Commit graph

1766 commits

Author SHA1 Message Date
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
As requested
2018-03-20 13:33:36 +00:00
Bharat Kunwar
d2fd7b7462
Update kube-apiserver.manifest.j2 2018-03-20 12:19:53 +00:00
Bharat Kunwar
d9453f323b
Update kube-apiserver.manifest.j2 2018-03-20 12:16:35 +00:00
Bharat Kunwar
b787b76c6c
Update kube-apiserver.manifest.j2
Ensure that kube-apiserver will respond even if one of the nodes are down.
2018-03-20 12:06:34 +00:00
woopstar
a94a407a43 Fix duplicate --proxy-client-cert-file and --proxy-client-key-file 2018-03-20 12:08:36 +01:00
gorazio
96e46c4209
bump after CLA signing 2018-03-20 10:23:50 +03:00
gorazio
aa30fa8009
Add prometheus annotations to spec in ingress
Added annotations from metadata to spec.template.metadata. Without it, pod does not get any annotations, and Prometheus didn't see it
2018-03-20 08:47:36 +03:00
Zobair Shahadat
ebfee51aca Upgraded kubernetes from 1.9.3 to 1.9.5 2018-03-19 15:42:24 -04:00
Andreas Krüger
f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir
Support multiple artifacts under individual inventory directory
2018-03-19 12:45:55 +01:00
Sergey Bondarev
038da7255f check if group kube-ingress is not empty
fix spelling mistaker ingress_nginx_host_network
set default value for ingress_nginx_host_network: false
2018-03-19 12:59:38 +03:00
woopstar
f1d2f84043 Only apply roles from first master node to fix regression 2018-03-18 16:15:01 +01:00
woopstar
b9a949820a Only copy tokens if tokens_list contains any 2018-03-18 08:42:38 +01:00
Andreas Krüger
50e5f0d28b
Merge pull request #2468 from LuckySB/master
change expirations period for generated certificate from 10y to 100 years
2018-03-17 19:43:40 +01:00
Sergey Bondarev
1481f7d64b Dedicated node for ingress nginx controller
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller

and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
2018-03-17 02:54:46 +03:00
Chad Swenson
7d33650019
Merge pull request #2462 from woopstar/coredns-patch
Add CoreDNS support
2018-03-16 18:33:36 -05:00
woopstar
e40368ae2b Add CoreDNS support with various fixes
Added CoreDNS to downloads

Updated with labels. Should now work without RBAC too

Fix DNS settings on hosts

Rename CoreDNS service from kube-dns to coredns

Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html

Updated docs with CoreDNS info

Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed

Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806'

Set dns list correct. Thanks to @whereismyjetpack

Only download KubeDNS or CoreDNS if selected

Move dns cleanup to its own file and import tasks based on dns mode

Fix install of KubeDNS when dnsmask_kubedns mode is selected

Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.

Run DNS manifests for CoreDNS and KubeDNS

Set skydns servers on dual stack deployment

Use only one template for CoreDNS dual deployment

Set correct cluster ip for the dns server
2018-03-16 21:51:37 +01:00
Sergey Bondarev
b7e6dd0dd4 Add --iface-regex options to flannel
Flannel use interface for inter-host communication setted on --iface options
Defaults to the interface for the default route on the machine.

flannel config set via daemonset, and flannel config on all nodes is the same.
But different nodes can have different interface names for the inter-host communication network

The option --iface-regex allows the flannel to find the interface on which the address is set from the inter-host communication network
2018-03-16 21:44:36 +03:00
Qasim Sarfraz
8ee2091955
Merge pull request #3 from kubernetes-incubator/master
Sync Upstream
2018-03-16 17:21:54 +01:00
Sergey Bondarev
3fac550090 Merge remote-tracking branch 'upstream/master' 2018-03-16 14:09:54 +03:00
Andreas Krüger
d29a1db134
Merge pull request #2461 from woopstar/patch-11
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger
653d97dda4
Merge pull request #2472 from woopstar/patch-12
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
woopstar
40c0f3756b Encapsulate item instead of casting to string 2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428)
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Oleg Vyukov
d843e3d562 Fix indent Custom ConfigMap ingress-nginx (#2447) 2018-03-15 22:18:18 +03:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
Setting the following:

```
kube_kubeadm_controller_extra_args:
  address: 0.0.0.0
  terminated-pod-gc-threshold: "100"
```

Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
MQasimSarfraz
1bcc641dae Create vsphere clusterrole only if it doesnt exists 2018-03-14 11:29:35 +00:00
Sergey Bondarev
f8fed0f308 change expirations period for generated certificate from 10 years to 100 years 2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a Fix err in kubelet.kubeadm.env.j2
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn
f3788525ff fixes yamllint for docker defaults, and weave network plugin 2018-03-13 06:15:48 -04:00
Andreas Krüger
39d247a238
Add support to kubeadm too
Explicitly defines the --kubelet-preferred-address-types parameter #2418

Fixes #2453
2018-03-13 10:31:15 +01:00
rong.zhang
d264da8f08 Fix yamllint roles error for #2188 commit 2018-03-13 14:28:49 +08:00
MQasimSarfraz
9a4aa4288c Fix vsphere cloud_provider RBAC permissions 2018-03-12 18:07:08 +00:00
Dann Bohn
50e3ccfa2b uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt 2018-03-12 12:46:14 -04:00
RongZhang
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang
ecec94ee7e Fix Docker exits prematurely
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang
196995a1a7 Fix issues#2451 Support docker-ce and docker-engine
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
FIXUP #2424: local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen
cd153a1fb3 Fix kubernetes cert permission sync
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen
b0ab92c921 Prefix system:node CRB
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
Chad Swenson
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
Fix systemd version detection
2018-03-08 22:28:12 -06:00
zhengchuan hu
8e36ad09b4 clean http-proxy.conf 2018-03-08 23:16:02 +08:00
zhengchuan hu
96a92503cb Fix always download calico_rr image 2018-03-08 17:04:16 +08:00
RongZhang
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
Remove nodes
2018-03-08 01:55:20 -06:00
rong.zhang
12c78e622b Remove nodes
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
RongZhang
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
Wong Hoi Sing Edison
a086686e9f Support multiple artifacts under individual inventory directory 2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018 FIXUP #2424: local_provisioner directory should be created only if enabled 2018-03-08 11:57:46 +08:00
RongZhang
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
fix the name of some variable
2018-03-07 21:25:32 -06:00
Chris Mildebrandt
605738757d Fix systemd version detection
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
Wong Hoi Sing Edison
3f96b2da7a Add Custom ConfigMap Support for ingress-nginx 2018-03-07 21:37:45 +08:00
RongZhang
dbf40bbbb8 docker-ce instead of docker-engine repo (#2423)
* Use docker-ce 17.03.2
* Docker-engine may be discarded
2018-03-07 15:11:20 +03:00
zhengchuan hu
646d473e8e fix the name of some variable 2018-03-07 18:30:34 +08:00
Aivars Sterns
6975cd1622
Merge pull request #2419 from hswong3i/ingress_nginx_labels
Add labels for ingress_nginx_namespace
2018-03-06 08:01:13 +02:00
Aivars Sterns
b7f9bf43c2
Merge pull request #2421 from ctlam/master
Adding ssh_private_key_file to ProxyCommand
2018-03-06 07:59:26 +02:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Dominic Lam
f9019ab116 Adding ssh_private_key_file to ProxyCommand
This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.
2018-03-05 13:15:10 -08:00
Michael Beatty
07657aecf4 add support for azure vnetResourceGroup 2018-03-05 13:40:25 -06:00
Wong Hoi Sing Edison
e65904eee3 Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled 2018-03-05 23:11:18 +08:00
Ayaz Ahmed Khan
89847d5684 Explicitly defines the --kubelet-preferred-address-types parameter
to the API server configuration.

This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
Jonas Kongslund
585303ad66 Start with three dashes for consistency 2018-03-03 10:05:05 +04:00
Jonas Kongslund
a800ed094b Added support for webhook authentication/authorization on the secure kubelet endpoint 2018-03-03 10:00:09 +04:00
Wong Hoi Sing Edison
fd46442188 Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray 2018-03-02 23:33:19 +08:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico (#2408)
Fixes #2397
2018-03-02 15:36:52 +03:00
Aivars Sterns
b75b6b513b
Merge pull request #2406 from riverzhang/fedora
Delete unused fedora docker repo
2018-03-02 09:33:57 +02:00
rong.zhang
2a3b48edaf Delete unused fedora docker repo 2018-03-02 14:39:13 +08:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
Enable OOM killing
2018-03-01 14:56:26 +01:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923 Add etcd-events cluster for kube-apiserver (#2385)
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Spencer Smith
0fd3b9f7af
Merge pull request #2391 from Miouge1/latest-helm
Install latest version of Helm
2018-02-28 15:04:41 -05:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" (#2393) 2018-02-28 22:41:52 +03:00
Brad Beam
6ce507f39f
Merge pull request #2345 from mattymo/credentials_upgrade_fix
Add pre-upgrade task for moving credentials file
2018-02-28 12:39:02 -06:00
Brad Beam
34cab91e86
Merge pull request #2366 from z1nkum/bump_dashboard_tag
Bump dashboard from 1.8.1 to 1.8.3 because of reload bug
2018-02-28 12:38:34 -06:00
Brad Beam
63de9bdba3
Merge pull request #2363 from whereismyjetpack/default-kube-proxy
default kube_proxy_mode in kubernetes-defaults
2018-02-28 12:37:46 -06:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Brad Beam
ad89d1c876 Update pre_upgrade.yml 2018-02-28 19:07:44 +03:00
Simon Li
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf 2018-02-28 16:04:52 +00:00
Miouge1
2257dc9baa Install latest version of Helm 2018-02-28 16:29:38 +01:00
Dmitry Vlasov
977e7ae105 remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3 2018-02-28 12:52:59 +03:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd (#2386)
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Matthew Mosesohn
bb469005b2 Add pre-upgrade task for moving credentials file 2018-02-27 17:35:15 +03:00
Brad Beam
89ade65ad6 Fixing etcd certs for calico rr (#2374) 2018-02-27 17:34:07 +03:00
RongZhang
128d3ef94c Fix run kubectl error (#2199)
* Fix run kubectl error

Fix run kubectl error when first master doesn't work

* if access_ip is define use first_kube_master
else different master use a different ip

* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
RongZhang
b7e06085c7 Upgrade to Kubernetes v1.9.3 (#2323)
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
Chad Swenson
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13 Fixing cert name in calico/canal for etcd check (#2358) 2018-02-22 17:37:07 +03:00
Nedim Haveric
2bd3776ddb fix apiserver manifest when disabling insecure_port 2018-02-22 14:00:32 +01:00
Brad Beam
c874f16c02 Fixing credential lookup for fe proxy and vault (#2361) 2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636 Fixed generate front proxy client certs with vault (#2359)
* Fixed generate front proxy client certs with vault

* fix vault cert management

* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268 Add health check to kube proxy (#2356)
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00