C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1410 commits 17 branches 66 tags 141 MiB
Commit graph

818 commits

Author SHA1 Message Date
Sergii Golovatiuk
07416a329e Install pip on Ubuntu 
- Refactor 'Check if bootstrap is needed' as ansible loop. This allows
  to add new elements easily without refactoring. Add pip to the list.
- Refactor 'Install python 2.x' task to run once if any of rc
  codes != 0. Actually, need_bootstrap is array of hashes, so map will
  allow to get single array of rc statuses. So if status is not zero it
  will be sorted and the last element will be get, converted to bool.

Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-13 19:35:13 +01:00
Antoine Legrand
f7f6cf9948 Merge pull request #1024 from holser/bug/961 
Install pip on Ubuntu
 2017-02-13 17:53:57 +01:00
Sergii Golovatiuk
4b7398f29c Install pip on Ubuntu 
Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-13 16:27:09 +01:00
Matthew Mosesohn
2e12ebb9cb Clean up dnsmasq purge task 2017-02-13 17:30:15 +03:00
Matthew Mosesohn
896307b692 Merge pull request #988 from mattymo/feat/rolling3 
Add CI cases for testing upgrade from v2.0.1 release
 2017-02-10 18:09:43 +03:00
Matthew Mosesohn
543848c41e Merge pull request #983 from vwfs/centos_kernel_upgrade 
Add kernel upgrade for CentOS
 2017-02-10 14:40:27 +03:00
Antoine Legrand
6bd180eadf Merge pull request #1009 from mattymo/dnsmasq_updates 
Enable reset of dnsmasq if manifest or config changes
 2017-02-10 11:43:09 +01:00
Matthew Mosesohn
ccd865c564 fixup upgrades for canal and weave 2017-02-10 13:27:41 +03:00
Bogdan Dobrelya
0ddcc74412 Merge pull request #1002 from code0x9/master 
use ansible sysctl module for config ip forwarding
 2017-02-10 10:40:18 +01:00
Alexander Block
aeb12fdc10 Add kernel upgrade for CentOS 2017-02-10 09:29:12 +01:00
Matthew Mosesohn
cfe50795e2 Enable reset of dnsmasq if manifest or config changes 2017-02-10 10:40:07 +04:00
Matthew Mosesohn
14e10988fc Merge pull request #989 from holser/kubelet_remedy 
Kubernetes Reliability Improvements
 2017-02-10 09:29:29 +03:00
Matthew Mosesohn
729bf56910 Merge pull request #1004 from galthaus/kubelet-load-modules 
Allow kubelet to load kernel modules
 2017-02-10 09:28:16 +03:00
Sergii Golovatiuk
c0d2cca45d Kubernetes Reliability Improvements 
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
  chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
  node-monitor-period, pod-eviction-timeout for Kubernetes controller
  manager
- Add Kubernetes Relaibility Documentation with recomendations for
  various scenarios.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-09 23:54:08 +01:00
Matthew Mosesohn
e0cfea02bf Enable weave upgrade from previous versions 
Raise readiness probe initial time to 60 (was 30)
 2017-02-09 21:39:31 +03:00
Matthew Mosesohn
b68afe7efa Merge pull request #998 from mattymo/fix_upgrade_daemonsets 
Fix upgrade for all daemonset type resources
 2017-02-09 20:02:21 +03:00
Greg Althaus
d6f1f0c88b Make kubelet_load_modules always present but false. 
Update code and docs for that assumption.
 2017-02-09 10:25:44 -06:00
Greg Althaus
8f00a07bf6 Due to the nsenter and other reworks, it appears that 
kubelet lost the ability to load kernel modules.  This
puts that back by adding the lib/modules mount to kubelet.

The new variable kubelet_load_modules can be set to true
to enable this item.  It is OFF by default.
 2017-02-09 10:02:26 -06:00
Matthew Mosesohn
b5cfeca474 Merge pull request #999 from holser/decrease_weave_ram_limits 
Lower weave RAM settings.
 2017-02-09 13:19:12 +03:00
Mark Lee
331957c9a8 follow sysctl.conf file symlink if linked 2017-02-09 18:16:52 +09:00
Mark Lee
224e6acb3a use ansible sysctl module for config ip forwarding 2017-02-09 17:28:44 +09:00
Bogdan Dobrelya
93c562b1bb Merge pull request #902 from insequent/master 
Adding vault role
 2017-02-09 09:24:52 +01:00
Bogdan Dobrelya
d0f4ab3129 Merge pull request #993 from code0x9/master 
enable proxy support on docker repository
 2017-02-09 09:21:01 +01:00
Antoine Legrand
35a7ad55d0 Merge pull request #986 from vwfs/dnsmasq_system_nameservers 
Also add the system nameservers to upstream servers in dnsmasq
 2017-02-08 23:21:54 +01:00
Josh Conant
764ad6e099 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Josh Conant
1025d489ad Adding the Vault role 2017-02-08 21:31:28 +00:00
Sergii Golovatiuk
bde4d11a4a Lower weave RAM settings. 
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
  to continue using g1-small for CI
 2017-02-08 18:50:36 +01:00
Matthew Mosesohn
2d1109e09e Fix upgrade for all daemonset type resources 
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
 2017-02-08 18:16:00 +03:00
Alexander Block
94d9f03ddb Also add the system nameservers to upstream servers in dnsmasq 
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
 2017-02-08 14:38:55 +01:00
Matthew Mosesohn
0ea7f94b0c Merge pull request #994 from mattymo/docker_save 
Change docker save compress level to 1
 2017-02-08 15:13:15 +03:00
Matthew Mosesohn
ce3bee4eb8 Merge pull request #990 from mattymo/fix_cert_upgrade 
Fix check for node-NODEID certs existence
 2017-02-08 14:44:09 +03:00
Matthew Mosesohn
94407f86ff Merge pull request #971 from bradbeam/efk 
Adding EFK logging stack
 2017-02-08 14:28:04 +03:00
Mark Lee
3cc9693895 Update rh_docker.repo.j2 2017-02-08 20:03:51 +09:00
Matthew Mosesohn
3c7952d7f1 Merge pull request #992 from vwfs/host_mount_dev 
Host mount /dev for kubelet
 2017-02-08 13:45:22 +03:00
Matthew Mosesohn
a4caceedef Change docker save compress level to 1 
Faster gzip improves CI deploy times by at least 2 mins.

Fixes #982
 2017-02-08 13:25:11 +03:00
Mark Lee
5a2de36a55 Merge branch 'master' of https://github.com/kubespray/kargo 2017-02-08 19:19:26 +09:00
Mark Lee
8783cef044 enable proxy support on docker repository 2017-02-08 19:19:08 +09:00
Matthew Mosesohn
0de857a18a Merge pull request #987 from mattymo/etcd-retune 
Re-tune ETCD performance params
 2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
320d03c01c Merge pull request #956 from adidenko/update-netchecker 
Update playbooks to support new netchecker
 2017-02-08 10:09:46 +01:00
Alexander Block
08367f4abb Host mount /dev for kubelet 2017-02-08 09:55:51 +01:00
Matthew Mosesohn
012bc49404 Fix check for node-NODEID certs existence 
Fixes upgrade from pre-individual node cert envs.
 2017-02-07 21:06:48 +03:00
Matthew Mosesohn
ad2e1e10bf Re-tune ETCD performance params 
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
 2017-02-07 20:15:14 +03:00
Matthew Mosesohn
7bfade0fbb Merge pull request #969 from mattymo/port_reserve 
Prevent dynamic port allocation in nodePort range
 2017-02-07 18:24:57 +03:00
Aleksandr Didenko
3b816ee660 Update playbooks to support new netchecker 
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
 2017-02-07 15:20:34 +01:00
Matthew Mosesohn
7a9161d462 Prevent dynamic port allocation in nodePort range 
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
 2017-02-06 20:01:16 +03:00
Sergii Golovatiuk
8503a5afea Improve Weave 
- Remove weave CPU limits from .gitlab-ci.yml. Closes: #975
- Fix weave version in documentation

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-06 13:24:40 +01:00
Antoine Legrand
edcd91f7f6 Merge pull request #963 from rutsky/bastion-ansible-host 
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
 2017-02-04 15:42:39 -05:00
Brad Beam
8218b9970f Adding EFK logging stack 2017-02-03 16:27:08 -06:00
Bogdan Dobrelya
e53d3fe9c8 Merge pull request #949 from vmtyler/master 
Fixes Support for OpenStack v3 credentials
 2017-02-03 12:22:00 +01:00
Vladimir Rutsky
1711530cd4 handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration 
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
 2017-02-02 18:34:53 +03:00