Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Andreas Krüger
f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
...
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
RongZhang
5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
...
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
陈宏
4d85e3765e
remove redundancy code
2018-03-30 09:19:00 +08:00
Kuldip Madnani
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
...
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
2018-03-29 11:37:32 -05:00
Andreas Krüger
270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing
...
Write cloud-config during kubelet configuration
2018-03-29 09:12:18 +02:00
Kuldip Madnani
9ebbf1c3cd
Added a fix in openssl.conf template to check if IP of loadbalncer is available or not.
2018-03-28 16:34:26 -05:00
Matthew Mosesohn
72a4223884
Write cloud-config during kubelet configuration
...
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
2018-03-28 16:26:36 +03:00
Andreas Krüger
03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role
...
Dedicated node for ingress nginx controller
2018-03-28 14:07:40 +02:00
avoidik
e375678674
Set exact user for Kubelet services
2018-03-27 11:13:52 +03:00
Dann Bohn
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
2018-03-24 13:29:07 -04:00
Dann Bohn
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
2018-03-23 08:33:25 -04:00
Andreas Krüger
30e4b89837
Merge pull request #2504 from brtknr/patch-1
...
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
2018-03-22 09:15:55 +01:00
Chad Swenson
9949782e96
Merge pull request #2489 from woopstar/token-fix-1
...
Only copy tokens if tokens_list contains any
2018-03-21 20:28:06 -05:00
Andreas Krüger
ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1
...
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-21 10:03:31 +01:00
Erwan Miran
8b71ef8ceb
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
2018-03-21 09:19:05 +01:00
mirwan
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
2018-03-21 10:50:32 +03:00
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
...
As requested
2018-03-20 13:33:36 +00:00
Bharat Kunwar
d2fd7b7462
Update kube-apiserver.manifest.j2
2018-03-20 12:19:53 +00:00
Bharat Kunwar
d9453f323b
Update kube-apiserver.manifest.j2
2018-03-20 12:16:35 +00:00
Bharat Kunwar
b787b76c6c
Update kube-apiserver.manifest.j2
...
Ensure that kube-apiserver will respond even if one of the nodes are down.
2018-03-20 12:06:34 +00:00
woopstar
a94a407a43
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-20 12:08:36 +01:00
Andreas Krüger
f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir
...
Support multiple artifacts under individual inventory directory
2018-03-19 12:45:55 +01:00
woopstar
b9a949820a
Only copy tokens if tokens_list contains any
2018-03-18 08:42:38 +01:00
Andreas Krüger
50e5f0d28b
Merge pull request #2468 from LuckySB/master
...
change expirations period for generated certificate from 10y to 100 years
2018-03-17 19:43:40 +01:00
Sergey Bondarev
1481f7d64b
Dedicated node for ingress nginx controller
...
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller
and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
2018-03-17 02:54:46 +03:00
Chad Swenson
7d33650019
Merge pull request #2462 from woopstar/coredns-patch
...
Add CoreDNS support
2018-03-16 18:33:36 -05:00
woopstar
e40368ae2b
Add CoreDNS support with various fixes
...
Added CoreDNS to downloads
Updated with labels. Should now work without RBAC too
Fix DNS settings on hosts
Rename CoreDNS service from kube-dns to coredns
Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html
Updated docs with CoreDNS info
Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed
Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806 '
Set dns list correct. Thanks to @whereismyjetpack
Only download KubeDNS or CoreDNS if selected
Move dns cleanup to its own file and import tasks based on dns mode
Fix install of KubeDNS when dnsmask_kubedns mode is selected
Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.
Run DNS manifests for CoreDNS and KubeDNS
Set skydns servers on dual stack deployment
Use only one template for CoreDNS dual deployment
Set correct cluster ip for the dns server
2018-03-16 21:51:37 +01:00
Sergey Bondarev
3fac550090
Merge remote-tracking branch 'upstream/master'
2018-03-16 14:09:54 +03:00
Andreas Krüger
d29a1db134
Merge pull request #2461 from woopstar/patch-11
...
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger
653d97dda4
Merge pull request #2472 from woopstar/patch-12
...
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
woopstar
40c0f3756b
Encapsulate item instead of casting to string
2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179
Added option for encrypting secrets to etcd v.2 ( #2428 )
...
* Added option for encrypting secrets to etcd
* Fix keylength to 32
* Forgot the default
* Rename secrets.yaml to secrets_encryption.yaml
* Fix static path for secrets file to use ansible variable
* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2
* Base64 encode the token
* Fixed merge error
* Changed path to credentials dir
* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions
* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
...
Setting the following:
```
kube_kubeadm_controller_extra_args:
address: 0.0.0.0
terminated-pod-gc-threshold: "100"
```
Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
Sergey Bondarev
f8fed0f308
change expirations period for generated certificate from 10 years to 100 years
2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a
Fix err in kubelet.kubeadm.env.j2
...
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
...
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
Andreas Krüger
39d247a238
Add support to kubeadm too
...
Explicitly defines the --kubelet-preferred-address-types parameter #2418
Fixes #2453
2018-03-13 10:31:15 +01:00
Dann Bohn
50e3ccfa2b
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-12 12:46:14 -04:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
...
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
...
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
...
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
...
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
chadswen
cd153a1fb3
Fix kubernetes cert permission sync
...
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
Wong Hoi Sing Edison
a086686e9f
Support multiple artifacts under individual inventory directory
2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-08 11:57:46 +08:00
zhengchuan hu
646d473e8e
fix the name of some variable
2018-03-07 18:30:34 +08:00
Michael Beatty
07657aecf4
add support for azure vnetResourceGroup
2018-03-05 13:40:25 -06:00
Ayaz Ahmed Khan
89847d5684
Explicitly defines the --kubelet-preferred-address-types parameter
...
to the API server configuration.
This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
Jonas Kongslund
a800ed094b
Added support for webhook authentication/authorization on the secure kubelet endpoint
2018-03-03 10:00:09 +04:00