Matthew Mosesohn
df09b8dc36
Merge pull request #1159 from holser/etcd_backup_restore
...
Backup etcd
2017-03-21 13:07:44 +03:00
Matthew Mosesohn
b7fbf19c91
Merge pull request #1162 from holser/bump_coreos_ci
...
Bump CoreOS stable to latest version
2017-03-20 17:45:04 +03:00
Matthew Mosesohn
db7a4f3171
Merge pull request #1160 from mattymo/simpler_idempotency
...
Make reset check on idempotency check optional
2017-03-20 17:04:51 +03:00
Matthew Mosesohn
b68e545bad
Merge pull request #1155 from mattymo/helm
...
Add helm deployment
2017-03-20 17:00:06 +03:00
Sergii Golovatiuk
e635fecc01
Backup etcd data before restarting etcd
...
etcd is crucial part of kubernetes cluster. Ansible restarts etcd on
reconfiguration. Backup helps operator to restore cluster manually in
case of any issues.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-20 14:50:52 +01:00
Sergii Golovatiuk
6ebe3ab512
Bump CoreOS stable to latest version
...
1298.6.0 fixes some sporadic network issues. It also includes docker
1.12.6 which includes several stability fixes for kubernetes.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-20 14:31:33 +01:00
Vincent Schwarzer
ba9f17165e
Fixes for AWS Terraform Deployment
2017-03-20 12:08:17 +01:00
Matthew Mosesohn
b47e4dae80
Make reset check on idempotency check optional
...
By default we do not test reset.yml now.
2017-03-20 13:16:58 +03:00
Matthew Mosesohn
780b4e4d3c
Merge pull request #1105 from VincentS/aws_deployment
...
AWS Terraform for Kargo
2017-03-20 12:55:11 +03:00
Antoine Legrand
4a9e02bd37
Merge pull request #1158 from rutsky/patch-6
...
limit jinja2 version to <2.9
2017-03-19 23:42:11 +01:00
Vladimir Rutsky
c83a7a6c0f
limit jinja2 version to <2.9
...
Ansible 2.2.1 requires jinja2<2.9, see <https://github.com/ansible/ansible/blob/v2.2.1.0-1/setup.py#L25 >,
but without explicit limiting upper jinja2 version here pip ignores
Ansible requirements and installs latest available jinja2
(pip is not very smart here), which is incompatible with with
Ansible 2.2.1.
With incompatible jinja2 version "ansible-vault create" (and probably other parts)
fails with:
ERROR! Unexpected Exception: The 'jinja2<2.9' distribution was not found
and is required by ansible
This upper limit should be removed in 2.2.2 release, see:
<978311bf3f
>
2017-03-20 01:33:08 +03:00
Matthew Mosesohn
f9ef55c796
Merge pull request #1152 from mattymo/redhat_weave
...
Fix weave on RHEL deployment
2017-03-19 16:45:20 +03:00
Matthew Mosesohn
182a2e682f
Merge pull request #1149 from mattymo/centos-retries
...
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
579a6299c0
Add helm deployment
2017-03-17 20:24:41 +03:00
Matthew Mosesohn
9e507f365a
Merge pull request #1157 from rutsky/remove-change-k8s-version
...
remove obsolete script
2017-03-17 20:23:34 +03:00
Vladimir Rutsky
86658bc5ee
remove obsolete script
...
Currently Kubernetes version can be selected using "kube_version" variable.
2017-03-17 20:09:36 +03:00
Matthew Mosesohn
bf72882a8f
Merge pull request #1156 from rutsky/patch-5
...
fix jinja package name
2017-03-17 20:08:36 +03:00
Vladimir Rutsky
6c45d868ff
fix jinja package name
...
Jinja 2.* releases are published under `Jinja2` name.
2017-03-17 20:07:49 +03:00
Matthew Mosesohn
dd56342361
Retry yum/apt/rpm download commands, fix succeeded filter
2017-03-17 18:56:26 +03:00
Matthew Mosesohn
b060d3279c
Merge pull request #1146 from mattymo/resolvconf_optimize
...
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
446a4bbdc8
Fix weave on RHEL deployment
...
Reduce retry delay checking weave
Always load br_netfilter module
2017-03-17 18:17:47 +03:00
Matthew Mosesohn
a5876a1ac8
Merge pull request #1136 from adidenko/fix-calico-policy-order
...
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
1adf231512
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
9454acde87
Merge pull request #1147 from mattymo/calico-update
...
Update calico to 1.1.0-rc8
2017-03-17 13:17:41 +03:00
Matthew Mosesohn
2586d01345
Condense resolvconf sources before starting loop
2017-03-17 13:06:56 +03:00
Matthew Mosesohn
7575d83467
Merge pull request #1148 from VincentS/patch-1
...
Fixed Formatting / Ansbile-Playbook Command Upgrade Cluster
2017-03-16 19:55:59 +03:00
Vincent Schwarzer
9c4d668548
Fixed Formatting / Ansbile-Playbook Command
...
- added -b and fixed typo in ansible-playbook command
- fixed formatting issue
2017-03-16 17:53:48 +01:00
Matthew Mosesohn
3ee77a08cd
Update calico to 1.1.0-rc8
...
Fixes bug in CentOS/RHEL in felix related to overlayfs driver.
2017-03-16 19:23:36 +03:00
Matthew Mosesohn
bf5bf13003
Merge pull request #1087 from bradbeam/openstack
...
Adding openstack domain id
2017-03-16 17:53:14 +03:00
Matthew Mosesohn
7e13e17d9f
Merge pull request #1108 from idcrook/issue_1107-docker-versioning
...
Adding Docker CE 'stable' and 'edge' version packages
2017-03-16 16:32:13 +03:00
Matthew Mosesohn
af82710e09
Merge pull request #1141 from mattymo/idempotency2
...
More idempotency fixes
2017-03-16 12:29:42 +03:00
Matthew Mosesohn
ad03f3ac84
Merge branch 'master' into idempotency2
2017-03-16 09:29:43 +03:00
Matthew Mosesohn
261aeb6112
Merge pull request #1138 from mattymo/idempotency-fixes
...
Idempotency fixes for etcd certs and resolvconf tasks
2017-03-16 09:20:28 +03:00
Bogdan Dobrelya
6b69174ec2
Merge pull request #1109 from pcm32/feature/fixTerraformOS
...
Restores working order of contrib/terraform/openstack
2017-03-15 17:15:35 +01:00
Matthew Mosesohn
fad22bae97
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
7b5d6c7a06
Merge pull request #1137 from holser/bug/1135
...
Turn on iptables for flannel
2017-03-15 17:06:42 +03:00
Bogdan Dobrelya
bc565cb111
Merge pull request #1140 from VincentS/jinja28
...
Added Jinja 2.8 to Docs
2017-03-15 13:18:53 +01:00
Vincent Schwarzer
59f2934c53
Added Jinja 2.8 to Docs
...
Added Jinja 2.8 Requirements to docs and pip requirements file which
is needed to run the current Ansible Playbooks.
2017-03-15 13:11:09 +01:00
Matthew Mosesohn
8540df89e0
Merge pull request #1139 from VincentS/docu_fix
...
Fix for CoreOS Docu
2017-03-15 15:06:41 +03:00
Vincent Schwarzer
eabea728c6
Fixed CoreOS Docu
...
CoreOS docu was referencing outdated bootstrap playbook that
is now part of kargo itself.
2017-03-15 13:04:01 +01:00
Matthew Mosesohn
20247b9c0a
Merge pull request #1080 from VincentS/Granular_Auth_Control
...
Granular authentication Control
2017-03-15 13:12:51 +03:00
Matthew Mosesohn
210d9503f3
Merge pull request #1117 from mattymo/etcd3-upgrade
...
Migrate k8s data to etcd3 api store
2017-03-15 12:56:06 +03:00
Matthew Mosesohn
4287993811
Make resolvconf preinstall idempotent
2017-03-15 01:20:13 +04:00
Sergii Golovatiuk
97a7f1c4a5
Turn on iptables for flannel
...
Closes : #1135
Closes : #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-14 17:54:55 +01:00
Vincent Schwarzer
ea1f072c7e
Granular authentication Control
...
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Matthew Mosesohn
8450ff00cc
Merge pull request #1134 from mattymo/1.6-support
...
Explicitly set cni-bin-dir
2017-03-14 17:53:08 +03:00
Matthew Mosesohn
25b366dd98
Migrate k8s data to etcd3 api store
...
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
2017-03-14 17:50:20 +03:00
Matthew Mosesohn
bb66bb19e8
Fix etcd idempotency
2017-03-14 17:23:29 +03:00
Matthew Mosesohn
e486dabc42
Merge pull request #1078 from VincentS/oidc_support
...
Added Support for OpenID Connect Authentication
2017-03-14 12:07:21 +03:00
Matthew Mosesohn
944fa9d975
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00