C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2806 commits 17 branches 66 tags 141 MiB
Commit graph

797 commits

Author SHA1 Message Date
Matthew Mosesohn 03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545) 
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
 2018-03-30 14:29:13 +03:00
Andreas Krüger f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename 
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
 2018-03-30 11:15:52 +02:00
RongZhang 5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory 
Node labels definition in kubelet params from inventory
 2018-03-30 03:42:52 -05:00
陈宏 4d85e3765e remove redundancy code 2018-03-30 09:19:00 +08:00
Kuldip Madnani daeeae1a91 Added retries in pre-upgrade.yml and retries while applying kube-dns.yml (#2553) 
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml

* Removed trailing spaces
 2018-03-29 11:37:32 -05:00
Andreas Krüger 270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing 
Write cloud-config during kubelet configuration
 2018-03-29 09:12:18 +02:00
Kuldip Madnani 9ebbf1c3cd Added a fix in openssl.conf template to check if IP of loadbalncer is available or not. 2018-03-28 16:34:26 -05:00
Matthew Mosesohn 72a4223884 Write cloud-config during kubelet configuration 
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
 2018-03-28 16:26:36 +03:00
Andreas Krüger 03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role 
Dedicated node for ingress nginx controller
 2018-03-28 14:07:40 +02:00
avoidik e375678674 Set exact user for Kubelet services 2018-03-27 11:13:52 +03:00
Dann Bohn 1d0415a6cf fixes typo in kube_override_hostname for kubeadm 2018-03-24 13:29:07 -04:00
Dann Bohn 9fa995ac9d only sets nodeName in kubeadm-config when kube_override_hostname is set 2018-03-23 08:33:25 -04:00
Andreas Krüger 30e4b89837
Merge pull request #2504 from brtknr/patch-1 
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
 2018-03-22 09:15:55 +01:00
Chad Swenson 9949782e96
Merge pull request #2489 from woopstar/token-fix-1 
Only copy tokens if tokens_list contains any
 2018-03-21 20:28:06 -05:00
Andreas Krüger ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1 
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
 2018-03-21 10:03:31 +01:00
Erwan Miran 8b71ef8ceb Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet 2018-03-21 09:19:05 +01:00
mirwan ee8f678010 Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446) 2018-03-21 10:50:32 +03:00
Bharat Kunwar 13e47e73c8
Update kubeadm-config.yaml.j2 
As requested
 2018-03-20 13:33:36 +00:00
Bharat Kunwar d2fd7b7462
Update kube-apiserver.manifest.j2 2018-03-20 12:19:53 +00:00
Bharat Kunwar d9453f323b
Update kube-apiserver.manifest.j2 2018-03-20 12:16:35 +00:00
Bharat Kunwar b787b76c6c
Update kube-apiserver.manifest.j2 
Ensure that kube-apiserver will respond even if one of the nodes are down.
 2018-03-20 12:06:34 +00:00
woopstar a94a407a43 Fix duplicate --proxy-client-cert-file and --proxy-client-key-file 2018-03-20 12:08:36 +01:00
Andreas Krüger f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir 
Support multiple artifacts under individual inventory directory
 2018-03-19 12:45:55 +01:00
woopstar b9a949820a Only copy tokens if tokens_list contains any 2018-03-18 08:42:38 +01:00
Andreas Krüger 50e5f0d28b
Merge pull request #2468 from LuckySB/master 
change expirations period for generated certificate from 10y to 100 years
 2018-03-17 19:43:40 +01:00
Sergey Bondarev 1481f7d64b Dedicated node for ingress nginx controller 
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller

and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
 2018-03-17 02:54:46 +03:00
Chad Swenson 7d33650019
Merge pull request #2462 from woopstar/coredns-patch 
Add CoreDNS support
 2018-03-16 18:33:36 -05:00
woopstar e40368ae2b Add CoreDNS support with various fixes 
Added CoreDNS to downloads

Updated with labels. Should now work without RBAC too

Fix DNS settings on hosts

Rename CoreDNS service from kube-dns to coredns

Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html

Updated docs with CoreDNS info

Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed

Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806'

Set dns list correct. Thanks to @whereismyjetpack

Only download KubeDNS or CoreDNS if selected

Move dns cleanup to its own file and import tasks based on dns mode

Fix install of KubeDNS when dnsmask_kubedns mode is selected

Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.

Run DNS manifests for CoreDNS and KubeDNS

Set skydns servers on dual stack deployment

Use only one template for CoreDNS dual deployment

Set correct cluster ip for the dns server
 2018-03-16 21:51:37 +01:00
Sergey Bondarev 3fac550090 Merge remote-tracking branch 'upstream/master' 2018-03-16 14:09:54 +03:00
Andreas Krüger d29a1db134
Merge pull request #2461 from woopstar/patch-11 
Add support to kubeadm too
 2018-03-16 08:24:31 +01:00
Andreas Krüger 653d97dda4
Merge pull request #2472 from woopstar/patch-12 
Make sure output from extra args is strings
 2018-03-16 08:23:50 +01:00
woopstar 40c0f3756b Encapsulate item instead of casting to string 2018-03-15 20:27:21 +01:00
Andreas Krüger 3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428) 
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
 2018-03-15 22:20:05 +03:00
Andreas Krüger 788e41a315
Make sure output from extra args is strings 
Setting the following:

```
kube_kubeadm_controller_extra_args:
  address: 0.0.0.0
  terminated-pod-gc-threshold: "100"
```

Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
 2018-03-14 19:23:43 +01:00
Sergey Bondarev f8fed0f308 change expirations period for generated certificate from 10 years to 100 years 2018-03-14 13:33:36 +03:00
zhengchuan hu d1e6632e6a Fix err in kubelet.kubeadm.env.j2 
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
 2018-03-14 17:25:21 +08:00
Aivars Sterns 710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group 
add support for azure vnetResourceGroup
 2018-03-13 17:42:09 +02:00
Andreas Krüger 39d247a238
Add support to kubeadm too 
Explicitly defines the --kubelet-preferred-address-types parameter #2418

Fixes #2453
 2018-03-13 10:31:15 +01:00
Dann Bohn 50e3ccfa2b uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt 2018-03-12 12:46:14 -04:00
Aivars Sterns 436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix 
Fix indexing of supplementary DNS in openssl.conf
 2018-03-12 10:54:56 +02:00
Aivars Sterns 5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br 
Explicitly defines the --kubelet-preferred-address-types parameter
 2018-03-12 10:53:48 +02:00
Spencer Smith 3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default 
FIXUP #2424: local_provisioner directory should be created only if enabled
 2018-03-10 09:00:35 -05:00
Spencer Smith c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix 
Fix kubernetes cert permission sync
 2018-03-09 15:10:35 -05:00
chadswen cd153a1fb3 Fix kubernetes cert permission sync 
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
 2018-03-09 00:11:10 -06:00
Wong Hoi Sing Edison a086686e9f Support multiple artifacts under individual inventory directory 2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison 6402004018 FIXUP #2424: local_provisioner directory should be created only if enabled 2018-03-08 11:57:46 +08:00
zhengchuan hu 646d473e8e fix the name of some variable 2018-03-07 18:30:34 +08:00
Michael Beatty 07657aecf4 add support for azure vnetResourceGroup 2018-03-05 13:40:25 -06:00
Ayaz Ahmed Khan 89847d5684 Explicitly defines the --kubelet-preferred-address-types parameter 
to the API server configuration.

This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
 2018-03-05 15:25:14 +01:00
Jonas Kongslund a800ed094b Added support for webhook authentication/authorization on the secure kubelet endpoint 2018-03-03 10:00:09 +04:00