Commit Graph

315 Commits (f5f7b1626b3079e864e09a49b128e90e95d1ff77)

Author SHA1 Message Date
k8s-ci-robot d14394c691
Merge pull request #3185 from mirwan/helm_install_docker_insecureport_0
Mount /root/.kube to helm container
2018-08-30 08:11:33 -07:00
k8s-ci-robot f48468b83b
Merge pull request #3195 from mirwan/fix_psp_templates
Fix some addons when PodSecurityPolicy is enabled
2018-08-30 03:37:52 -07:00
Erwan Miran ceb97e5809 Fix wrong syntax for jinja sub list extraction and addition of missing role template 2018-08-29 12:58:10 +02:00
Robin Elfrink bbdd1c8f06 Add option to change the Tiller Deployment namespace. 2018-08-29 11:20:41 +02:00
Arslanbekov Denis fe1e758856 Up dashboard version to 1.10.0 2018-08-28 14:10:19 +03:00
Erwan Miran b652792a93 /root/.kube must to mounted in order for helm to read kubeconfig and not fallback to localhost:8080 2018-08-27 18:17:26 +02:00
k8s-ci-robot d6f4d10075
Merge pull request #3153 from alvistack/remove-image_tag-suffix
Remove *_image_tag suffix from ReplicaSet/Deployment
2018-08-25 04:42:19 -07:00
Antoine Legrand 4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller
Cloud provider support for OCI (Oracle Cloud Infrastructure)
2018-08-23 18:22:45 +02:00
Aivars Sterns 23fd3461bc calico upgrade to v3 (#3086)
* calico upgrade to v3

* update calico_rr version

* add missing file

* change contents of main.yml as it was left old version

* enable network policy by default

* remove unneeded task

* Fix kubelet calico settings

* fix when statement

* switch back to node-kubeconfig.yaml
2018-08-23 17:17:18 +03:00
Erwan Miran a6a14e7f77 create the service account and roles even if the rbac is not enabled. it will just be ignored 2018-08-22 18:17:11 +02:00
Erwan Miran 80cfeea957 psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true 2018-08-22 18:16:13 +02:00
Wong Hoi Sing Edison c3b3572025 Always create service account even rbac_enabled = false 2018-08-22 11:41:29 +08:00
Wong Hoi Sing Edison f897596844 Remove *_image_tag suffix from ReplicaSet/Deployment 2018-08-22 11:02:56 +08:00
Jeff Bornemann 94df70be98 Cloud provider support for OCI (Oracle Cloud Infrastructure)
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
2018-08-21 17:36:42 -04:00
Andreas Krüger b3e32c1393
Merge pull request #3094 from hedayat/master
Add --dns-loop-detect to dnsmasq used in kube-dns
2018-08-20 09:27:15 +02:00
rongzhang 35efc387c4 Fix pull dns image error 2018-08-19 22:47:17 +08:00
Antoine Legrand c36744e96d
Merge pull request #3120 from alvistack/cephfs-provisioner-v2.0.0-k8s1.11
cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
2018-08-17 22:11:15 +02:00
Antoine Legrand 26bf719a02
Merge branch 'master' into multi-arch-support 2018-08-17 16:35:50 +02:00
Wong Hoi Sing Edison 1a07c87af7 cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
Upstream Changes:

-   cephfs-provisioner v2.0.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.0.0-k8s1.11)
-   Update ClusterRole

Our Changes:

-   Fix typo in defaults/main.yml (rs -> deploy)
-   Manifests cleanup
2018-08-17 12:41:56 +08:00
Wong Hoi Sing Edison 18612b3501 cert-manager: Upgrade to 0.4.1
Upstream Changes:

-   cert-manager 0.4.1 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.1)

Our Changes:

-   Better templates sync with upstream manifests
-   Remove fancy resources requests/limits customization
2018-08-16 08:47:01 +08:00
Chad Swenson 2c5781ace1
Merge pull request #2932 from wiremind/efk-fluentd-no-nodeselector
fluentd daemonset: do not set old nodeSelector.
2018-08-14 13:48:30 -05:00
Chad Swenson 0e3518f2ca
Merge pull request #2871 from fritchie/lptolerate
Local volume provisioner: tolerate NoSchedule
2018-08-14 13:39:57 -05:00
Chad Swenson 3a85a2f81c
Merge pull request #3080 from mirwan/netchecker_template_rendering_filename
Netchecker manifests should not have j2 extension
2018-08-14 13:24:16 -05:00
Hedayat Vatankhah c0221c2e72 Add --dns-loop-detect to dnsmasq used in kube-dns
It prevents DNS loops when host's DNS server is a localhost DNS server,
or when DNS server of cluster is also added as an upstream DNS server
2018-08-12 20:36:33 +04:30
Anton Fayzrahmanov 95f1e4634a local-volume-provisioner: use mountPropagation HostToContainer and version bump (#3081)
* Update local-volume-provisioner-ds.yml.j2

After v1.10.2 default mountPropagation is "None"

* local_volume_provisioner version bump

v2.1.0 uses the beta nodeAffinity API by default which is available starting 1.10

* Update local-volume-provisioner-ds.yml.j2

MY_NAMESPACE env

* Update README.md

Raw block devices docs.
2018-08-10 17:14:34 +03:00
Cédric de Saint Martin e3dcd96301 kubedns & kubedns-autoscaler: Stick to master nodes. (#2909)
* kubedns & kubedns-autoscaler: Stick to master nodes.

 - Tolerate only master nodes and not any NoSchedule taint
 - Pods are on different nodes
 - Pods are required to be on a master node.

* kubedns: use soft nodeAffinity.

Prefer to be on a master node, don't require.

* coredns: Stick to (different) master nodes.

     - Pods are on different nodes
     - Pods are preferred to be on a master node.
2018-08-09 10:42:53 -05:00
Erwan Miran 494ff9522b j2 extension should only be used for template filename, not target file on remote host 2018-08-09 11:29:45 +02:00
Rong Zhang 039180b2ca
Merge pull request #3022 from alvistack/weave-2.4.0
weave: Upgrade to 2.4.0
2018-08-09 15:01:05 +08:00
Rong Zhang 08dfb7b59f
Merge pull request #3073 from riverzhang/delete-istio
Remove istio support
2018-08-08 13:00:57 +08:00
rongzhang ea6af449a8 Remove istio support
Use helm install or support in future
2018-08-08 11:10:09 +08:00
Mathieu Herbert d285565475 Add tags for coredns and kubedns 2018-08-07 20:55:38 +02:00
Wong Hoi Sing Edison 538cb3b1bd weave: Upgrade to 2.4.0
Upstream Changes:

-   weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0)
-   Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924)
-   Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305)
-   Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317)

Our Changes:

-   Revamp weave-net.yml.j2 with upstream changes
-   Add more variables for customization
-   Replace WEAVE_PASSWORD with k8s secret
-   Remove hard-corded seed mode support, in favor of variables customization
2018-08-07 18:34:51 +08:00
Wong Hoi Sing Edison 17e335c6a7 ingress-nginx: Upgrade to 0.17.1
Upstream Changes:

-   ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1)
-   Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705)
-   Remove --publish-service flag, in favor of DaemonSet + hostPort

Close #2998
Close #2999
2018-08-07 18:31:08 +08:00
Rong Zhang 280d6cac1a
Merge pull request #2997 from alvistack/cert-manager-0.4.0
cert-manager: Upgrade to 0.4.0
2018-08-07 18:00:46 +08:00
Wong Hoi Sing Edison 0f400a113c cert-manager: Upgrade to 0.4.0
Upstream Changes:

-   cert-manager 0.4.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.0)
2018-08-07 14:29:28 +08:00
DBLaci d43f09081e
Merge pull request #1 from kubernetes-incubator/master
Follow upstream
2018-08-01 16:34:10 +02:00
Alexandre Ardhuin 9b349a9049 Fix label of registry in README 2018-07-27 11:42:21 +02:00
DBLaci b61c64a8ea token-ttl default value is int in seconds 2018-07-19 12:15:47 +02:00
DBLaci cb91003cea dashboard_token_ttl option override possibility with default 2018-07-13 15:26:18 +02:00
Wong Hoi Sing Edison a0defefb3f ingress-nginx: Upgrade to 0.16.2
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2)

This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.

Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites:

    GCE/Google Kubernetes Engine deploys an ingress controller on the master.

By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.

If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
2018-07-10 12:26:06 +08:00
Wong Hoi Sing Edison 62b1166911 cert-manager: Upgrade to 0.3.2
Upstream Changes:

-   cert-manager 0.3.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.3.2)

Our Changes:

-   Remove legacy addon dir, manifests and namespace before upgrade
2018-07-10 08:48:44 +08:00
Wong Hoi Sing Edison 728024e8ff cephfs-provisioner: Upgrade to 06fddbe2
-   cephfs-provisioner 06fddbe2 (https://github.com/kubernetes-incubator/external-storage/tree/06fddbe2/ceph/cephfs)

Noteable changes from upstream:

-   Added storage class parameters to specify a root path within the backing cephfs and, optionally, use deterministic directory and user names (https://github.com/kubernetes-incubator/external-storage/pull/696)
-   Support capacity (https://github.com/kubernetes-incubator/external-storage/pull/770)
-   Enable metrics server (https://github.com/kubernetes-incubator/external-storage/pull/797)

Other noteable changes:

-   Clean up legacy manifests file naming
-   Remove legacy manifests, namespace and storageclass before upgrade
-   `cephfs_provisioner_monitors` simplified as string
-   Default to new deterministic naming
-   Add `reclaimPolicy` support in StorageClass

With legacy non-deterministic naming style (where $UUID are generated ramdonly):

-   cephfs_provisioner_claim_root: /volumes/kubernetes
-   cephfs_provisioner_deterministic_names: false
-   Generated CephFS volume: /volumes/kubernetes/kubernetes-dynamic-pvc-$UUID
-   Generated CephFS user: kubernetes-dynamic-user-$UUID

With new default deterministic naming style (where $NAMESPACE and $PVC are predictable):

-   cephfs_provisioner_claim_root: /volumes
-   cephfs_provisioner_deterministic_names: true
-   Generated CephFS volume: /volumes/$NAMESPACE/$PVC
-   Generated CephFS user: k8s.$NAMESPACE.$PVC
2018-07-03 10:15:24 +08:00
Cédric de Saint Martin a260412c7e fluentd daemonset: do not set arbitrary nodeSelector. 2018-06-25 15:19:56 +02:00
Rong Zhang 2ef05fb3b7
Merge pull request #2763 from ameukam/update_efk_stack
Update efk stack
2018-06-24 19:01:32 +08:00
Rong Zhang e06d02365e
Merge pull request #2338 from southquist/template-openstack-storage-class
allow for configurable openstack storage class
2018-06-24 18:42:29 +08:00
Julien Mailleret 6aaaf4a272 Limit the maximum number of revisions saved per helm release (#2894)
* Limit the maximum number of revisions saved per helm release
2018-06-15 12:50:18 +02:00
Andreas Krüger df279b1ff6
Merge pull request #2890 from drekle/bugfix/dns-domain-incorrect-for-coredns
CoreDNS uses cluster_name instead of dns_domain
2018-06-15 09:06:11 +02:00
Rong Zhang 0686b8452e
Merge pull request #2860 from alvistack/cert-manager-0.3.0
cert-manager: Upgrade to v0.3.0
2018-06-14 10:35:23 +08:00
Derek Lemon 1e98e8444e Using dns domain instead of cluster name for coredns, incase they differ 2018-06-13 18:52:35 +00:00
Wong Hoi Sing Edison 291dd1aca8 Fixup #2545, cephfs-provisioner: Individual Namespace for Add-on 2018-06-13 21:52:58 +08:00