Commit Graph

3439 Commits (da06c8e5a95cac711a59ef30f9447a363e3d77b6)
 

Author SHA1 Message Date
Chen Hong 4ee9cb2be9 gather facts from all instances, maybe include calico-rr 2018-03-19 14:32:25 +08:00
woopstar f1d2f84043 Only apply roles from first master node to fix regression 2018-03-18 16:15:01 +01:00
woopstar b9a949820a Only copy tokens if tokens_list contains any 2018-03-18 08:42:38 +01:00
Andreas Krüger 50e5f0d28b
Merge pull request #2468 from LuckySB/master
change expirations period for generated certificate from 10y to 100 years
2018-03-17 19:43:40 +01:00
Sergey Bondarev 1481f7d64b Dedicated node for ingress nginx controller
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller

and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
2018-03-17 02:54:46 +03:00
Chad Swenson 7d33650019
Merge pull request #2462 from woopstar/coredns-patch
Add CoreDNS support
2018-03-16 18:33:36 -05:00
MQasimSarfraz 728598b230 Mark "calico-rr" as optional in fact gathering 2018-03-16 21:09:47 +00:00
woopstar e40368ae2b Add CoreDNS support with various fixes
Added CoreDNS to downloads

Updated with labels. Should now work without RBAC too

Fix DNS settings on hosts

Rename CoreDNS service from kube-dns to coredns

Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html

Updated docs with CoreDNS info

Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed

Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806'

Set dns list correct. Thanks to @whereismyjetpack

Only download KubeDNS or CoreDNS if selected

Move dns cleanup to its own file and import tasks based on dns mode

Fix install of KubeDNS when dnsmask_kubedns mode is selected

Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.

Run DNS manifests for CoreDNS and KubeDNS

Set skydns servers on dual stack deployment

Use only one template for CoreDNS dual deployment

Set correct cluster ip for the dns server
2018-03-16 21:51:37 +01:00
Brad Beam 4ff17cb5a5
Merge pull request #2457 from MQasimSarfraz/vsphere-volumes-rbac
Fix vsphere cloud_provider RBAC permissions
2018-03-16 14:08:49 -05:00
Sergey Bondarev b7e6dd0dd4 Add --iface-regex options to flannel
Flannel use interface for inter-host communication setted on --iface options
Defaults to the interface for the default route on the machine.

flannel config set via daemonset, and flannel config on all nodes is the same.
But different nodes can have different interface names for the inter-host communication network

The option --iface-regex allows the flannel to find the interface on which the address is set from the inter-host communication network
2018-03-16 21:44:36 +03:00
Qasim Sarfraz 8ee2091955
Merge pull request #3 from kubernetes-incubator/master
Sync Upstream
2018-03-16 17:21:54 +01:00
Sergey Bondarev 3fac550090 Merge remote-tracking branch 'upstream/master' 2018-03-16 14:09:54 +03:00
Andreas Krüger d29a1db134
Merge pull request #2461 from woopstar/patch-11
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger 653d97dda4
Merge pull request #2472 from woopstar/patch-12
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
Andreas Krüger 5364160d6a
Merge pull request #2476 from woopstar/patch-13
Enable encrypting the secrets
2018-03-16 08:22:54 +01:00
Andreas Krüger 1a35948ff6
Enable encrypting the secrets
Enable the CI test to check the encryption of secrets
2018-03-15 20:33:57 +01:00
woopstar 40c0f3756b Encapsulate item instead of casting to string 2018-03-15 20:27:21 +01:00
Andreas Krüger 3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428)
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Oleg Vyukov d843e3d562 Fix indent Custom ConfigMap ingress-nginx (#2447) 2018-03-15 22:18:18 +03:00
Aivars Sterns d8d5474dcc
Merge pull request #2467 from huzhengchuan/fix/kubeadm_enable
Fix error in kubelet.kubeadm.env.j2
2018-03-15 08:50:40 +02:00
Andreas Krüger 788e41a315
Make sure output from extra args is strings
Setting the following:

```
kube_kubeadm_controller_extra_args:
  address: 0.0.0.0
  terminated-pod-gc-threshold: "100"
```

Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
MQasimSarfraz 1bcc641dae Create vsphere clusterrole only if it doesnt exists 2018-03-14 11:29:35 +00:00
Sergey Bondarev f8fed0f308 change expirations period for generated certificate from 10 years to 100 years 2018-03-14 13:33:36 +03:00
zhengchuan hu d1e6632e6a Fix err in kubelet.kubeadm.env.j2
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns 710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang 3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn f3788525ff fixes yamllint for docker defaults, and weave network plugin 2018-03-13 06:15:48 -04:00
Andreas Krüger 39d247a238
Add support to kubeadm too
Explicitly defines the --kubelet-preferred-address-types parameter #2418

Fixes #2453
2018-03-13 10:31:15 +01:00
Aivars Sterns b37144b0b2
Merge pull request #2459 from riverzhang/remove-node-docs
Add remove node to getting-started doc
2018-03-13 11:12:42 +02:00
rong.zhang 2e0b33f754 Add remove node to getting-started doc 2018-03-13 16:41:26 +08:00
Aivars Sterns adc3f79c23
Merge pull request #2458 from jouve/collect_info
use archive instead of command
2018-03-13 09:45:48 +02:00
Aivars Sterns 7904b454ba
Merge pull request #2460 from riverzhang/fix-weave
Fix yamllint roles error for #2188 commit
2018-03-13 09:40:54 +02:00
rong.zhang d264da8f08 Fix yamllint roles error for #2188 commit 2018-03-13 14:28:49 +08:00
Cyril Jouve 6abe78ff46 use archive instead of command 2018-03-12 19:59:22 +01:00
MQasimSarfraz 9a4aa4288c Fix vsphere cloud_provider RBAC permissions 2018-03-12 18:07:08 +00:00
Dann Bohn 50e3ccfa2b uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt 2018-03-12 12:46:14 -04:00
RongZhang 69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang 649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns 973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns 436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns 5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang ecec94ee7e Fix Docker exits prematurely
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang 196995a1a7 Fix issues#2451 Support docker-ce and docker-engine
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith 3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
FIXUP #2424: local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith 2132ec0269
Merge pull request #2378 from dleske/reorg-inventory-for-opst
Update OpenStack contrib to use per-cluster inventory layout
2018-03-09 15:21:21 -05:00
Spencer Smith c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith 5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen cd153a1fb3 Fix kubernetes cert permission sync
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen b0ab92c921 Prefix system:node CRB
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang 5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00