Matthew Mosesohn
fe16fecd8f
Fix canal's calico networking config for ETCD TLS
...
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f
Merge pull request #591 from kubernetes-incubator/etcdtls
...
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7
Add etcd TLS support
2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94
Remove etcd-proxy from all nodes and use etcd multiaccess
2016-11-09 13:31:12 +03:00
Bogdan Dobrelya
764a2fd5a8
Merge pull request #588 from adidenko/canal-support
...
Adding support for canal network plugin
2016-11-09 10:31:56 +01:00
Aleksandr Didenko
4ece73d432
Fix idempotency of calico-policy-controller rs
...
We need to specify kube resource type and name in order to avoid
playbook errors related to k8s resource duplication.
2016-11-08 12:59:18 +01:00
Aleksandr Didenko
60a217766f
Add ConfigMap for basic configuration options
...
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f
Adding support for canal network plugin
...
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:
https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Spencer Smith
8f20d90f88
update admission controllers for > 1.4
2016-11-04 12:54:35 -04:00
Jan Jungnickel
f9355ea14d
Swap order in which we reload docker/socket
2016-11-01 13:12:40 +01:00
Jan Jungnickel
2ca6819cdf
Reload docker.socket after installing flannel on coreos
...
Workaround for #569
2016-11-01 13:12:32 +01:00
Smaine Kahlouch
d6f206b5fd
Merge pull request #561 from kubespray/rsync_certs
...
Use tar+register instead of copy/slurp for distributing tokens and certs
2016-10-27 10:52:41 +02:00
Matthew Mosesohn
2778ac61a4
Add new var skip_dnsmasq_k8s
...
If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-10-26 17:56:15 +03:00
Matthew Mosesohn
c7b00caeaa
Use tar+register instead of copy/slurp for distributing tokens and certs
...
Related bug: https://github.com/ansible/ansible/issues/15405
Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.
This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Bogdan Dobrelya
c59c3a1bcf
Fix idempotency/recurrence of download and preinstall
...
* Don't push containers if not changed
* Do preinstall role only once and redistribute defaults to
corresponding roles
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-24 18:28:53 +02:00
Smaine Kahlouch
4c0bf6225a
Merge pull request #562 from kubespray/enable_standalone_node
...
Enable standalone node deployment
2016-10-24 13:10:53 +02:00
Smaine Kahlouch
b11662a887
Merge pull request #558 from chadswen/etcdctl-path
...
Use absolute path for etcdctl
2016-10-21 23:06:15 +02:00
Matthew Mosesohn
11f1f71b3b
dynamically calculate etcd peer names
2016-10-21 16:17:50 +03:00
Matthew Mosesohn
0e9d1e09e3
Sync master tokens only with those in play_hosts
2016-10-21 14:43:41 +03:00
Matthew Mosesohn
65d2a3b0e5
Use only native cachable hostvars for etcd set_facts
2016-10-21 14:39:58 +03:00
Matthew Mosesohn
4b7347f1cd
fix dnsmasq template cloud_provider lookup
2016-10-21 13:00:40 +03:00
Chad Swenson
e6902d8ecc
Use absolute path for etcdctl
...
Small fix. The shell module won't automatically resolve the path to the etcdctl binary, so i prefixed with {{ bin_dir }}/
2016-10-20 14:56:52 -05:00
Smaine Kahlouch
a423927ac9
Merge pull request #546 from chadswen/dependency-variables
...
Parameterize dependency endpoints
2016-10-18 18:42:17 +02:00
Smana
91a101c855
upgrade to k8s v1.4.3
2016-10-18 12:52:35 +02:00
Chad Swenson
c402feffbd
Parameterize several dependency endpoints so that they can be overridden with internal mirrors.
...
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-15 12:26:52 -05:00
Smana
dd022f2dbc
upgrade calico version v0.22.0
2016-10-15 15:01:45 +02:00
Smana
21273926ce
upgrade flannel version
2016-10-12 21:55:39 +02:00
Matthew Mosesohn
71347322d6
Add cluster-cidr to kube-proxy config
...
This option enables masquerading for traffic directed at pods
that comes frmom outside the cluster.
2016-10-12 19:13:33 +03:00
Smaine Kahlouch
c9769965b8
Merge pull request #540 from aateem/enable-network-policy
...
Add possibility to enable network policy via Calico network controller
2016-10-11 12:10:56 +02:00
Smana
056f4b6c00
upgrade to kubernetes version 1.4.0
...
test to change the machine type
Revert "test to change the machine type"
This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.
use google dns server when no upstream dns are defined
comment upstream_dns_servers
update documentation
remove deprecated kubelet flags
Revert "remove deprecated kubelet flags"
This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Artem Roma
3919d666c1
Add possibility to enable network policy via Calico network controller
...
The requirements for network policy feature are described here [1]. In
order to enable it, appropriate configuration must be provided to the CNI
plug in and Calico policy controller must be set up. Beside that
corresponding extensions needed to be enabled in k8s API.
Now to turn on the feature user can define `enable_network_policy`
customization variable for Ansible.
[1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 17:22:12 +03:00
Sergey Vasilenko
dea4210da1
Bump Calico-CNI plugin binaries versions
...
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
a6344f7561
Changes in Kubernetes and Calico-CNI plugin config files
...
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
c490e5c8a1
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00
Smaine Kahlouch
aaa3f1c491
Merge pull request #502 from adidenko/custom-calico-hyperkube
...
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
5889f7af0e
Merge pull request #515 from adidenko/fix-delegate-to
...
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
5579cddbdb
Disable reverse lookups again
...
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
2b6866484e
Allow to use custom "canalized" calico cni
...
- Allow to overwrite calico cni binaries copied from hyperkube
by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
34a27b0127
Move kube_version var to defaults
...
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
948d1d61ff
Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
...
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
c96a9bfdfd
Merge pull request #518 from bogdando/issues/516
...
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
550bda951e
Change method to set use_hyperkube_cni var bool
...
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00