Commit graph

1746 commits

Author SHA1 Message Date
Andreas Krüger
d29a1db134
Merge pull request #2461 from woopstar/patch-11
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger
653d97dda4
Merge pull request #2472 from woopstar/patch-12
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
woopstar
40c0f3756b Encapsulate item instead of casting to string 2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428)
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Oleg Vyukov
d843e3d562 Fix indent Custom ConfigMap ingress-nginx (#2447) 2018-03-15 22:18:18 +03:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
Setting the following:

```
kube_kubeadm_controller_extra_args:
  address: 0.0.0.0
  terminated-pod-gc-threshold: "100"
```

Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
MQasimSarfraz
1bcc641dae Create vsphere clusterrole only if it doesnt exists 2018-03-14 11:29:35 +00:00
Sergey Bondarev
f8fed0f308 change expirations period for generated certificate from 10 years to 100 years 2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a Fix err in kubelet.kubeadm.env.j2
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn
f3788525ff fixes yamllint for docker defaults, and weave network plugin 2018-03-13 06:15:48 -04:00
Andreas Krüger
39d247a238
Add support to kubeadm too
Explicitly defines the --kubelet-preferred-address-types parameter #2418

Fixes #2453
2018-03-13 10:31:15 +01:00
rong.zhang
d264da8f08 Fix yamllint roles error for #2188 commit 2018-03-13 14:28:49 +08:00
MQasimSarfraz
9a4aa4288c Fix vsphere cloud_provider RBAC permissions 2018-03-12 18:07:08 +00:00
Dann Bohn
50e3ccfa2b uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt 2018-03-12 12:46:14 -04:00
RongZhang
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang
ecec94ee7e Fix Docker exits prematurely
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang
196995a1a7 Fix issues#2451 Support docker-ce and docker-engine
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
FIXUP #2424: local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen
cd153a1fb3 Fix kubernetes cert permission sync
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen
b0ab92c921 Prefix system:node CRB
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
Chad Swenson
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
Fix systemd version detection
2018-03-08 22:28:12 -06:00
zhengchuan hu
8e36ad09b4 clean http-proxy.conf 2018-03-08 23:16:02 +08:00
zhengchuan hu
96a92503cb Fix always download calico_rr image 2018-03-08 17:04:16 +08:00
RongZhang
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
Remove nodes
2018-03-08 01:55:20 -06:00
rong.zhang
12c78e622b Remove nodes
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
RongZhang
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
Wong Hoi Sing Edison
a086686e9f Support multiple artifacts under individual inventory directory 2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018 FIXUP #2424: local_provisioner directory should be created only if enabled 2018-03-08 11:57:46 +08:00
RongZhang
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
fix the name of some variable
2018-03-07 21:25:32 -06:00
Chris Mildebrandt
605738757d Fix systemd version detection
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
Wong Hoi Sing Edison
3f96b2da7a Add Custom ConfigMap Support for ingress-nginx 2018-03-07 21:37:45 +08:00
RongZhang
dbf40bbbb8 docker-ce instead of docker-engine repo (#2423)
* Use docker-ce 17.03.2
* Docker-engine may be discarded
2018-03-07 15:11:20 +03:00
zhengchuan hu
646d473e8e fix the name of some variable 2018-03-07 18:30:34 +08:00
Aivars Sterns
6975cd1622
Merge pull request #2419 from hswong3i/ingress_nginx_labels
Add labels for ingress_nginx_namespace
2018-03-06 08:01:13 +02:00
Aivars Sterns
b7f9bf43c2
Merge pull request #2421 from ctlam/master
Adding ssh_private_key_file to ProxyCommand
2018-03-06 07:59:26 +02:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Dominic Lam
f9019ab116 Adding ssh_private_key_file to ProxyCommand
This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.
2018-03-05 13:15:10 -08:00
Michael Beatty
07657aecf4 add support for azure vnetResourceGroup 2018-03-05 13:40:25 -06:00
Wong Hoi Sing Edison
e65904eee3 Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled 2018-03-05 23:11:18 +08:00
Ayaz Ahmed Khan
89847d5684 Explicitly defines the --kubelet-preferred-address-types parameter
to the API server configuration.

This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
Jonas Kongslund
585303ad66 Start with three dashes for consistency 2018-03-03 10:05:05 +04:00
Jonas Kongslund
a800ed094b Added support for webhook authentication/authorization on the secure kubelet endpoint 2018-03-03 10:00:09 +04:00
Wong Hoi Sing Edison
fd46442188 Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray 2018-03-02 23:33:19 +08:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico (#2408)
Fixes #2397
2018-03-02 15:36:52 +03:00
Aivars Sterns
b75b6b513b
Merge pull request #2406 from riverzhang/fedora
Delete unused fedora docker repo
2018-03-02 09:33:57 +02:00
rong.zhang
2a3b48edaf Delete unused fedora docker repo 2018-03-02 14:39:13 +08:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
Enable OOM killing
2018-03-01 14:56:26 +01:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923 Add etcd-events cluster for kube-apiserver (#2385)
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Spencer Smith
0fd3b9f7af
Merge pull request #2391 from Miouge1/latest-helm
Install latest version of Helm
2018-02-28 15:04:41 -05:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" (#2393) 2018-02-28 22:41:52 +03:00
Brad Beam
6ce507f39f
Merge pull request #2345 from mattymo/credentials_upgrade_fix
Add pre-upgrade task for moving credentials file
2018-02-28 12:39:02 -06:00
Brad Beam
34cab91e86
Merge pull request #2366 from z1nkum/bump_dashboard_tag
Bump dashboard from 1.8.1 to 1.8.3 because of reload bug
2018-02-28 12:38:34 -06:00
Brad Beam
63de9bdba3
Merge pull request #2363 from whereismyjetpack/default-kube-proxy
default kube_proxy_mode in kubernetes-defaults
2018-02-28 12:37:46 -06:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Brad Beam
ad89d1c876 Update pre_upgrade.yml 2018-02-28 19:07:44 +03:00
Simon Li
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf 2018-02-28 16:04:52 +00:00
Miouge1
2257dc9baa Install latest version of Helm 2018-02-28 16:29:38 +01:00
Dmitry Vlasov
977e7ae105 remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3 2018-02-28 12:52:59 +03:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd (#2386)
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Matthew Mosesohn
bb469005b2 Add pre-upgrade task for moving credentials file 2018-02-27 17:35:15 +03:00
Brad Beam
89ade65ad6 Fixing etcd certs for calico rr (#2374) 2018-02-27 17:34:07 +03:00
RongZhang
128d3ef94c Fix run kubectl error (#2199)
* Fix run kubectl error

Fix run kubectl error when first master doesn't work

* if access_ip is define use first_kube_master
else different master use a different ip

* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
RongZhang
b7e06085c7 Upgrade to Kubernetes v1.9.3 (#2323)
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
Chad Swenson
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13 Fixing cert name in calico/canal for etcd check (#2358) 2018-02-22 17:37:07 +03:00
Nedim Haveric
2bd3776ddb fix apiserver manifest when disabling insecure_port 2018-02-22 14:00:32 +01:00
Brad Beam
c874f16c02 Fixing credential lookup for fe proxy and vault (#2361) 2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636 Fixed generate front proxy client certs with vault (#2359)
* Fixed generate front proxy client certs with vault

* fix vault cert management

* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268 Add health check to kube proxy (#2356)
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73 Set filemode to 0640 (#2315)
* Set filemode to 0640

weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.

* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Matthew Mosesohn
87f33a4644 Use CNI to assign kube_pods_subnet for calico
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
Dann Bohn
2d69b05c77 set local_release_dir in downloads to match others 2018-02-21 11:35:34 -05:00
Dann Bohn
2eb57ee5cd default kube_proxy_mode in kubernetes-defaults 2018-02-21 11:33:25 -05:00
Chris Mildebrandt
85c69c2a4a Add check for atomic hosts in template 2018-02-21 08:26:18 -08:00
Matthew Mosesohn
c20f38b89c retry unmount kubelet dirs 2018-02-21 14:41:57 +03:00
Wong Hoi Sing Edison
d4c61d2628 Fixup for gce_centos7-flannel-addons 2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923 Upgrade Local Volume Provisioner Addon to v2.0.0 2018-02-21 13:41:25 +08:00
Chris Mildebrandt
c19d8994b9 Set TasksMax to infinity on any OS with systemd 2018-02-20 11:55:13 -08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022 Added cilium support (#2236)
* Added cilium support

* Fix typo in debian test config

* Remove empty lines

* Changed cilium version from <latest> to <v1.0.0-rc3>

* Add missing changes for cilium

* Add cilium to CI pipeline

* Fix wrong file name

* Check kernel version for cilium

* fixed ci error

* fixed cilium-ds.j2 template

* added waiting for cilium pods to run

* Fixed missing EOF

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed too many blank lines

* Updated tolerations,annotations in cilium DS template

* Set cilium_version to iptables-1.9 to see if bug is fixed in CI

* Update cilium image tag to v1.0.0-rc4

* Update Cilium test case CI vars filenames

* Add optional prometheus flag, adjust initial readiness delay

* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
RongZhang
c0aad0a6d5 Fix install etcd by host service (#2297)
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b Increased timeout values for k8s API server restart 2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config (#2291) 2018-02-12 10:29:46 +03:00
Antoine Legrand
46284198f8
Merge pull request #2298 from clkao/patch-2
Fix version comparison
2018-02-11 17:22:39 +01:00
RongZhang
bbb1da1a83
Fix default_resolver is undefined
fix issues #2265
2018-02-10 10:08:26 -06:00
Wong Hoi Sing Edison
07075add3d Add optional StorageClass name with cephfs_provisioner_storage_class 2018-02-10 20:31:34 +08:00