay Katam
a0b1eda1d0
Add support for atomic host
...
Updates based on feedback
Simplify checks for file exists
remove invalid char
Review feedback. Use regular systemd file.
Add template for docker systemd atomic
2017-03-01 09:38:19 -08:00
Antoine Legrand
77e5171679
Merge pull request #1076 from VincentS/etcd_openssl_count_fix
...
Fixed counter in ETCD Openssl.conf
2017-03-01 14:17:27 +01:00
Bogdan Dobrelya
0c66418dad
Merge pull request #1090 from artem-panchenko/calicoAcceptHostEndpointConnections
...
Allow connections from pods to local endpoints
2017-03-01 13:37:05 +01:00
Artem Panchenko
fa05d15093
Allow connections from pods to local endpoints
...
By default Calico blocks traffic from endpoints
to the host itself by using an iptables DROP
action. It could lead to a situation when service
has one alive endpoint, but pods which run on
the same node can not access it. Changed the action
to RETURN.
2017-03-01 09:21:02 +02:00
Matthew Mosesohn
cbaa6abdd0
Merge pull request #1066 from bradbeam/rkt-kubelet-cloudprovider
...
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 20:02:56 +03:00
Sergii Golovatiuk
295103adc0
Allow to specify etcd backend for kube-api
...
Kubernetes project is about to set etcdv3 as default storage engine in
1.6. This patch allows to specify particular backend for
kube-apiserver. User may force the option to etcdv3 for new environment.
At the same time if the environment uses v2 it will continue uses it
until user decides to upgrade to v3.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 17:13:22 +01:00
Sergii Golovatiuk
d31c040dc0
Change kube-api default port from 443 to 6443
...
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.
Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Brad Beam
8a63b35f44
Adding flag for docker container in kubelet w/ rkt
2017-02-28 07:55:12 -06:00
Brad Beam
bfff06d402
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 06:29:35 -06:00
Matthew Mosesohn
21d3d75827
Merge pull request #1086 from bradbeam/lowermem
...
Lower default memory requests
2017-02-28 13:37:28 +03:00
Brad Beam
30a9899262
Making openstack domain name optional
2017-02-27 21:19:27 -06:00
Xavier Lange
dd10b8a27c
Bug fix: support kilo's keystone requirement for domain-name, extracts from ENV var
2017-02-27 21:18:30 -06:00
Brad Beam
dbf13290f5
Updating vsphere cloud provider support
2017-02-27 15:08:04 -06:00
Sergii Golovatiuk
f9ff93c606
Make etcd data dir configurable.
...
Closes : #1073
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-27 21:35:51 +01:00
Jan Jungnickel
df476b0088
Initial support for vsphere as cloud provider
2017-02-27 12:51:41 -06:00
Brad Beam
56664b34a6
Lower default memory requests
...
This is to address out of memory issues on CI as well as help
fit deployments for people starting out with kargo on smaller
machines
2017-02-27 10:53:43 -06:00
Vincent Schwarzer
0cbc3d8df6
Fixed counter in ETCD Openssl.conf
...
When a apiserver_loadbalancer_domain_name is added to the Openssl.conf
the counter gets not increased correctly. This didnt seem to have an
effect at the current kargo version.
2017-02-27 12:01:09 +01:00
Bogdan Dobrelya
27b4e61c9f
Merge pull request #946 from neith00/master
...
Using the command module instead of raw
2017-02-27 10:59:53 +01:00
Bogdan Dobrelya
069606947c
Merge pull request #1063 from bogdando/fix
...
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Sergii Golovatiuk
00cfead9bb
Increase SSL TTL to 3650 days
...
In real scenarios 365 days is short period of time. 3650 days is good
enough for long running k8s environments
2017-02-24 15:38:13 +01:00
Antoine Legrand
c7d61af332
Comment all variables in group_vars
2017-02-23 14:02:57 +01:00
Antoine Legrand
5f7607412b
Add default var role
2017-02-23 12:07:17 +01:00
Bogdan Dobrelya
f2a4619c57
Align LB defaults with the HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Bogdan Dobrelya
712872efba
Rework inventory all by real groups' vars
...
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Matthew Mosesohn
8cbf3fe5f8
Merge pull request #1020 from mattymo/synthscale
...
Add synthetic scale deployment mode
2017-02-22 19:15:46 +03:00
Matthew Mosesohn
02137f8cee
Merge pull request #1059 from holser/docker_iptables
...
iptables switch for docker
2017-02-22 08:23:58 +03:00
Ivan Shvedunov
0006e5ab45
Fix shell special vars
2017-02-21 22:22:40 +03:00
Matthew Mosesohn
d821448e2f
Merge branch 'master' into synthscale
2017-02-21 22:17:43 +03:00
Sergii Golovatiuk
3bd46f7ac8
Switch docker to 1.13
...
- Remove variable dup for Ubuntu
- Update Docker to 1.13
2017-02-21 19:10:34 +01:00
Matthew Mosesohn
0afadb9149
Merge pull request #1046 from skyscooby/pedantic-syntax-cleanup
...
Cleanup legacy syntax, spacing, files all to yml
2017-02-21 17:03:16 +03:00
Matthew Mosesohn
d4f15ab402
Merge pull request #1055 from mattymo/etcd-preupgrade-speedup
...
speed up etcd preupgrade check
2017-02-21 12:51:42 +03:00
Matthew Mosesohn
527e030283
Merge pull request #1058 from holser/update_calico_cni
...
Update calico-cni to 1.5.6
2017-02-20 23:09:47 +03:00
Matthew Mosesohn
042d094ce7
Merge pull request #1034 from rutsky/fix-openssl-lb-index
...
fix load balancer DNS name index evaluation in openssl.conf
2017-02-20 20:23:26 +03:00
Matthew Mosesohn
3cc1491833
Merge branch 'master' into pedantic-syntax-cleanup
2017-02-20 20:19:38 +03:00
Matthew Mosesohn
d19e6dec7a
speed up etcd preupgrade check
2017-02-20 20:18:10 +03:00
Sergii Golovatiuk
a2cbbc5c4f
Update calico-cni to 1.5.6
...
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-20 17:14:45 +01:00
Abel Lopez
0bfc2d0f2f
Safe disable SELinux
...
Sometimes, a sysadmin might outright delete the SELinux rpms and
delete the configuration. This causes the selinux module to fail
with
```
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n",
"module_stdout": "", "msg": "MODULE FAILURE"}
```
This simply checks that /etc/selinux/config exists before we try
to set it Permissive.
Update from feedback
2017-02-18 11:54:25 -08:00
Matthew Mosesohn
475a42767a
Suppress logging for download image
...
This generates too much output and during upgrade scenarios
can bring us over the 4mb limit.
2017-02-18 19:10:26 +04:00
Matthew Mosesohn
a21eb036ee
Add no_log to cert tar tasks
...
This works around 4MB limit for gitlab CI runner.
2017-02-18 14:09:57 +04:00
Matthew Mosesohn
9c1701f2aa
Add synthetic scale deployment mode
...
New deploy modes: scale, ha-scale, separate-scale
Creates 200 fake hosts for deployment with fake hostvars.
Useful for testing certificate generation and propagation to other
master nodes.
Updated test cases descriptions.
2017-02-18 14:09:55 +04:00
Andrew Greenwood
fd17c37feb
Regex syntax changes in yml mode
2017-02-17 17:30:39 -05:00
Andrew Greenwood
cde5451e79
Syntax Bugfix
2017-02-17 17:08:44 -05:00
Andrew Greenwood
ca9ea097df
Cleanup legacy syntax, spacing, files all to yml
...
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Antoine Legrand
b84cc14694
Merge pull request #1029 from mattymo/graceful
...
Add graceful upgrade process
2017-02-17 21:24:32 +01:00
Antoine Legrand
e16ebcad6e
Merge pull request #1042 from holser/fix_facts
...
Fix fact tags
2017-02-17 17:56:29 +01:00
Sergii Golovatiuk
e91e58aec9
Fix fact tags
...
Ansible playbook fails when tags are limited to "facts,etcd" or to
"facts". This patch allows to run ansible-playbook to gather facts only
that don't require calico/flannel/weave components to be verified. This
allows to run ansible with 'facts,bootstrap-os' or just 'facts' to
gether facts that don't require specific components.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-17 12:32:33 +01:00
Antoine Legrand
3629b9051d
Merge pull request #1038 from rutsky/kubelet-mount-var-log
...
Mount host's /var/log into kubelet container
2017-02-17 10:26:12 +01:00
Antoine Legrand
4545114408
Merge pull request #1037 from mattymo/coreos_fix
...
Fix references to CoreOS and Container Linux by CoreOS
2017-02-17 10:21:14 +01:00
Vladimir Rutsky
bff955ff7e
Mount host's /var/log into kubelet container
...
Kubelet is responsible for creating symlinks from /var/lib/docker to /var/log
to make fluentd logging collector work.
However without using host's /var/log those links are invisible to fluentd.
This is done on rkt configuration too.
2017-02-16 22:31:05 +03:00
Matthew Mosesohn
80c0e747a7
Fix references to CoreOS and Container Linux by CoreOS
...
Fixes #967
2017-02-16 19:25:17 +03:00
Matthew Mosesohn
617edda9ba
Adjust weave daemonset for serial deployment
2017-02-16 18:24:30 +03:00
Vladimir Rutsky
7ab04b2e73
fix typo in "kibana_base_url" variable name
...
This typo lead to kibana_base_url being undefined and Kibana used
default base URL ("/") which is incorrect with default proxy-based
access.
2017-02-16 18:17:06 +03:00
Matthew Mosesohn
97ebbb9672
Add graceful upgrade process
...
Based on #718 introduced by rsmitty.
Includes all roles and all options to support deployment of
new hosts in case they were added to inventory.
Main difference here is that master role is evaluated first
so that master components get upgraded first.
Fixes #694
2017-02-16 17:18:38 +03:00
Vladimir Rutsky
a1ec6f401c
fix load balancer DNS name index evaluation in openssl.conf
...
Looks like OpenSSL still properly handles it, even with duplicated
"DNS.X" items.
2017-02-16 00:16:13 +03:00
Matthew Mosesohn
d92d955aeb
Merge pull request #985 from rutsky/check-mode-for-shell-commands
...
set "check_mode: on" for read-only "shell" steps that registers result
2017-02-15 17:53:41 +03:00
Spencer Smith
fbaef7e60f
specify grace period for draining
2017-02-14 18:51:13 +03:00
Spencer Smith
017a813621
first cut of an upgrade process
2017-02-14 18:51:13 +03:00
Brad Beam
4c891b8bb0
Adding support for proxy w/ rkt kubelet
2017-02-14 08:09:49 -06:00
Matthew Mosesohn
948d9bdadb
Merge pull request #1019 from mattymo/issue1011
...
Update calico to v1.0.2
2017-02-14 14:01:25 +03:00
Matthew Mosesohn
b7258ec3bb
Merge pull request #1013 from mattymo/remove_masqerade_all
...
Disable kube_proxy_masquerade_all
2017-02-14 14:00:29 +03:00
Antoine Legrand
f4f730bd8a
Merge pull request #1025 from holser/bug/961
...
Install pip on Ubuntu
2017-02-14 10:31:42 +01:00
Matthew Mosesohn
f5e27f1a21
Merge pull request #1021 from holser/remove_deprecated
...
Replace always_run with check_mode
2017-02-14 11:25:58 +03:00
Matthew Mosesohn
bb6415ddc4
Merge pull request #1015 from holser/rkt_ssl_ca_dirs
...
Set ssl_ca_dirs for rkt based on fact
2017-02-14 11:25:17 +03:00
Sergii Golovatiuk
2b6179841b
Install pip on Ubuntu
...
- Refactor 'Check if bootstrap is needed' as ansible loop. This allows
to add new elements easily without refactoring. Add pip to the list.
- Refactor 'Install python 2.x' task to run once if any of rc
codes != 0. Actually, need_bootstrap is array of hashes, so map will
allow to get single array of rc statuses. So if status is not zero it
will be sorted and the last element will be get, converted to bool.
Closes : #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 19:35:13 +01:00
Antoine Legrand
e877cd2874
Merge pull request #1024 from holser/bug/961
...
Install pip on Ubuntu
2017-02-13 17:53:57 +01:00
Vladimir Rutsky
09847567ae
set "check_mode: no" for read-only "shell" steps that registers result
...
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).
Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00
Sergii Golovatiuk
732ae69d22
Install pip on Ubuntu
...
Closes : #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 16:27:09 +01:00
Greg Althaus
2b10376339
When resolv.conf changes during host_resolvconf mode, we need to
...
restart the controller to get the new file configuration.
I'm not fond of this form and would like a better way, but this
seems to "work".
2017-02-13 09:20:02 -06:00
Matthew Mosesohn
b5be335db3
Clean up dnsmasq purge task
2017-02-13 17:30:15 +03:00
Sergii Golovatiuk
5f4cc3e1de
Replace always_run with check_mode
...
always_run was deprecated in Ansible 2.2 and will be removed in 2.4
ansible logs contain "[DEPRECATION WARNING]: always_run is deprecated.
Use check_mode = no instead". This patch fix deprecation.
2017-02-13 15:00:56 +01:00
Matthew Mosesohn
ec567bd53c
Update calico to v1.0.2
...
Also calico-cni to v1.5.6, calico-policy to v0.5.2
Fixes : #1011
2017-02-13 15:39:25 +03:00
Sergii Golovatiuk
aeadaa1184
Set ssl_ca_dirs for rkt based on fact
...
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.
Closes : #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn
2f0f0006e3
Merge pull request #988 from mattymo/feat/rolling3
...
Add CI cases for testing upgrade from v2.0.1 release
2017-02-10 18:09:43 +03:00
Matthew Mosesohn
de047a2b8c
Merge pull request #983 from vwfs/centos_kernel_upgrade
...
Add kernel upgrade for CentOS
2017-02-10 14:40:27 +03:00
Antoine Legrand
86a35652bb
Merge pull request #1009 from mattymo/dnsmasq_updates
...
Enable reset of dnsmasq if manifest or config changes
2017-02-10 11:43:09 +01:00
Matthew Mosesohn
6ae70e03cb
fixup upgrades for canal and weave
2017-02-10 13:27:41 +03:00
Matthew Mosesohn
2c532cb74d
Disable kube_proxy_masquerade_all
...
Fixes #1012
2017-02-10 13:16:39 +03:00
Bogdan Dobrelya
89ae9f1f88
Merge pull request #1002 from code0x9/master
...
use ansible sysctl module for config ip forwarding
2017-02-10 10:40:18 +01:00
Alexander Block
d2e010cbe1
Add kernel upgrade for CentOS
2017-02-10 09:29:12 +01:00
Matthew Mosesohn
a44a0990f5
Enable reset of dnsmasq if manifest or config changes
2017-02-10 10:40:07 +04:00
Matthew Mosesohn
2f88c9eefe
Merge pull request #989 from holser/kubelet_remedy
...
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Matthew Mosesohn
60f1936a62
Merge pull request #1004 from galthaus/kubelet-load-modules
...
Allow kubelet to load kernel modules
2017-02-10 09:28:16 +03:00
Sergii Golovatiuk
c07d60bc90
Kubernetes Reliability Improvements
...
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
node-monitor-period, pod-eviction-timeout for Kubernetes controller
manager
- Add Kubernetes Relaibility Documentation with recomendations for
various scenarios.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-09 23:54:08 +01:00
Matthew Mosesohn
29fd957352
Enable weave upgrade from previous versions
...
Raise readiness probe initial time to 60 (was 30)
2017-02-09 21:39:31 +03:00
Matthew Mosesohn
0a7c6eb9dc
Merge pull request #998 from mattymo/fix_upgrade_daemonsets
...
Fix upgrade for all daemonset type resources
2017-02-09 20:02:21 +03:00
Greg Althaus
3f0c13af8a
Make kubelet_load_modules always present but false.
...
Update code and docs for that assumption.
2017-02-09 10:25:44 -06:00
Greg Althaus
fcd78eb1f7
Due to the nsenter and other reworks, it appears that
...
kubelet lost the ability to load kernel modules. This
puts that back by adding the lib/modules mount to kubelet.
The new variable kubelet_load_modules can be set to true
to enable this item. It is OFF by default.
2017-02-09 10:02:26 -06:00
Matthew Mosesohn
17dfae6d4e
Merge pull request #999 from holser/decrease_weave_ram_limits
...
Lower weave RAM settings.
2017-02-09 13:19:12 +03:00
Mark Lee
e414c25fd7
follow sysctl.conf file symlink if linked
2017-02-09 18:16:52 +09:00
Mark Lee
34a71554ae
use ansible sysctl module for config ip forwarding
2017-02-09 17:28:44 +09:00
Bogdan Dobrelya
3b1a196c75
Merge pull request #902 from insequent/master
...
Adding vault role
2017-02-09 09:24:52 +01:00
Bogdan Dobrelya
105dbf471e
Merge pull request #993 from code0x9/master
...
enable proxy support on docker repository
2017-02-09 09:21:01 +01:00
Antoine Legrand
68df0d4909
Merge pull request #986 from vwfs/dnsmasq_system_nameservers
...
Also add the system nameservers to upstream servers in dnsmasq
2017-02-08 23:21:54 +01:00
Josh Conant
245e05ce61
Vault security hardening and role isolation
2017-02-08 21:41:36 +00:00
Josh Conant
f4ec2d18e5
Adding the Vault role
2017-02-08 21:31:28 +00:00
Sergii Golovatiuk
4124d84c00
Lower weave RAM settings.
...
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
to continue using g1-small for CI
2017-02-08 18:50:36 +01:00
Matthew Mosesohn
3c713a3f53
Fix upgrade for all daemonset type resources
...
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
2017-02-08 18:16:00 +03:00
Alexander Block
89e570493a
Also add the system nameservers to upstream servers in dnsmasq
...
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
2017-02-08 14:38:55 +01:00
Matthew Mosesohn
16674774c7
Merge pull request #994 from mattymo/docker_save
...
Change docker save compress level to 1
2017-02-08 15:13:15 +03:00
Matthew Mosesohn
0180ad7f38
Merge pull request #990 from mattymo/fix_cert_upgrade
...
Fix check for node-NODEID certs existence
2017-02-08 14:44:09 +03:00
Matthew Mosesohn
bfd1ea1da1
Merge pull request #971 from bradbeam/efk
...
Adding EFK logging stack
2017-02-08 14:28:04 +03:00
Mark Lee
3eacd0c871
Update rh_docker.repo.j2
2017-02-08 20:03:51 +09:00
Matthew Mosesohn
d587270293
Merge pull request #992 from vwfs/host_mount_dev
...
Host mount /dev for kubelet
2017-02-08 13:45:22 +03:00
Matthew Mosesohn
3eb13e83cf
Change docker save compress level to 1
...
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
2017-02-08 13:25:11 +03:00
Mark Lee
df761713aa
Merge branch 'master' of https://github.com/kubespray/kargo
2017-02-08 19:19:26 +09:00
Mark Lee
de50f37fea
enable proxy support on docker repository
2017-02-08 19:19:08 +09:00
Matthew Mosesohn
bad6076905
Merge pull request #987 from mattymo/etcd-retune
...
Re-tune ETCD performance params
2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
c2bd76a22e
Merge pull request #956 from adidenko/update-netchecker
...
Update playbooks to support new netchecker
2017-02-08 10:09:46 +01:00
Alexander Block
010fe30b53
Host mount /dev for kubelet
2017-02-08 09:55:51 +01:00
Matthew Mosesohn
e5779ab786
Fix check for node-NODEID certs existence
...
Fixes upgrade from pre-individual node cert envs.
2017-02-07 21:06:48 +03:00
Matthew Mosesohn
71e14a13b4
Re-tune ETCD performance params
...
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
2017-02-07 20:15:14 +03:00
Matthew Mosesohn
491074aab1
Merge pull request #969 from mattymo/port_reserve
...
Prevent dynamic port allocation in nodePort range
2017-02-07 18:24:57 +03:00
Aleksandr Didenko
54af533b31
Update playbooks to support new netchecker
...
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn
f3a0f73588
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Sergii Golovatiuk
5122697f0b
Improve Weave
...
- Remove weave CPU limits from .gitlab-ci.yml. Closes : #975
- Fix weave version in documentation
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-06 13:24:40 +01:00
Antoine Legrand
bd1c764a1a
Merge pull request #963 from rutsky/bastion-ansible-host
...
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
2017-02-04 15:42:39 -05:00
Brad Beam
df3e11bdb8
Adding EFK logging stack
2017-02-03 16:27:08 -06:00
Bogdan Dobrelya
5a7a3f6d4a
Merge pull request #949 from vmtyler/master
...
Fixes Support for OpenStack v3 credentials
2017-02-03 12:22:00 +01:00
Vladimir Rutsky
b4327fdc99
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration
...
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
2017-02-02 18:34:53 +03:00
Matthew Mosesohn
10f924a617
Merge pull request #927 from holser/nsenter_fix
...
Remove nsenter workaround
2017-02-02 18:18:15 +03:00
Matthew Mosesohn
3dd6a01c8b
Merge pull request #901 from galthaus/dns-tweak
...
DHCP Hook protections
2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
585afef945
Remove nsenter workaround
...
- Docker 1.12 and further don't need nsenter hack. This patch removes
it. Also, it bumps the minimal version to 1.12.
Closes #776
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-02 14:38:11 +01:00
Sergii Golovatiuk
f2e4ffcac2
Fix weave-net after upgrade to 1.82
...
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
2017-02-02 10:31:58 +01:00
Matthew Mosesohn
ae66b6e648
Merge pull request #957 from mattymo/weave-net-naming
...
Rename weave-kube to weave-net
2017-02-02 10:18:02 +03:00
Greg Althaus
923057c1a8
This continues the DHCP hook checks. Also protect the create side
...
if the system doesn't have any config files at all.
2017-01-31 09:56:27 -06:00
Matthew Mosesohn
0f6e08d34f
Merge pull request #951 from mattymo/k8s-certs-scale
...
Fix cert distribution at scale
2017-01-31 18:49:26 +03:00
Matthew Mosesohn
4889a3e2e1
Merge pull request #954 from artem-panchenko/improve_dnsmasq
...
Explicitly set config path for DNSMasq
2017-01-31 18:48:46 +03:00
Matthew Mosesohn
39d87a96aa
Rename weave-kube to weave-net
...
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
2017-01-31 18:47:27 +03:00
Matthew Mosesohn
08822ec684
Fix cert distribution at scale
...
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
2017-01-31 16:27:45 +03:00
Matthew Mosesohn
6463a01e04
Merge pull request #880 from bradbeam/weave-kube
...
Weave kube
2017-01-31 13:31:09 +03:00
Artem Panchenko
1418fb394b
Explicitly set config path for DNSMasq
...
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
e4eda88ca9
Merge pull request #944 from tureus/skip-cloud-config-on-etcd
...
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Brad Beam
a11b9d28bd
Upgrading weave to weave-kube
2017-01-27 17:05:25 -06:00
Brad Beam
b54eb609bf
Consolidating kube.py module
2017-01-27 11:28:11 -06:00
Tyler Britten
f8ffa1601d
Fixed for non-null output
2017-01-27 10:47:59 -05:00
Tyler Britten
da01bc1fbb
Updated OpenStack vars to check for tenant_id (v2) and project_id (v3)
2017-01-27 10:26:20 -05:00
neith00
bbc8c09753
Using the command module instead of raw
...
Using the command module instead of raw.
Also fixed the syntax.
2017-01-26 16:28:48 +01:00
Xavier Lange
e5fdc63bdd
Bugfix: skip cloud_config on etcd
2017-01-25 14:09:21 -08:00
Aleksandr Didenko
46c177b982
Switch to ansible_hostname in calico
...
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.
Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
2017-01-25 11:49:58 +01:00
Matthew Mosesohn
f4b7474ade
Merge pull request #926 from adidenko/fix-calico-rr-for-masters
...
Fix calico-rr peering with k8s masters
2017-01-24 12:38:52 +03:00
Alexander Block
9bf792ce0b
Pin docker version on RedHat and CentOS to the desired version
2017-01-23 12:39:54 +01:00
Aleksandr Didenko
f05aaeb329
Fix calico-rr peering with k8s masters
...
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.
Closes #925
2017-01-23 10:19:09 +01:00
Matthew Mosesohn
8ce32eb3e1
Merge pull request #905 from galthaus/async-runs
...
Add tasks to ensure that the first nodes have their directories for cert gen
2017-01-19 18:32:27 +03:00
Matthew Mosesohn
aae0314bda
Merge pull request #904 from galthaus/nginx-port-config
...
Add nginx local balancer port configuration variable
2017-01-19 18:31:57 +03:00
Matthew Mosesohn
35d5248d41
Merge pull request #913 from galthaus/apps-master-only
...
Ansible apps should only check for api-server running on the master.
2017-01-19 18:30:58 +03:00
Matthew Mosesohn
0ccc2555d3
Merge pull request #917 from mattymo/rkt_resolvconf
...
Fix setting resolvconf when using rkt deploy mode
2017-01-19 18:30:21 +03:00
Matthew Mosesohn
b26a711e96
Merge pull request #916 from mattymo/update_ansible
...
Update Ansible to 2.2.1
2017-01-19 18:13:45 +03:00
Matthew Mosesohn
2218a052b2
Merge pull request #921 from mattymo/docker113
...
Add docker 1.13, update 1.12 to 1.12.6
2017-01-19 18:13:21 +03:00
Matthew Mosesohn
33fbcc56d6
Add docker 1.13, update 1.12 to 1.12.6
...
Fixes #903
2017-01-19 13:58:36 +03:00
Sergii Golovatiuk
61d05dea58
Allow to specify number of concurrent DNS queries
...
ndots creates overhead as every pod creates 5 concurrent connections
that are forwarded to sky dns. Under some circumstances dnsmasq may
prevent forwarding traffic with "Maximum number of concurrent DNS
queries reached" in the logs.
This patch allows to configure the number of concurrent forwarded DNS
queries "dns-forward-max" as well as "cache-size" leaving the default
values as they were before.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-19 11:47:37 +01:00
Matthew Mosesohn
8a821060a3
Update Ansible to 2.2.1
2017-01-19 13:46:46 +03:00
Greg Althaus
0d44599a63
Add explicit name printing in task names for deletgated task during
...
cert creation
2017-01-18 14:06:50 -06:00
Matthew Mosesohn
b6c3e61603
Fix setting resolvconf when using rkt deploy mode
...
rkt deploy mode doesn't create {{ bin_dir }}/kubelet, so
let's rely on kubelet.env file instad.
2017-01-18 19:18:47 +03:00
Matthew Mosesohn
5420fa942e
Merge pull request #897 from holser/flush_handlers_before_etcd
...
Flush handlers before etcd restart
2017-01-18 12:27:01 +03:00
Matthew Mosesohn
1ee33d3a8d
Merge pull request #910 from mattymo/escape_curly
...
Fix ansible 2.2.1 handling of registered vars
2017-01-18 11:13:01 +03:00
Greg Althaus
61dab8dc0b
Should only check for api-server running on the master.
...
If this runs on other nodes, it will fail the playbook.
2017-01-17 15:57:34 -06:00
Matthew Mosesohn
b2a27ed089
Fix bash completion installation
2017-01-17 20:36:58 +03:00
Matthew Mosesohn
d8ae50800a
Work around escaping curly braces for docker inspect
2017-01-17 20:35:38 +03:00
Sergii Golovatiuk
43fa72b7b7
Flush handlers before etcd restart
...
systemctl daemon-reload should be run before when task modifies/creates
union for etcd. Otherwise etcd won't be able to start
Closes #892
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-17 15:04:25 +01:00
Matthew Mosesohn
73204c868d
Merge pull request #909 from mattymo/docker-upgrade
...
Always trigger docker restart when docker package changes
2017-01-17 11:37:42 +03:00
Matthew Mosesohn
74b78e75a1
Always trigger docker restart when docker package changes
...
Docker upgrade doesn't auto-restart docker, causing failures
when trying to start another container
2017-01-16 17:52:28 +03:00
Greg Althaus
6905edbeb6
Add a variable that defaults to kube_apiserver_port that defines
...
the which port the local nginx proxy should listen on for HA
local balancer configurations.
2017-01-14 23:38:07 -06:00
Greg Althaus
6c69da1573
This PR adds/or modifies a few tasks to allow for the playbook to
...
be run by limit on each node without regard for order.
The changes make sure that all of the directories needed to do
certificate management are on the master[0] or etcd[0] node regardless
of when the playbook gets run on each node. This allows for separate
ansible playbook runs in parallel that don't have to be synchronized.
2017-01-14 23:24:34 -06:00
Greg Althaus
95bf380d07
If the inventory name of the host exceeds 63 characters,
...
the openssl tools will fail to create signing requests because
the CN is too long. This is mainly a problem when FQDNs are used
in the inventory file.
THis will truncate the hostname for the CN field only at the
first dot. This should handle the issue for most cases.
2017-01-13 10:02:23 -06:00
Matthew Mosesohn
80703010bd
Use only one certificate for all apiservers
...
https://github.com/kubernetes/kubernetes/issues/25063
2017-01-13 14:03:20 +03:00
Bogdan Dobrelya
e88c10670e
Merge pull request #891 from galthaus/selinux-order
...
preinstall fails on AWS CentOS7 image
2017-01-13 11:51:18 +01:00
Alexander Block
1054f37765
Don't try to delete kargo specific config from dhclient when file does not exist
...
Also remove the check for != "RedHat" when removing the dhclient hook,
as this had also to be done on other distros. Instead, check if the
dhclienthookfile is defined.
2017-01-13 10:56:10 +01:00
Greg Althaus
f77257cf79
When running on CentOS7 image in AWS with selinux on, the order of
...
the tasks fail because selinux prevents ip-forwarding setting.
Moving the tasks around addresses two issues. Makes sure that
the correct python tools are in place before adjusting of selinux
and makes sure that ipforwarding is toggled after selinux adjustments.
2017-01-12 10:12:21 -06:00
Bogdan Dobrelya
f004cc07df
Merge pull request #830 from mattymo/k8sperhost
...
Generate individual certificates for k8s hosts
2017-01-12 12:42:14 +01:00
Alexander Block
a7bf7867d7
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
2017-01-11 16:56:16 +01:00
Matthew Mosesohn
3f274115b0
Generate individual certificates for k8s hosts
2017-01-11 12:58:07 +03:00
Matthew Mosesohn
3b0918981e
Merge pull request #878 from bradbeam/rkt-cni
...
Adding /opt/cni /etc/cni to rkt run kubelet
2017-01-11 12:22:04 +03:00
Bogdan Dobrelya
d8cef34d6c
Merge pull request #872 from mattymo/bug868
...
Bind nginx localhost proxy to localhost
2017-01-10 17:09:25 +01:00
Brad Beam
db8173da28
Adding /opt/cni /etc/cni to rkt run kubelet
2017-01-10 08:48:58 -06:00
Bogdan Dobrelya
bcdfb3cfb0
Merge pull request #793 from kubernetes-incubator/fix_dhclientconf_path
...
Fix wrong path of dhclient on CentOS+Azure
2017-01-10 13:23:55 +01:00
Bogdan Dobrelya
79aeb10431
Merge pull request #858 from bradbeam/calicoctl-canal
...
Misc updates for canal
2017-01-10 12:24:59 +01:00
Matthew Mosesohn
38338e848d
Merge pull request #860 from adidenko/fix-calico-rr-certs
...
Fix etcd cert generation for calico-rr role
2017-01-09 18:34:02 +03:00
Bogdan Dobrelya
10dbd0afbd
Merge pull request #871 from mattymo/fix_system_search_domains
...
Fix docker dns host scenario with no search domains
2017-01-09 15:52:12 +01:00
Matthew Mosesohn
e22f938ae5
Bind nginx localhost proxy to localhost
...
This proxy should only be listening for local connections, not 0.0.0.0.
Fixes #868
2017-01-09 17:19:54 +03:00
Matthew Mosesohn
1dce56e2f8
Fix docker dns host scenario with no search domains
...
Fixes scenario where docker-dns.conf tries to create an empty
search entry
2017-01-09 16:36:44 +03:00
Aleksandr Didenko
d9539e0f27
Fix etcd cert generation for calico-rr role
...
"etcd_node_cert_data" variable is undefinded for "calico-rr" role.
This patch adds "calico-rr" nodes to task where "etcd_node_cert_data"
variable is registered.
2017-01-09 12:06:25 +01:00
Aleksandr Didenko
0909368339
Set latest stable versions for Calico images
...
Change version for calico images to v1.0.0. Also bump versions for
CNI and policy controller.
Also removing images repo and tag duplication from netchecker role
2017-01-09 12:05:49 +01:00
Bogdan Dobrelya
091b634ea1
Merge pull request #799 from kubernetes-incubator/docker_dns
...
Implement "dockerd --dns-xxx" based dns mode
2017-01-09 11:38:02 +01:00
Alexander Block
a8b5b856d1
Only use default resolver in dnsmasq when we are using host_resolvconf mode
2017-01-06 10:21:07 +01:00
Alexander Block
1d2a18b355
Introduce dns_mode and resolvconf_mode and implement docker_dns mode
...
Also update reset.yml to do more dns/network related cleanup.
2017-01-05 23:38:51 +01:00
Spencer Smith
4a59340182
remove assertion for family not being CoreOS
2017-01-05 13:36:25 -05:00
Brad Beam
cf042b2a4c
Create network policy directory for canal
2017-01-05 10:54:27 -06:00
Brad Beam
65c86377fc
Adding calicoctl to canal deployment
2017-01-05 10:54:27 -06:00
Bogdan Dobrelya
5af2c42bde
Better fix for different CoreOS os family facts
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 16:32:08 +01:00
Bogdan Dobrelya
f7447837c5
Rename CoreOS fact
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Bogdan Dobrelya
6546869c42
Merge branch 'master' into rkt
2017-01-05 10:34:18 +01:00
Brad Beam
4b6f29d5e1
Adding kubelet in rkt
2017-01-03 14:49:48 -06:00
Brad Beam
8dc19374cc
Allowing etcd to run via rkt
2017-01-03 10:10:38 -06:00
Brad Beam
a8f2af0503
Adding initial rkt support
2017-01-03 10:08:43 -06:00
Bogdan Dobrelya
d8a2941e9e
Fix cert paths for flannel/calico policy apps
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-03 16:12:54 +01:00
Alexander Block
ab7df10a7d
Upgrade docker version and do some cleanups for unsupported distros/docker versions
2017-01-02 18:05:50 +01:00
Bogdan Dobrelya
93663e987c
Merge pull request #847 from bogdando/bug_769
...
Fix etc hosts for cluster nodes
2017-01-02 17:47:23 +01:00
Bogdan Dobrelya
97f96a6376
Fix etc hosts for cluster nodes
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 13:20:51 +01:00
Bogdan Dobrelya
58062be2a3
Drop non systemd OS types support
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 12:14:03 +01:00
Matthew Mosesohn
1f9f885379
Fix etcd cert generation to support large deployments
...
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.
Fixes #832
2016-12-30 12:55:26 +03:00
Bogdan Dobrelya
a56d9de502
Systemd units, limits, and bin path fixes
...
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
systemd limits due to the lack of consensus in the kernel community
requires out-of-tree kernel patches.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-28 15:49:42 +01:00
Matthew Mosesohn
f0c0390646
Fix creation and sync of etcd certs
...
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
2016-12-28 14:21:17 +04:00
Matthew Mosesohn
e7a1949d85
Merge pull request #818 from mattymo/calico-rr-certs
...
Fix calico-rr to use etcd certs instead of kube certs
2016-12-28 08:47:16 +03:00
Matthew Mosesohn
6d9cd2d720
Fix calico-rr to use etcd certs instead of kube certs
2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
79996b557b
Rework ignore_errors to report no reds
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00
Bogdan Dobrelya
bb0c3537cb
Do not forward bogus domains for upstream resolvers
...
Also fix kube log level 4 to log dnsmasq queries.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-23 11:53:14 +01:00
Matthew Mosesohn
385f7f6e75
Update etcd.j2
2016-12-22 22:29:24 +03:00
Matthew Mosesohn
9f1e3db906
Adjust etcd server certificates
...
ETCD doesn't need cert/key options set. It only requires peer
cert options.
2016-12-22 23:05:17 +04:00
Spencer Smith
b63d900625
Workaround etcdctl not yet being installed ( #797 )
...
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
2016-12-22 12:41:38 -05:00
Matthew Mosesohn
a4bce333a3
Merge pull request #760 from genti-t/issue-748-flannel-options
...
Fix Flannel network on CoreOS
2016-12-22 19:02:31 +03:00
Genti Topija
7c2785e083
Fix Flannel network on CoreOS
...
Resolves : #748
2016-12-22 16:50:04 +01:00
Matthew Mosesohn
ad796d188d
Individual etcd ssl certs
...
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
2016-12-22 13:31:11 +03:00
Bogdan Dobrelya
de8cd5cd7f
Merge pull request #786 from mattymo/bug777
...
Add wait for kube-apiserver to kubernetes-apps
2016-12-22 11:02:50 +01:00
Alexander Block
8e4e3998dd
Fix wrong path of dhclient on CentOS+Azure
...
This was alredy fixed in #755 but had to be reverted. This PR should be
more intelligent about deciding which path to use.
2016-12-21 21:51:07 +01:00
Spencer Smith
8d9f207836
create systemd drop-in path if not existent
2016-12-21 13:06:12 -05:00
Bogdan Dobrelya
f10d1327d4
Revert "Do not forward private domains for upstream resolvers"
2016-12-21 15:24:17 +01:00
Matthew Mosesohn
d314174149
Add wait for kube-apiserver to kubernetes-apps
...
Fixes #777
2016-12-21 15:39:39 +03:00
Bogdan Dobrelya
b8bc8eee41
Add download_always_pull check and sha256 for docker images
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-20 17:02:09 +01:00
Bogdan Dobrelya
11380769cd
Merge pull request #722 from bogdando/dnsmasq_armors
...
Do not forward private domains for upstream resolvers
2016-12-20 14:25:17 +01:00
Bogdan Dobrelya
843d439898
Merge pull request #775 from kubernetes-incubator/register_master
...
Register master node as unschedulable
2016-12-20 14:17:55 +01:00
Bogdan Dobrelya
c1e4cef75b
Merge pull request #774 from kubernetes-incubator/ant31-patch-2
...
check if calico_peer_rr is defined
2016-12-19 18:19:03 +01:00
Matthew Mosesohn
348fc5b109
Fix etcd to-SSL upgrade and task register vars
2016-12-19 15:05:49 +03:00
Bogdan Dobrelya
101864c050
Do not forward private domains for upstream resolvers
...
Also fix kube log level 4 to log dnsmasq queries.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
2016-12-19 11:01:41 +01:00
Alexander Block
fe150d4e4d
Register master node as unschedulable
...
Also refactor generation of kubelet args to not repeat args.
2016-12-19 10:47:43 +01:00
Antoine Legrand
048ac264a3
Update main.yml
2016-12-17 20:22:39 +01:00
Antoine Legrand
768fe05eea
Merge pull request #704 from vwfs/bastion_hosts
...
Add support for bastion hosts
2016-12-17 12:08:49 +01:00
Antoine Legrand
1c48a001df
Merge pull request #763 from bogdando/resolver_fallback
...
Fallback to default resolver if no nameservers
2016-12-17 12:03:41 +01:00
Antoine Legrand
a7276901a3
Merge pull request #766 from kubernetes-incubator/docker12point5
...
Update docker to 1.12.5
2016-12-17 11:55:06 +01:00
Bogdan Dobrelya
1782d19e1f
Fallback to default resolver if no nameservers
...
Current design expects users to define at least one
nameserver in the nameservers var to backup host OS DNS config
when the K8s cluster DNS service IP is not available and hosts
still have to resolve external or intranet FQDNs.
Fix undefined nameservers to fallback to the default_resolver.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-16 14:51:34 +01:00
Bogdan Dobrelya
e2476fbd0b
Revert "Fix wrong path for dhclient.conf on RedHat/CentOS"
2016-12-16 14:49:26 +01:00
Matthew Mosesohn
07cd81ef58
Update docker to 1.12.5
...
Note the new ubuntu/debian version string change:
https://github.com/docker/docker/issues/29355
2016-12-16 16:30:46 +03:00
Bogdan Dobrelya
92f542938c
Merge pull request #745 from kubernetes-incubator/fix_weave_start
...
Fix weave restart after docker daemon restart
2016-12-16 14:06:48 +01:00
Matthew Mosesohn
495d0b659a
Fix weave restart after docker daemon restart
2016-12-16 14:15:22 +03:00
Antoine Legrand
a2f8f17270
Merge pull request #757 from kubernetes-incubator/issue754
...
Add dns_domain for each host to /etc/hosts
2016-12-15 21:42:59 +01:00
Bogdan Dobrelya
0e2329b59e
Merge pull request #755 from kubernetes-incubator/fix_dhclientconf_path
...
Fix wrong path for dhclient.conf on RedHat/CentOS
2016-12-15 19:08:31 +01:00
Bogdan Dobrelya
70143d87bf
Merge pull request #746 from kubernetes-incubator/etcd_ssl_upgrade_fix
...
Fix etcd member list when upgrading ETCD from an old version
2016-12-15 12:31:34 +01:00
Matthew Mosesohn
68ad4ff4d9
Add dns_domain for each host to /etc/hosts
...
Fixes #754
2016-12-15 13:34:59 +04:00
Bogdan Dobrelya
725f9ea3bd
Merge pull request #749 from kubernetes-incubator/azure_ip_forward
...
Set net.ipv4.ip_forward=1 on all systems, not only on GCE
2016-12-15 10:19:43 +01:00
Alexander Block
a9684648ab
Fix wrong path for dhclient.conf on RedHat/CentOS
...
/etc/dhclient.conf is ignored on RedHat/CentOS
Correct location is /etc/dhcp/dhclient.conf
2016-12-15 10:11:16 +01:00
Matthew Mosesohn
9cc73bdf08
Fix etcd member list when upgrading ETCD from an old version
2016-12-15 12:00:45 +04:00
Bogdan Dobrelya
114ab5e4e6
Merge pull request #721 from adidenko/calico-add-rr
...
Add calico/routereflector support
2016-12-14 17:22:00 +01:00
Smaine Kahlouch
29874baf8a
Merge pull request #708 from vwfs/cloud_network
...
Add support for cloud-provider based networking
2016-12-14 16:23:20 +01:00
Alexander Block
81317505eb
Set net.ipv4.ip_forward=1 on all systems, not only on GCE
2016-12-14 15:08:13 +01:00
Aleksandr Didenko
d57c27ffcf
Add calico/routereflector support
...
Add BGP route reflectors support in order to optimize BGP topology
for deployments with Calico network plugin.
Also bump version of calico/ctl for some bug fixes.
2016-12-14 13:44:10 +01:00
Alexander Block
d50eb60827
Add --reconcile-cidr flag to kubelet to support cloud network plugin in 1.4
2016-12-13 17:30:10 +01:00
Alexander Block
dbd9aaf1ea
Add check for azure_route_table_name and add it to all.yml
2016-12-13 17:30:10 +01:00
Alexander Block
d20d5e648f
Add pseudo network plugin called "cloud" to use cloud provider for network
...
Allow to let the cloud provider configure proper routing for nodes.
2016-12-13 17:30:10 +01:00
Alexander Block
06584ee3aa
Add support for bastion hosts
2016-12-13 17:29:47 +01:00
Antoine Legrand
26e3142c95
Merge branch 'master' into standalone_kubelet
2016-12-13 17:26:21 +01:00
Alexander Block
665ce82d71
Move kube_version to group_vars/all to allow easier changing of version
...
Also allows to perform version dependent logic in Ansible roles.
2016-12-13 17:21:00 +01:00
Alexander Block
444b1dafdc
Pass --anonymous-auth to apiserver
...
Fixes #732
2016-12-13 17:06:53 +01:00
Bogdan Dobrelya
d6174b22e9
Merge pull request #731 from bogdando/fix_resolvconf
...
Fix resolvconf
2016-12-13 16:48:37 +01:00
Bogdan Dobrelya
c75f394707
Address standalone kubelet config case
...
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 16:35:53 +01:00
Bogdan Dobrelya
0515814e0c
Fix resolvconf
...
Do not repeat options and nameservers in the dhclient hooks.
Do not prepend nameservers for dhclient but supersede and fail back
to the upstream_dns_resolvers then default_resolver. Fixes order of
nameservers placement, which is cluster DNS ip goes always first.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 15:48:53 +01:00
Alexander Block
1cfaf927c9
Fix reverse umount in reset role
...
The Jinja2 filter 'reverse' returned an iterator instead of a list,
resulting in the umount task to fail.
Intead of using the reverse filter, we use 'tac' to reverse the output
of the previous task.
2016-12-13 14:21:24 +01:00
Bogdan Dobrelya
45135ad3e4
Merge pull request #705 from vwfs/centos7-azure
...
Better support for CentOS 7 on Azure
2016-12-13 10:36:58 +01:00
Bogdan Dobrelya
4e721bfd9d
Merge pull request #667 from bogdando/fix_dns
...
Rework DNS stack to meet hostnet pods needs
2016-12-12 21:38:13 +01:00
Bogdan Dobrelya
f52ed9f91e
Update main.yml
2016-12-12 21:37:16 +01:00
Bogdan Dobrelya
3117858dcd
Rework DNS stack to meet hostnet pods needs
...
* For Debian/RedHat OS families (with NetworkManager/dhclient/resolvconf
optionally enabled) prepend /etc/resolv.conf with required nameservers,
options, and supersede domain and search domains via the dhclient/resolvconf
hooks.
* Drop (z)nodnsupdate dhclient hook and re-implement it to complement the
resolvconf -u command, which is distro/cloud provider specific.
Update docs as well.
* Enable network restart to apply and persist changes and simplify handlers
to rely on network restart only. This fixes DNS resolve for hostnet K8s
pods for Red Hat OS family. Skip network restart for canal/calico plugins,
unless https://github.com/projectcalico/felix/issues/1185 fixed.
* Replace linefiles line plus with_items to block mode as it's faster.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
2016-12-12 17:43:47 +01:00
Alexander Block
5176e5c968
Make growpart only run on Azure
2016-12-12 14:14:22 +01:00
Bogdan Dobrelya
774f4dbbf7
Merge branch 'master' into tags_download
2016-12-12 11:44:00 +01:00
Matthew Mosesohn
b1e852a785
Merge pull request #707 from vwfs/reset_playbook
...
Add playbook and role to reset the cluster
2016-12-12 12:43:00 +03:00
Alexander Block
9fd14cb6ea
Add growpart role to allow growing the root partition on CentOS
...
At least the OS images from Azure do not grow the root FS automatically.
2016-12-12 09:55:28 +01:00
Alexander Block
4e34803b1e
Disable fastestmirror on CentOS
...
It actually slows down things dramatically when used in combination
with Ansible.
2016-12-12 09:54:39 +01:00
Alexander Block
7abcf6e0b9
Remove requiretty from sudoers to actually make pipelining work
...
Some systems (e.g. CentOS on Azure) have requiretty in sudoers which makes
pipelining fail.
2016-12-12 09:54:39 +01:00
Matthew Mosesohn
e5ad0836bc
Merge pull request #713 from kubernetes-incubator/bump_kubedns
...
Bump kubedns version to 1.9
2016-12-10 11:08:42 +03:00
Bogdan Dobrelya
2c50f20429
Merge pull request #696 from bogdando/intranet_dns
...
Preconfigure dns stack early
2016-12-09 21:46:03 +01:00
Bogdan Dobrelya
a15d626771
Preconfigure DNS stack and docker early
...
In order to enable offline/intranet installation cases:
* Move DNS/resolvconf configuration to preinstall role. Remove
skip_dnsmasq_k8s var as not needed anymore.
* Preconfigure DNS stack early, which may be the case when downloading
artifacts from intranet repositories. Do not configure
K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be
not existing).
* Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq
was set up and before K8s apps to be created.
* Move docker install task to early stage as well and unbind it from the
etcd role's specific install path. Fix external flannel dependency on
docker role handlers. Also fix the docker restart handlers' steps
ordering to match the expected sequence (the socket then the service).
* Add default resolver fact, which is
the cloud provider specific and remove hardcoded GCE resolver.
* Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search
domains combined with high ndots values lead to poor performance of
DNS stack and make ansible workers to fail very often with the
"Timeout (12s) waiting for privilege escalation prompt:" error.
* Update docs.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 17:30:55 +01:00
Bogdan Dobrelya
fd9b26675e
More granular control for download/upload images/binaries
...
Add upload tag allow users to exclude distributing images across nodes
when running with the download tag set.
Add related tags and update docs as well.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 17:04:55 +01:00
Alexander Block
eb33f085b6
Changes according to code review
2016-12-09 16:33:10 +01:00
Matthew Mosesohn
459bee6d2c
Bump kubedns version to 1.9
...
Version 1.9 has reduced verbosity for federation dns queries
which flood container logs.
2016-12-09 17:57:54 +03:00
Alexander Block
8a5ba6b20c
Use proper style (spacing) for docker_storage_options
2016-12-09 13:56:56 +01:00
Alexander Block
c3ec3ff902
Allow to specify docker storage driver
2016-12-09 13:56:56 +01:00
Bogdan Dobrelya
7897c34ba3
Merge pull request #700 from bogdando/tags
...
Add tags
2016-12-09 13:23:56 +01:00
Bogdan Dobrelya
8cc84e132a
Add tags
...
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Alexander Block
00ad151186
Add playbook and role to reset the cluster
...
This deletes everything related to the cluster and allows to start from
scratch.
2016-12-09 11:15:36 +01:00
Aleksandr Didenko
ee8d6ab4fc
Convert docker_versioned_pkg dict keys to string
...
This will allow to use '-e docker_version=1.12' in ansible playbook
execution. It's also backward-compatible and will work with floating
docker_version format in custom yaml files.
Closes #702
2016-12-09 09:17:36 +01:00
Matthew Mosesohn
a80745b5bd
Merge pull request #668 from bodepd/etcd_access_address
...
Use etcd host ip instead of hostname to build etcd_access_addresses
2016-12-09 07:54:12 +03:00
Bogdan Dobrelya
710d5ae48e
Merge pull request #691 from adidenko/calico-old-cni-fix
...
Fix possible problems with legacy calicoctl
2016-12-08 12:00:08 +01:00
Dan Bode
eec2ed5809
Allow etcd_access_addresses to be more flexible
...
The variale etcd_access_addresses is used to determine
how to address communication from other roles to
the etcd cluster.
It was set to the address that ansible uses to
connect to instance ({{ item }})s and not the
the variable:
ip_access
which had already been created and could already
be overridden through the access_ip variable.
This change allows ansible to connect to a machine using
a different address than the one used to access etcd.
2016-12-07 10:33:15 -08:00
Matthew Mosesohn
bfc9bcb8c7
Force hardlink for calico/canal certs
...
Fixes : #669
2016-12-07 19:03:22 +03:00
Bogdan Dobrelya
8eb26c21be
Merge pull request #692 from bogdando/gce_fixes
...
Change GCE sysctls placement and docs
2016-12-07 16:17:30 +01:00
Bogdan Dobrelya
f0f2b81276
Change GCE sysctls placement and docs
...
Override GCE sysctl in /etc/sysctl.d/99-sysctl.conf instead of
the /etc/sysctl.d/11-gce-network-security.conf. It is recreated
by GCE, f.e. if gcloud CLI invokes some security related changes,
thus losing customizations we want to be persistent.
Update cloud providers firewall requirements in calico docs.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-07 12:53:45 +01:00
Aleksandr Didenko
c9290182be
Fix possible problems with legacy calicoctl
...
When running legacy calicoctl we do not specify calico hostname in
calico-node container thus we should not specify it in CNI config.
Also move 'legacy_calicoctl' set_fact task to the top.
2016-12-07 12:26:44 +01:00
fen4o
246c8209c1
add cluster-signing to kube-controller-manager
...
kube-controller-manager's cluster signing cert and key points by default to not
existing `/etc/kubernetes/ca/ca.pem` and `/etc/kubernetes/ca/ca.key` [docs][1]
[1]: http://kubernetes.io/docs/admin/kube-controller-manager/#options
2016-12-07 11:20:18 +02:00
Bogdan Dobrelya
36fe2cb5ea
Merge pull request #584 from chadswen/docker-options-refactor
...
Docker Options Refactor
2016-12-07 07:57:53 +01:00
Bogdan Dobrelya
9d6cc3a8d5
Merge pull request #684 from adidenko/fix-calico-peering
...
Calico: fix peering with routers for new version
2016-12-06 22:42:02 +01:00
Spencer Smith
8870178a2d
Merge pull request #627 from kubernetes-incubator/issue-626
...
add restart flag for docker run kubelet
2016-12-06 08:47:18 -08:00
Aleksandr Didenko
b0079ccd77
Calico: fix peering with routers for new version
...
In new `calicoctl` version nodes peering with routers is broken.
We need to use predictable node names for calico-node and the
same names in calico `bgpPeer` resources and CNI.
2016-12-06 17:17:39 +01:00
Bogdan Dobrelya
2c1db56213
Merge pull request #678 from adidenko/update-calico-unit
...
Update calico-node systemd unit
2016-12-06 13:51:37 +01:00
Aleksandr Didenko
f1d7af11ee
Update calico-node systemd unit
...
New calicoctl does not support --detach=false option, so we should
use a recommended way to run calico-node service:
http://docs.projectcalico.org/v2.0/usage/configuration/as-service
Closes #674 , #675
2016-12-06 11:34:12 +01:00
Bogdan Dobrelya
59a097b255
Merge pull request #679 from kubernetes-incubator/kube-proxy-dbus
...
Add dbus socket dir to kube-proxy
2016-12-06 11:08:16 +01:00
Matthew Mosesohn
7a3a473ccf
Fix ipv4 forwarding on GCE
...
ipv4 forwarding gets broken when restarting networking, which
breaks all networking for all pods.
2016-12-06 11:57:57 +03:00
Matthew Mosesohn
2cdf752481
Add dbus socket dir to kube-proxy
2016-12-05 19:25:27 +03:00
Chad Swenson
8b5b27bb51
Docker Options Refactor
2016-12-02 15:07:51 -06:00
Bogdan Dobrelya
7328e0e1ac
Merge pull request #672 from kubernetes-incubator/fail_all_on_error
...
Fail all nodes on error
2016-12-02 17:08:10 +01:00
Bogdan Dobrelya
c13d0db0cc
Merge pull request #656 from YorikSar/nginx-proxy-timeout
...
Set proxy_timeout to 10m in nginx.conf
2016-12-02 12:48:18 +01:00
ant31
dba2026002
Fail all nodes on error
2016-12-02 12:37:22 +01:00
Sebastian Melchior
bb55f68f95
add basic azure support for kargo
2016-11-29 10:20:28 +01:00
Yuriy Taraday
658543c949
Set proxy_timeout to 10m in nginx.conf
...
Fixes #655 .
This is a teporary solution for long-polling idle connections to
apiserver. It will make Nginx not cut them for the duration of expected
timeout. It will also make Nginx extremely slow in realizing that there
is some issue with connectivity to apiserver as well, so it might not be
perfect permanent solution.
2016-11-28 20:27:47 +03:00
Antoine Legrand
5b382668f5
Merge pull request #529 from bogdando/netcheck
...
Add a k8s app for advanced e2e netcheck for DNS
2016-11-28 15:26:30 +01:00
Bogdan Dobrelya
b7692fad09
Add advanced net check for DNS K8s app
...
* Add an option to deploy K8s app to test e2e network connectivity
and cluster DNS resolve via Kubedns for nethost/simple pods
(defaults to false).
* Parametrize existing k8s apps templates with kube_namespace and
kube_config_dir instead of hardcode.
* For CoreOS, ensure nameservers from inventory to be put in the
first place to allow hostnet pods connectivity via short names
or FQDN and hostnet agents to pass as well, if netchecker
deployed.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-28 13:23:25 +01:00
Bogdan Dobrelya
fbdda81515
Merge pull request #652 from kubernetes-incubator/debug_mode
...
Tune dnsmasq/kubedns limits, replicas, logging
2016-11-25 16:57:15 +01:00
Bogdan Dobrelya
2d18e19263
Tune dnsmasq/kubedns limits, replicas, logging
...
* Add dns_replicas, dns_memory/cpu_limit/requests vars for
dns related apps.
* When kube_log_level=4, log dnsmasq queries as well.
* Add log level control for skydns (part of kubedns app).
* Add limits/requests vars for dnsmasq (part of kubedns app) and
dnsmasq daemon set.
* Drop string defaults for kube_log_level as it is int and
is defined in the global vars as well.
* Add docs
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-25 12:49:17 +01:00
Aleksandr Didenko
ff7d489f2d
Update calico/ctl image tag
...
We no longer need to use v0.22.0 for calicoctl since Kargo has
support for new calicoctl CLI format.
Also fixing condition logic for calico pool task.
2016-11-25 11:23:27 +01:00
Bogdan Dobrelya
6d29a5981c
Merge pull request #651 from bogdando/fix_docker_install
...
Fix download dnsmasq image dependency on docker
2016-11-24 18:44:12 +01:00
Bogdan Dobrelya
10b75d1d51
Merge pull request #648 from artem-panchenko/fix_calicoctl_node_run
...
Fix Calico jinja template (systemd)
2016-11-24 18:33:34 +01:00
Bogdan Dobrelya
aa447585c4
Fix download dnsmasq image dependency on docker
...
When download_run_once with download_localhost is used, docker is
expected to be running on the delegate localhost. That may be not
the case for a non localhost delegate, which is the kube-master
otherwise. Then the dnsmasq role, had it been invoked early before
deployment starts, would fail because of the missing docker dependency.
* Fix that dependency on docker and do not pre download dnsmasq image
for the dnsmasq role, if download_localhost is disabled.
* Remove become: false for docker CLI invocation because that's not
the common pattern to allow users access docker CLI w/o sudo.
* Fix opt bin path hack for localhost delegate to ignore errors when
it fails with "sudo password required" otherwise.
* Describe download_run_once with download_localhost use case in docs
as well.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-24 18:31:26 +01:00
Bogdan Dobrelya
d208896c46
Ensure /etc/resolv.conf content for CoreOS
...
Use cloud-init config to replace /etc/resolv.conf with the
content for kubelet to properly configure hostnet pods.
Do not use systemd-resolved yet, see
https://coreos.com/os/docs/latest/configuring-dns.html
"Only nss-aware applications can take advantage of the
systemd-resolved cache. Notably, this means that statically
linked Go programs and programs running within Docker/rkt
will use /etc/resolv.conf only, and will not use the
systemd-resolve cache."
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 16:51:49 +01:00
Artem Panchenko
2c4b11f321
Fix Calico jinja template (systemd)
2016-11-23 11:43:53 +02:00
Bogdan Dobrelya
d890d2f277
Fix nginx container download for download_run_once mode
...
W/o this patch, the "Download containers" task may be skipped
when running on the delegate node due to wrong "when" confition.
Then it fails to upload nginx image to the nodes as well.
Fix download nginx dependency so it always can be pushed to
nodes when download_run_once is enabled.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 10:37:08 +01:00
Bogdan Dobrelya
793f3990a0
Merge pull request #642 from kubernetes-incubator/k8s_imgpull
...
Allow pre-downloaded images to be used effectively
2016-11-22 18:09:38 +01:00
Aleksandr Didenko
db03f17486
Set defaults for ansible_ssh_user
...
When setting permission for containers download/upload dir we're
using `ansible_ssh_user`. But if playbook is executed without
user being explicitly set `ansible_ssh_user` may be undefined.
In such situations dir ownership will default to `ansible_user_id`
Closes : #644
2016-11-22 18:00:56 +01:00
Bogdan Dobrelya
dff78f616e
Allow pre-downloaded images to be used effectively
...
According to http://kubernetes.io/docs/user-guide/images/ :
By default, the kubelet will try to pull each image from the
specified registry. However, if the imagePullPolicy property
of the container is set to IfNotPresent or Never, then a local\
image is used (preferentially or exclusively, respectively).
Use IfNotPresent value to allow images prepared by the download
role dependencies to be effectively used by kubelet without pull
errors resulting apps to stay blocked in PullBackOff/Error state
even when there are images on the localhost exist.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 16:16:04 +01:00
Antoine Legrand
d3a4d8dc24
Merge pull request #638 from pskrzyns/fix_setting_loadbalancer_apiserver_localhost
...
Fix conditional when setting loadbalancer_apiserver_localhost
2016-11-22 15:15:38 +01:00
Bogdan Dobrelya
dc58159d16
Merge pull request #621 from xenolog/calico_network_backend
...
Add ability to define network backend for Calico.
2016-11-22 14:55:47 +01:00
Antoine Legrand
b60d5647a2
Merge pull request #635 from kubernetes-incubator/download_images
...
Download images as dependencies of roles
2016-11-22 14:53:12 +01:00
Bogdan Dobrelya
66f27ed1f3
Download images as dependencies of roles
...
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Paweł Skrzyński
32a5453473
Fix conditional when setting loadbalancer_apiserver_localhost
2016-11-21 19:36:05 +01:00
Bogdan Dobrelya
1bd1825ecb
Add missing liveness probe for apiserver static pod
...
Fix unreliable waiting for the apiserver to become ready.
Remove logfile mount to align with the rest of static pods
and because containers shall write logs to stdout only.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 13:15:51 +01:00
Bogdan Dobrelya
20e36191bb
Merge pull request #629 from kubernetes-incubator/fix-download-once
...
Fix download once
2016-11-21 10:55:54 +01:00
Bogdan Dobrelya
769566f36c
Merge pull request #633 from bodepd/etcd_fix
...
Ensure that etcd health checks always pass
2016-11-21 10:29:35 +01:00
Dan Bode
ff675d40f9
Ensure that etcd health checks always pass
...
in the etcd handler, the reload etcd action
was called after ansible waits for etcd to be
up, this means that the health checks which are
called immediately after fail (resulting in the etcd
role always failing and never finishing)
This patch changes the order to move the 'wait for etcd
up' resource after the 'reload etcd resource', ensuring that
the service is up before the health check is called.
2016-11-18 14:15:00 -08:00
Spencer Smith
0eebe43c08
updated all instances of restart always to restart on-failure with a max of 5 times
2016-11-18 14:33:22 -05:00
Bogdan Dobrelya
a03540dabc
Add download localhost and enable for CI
...
* Add download_localhost for the download_run_once mode, which is
use the ansible host (a travis node for CI case) to store and
distribute containers across cluster nodes in inventory.
Defaults to false.
* Rework download_run_once logic to fix idempotency of uploading
containers.
* For Travis CI, enable docker images caching and run Travis
workers with sudo enabled as a dependency
* For Travis CI, deploy with download_localhost and download_run_once
enabled to shourten dev path drastically.
* Add compression for saved container images. Defaults to 'best'.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Aleksandr Didenko <adidenko@mirantis.com>
2016-11-18 16:00:07 +01:00
Sergey Vasilenko
f6d69d0a00
Add ability to define network backend for Calico.
...
This patch introduce `calico_network_backend` global variable,
which allow to describe alternative network backend.
Default behavior is unchanged.
2016-11-18 16:38:18 +03:00
Maciej Filipiak
cc2f26b8e9
Add service-node-port-range parameter for kube-apiserver
2016-11-18 14:09:38 +01:00
Aleksandr Didenko
3e687bbe9a
Fix download_run_once for containers
...
Add one more step (task) to containers download/upload sequence -
copy saved .tar containers to ansible host (delegate_to: localhost).
Then upload images to target nodes. It uses synchronize module so
if ansible host (localhost) is the same host as kube-master[0] then
new task causes no issues and the copy to localhost process is
basically skipped.
2016-11-18 12:47:35 +01:00
Spencer Smith
a5af87758a
remove the --rm b/c it conflicts with restart
2016-11-17 12:21:30 -05:00
Matthew Mosesohn
8b11de5425
Merge pull request #608 from sneumann/patch-1
...
Fix failure if image package index is outdated
2016-11-17 12:21:15 -05:00
Spencer Smith
ff928e0e66
add restart flag for docker run kubelet
2016-11-17 12:03:41 -05:00
sneumann
3aa2d56da9
updated bootstrap-ubuntu.yml
...
Moved the variable setting to the apt-get install part where it matters as requested in the review.
2016-11-16 12:11:54 +01:00
Aleksandr Didenko
e3470b28c5
Move CNI config and add MTU support for calico-cni
...
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
sneumann
0322b69f63
Fix failure if image package index is outdated
2016-11-15 17:49:14 +01:00
Bogdan Dobrelya
e587e82f7f
Merge pull request #600 from adidenko/calico-cni-container-support
...
Replace calico-cni binaries with calico/cni container
2016-11-15 15:40:13 +01:00
Bogdan Dobrelya
876c4df1b6
Fix mountflags and kubelet config
...
Add missing --require-kubeconfig to the if..else stanza.
Make sure certs dirs mounted in RO.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-15 11:22:23 +01:00
Antoine Legrand
216e0b2a52
Merge pull request #599 from kubernetes-incubator/bug_542
...
Fix kubelet deprecated options
2016-11-15 10:50:26 +01:00
Matthew Mosesohn
ab0ff2ab3c
Merge pull request #602 from adidenko/fix-canal-ssl
...
Fix etcd ssl for canal
2016-11-15 12:43:22 +03:00
Matthew Mosesohn
5cd65f9c45
Merge pull request #598 from kubernetes-incubator/bug_376
...
Generate kubectl bash completion from kubectl instead of file
2016-11-15 12:28:51 +03:00
Matthew Mosesohn
4e47c267fb
Merge pull request #604 from kubernetes-incubator/k8s-upgrade-v1.4.6
...
upgrade k8s version to 1.4.6
2016-11-15 12:27:29 +03:00
Smana
c41d200a95
upgrade k8s version to 1.4.6
2016-11-14 21:40:05 +01:00
Matthew Mosesohn
8ca1f4ce44
Fix kubelet deprecated options
...
--api-servers now just reads kubeconfig
--config is now --pod-manifest-path
Fixes #542
2016-11-14 22:13:44 +04:00
Aleksandr Didenko
caa81f3ac2
Fix etcd ssl for canal
...
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Matthew Mosesohn
8092f57695
Merge branch 'master' into calico-cni-container-support
2016-11-14 14:58:42 +03:00
Aleksandr Didenko
965a1234d3
Replace calico-cni binaries with calico/cni container
...
Calico CNI binaries are also released/shipped in calico/cni
container. This patch replaces download of calico CNI binaries with
calico/cni container.
2016-11-14 12:19:58 +01:00
Matthew Mosesohn
15bc445a9c
Generate kubectl bash completion from kubectl instead of file
2016-11-14 14:54:59 +04:00
Bogdan Dobrelya
bb72de0dc9
Merge pull request #496 from kubernetes-incubator/idempotency_resolvconf
...
Ignore changes on check resolvconf task
2016-11-14 11:10:04 +01:00
Matthew Mosesohn
45c2900e71
Merge branch 'master' into hostname-alias
2016-11-14 09:32:35 +03:00
Matthew Mosesohn
eb583dd2f3
Merge branch 'master' into idempotency_resolvconf
2016-11-14 09:30:22 +03:00
Matthew Mosesohn
46ee9faca9
Fix ca certificate loading on CoreOS
2016-11-14 08:47:09 +04:00
Matthew Mosesohn
6cc05c103a
Merge pull request #592 from artem-panchenko/support_golang_calicoctl
...
Support new version of 'calicoctl' (>=v1.0.0)
2016-11-11 13:55:24 +03:00
Bogdan Dobrelya
88577b9889
Merge pull request #593 from bogdando/label_apps
...
Label k8s apps, adjust collect info commands
2016-11-10 18:09:05 +01:00
Bogdan Dobrelya
5821f9748a
Merge pull request #594 from adidenko/fix-calico-policy-controller
...
Fix policy controller
2016-11-10 16:15:36 +01:00
Artem Panchenko
c58bd33af7
Support new version of 'calicoctl' (>=v1.0.0)
...
Since version 'v1.0.0-beta' calicoctl is written
in Go and its API differs from old Python based
utility. Added support of both old and new version
of the utility.
2016-11-10 17:11:29 +02:00
Bogdan Dobrelya
cf7c60029b
Label k8s apps, adjust collect/upload info steps
...
- Drop debugs from collect-info playbook
- Drop sudo from collect-info step and add target dir var (required for travis jobs)
- Label all k8s apps, including static manifests
- Add logs for K8s apps to be collected as well
- Fix upload to GCS as a public-read tarball
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-10 16:05:50 +01:00
Aleksandr Didenko
251800eb16
Fix policy controller
...
'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible'
role which breaks Calico policy controller deployment.
Also fixing calico-policy-controller.yml.
2016-11-10 13:31:31 +01:00
Matthew Mosesohn
fe16fecd8f
Fix canal's calico networking config for ETCD TLS
...
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f
Merge pull request #591 from kubernetes-incubator/etcdtls
...
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7
Add etcd TLS support
2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94
Remove etcd-proxy from all nodes and use etcd multiaccess
2016-11-09 13:31:12 +03:00
Bogdan Dobrelya
764a2fd5a8
Merge pull request #588 from adidenko/canal-support
...
Adding support for canal network plugin
2016-11-09 10:31:56 +01:00
Aleksandr Didenko
4ece73d432
Fix idempotency of calico-policy-controller rs
...
We need to specify kube resource type and name in order to avoid
playbook errors related to k8s resource duplication.
2016-11-08 12:59:18 +01:00
Aleksandr Didenko
60a217766f
Add ConfigMap for basic configuration options
...
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f
Adding support for canal network plugin
...
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:
https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Spencer Smith
8f20d90f88
update admission controllers for > 1.4
2016-11-04 12:54:35 -04:00
Bogdan Dobrelya
672d50393c
Merge branch 'master' into idempotency_resolvconf
2016-11-03 13:08:07 +01:00
Jan Jungnickel
f9355ea14d
Swap order in which we reload docker/socket
2016-11-01 13:12:40 +01:00
Jan Jungnickel
2ca6819cdf
Reload docker.socket after installing flannel on coreos
...
Workaround for #569
2016-11-01 13:12:32 +01:00
Matthew Mosesohn
d8b06f3e2f
Ignore changes on check resolvconf task
2016-10-28 10:38:16 +04:00
Smaine Kahlouch
d6f206b5fd
Merge pull request #561 from kubespray/rsync_certs
...
Use tar+register instead of copy/slurp for distributing tokens and certs
2016-10-27 10:52:41 +02:00
Matthew Mosesohn
2778ac61a4
Add new var skip_dnsmasq_k8s
...
If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-10-26 17:56:15 +03:00
Matthew Mosesohn
c7b00caeaa
Use tar+register instead of copy/slurp for distributing tokens and certs
...
Related bug: https://github.com/ansible/ansible/issues/15405
Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.
This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Bogdan Dobrelya
c59c3a1bcf
Fix idempotency/recurrence of download and preinstall
...
* Don't push containers if not changed
* Do preinstall role only once and redistribute defaults to
corresponding roles
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-24 18:28:53 +02:00
Smaine Kahlouch
4c0bf6225a
Merge pull request #562 from kubespray/enable_standalone_node
...
Enable standalone node deployment
2016-10-24 13:10:53 +02:00
Smaine Kahlouch
b11662a887
Merge pull request #558 from chadswen/etcdctl-path
...
Use absolute path for etcdctl
2016-10-21 23:06:15 +02:00
Matthew Mosesohn
11f1f71b3b
dynamically calculate etcd peer names
2016-10-21 16:17:50 +03:00
Matthew Mosesohn
0e9d1e09e3
Sync master tokens only with those in play_hosts
2016-10-21 14:43:41 +03:00
Matthew Mosesohn
65d2a3b0e5
Use only native cachable hostvars for etcd set_facts
2016-10-21 14:39:58 +03:00
Matthew Mosesohn
4b7347f1cd
fix dnsmasq template cloud_provider lookup
2016-10-21 13:00:40 +03:00
Chad Swenson
e6902d8ecc
Use absolute path for etcdctl
...
Small fix. The shell module won't automatically resolve the path to the etcdctl binary, so i prefixed with {{ bin_dir }}/
2016-10-20 14:56:52 -05:00
Chad Swenson
a5137affeb
Hostname alias fixes
...
Change the kubelet --hostname-override flag to use the ansible_hostname variable which should be more consistent with the value required by cloud providers
Add ansible_hostname alias to /etc/hosts when it is different from inventory_hostname to overcome node name limitations see https://github.com/kubernetes/kubernetes/issues/22770
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-18 16:22:32 -05:00
Smaine Kahlouch
a423927ac9
Merge pull request #546 from chadswen/dependency-variables
...
Parameterize dependency endpoints
2016-10-18 18:42:17 +02:00
Smana
91a101c855
upgrade to k8s v1.4.3
2016-10-18 12:52:35 +02:00
Chad Swenson
c402feffbd
Parameterize several dependency endpoints so that they can be overridden with internal mirrors.
...
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-15 12:26:52 -05:00
Smana
dd022f2dbc
upgrade calico version v0.22.0
2016-10-15 15:01:45 +02:00
Smana
21273926ce
upgrade flannel version
2016-10-12 21:55:39 +02:00
Matthew Mosesohn
71347322d6
Add cluster-cidr to kube-proxy config
...
This option enables masquerading for traffic directed at pods
that comes frmom outside the cluster.
2016-10-12 19:13:33 +03:00
Smaine Kahlouch
c9769965b8
Merge pull request #540 from aateem/enable-network-policy
...
Add possibility to enable network policy via Calico network controller
2016-10-11 12:10:56 +02:00
Smana
056f4b6c00
upgrade to kubernetes version 1.4.0
...
test to change the machine type
Revert "test to change the machine type"
This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.
use google dns server when no upstream dns are defined
comment upstream_dns_servers
update documentation
remove deprecated kubelet flags
Revert "remove deprecated kubelet flags"
This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Artem Roma
3919d666c1
Add possibility to enable network policy via Calico network controller
...
The requirements for network policy feature are described here [1]. In
order to enable it, appropriate configuration must be provided to the CNI
plug in and Calico policy controller must be set up. Beside that
corresponding extensions needed to be enabled in k8s API.
Now to turn on the feature user can define `enable_network_policy`
customization variable for Ansible.
[1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 17:22:12 +03:00
Sergey Vasilenko
dea4210da1
Bump Calico-CNI plugin binaries versions
...
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
a6344f7561
Changes in Kubernetes and Calico-CNI plugin config files
...
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
c490e5c8a1
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00
Smaine Kahlouch
aaa3f1c491
Merge pull request #502 from adidenko/custom-calico-hyperkube
...
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
5889f7af0e
Merge pull request #515 from adidenko/fix-delegate-to
...
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
5579cddbdb
Disable reverse lookups again
...
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
2b6866484e
Allow to use custom "canalized" calico cni
...
- Allow to overwrite calico cni binaries copied from hyperkube
by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
34a27b0127
Move kube_version var to defaults
...
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
948d1d61ff
Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
...
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
c96a9bfdfd
Merge pull request #518 from bogdando/issues/516
...
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
550bda951e
Change method to set use_hyperkube_cni var bool
...
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00
Smaine Kahlouch
6b27508c93
Merge pull request #519 from bogdando/fix_containers_download
...
Fix containers download condition
2016-09-27 15:23:50 +02:00
Bogdan Dobrelya
5fd43b7cf0
Allow subdomains of dns_domain and fix kubelet restarts
...
* Add a var for ndots (default 5) and put it hosts' /etc/resolv.conf.
* Poke kube dns container image to v1.7
* In order to apply changes to kubelet, notify it to
be restarted on changes made to /etc/resolv.conf. Ignore errors as the kubelet
may yet to be present up to the moment of the notification being processed.
* Remove unnecessary kubelet restart for master role as the node role ensures
it is up and running. Notify master static pods waiters for apiserver,
scheduler, controller-manager instead.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 14:32:49 +02:00
Smana
336e2b8c84
use variable dns_domain instead of cluster_name for kubedns
2016-09-27 14:15:27 +02:00
Bogdan Dobrelya
ee69ac857e
Fix containers download condition
...
Save/push/load containers if only download.enabled and download.container
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 13:44:29 +02:00
Aleksandr Didenko
6caf5b0ac3
Fix delegate_to expression in download tasks
...
"else omit" is causing problems in this expression. Replacing
it with more strict "inventory_hostname" fixes the issue and
handles `download_run_once` as expected.
Closes issue #514
2016-09-27 11:25:24 +02:00
Smaine Kahlouch
0f461282c8
Merge pull request #507 from anthonyhaussman/KubeDNSCorrection
...
Correct nslookup command
2016-09-26 13:58:00 +02:00
Smaine Kahlouch
5046466dae
Merge pull request #509 from kubespray/cnicopyweave
...
Copy hyperkube CNI plugins when using weave
2016-09-26 13:54:02 +02:00
Matthew Mosesohn
e4a48cf53b
Add Docker 1.12.1 version
2016-09-26 12:16:16 +03:00
Matthew Mosesohn
a3fe1e78df
Copy hyperkube CNI plugins when using weave
2016-09-26 12:02:19 +03:00
Anthony Haussmann
5f2bb3319b
Correct nslookup command
...
Change nslookup command to check the right cluster_name
2016-09-23 17:44:09 +02:00
Bogdan Dobrelya
dfb9063b3f
Fix docs and dns servers placement order
...
- Update docs and a drawing to clarify DNS setup.
- Change order of nameservers placement to match
changes in https://github.com/kubespray/kargo/pull/501
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 16:16:00 +02:00
Bogdan Dobrelya
82ee60fe8b
Make dnsmasq daemon set optional
...
Change additional dnsmasq opts:
- Adjust caching size and TTL
- Disable resolve conf to not create loops
- Change dnsPolicy to default (similarly to kubedns's dnsmasq). The
ClusterFirst should not be used to not create loops
- Disable negative NXDOMAIN replies to be cached
- Make its very installation as optional step (enabled by default).
If you don't want more than 3 DNS servers, including 1 for K8s, disable
it.
- Add docs and a drawing to clarify DNS setup.
- Fix stdout logs for dnsmasq/kubedns app configs
- Add missed notifies to resolvconf -u handler
- Fix idempotency of resolvconf head file changes
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 12:59:06 +02:00
Matthew Mosesohn
d313be4420
Improve management of nameservers in resolv.conf
...
Changing nameservers now will clean up previous entries
2016-09-22 18:11:15 +03:00
Özgür Caner
123532d2a4
Changed ImagePullPolicy from Always to IfNotPresent to avoid download issue when DNS is not working
2016-09-20 10:34:44 +02:00
Matthew Mosesohn
a93639650f
Allow calico to configure pool if tree exists, but no pools defined
2016-09-19 15:27:47 +03:00
Smaine Kahlouch
71a230a4fa
Merge pull request #493 from ivan4th/fix-reverse-dns-lookups
...
Fix reverse DNS lookups of service IPs.
2016-09-19 14:20:15 +02:00
Smaine Kahlouch
0643ed968f
Merge pull request #494 from kubespray/etcd_proxy_fix
...
always bind etcd_proxy to localhost
2016-09-19 14:19:55 +02:00
Smaine Kahlouch
1572aaf6ca
Merge pull request #489 from lukaszo/patch-1
...
Add socat do required pkgs
2016-09-19 12:19:46 +02:00
Smaine Kahlouch
5803de1ac5
Merge pull request #486 from kubespray/etchosts
...
switch /etc/hosts to use blockinfile
2016-09-19 12:19:37 +02:00
Ivan Shvedunov
13874f4610
Fix reverse DNS lookups of service IPs.
...
This fixes "DNS should provide DNS for services [Conformance]"
e2e test in k8s.
2016-09-19 09:12:10 +03:00
Matthew Mosesohn
341ea5a6ea
always bind etcd_proxy to localhost
2016-09-18 19:58:15 +04:00
Bogdan Dobrelya
5ed3916f82
Fix use_hyperkube_cni logic
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-16 13:07:04 +02:00
Bogdan Dobrelya
390764c2b4
Add retry_stagger var for failed download/pushes.
...
* Add the retry_stagger var to tweak push and retry time strategies.
* Add large deployments related docs.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:58 +02:00
Bogdan Dobrelya
9926395e5b
Distribute downloaded artifacts
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Bogdan Dobrelya
422428908a
Download containers and save all
...
Move version/repo vars to download role.
Add container to download params, which overrides url/source_url,
if enabled.
Fix networking plugins download depending on kube_network_plugin.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Matthew Mosesohn
b69d5f6e6e
Fix logic handling for use_hyperkube_cni
2016-09-15 16:09:40 +03:00
Łukasz Oleś
0db441b28f
Add socat do required pkgs
...
It's required for port forwarding.
2016-09-14 21:27:33 +02:00
Matthew Mosesohn
e3ebabc3b0
switch /etc/hosts to use blockinfile
2016-09-14 19:43:33 +03:00
Smaine Kahlouch
b46458a18f
Merge pull request #483 from kubespray/fix_idempotency_kubedns
...
Fix kubedns idempotency
2016-09-14 13:02:02 +02:00
Smaine Kahlouch
125cb0aa64
Merge pull request #481 from bogdando/issue/479
...
Add retries for copying binaries from containers and packages
2016-09-14 10:04:32 +02:00
Bogdan Dobrelya
783871a253
Add retries for packages installation
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 18:12:07 +02:00
Matthew Mosesohn
ef43b21597
Fix kubedns idempotency
...
Removed api-version from kube.py because it is deprecated.
Updating both kube.py because dnsmasq one is actually used.
Fixed name back to kubedns for checking its resource.
2016-09-13 16:49:51 +03:00
Bogdan Dobrelya
6fdcaa1a63
Add retries for copying binaries from containers
...
Closes issue: https://github.com/kubespray/kargo/issues/479
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 15:09:34 +02:00
Anthony Haussmann
d47a2d03b4
Delete default variable use_hyperkube_cni
...
The variable is now set via a task depending of the version of kube
2016-09-13 14:59:50 +02:00
Anthony Haussmann
739cf59953
Determine hyperkube cni to use
...
Starting from version 1.3.4 of hyperkube, calico is "canalized" which requires flannel and hostonly cni plugins.So we let hyperkube ship necessary cni
2016-09-13 14:58:29 +02:00
Antoine Legrand
2e386dfbdc
Merge pull request #465 from kubespray/freeze_kpm_version
...
Multiple app deploy tools
2016-09-08 22:01:52 +02:00
Antoine Legrand
ccbb2ee3ae
App deployer plugins
2016-09-08 15:01:57 +02:00
Antoine Legrand
eb78ce4c4e
Merge pull request #473 from kubespray/bootsrap
...
Bootstrap
2016-09-08 14:54:08 +02:00
Antoine Legrand
6084e05a6b
Bootstrap os
2016-09-07 20:19:46 +02:00
Özgür Caner
da8a604c4c
Changed apt to apt-get
2016-09-07 20:13:15 +02:00
Özgür Caner
df2b2d7417
Added bootstrap script for Ubuntu 16.04 LTS and later
2016-09-07 20:13:05 +02:00
Brandon B. Jozsa
2606e8e1c8
combine bootstrap options, add xenial support
2016-09-06 10:04:41 -04:00
Matthew Mosesohn
b62de1dcb1
Reset replicacluster name of kube-dns-v19 back to kubedns
...
This broke upgraded clusters
2016-09-06 16:43:17 +03:00
Matthew Mosesohn
b58512bbda
Rename kube-dns back to kubedns
...
kubedns should stay named the same so that services which
depend on this name are not broken.
2016-09-02 15:09:49 +04:00
Spencer Smith
8b91a43576
remove dependency on kpm for kubedns
2016-09-01 10:01:15 -07:00
Bogdan Dobrelya
d240073f65
Fix updating resolvconf
...
Move updating resolvconf to the network restart handler to
ensure changes applied to the /etc/resolv.conf.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-01 11:10:26 +02:00
Smaine Kahlouch
69f09e0f18
Merge pull request #461 from kubespray/issue-369
...
Issue 369
2016-08-31 15:09:33 +02:00
Smaine Kahlouch
cca26ae3d7
Merge pull request #458 from kubespray/issue456
...
Remove search and nameserver entries from resolvconf base
2016-08-31 13:15:30 +02:00
Matthew Mosesohn
26a0406669
Disable calicoctl from creating a default pool
...
Sometimes invoking calicoctl to create a pool also
creates a default pool, which causes errors in deploy.
2016-08-31 12:54:05 +03:00
Spencer Smith
a746d63177
ensure docker.service.d exists
2016-08-30 09:34:34 -07:00
Spencer Smith
0fc5e70c18
incorrect file name
2016-08-30 09:26:14 -07:00
Spencer Smith
b74c2f89f0
lay down a systemd dropin instead of the /run/flannel_docker_opts.env symlink
2016-08-30 09:17:41 -07:00
Matthew Mosesohn
33c8d0a1a7
Remove search and nameserver entries from resolvconf base
...
These items conflict when they are provided also in head file
Fixes : #456
2016-08-30 13:14:44 +03:00
Smana
28fbfbbbe7
fix etcd checksum
2016-08-29 19:09:08 +02:00
Smaine Kahlouch
18cdab3671
Merge pull request #449 from kubespray/fixapiserverplugins
...
Remove SecurityContextDeny API plugin
2016-08-29 18:58:53 +02:00
Smaine Kahlouch
311baeed5d
Merge pull request #448 from kubespray/etcdnosync
...
Add --no-sync to etcdctl member list
2016-08-29 18:58:14 +02:00
Matthew Mosesohn
256a4e1f29
Rebase etcd to v3.0.6
...
Fixes #450
2016-08-29 15:31:05 +03:00
Matthew Mosesohn
c50c6672f3
Remove SecurityContextDeny API plugin
...
This is no longer recommended for use since K8s 1.2:
http://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-plug-ins-to-use
2016-08-29 14:20:28 +03:00
Matthew Mosesohn
1345dd07f7
Add --no-sync to etcdctl member list
...
Fixes #447
2016-08-29 12:51:43 +03:00
Smaine Kahlouch
e83010b739
Merge pull request #445 from kubespray/caliconodechoice
...
Enable customization of calico-node docker image
2016-08-28 09:36:06 +02:00
Smana
d4193bbd22
upgrade weave version to 1.6.1
2016-08-27 16:04:06 +02:00
Matthew Mosesohn
b92404fd0a
Enable customization of calico-node docker image
...
New vars: calico_node_image_repo and claico_node_image_tag
Defaults: calico/node and {{ calico_version }}, respectively
2016-08-27 16:25:39 +04:00
Spencer Smith
82076f90a3
ensure bin dir for coreos before anything else
2016-08-26 13:24:47 -04:00
Bogdan Dobrelya
8168689caa
Refactor roles and hosts
...
Shorten deployment time with:
- Remove redundand roles if duplicated by a dependency and vice versa
- When a member of k8s-cluster, always install docker as a dependency
of the etcd role and drop the docker role from cluster.yaml.
- Drop etcd and node role dependencies from master role as they are
covered by the node role in k8s-cluster group as well. Copy defaults
for master from node role.
- Decouple master, node, secrets roles handlers and vars to be used w/o
cross references.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 13:27:57 +02:00
Smaine Kahlouch
c71b078c8e
Merge pull request #437 from kubespray/issues/429
...
Fix handler triggering for kubelet restart
2016-08-25 11:33:50 +02:00
Bogdan Dobrelya
caa8efbf86
Fix handler triggering for kubelet restart
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 09:12:25 +02:00
Smaine Kahlouch
bcec5553c5
Merge pull request #434 from kubespray/issue-426
...
Check only for AWS, wrote some docs on actually using AWS
2016-08-24 21:55:57 +02:00
Spencer Smith
4e76bced53
merge with current master, update typos in doc
2016-08-24 09:56:42 -04:00
Spencer Smith
60f263b629
updated to no longer handle gce as cloud-provider. provided aws setup doc
2016-08-24 09:48:32 -04:00
Bogdan Dobrelya
ea57ce7514
Fix resolv.conf search/nameserver
...
* Ensure additional nameserver/search, if defined as vars.
* Don't backup changed dhclient hooks as they are going to be
executed by dhclient as well, which is not what we want.
* For debian OS family only:
- Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
- Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
* For rhel OS family, the fix TBD, it doesn't work the same way.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-24 15:31:57 +02:00
Smana
346eca5748
Revert "pass cloud provider flag in all cases, not just openstack"
...
This reverts commit f35e5e864f
.
2016-08-24 14:32:54 +02:00
Smana
643b28f9d3
Revert "Fix resolv.conf search/nameserver"
...
This reverts commit 977f82c32c
.
2016-08-24 12:36:25 +02:00
Smaine Kahlouch
1938c96239
Merge pull request #420 from bogdando/collect_info
...
Adjust collect-info playbook
2016-08-24 10:06:30 +02:00
Spencer Smith
f35e5e864f
pass cloud provider flag in all cases, not just openstack
2016-08-23 13:57:32 -04:00
Bogdan Dobrelya
47b4242613
Adjust collect-info playbook
...
Cleanup collected artifacts,
drop unrelated files/commands.
Always install gitinfos script to binaries for external
use.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 11:28:27 +02:00
Smaine Kahlouch
92c4428cfd
Merge pull request #422 from kubespray/issue-421
...
remove host ca-certs, as they aren't necessary
2016-08-23 10:17:38 +02:00
Bogdan Dobrelya
f61071312a
Fix gen-gitinfos.sh
...
Fix the error gen-gitinfos.sh: 57: [: foo: unexpected operator
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 10:15:30 +02:00
Spencer Smith
234608433e
remove host ca-certs, as they aren't necessary
2016-08-22 16:09:33 -04:00
Smaine Kahlouch
36b6ae9a3c
Merge pull request #419 from bogdando/fix_322
...
Fix resolv.conf search/nameserver
2016-08-22 13:48:35 +02:00
Bogdan Dobrelya
977f82c32c
Fix resolv.conf search/nameserver
...
Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
Ensure additional nameserver/search, if defined as vars.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-22 11:53:44 +02:00
Matthew Mosesohn
6f07da9f41
Restart kubelet if launcher changed
...
Fixes #409
2016-08-18 19:00:05 +03:00
Smaine Kahlouch
c6f2102073
Merge pull request #412 from kubespray/optionalkubeletcni
...
Copy hyperkube cni plugins optionally for calico deployment
2016-08-16 14:00:27 +02:00
Matthew Mosesohn
0c953101ff
Fix init scripts for etcd. Fixes #383
...
Fixes Ubuntu 14.04 deployment of etcd.
2016-08-15 14:09:42 +03:00
dis
0fa90ec9e8
Fix resolvconf executable discovery
...
If resolvconf was installed and then removed, the file
/etc/resolvconf/resolv.conf.d/head remains in the filesystem
- change discovery of 'resolvconf' executable to check if it
can be located with 'which resolvconf' command or not.
2016-08-10 17:22:33 +03:00
Matthew Mosesohn
f073ee91ea
Copy hyperkube cni plugins optionally for calico deployment
...
Hyperkube from CoreOS now ships with all binaries required for
calico and flannel (but not weave). It simplifies deployment for
some network plugin scenarios to not download CNI images.
TODO: Optionally disable downloading calico to /opt/cni/bin
2016-08-10 15:35:53 +03:00
Smaine Kahlouch
677c4c4cb6
Merge pull request #404 from bogdando/fix_sunit
...
Fix calico-node service unit
2016-08-08 16:41:28 +02:00
Matthew Mosesohn
e727bd52f1
Add option to disable ipv6 dns lookup
...
New variable disable_ipv6_dns in kubernetes/preinstall.
2016-08-08 13:59:20 +03:00
Bogdan Dobrelya
d2c57142d3
Fix calico-node service unit
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-08 12:06:32 +02:00
Matthew Mosesohn
acae5d4286
Check dnsmasq on first kube-node
...
kube-masters without kube-node role will not run
kube-proxy, and therefore can't check if dnsmasq
is running.
Fixes #368
2016-08-05 16:55:48 +04:00
Smaine Kahlouch
15aec7cd87
Merge pull request #398 from mattymo/rework_systemd_wait_master
...
Improve systemd handling and stabilize docker
2016-08-03 11:30:14 +02:00
Matthew Mosesohn
e38258381f
Wait for static pods when setting up
...
Fixes #390
2016-08-02 17:56:31 +03:00
Matthew Mosesohn
e8a1c7a53f
Move docker systemd unit creation to docker role
...
Creating the unit using default settings early on
and then changing it during network_plugin section
leads to too many docker restarts and duplicated code.
Reversed Wants= dependence on docker.service so it does not
restart docker when reloading systemd
Consolidated all docker restart handlers.
2016-08-02 17:56:24 +03:00
Matthew Mosesohn
5bf9b5345e
Add future docker versions
...
Default version is still unchanged, but added docker versions 1.11 and 1.12
2016-08-02 12:35:05 +03:00
Bogdan Dobrelya
2af71f31b4
Rework systemd service units
...
* Add for docker system units:
ExecReload=/bin/kill -s HUP $MAINPID
Delegate=yes
KillMode=process.
* Add missed DOCKER_OPTIONS for calico/weave docker systemd unit.
* Change Requires= to a less strict and non-faily Wants=, add missing
Wants= for After=.
* Align wants/after in a wat if Wants=foo, After= has foo as well.
* Make wants/after docker.service to ask for the docker.socket as well.
* Move "docker rm -f" commands from ExecStartPre= to ExecStopPost=.
hooks to ensure non-destructive start attempts issued by Wants=.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-02 10:55:42 +02:00
Matthew Mosesohn
c7fef6cb76
Fix weave deployment task names
2016-07-30 23:12:41 +04:00
Antoine Legrand
6a7308d5c7
Merge pull request #372 from adidenko/calico-ipip-support
...
Support --ipip option for calico pool
2016-07-29 08:05:00 -07:00
Antoine Legrand
4419662fa0
Merge pull request #330 from jonbec/master
...
Add settable flannel image tag & image repo
2016-07-29 08:02:18 -07:00
Matthew Mosesohn
5668e5f767
Fix etcd restart and handler systemd tasks
...
Changed Wants=docker.service to docker.socket
Renamed handlers for reloading systemd to contain role in task name.
2016-07-29 16:32:35 +03:00
Aleksandr Didenko
c52c5f5056
Add run_once to define calico pool task name
2016-07-27 15:55:41 +02:00
Matthew Mosesohn
90fc407420
Fix etcd user for etcd-proxy service
...
Only affects sys V OSes (Ubuntu 14.04)
Fixes ##383
2016-07-27 11:54:47 +03:00
Antoine Legrand
9fb391fed5
Merge pull request #381 from kubespray/fixetcdstandalone
...
Fix etcd standalone deployment
2016-07-26 16:04:26 -07:00
Antoine Legrand
fbc55da2bf
Merge pull request #378 from bogdando/issues/26
...
Add HA/LB endpoints for kube-apiserver
2016-07-26 16:03:31 -07:00
Matthew Mosesohn
1b1f5f22d4
Fix etcd standalone deployment
...
etcd facts are generated in kubernetes/preinstall, so etcd nodes need
to be evaluated first before the rest of the deployment.
Moved several directory facts from kubernetes/node to
kubernetes/preinstall because they are not backward dependent.
2016-07-26 18:15:06 +03:00
Bogdan Dobrelya
731d32afda
Add HA/LB endpoints for kube-apiserver
...
* Add HA docs for API server.
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver
vars and usecases.
* Use facts for kube_apiserver to not repeat code and enable LB endpoints use.
* Use /healthz check for the wait-for apiserver.
* Use the single endpoint for kubelet instead of the list of apiservers
* Specify kube_apiserver_count to for HA layout
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-25 17:25:45 +02:00
Matthew Mosesohn
b4688701ea
Copy kubectl from docker container
...
Nearly the last stage of source all components to containers.
Kubectl will be called from hyperkube image.
Remaining tasks:
* Move kube_version variable to kubernetes/preinstall
* Drop placeholder download.nothing requirement
2016-07-25 18:17:59 +03:00
Matthew Mosesohn
d0a1e15ef3
Deploy kubelet and kube-apiserver as containers
...
kubelet via docker
kube-apiserver as a static pod
Fixed etcd service start to be more tolerant of slow start.
Workaround for kube_version to stay in download role, but not
download an files by creating a new "nothing" download entry.
2016-07-22 16:42:34 +03:00
Matthew Mosesohn
7f212ca9cb
Revert "Add HA/LB endpoints for kube-apiserver"
...
This reverts commit a70c3b661e
.
2016-07-22 13:54:38 +03:00
Antoine Legrand
296eccd238
Merge pull request #361 from bogdando/issue/26_p2
...
Add HA/LB endpoints for kube-apiserver
2016-07-21 14:43:53 +02:00
Aleksandr Didenko
f94eb0b997
Support --ipip option for calico pool
...
Adds new boolean configuration variable for calico network plugin
`ipip`. When it's enabled calico pool is created with '--ipip'
option (IP-over-IP encapsulation across hosts).
Also refactor pool creation tasks to simplify logic and make tasks
more readable.
2016-07-21 13:05:40 +02:00
Bogdan Dobrelya
a70c3b661e
Add HA/LB endpoints for kube-apiserver
...
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver
vars and usecases.
* Add loadbalancer_apiserver_localhost (default false). If enabled, override
the external LB and expect localhost:443/8080 to be new internal only frontends.
* Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients
to access the apiservers as a comma-separated list of access_ip/ip/ansible ip
(a default mode). When disabled, allow clients to use the given loadbalancers.
* Define connections security mode for kube controllers, schedulers, proxies.
It is insecure be default, which is the current deployment choice.
* Rework the groups['kube-master'][0] hardcode defining the apiserver
endpoints.
* Improve grouping of vars and add facts for kube_apiserver.
* Define kube_apiserver_insecure_bind_address as a fact, add more
facts for ease of use.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-21 11:05:03 +02:00
mattymo
8141b72d5e
Merge branch 'master' into etcddockerdefault
2016-07-20 19:16:47 +03:00
Antoine Legrand
277c5d74cc
Merge pull request #367 from bogdando/set_facts
...
Fix set_facts visibility
2016-07-20 18:00:15 +02:00
Matthew Mosesohn
7a86b6c73e
Set default etcd deployment to docker
...
Improved docker reload command to wait for etcd to be
up before proceeding. Switched reload to run restart
because it can't reload if it is not guaranteed to be
in running state.
2016-07-20 18:26:16 +03:00
Bogdan Dobrelya
a76e5dbb11
Fix set_facts visibility
...
Move set_facts to the preinstall scope, so every role
may see it. For example, network plugins to see the etcd_endpoint.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-20 11:41:09 +02:00
Matthew Mosesohn
c3e5aac18e
Add variable kube_resolv_conf
...
Allow configuration of a custom /etc/resolv.conf for kubelet.
2016-07-20 11:57:47 +03:00
Bogdan Dobrelya
32cd6e99b2
Add etcd proxy support
...
* Enforce a etcd-proxy role to a k8s-cluster group members. This
provides an HA layout for all of the k8s cluster internal clients.
* Proxies to be run on each node in the group as a separate etcd
instances with a readwrite proxy mode and listen the given endpoint,
which is either the access_ip:2379 or the localhost:2379.
* A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and
loadbalancers and use the etcd members IPs as a comma-separated
list. Otherwise, clients shall use the local endpoint provided by a
etcd-proxy instances on each etcd node. A Netwroking plugins always
use that access mode.
* Fix apiserver's etcd servers args to use the etcd_access_endpoint.
* Fix networking plugins flannel/calico to use the etcd_endpoint.
* Fix name env var for non masters to be set as well.
* Fix etcd_client_url was not used anywhere and other etcd_* facts
evaluation was duplicated in a few places.
* Define proxy modes only in the env file, if not a master. Del
an automatic proxy mode decisions for etcd nodes in init/unit scripts.
* Use Wants= instead of Requires= as "This is the recommended way to
hook start-up of one unit to the start-up of another unit"
* Make apiserver/calico Wants= etcd-proxy to keep it always up
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
2016-07-19 14:09:40 +02:00
Bogdan Dobrelya
0b874e8db2
Fix systemd service unit for etcd
...
See https://github.com/coreos/etcd/issues/4308
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-15 16:22:17 +02:00
Smaine Kahlouch
192136df20
Merge pull request #359 from kubespray/fix_351
...
deployment idempotent
2016-07-14 21:34:21 +02:00
Smana
ab8fdba484
deployment idempotent
2016-07-14 21:33:24 +02:00
Smana
dfe7bfd127
use hyperkube coreos image
2016-07-14 21:20:41 +02:00
Smana
a709cd9aa1
use iptables as default proxy mode
2016-07-12 10:20:43 +02:00
Jonathan Beckman
d4dfdf68a6
Add settable flannel image tag & image repo
...
New settings with defaults:
flannel_server_helper_image_repo: "gcr.io/google_containers/"
flannel_server_helper_image_tag: "0.1"
flannel_image_repo: "quay.io/coreos/flannel"
flannel_image_tag: "0.5.5"
2016-07-11 13:18:20 +08:00
Smaine Kahlouch
a5c21ab2e8
Merge pull request #346 from bogdando/issues/345
...
Add hostpath dynamic provisioner for PetSets
2016-07-09 22:43:09 +02:00
Spencer Smith
c9cff5c845
updated admission controllers for >1.2 Kubernetes
2016-07-08 10:04:14 -07:00
Bogdan Dobrelya
da20d9eda4
Add hostpath dynamic provisioner for PetSets
...
Defaults to false. Use with v1.3 only.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-08 16:52:39 +02:00
Smaine Kahlouch
83da5d7657
Merge pull request #335 from mattymo/calicoctl
...
Change calicoctl deployment to use container
2016-07-07 21:47:40 +02:00
Matthew Mosesohn
b3282cd0bb
Add optional deployment mode for Docker etcd_deployment_type
...
Running etcd in Docker reduces the number of individual file
downloads and services running on the host.
Note: etcd container v3.0.1 moves bindir to /usr/local/bin
Fixes : #298
2016-07-07 19:31:28 +03:00
Smaine Kahlouch
bcd912e854
Merge pull request #337 from blasphemy/add-kubelet-ip
...
Add kubelet ip
2016-07-07 08:05:03 +02:00
Alexandre Bourget
3b7eaf66b6
flanneld: don't redirect logs to an unreadable location, let docker/k8s see
...
and aggregate them.
2016-07-06 16:25:11 -04:00
Daniel Leining
1d148e9755
fix kubelet ip with quotes
2016-07-05 17:23:08 -04:00
Daniel Leining
d84ed1b4b3
make kubelet use "ip" as bind address
2016-07-05 17:14:12 -04:00
Matthew Mosesohn
baf80b7d7e
Change calicoctl deployment to use container
...
Improves upgradability of calicoctl by leveraging docker tags.
2016-07-05 13:49:03 +03:00
Matthew Mosesohn
d2151500b6
Fix kube-apiserver log level syntax
2016-07-05 13:11:45 +03:00
Matthew Mosesohn
b847a43c61
Set hyperkube version to kube_version
2016-07-05 12:43:27 +03:00
Smana
f1ba247844
upgrade to k8s v1.3.0
2016-07-03 14:14:09 +02:00
Smaine Kahlouch
2fa7ee0cf9
Merge pull request #326 from kubespray/upgrade_etcd_v3
...
upgrade to etcd v3.0.1
2016-07-02 14:26:13 +02:00
Smana
40fbb3691d
uprade to etcd v3.0.1
2016-07-02 14:14:32 +02:00
Daniel Leining
72ab34f210
Add --bind-address to kube-apiserver
2016-07-01 18:33:59 -04:00
Smana
85fa3efc06
upgrade kubernetes to v1.2.5
2016-06-29 15:38:33 +02:00
Smana
c4beee38f6
include variables from a distinct file
2016-06-29 14:08:14 +02:00
Smana
247a1a6e6e
change hyperkube repository
2016-06-29 14:07:05 +02:00
Smana
a4396cfca0
use python script to update sha256 sum in the vars
2016-06-29 14:07:01 +02:00
Smana
536454b079
upgrade etcd version to 2.3.7
2016-06-28 12:31:57 +02:00
mattymo
708d2fbd61
Add KUBE_API_INSECURE_BIND to systemd unit file
...
This was missing from commit c4c312c2e6
2016-06-27 13:01:22 +04:00
Matthew Mosesohn
c4c312c2e6
Add configurable option for kube_apiserver_insecure_bind_address
2016-06-24 18:10:01 +03:00
Chris Bell
9e59c74c24
Maintain backwards compatibility with EL6
2016-06-22 09:51:49 -04:00
Chris Bell
d94253ff6a
Modify calico docker.service
2016-06-22 09:44:31 -04:00
Smana
094c2c75f3
upgrade pypy version
2016-06-21 12:11:10 +02:00
Matthew Mosesohn
33d897bcb6
Force install of specified docker version, fixes #295
...
This allows Ubuntu/Debian to downgrade Docker version if
a newer version is installed, instead of failing.
2016-06-17 12:31:55 +03:00
Matthew Mosesohn
153b82a803
Add docker_options to calico networking
2016-06-14 19:33:44 +03:00
Smana
922c6897d1
Install python-pip on first master
2016-06-12 20:44:12 +02:00
ant31
eb6025a184
Add kubedns as default package to install
2016-06-12 18:08:53 +02:00
ant31
c43f9bc705
Add variables to kpm module
2016-06-12 18:02:44 +02:00
ant31
cd2847c1b9
Add kpm role
2016-06-12 18:02:44 +02:00
Smana
8281b98e19
install kpm in order to deploy addons
2016-06-11 21:08:05 +02:00
Smana
7c7adc7198
upgrade calico to v0.20 and calico-cni to v1.3.1
2016-06-09 19:55:12 +02:00
Smana
4a7d8c6fea
clean conditions into docker templates
2016-06-02 21:01:41 +02:00
Smaine Kahlouch
722aacb633
Merge pull request #272 from rustyrobot/fix-etcd-scale-up
...
Add scale-up for etcd cluster
2016-06-01 17:20:04 +02:00
mattymo
68808534b3
Fix order in restart kubelet to fix systemd reload
...
Systemd reload before reload kubelet was failing because its definition was before "restart kubelet". Its definition should be after the notify hook.
2016-05-31 20:09:49 +04:00
Evgeny L
0500f27db8
Scale-up functionality for etcd cluster
...
* Set ETCD_INITIAL_CLUSTER_STATE from `new` to `existing`,
because parameter `new` makes sense only on cluster assembly
stage.
* If cluster exists and current node is not a part
of the cluster, add it with command `etcdctl add member name url`.
Closes kubespray/kargo/#270
2016-05-31 18:23:46 +03:00
Smaine Kahlouch
96a2439c38
Merge pull request #264 from rsmitty/issue-255
...
resolves coreos nodes not setting up docker proxies
2016-05-26 21:55:53 +02:00
Spencer Smith
87757d4fcf
provides initial docker options support
2016-05-25 12:56:45 -04:00
Spencer Smith
492218a3e1
resolves coreos nodes not setting up docker proxies
2016-05-24 12:11:24 -04:00
Spencer Smith
a740e521d2
removed os restriction for coreos
2016-05-24 12:03:16 -04:00
Smaine Kahlouch
bdc183114a
Merge pull request #261 from paulczar/meta_roles_yo
...
turn adduser/download roles into meta roles
2016-05-23 17:29:37 +02:00
Paul Czarkowski
7de87d958e
turn adduser/download roles into meta roles
...
This should make things a little more composable,
by making these roles meta roles that perform no
actions by default we allow each role to own its own
resources.
2016-05-22 17:25:52 -05:00
Paul Czarkowski
c226b4e5cb
fixes issue #258
...
Kubernetes API server has an option:
```
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
```
kargo does not set --bind-address, thus it binds to eth0, in vagrant and similar
environments this causes issues because nodes cannot talk to eachother over eth0.
This sets `--advertise-address` to `ip` if its set, otherwise the default behavior
of is persisted by using `ansible_default_ipv4.address`.
2016-05-22 13:48:16 -05:00
Paul Czarkowski
ba615ff94e
race condition in download role under vagrant
...
using a shared folder can cause race conditions for the download
role as it tries to download files on all the nodes to the same
shared path. This adds a flag to run the tasks in the download
role on just one node.
2016-05-20 17:04:38 -05:00
Paul Czarkowski
d8bebcd201
Fix issue with check_certs playbook
...
check_certs task "Check_certs | Set 'sync_certs' to true" was failing
due to the dict not existing, this sets defaults that allows the
correct behavior of the conditionals.
2016-05-15 17:15:59 -05:00
Smaine Kahlouch
f576d70b3c
Merge pull request #245 from kubespray/fix_flannel_deploy_213
...
fix flannel deployment, remove docker bridge before restarting
2016-05-13 19:54:07 +02:00
Smana
ae5ff890d4
fix flannel deployment, remove docker bridge before restarting
2016-05-13 18:10:00 +02:00
Spencer Smith
f949bfd46c
remove need for baking image to get writeable /opt/bin
2016-05-13 02:48:13 -07:00
Spencer Smith
66d9a6ebbc
updated to use handlers
2016-05-12 12:18:38 -07:00
Spencer Smith
9b8a757526
missed a name update :)
2016-05-12 09:30:11 -07:00
Spencer Smith
a894a8c7bc
Merge branch 'master' into issue-229
2016-05-12 09:10:57 -07:00
Spencer Smith
962155e463
updated names and removed checks for rhel, as we already know we have systemd inside that play
2016-05-12 09:06:31 -07:00
Spencer Smith
c90c981bb2
updated to support all OSes using systemd
2016-05-12 09:03:11 -07:00
Smana
608e7dfab2
upgrade k8s vers, and add a script for future upgrades
2016-05-12 15:56:30 +02:00
Smana
1884d89d3b
fixes the certs issue when masters or not in the kube-node group
2016-05-12 10:07:34 +02:00
Smaine Kahlouch
ed95f9ab81
Merge pull request #232 from rsmitty/issue-231
...
Issue 231: ensure ca.pem makes it to multi-masters
2016-05-11 21:24:04 +02:00
Spencer Smith
9f8466a186
ensure ALL certs are synced between masters
2016-05-11 10:09:13 -07:00
Spencer Smith
743ad0eb5c
s/sync_certs/sync_tokens
2016-05-11 09:38:26 -07:00
Spencer Smith
5253b3ec13
ensure ca.pem makes it to multi-masters
2016-05-11 09:06:08 -07:00
Spencer Smith
ebf8231c9a
only run if proxy variables are added
2016-05-10 15:53:32 -07:00
Spencer Smith
adceaf60e1
support proxies with docker on rhel
2016-05-10 15:49:27 -07:00
Smaine Kahlouch
96c63cc0b6
Merge pull request #227 from paulczar/vagrant
...
Add native Vagrant support
2016-05-09 11:47:07 +02:00
Paul Czarkowski
5f2fa6d76f
revert .gitignore for secrets
2016-05-08 23:46:35 -05:00
Paul Czarkowski
bd064e8094
fix flannel's cross vm networking for vagrant
...
* set flannel backend type to `host-gw`
* set flannel interface to be eth1 ip
2016-05-08 23:42:42 -05:00
Paul Czarkowski
8f4e879ca7
Add native Vagrant support
...
This allows you to simply run `vagrant up` to get a 3 node HA cluster.
* Creates a dynamic inventory and uses the inventory/group_vars/all.yml
* commented lines in inventory.example so that ansible doesn't try to use it.
* added requirements.txt to give easy way to install ansible/ipaddr
* added gitignore files to stop attempts to save unwated files
* changed `Check if kube-system exists` to `failed_when: false` instead of
`ignore_errors`
2016-05-08 10:17:11 -05:00
Smana
4f627baf71
generate secrets on first master
2016-05-07 21:08:29 +02:00
David Reuss
180f2d1fde
Pull correct variable for etcd initial variable
...
This shouldn't use the `inventory_hostname` variable, as that will just yield the same variable, but rather use the `host` which we're looping over.
2016-04-29 14:37:01 +02:00
Antoine Legrand
391b155a98
Merge pull request #216 from cmluciano/cml/fixubuntu
...
Fix ansible dict error on Ubuntu 14.04
2016-04-25 14:54:17 +02:00
Christopher M Luciano
47982ea21c
Use ansible array format instead of dot-notation.
...
This fixes the ansible error ```'dict object' has no attribute
'ansible_default_ipv4'"}```. Closes #215
2016-04-25 08:45:58 -04:00
Smana
97de82bbcc
upgrade weave to v1.5.0 with cni
2016-04-20 17:09:09 +02:00
Smana
928bbeaf0f
upgrade calico v0.19.0, calico-cni v1.2.1
2016-04-19 18:28:45 +02:00
Rob Hirschfeld
107da007b1
Merge branch 'master' into flagfixes12
2016-04-12 18:44:06 -07:00
Rob Hirschfeld
fb980e4542
missed tick in message
...
cosmetic
2016-04-12 18:43:31 -07:00
Rob Hirschfeld
f12ad6a56f
consolidate EPEL change into a single task
...
as per @smana request
2016-04-12 18:41:46 -07:00
Smaine Kahlouch
5691086ba2
Merge pull request #164 from oneswig/master
...
Provide a non-default hostname for CoreOS systems.
2016-04-12 17:18:33 +02:00
Rob Hirschfeld
831a54e9b7
add code to detect if epel is already installed and skip it if it is
...
add option for generic
2016-04-11 16:44:56 -05:00
Smana
3cd89bed45
Kubernetes upgrade to 1.2.2
2016-04-11 12:19:09 +02:00
Smana
48a85ce8f8
use docker repository to install on CentOS
2016-04-11 11:17:14 +02:00
Smana
936927a54f
Fix docker install on rhel7
2016-04-10 22:08:13 +02:00
Smana
5c22133492
fix add nodes to the cluster
2016-04-08 07:45:39 +02:00
Smana
b03093be73
update kubectl bash completion
...
change hyperkube image repository
2016-04-05 15:27:06 +02:00
Smana
bc44d5deb3
upgrade to kubernetes v1.2.1
2016-04-05 12:59:18 +02:00
Smana
850b7466cd
remove deprecation warns and update doc
2016-04-04 10:14:56 +02:00
Stig Telfer
bf96b92def
Merge branch 'master' into coreos-fixes
2016-04-02 21:01:28 +01:00
Stig Telfer
ab21f4d169
Define empty default objects for docker package management.
...
On CoreOS where there is no package management, perform zero-trip
loops instead of throwing an exception for iterating over a member
of an undefined variable.
2016-04-02 20:55:17 +01:00
Stig Telfer
64a39fdb86
Use var for bin dir instead of assuming /usr/local/bin
...
On CoreOS the binaries are not installed in /usr/local/bin.
2016-04-02 20:53:33 +01:00
ant31
7237a925eb
Add kubernetes.default.svc in certs dns
2016-04-01 12:40:01 +02:00
teuto.net Netzdienste GmbH
8cbdf73eba
Changed path to hosts ssl certs from /usr/share/ca-certificates to /etc/ssl/certs/ which fixes https problems in kube-controller-manager and kube-apiserver ( #189 ) caused by the lack of certificates on debian and redhat based systems.
2016-04-01 09:34:28 +02:00
teuto.net Netzdienste GmbH
624a964cda
Implemented Dynamic Provisioning of PersistentVolumes with cinder
...
When kubespray is deployed on OpenStack, the kube-controller-manager is now aware of the cluster and can create new cinder volumes automatically if the PersistentVolumeClaims are annotated accordingly.
Note that this is an alpha feature of kubernetes 1.2
2016-03-31 14:38:46 +02:00
Smaine Kahlouch
a14dfe74e1
Merge pull request #188 from teutostack/warnings-removal
...
Fixing deprecation warnings regarding bare variables and apt
2016-03-30 11:57:57 +02:00
teuto.net Netzdienste GmbH
a192111e6a
Reverted deletion of "changed_when: False" for Task "Install python-dnf for latest RedHat versions". Deleted "changed_when: False" on Task "Install latest version of python-apt for Debian distribs" to get notified when kubespray has installed a new package version.
2016-03-30 11:21:36 +02:00
teuto.net Netzdienste GmbH
4271dd6645
using apt module instead of command module to install python-apt
2016-03-30 10:39:33 +02:00
teuto.net Netzdienste GmbH
457ed11b49
fixed deprecation warnings regarding bare variables
2016-03-30 10:23:43 +02:00
teuto.net Netzdienste GmbH
9f8da6c225
Implemented cloud-provider integration for OpenStack.
...
Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
2016-03-29 15:17:22 +02:00
Smaine Kahlouch
68fafd030d
choose between gce and aws cloud providers
2016-03-23 17:27:06 +01:00
Smaine Kahlouch
e8aec5f4f0
Don't call the apiserver when the server is master only
2016-03-22 13:25:41 +01:00
Smaine Kahlouch
c51ed4bbb7
use master election option instead of podmaster
2016-03-21 22:25:09 +01:00
Smaine Kahlouch
ba4ad51c26
add aufs-tools package for debian
2016-03-21 17:25:14 +01:00
Antoine Legrand
785b84fd43
Upgrade to docker 1.10.3
2016-03-21 16:54:14 +01:00
Antoine Legrand
15ce66b2f5
Kubernetes 1.2.0
2016-03-21 16:54:14 +01:00
Smaine Kahlouch
7e6d7caf4b
Dnsmasq runs on all nodes
2016-03-21 11:37:35 +01:00
ant31
6297e5ea93
Use dnsmasq inside pods
2016-03-19 23:41:27 +01:00
Antoine Legrand
72807965a8
Upload files to a separate storage
2016-03-04 17:39:02 +01:00
Antoine Legrand
611c7744a1
Remove submodules
2016-03-04 16:14:01 +01:00
Smana
ede3aad2ab
flannel backend type option
2016-03-04 14:55:04 +01:00
Smana
62218c1497
upgrade calicoctl to v0.17.0
2016-03-02 10:42:31 +01:00
Smana
cb3cc6f523
adding option --proxy-mode for kubeproxy
2016-02-29 11:41:08 +01:00
Smaine Kahlouch
87fd8415da
Merge pull request #163 from Smana/upgrade_kube_v1.1.8
...
Upgrade kuberenetes to v1.1.8
2016-02-26 23:25:00 +01:00
Stig Telfer
edcd5bf67f
Provide a non-default hostname for CoreOS systems.
...
A freshly-installed CoreOS system does not always have a hostname configured.
This causes problems for etcd and BGP mesh configuration for Calico.
Assign the Ansible inventory name as hostname as part of CoreOS bootstrap,
if the hostname is the default ("localhost").
2016-02-26 13:43:07 +00:00
Smana
9528caa1d7
Upgrade kuberenetes to v1.1.8
2016-02-25 17:35:38 +01:00
Smaine Kahlouch
3f32e5973f
Merge pull request #158 from Smana/calico_nat_outgoing_opt
...
calico: enabling nat outgoing by default
2016-02-24 12:11:34 +01:00
Stig Telfer
ff03c82151
On CoreOS, /etc/hosts does not always exist.
2016-02-23 12:04:58 +00:00
Smana
152c409022
calico: enabling nat outgoing by default
2016-02-21 17:11:49 +01:00
Smana
fca384e24c
first version of CoreOS on GCE
...
Please enter the commit message for your changes. Lines starting
2016-02-21 00:06:36 +01:00
Spencer Smith
20adb604cc
confirmed working change to mktemp command
2016-02-18 15:56:10 -05:00
Smana
39caf94790
update hyperkube version
2016-02-18 16:38:25 +01:00
Smana
b013b125bc
Upgrade Calico and etcd
2016-02-15 12:41:27 +01:00
Smana
01397678df
upgrade kubernetes to 1.1.7
2016-02-15 10:57:45 +01:00
Smana
c3a8f379e8
rollback to docker 1.9
2016-02-13 15:38:42 +01:00
Smana
c0cf506fb4
install epel-release on RHEL7
2016-02-13 13:15:08 +01:00
Smana
a649aa8b7e
use ansible_service_mgr to detect init system
2016-02-13 11:46:53 +01:00
Smana
91fca69aa0
generate secrets on deployment machine
...
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00
Antoine Legrand
3fef552978
Docker 1.10.1
2016-02-13 06:19:47 +01:00
ntfrnzn
a4e32c748a
pin docker version actually
2016-02-12 14:45:09 -08:00
ntfrnzn
c48bc34a34
pin docker versions to 1.9 or earlier
2016-02-12 14:40:13 -08:00
ant31
4ee3699933
Add weave to tests
2016-02-11 10:57:54 +01:00
Smaine Kahlouch
05c8a29688
Merge branch 'master' into weave_network_plugin
2016-02-10 18:33:48 +01:00
Smana
793d665db4
specify weave version
2016-02-10 18:19:03 +01:00
Greg Althaus
6f1fe0cda2
Force kube-proxy to bind to local address
2016-02-10 10:53:22 -06:00
Smana
ab007e4ab8
weave network plugin
2016-02-09 17:55:12 +01:00
Smaine Kahlouch
4f92417a5d
split network plugins into distinct roles
2016-02-09 11:42:00 +01:00
Smana
b2d6626363
fix some issues with fedora 23 and dnf
2016-02-03 21:26:49 +01:00
Smaine Kahlouch
779299de15
calico uses --ip option
2016-02-01 15:53:23 +01:00
Antoine Legrand
7e94d31c8b
Merge branch 'master' into increase_timeout
2016-02-01 14:32:25 +01:00
ant31
21b0a3649d
Increase liveness timeout
2016-02-01 13:41:49 +01:00
Smaine Kahlouch
3bb6066558
add option '--nat-outgoing' for calico on clouds
2016-02-01 10:47:34 +01:00
Smaine Kahlouch
64be24dd20
Merge pull request #123 from Smana/install_epel_rhel
...
install epel release for rhel
2016-02-01 10:46:10 +01:00
Smaine Kahlouch
4d3f6c6533
install epel release for rhel
...
install required packages before common
roles/kubernetes/preinstall/tasks/main.yml
2016-01-31 22:12:34 +01:00
Greg Althaus
6163fe166e
Update docker for CentOS issues in AWS and general
...
variables.
1. AWS has issues with ext4 (use xfs instead for CentOS only)
2. Make sure all the centos config files are include in the systemd config
3. Make sure that network options are set in the correct file by os family
This allows downstream items like opencontrail and others change variables
in expected locations.
2016-01-30 21:46:32 -06:00
Smaine Kahlouch
6358cf788f
etcd initd startup command fix
2016-01-30 22:31:41 +01:00
Antoine Legrand
b33713da4a
Change calico condition --ipip
2016-01-29 14:07:21 +01:00
Antoine Legrand
83c1bd516d
Update calico.yml
2016-01-29 12:23:29 +01:00
Antoine Legrand
5d24cabc83
Merge pull request #116 from ansibl8s/calico_on_cloud
...
Add --ipip to calico if on cloud_proivder
2016-01-28 20:28:15 +01:00
Antoine Legrand
7127e6de54
Add --ipip to calico if on cloud_proivder
2016-01-28 20:13:50 +01:00
Greg Althaus
bedcca922c
Add variables and defaults for multiple types of ip addresses.
...
Each node can have 3 IPs.
1. ansible_default_ip4 - whatever ansible things is the first IPv4 address
usually with the default gw.
2. ip - An address to use on the local node to bind listeners and do local
communication. For example, Vagrant boxes have a first address that is the
NAT bridge and is common for all nodes. The second address/interface should
be used.
3. access_ip - An address to use for node-to-node access. This is assumed to
be used by other nodes to access the node and may not be actually assigned
on the node. For example, AWS public ip that is not assigned to node.
This updates the places addresses are used to use either ip or access_ip and walk
up the list to find an address.
2016-01-27 16:05:39 -06:00
Smaine Kahlouch
a323335d36
use 'kube_pods_subnet' var for flannel conf
2016-01-27 22:00:12 +01:00
Smaine Kahlouch
8d71d56809
update submodules and documentation
2016-01-27 17:02:41 +01:00
Antoine Legrand
cf472a6b4c
Merge pull request #107 from ansibl8s/race_condition_api_master
...
Slowdown apimaster restart
2016-01-26 18:00:47 +01:00
ant31
fd6ac61afc
Use local etcd/etcdproxy for calico
2016-01-26 17:28:30 +01:00
Antoine Legrand
4566d60e6f
Slowdown apimaster restart
2016-01-26 15:23:16 +01:00
Antoine Legrand
49a7278563
Set perms on unarchive
2016-01-26 12:17:33 +01:00
Antoine Legrand
b9781fa7c2
Symlink dnsmasq conf
2016-01-26 00:30:29 +01:00
Smaine Kahlouch
90ffb8489a
fix some handlers
2016-01-25 22:49:24 +01:00
Greg Althaus
e7d5b7af67
Force owner and permissions for get_url retrieved
...
files. get_url doesn't honor owner and mode is spotty.
2016-01-25 13:30:48 -06:00
Greg Althaus
c7bd2a2a1e
Need to use separate stanzas for each repo because the
...
args are different. Sigh.
2016-01-25 11:16:56 -06:00
Smaine Kahlouch
baaa6efc2b
workaround_ha_apiserver
2016-01-25 12:07:32 +01:00
ant31
56b92812fa
Fix systemd reload and calico unit
2016-01-25 10:54:07 +01:00
ant31
f5508b1794
Use update_cache when possible
2016-01-25 02:06:34 +01:00
Greg Althaus
bcd6ecb7fb
Add flannel vars to enable vagrant and amazon environments
2016-01-24 16:18:35 +01:00
Antoine Legrand
b4734c280a
Merge branch 'master' into add_users_role
2016-01-24 15:58:10 +01:00
Antoine Legrand
dd61f685b8
AddUser Role
2016-01-24 11:54:34 +01:00
Smaine Kahlouch
4984b57aa2
use rsync instead of command
2016-01-23 18:26:07 +01:00
Smaine Kahlouch
283c4169ac
run apiserver as a service
...
reorder master handlers
typo for sysvinit
2016-01-23 14:21:04 +01:00
Smaine Kahlouch
5edc81c627
moving kube-cert group into group_vars
2016-01-22 17:18:45 +01:00
Smaine Kahlouch
391413f7e7
missing commits for the PR #86
2016-01-22 17:10:31 +01:00
Smaine Kahlouch
87b42e34e0
create kube-cert group task
2016-01-22 16:51:54 +01:00
Smaine Kahlouch
be0bec9eab
add kube-cert group
2016-01-22 16:46:06 +01:00
Smaine Kahlouch
cb59559835
use command instead of synchronize
2016-01-22 16:37:07 +01:00
Antoine Legrand
078b67c50f
Remove downloader host
2016-01-22 09:59:39 +01:00
Greg Althaus
32877bdc7b
Merge branch 'master' into etcd-sync
2016-01-21 13:13:58 -06:00
Greg Althaus
ec1073def8
Test for a systemd service that should be up.
2016-01-21 11:35:15 -06:00
Greg Althaus
28e530e005
Fix etcd synchronize to other nodes from the downloader
2016-01-21 11:21:25 -06:00
Smaine Kahlouch
de038530ef
don't run gitinfos by default
2016-01-21 13:41:01 +01:00
Smaine Kahlouch
337977e868
script which gives info about the deployment state
...
fix script location
2016-01-21 13:41:01 +01:00
Smaine Kahlouch
9715962356
etcd directly in host
...
fix etcd configuration for nodes
fix wrong calico checksums
using a var name etcd_bin_dir
fix etcd handlers for sysvinit
using a var name etcd_bin_dir
sysvinit script
review etcd configuration
2016-01-21 11:36:11 +01:00
Smaine Kahlouch
a5094f2a6a
move /etc/hosts configuration in 'preinstall' role
2016-01-20 17:37:23 +01:00
Greg Althaus
fe5ec398bf
Use IP is specified, otherwise use the ansible discovered address.
...
This fixes cases for use in Vagrant environments.
2016-01-20 08:34:39 -06:00
Antoine Legrand
859f6322a0
Merge branch 'master' into add_set_remote_user
2016-01-19 21:08:52 +01:00
Greg Althaus
10b2466d82
run_once only works if master[0] is first in inventory list
...
of all nodes.
2016-01-19 13:10:54 -06:00
Antoine Legrand
f68d8f3757
Add seT_remote_user in synchronize
2016-01-19 14:20:05 +01:00
Antoine Legrand
9b083b62cf
Rename tasks
2016-01-19 14:20:05 +01:00
Smaine Kahlouch
b54af6b42f
reduce dns timeout
2016-01-19 13:49:33 +01:00
Smaine Kahlouch
7cab7e5fef
restarting kubelet is sometimes required after docker restart
2016-01-19 13:47:07 +01:00
Smaine Kahlouch
4c5735cef8
configure dnsmasq to listen on localhost only
2016-01-19 13:34:30 +01:00
Smaine Kahlouch
58e1db6aae
update kubedns submodule
2016-01-19 13:32:53 +01:00
Smaine Kahlouch
63ae6ba5b5
dnsmasq runs on all nodes
2016-01-19 10:31:47 +01:00
Smaine Kahlouch
f58b4d3dd6
dnsmasq listens on localhost
2016-01-19 10:29:33 +01:00
Smaine Kahlouch
d3a8584212
add timeout options to resolv.conf
2016-01-19 10:18:53 +01:00
ant31
4271126bae
Change hyperkube repo
2016-01-18 17:17:08 +01:00
Smaine Kahlouch
049f5015c1
upgrade hyperkube image version
2016-01-18 16:55:57 +01:00
Smaine Kahlouch
6ab671c88b
update memcached submodule
2016-01-18 16:25:01 +01:00
Smaine Kahlouch
d73ac90acf
udpate k8s-pgbouncer submodule
2016-01-18 11:58:12 +01:00
Smaine Kahlouch
adf6e2f7b1
update postgres submodule
2016-01-18 11:44:33 +01:00
Smaine Kahlouch
806834a6e9
upgrade kubernetes to 1.1.4 and calico to 0.14.0
2016-01-17 21:30:11 +01:00
Smaine Kahlouch
8415634016
use google hyperkube image
2016-01-16 22:55:49 +01:00
Smaine Kahlouch
8127e8f8e8
Flannel running as pod
2016-01-15 13:03:27 +01:00
Smaine Kahlouch
51a0996087
fix regexp for resolv.conf
2016-01-15 12:18:03 +01:00
ant31
5d61b5e813
Fix namespace
2016-01-14 16:22:37 +01:00
ant31
b769636435
Ansible 2.0
2016-01-13 16:40:24 +01:00
Smaine Kahlouch
eab2cec0ad
fix kubectl perms
2016-01-08 16:02:40 +01:00
Smaine Kahlouch
0b17a4c00f
Merge pull request #45 from jcsirot/fix-calico-systemd
...
Fix calico with systemd
2016-01-08 11:34:58 +01:00
ant31
f49aa90bf7
fix synchronize pull mode
2016-01-08 11:32:06 +01:00
Jean-Christophe Sirot
6f9148e994
Fix calico with systemd
2016-01-08 10:32:43 +01:00
Antoine Legrand
7913d62749
Merge pull request #44 from ansibl8s/travis
...
Travis tests
2016-01-07 23:46:02 +01:00
Smaine Kahlouch
d5320961e9
enforce user root when sudo is used
2016-01-05 15:33:23 +01:00
ant31
9c461e1018
Use inline update for resolv.conf
2016-01-05 12:31:49 +01:00
ant31
9a03249446
Add travis tests
2016-01-05 12:31:49 +01:00
ant31
8fa0110e28
Remove local dep. downloader
2016-01-04 16:10:29 +01:00
Smaine Kahlouch
99d16913d3
use bin_dir var in init scripts
2016-01-04 14:35:01 +01:00
Smaine Kahlouch
d172457504
sysvinit scripts
2016-01-04 14:30:37 +01:00
Smaine Kahlouch
6103d673b7
New calico's configuration
2016-01-04 14:30:37 +01:00
Smaine Kahlouch
29bf90a858
review handlers for sysvinit
2016-01-04 14:30:37 +01:00
ant31
e3cdb3574a
Rework download role
2015-12-31 16:12:16 +01:00
Smaine Kahlouch
15cd1bfc56
rename env file
2015-12-31 14:55:06 +01:00
Smaine Kahlouch
be5fe9af54
never report changed for init system detection
2015-12-31 14:54:15 +01:00
Smaine Kahlouch
7006d56ab8
split role download and preinstall
2015-12-31 14:07:02 +01:00
Smaine Kahlouch
1695682d85
handle sysvinit
2015-12-31 14:05:55 +01:00
Smaine Kahlouch
1d1d8b9c28
add nodnsupdate hook for RedHat
2015-12-31 14:04:08 +01:00
Smaine Kahlouch
98fe2c02b2
review local tasks
2015-12-31 10:28:47 +01:00
Smaine Kahlouch
92c2a9457e
rename role common to kubernetes/preinstall
2015-12-31 10:03:22 +01:00
Smaine Kahlouch
dbb6f4934e
common role in order to support other linux distribs
2015-12-30 22:26:45 +01:00
Smaine Kahlouch
9f07f2a951
install docker on a largest number of linux distribution (based on https://github.com/marklee77/ansible-role-docker )
2015-12-30 22:26:45 +01:00
Smaine Kahlouch
b72e220126
remove carriage return
2015-12-30 14:02:22 +01:00
Smaine Kahlouch
e0f460d9b5
copy template dnsmasq pod and remove handlers
2015-12-30 14:02:22 +01:00
Smaine Kahlouch
2bd6b83656
increase etcd timeout value again
2015-12-30 14:02:22 +01:00
ant31
2df70d6a3d
Docker dnsmasq
2015-12-30 14:02:22 +01:00
Smaine Kahlouch
6f4f170a88
remove useless etcd download, runs into docker containers
2015-12-30 09:50:02 +01:00
Smaine Kahlouch
3f3b03bc99
increase timeout value for etcd wait_for
2015-12-29 21:37:17 +01:00
Smaine Kahlouch
c9d9ccf025
move network-environment template into node role, required by kubelet
2015-12-29 21:36:51 +01:00
ant31
e378f4fb14
Install calico-plugin before running calico
2015-12-28 22:04:39 +01:00
Antoine Legrand
5c15d14f12
Run etcd as pod
2015-12-28 22:04:39 +01:00
Antoine Legrand
b45747ec86
Merge pull request #37 from ansibl8s/apiserver_https
...
Apiserver https
2015-12-28 13:00:46 +01:00
ant31
d597f707f1
use backup file
2015-12-24 19:23:21 +01:00
Smaine Kahlouch
595e93e6da
Peer with router configuration is made on the first etcd node
2015-12-24 13:56:53 +01:00
Smaine Kahlouch
5f4e01cec5
new version of logstash submodule
2015-12-22 16:38:40 +01:00
Smaine Kahlouch
7c9c609ac4
calico uses loadbalancer address for apiserver
2015-12-22 08:45:14 +01:00
Smaine Kahlouch
680864f95c
don't sync certs on masters, already done in another task
2015-12-21 14:24:57 +01:00
Smaine Kahlouch
7315d33e3c
use ip for etcd proxies even when hostnames are used in the inventory
2015-12-21 14:24:10 +01:00
Smaine Kahlouch
b2afbfd4fb
don't touch if the file exists
2015-12-21 14:23:33 +01:00
Smaine Kahlouch
ab694ee291
Install python-httplib2 required packaged
2015-12-21 12:00:42 +01:00
Smaine Kahlouch
bba3525cd8
use loadbalancer when that's possible
2015-12-21 09:13:48 +01:00
Smaine Kahlouch
2c816f66a3
Check calico network pool
2015-12-20 16:51:14 +01:00
Smaine Kahlouch
d585ceaf3b
set permissions on network-environment file
2015-12-19 12:32:06 +01:00
Smaine Kahlouch
fec1dc9041
A single file for tokens tasks
2015-12-19 11:00:22 +01:00
Smaine Kahlouch
e7e03bae9f
calico talks to apiserver with https
2015-12-18 22:22:52 +01:00
Smaine Kahlouch
c6d65cb535
remove temporary workaround due to node reboot issue with calico 2
2015-12-18 13:25:46 +01:00
Smaine Kahlouch
a0746a3efd
remove temporary workaround due to node reboot issue with calico
2015-12-18 13:22:32 +01:00
Smaine Kahlouch
970aab70e1
Upgrade calico version to v0.13.0, fixes the node reboot issue
2015-12-18 13:10:26 +01:00
Smaine Kahlouch
4561dd327b
remove deprecated var CALICOCTL_PATH
2015-12-18 13:09:42 +01:00
Smaine Kahlouch
b155e8cc7b
Fix error in ETCD_INITIAL_CLUSTER loop
2015-12-18 11:22:56 +01:00
Smaine Kahlouch
9046b7b1bf
Configure calico pool on an etcd server
2015-12-18 10:16:03 +01:00
Antoine Legrand
3c450191ea
User etcd node ip in initial cluster
2015-12-17 22:47:19 +01:00
Antoine Legrand
184bb8c94d
Use 0755 mode for binaries
2015-12-17 22:46:50 +01:00
Smaine Kahlouch
9914229484
using ip address instead of inventory_hostname for kube-proxy
2015-12-17 10:43:06 +01:00
Smaine Kahlouch
b3841659d7
Review role order, use master ip even when fqdn are used in the inventory
2015-12-16 23:49:01 +01:00
Smaine Kahlouch
3a349b8519
Using var file for etcd service
2015-12-16 21:43:29 +01:00
ant31
44ac355aa7
Update depedencies
2015-12-16 18:01:52 +01:00
ant31
958c770bef
Update ports
2015-12-16 17:43:26 +01:00
ant31
6012230110
Merge branch 'ha_master' of https://github.com/ansibl8s/setup-kubernetes into ha
2015-12-15 17:42:01 +01:00
Smaine Kahlouch
c91a3183d3
manage undefined vars for loadbalancing
2015-12-15 16:51:55 +01:00
ant31
693230ace9
Merge branch 'ha_master' of https://github.com/ansibl8s/setup-kubernetes into ha
2015-12-15 16:28:49 +01:00
ant31
f21f660cc5
Use kube_apiserver_port
2015-12-15 16:27:12 +01:00
Smaine Kahlouch
953f482585
kube-proxy loadbalancing, need an external loadbalancer
2015-12-15 15:20:08 +01:00
Smaine Kahlouch
4055980ce6
ha apiservers for kubelet
2015-12-15 13:14:27 +01:00
Smaine Kahlouch
e2984b4fdb
ha etcd with calico
2015-12-15 11:49:11 +01:00
Smaine Kahlouch
2fc8b46996
etcd can run on a distinct cluster
2015-12-14 10:39:13 +01:00
Smaine Kahlouch
5efc09710b
Renaming hyperkube image vars
2015-12-14 09:54:58 +01:00
Smaine Kahlouch
9862afb097
Upgrade kubernetes to v1.1.3
2015-12-13 16:41:18 +01:00
Smaine Kahlouch
59994a6df1
Quickstart documentation
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
0a1b92f348
cluster log level variable 'kube_log_level'
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
af9b945874
add the loadbalancer address to ssl certs
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
3cbcd6f189
Calico uses the loadbalancer to reach etcd if 'loadbalancer_address' is defined. The loadbalancer has to be configured first
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
1568cbe8e9
optionnal api runtime extensions
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
eb4dd5f19d
update kubectl bash completion
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
f49620517e
running kubernetes master processes as pods
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
ef8a46b8c5
Doesn't manage firewall, note: has to be disabled before running the playbook
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
47c211f9c1
upgrading docker version
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
b23b8aa3de
dnsmasq with multi master arch
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
3981b73924
download only required kubernetes binaries
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
b66cc67b6f
Configure network-environment with a single template
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
83c1105192
Configuring calico pool once, before starting calico-node
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
d1e19563b0
Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs
2015-12-12 19:37:08 +01:00
Smaine Kahlouch
3014dfef24
Clustering etcd for ha masters
2015-12-12 19:37:08 +01:00
ant31
b92fa01e05
Remove etcd dir
2015-12-10 23:17:12 +01:00
ant31
625efc85af
Merge branch 'master' of https://github.com/ansibl8s/setup-kubernetes
2015-12-10 20:47:15 +01:00
ant31
d30474d305
Add k8s-etcd
2015-12-10 20:46:33 +01:00
Smaine Kahlouch
9cecc30b6d
changing proxy mode to default 'userspace', issues with 'iptables'
2015-12-09 15:03:57 +01:00
Smaine Kahlouch
563be70728
disable bgp for master
2015-12-03 15:38:44 +01:00
Smaine Kahlouch
a03f3739dc
Add kubectl bash completion, missing script
2015-12-01 15:45:31 +01:00
Smaine Kahlouch
bfe78848fa
Add kubectl bash completion
2015-12-01 12:13:22 +01:00
Smaine Kahlouch
126d4e36c8
Fix kube-proxy on master
2015-11-30 16:41:22 +01:00
Smaine Kahlouch
97c4edc028
Add api runtime config option, review kubernetes handlers
2015-11-27 12:32:31 +01:00
Smaine Kahlouch
f74c195d47
updated submodule postgres
2015-11-26 14:16:49 +01:00
Smaine Kahlouch
b9e56dd435
Update postgres submodule
2015-11-26 09:34:37 +01:00
ant31
ede5f9592a
Add kube-logstash submodule
2015-11-25 14:49:20 +01:00
Smaine Kahlouch
895a02e274
change calico pool configuration order
2015-11-22 22:32:45 +01:00
Smaine Kahlouch
4a9a82ca86
include kubernetes config
2015-11-22 18:04:50 +01:00
Smaine Kahlouch
4c2f757fe8
Add kubedash and monitoring submodule
2015-11-22 18:01:25 +01:00
Smaine Kahlouch
5762d8f301
upgrade flannel and etcd version
2015-11-22 13:35:00 +01:00
Smaine Kahlouch
d3f35e12a2
Simplify docker role, cbr0 for calico isn't required anymore
2015-11-22 13:33:13 +01:00
Smaine Kahlouch
d7b7db34fa
move task service kube-api to the end of role master
2015-11-21 17:01:43 +01:00
Antoine Legrand
7f73bb5522
Keep workaround
2015-11-21 14:04:42 +01:00
Smaine Kahlouch
795ce8468d
Calico systemd unit improvement (status, stop)
2015-11-21 13:20:39 +01:00
ant31
fb6dd60f52
Rollback 1.8.3 docker
2015-11-20 16:49:02 +01:00
Smaine Kahlouch
e427591545
upgrade kubernetes version to 1.1.2
2015-11-20 16:48:50 +01:00
ant31
323155b0e1
Fix docker
2015-11-20 14:04:13 +01:00
ant31
f368faf66b
Remove --kube-plugin-version
2015-11-20 11:56:16 +01:00
ant31
8fa7811b63
Remove workaround
2015-11-20 11:36:32 +01:00
ant31
c352df6fc8
Add Backup
2015-11-20 11:18:37 +01:00
Antoine Legrand
57e1831f78
Update calico to 0.11.0
2015-11-20 10:38:39 +01:00
Smaine Kahlouch
3f411bffe4
include config file into systemd unit file
2015-11-16 22:22:19 +01:00
Smaine Kahlouch
5cc29b77aa
add option proxy mode iptables for better performances
2015-11-16 22:21:17 +01:00
Smaine Kahlouch
70aa68b9c7
move task network-environment
2015-11-16 22:20:41 +01:00
Smaine Kahlouch
7efaf30d36
update calico-node command line for version 0.10.0
2015-11-16 22:19:19 +01:00
Smaine Kahlouch
0b164bec02
add option proxy mode iptables for better performances
2015-11-16 22:17:21 +01:00
Smaine Kahlouch
3f8f0f550b
remove duplicate task
2015-11-16 22:16:36 +01:00
Smaine Kahlouch
d6a790ec46
default docker template condition
2015-11-16 22:15:43 +01:00
Smaine Kahlouch
8eef0db3ec
upgrade binaries version
2015-11-16 22:15:12 +01:00
Smaine Kahlouch
2b3543d0ee
Merge branch 'master' of https://github.com/ansibl8s/setup-kubernetes
2015-11-02 13:46:23 +01:00
Smaine Kahlouch
c997860e1c
move vars for api socket into group_vars
2015-11-02 13:46:08 +01:00
Smaine Kahlouch
27b0980622
Merge pull request #11 from ansibl8s/replace_default_ipv4_by_var
...
Add IP var
2015-11-02 13:41:55 +01:00
Smaine Kahlouch
3fb9101e40
default value for 'peer_with_router'
2015-11-02 13:41:03 +01:00
ant31
3bf74530ce
Add IP var
2015-11-01 11:12:12 +01:00
Smaine Kahlouch
f6e4cc530c
manage default value for 'peer_with_router' var
2015-10-30 16:18:39 +01:00
Smaine Kahlouch
f0eb963f5e
Tag v1.0 of redis
2015-10-28 10:44:38 +01:00
Smaine Kahlouch
f216302f95
Calico is not a network overlay
2015-10-27 15:49:07 +01:00
Smaine Kahlouch
b98227e9a4
update submodules postgres and kubedns with changes
2015-10-23 16:39:15 +02:00
Smaine Kahlouch
8e585cfdfe
agencing vars into submodules
2015-10-23 09:54:44 +02:00
Smaine Kahlouch
73e240c644
Running apps after cluster setup
2015-10-21 14:03:39 +02:00
Smaine Kahlouch
6381e75769
move k8s-postgres tag
2015-10-19 11:11:40 +02:00
Smaine Kahlouch
3427119577
adding submodules again
2015-10-18 22:10:30 +02:00
Smaine Kahlouch
73084a8377
remove apps directories
2015-10-18 21:41:19 +02:00
Smaine Kahlouch
af5e35e938
Configure bgp peering with border routers of dc
2015-10-15 09:40:02 +02:00
Smaine Kahlouch
f1647d621e
update submodules
2015-10-14 17:38:40 +02:00
Smaine Kahlouch
fb13b42db9
add postgres submodule
2015-10-14 13:30:17 +02:00
Smaine Kahlouch
72096c8b1b
add submodules
2015-10-14 12:01:40 +02:00
Smaine Kahlouch
fec609053c
use ansible-galaxy
2015-10-14 11:42:45 +02:00
Smaine Kahlouch
6183a4d3b1
dns vars for skydns submodule
2015-10-13 17:12:59 +02:00
Smaine Kahlouch
481d16d5ad
tag 'apps'
2015-10-12 17:31:04 +02:00
Smaine Kahlouch
347bc4a79c
remove fluentd configuration on nodes
2015-10-12 17:28:17 +02:00
Smaine Kahlouch
9c1f722f8d
Fix common directory
2015-10-12 14:26:55 +02:00
Smaine Kahlouch
c105e20ac9
Role common required
2015-10-12 14:13:53 +02:00
Smaine Kahlouch
4281506322
moving apps submodules to the directory roles/apps
2015-10-12 13:12:29 +02:00
Smaine Kahlouch
f9395f7259
add submodule postgres
2015-10-12 13:06:41 +02:00
Smaine Kahlouch
9c1543c3db
tag v1.0 for skydns
2015-10-10 22:07:27 +02:00
Smaine Kahlouch
a5849938d4
add submodule skydns
2015-10-10 21:52:47 +02:00
Smaine Kahlouch
ca977d7681
tag version v1.0 of kube-ui
2015-10-08 16:19:08 +02:00
Smaine Kahlouch
7841d4d3c9
Add submodule/role kube-ui
2015-10-08 14:01:25 +02:00
Antoine Legrand
e46adbca8a
Add submodules
2015-10-08 10:58:29 +02:00
Smaine Kahlouch
6b798d87d1
Docker garbage collection is already managed by kubelet daemon
2015-10-08 09:21:49 +02:00
Smaine Kahlouch
6b6a5ceeae
docker-gc executable cron task
2015-10-05 14:22:36 +02:00
Smaine Kahlouch
67be137e01
move fabric8 addon to 'default' namespace
2015-10-05 12:01:48 +02:00
Smaine Kahlouch
c26d2e17cd
Addon Fabric8
2015-10-05 11:27:13 +02:00
Smaine Kahlouch
e74ad80fe4
Readme v2
2015-10-04 10:55:52 +02:00
Smaine Kahlouch
00c562828f
Initial commit
2015-10-03 22:19:50 +02:00