Matthew Mosesohn
21d648ad36
Disable kube_proxy_masquerade_all
...
Fixes #1012
2017-02-10 13:16:39 +03:00
Matthew Mosesohn
298847ffa3
Merge pull request #1010 from bogdando/fixes
...
Fix misleading HA docs
2017-02-10 13:01:29 +03:00
Bogdan Dobrelya
0ddcc74412
Merge pull request #1002 from code0x9/master
...
use ansible sysctl module for config ip forwarding
2017-02-10 10:40:18 +01:00
Bogdan Dobrelya
22cae3c361
Fix misleading HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-10 10:28:27 +01:00
Alexander Block
aeb12fdc10
Add kernel upgrade for CentOS
2017-02-10 09:29:12 +01:00
Matthew Mosesohn
cfe50795e2
Enable reset of dnsmasq if manifest or config changes
2017-02-10 10:40:07 +04:00
Matthew Mosesohn
14e10988fc
Merge pull request #989 from holser/kubelet_remedy
...
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Matthew Mosesohn
729bf56910
Merge pull request #1004 from galthaus/kubelet-load-modules
...
Allow kubelet to load kernel modules
2017-02-10 09:28:16 +03:00
Matthew Mosesohn
c4594022ca
Add CI cases for testing upgrade from v2.0.1 release
...
These are manual trigger jobs, but should be run if any PR
impacts upgrades.
2017-02-10 10:20:58 +04:00
Matthew Mosesohn
9514f32135
Merge pull request #1006 from mattymo/fix_weave_upgrade
...
Enable weave upgrade from previous versions
2017-02-10 09:03:49 +03:00
Antoine Legrand
8898dcda22
Merge pull request #1001 from idcrook/kargo-issue-1000-efk-enable
...
removed explicit role for efk in cluster.yml
2017-02-10 03:03:18 +01:00
Sergii Golovatiuk
c0d2cca45d
Kubernetes Reliability Improvements
...
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
node-monitor-period, pod-eviction-timeout for Kubernetes controller
manager
- Add Kubernetes Relaibility Documentation with recomendations for
various scenarios.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-09 23:54:08 +01:00
Matthew Mosesohn
e0cfea02bf
Enable weave upgrade from previous versions
...
Raise readiness probe initial time to 60 (was 30)
2017-02-09 21:39:31 +03:00
Matthew Mosesohn
372c5beadd
Merge pull request #1005 from rutsky/patch-2
...
fix kube_apiserver_ip/kube_apiserver_port description
2017-02-09 21:08:15 +03:00
Vladimir Rutsky
c1c94c5d21
fix kube_apiserver_ip/kube_apiserver_port description
2017-02-09 21:47:36 +04:00
Matthew Mosesohn
b68afe7efa
Merge pull request #998 from mattymo/fix_upgrade_daemonsets
...
Fix upgrade for all daemonset type resources
2017-02-09 20:02:21 +03:00
Greg Althaus
d6f1f0c88b
Make kubelet_load_modules always present but false.
...
Update code and docs for that assumption.
2017-02-09 10:25:44 -06:00
Greg Althaus
8f00a07bf6
Due to the nsenter and other reworks, it appears that
...
kubelet lost the ability to load kernel modules. This
puts that back by adding the lib/modules mount to kubelet.
The new variable kubelet_load_modules can be set to true
to enable this item. It is OFF by default.
2017-02-09 10:02:26 -06:00
Matthew Mosesohn
b5cfeca474
Merge pull request #999 from holser/decrease_weave_ram_limits
...
Lower weave RAM settings.
2017-02-09 13:19:12 +03:00
Mark Lee
331957c9a8
follow sysctl.conf file symlink if linked
2017-02-09 18:16:52 +09:00
Mark Lee
224e6acb3a
use ansible sysctl module for config ip forwarding
2017-02-09 17:28:44 +09:00
Bogdan Dobrelya
93c562b1bb
Merge pull request #902 from insequent/master
...
Adding vault role
2017-02-09 09:24:52 +01:00
Bogdan Dobrelya
d0f4ab3129
Merge pull request #993 from code0x9/master
...
enable proxy support on docker repository
2017-02-09 09:21:01 +01:00
David Crook
395fee8dbd
removed explicit role for efk in cluster.yml
2017-02-08 20:48:28 -07:00
Antoine Legrand
35a7ad55d0
Merge pull request #986 from vwfs/dnsmasq_system_nameservers
...
Also add the system nameservers to upstream servers in dnsmasq
2017-02-08 23:21:54 +01:00
Antoine Legrand
d28d118b3e
Merge pull request #984 from rutsky/patch-2
...
fix typo: "explicetely"
2017-02-08 23:19:01 +01:00
Josh Conant
764ad6e099
Vault security hardening and role isolation
2017-02-08 21:41:36 +00:00
Josh Conant
1025d489ad
Adding the Vault role
2017-02-08 21:31:28 +00:00
Sergii Golovatiuk
bde4d11a4a
Lower weave RAM settings.
...
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
to continue using g1-small for CI
2017-02-08 18:50:36 +01:00
Matthew Mosesohn
2d1109e09e
Fix upgrade for all daemonset type resources
...
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
2017-02-08 18:16:00 +03:00
Alexander Block
94d9f03ddb
Also add the system nameservers to upstream servers in dnsmasq
...
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
2017-02-08 14:38:55 +01:00
Matthew Mosesohn
0ea7f94b0c
Merge pull request #994 from mattymo/docker_save
...
Change docker save compress level to 1
2017-02-08 15:13:15 +03:00
Matthew Mosesohn
ce3bee4eb8
Merge pull request #990 from mattymo/fix_cert_upgrade
...
Fix check for node-NODEID certs existence
2017-02-08 14:44:09 +03:00
Matthew Mosesohn
94407f86ff
Merge pull request #971 from bradbeam/efk
...
Adding EFK logging stack
2017-02-08 14:28:04 +03:00
Mark Lee
3cc9693895
Update rh_docker.repo.j2
2017-02-08 20:03:51 +09:00
Matthew Mosesohn
3c7952d7f1
Merge pull request #992 from vwfs/host_mount_dev
...
Host mount /dev for kubelet
2017-02-08 13:45:22 +03:00
Matthew Mosesohn
a4caceedef
Change docker save compress level to 1
...
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
2017-02-08 13:25:11 +03:00
Mark Lee
5a2de36a55
Merge branch 'master' of https://github.com/kubespray/kargo
2017-02-08 19:19:26 +09:00
Mark Lee
8783cef044
enable proxy support on docker repository
2017-02-08 19:19:08 +09:00
Matthew Mosesohn
0de857a18a
Merge pull request #987 from mattymo/etcd-retune
...
Re-tune ETCD performance params
2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
320d03c01c
Merge pull request #956 from adidenko/update-netchecker
...
Update playbooks to support new netchecker
2017-02-08 10:09:46 +01:00
Alexander Block
08367f4abb
Host mount /dev for kubelet
2017-02-08 09:55:51 +01:00
Matthew Mosesohn
012bc49404
Fix check for node-NODEID certs existence
...
Fixes upgrade from pre-individual node cert envs.
2017-02-07 21:06:48 +03:00
Matthew Mosesohn
ad2e1e10bf
Re-tune ETCD performance params
...
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
2017-02-07 20:15:14 +03:00
Matthew Mosesohn
7bfade0fbb
Merge pull request #969 from mattymo/port_reserve
...
Prevent dynamic port allocation in nodePort range
2017-02-07 18:24:57 +03:00
Aleksandr Didenko
3b816ee660
Update playbooks to support new netchecker
...
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn
94c1b09ebd
Merge pull request #976 from holser/bug/975
...
Improve Weave
2017-02-06 22:48:13 +03:00
Vladimir Rutsky
6e387c8296
fix typo: "pubilcally"
2017-02-06 21:35:02 +04:00
Vladimir Rutsky
8cb3599a95
fix typo: "explicetely"
2017-02-06 21:29:11 +04:00
Matthew Mosesohn
7a9161d462
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00