Commit graph

529 commits

Author SHA1 Message Date
Matthew Mosesohn
fe16fecd8f Fix canal's calico networking config for ETCD TLS
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f Merge pull request #591 from kubernetes-incubator/etcdtls
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7 Add etcd TLS support 2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94 Remove etcd-proxy from all nodes and use etcd multiaccess 2016-11-09 13:31:12 +03:00
Bogdan Dobrelya
764a2fd5a8 Merge pull request #588 from adidenko/canal-support
Adding support for canal network plugin
2016-11-09 10:31:56 +01:00
Aleksandr Didenko
4ece73d432 Fix idempotency of calico-policy-controller rs
We need to specify kube resource type and name in order to avoid
playbook errors related to k8s resource duplication.
2016-11-08 12:59:18 +01:00
Aleksandr Didenko
60a217766f Add ConfigMap for basic configuration options
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f Adding support for canal network plugin
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:

https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Spencer Smith
8f20d90f88 update admission controllers for > 1.4 2016-11-04 12:54:35 -04:00
Jan Jungnickel
f9355ea14d Swap order in which we reload docker/socket 2016-11-01 13:12:40 +01:00
Jan Jungnickel
2ca6819cdf Reload docker.socket after installing flannel on coreos
Workaround for #569
2016-11-01 13:12:32 +01:00
Smaine Kahlouch
d6f206b5fd Merge pull request #561 from kubespray/rsync_certs
Use tar+register instead of copy/slurp for distributing tokens and certs
2016-10-27 10:52:41 +02:00
Matthew Mosesohn
2778ac61a4 Add new var skip_dnsmasq_k8s
If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-10-26 17:56:15 +03:00
Matthew Mosesohn
c7b00caeaa Use tar+register instead of copy/slurp for distributing tokens and certs
Related bug: https://github.com/ansible/ansible/issues/15405

Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.

This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Bogdan Dobrelya
c59c3a1bcf Fix idempotency/recurrence of download and preinstall
* Don't push containers if not changed
* Do preinstall role only once and redistribute defaults to
  corresponding roles

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-24 18:28:53 +02:00
Smaine Kahlouch
4c0bf6225a Merge pull request #562 from kubespray/enable_standalone_node
Enable standalone node deployment
2016-10-24 13:10:53 +02:00
Smaine Kahlouch
b11662a887 Merge pull request #558 from chadswen/etcdctl-path
Use absolute path for etcdctl
2016-10-21 23:06:15 +02:00
Matthew Mosesohn
11f1f71b3b dynamically calculate etcd peer names 2016-10-21 16:17:50 +03:00
Matthew Mosesohn
0e9d1e09e3 Sync master tokens only with those in play_hosts 2016-10-21 14:43:41 +03:00
Matthew Mosesohn
65d2a3b0e5 Use only native cachable hostvars for etcd set_facts 2016-10-21 14:39:58 +03:00
Matthew Mosesohn
4b7347f1cd fix dnsmasq template cloud_provider lookup 2016-10-21 13:00:40 +03:00
Chad Swenson
e6902d8ecc Use absolute path for etcdctl
Small fix. The shell module won't automatically resolve the path to the etcdctl binary, so i prefixed with {{ bin_dir }}/
2016-10-20 14:56:52 -05:00
Smaine Kahlouch
a423927ac9 Merge pull request #546 from chadswen/dependency-variables
Parameterize dependency endpoints
2016-10-18 18:42:17 +02:00
Smana
91a101c855 upgrade to k8s v1.4.3 2016-10-18 12:52:35 +02:00
Chad Swenson
c402feffbd Parameterize several dependency endpoints so that they can be overridden with internal mirrors.
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-15 12:26:52 -05:00
Smana
dd022f2dbc upgrade calico version v0.22.0 2016-10-15 15:01:45 +02:00
Smana
21273926ce upgrade flannel version 2016-10-12 21:55:39 +02:00
Matthew Mosesohn
71347322d6 Add cluster-cidr to kube-proxy config
This option enables masquerading for traffic directed at pods
that comes frmom outside the cluster.
2016-10-12 19:13:33 +03:00
Smaine Kahlouch
c9769965b8 Merge pull request #540 from aateem/enable-network-policy
Add possibility to enable network policy via Calico network controller
2016-10-11 12:10:56 +02:00
Smana
056f4b6c00 upgrade to kubernetes version 1.4.0
test to change the machine type

Revert "test to change the machine type"

This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.

use google dns server when no upstream dns are defined

comment upstream_dns_servers

update documentation

remove deprecated kubelet flags

Revert "remove deprecated kubelet flags"

This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Artem Roma
3919d666c1 Add possibility to enable network policy via Calico network controller
The requirements for network policy feature are described here [1]. In
order to enable it, appropriate configuration must be provided to the CNI
plug in and Calico policy controller must be set up. Beside that
corresponding extensions needed to be enabled in k8s API.

Now to turn on the feature user can define `enable_network_policy`
customization variable for Ansible.

[1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 17:22:12 +03:00
Sergey Vasilenko
dea4210da1 Bump Calico-CNI plugin binaries versions
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
a6344f7561 Changes in Kubernetes and Calico-CNI plugin config files
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
c490e5c8a1 Merge pull request #528 from kubespray/proxy-nginx
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6 use nginx proxy on non-master nodes to proxy apiserver traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.

Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d Merge pull request #491 from kubespray/calicopools
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76 Merge branch 'master' into reverselookups 2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193 Enable quorum read for apiserver
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a Add support for --masquerade-all in kube-proxy
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.

Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068 Skip download_run_once for binaries as unimplemented yet
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed add kube-masters to SSL certificate 2016-09-29 15:12:30 +03:00
Smaine Kahlouch
aaa3f1c491 Merge pull request #502 from adidenko/custom-calico-hyperkube
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
5889f7af0e Merge pull request #515 from adidenko/fix-delegate-to
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
5579cddbdb Disable reverse lookups again
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
2b6866484e Allow to use custom "canalized" calico cni
- Allow to overwrite calico cni binaries copied from hyperkube
  by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
34a27b0127 Move kube_version var to defaults
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
948d1d61ff Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
c96a9bfdfd Merge pull request #518 from bogdando/issues/516
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
550bda951e Change method to set use_hyperkube_cni var bool
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00