Takashi Okamoto
37ccf7e405
Fixed kubectl path.
2018-07-13 15:32:08 +00:00
Matthew Mosesohn
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation ( #2985 )
...
apiserver cert should be created only once
2018-07-11 14:58:02 +03:00
Rong Zhang
cf445fd4fe
Merge pull request #2930 from alvistack/ingress-nginx-0.16.1
...
ingress-nginx: Upgrade to 0.16.2
2018-07-10 14:42:37 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp
...
Force copy cni files
2018-07-10 09:40:10 +03:00
Wong Hoi Sing Edison
a0defefb3f
ingress-nginx: Upgrade to 0.16.2
...
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2 )
This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.
Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites :
GCE/Google Kubernetes Engine deploys an ingress controller on the master.
By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.
If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
2018-07-10 12:26:06 +08:00
Dao Hoang Son
d306c9708c
Remove step that force disable `kube_basic_auth`.
...
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
2018-07-08 16:57:43 +07:00
Matthew Mosesohn
1a3b9dd864
Force copy cni files
2018-07-06 16:39:42 +03:00
Matthew Mosesohn
5c617c5a8b
Add tags to deploy components by --tags option ( #2960 )
...
* Add tags for cert serial tasks
This will help facilitate tag-based deployment of specific components.
* fixup kubernetes node
2018-07-06 09:12:13 +03:00
Aivars Sterns
4092f96dd8
Merge pull request #2946 from Miouge1/remove-pid-predicate
...
CheckNodePIDPressure is not supported in v1.10
2018-07-04 18:30:19 +03:00
Matthew Mosesohn
c20196f9a0
Remove modprobe binary from kubelet rkt deployment ( #2917 )
2018-07-02 15:37:24 +03:00
Miouge1
2a279e30b0
CheckNodePIDPressure is not supported in v1.10
2018-06-28 20:10:38 +02:00
southquist
c685dc493f
allow for setting the cacert on openstack cloud provider
2018-06-28 16:00:13 +02:00
Yumo Yang
6c2f169ea2
update test-pr2 ( #2911 )
2018-06-22 13:22:26 +03:00
Rong Zhang
1aee6ec371
Merge pull request #2903 from riverzhang/swap
...
Add manage swap on the worker node
2018-06-21 22:20:23 +08:00
rongzhang
3232e2743e
Add manage swap on the worker node
2018-06-21 08:15:01 +00:00
Andreas Krüger
cbb959151c
Merge pull request #2737 from Miouge1/update-scheduler
...
Update kube-scheduler policy
2018-06-19 14:53:22 +02:00
Andreas Krüger
c3d8b131db
Merge pull request #2801 from dvazar/bugfix/undefined__network_plugin__variable
...
Fixed "network_plugin" variable
2018-06-19 10:01:06 +02:00
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
2018-06-18 16:58:29 +03:00
Andreas Krüger
3a569c9dcb
Merge pull request #2750 from w-leads/feature/add-vmname-to-vcp-config
...
Add vm_name option to vsphere cloud provider config
2018-06-14 22:22:34 +02:00
Brad Beam
3d819a6edd
Adding cluster_name to api cert alt name for vault
2018-06-12 14:15:07 -05:00
rongzhang
20bd656975
Reconfigure kube-proxy to access kube-apiserver via the LB(kubeadm)
2018-06-12 12:53:50 +00:00
Rong Zhang
10c9fe96b0
Merge pull request #2859 from riverzhang/nginx
...
Fix nginx-proxy HA when kubeadm enable
2018-06-08 01:10:01 +08:00
rongzhang
f9ccb93825
Fix nginx-proxy HA when kubeadm enable
2018-06-07 14:27:19 +00:00
Aivars Sterns
daeea75fbb
Merge pull request #2835 from oracle/bm_fix-apiserver-access-ip
...
roles/kubernetes/client: kubeconfig template should use access_ip
2018-06-07 11:50:57 +03:00
Matthew Mosesohn
59be578842
Revert "wip pr for improved cert sync" ( #2849 )
2018-06-06 17:22:25 +03:00
Aivars Sterns
cb0a257349
Merge pull request #2819 from oleh-ozimok/fix-cidr-assert
...
Fix enough network address space assert
2018-06-06 07:32:16 +03:00
Di Xu
f4d762bb95
fix docker opts incompatible running on aarch64 Redhat/Centos
...
On Aarch64, the default cgroup driver for docker is systemd
instead of cgroupfs. Should conform kubelet to use systemd
as cgroup driver as well to keep it consistent with docker.
Without this change, below exception will be raised.
/usr/bin/docker-current: Error response from daemon: shim
error: docker-runc not installed on system.
Change-Id: Id496ec9eaac6580e4da2f3ef1a386c9abc2a5129
2018-06-05 16:17:16 +08:00
Aivars Sterns
69ea28e187
Merge pull request #2827 from mattymo/testpr
...
wip pr for improved cert sync
2018-06-04 12:43:00 +03:00
Ben Meier
2f5a9e180c
kubernetes/client: kubeconfig template should use the access_ip for the chosen master node
2018-06-04 09:51:05 +01:00
Dmitry
f912a4ece5
Fix compare AnsibleUnsafeText with int ( #2828 )
2018-06-04 11:34:10 +03:00
Rong Zhang
d1e66f9cc8
Add label to kubelet env for kubeadm deploy cluster ( #2841 )
2018-06-04 11:26:47 +03:00
Matthew Mosesohn
7433348aae
wip pr for improved cert sync
2018-05-30 12:15:11 +03:00
Oleg Ozimok
38f7ba2584
Fix enough network address space assert
2018-05-27 18:01:17 +03:00
dvazar
b3f9cae820
fixed a check unknown networks (cilium & contiv)
2018-05-22 16:43:19 +07:00
Andreas Krüger
a67bdff28c
Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl
...
opensuse: Fix OpenSSL package name
2018-05-22 11:21:04 +02:00
dvazar
4b8daa22f6
Fixes #2800
2018-05-19 00:57:09 +07:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Christopher J. Ruwe
c1bc4615fe
assert that number of pods on node does not exceed CIDR address range
...
The number of pods on a given node is determined by the --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.
The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.
Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
2018-05-16 11:55:46 +00:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
...
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Christopher J. Ruwe
73800ef111
make certificates non-executable
2018-05-15 07:54:32 +00:00
Christopher J. Ruwe
49d106f615
make admin.conf -> .kube/config non-executable
...
Almost certainly, the .kube/config file (YAML) should not be executable.
2018-05-14 09:29:48 +00:00
Miouge1
ad48606e4e
Restart scheduler when policy changes
2018-05-14 10:09:30 +02:00
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
Ryo Nishikawa
51a9379d3c
Add vm_name option to vsphere cloud provider config
2018-05-08 12:23:58 -07:00
Andreas Krüger
d73d60c9b0
Merge pull request #2600 from maximegaillard/master
...
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Michal Rostecki
066016cd3e
opensuse: Fix OpenSSL package name
...
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
2018-05-08 10:03:30 +02:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
...
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Miouge1
70e0998a70
Update kube-scheduler policy
2018-05-03 21:56:51 +02:00
Chad Swenson
595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix
...
sync certs tasks (fix #2596 #2667 )
2018-05-02 12:17:23 -05:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Maxime Gaillard
00db751646
Add Openstack tenant name
2018-05-01 09:21:37 +02:00
Tomasz Majchrowski
59789ae02a
ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode ( #2707 )
2018-04-30 14:48:17 +03:00
Andreas Krüger
03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args
...
Add oidc-user-prefix and oidc-group-prefix args
2018-04-30 09:17:02 +02:00
mirwan
06cdb260f6
labelvalue must be formatted to handle non string values ( #2722 )
2018-04-29 19:02:14 +03:00
mirwan
c3c5817af6
sysctl file should be in defaults so that it can be overriden ( #2475 )
...
* sysctl file should be in defaults so that it can be overriden
* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
2018-04-27 18:50:58 +03:00
Markos Chandras
9168c71359
Revert "Revert "Add openSUSE support" ( #2697 )" ( #2699 )
...
This reverts commit 51f4e6585a
.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn
1a14f1ecc1
Fix vol format for local volume provisioner in rkt ( #2698 )
2018-04-24 20:32:08 +03:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" ( #2697 )
2018-04-23 14:28:24 +03:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
2018-04-23 12:23:59 +09:00
Romain DEQUIDT
80dd230a65
sync certs tasks ( fix #2596 #2667 )
2018-04-22 10:00:31 +02:00
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost
2018-04-19 11:38:13 -05:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet ( #2648 )
2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support
...
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert
...
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3
...
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Markos Chandras
d07f75b389
roles: kubernetes: secrets: Add SUSE support
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Nirmoy Das
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
...
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
...
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
...
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
2018-04-10 14:37:24 +03:00
Aivars Sterns
913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
...
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00
Aivars Sterns
a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do
...
Remove jinja2 dependency of do
2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 13:30:48 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Atoms
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
2018-04-09 13:19:26 +03:00
Matthew Mosesohn
f954bc0a5a
Remove jinja2 dependency of do
...
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
2018-04-09 12:27:53 +03:00
Brad Beam
dfc46f02d7
Adding missing service-account certificate for vault
...
Missed in #2554
2018-04-06 15:29:52 -05:00
Daniel Hoherd
ca40d51bc6
Fix typos (no logic changes)
2018-04-05 15:54:58 -07:00
Chen Hong
973e7372b4
content: |
2018-04-04 23:05:27 +08:00
Chen Hong
b54e091886
Persist ip_vs modules
2018-04-04 18:18:51 +08:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
georgejdli
76bb5f8d75
check if dedicated service account token signing key exists
2018-04-02 10:57:24 -05:00
Andreas Krüger
ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs
...
Move cloud config configurations to proper location
2018-04-02 10:31:38 +02:00
Matthew Mosesohn
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
...
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
.
* add python interpreter workaround for localhost
2018-04-02 11:19:23 +03:00
woopstar
86e3506ae6
Etcd cluster setup makeover
...
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
2018-04-01 21:38:33 +02:00
Wong Hoi Sing Edison
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
2018-04-01 00:22:33 +08:00
Andreas Krüger
5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3
...
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 18:15:25 +02:00
Andreas Krüger
1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling
...
node_labels documentation and kube-ingress label definition as role_node_label
2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
avoidik
aa301c31d1
Move credential checks into proper folder
2018-03-31 13:29:00 +03:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
avoidik
15efdf0c16
Move credential checks
2018-03-31 03:26:37 +03:00
avoidik
ab8760cc83
Move credentials pre-check
2018-03-31 03:24:57 +03:00
avoidik
b6da596ec1
Move default configuration parameters for cloud-config
2018-03-31 03:18:23 +03:00
avoidik
3c12c6beb3
Move cloud config configurations to proper location
2018-03-31 02:59:59 +03:00
Erwan Miran
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
2018-03-31 00:36:11 +02:00