d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
2c89a02db3
Only download container/file if host is in defined group ( #2565 )
...
* Only download container/file if host is in defined group
* Set correct when clause
* Fix last entries
* Update download groups
2018-03-30 22:40:01 -04:00
0ca08e03af
Merge pull request #2566 from woopstar/etcd-fix-2
...
Fix etcd from import task to include task
2018-03-30 20:53:32 -04:00
15efdf0c16
Move credential checks
2018-03-31 03:26:37 +03:00
ab8760cc83
Move credentials pre-check
2018-03-31 03:24:57 +03:00
b6da596ec1
Move default configuration parameters for cloud-config
2018-03-31 03:18:23 +03:00
3c12c6beb3
Move cloud config configurations to proper location
2018-03-31 02:59:59 +03:00
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
2018-03-31 00:36:11 +02:00
887a468d32
Merge pull request #2562 from avoidik/fix-indexes-pr-2251
...
Fix kubecert_node.results indexes
2018-03-31 00:16:11 +02:00
859a7f32fb
Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time
2018-03-31 00:06:34 +02:00
1f28764ca1
Merge pull request #2512 from woopstar/hyperkube-fix-1
...
Switch hyperkube from CoreOS to Google
2018-03-30 21:58:03 +02:00
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
...
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
7ddd4cd38c
Merge pull request #2561 from rsmitty/no_proxy
...
only set no_proxy if other proxy vars are defined
2018-03-30 21:43:23 +02:00
c1eb975545
Merge pull request #2557 from chenhonggc/vault_health_check_delay
...
Maybe vault health check needs delay
2018-03-30 21:39:15 +02:00
572ab650db
copy dedicated service account token signing key for kubeadm migration
2018-03-30 13:03:32 -05:00
72c2a8982b
Fix kubecert_node.results indexes
2018-03-30 17:24:50 +03:00
13c57147eb
only set no_proxy if other proxy vars are defined
2018-03-30 09:48:55 -04:00
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
af5f376163
Revert
2018-03-30 11:42:20 +02:00
004b0a3fcf
Fix merge conflict
2018-03-30 11:38:59 +02:00
4bb7d2b566
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into cert-fix-2
2018-03-30 11:34:05 +02:00
f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
...
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
55195fe546
Merge pull request #2500 from gorazio/patch-1
...
Add prometheus annotations to spec in ingress
2018-03-30 11:02:31 +02:00
5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
...
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
4a705b3fba
May vault health check needs delay
2018-03-30 16:42:08 +08:00
4d85e3765e
remove redundancy code
2018-03-30 09:19:00 +08:00
f0a04b4d65
wait 5 * 4 secs until Tiller starts
2018-03-30 00:09:36 +03:00
760ca1c3a9
adding checking for prometheus_operator_enabled
2018-03-29 23:03:43 +03:00
23b3833806
running on the first master only.
2018-03-29 22:51:46 +03:00
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
...
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
2018-03-29 11:37:32 -05:00
c8f857eae4
configure kubespray to sign service account tokens with a dedicated and stable key
2018-03-29 09:50:31 -05:00
270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing
...
Write cloud-config during kubelet configuration
2018-03-29 09:12:18 +02:00
bf29198efd
Fix merge conflict
2018-03-29 09:11:13 +02:00
9ebbf1c3cd
Added a fix in openssl.conf template to check if IP of loadbalncer is available or not.
2018-03-28 16:34:26 -05:00
ef7f5edbb3
Remove old docker packages and other docker upgrade fixes ( #2536 )
...
* Remove old docker packages
This removes docker packages that are obsolete if docker-ce packages are to be installed, which fixes some package conflict issues that can occur during upgrades.
* Add support for setting obsoletes=0 when installing docker with yum
2018-03-28 15:10:39 -05:00
0b5404b2b7
Fix
2018-03-28 20:28:04 +02:00
19e1b11d98
prometheus operator, metrics for k8s cluster
...
install using Helm:
- Prometheus Operator
- metrics for k8s cluster including: grafana dashboard, alertmanager, node exporters
base project:
https://github.com/coreos/prometheus-operator
the issue:
https://github.com/kubernetes-incubator/kubespray/issues/2042
Previous PR, raw ansible without Helm:
https://github.com/kubernetes-incubator/kubespray/pull/2499
2018-03-28 21:23:30 +03:00
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
2018-03-28 17:48:56 +02:00
72a4223884
Write cloud-config during kubelet configuration
...
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
2018-03-28 16:26:36 +03:00
03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role
...
Dedicated node for ingress nginx controller
2018-03-28 14:07:40 +02:00
848fc323db
Fixup for #2523 :
...
- Rename template for /etc/cni/net.d/00-weave.conflist to 00-weave.conflist.j2
- Apply resources requests/limits to both container weave and weave-npc
2018-03-28 11:16:42 +08:00
015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7
...
Update Calico and Canal
2018-03-27 21:07:28 -05:00
2ca7087018
Merge pull request #2524 from avoidik/systemd_user_kubelet
...
Set exact user for Kubelet services
2018-03-27 16:41:10 +02:00
d665f14682
Merge pull request #2526 from mzehrer/patch-1
...
Remove kibana_base_url
2018-03-27 12:40:31 +02:00
e375678674
Set exact user for Kubelet services
2018-03-27 11:13:52 +03:00
4f7479d94d
add etc tunning options
...
https://coreos.com/etcd/docs/latest/tuning.html
etcd_snapshot_count
and
ionice priority
2018-03-26 17:25:51 +03:00
b8d1652baf
Remove kibana_base_url
...
The default for kibana_base_url does not make sense an makes kibana unusable. The default path forces a 404 when you try to open kibana in the browser. Not setting kibana_base_url works just fine.
2018-03-25 16:08:07 +02:00
f7dc73b830
Merge pull request #2521 from f84anton/patch-1
...
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
2018-03-24 18:37:03 +01:00
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
2018-03-24 13:29:07 -04:00
3f5c60886b
Upgrade Weave to 2.2.1
...
- Fix #2414 , so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
2018-03-24 17:27:12 +08:00
a75598b3f4
IP_AUTODETECTION_METHOD docs
2018-03-24 01:54:17 +03:00
60a057cace
Update calico-node.yml.j2
2018-03-24 01:46:26 +03:00
dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
...
can be set to one of
first-found
can-reach
interface
2018-03-23 16:33:20 +03:00
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
2018-03-23 08:33:25 -04:00
caec3de364
Updating to use calico-node v2.6.8
2018-03-22 12:33:04 -05:00
60bfc56e8e
Update Calico and Canal
...
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
2018-03-22 12:30:23 -05:00
206e24448b
CephFS Provisioner Addon Fixup
2018-03-22 23:03:13 +08:00
bb1eb9fec8
Add labels for namespace
2018-03-22 21:33:32 +08:00
b0d7115e9b
hswong3i/kubespray#3 : Use {{ cluster_name }} for valid FQDN in REGISTRY_HOST
2018-03-22 21:33:32 +08:00
f8ebd08e75
Registry Addon Fixup
2018-03-22 21:33:32 +08:00
30e4b89837
Merge pull request #2504 from brtknr/patch-1
...
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
2018-03-22 09:15:55 +01:00
405c711edb
Remove v in tag
2018-03-22 09:07:28 +01:00
0e6b4e80f7
Merge pull request #2490 from woopstar/workaround-fix-1
...
Only apply roles from first master node to fix regression
2018-03-21 20:29:59 -05:00
9949782e96
Merge pull request #2489 from woopstar/token-fix-1
...
Only copy tokens if tokens_list contains any
2018-03-21 20:28:06 -05:00
bbb6e7b3da
Merge pull request #2508 from melkosoft/cilium
...
Cilium v.1.0.0-rc8
2018-03-21 20:25:43 -05:00
bc68188209
Merge pull request #2498 from zmsp/master
...
Upgraded kubernetes from 1.9.3 to 1.9.5
2018-03-21 20:25:05 -05:00
d3780e181e
Switch hyperkube from CoreOS to Google
2018-03-21 23:27:16 +01:00
2e202051e3
Merge pull request #2364 from whereismyjetpack/default-download
...
set local_release_dir in downloads to match others
2018-03-21 23:16:48 +01:00
448c1d5faa
Merge pull request #2509 from chadswen/flannel-update
...
Update flannel version to v0.10.0
2018-03-21 12:15:09 -05:00
ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1
...
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-21 10:03:31 +01:00
8b71ef8ceb
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
2018-03-21 09:19:05 +01:00
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
2018-03-21 10:50:32 +03:00
a6b918c1a1
Merge pull request #2485 from LuckySB/flannel_iface_regexp
...
Add --iface-regex options to flannel
2018-03-20 21:18:01 -05:00
c025ab4eb4
Update flannel version to v0.10.0
2018-03-20 19:59:51 -05:00
ae30009fbc
changed version to 1.0.0-rc8
2018-03-20 14:18:56 -07:00
158d775306
changed cilium to 1.0.0-rc7. Set CI to use coreos for cilium test
2018-03-20 12:43:26 -07:00
9d540165c0
Set kube_api_aggregator_routing to default false as we use kube-proxy
2018-03-20 16:28:05 +01:00
13e47e73c8
Update kubeadm-config.yaml.j2
...
As requested
2018-03-20 13:33:36 +00:00
d2fd7b7462
Update kube-apiserver.manifest.j2
2018-03-20 12:19:53 +00:00
d9453f323b
Update kube-apiserver.manifest.j2
2018-03-20 12:16:35 +00:00
b787b76c6c
Update kube-apiserver.manifest.j2
...
Ensure that kube-apiserver will respond even if one of the nodes are down.
2018-03-20 12:06:34 +00:00
a94a407a43
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-20 12:08:36 +01:00
96e46c4209
bump after CLA signing
2018-03-20 10:23:50 +03:00
aa30fa8009
Add prometheus annotations to spec in ingress
...
Added annotations from metadata to spec.template.metadata. Without it, pod does not get any annotations, and Prometheus didn't see it
2018-03-20 08:47:36 +03:00
ebfee51aca
Upgraded kubernetes from 1.9.3 to 1.9.5
2018-03-19 15:42:24 -04:00
14ac7d797b
Rotate local-volume-provisioner token
...
When tokens need to rotate, include local-volume-provisioner
2018-03-19 13:04:18 +01:00
f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir
...
Support multiple artifacts under individual inventory directory
2018-03-19 12:45:55 +01:00
038da7255f
check if group kube-ingress is not empty
...
fix spelling mistaker ingress_nginx_host_network
set default value for ingress_nginx_host_network: false
2018-03-19 12:59:38 +03:00
f1d2f84043
Only apply roles from first master node to fix regression
2018-03-18 16:15:01 +01:00
b9a949820a
Only copy tokens if tokens_list contains any
2018-03-18 08:42:38 +01:00
50e5f0d28b
Merge pull request #2468 from LuckySB/master
...
change expirations period for generated certificate from 10y to 100 years
2018-03-17 19:43:40 +01:00
1481f7d64b
Dedicated node for ingress nginx controller
...
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller
and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
2018-03-17 02:54:46 +03:00
7d33650019
Merge pull request #2462 from woopstar/coredns-patch
...
Add CoreDNS support
2018-03-16 18:33:36 -05:00
e40368ae2b
Add CoreDNS support with various fixes
...
Added CoreDNS to downloads
Updated with labels. Should now work without RBAC too
Fix DNS settings on hosts
Rename CoreDNS service from kube-dns to coredns
Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html
Updated docs with CoreDNS info
Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed
Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806 '
Set dns list correct. Thanks to @whereismyjetpack
Only download KubeDNS or CoreDNS if selected
Move dns cleanup to its own file and import tasks based on dns mode
Fix install of KubeDNS when dnsmask_kubedns mode is selected
Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.
Run DNS manifests for CoreDNS and KubeDNS
Set skydns servers on dual stack deployment
Use only one template for CoreDNS dual deployment
Set correct cluster ip for the dns server
2018-03-16 21:51:37 +01:00
b7e6dd0dd4
Add --iface-regex options to flannel
...
Flannel use interface for inter-host communication setted on --iface options
Defaults to the interface for the default route on the machine.
flannel config set via daemonset, and flannel config on all nodes is the same.
But different nodes can have different interface names for the inter-host communication network
The option --iface-regex allows the flannel to find the interface on which the address is set from the inter-host communication network
2018-03-16 21:44:36 +03:00
8ee2091955
Merge pull request #3 from kubernetes-incubator/master
...
Sync Upstream
2018-03-16 17:21:54 +01:00
3fac550090
Merge remote-tracking branch 'upstream/master'
2018-03-16 14:09:54 +03:00
d29a1db134
Merge pull request #2461 from woopstar/patch-11
...
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
653d97dda4
Merge pull request #2472 from woopstar/patch-12
...
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
40c0f3756b
Encapsulate item instead of casting to string
2018-03-15 20:27:21 +01:00
3d6fd49179
Added option for encrypting secrets to etcd v.2 ( #2428 )
...
* Added option for encrypting secrets to etcd
* Fix keylength to 32
* Forgot the default
* Rename secrets.yaml to secrets_encryption.yaml
* Fix static path for secrets file to use ansible variable
* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2
* Base64 encode the token
* Fixed merge error
* Changed path to credentials dir
* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions
* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
d843e3d562
Fix indent Custom ConfigMap ingress-nginx ( #2447 )
2018-03-15 22:18:18 +03:00
788e41a315
Make sure output from extra args is strings
...
Setting the following:
```
kube_kubeadm_controller_extra_args:
address: 0.0.0.0
terminated-pod-gc-threshold: "100"
```
Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
1bcc641dae
Create vsphere clusterrole only if it doesnt exists
2018-03-14 11:29:35 +00:00
f8fed0f308
change expirations period for generated certificate from 10 years to 100 years
2018-03-14 13:33:36 +03:00
d1e6632e6a
Fix err in kubelet.kubeadm.env.j2
...
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
...
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
...
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
f3788525ff
fixes yamllint for docker defaults, and weave network plugin
2018-03-13 06:15:48 -04:00
39d247a238
Add support to kubeadm too
...
Explicitly defines the --kubelet-preferred-address-types parameter #2418
Fixes #2453
2018-03-13 10:31:15 +01:00
d264da8f08
Fix yamllint roles error for #2188 commit
2018-03-13 14:28:49 +08:00
9a4aa4288c
Fix vsphere cloud_provider RBAC permissions
2018-03-12 18:07:08 +00:00
50e3ccfa2b
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-12 12:46:14 -04:00
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
...
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
...
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
...
fix nodePort for weave
2018-03-12 10:55:41 +02:00
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
...
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
...
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
ecec94ee7e
Fix Docker exits prematurely
...
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
196995a1a7
Fix issues#2451 Support docker-ce and docker-engine
...
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
...
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
...
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
...
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
cd153a1fb3
Fix kubernetes cert permission sync
...
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
b0ab92c921
Prefix system:node CRB
...
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`
Fixes #2121
2018-03-08 23:56:46 -06:00
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
...
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
...
Fix systemd version detection
2018-03-08 22:28:12 -06:00
8e36ad09b4
clean http-proxy.conf
2018-03-08 23:16:02 +08:00
96a92503cb
Fix always download calico_rr image
2018-03-08 17:04:16 +08:00
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
...
Remove nodes
2018-03-08 01:55:20 -06:00
12c78e622b
Remove nodes
...
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
...
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
a086686e9f
Support multiple artifacts under individual inventory directory
2018-03-08 11:57:53 +08:00
6402004018
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-08 11:57:46 +08:00
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
...
fix the name of some variable
2018-03-07 21:25:32 -06:00
605738757d
Fix systemd version detection
...
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
3f96b2da7a
Add Custom ConfigMap Support for ingress-nginx
2018-03-07 21:37:45 +08:00
dbf40bbbb8
docker-ce instead of docker-engine repo ( #2423 )
...
* Use docker-ce 17.03.2
* Docker-engine may be discarded
2018-03-07 15:11:20 +03:00
646d473e8e
fix the name of some variable
2018-03-07 18:30:34 +08:00
6975cd1622
Merge pull request #2419 from hswong3i/ingress_nginx_labels
...
Add labels for ingress_nginx_namespace
2018-03-06 08:01:13 +02:00
b7f9bf43c2
Merge pull request #2421 from ctlam/master
...
Adding ssh_private_key_file to ProxyCommand
2018-03-06 07:59:26 +02:00
388b627f72
Enable OOM killing for etcd-events
...
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
f9019ab116
Adding ssh_private_key_file to ProxyCommand
...
This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.
2018-03-05 13:15:10 -08:00
07657aecf4
add support for azure vnetResourceGroup
2018-03-05 13:40:25 -06:00
e65904eee3
Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled
2018-03-05 23:11:18 +08:00
89847d5684
Explicitly defines the --kubelet-preferred-address-types parameter
...
to the API server configuration.
This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
585303ad66
Start with three dashes for consistency
2018-03-03 10:05:05 +04:00
a800ed094b
Added support for webhook authentication/authorization on the secure kubelet endpoint
2018-03-03 10:00:09 +04:00
fd46442188
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
2018-03-02 23:33:19 +08:00
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
...
Fixes #2397
2018-03-02 15:36:52 +03:00
b75b6b513b
Merge pull request #2406 from riverzhang/fedora
...
Delete unused fedora docker repo
2018-03-02 09:33:57 +02:00
2a3b48edaf
Delete unused fedora docker repo
2018-03-02 14:39:13 +08:00
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
...
Enable OOM killing
2018-03-01 14:56:26 +01:00
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
...
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
...
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
0fd3b9f7af
Merge pull request #2391 from Miouge1/latest-helm
...
Install latest version of Helm
2018-02-28 15:04:41 -05:00
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" ( #2393 )
2018-02-28 22:41:52 +03:00
6ce507f39f
Merge pull request #2345 from mattymo/credentials_upgrade_fix
...
Add pre-upgrade task for moving credentials file
2018-02-28 12:39:02 -06:00
34cab91e86
Merge pull request #2366 from z1nkum/bump_dashboard_tag
...
Bump dashboard from 1.8.1 to 1.8.3 because of reload bug
2018-02-28 12:38:34 -06:00
63de9bdba3
Merge pull request #2363 from whereismyjetpack/default-kube-proxy
...
default kube_proxy_mode in kubernetes-defaults
2018-02-28 12:37:46 -06:00
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
ad89d1c876
Update pre_upgrade.yml
2018-02-28 19:07:44 +03:00
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf
2018-02-28 16:04:52 +00:00
2257dc9baa
Install latest version of Helm
2018-02-28 16:29:38 +01:00
977e7ae105
remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3
2018-02-28 12:52:59 +03:00
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
bb469005b2
Add pre-upgrade task for moving credentials file
2018-02-27 17:35:15 +03:00
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
b7e06085c7
Upgrade to Kubernetes v1.9.3 ( #2323 )
...
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
...
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
...
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00
c874f16c02
Fixing credential lookup for fe proxy and vault ( #2361 )
2018-02-22 15:09:26 +03:00
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
87f33a4644
Use CNI to assign kube_pods_subnet for calico
...
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
2d69b05c77
set local_release_dir in downloads to match others
2018-02-21 11:35:34 -05:00
2eb57ee5cd
default kube_proxy_mode in kubernetes-defaults
2018-02-21 11:33:25 -05:00
85c69c2a4a
Add check for atomic hosts in template
2018-02-21 08:26:18 -08:00
c20f38b89c
retry unmount kubelet dirs
2018-02-21 14:41:57 +03:00
d4c61d2628
Fixup for gce_centos7-flannel-addons
2018-02-21 13:41:25 +08:00
deef47c923
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-02-21 13:41:25 +08:00
c19d8994b9
Set TasksMax to infinity on any OS with systemd
2018-02-20 11:55:13 -08:00
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
...
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
f13e76d022
Added cilium support ( #2236 )
...
* Added cilium support
* Fix typo in debian test config
* Remove empty lines
* Changed cilium version from <latest> to <v1.0.0-rc3>
* Add missing changes for cilium
* Add cilium to CI pipeline
* Fix wrong file name
* Check kernel version for cilium
* fixed ci error
* fixed cilium-ds.j2 template
* added waiting for cilium pods to run
* Fixed missing EOF
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed too many blank lines
* Updated tolerations,annotations in cilium DS template
* Set cilium_version to iptables-1.9 to see if bug is fixed in CI
* Update cilium image tag to v1.0.0-rc4
* Update Cilium test case CI vars filenames
* Add optional prometheus flag, adjust initial readiness delay
* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
95e2bde15b
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-02-16 16:20:08 -05:00
4c280e59d4
Use legacy policy config to apply the scheduler policy
2018-02-16 13:43:35 +01:00
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
...
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
ba2107ea8c
is-default-class is case sensative so we must return a lowercase string
2018-02-15 10:51:42 +01:00
3f44a33738
allow for configurable openstack storage class
2018-02-14 11:32:56 +01:00
c0aad0a6d5
Fix install etcd by host service ( #2297 )
...
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
41ca67bf54
Added iptables lock fix and ajusted oom-score
...
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
d72232f15b
Increased timeout values for k8s API server restart
2018-02-12 07:35:29 +00:00
03c61685fb
Added apiserver extra args variable for kubeadm config ( #2291 )
2018-02-12 10:29:46 +03:00
46284198f8
Merge pull request #2298 from clkao/patch-2
...
Fix version comparison
2018-02-11 17:22:39 +01:00
bbb1da1a83
Fix default_resolver is undefined
...
fix issues #2265
2018-02-10 10:08:26 -06:00
07075add3d
Add optional StorageClass name with cephfs_provisioner_storage_class
2018-02-10 20:31:34 +08:00
338238d086
Fix version comparison
...
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
03bb729fea
Making status and detection mo betta
2018-02-09 12:30:46 -06:00
f8a59446e8
Enable OOM killing
...
When etcd exceeds its memory limit, it becomes useless but keeps running.
We should let OOM killer kill etcd process in the container, so systemd can spot
the problem and restart etcd according to "Restart" setting in etcd.service unit file.
If OOME problem keep repeating, i.e. it happens every single restart,
systemd will eventually back off and stop restarting it anyway.
--restart=on-failure:5 in this file has no effect because memory allocation error
doesn't by itself cause the process to die
Related: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/etcd/templates/etcd-docker.service.j2
This kind of reverts a change introduced in #1860 .
2018-02-09 11:00:13 -06:00
4e61fb9cd3
Refactored kubeadm join process and fixed uncrodonng for master nodes
2018-02-09 15:51:47 +01:00
b472c2df98
Fix safe upgrade
...
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335 , so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
bc67deee78
Added missing cephfs_provisioner_enabled to kubespray-defaults vars
2018-02-09 17:03:38 +03:00
f57abae01e
Remove redundant python-apt install
...
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
275b1d6897
Merge pull request #2274 from mirwan/local_volume_provisioner_configmap_in_daemonset
...
Local volume provisioner fixes
2018-02-09 00:59:47 +01:00
e9a676951b
storageClass name template as suggested by @eyeofthefrog
2018-02-09 00:11:07 +01:00
b31d905704
Merge pull request #2230 from hswong3i/cephfs_provisioner
...
Add cephfs_provisioner Support for Kubespray
2018-02-08 16:52:15 +01:00
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
...
baremetal tweaks
2018-02-08 15:48:55 +00:00
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
...
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
...
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
b25e0f82b1
Add cephfs_provisioner Support for Kubespray
2018-02-08 22:27:54 +08:00
cae1c683aa
Merge pull request #2271 from leseb/retry-get-token
...
kubernetes-apps: retry get default token name
2018-02-08 16:46:32 +03:00
57e7a5a34a
Merge pull request #2233 from hswong3i/multiple_inventory_dir
...
Support multiple inventory files under individual inventory directory
2018-02-08 11:57:04 +01:00
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
...
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
e1aaef7d4d
Removal of surnumerary slash
2018-02-08 09:06:17 +01:00
1a1d154e14
Support multiple inventory files under individual inventory directory
2018-02-08 08:08:15 +08:00
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
...
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
abfb147292
MountDir in configmap and daemonset must be the same
2018-02-07 18:42:42 +01:00
44eb03f78a
typo
2018-02-07 17:57:54 +01:00
857784747b
local-provisioner:v1.0.1 still expects json configmap
2018-02-07 17:47:05 +01:00
7a2cb5e41c
local-provisioner:v1.0.1 still uses VOLUME_CONFIG_NAME env to read ConfigMap
2018-02-07 17:01:19 +01:00
712bdfc82f
Merge pull request #2260 from mirwan/local_volume_provisioner_fixes
...
local_volume_provisioner_enabled replacement
2018-02-07 13:42:00 +01:00
34bd47de79
kubernetes-apps: retry get default token name
...
In some installation, it can take up to 3sec to get the value. Retrying
for 5 sec will ensure the command won't return 1.
Signed-off-by: Sébastien Han <seb@redhat.com>
2018-02-07 12:09:51 +01:00
fe57c13b51
Merge pull request #2172 from leseb/etcd-auth
...
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
2018-02-07 11:25:56 +01:00
f9df692056
Issue front proxy certs for vault
2018-02-07 11:03:10 +01:00
f193b12059
Kubeadm auto creates this
2018-02-07 10:50:34 +01:00
2cd254954c
Remove defaults of allowed names. Updated kubeadm
2018-02-07 10:07:55 +01:00
4dab92ce69
Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault
2018-02-07 09:50:19 +01:00
ca08614641
yamllint fix
2018-02-07 09:12:28 +01:00
47adf4bce6
Disalbe install epel-release rpm on Centos/Redhat
...
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00
7928cd20fb
Merge pull request #2037 from tiewei/contiv-etcd-split
...
Split contiv etcd and etcd-proxy into two daemonsets
2018-02-06 15:37:16 -06:00
ad9049a49e
baremetal tweaks
...
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
b4e264251f
JSON/YAML syntax fix
2018-02-06 17:17:10 +01:00
8006a6cd82
local_volumes_enabled replaced by local_volume_provisioner_enabled
2018-02-06 17:12:09 +01:00
5cd6b0c753
Adding missing defaults for weave
...
The PR #2203 add's missing defaults for weave, but no signed CLA. So this PR fixes it.
2018-02-06 14:25:07 +01:00
bb339265fc
Set default registry_enabled to false
...
In PR #2244 the `registry_enabled` is missing in defaults, causing a deployment to fail, if it is not set in k8s-cluster.yml
2018-02-06 14:17:06 +01:00
bb4446e94c
Merge pull request #2226 from manics/supplemental-addresses
...
Enable additional addresses to be added to certificates
2018-02-06 13:51:54 +01:00
d2102671cd
Merge pull request #2214 from woopstar/patch-3
...
Loadbalancer Apiserver Address is missing
2018-02-06 13:47:55 +01:00
138e0c2301
Merge pull request #2250 from woopstar/weave-mtu-patch
...
Added option to set MTU on Weave
2018-02-06 12:13:54 +01:00
37cfd289d8
Merge pull request #2248 from hswong3i/dashboard.yml.j2
...
Dashboard template should not suffix with .yml.j2
2018-02-06 11:25:02 +01:00
9f3081580a
Merge pull request #2249 from hswong3i/kubedns-deploy.yml.j2
...
KubeDNS template should not suffix with .yml.j2
2018-02-06 11:24:19 +01:00
a3248379db
Merge branch 'master' into local_volume_provisioner
2018-02-06 09:28:27 +01:00
0774c8385c
Merge pull request #2244 from hswong3i/registry
...
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
2018-02-06 09:20:48 +01:00
b2d30d68e7
Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9
2018-02-05 20:37:14 +01:00
82d10b882c
Added fixes from whereismyjetpack
2018-02-05 20:07:12 +01:00
95b8ac5f62
Added optional controller and scheduler extra args to kubeadm config ( #2205 )
2018-02-05 16:49:13 +03:00
0b4168cad4
WIP. Adding metrics-server support for K8s version 1.9
2018-02-05 10:37:41 +01:00
3289472e31
Added option to set MTU on Weave
2018-02-05 10:23:48 +01:00
4ad53339f6
KubeDNS template should not suffix with .yml.j2
2018-02-05 16:26:54 +08:00
a4d3da6a8e
Dashboard template should not suffix with .yml.j2
2018-02-05 16:18:21 +08:00
7954ea2525
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
2018-02-05 12:21:09 +08:00
bd1f0bcfd7
Merge pull request #2201 from riverzhang/ipvs
...
Support ipvs mode for kube-proxy
2018-02-01 22:29:52 -06:00
bc2e26d7ef
update apiVersion
2018-02-01 14:16:32 +08:00
fd80013917
lint and cleanup local_volume_provisioner
2018-02-01 14:14:18 +08:00
f7d52564aa
Merge pull request #2084 from riverzhang/devicemapper
...
Fix can not use devicemapper driver
2018-01-31 20:52:22 -06:00
f7e8d1149a
Merge pull request #2229 from whereismyjetpack/etcd-quorum-read
...
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 17:10:10 -05:00
bd091caaf9
Merge pull request #2200 from riverzhang/hyperkube
...
Upgrade to Kubernetes v1.9.2
2018-01-31 16:08:22 -05:00
b455a1bf76
Merge pull request #2212 from mattymo/missing_defaults
...
Add missing group var default values to kubespray-defaults
2018-01-31 16:07:53 -05:00
c0a3bcf9b3
Merge pull request #2221 from Xuxe/patch-vcp-v1.9.2
...
Updated vSphere cloud provider config for Kubernetes >= v1.9.2 and added resource pool deployment variable
2018-01-31 16:06:07 -05:00
dc6c703741
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 15:49:52 -05:00
16629d0b8e
Vault should use cert auth for etcd
2018-01-31 20:37:14 +03:00
7f79210ed1
reworked vsphere-cloud-config template
2018-01-31 16:51:23 +01:00
27a1a697e7
supplementary_addresses_in_ssl_keys can be a hostname
2018-01-31 15:16:08 +00:00
c1267004ef
Merge pull request #2130 from ArchiFleKs/simplify_os_provider
...
Simplify and update OpenStack cloud provider
2018-01-31 12:02:02 +02:00
9cdd2214f9
render vsphere_resource_pool only if defined
2018-01-31 09:56:43 +01:00
989e9174c2
Added vSphere cloud provider config update for Kubernetes >= 1.9.2
2018-01-31 09:15:46 +01:00
3993e12335
Fix can not be used devicemapper driver
...
Fix can not be used devicemapper driver
2018-01-31 15:51:11 +08:00
ac4d782937
Merge pull request #2074 from fangzhen/fix-domains-split
...
Make spliting system_search_domains more robust
2018-01-30 21:01:19 -06:00
32d18ca992
remove trailing space
2018-01-31 09:50:41 +08:00
2df4b6c5d2
Rename default_resolver to cloud_resolver ( #2209 )
...
Cloud resolvers are mandatory for hosts on GCE and OpenStack
clouds. The 8.8.8.8 alternative resolver was dropped because
there is already a default nameserver. The new var name
reflects the purpose better.
Also restart apiserver when modifying dns settings.
2018-01-31 00:26:07 +03:00
088d36da09
Increase the idx counter
...
Fix the idx counter to increase too, or you will end up with two same indexes.
2018-01-30 21:48:13 +01:00
6f36faa4f9
Loadbalancer Apiserver Address is missing
...
If you configure your external loadbalancer to do a simple tcp pass-through to the api servers, and you do not use a DNS FQDN but just the ip, then you need to add the ip adress to the certificates too.
Example config:
```
## External LB example config
apiserver_loadbalancer_domain_name: "10.50.63.10"
loadbalancer_apiserver:
address: 10.50.63.10
port: 8383
```
2018-01-30 17:33:00 +01:00
3846384d56
Bump kube-dns to 1.14.8 ( #2204 )
...
Bump kube-dns to 1.14.8
2018-01-30 19:23:37 +03:00
331f141f63
Fix DNS entries in etcd's openssl.conf by adding a newline. ( #2208 )
...
DNS entries generated from 'etcd_cert_alt_names' variable in etcd's
openssl.conf are not terminated by a newline.
This fixes issue #2207 .
2018-01-30 16:26:58 +03:00
62dd3d2a9d
Add missing group var default values to kubespray-defaults
2018-01-30 16:04:00 +03:00
fa8a128e49
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
...
Some installation are failing to authenticate with peers due to
etcd picking up/resoling the wrong node.
By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert
authentication.
Signed-off-by: Sébastien Han <seb@redhat.com>
2018-01-30 11:19:12 +01:00
b10c308a5a
Support ipvs mode for kube-proxy
...
Support ipvs mode for kube-proxy
2018-01-30 13:09:01 +08:00
e22c70e431
Upgrade to Kubernetes v1.9.2
2018-01-30 13:04:38 +08:00
f4fe9e3421
Merge pull request #2171 from ArchiFleKs/kubeproxy-lvs
...
Add lib/modules to kube-proxy to enable LVS
2018-01-29 22:58:02 -06:00
da173615e4
Merge pull request #2048 from xizhibei/master
...
Fix: always only one container got synced after download
2018-01-29 16:01:11 -06:00
dc6a17e092
Use include/import tasks ( #2192 )
...
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
2018-01-29 14:37:48 +03:00
240d4193ae
Update information about network sizes
2018-01-26 15:23:21 +01:00
ac66e98ae9
Upgrade to Kubernetes v1.9.1 ( #2152 )
...
Raise drain timeout to 5m
2018-01-25 18:44:44 +03:00
d2935ffed0
Optionally ignore the presence of extra calico pools ( #2190 )
2018-01-25 18:44:20 +03:00
c6e0fcea31
Merge pull request #1948 from sgmitchell/secured-etcd
...
Enable etcd secure client to prevent etcdctl access without cert and key
2018-01-25 09:35:51 -06:00
5d014d986b
Merge pull request #1992 from manics/flannel-hairpin
...
Enable flannel hairpin mode
2018-01-24 21:20:03 -06:00
714994cad8
iptables: flush nat table as well as filter table upon reset ( #2174 )
...
* iptables: flush nat table as well as filter table upon reset
* Indentation fix
2018-01-24 20:22:49 -06:00
08fe61e058
Merge pull request #2071 from riverzhang/dashboard
...
Update dashboard version to v1.8.1
2018-01-24 20:10:05 -06:00
0c8bed21ee
Merge pull request #2019 from chadswen/disable-api-insecure-port
...
Support for disabling apiserver insecure port (the sequel)
2018-01-24 19:58:53 -06:00
98eb845f8c
Merge pull request #2173 from mirwan/hardcoded_dnsmasq-autoscaler_image
...
Dnsmasq autoscaler image should be a variable
2018-01-24 16:15:59 -06:00
98300e3165
Merge pull request #2155 from brutus333/fix/pvc
...
Fix for Issue #2141
2018-01-24 16:15:33 -06:00
e22759d8f0
fix nodePort for weave
2018-01-24 10:31:51 +01:00
bf1411060e
Add optional manual dns_mode ( #2178 )
2018-01-23 14:28:42 +01:00
a4d142368b
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
2018-01-23 13:14:00 +00:00
eb80f9b606
Merge pull request #2154 from tdihp/proxy-conf-restart-docker
...
Restart docker when http-proxy.conf changed.
2018-01-22 08:39:05 -06:00
ae47b617e3
Fix 'no such host' problem ( #2148 )
...
Fix 'no such host' problem reported by commands *kubectl logs* and *kubectl exec*
when cloud_provider is OpenStack
Closes : #2147
2018-01-22 16:08:24 +03:00
e5b4011aa4
move hardcoded dnsmasq autoscaler image to its own variable
2018-01-18 16:04:29 +01:00
3125f93b3f
Added disable_volume_zone_conflict variable
2018-01-18 10:55:23 +00:00
f19c8e8c1d
Merge pull request #2132 from PhilippeChepy/flex-volumes
...
Add support for flex volumes plugins.
2018-01-17 15:00:45 -05:00
637604d08f
Add lib/modules to kube-proxy to enable LVS
...
kube-proxy is complaining of missing modules at startup. There is a plan
to also support an LVS implementation of kube-proxy in additon to
userspace and iptables
2018-01-17 16:35:53 +01:00
11844c987c
Make the Kubelet read-only port configurable and disable it by default. Fixes #2159 .
2018-01-16 11:11:41 +04:00
8c45c88d15
Fix for Issue #2141 - added policy file
2018-01-12 07:15:35 +00:00
c87bb2f239
Fix for Issue #2141
2018-01-12 07:07:02 +00:00
32eeb9a0e0
Restart docker when http-proxy.conf changed.
2018-01-12 10:56:25 +08:00
df21fc8643
Remove initContainer
2018-01-10 12:17:17 +08:00
ccd9cc3dce
Merge pull request #2146 from abelgana/master
...
Manage deprecated kubelet option
2018-01-09 17:19:42 -05:00
81867402f6
Merge pull request #2145 from pslijkhuis/master
...
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
2018-01-09 17:19:09 -05:00
4f5d61212b
Merge pull request #2144 from neith00/weave-2.1.3
...
updated weave to 2.1.3
2018-01-09 17:18:26 -05:00
ef96123482
Merge pull request #2068 from chadswen/remove-container-retries
...
Retry kube container removal during upgrade
2018-01-09 15:03:50 -05:00
ee27ab0052
Merge pull request #2124 from riverzhang/patch-3
...
Remove blank lines
2018-01-09 14:58:49 -05:00
57f87ba083
Merge pull request #2142 from trilogy-group/hotfix/fluentd-template
...
fix fluentd template
2018-01-09 14:44:50 -05:00
a9bb72c6fd
require-kubeconfig is depricated since k8s v1.8
2018-01-09 14:35:42 -05:00
9506c2e597
require-kubeconfig is deprecated since K8s v1.8
2018-01-09 14:33:05 -05:00
32884357ff
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
2018-01-09 14:04:36 +01:00
88204642b7
updated weave to 2.1.3
2018-01-09 13:50:42 +01:00
1401286910
Add support for cert alt names for etcd ( #2139 )
...
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
2018-01-09 14:37:34 +03:00
12eb242224
fix fluentd template
2018-01-08 13:40:47 +00:00
df9faa1743
Add support for flex volumes plugins.
2018-01-05 17:56:36 +01:00
ce85bcaee7
Simplify and update OpenStack cloud provider
...
Simplify the number of variables necessary to "just" enable OpenStack
cloud provider. Also add the new options available in K8s 1.9.
2018-01-05 12:05:24 +01:00
6ed2a60978
fix run dashboard error
2018-01-04 13:13:36 +08:00
bac3bf1a5f
Fix auto-evaluated API access endpoint for bind IP ( #2086 )
...
Auto configure API access endpoint with a custom bind IP, if provided.
Fix HA docs' http URLs are https in fact, clarify the insecure vs secure
API access modes as well.
Closes: #issues/2051
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-03 17:40:21 +01:00
e3b684df21
Remove blank lines
...
Remove blank lines
2018-01-03 00:54:04 -06:00
e45b30d033
Add etcd key and cert environment variables for use with client auth
2018-01-02 13:52:17 -05:00
ad6fecefa8
Update Kubernetes to v1.9.0 ( #2100 )
...
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.
Change region for tests to us-central1 to
improve ansible performance
2017-12-25 08:57:45 +00:00
3fdb2ccf55
Revert back to using an empty var as default to exclude hostname ( #2110 )
2017-12-22 22:09:59 +00:00
29f5b55d42
remove unwanted whitespace for kube_override_hostname ( #2105 )
2017-12-22 11:31:18 +00:00
5aef52e8c0
fix dashboard certs secret
2017-12-22 11:17:05 +08:00
6bb46e3ecb
Fix param names in preparation for Kubernetes v1.9.0 ( #2098 )
...
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
2017-12-20 10:48:09 +00:00
127bc01857
Do not override kubelet hostname if cloud_provider is used ( #2095 )
...
Starting with Kubernetes v1.8.4, kubelet ignores the AWS cloud
provider string and uses the override hostname, which fails
Node admission checks.
Fixes #2094
2017-12-19 20:18:20 +00:00
a6975c1850
Rename runtime docker_version ( #2082 )
...
Renaming runtime docker_version to prevent setting that
value on the command line from breaking the play run.
This fixes #2081
2017-12-19 14:47:54 +00:00
b2cb0725ac
Default OpenStack Cinder Storage Class ( #2083 )
...
Add possibility to create default OpenStack Cinder Storage Class
Closes : #1609
2017-12-19 14:47:00 +00:00
b974b144a8
Add RBAC to binding Dahsboard UI
2017-12-18 23:07:19 +08:00
bfb25fa47b
Change vault cert ttl to 8y ( #2013 )
2017-12-15 13:34:00 +00:00
3bb505d43f
Remove unrequired mounts
2017-12-14 14:59:40 -08:00
b135bcb9d9
Split download container task for delegate and non-delegate modes ( #2077 )
...
Ansible cannot seem to handle omitting delegate_to since v2.4.0.0.
Possibly related: https://github.com/ansible/ansible/issues/30760
2017-12-14 16:45:54 +00:00
4e97225424
Add quote for etcd endpoints
2017-12-13 18:35:12 -08:00
0771cd8599
Remove dashboard_tls_key and dashboard_tls_cert
2017-12-13 15:42:20 +08:00
91d848f98a
Make spliting system_search_domains more robust
...
The search line in /etc/resolv.conf could have
multiple spaces or tabs between domains.
split(' ') will give wrong results in some case,
use split() without argument instead.
e.g.
>>> 'domain.tld cluster.tld '.split(' ')
['domain.tld\tcluster.tld', '']
>>> 'domain.tld cluster.tld '.split()
['domain.tld', 'cluster.tld']
2017-12-13 15:39:38 +08:00
40edf8c6f5
Update dashboard version to v1.8.0
...
Update dependencies to be compatible with Kubernetes v1.8
2017-12-13 12:50:44 +08:00
e78562830f
Retry kube container removal during upgrade
...
As we have seen with other containers, sometimes container removal fails on the first attempt due to some Docker bugs. Retrying typically corrects the issue.
2017-12-12 12:06:41 -06:00
bef259a6eb
Always set net.bridge.bridge-nf-call-* sysctl
2017-12-12 17:11:35 +00:00
39ce1bd8be
Merge pull request #2059 from bradbeam/vaultalt
...
Fixing alt_names for vault cert generation
2017-12-12 09:28:51 -06:00
6291881943
Merge pull request #2057 from rsmitty/master
...
set docker_version fact regardless of docker_dns in use
2017-12-12 10:28:14 -05:00
802fd94dad
Merge pull request #2054 from ArchiFleKs/os-cloud-provider-domain-fix
...
Fix domain id for OpenStack provider
2017-12-11 21:06:16 -06:00
66f38a1b31
fix: always only one docker image got synced after download
2017-12-12 09:51:03 +08:00
d3850a4da5
Fixing alt_names for vault cert generation
2017-12-11 17:28:18 -06:00
53a4355e60
set docker_version fact regardless of docker_dns in use
2017-12-11 17:48:11 -05:00
19def41fdf
Merge pull request #2047 from bradbeam/vaulttime
...
Adding retries for vault-temp to come online
2017-12-11 09:04:57 -06:00
44b9dce134
Fix domain id for OpenStack provider
...
OpenStack authentication does not support using a mix of DomainID and
DomainName, only one or the other should be used.
2017-12-11 15:57:33 +01:00
fa5a538fe5
Merge pull request #2050 from jbonachera/fix-vault-tls-validation
...
append newline char to vault generated certs
2017-12-11 08:41:34 -06:00
9643c2c1e3
Fixes to reset ( #2046 )
...
- adding additional directories to cleanup (rkt/vault)
- targeting kubespray ansible groups instead of all
2017-12-11 12:49:21 +00:00
93f3614382
Fixes #2039 - changing alt_names to be string instead of list ( #2043 )
2017-12-11 12:48:07 +00:00
cbc8a7d679
Merge pull request #1995 from b0r1sp/patch-1
...
Update main.yml
2017-12-10 21:45:02 -06:00
290bc993a5
append newline char to vault generated certs
2017-12-10 13:06:28 +01:00
3694657eb6
Adding retries for vault-init to come online
2017-12-09 17:40:44 -06:00
79417e07ca
Fix systemd service unit for docker >= 17.03 ( #1844 )
2017-12-08 13:12:45 +00:00
dad95c873b
Remove templating for etcd members
...
Use a etcd-initer init container to generate etcd args, it determines
etcd name by comparing its ip and etcd cluster ips. This way will
make etcd configuration independent to the ansible templating so
that could be easier on adding master nodes.
2017-12-07 23:33:29 -08:00
626b35e1b0
Merge pull request #2005 from riverzhang/patch-1
...
Delete helm home
2017-12-07 11:23:30 -05:00
5881ba43f8
Split contiv etcd and etcd-proxy into two daemonsets
...
Putting contiv etcd and etcd-proxy into the same daemonset and manage
the difference by a env file is not good for scaling (adding nodes).
This commit split them into two daemonsets so that when adding nodes,
k8s could automatically starting a etcd-proxy on new nodes without need
to run related play that putting env file.
2017-12-06 22:21:50 -08:00
fed7b97dcb
Merge pull request #2030 from mattymo/removerbaccheck
...
Remove RBAC from boolean checks
2017-12-06 23:41:13 -06:00
c4458c9d9a
Merge pull request #1997 from mrbobbytables/feature-keepalived-cloud-provider
...
Add minimal keepalived-cloud-provider support
2017-12-06 23:28:27 -05:00
aeb3e647d4
Remove the network device created by the flannel ( #2006 )
...
* Remove the network device created by the flannel
Remove the network device created by the flannel
* Modify flannel.1 device path
Modify flannel.1 device path
* remove trailing spaces
2017-12-06 14:15:39 +00:00
fe036cbe77
Adding changes to handle updation of yum Management cache in rhel. ( #2026 )
...
* Adding changes to handle updation of yum cache in rhel.
* Removed the redundant spaces
2017-12-06 09:00:41 +00:00
952ec65a40
Remove RBAC from boolean checks
2017-12-06 11:57:40 +03:00
b8788421d5
Support for disabling apiserver insecure port
...
This allows `kube_apiserver_insecure_port` to be set to 0 (disabled).
Rework of #1937 with kubeadm support
Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
2017-12-05 09:13:45 -06:00
c2347db934
Merge pull request #1953 from chadswen/dashboard-refactor
...
Kubernetes Dashboard v1.7.1 Refactor
2017-12-05 08:50:55 -06:00
27ead5d4fa
Merge pull request #2003 from abelgana/master
...
Change altnames to alt_names
2017-12-05 08:48:32 -06:00
6ade7c0a8d
Update k8s version to 1.8.4 ( #2015 )
...
* Update k8s version to 1.8.4
* Update main.yml
2017-12-04 16:23:04 +00:00
a0225507a0
Set helm deployment type to host ( #2012 )
2017-11-29 19:52:54 +00:00
d39a88d63f
Allow setting --bind-address for apiserver hyperkube ( #1985 )
...
* Allow setting --bind-address for apiserver hyperkube
This is required if you wish to configure a loadbalancer (e.g haproxy)
running on the master nodes without choosing a different port for the
vip from that used by the API - in this case you need the API to bind to
a specific interface, then haproxy can bind the same port on the VIP:
root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
tcp 0 0 192.168.24.6:6443 0.0.0.0:* LISTEN 0 680613 134504/haproxy
tcp 0 0 192.168.24.16:6443 0.0.0.0:* LISTEN 0 653329 131423/hyperkube
tcp 0 0 192.168.24.16:6443 192.168.24.16:58404 ESTABLISHED 0 652991 131423/hyperkube
tcp 0 0 192.168.24.16:58404 192.168.24.16:6443 ESTABLISHED 0 652986 131423/hyperkube
This can be achieved e.g via:
kube_apiserver_bind_address: 192.168.24.16
* Address code review feedback
* Update kube-apiserver.manifest.j2
2017-11-29 15:24:02 +00:00
e5d353d0a7
contiv network support ( #1914 )
...
* Add Contiv support
Contiv is a network plugin for Kubernetes and Docker. It supports
vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies,
multiple networks and bridging pods onto physical networks.
* Update contiv version to 1.1.4
Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config.
* Load openvswitch module to workaround on CentOS7.4
* Set contiv cni version to 0.1.0
Correct contiv CNI version to 0.1.0.
* Use kube_apiserver_endpoint for K8S_API_SERVER
Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks
to a available endpoint no matter if there's a loadbalancer or not.
* Make contiv use its own etcd
Before this commit, contiv is using a etcd proxy mode to k8s etcd,
this work fine when the etcd hosts are co-located with contiv etcd
proxy, however the k8s peering certs are only in etcd group, as a
result the etcd-proxy is not able to peering with the k8s etcd on
etcd group, plus the netplugin is always trying to find the etcd
endpoint on localhost, this will cause problem for all netplugins
not runnign on etcd group nodes.
This commit make contiv uses its own etcd, separate from k8s one.
on kube-master nodes (where net-master runs), it will run as leader
mode and on all rest nodes it will run as proxy mode.
* Use cp instead of rsync to copy cni binaries
Since rsync has been removed from hyperkube, this commit changes it
to use cp instead.
* Make contiv-etcd able to run on master nodes
* Add rbac_enabled flag for contiv pods
* Add contiv into CNI network plugin lists
* migrate contiv test to tests/files
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
* Add required rules for contiv netplugin
* Better handling json return of fwdMode
* Make contiv etcd port configurable
* Use default var instead of templating
* roles/download/defaults/main.yml: use contiv 1.1.7
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2017-11-29 14:24:16 +00:00
de422c822d
update nginx tag to use multi-arch docker image ( #2009 )
2017-11-29 10:39:52 +00:00
4d3326b542
Raise default vault lease TTL to 10y ( #2008 )
2017-11-29 10:38:59 +00:00
1b82138142
Delete helm home
...
Delete helm home
2017-11-29 13:27:09 +08:00
208ff8e350
Allow for more customization of the tiller deploy ( #1946 )
2017-11-28 18:33:57 +00:00
ec54b36e05
add retries for calico/canal etcd commands ( #2007 )
2017-11-28 16:39:55 +00:00
38e8522cbf
Merge pull request #1983 from tomdee/bump-flannel-ver
...
Bump flannel version to v0.9.1
2017-11-28 11:38:55 -05:00
52f8687397
Merge pull request #1977 from mattymo/initializers
...
Disable initializers feature gate if istio is not used
2017-11-28 11:37:41 -05:00
43600ffcf8
Merge pull request #1972 from chadswen/master-static-pod-flush
...
Additional flush for static pod master upgrade
2017-11-28 11:36:38 -05:00
938d2d9e6e
update helm/tiller to v2.7.2 -- security bugfix ( #1986 )
2017-11-28 14:52:42 +00:00
9368dbe0e7
update calico to 2.6.2 ( #1874 )
...
Move RS to deployment so no need to take care of the revision history
limits :
- Delete the old RS
- Make Calico manifest a deployment
- move deployments to apps/v1beta2 API since Kubernetes 1.8
2017-11-28 12:01:30 +00:00
fe3290601a
The variable altnames is used by this task.
...
Since the value will change on the default. It needs to change here also.
2017-11-27 06:57:16 -05:00
e7173e1d62
Change altnames to alt_names
...
Hi,
Could you please check if it was a typo?
https://www.vaultproject.io/api/secret/pki/
Regards,
2017-11-25 17:29:21 -05:00
2ffcfdcd25
Update main.yml
2017-11-24 20:13:38 +01:00
8aafe64397
Defaults for apiserver_loadbalancer_domain_name ( #1993 )
...
* Defaults for apiserver_loadbalancer_domain_name
When loadbalancer_apiserver is defined, use the
apiserver_loadbalancer_domain_name with a given default value.
Fix unconsistencies for checking if apiserver_loadbalancer_domain_name
is defined AND using it with a default value provided at once.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
* Define defaults for LB modes in common defaults
Adjust the defaults for apiserver_loadbalancer_domain_name and
loadbalancer_apiserver_localhost to come from a single source, which is
kubespray-defaults. Removes some confusion and simplefies the code.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-11-23 16:15:48 +00:00
2140303fcc
add minimal keepalived-cloud-provider support
2017-11-23 08:43:36 -05:00
b80ded63ca
Update main.yml
...
just a small spelling mistake
2017-11-21 22:37:52 +01:00
7be2521a31
Add flannel hairping mode
2017-11-21 10:43:50 +00:00
15b9d54a32
Bump flannel version to v0.9.1
2017-11-16 12:52:18 -07:00
bc1a4e12ad
fix broken variable in ansible 2.4.1.0 and ensure tasks for calico-rr ( #1982 )
2017-11-16 18:44:15 +00:00
67419e8d0a
Run rotate_tokens role only once ( #1970 )
2017-11-15 18:50:23 +00:00
849aaf7435
Update to k8s 1.8.3 ( #1971 )
2017-11-15 17:43:22 +00:00
a89ee8c406
Add ability to use custom cert secret instead of init container provisioned self-signed certs
2017-11-15 10:05:52 -06:00
0c6f172e75
Kubernetes Dashboard v1.7.1 Refactor
...
This version required changing the previous access model for dashboard completely but it's a change for the better. Docs were updated.
* New login/auth options that use apiserver auth proxying by default
* Requires RBAC in `authorization_modes`
* Only serves over https
* No longer available at https://first_master:6443/ui until apiserver is updated with the https proxy URL:
* Can access from https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login you will be prompted for credentials
* Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
* It is recommended to access dashboard from behind a gateway that enforces an authentication token, details and other access options here: https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
2017-11-15 10:05:48 -06:00
a67349b076
Disable initializers feature gate if istio is not used
2017-11-15 12:56:36 +00:00
f9b68a5d17
Revert "Support for disabling apiserver insecure port" ( #1974 )
2017-11-14 13:41:28 +00:00
c7910b51a1
--peers DEPRECATED - --endpoints should be used instead ( #1943 )
2017-11-14 11:28:35 +00:00
1f99710b21
Additional flush for static pod master upgrade
...
Thought this wasn't required at first but I forgot there's no auto flush at the end of these tasks since the `kubernetes/master` role is not the end of the play.
2017-11-13 18:11:57 -06:00
5e558c361b
update weave-net to 2.0.5 version ( #1877 )
2017-11-13 16:11:47 +00:00
5f39efcdfd
adding mount for kubelet to enable rbd mounts ( #1957 )
...
* adding mount for kubelet to enable rbd mounts
* fix conditionnal variable name
2017-11-13 14:04:13 +00:00
037edf1215
Fix failed task of setting up bash completion for helm ( #1968 )
...
Closes : #1967
2017-11-13 10:15:53 +00:00
37125866ca
Make calico_node_ignorelooserpf have an effect ( #1945 )
2017-11-13 09:35:13 +00:00
421e73b87c
Add missing exclamation mark in shebang line ( #1966 )
2017-11-13 09:34:21 +00:00
c115e5677e
Merge pull request #1828 from hzamani/patch-1
...
Use etcd_access_addresses for vault_etcd_url
2017-11-10 10:56:37 -05:00
09d85631dc
Merge pull request #1944 from chadswen/reload-master-pods
...
Master component and kubelet container upgrade fixes
2017-11-08 22:23:12 -05:00
f25e4dc3ed
Merge pull request #1937 from chadswen/disable-api-insecure-port
...
Support for disabling apiserver insecure port
2017-11-08 18:13:49 -05:00
0126168472
provide environment for rkt trust and run with etcd
2017-11-08 12:57:22 -05:00
e9f795c5ce
Master component and kubelet container upgrade fixes
...
* Fixes an issue where apiserver and friends (controller manager, scheduler) were prevented from restarting after manifests/secrets are changed. This occurred when a replaced kubelet doesn't reconcile new master manifests, which caused old master component versions to linger during deployment. In my case this was causing upgrades from k8s 1.6/1.7 -> k8s 1.8 to fail
* Improves transitions from kubelet container to host kubelet by preventing issues where kubelet container reappeared during the deployment
2017-11-08 01:40:33 -06:00
0c7e1889e4
Support for disabling apiserver insecure port
...
This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). It's working, but so far I have had to:
1. Make the `uri` module "Wait for apiserver up" checks use `kube_apiserver_port` (HTTPS)
2. Add apiserver client cert/key to the "Wait for apiserver up" checks
3. Update apiserver liveness probe to use HTTPS ports
4. Set `kube_api_anonymous_auth` to true to allow liveness probe to hit apiserver's /healthz over HTTPS (livenessProbes can't use client cert/key unfortunately)
5. RBAC has to be enabled. Anonymous requests are in the `system:unauthenticated` group which is granted access to /healthz by one of RBAC's default ClusterRoleBindings. An equivalent ABAC rule could allow this as well.
Changes 1 and 2 should work for everyone, but 3, 4, and 5 require new coupling of currently independent configuration settings. So I also added a new settings check.
Options:
1. The problem goes away if you have both anonymous-auth and RBAC enabled. This is how kubeadm does it. This may be the best way to go since RBAC is already on by default but anonymous auth is not.
2. Include conditional templates to set a different liveness probe for possible combinations of `kube_apiserver_insecure_port = 0`, RBAC, and `kube_api_anonymous_auth` (won't be possible to cover every case without a guaranteed authorizer for the secure port)
3. Use basic auth headers for the liveness probe (I really don't like this, it adds a new dependency on basic auth which I'd also like to leave independently configurable, and it requires encoded passwords in the apiserver manifest)
Option 1 seems like the clear winner to me, but is there a reason we wouldn't want anonymous-auth on by default? The apiserver binary defaults anonymous-auth to true, but kubespray's default was false.
2017-11-06 14:01:10 -06:00
0d55ed3600
Avoid that some read-only tasks cause an ansible-change ( #1910 )
2017-11-06 13:51:07 +00:00
ad0cd6939a
Add support cAdvisor ( #1908 )
...
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-11-06 13:50:28 +00:00
33adb334cd
Fix openstack tenant id variable name ( #1932 )
2017-11-05 08:40:41 +00:00
ef87a8a1f0
Merge pull request #1916 from vtomasr5/master
...
Fix bad handler directory name in kubeadm role
2017-11-03 18:14:48 -04:00
a595c84f7e
Merge pull request #1928 from chadswen/flannel-rbac-fix
...
Flannel RBAC Fix
2017-11-03 18:12:16 -04:00
b158dbcf79
Docker Version Update
...
Update default docker version to 17.03.1
2017-11-03 12:34:45 -05:00
ab3832f3e7
Set host IP for kubelet always ( #1924 )
...
* Set host IP for kubelet always
Use ansible default IP if ip var is not set.
* Update main.yml
2017-11-03 10:19:37 +00:00
9bf415f749
update helm to v2.7.0 ( #1875 )
...
* update helm to v2.7.0
* Update main.yml
2017-11-03 07:15:00 +00:00
a2bda9e5f1
Eliminate jinja2 template expression warning and rename coreos-python var ( #1911 )
...
* Change deprecated vagrant ansible flag 'sudo' to 'become'
* Emphasize, that the name of the pip_pyton_modules is only considered in coreos
* Remove useless unused variable
* Fix warning when jinja2 template-delimiters used in when statement
There is no need for jinja2 template-delimiters like {{ }} or {% %}
any more. They can just be omitted as described in https://github.com/ansible/ansible/issues/22397
* Fix broken link in getting-started guide
2017-11-03 07:11:36 +00:00
0195725563
Workaround ansible bug where access var via dict doesn't get real value ( #1912 )
...
* Change deprecated vagrant ansible flag 'sudo' to 'become'
* Workaround ansible bug where access var via dict doesn't get real value
When accessing a variable via it's name "{{ foo }}" its value is
retrieved. But when the variable value is retrieved via the vars-dict
"{{ vars['foo'] }}" this doesn't resolve the expression of the variable
any more due to a bug. So e.g. a expression foo="{{ 1 == 1 }}" isn't
longer resolved but just returned as string "1 == 1".
* Make file yamllint complient
2017-11-03 07:11:14 +00:00
ec1170bd37
only mount volumes if local_volumes_enabled is true. fix mount flags in rkt. ( #1923 )
2017-11-03 07:10:37 +00:00
66c67dbe73
Add optional helm deployment mode for host ( #1920 )
2017-11-03 07:09:24 +00:00
16ae2c1809
Flannel RBAC Fix
...
Fixes a bug that can occur if `cni-flannel-rbac.yml` was written but the playbook failed before it was applied. Uses the same approach as calico.
2017-11-02 23:20:23 -05:00
4771716ab2
Merge pull request #1907 from mattymo/disable_anon_auth
...
Block anonymous auth requests to kubelet
2017-11-02 12:01:39 -04:00
b156585739
Merge pull request #1917 from chadswen/docker-daemon-graph
...
Fix kubelet container with alternate Docker data paths
2017-11-02 11:58:55 -04:00
520103df78
Change namespace for provisioner account
2017-11-02 10:16:08 +00:00
3e3787de15
Fix local volume provisioner mount point for rkt
2017-11-02 09:45:26 +00:00
0c824d5ef1
Fix kubelet container with alternate Docker data paths
...
Some time ago I think the hardcoded `/var/lib/docker` was required, but kubelet running in a container has been aware of the Docker path since at least as far back as k8s 1.6.
Without this change, you see a large number of errors in the kubelet logs if you installed with a non-default `docker_daemon_graph`
2017-11-01 13:25:15 -05:00
c0e989b17c
New addon: local_volume_provisioner ( #1909 )
2017-11-01 14:25:35 +00:00
5218b3af82
Fix bad handler directory name in kubeadm role
2017-11-01 14:36:28 +01:00
ef0a91da27
Merge pull request #1891 from rsmitty/proxy-fixes
...
Improved proxy support
2017-10-31 14:32:12 -04:00
8412181746
Merge pull request #1899 from skyscooby/update_kube182
...
Update to Kubernetes 1.8.2
2017-10-31 14:30:56 -04:00
400ee2aa57
Merge pull request #1898 from skyscooby/update_kubedns
...
Update kubedns to 1.14.7 release
2017-10-31 14:30:36 -04:00
05b8466f87
Merge pull request #1890 from chadswen/apt-repo-params
...
Parameterize dockerproject apt repo endpoints
2017-10-31 14:29:19 -04:00
19962f6b6a
fix indentation for master template ( #1906 )
2017-10-31 06:43:54 +00:00
f7703dbca3
Block anonymous auth requests to kubelet
2017-10-30 19:06:54 +00:00
74a9eedb93
helm template check for http/https_proxy
2017-10-30 13:11:04 -04:00
6df104b275
don't check for no_proxy, only http/https_proxy. fix linting issues.
2017-10-30 11:42:14 -04:00
b27453d8d8
improved proxy support
2017-10-30 11:42:14 -04:00
4470ee4ccf
Merge pull request #1887 from mattymo/fix_indent_apiserver
...
fix indentation for network policy option
2017-10-30 11:33:13 -04:00
8a86acf75d
Update kubespray-defaults kubernetes to v1.8.2
2017-10-30 09:34:32 -04:00
d738acf638
Update kubelet.kubeadm.env.j2 ( #1901 )
2017-10-30 11:33:02 +00:00
84d92aa3c7
fix-bug ( #1900 )
2017-10-30 11:23:24 +00:00
dd01cabcdc
Update to kubernetes 1.8.2
2017-10-29 22:13:06 -04:00
c383c7e2c1
Update kubedns image to latest
2017-10-29 21:58:05 -04:00
958bb5285d
Update kubedns image to latest
2017-10-29 21:57:32 -04:00
f0317ae70b
Merge pull request #1876 from ArchiFleKs/update_flannel
...
update flannel
2017-10-27 15:22:54 -04:00
Andreas Krüger
Chad Swenson
avoidik
Erwan Miran
georgejdli
Spencer Smith
Matthew Mosesohn
RongZhang
Chen Hong
Vladimir Vasilkin
Kuldip Madnani
Matthew Mosesohn
Wong Hoi Sing Edison
Brad Beam
Sergey Bondarev
Michael Zehrer
Dann Bohn
Anton Fayzrahmanov
Erik Stidham
Keyvan Hedayati
mirwan
melkosoft
Bharat Kunwar
gorazio
Zobair Shahadat
Andreas Holmsten
Qasim Sarfraz
Oleg Vyukov
MQasimSarfraz
zhengchuan hu
Aivars Sterns
Spencer Smith
Chris Mildebrandt
Dominic Lam
Michael Beatty
Ayaz Ahmed Khan
Jonas Kongslund
Antoine Legrand
Simon Li
Miouge1
Dmitry Vlasov
Nedim Haveric
Maxim Krasilnikov
melkosoft
Sebastian Söderqvist
Virgil Chereches
Chia-liang Kao
Brad Beam
Damian Nowak
mlushpenko
mkrasilnikov
jasdeep-hundal
Sébastien Han
Ryan Zenker
Julian Hübenthal
Simon Li
Dmitri Rubinstein
Cornelius Keller
Stanislav Makar
ArchiFleKs
heping
abelgana
Peter Slijkhuis
neith00
Lukasz Piatkowski
Philippe Chepy
Bogdan Dobrelya
Steve Mitchell
Jan Jungnickel
Evan Zeimet
Wei Tie
Fang Zhen
Xu Zhipei
Julien BONACHERA
Thomas Sarboni
Steven Hardy
unclejack
Di Xu
Christopher Randles
brx
Bob Killen
Tom Denham
Hyunsun Moon
Günther Grill
Haiwei Liu
Matthew Mosesohn
Vicenç Juan Tomàs Montserrat
Andrew Greenwood
tanshanshan