C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3926 commits 17 branches 66 tags 141 MiB
Commit graph

367 commits

Author SHA1 Message Date
Wong Hoi Sing Edison
32fdfbcd5a cephfs-provisioner: Upgrade to v2.1.0-k8s1.11 
Upstream Changes:

-   cephfs-provisioner v2.1.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.1.0-k8s1.11)

Our Changes:

-   Sync clusterrole and role with upstream changes
 2018-09-02 11:51:28 +08:00
Antoine Legrand
2f1fe44762 update images to use arch 2018-08-31 13:45:08 +02:00
k8s-ci-robot
d14394c691
Merge pull request #3185 from mirwan/helm_install_docker_insecureport_0 
Mount /root/.kube to helm container
 2018-08-30 08:11:33 -07:00
k8s-ci-robot
f48468b83b
Merge pull request #3195 from mirwan/fix_psp_templates 
Fix some addons when PodSecurityPolicy is enabled
 2018-08-30 03:37:52 -07:00
Erwan Miran
ceb97e5809 Fix wrong syntax for jinja sub list extraction and addition of missing role template 2018-08-29 12:58:10 +02:00
Robin Elfrink
bbdd1c8f06 Add option to change the Tiller Deployment namespace. 2018-08-29 11:20:41 +02:00
Arslanbekov Denis
fe1e758856 Up dashboard version to 1.10.0 2018-08-28 14:10:19 +03:00
Erwan Miran
b652792a93 /root/.kube must to mounted in order for helm to read kubeconfig and not fallback to localhost:8080 2018-08-27 18:17:26 +02:00
k8s-ci-robot
d6f4d10075
Merge pull request #3153 from alvistack/remove-image_tag-suffix 
Remove *_image_tag suffix from ReplicaSet/Deployment
 2018-08-25 04:42:19 -07:00
Antoine Legrand
4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller 
Cloud provider support for OCI (Oracle Cloud Infrastructure)
 2018-08-23 18:22:45 +02:00
Aivars Sterns
23fd3461bc calico upgrade to v3 (#3086) 
* calico upgrade to v3

* update calico_rr version

* add missing file

* change contents of main.yml as it was left old version

* enable network policy by default

* remove unneeded task

* Fix kubelet calico settings

* fix when statement

* switch back to node-kubeconfig.yaml
 2018-08-23 17:17:18 +03:00
Erwan Miran
a6a14e7f77 create the service account and roles even if the rbac is not enabled. it will just be ignored 2018-08-22 18:17:11 +02:00
Erwan Miran
80cfeea957 psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true 2018-08-22 18:16:13 +02:00
Wong Hoi Sing Edison
c3b3572025 Always create service account even rbac_enabled = false 2018-08-22 11:41:29 +08:00
Wong Hoi Sing Edison
f897596844 Remove *_image_tag suffix from ReplicaSet/Deployment 2018-08-22 11:02:56 +08:00
Jeff Bornemann
94df70be98 Cloud provider support for OCI (Oracle Cloud Infrastructure) 
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
 2018-08-21 17:36:42 -04:00
Andreas Krüger
b3e32c1393
Merge pull request #3094 from hedayat/master 
Add --dns-loop-detect to dnsmasq used in kube-dns
 2018-08-20 09:27:15 +02:00
rongzhang
35efc387c4 Fix pull dns image error 2018-08-19 22:47:17 +08:00
Antoine Legrand
c36744e96d
Merge pull request #3120 from alvistack/cephfs-provisioner-v2.0.0-k8s1.11 
cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
 2018-08-17 22:11:15 +02:00
Antoine Legrand
26bf719a02
Merge branch 'master' into multi-arch-support 2018-08-17 16:35:50 +02:00
Wong Hoi Sing Edison
1a07c87af7 cephfs-provisioner: Upgrade to v2.0.0-k8s1.11 
Upstream Changes:

-   cephfs-provisioner v2.0.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.0.0-k8s1.11)
-   Update ClusterRole

Our Changes:

-   Fix typo in defaults/main.yml (rs -> deploy)
-   Manifests cleanup
 2018-08-17 12:41:56 +08:00
Wong Hoi Sing Edison
18612b3501 cert-manager: Upgrade to 0.4.1 
Upstream Changes:

-   cert-manager 0.4.1 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.1)

Our Changes:

-   Better templates sync with upstream manifests
-   Remove fancy resources requests/limits customization
 2018-08-16 08:47:01 +08:00
Chad Swenson
2c5781ace1
Merge pull request #2932 from wiremind/efk-fluentd-no-nodeselector 
fluentd daemonset: do not set old nodeSelector.
 2018-08-14 13:48:30 -05:00
Chad Swenson
0e3518f2ca
Merge pull request #2871 from fritchie/lptolerate 
Local volume provisioner: tolerate NoSchedule
 2018-08-14 13:39:57 -05:00
Chad Swenson
3a85a2f81c
Merge pull request #3080 from mirwan/netchecker_template_rendering_filename 
Netchecker manifests should not have j2 extension
 2018-08-14 13:24:16 -05:00
Hedayat Vatankhah
c0221c2e72 Add --dns-loop-detect to dnsmasq used in kube-dns 
It prevents DNS loops when host's DNS server is a localhost DNS server,
or when DNS server of cluster is also added as an upstream DNS server
 2018-08-12 20:36:33 +04:30
Anton Fayzrahmanov
95f1e4634a local-volume-provisioner: use mountPropagation HostToContainer and version bump (#3081) 
* Update local-volume-provisioner-ds.yml.j2

After v1.10.2 default mountPropagation is "None"

* local_volume_provisioner version bump

v2.1.0 uses the beta nodeAffinity API by default which is available starting 1.10

* Update local-volume-provisioner-ds.yml.j2

MY_NAMESPACE env

* Update README.md

Raw block devices docs.
 2018-08-10 17:14:34 +03:00
Cédric de Saint Martin
e3dcd96301 kubedns & kubedns-autoscaler: Stick to master nodes. (#2909) 
* kubedns & kubedns-autoscaler: Stick to master nodes.

 - Tolerate only master nodes and not any NoSchedule taint
 - Pods are on different nodes
 - Pods are required to be on a master node.

* kubedns: use soft nodeAffinity.

Prefer to be on a master node, don't require.

* coredns: Stick to (different) master nodes.

     - Pods are on different nodes
     - Pods are preferred to be on a master node.
 2018-08-09 10:42:53 -05:00
Erwan Miran
494ff9522b j2 extension should only be used for template filename, not target file on remote host 2018-08-09 11:29:45 +02:00
Rong Zhang
039180b2ca
Merge pull request #3022 from alvistack/weave-2.4.0 
weave: Upgrade to 2.4.0
 2018-08-09 15:01:05 +08:00
Rong Zhang
08dfb7b59f
Merge pull request #3073 from riverzhang/delete-istio 
Remove istio support
 2018-08-08 13:00:57 +08:00
rongzhang
ea6af449a8 Remove istio support 
Use helm install or support in future
 2018-08-08 11:10:09 +08:00
Mathieu Herbert
d285565475 Add tags for coredns and kubedns 2018-08-07 20:55:38 +02:00
Wong Hoi Sing Edison
538cb3b1bd weave: Upgrade to 2.4.0 
Upstream Changes:

-   weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0)
-   Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924)
-   Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305)
-   Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317)

Our Changes:

-   Revamp weave-net.yml.j2 with upstream changes
-   Add more variables for customization
-   Replace WEAVE_PASSWORD with k8s secret
-   Remove hard-corded seed mode support, in favor of variables customization
 2018-08-07 18:34:51 +08:00
Wong Hoi Sing Edison
17e335c6a7 ingress-nginx: Upgrade to 0.17.1 
Upstream Changes:

-   ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1)
-   Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705)
-   Remove --publish-service flag, in favor of DaemonSet + hostPort

Close #2998
Close #2999
 2018-08-07 18:31:08 +08:00
Rong Zhang
280d6cac1a
Merge pull request #2997 from alvistack/cert-manager-0.4.0 
cert-manager: Upgrade to 0.4.0
 2018-08-07 18:00:46 +08:00
Wong Hoi Sing Edison
0f400a113c cert-manager: Upgrade to 0.4.0 
Upstream Changes:

-   cert-manager 0.4.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.0)
 2018-08-07 14:29:28 +08:00
DBLaci
d43f09081e
Merge pull request #1 from kubernetes-incubator/master 
Follow upstream
 2018-08-01 16:34:10 +02:00
Alexandre Ardhuin
9b349a9049 Fix label of registry in README 2018-07-27 11:42:21 +02:00
DBLaci
b61c64a8ea token-ttl default value is int in seconds 2018-07-19 12:15:47 +02:00
DBLaci
cb91003cea dashboard_token_ttl option override possibility with default 2018-07-13 15:26:18 +02:00
Wong Hoi Sing Edison
a0defefb3f ingress-nginx: Upgrade to 0.16.2 
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2)

This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.

Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites:

    GCE/Google Kubernetes Engine deploys an ingress controller on the master.

By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.

If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
 2018-07-10 12:26:06 +08:00
Wong Hoi Sing Edison
62b1166911 cert-manager: Upgrade to 0.3.2 
Upstream Changes:

-   cert-manager 0.3.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.3.2)

Our Changes:

-   Remove legacy addon dir, manifests and namespace before upgrade
 2018-07-10 08:48:44 +08:00
Wong Hoi Sing Edison
728024e8ff cephfs-provisioner: Upgrade to 06fddbe2 
-   cephfs-provisioner 06fddbe2 (https://github.com/kubernetes-incubator/external-storage/tree/06fddbe2/ceph/cephfs)

Noteable changes from upstream:

-   Added storage class parameters to specify a root path within the backing cephfs and, optionally, use deterministic directory and user names (https://github.com/kubernetes-incubator/external-storage/pull/696)
-   Support capacity (https://github.com/kubernetes-incubator/external-storage/pull/770)
-   Enable metrics server (https://github.com/kubernetes-incubator/external-storage/pull/797)

Other noteable changes:

-   Clean up legacy manifests file naming
-   Remove legacy manifests, namespace and storageclass before upgrade
-   `cephfs_provisioner_monitors` simplified as string
-   Default to new deterministic naming
-   Add `reclaimPolicy` support in StorageClass

With legacy non-deterministic naming style (where $UUID are generated ramdonly):

-   cephfs_provisioner_claim_root: /volumes/kubernetes
-   cephfs_provisioner_deterministic_names: false
-   Generated CephFS volume: /volumes/kubernetes/kubernetes-dynamic-pvc-$UUID
-   Generated CephFS user: kubernetes-dynamic-user-$UUID

With new default deterministic naming style (where $NAMESPACE and $PVC are predictable):

-   cephfs_provisioner_claim_root: /volumes
-   cephfs_provisioner_deterministic_names: true
-   Generated CephFS volume: /volumes/$NAMESPACE/$PVC
-   Generated CephFS user: k8s.$NAMESPACE.$PVC
 2018-07-03 10:15:24 +08:00
Cédric de Saint Martin
a260412c7e fluentd daemonset: do not set arbitrary nodeSelector. 2018-06-25 15:19:56 +02:00
Rong Zhang
2ef05fb3b7
Merge pull request #2763 from ameukam/update_efk_stack 
Update efk stack
 2018-06-24 19:01:32 +08:00
Rong Zhang
e06d02365e
Merge pull request #2338 from southquist/template-openstack-storage-class 
allow for configurable openstack storage class
 2018-06-24 18:42:29 +08:00
Julien Mailleret
6aaaf4a272 Limit the maximum number of revisions saved per helm release (#2894) 
* Limit the maximum number of revisions saved per helm release
 2018-06-15 12:50:18 +02:00
Andreas Krüger
df279b1ff6
Merge pull request #2890 from drekle/bugfix/dns-domain-incorrect-for-coredns 
CoreDNS uses cluster_name instead of dns_domain
 2018-06-15 09:06:11 +02:00
Rong Zhang
0686b8452e
Merge pull request #2860 from alvistack/cert-manager-0.3.0 
cert-manager: Upgrade to v0.3.0
 2018-06-14 10:35:23 +08:00
Derek Lemon
1e98e8444e Using dns domain instead of cluster name for coredns, incase they differ 2018-06-13 18:52:35 +00:00
Wong Hoi Sing Edison
291dd1aca8 Fixup #2545, cephfs-provisioner: Individual Namespace for Add-on 2018-06-13 21:52:58 +08:00
Wong Hoi Sing Edison
38da0adead cert-manager: Upgrade to v0.3.0 2018-06-13 21:47:44 +08:00
Frank Ritchie
cfe939ff08 Tolerate NoSchedule by default 2018-06-11 20:10:13 -04:00
Wong Hoi Sing Edison
9f245dd9b2 ingress-nginx: Upgrade to 0.15.0 2018-06-08 16:05:15 +08:00
Di Xu
1081f620d2 add support for non-amd64 arch gcr.io images 
Currently all the gcr.io images used in kubespray can only run on x86.
Also gcr.io has not fully support multi-arch docker images.

Add extra var "image_arch" (default is amd64) to support running other
platforms, like arm64.

Change-Id: I8e1c9af533c021cb96ade291a1ce58773b40e271
 2018-06-05 17:29:02 +08:00
Julien Girardin
f88cd27686 Add dashboard url as part of kubectl cluster-info output 2018-05-28 11:46:11 +02:00
Miouge1
095d33bc51 Remove KPM support 2018-05-21 22:28:08 +02:00
rongzhang
742a8782dd Bump kube-dns to 1.14.10 
Upgrade kube-dns to 1.14.10
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns
 2018-05-15 03:29:10 +00:00
Arnaud Meukam
cd7c58e8d3 correct some indentation issues in the fluentd daemonset. 2018-05-14 19:56:18 +02:00
Arnaud Meukam
c75da43f22 add missing field in fluentd 2018-05-13 21:39:27 +02:00
Arnaud Meukam
65f14f636d remove support of other CRI runtimes than Docker in the efk stack 2018-05-13 18:37:36 +02:00
Arnaud Meukam
363627d9f8 serviceName added in elasticsearch. Required when a Statefulset is used 2018-05-13 14:23:37 +02:00
Arnaud Meukam
7950a49e28 update fluentd deployment and configmap 2018-05-11 18:56:14 +02:00
Arnaud Meukam
698da78768 update kibana docker image 2018-05-11 18:36:50 +02:00
Arnaud Meukam
ba320e918d update elasticsearch image 2018-05-11 18:22:44 +02:00
Andreas Krüger
414e420bd2
Merge pull request #2701 from desaintmartin/netchecker-update 
Update netchecker to v1.2.2.
 2018-04-30 10:55:18 +02:00
Cédric de Saint Martin
44cb126e7d Update netchecker to v1.2.2. 
Using official image from mirantis at dockerhub.
 2018-04-24 09:13:56 +02:00
Samuel Vandamme
296b92dbd4 Replaced 'mem' with 'memory/ in elasticsearch and kibana deployment 2018-04-18 11:25:29 +02:00
Wong Hoi Sing Edison
54beb27eaa cert-manager: Upgrade to v0.2.4 2018-04-17 12:08:10 +08:00
Matthew Mosesohn
49e3665d96
Remove prometheus operator from Kubespray (#2658) 
Kubespray should not install any helm charts. This is a task
that a user should do on his/her own through ansible or another
tool. It opens the door to wrapping installation of any helm
chart.
 2018-04-13 18:53:39 +03:00
Andreas Krüger
6c220e4e4b
Merge pull request #2495 from holmsten/rotate-provisioner-token 
Rotate local-volume-provisioner token
 2018-04-04 10:21:12 +02:00
Andreas Krüger
0f5ea5474c
Merge pull request #2593 from vterdunov/fix-check-vsphere_cloud_provider 
Properly check vsphere_cloud_provider.rc
 2018-04-03 20:35:59 +02:00
Wong Hoi Sing Edison
428a554ddb istio: container download related things should defined in the download role 2018-04-03 14:29:50 +08:00
vterdunov
4b98537f79
Properly check vsphere_cloud_provider.rc 2018-04-02 18:45:42 +03:00
Wong Hoi Sing Edison
b1a7889ff5 local-volume-provisioner: container download related things should defined in the download role 2018-04-02 13:50:11 +08:00
Wong Hoi Sing Edison
4f714b07b8 cephfs-provisioner: container download related things should defined in the download role 2018-04-01 20:35:44 +08:00
Wong Hoi Sing Edison
4c0e9ba890 registry: container download related things should defined in the download role 2018-04-01 06:51:57 +08:00
Andreas Krüger
deac627dc7
Merge pull request #2571 from hswong3i/ingress-nginx-download 
ingress-nginx: container download related things should defined in the download role
 2018-03-31 20:51:50 +02:00
bobahspb
16961f69f2
Merge branch 'master' into master 2018-03-31 21:48:39 +03:00
Wong Hoi Sing Edison
5fe144aa0f ingress-nginx: container download related things should defined in the download role 2018-04-01 00:22:33 +08:00
Wong Hoi Sing Edison
195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545) 
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
 2018-03-30 14:29:13 +03:00
Andreas Krüger
55195fe546
Merge pull request #2500 from gorazio/patch-1 
Add prometheus annotations to spec in ingress
 2018-03-30 11:02:31 +02:00
Vladimir Vasilkin
f0a04b4d65 wait 5 * 4 secs until Tiller starts 2018-03-30 00:09:36 +03:00
Vladimir Vasilkin
760ca1c3a9 adding checking for prometheus_operator_enabled 2018-03-29 23:03:43 +03:00
Vladimir Vasilkin
23b3833806 running on the first master only. 2018-03-29 22:51:46 +03:00
Kuldip Madnani
daeeae1a91 Added retries in pre-upgrade.yml and retries while applying kube-dns.yml (#2553) 
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml

* Removed trailing spaces
 2018-03-29 11:37:32 -05:00
Vladimir Vasilkin
19e1b11d98 prometheus operator, metrics for k8s cluster 
install using Helm:
- Prometheus Operator
- metrics for k8s cluster including: grafana dashboard, alertmanager, node exporters

base project:
https://github.com/coreos/prometheus-operator

the issue:
https://github.com/kubernetes-incubator/kubespray/issues/2042

Previous PR, raw ansible without Helm:
https://github.com/kubernetes-incubator/kubespray/pull/2499
 2018-03-28 21:23:30 +03:00
Andreas Krüger
03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role 
Dedicated node for ingress nginx controller
 2018-03-28 14:07:40 +02:00
Michael Zehrer
b8d1652baf
Remove kibana_base_url 
The default for kibana_base_url does not make sense an makes kibana unusable. The default path forces a 404 when you try to open kibana in the browser. Not setting kibana_base_url works just fine.
 2018-03-25 16:08:07 +02:00
Wong Hoi Sing Edison
206e24448b CephFS Provisioner Addon Fixup 2018-03-22 23:03:13 +08:00
Wong Hoi Sing Edison
bb1eb9fec8 Add labels for namespace 2018-03-22 21:33:32 +08:00
Keyvan Hedayati
b0d7115e9b hswong3i/kubespray#3: Use {{ cluster_name }} for valid FQDN in REGISTRY_HOST 2018-03-22 21:33:32 +08:00
Wong Hoi Sing Edison
f8ebd08e75 Registry Addon Fixup 2018-03-22 21:33:32 +08:00
gorazio
96e46c4209
bump after CLA signing 2018-03-20 10:23:50 +03:00
gorazio
aa30fa8009
Add prometheus annotations to spec in ingress 
Added annotations from metadata to spec.template.metadata. Without it, pod does not get any annotations, and Prometheus didn't see it
 2018-03-20 08:47:36 +03:00
Andreas Holmsten
14ac7d797b Rotate local-volume-provisioner token 
When tokens need to rotate, include local-volume-provisioner
 2018-03-19 13:04:18 +01:00
Sergey Bondarev
038da7255f check if group kube-ingress is not empty 
fix spelling mistaker ingress_nginx_host_network
set default value for ingress_nginx_host_network: false
 2018-03-19 12:59:38 +03:00
woopstar
f1d2f84043 Only apply roles from first master node to fix regression 2018-03-18 16:15:01 +01:00