C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
4408 commits 17 branches 66 tags 141 MiB
Commit graph

2800 commits

Author SHA1 Message Date
Rabi Mishra 5a1cf19278 Install cri-tools on fedora (#4350) 2019-04-20 06:29:40 -07:00
Matthew Mosesohn 05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) 
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
 2019-04-19 06:01:54 -07:00
Aleksey Kasatkin d0e628911c Add sha256 hashes for calicoctl v3.6.1 (#4580) 
Hashes are added to calicoctl_binary_checksums for both adm and arm platforms.
 2019-04-19 05:45:55 -07:00
Andreas Krüger 656633f784 YAMLLint everything (#4576) 2019-04-18 23:59:54 -07:00
Victor Morales f5aec8add4 Fix runc absolute path (#4542) 
The BINDIR variable defined on the runc's Makefile[1] defines
installation path is on $(PREFIX)/sbin which used for most of the
Linux distributions. This change fixes the absolute path used for
non-ClearLinux distributions (CentOS, Ubuntu).

[1] https://github.com/opencontainers/runc/blob/master/Makefile#L10
 2019-04-18 15:41:58 -07:00
Maxime Guyot f92309bfd0 Fix ansible-lint for ceph package (#4568) 2019-04-18 13:45:25 -07:00
Victor Morales c6586829de Ensure /etc/bash_completion.d/ folder exists (#4543) 
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.

[1] https://clearlinux.org/features/stateless
 2019-04-18 02:24:10 -07:00
Maxime Guyot b218e17f44 ansible-lint: E403 Package installs should not use latest (#4500) 2019-04-18 01:34:08 -07:00
Maxime Guyot a6dc50e7cb Add host information for canal readiness probe (#4548) 2019-04-17 10:22:02 -07:00
Maxime Guyot 37eac010c8 ansible-lint: Don’t compare to literal True/False (#4499) 2019-04-17 08:42:03 -07:00
Maxime Guyot ec3daedf9e Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320)" (#4553) 
This reverts commit 586ad89d50.
 2019-04-17 07:58:06 -07:00
Jugwan Eom d83181a2be add RBD Provisioner Addon (#3667) (#3668) 
Based on the CephFS Provisioner Addon, the following changes have been made:
 - Upstream v2.1.1-k8s1.11
 - Configurable Provisioner replicas
 2019-04-16 23:14:02 -07:00
andreyshestakov 78f6f6b889 Mark "Calico | Set global as_num" as "unchanged" (#4539) 
This command executes with "--skip-exists" parameter, so it is idempotent
and should not be marked as "changed".
 2019-04-16 09:31:11 -07:00
Matthew Mosesohn c5fb734098 Switch calicoctl from a container to a binary (#4524) 2019-04-15 04:24:04 -07:00
Matthew Mosesohn d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode (#4317)" (#4510) 
This reverts commit 316508626d.
 2019-04-11 12:52:43 -07:00
Matthew Mosesohn 316508626d Use K8s 1.14 and add kubeadm experimental control plane mode (#4317) 
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
 2019-04-11 05:30:13 -07:00
Maxime Guyot 46ba6a4154 ansible-lint: when lines should not include Jinja2 variables (#4496) 2019-04-11 03:06:10 -07:00
Andreas Krüger 4ff851b302 Enable nodelocaldns by default (#4461) 
* Enable nodelocaldns by default

* Enable nodelocaldns by default

* nodelocaldns is now default

* Disable enable_nodelocaldns for the addons CI jobs

Disable enable_nodelocaldns for the addons CI jobs to make sure things still work without nodelocaldns
 2019-04-11 00:24:08 -07:00
Qasim Sarfraz 3af90f8772 disable cloud-routes for non-cloud plugin (#4443) 2019-04-10 23:50:09 -07:00
Andreas Krüger 9032e271f1 Upgrade CoreDNS to 1.5.0 (#4494) 2019-04-10 13:40:08 -07:00
Andreas Krüger 15597aa493 Do not force TCP connections to upstreams. (#4492) 2019-04-10 12:40:09 -07:00
Sergey 3b9d13fda9 Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. (#4489) 2019-04-10 12:20:08 -07:00
Andreas Krüger 5e0249ae7c Add HAProxy as internal loadbalancer (#4480) 2019-04-10 05:56:18 -07:00
Maxime Guyot 353afa7cb0 Fix ipip: false in calico v3 (#4473) 2019-04-10 05:50:15 -07:00
Neven Miculinic a30ad1e5a5 Added generic CNI network plugin (#4322) 
* Added generic CNI network plugin

* Added CNI network plugin documentation

* added necessary fix
 2019-04-10 04:16:15 -07:00
Robert Neumann 586ad89d50 Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320) 
* Fix the file path for all.yml and k8s-cluster.yml

* Fix --node-labels namespace error "unknown labels specified"

* Update templates and configs kubelet node-labels
 2019-04-10 04:14:12 -07:00
Sidharth Anupkrishnan 6caa639243 Update CoreDNS label as specified in the kubernetes coredns repository (#3920) 2019-04-10 04:12:13 -07:00
MarkusTeufelberger d2a1ac3b0c Add Ansible-lint CI step (#4411) 
* Add ansible-lint as gitlab-ci step

* Fix jinja2 syntax in include_tasks that breaks ansible-lint

* Use a block scalar to get around gitlab quoting/escaping rules

* Run ansible-lint in verbose mode in CI
 2019-04-10 02:04:16 -07:00
André R. de Miranda 097806dfe8 Added tag kube-proxy (#4272) 
Signed-off-by: André R. de Miranda <andre@miranda.work>
 2019-04-09 05:25:06 -07:00
Abdulaziz AlMalki 7cdf1fd388 quote values for kube_oidc_groups_prefix and kube_oidc_username_prefix values to accept colon, e.g oidc: (#4305) 
This will fix error: error converting YAML to JSON: yaml: line 36: mapping values are not allowed in this context

Signed-off-by: Abdulaziz AlMalki <almalki.a@gmail.com>
 2019-04-09 05:23:06 -07:00
Andreas Krüger aa162b0d5d Update kube-router to 0.2.5 (#4469) 2019-04-09 03:37:04 -07:00
Maxime Guyot b15f3e182d add default routing to canal and disable bird checks (#4468) 
Co-Author: Paweł Skrzyński
 2019-04-09 02:45:07 -07:00
Andreas Krüger 4d39c1856e Fix jinja filters (#4470) 2019-04-09 02:19:06 -07:00
Maxime Guyot 913fed0089 kubeadmn init: add 'until' to make 'retries' effective (#4464) 
an 'until' clause is required or 'retries' is ignored

(see note @ https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#do-until-loops)
 2019-04-09 00:21:04 -07:00
Markos Chandras 12c6b5c3eb openSUSE: Use Leap 15.0 instead of 42.3 (#4442) 
* Vagrantfile: Bump openSUSE to Leap 15.0

* roles: container-engine: Add 'containerd' package for openSUSE

The 'containerd' package contains the docker-containerd and
docker-containerd-shim binaries. We also need to ensure that the latest
version is installed since an older version may already be present (eg GCE
images)

* Remove docker log-opts for opensuse

* roles: bootstrap-os: Use lowercase 'o' for openSUSE

OpenSUSE is not a valid family name. The correct one is openSUSE

* roles: bootstrap-os: Update zypper cache before first installation

The zypper cache may be outdated so ensure that it's fully updated
before we try and install the bootstrap packages.
 2019-04-09 00:17:05 -07:00
rptaylor f52584a715 robust handling of API server SANs (#4435) 
* robust handling of API server SANs

* use apiserver_loadbalancer_domain_name if it is defined, according to PR 3977
 2019-04-08 08:10:35 -07:00
Erwan Miran 09bbdadcee remove nodelocaldns iface on reset (#4460) 2019-04-08 02:26:25 -07:00
Xinghong Fang d711a0c83f [nodelocaldns] expand tolerations on the daemonset (#4451) 2019-04-08 02:24:26 -07:00
Andreas Krüger d18ad63e49 Update nginx to 1.15. Update manifest and performance optimize (#4458) 2019-04-08 02:02:29 -07:00
Maxime Guyot 8947614d97 Upgrade to etcd v3.2.26 (#4444) 2019-04-08 00:34:25 -07:00
Victor Morales 7e4f4a96fc Replace iteritems() to items() in Jinja2 templates (#4437) 
The iteritems() dictionary's method has been removed in Python3. Using
this method in Jinja2 templates limits the execution to Python2 which
will be deprecated in 2020[1]. This change replaces that method for
the items() method as it's suggested in the official website[2].

[1] https://pythonclock.org/
[2] https://docs.ansible.com/ansible/latest/user_guide/playbooks_python_version.html#dict-iteritems
 2019-04-08 00:32:26 -07:00
MarkusTeufelberger 301a371efe Update pypy3 on CoreOS to 7.0.0 (#4456) 2019-04-08 00:28:24 -07:00
Maxime Guyot 1a6df84c7a Upgrade to Helm 2.13.1 (#4445) 2019-04-07 07:04:25 -07:00
Maxime Guyot 8ad74404c9 Remove bash-completion (#4431) 2019-04-05 01:23:22 -07:00
Maxime Guyot 1ce2f04f47 allow Suse OS family (#4430) 2019-04-04 03:02:51 -07:00
Xavi 20b12751af add Cinder allowVolumeExpansion option (#4415) 2019-04-04 02:36:50 -07:00
Maxime Guyot adca353fe9 Use docker.io for calico (#4253) 2019-04-04 01:20:49 -07:00
Andreas Krüger 7a72e567d5 Update CoreDNS to 1.4.0 (#4422) 
* Update CoreDNS to 1.4.0

* Update readme to reflect CoreDNS update
 2019-04-04 00:40:50 -07:00
Andreas Krüger 3c050be0b0 Update nodelocaldns cache settings (#4423) 2019-04-04 00:38:51 -07:00
Andreas Krüger 41e684eb5a Update DNS Autoscaler to 1.4.0 (#4425) 
* Update DNS Autoscaler

* Update downloads too

* Fix yamllint

* Fix yamllint
 2019-04-04 00:36:51 -07:00
Sergey 55890e1b82 keep compatibility as it was before (#4268) 2019-04-03 01:39:42 -07:00
Sergey 1e524c68d5 remove our config if docker start failed (#4260) 2019-04-03 01:37:44 -07:00
Sergey 740d8b0a26 enable kubelet client certificate rotation (#4081) 
* enable kubelet client certificate rotation

* change to variable kubelet_rotate_certificates
 2019-04-03 01:35:44 -07:00
Gautam Divgi a8dd69cf17 Fixed cleanup-docker-orphans.sh to use docker-containerd-shim and containerd-shim (#4418) 2019-04-02 09:11:21 -07:00
Matthew Mosesohn 4fe2aa6bf7 Use install_cni init container for cni copy for calico/canal (#4416) 2019-04-02 03:32:36 -07:00
Chad Swenson 5d5c9cab19 Speed up old docker package removal (#4408) 
Both the `yum` and `apt` modules support a list as input, this allows us avoid the slower `with_items` approach, which can take a long time with a large count of cluster nodes.
 2019-04-01 15:08:35 -07:00
Matthew Mosesohn 5f12b7aedf Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) 
Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.
 2019-04-01 12:32:34 -07:00
Bort Verwilst d71590bbd0 add 1.14.0 checksum, remove 1.11.* checksums (#4401) 2019-04-01 07:16:33 -07:00
ml 483f1d2ca0 Calico felix - Fix jinja2 boolean condition (#4348) 
* Fix jinja2 boolean condition

* Convert all felix variable to booleans instead.
 2019-03-29 16:07:09 -07:00
Dmitry Chepurovskiy 0440e45d65 Fix supplementary_addresses rendering error (#4403) 2019-03-29 00:26:13 -07:00
Stefan Prietl 2fb27c8521 Use static files in KubeDNS templating task (#4379) 
This commit adapts the "Lay Down KubeDNS Template" task to use the static
files moved by pull request [1]

[1] https://github.com/kubernetes-sigs/kubespray/pull/4341
 2019-03-28 06:26:43 -07:00
Qasim Sarfraz f17f4ff963 Fix bootsrap-os role, failing to create remote_tmp (#4384) 
* Fix bootsrap-os role, failing to create remote_tmp

* use ansible_remote_tmp hostvar
 2019-03-28 06:24:43 -07:00
Sergey e9c34fe038 Default values for variable dns_servers and dns_domain are set in two files: (#3999) 
values from inventory in roles/kubespray-defaults/defaults/main.yml
hardcoded values in roles/container-engine/defaults/main.yml

dns_servers set empty in roles/container-engine/defaults/main.yml and skydns_server not set in docker_dns_servers variables
also set default value for manual_dns_serve

another variables in roles/container-engine/defaults not need to set
 2019-03-28 06:22:44 -07:00
Dmitry Chepurovskiy 669ab10c17 Added livenessProbe for local nginx apiserver proxy liveness probe (#4222) 
* Added configurable local apiserver proxy liveness probe

* Enable API LB healthcheck by default

* Fix template spacing and moved healthz location to nginx http section

* Fix healthcheck listen address to allow kubelet request healthcheck
 2019-03-28 06:20:46 -07:00
Qasim Sarfraz 0a3cf1a087 Fix CA cert environment variable for ectd v3 (#4381) 2019-03-28 00:18:43 -07:00
Bart Verwilst 0efa3e6392
Upgrade to k8s 1.13.5 2019-03-27 11:16:21 +01:00
Matthew Mosesohn 6d7f3c4405 Reduce jinja2 filters in coredns templates (#4390) 2019-03-26 11:09:17 -07:00
Etienne d0ae316934 Use proxy_env with kubeadm phase commands (#4325) 2019-03-26 03:03:19 -07:00
Matthew Mosesohn b7fd462944 Fix support for ansible 2.7.9 (#4375) 2019-03-20 11:29:42 -07:00
Matthew Mosesohn ec08303f82 Revert "Fix #4237: update kube cert path (#4354)" (#4369) 
This reverts commit ea7a6f1cf1.

This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
 2019-03-20 05:56:57 -07:00
Dmitry Chepurovskiy ea7a6f1cf1 Fix #4237: update kube cert path (#4354) 2019-03-17 23:55:11 -07:00
Matthew Mosesohn 150a969cf4
Forcefully delete pods when necessary (#4328) 
Pods on down/unresponsive nodes can't be deleted without
--force --grace-period=0.

Fixes #4314
 2019-03-14 07:45:46 -07:00
Manuel Cintron 3c4cbf133e Adding ability to override dashboard replica count (#4344) 2019-03-13 13:58:25 -07:00
Matthew Mosesohn fd2c47b56a Move most coredns templates to static files (#4341) 
* Move most coredns templates to static files

This should speed up the task slightly

* yaml lint fixes
 2019-03-12 21:17:31 -07:00
Bort Verwilst 33024731e4 Upgrade to k8s 1.13.4 (#4319) 2019-03-06 23:16:56 -08:00
chadswilson d469282f1c add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) 
* add blockSize to IPPool spec for Calico >= v3.3.0

* fix "cidr" spec in Calico IPPool resource for my PR
 2019-03-06 12:42:48 -08:00
Matthew Mosesohn acbf3db233 Remove hard dependence on facts for all nodes (#4304) 
* Remove hard dependence on facts for all nodes

* Update main.yaml

* Update main.yaml
 2019-03-05 03:04:39 -08:00
Matthew Mosesohn adf6a7121f Reenable set_facts task for dns_late (#4312) 2019-03-01 05:39:30 -08:00
Bort Verwilst bbfd2dc2bd Add 1.12.6, sort arm64 descending (#4308) 
* Add 1.12.6, sort arm64 descending

* remove 1.10.x checksums (EOL anyways)
 2019-02-28 05:55:19 -08:00
Matthew Mosesohn 4fe61968cf Set default value for local_path_provisioner_enabled in role (#4309) 2019-02-28 05:36:08 -08:00
Anupam Basak 9e8e069b23 remove kube bridge on reset (#4250) 2019-02-26 00:32:00 -08:00
Peter Metz 26ca58419f feat(external-provisioner): adds support for local-path-provisioner (#4232) 
* feat(external-provisioner/local-path-provisioner): adds support for local path provisioner

Helpful for local development but also in production workloads (once the
permission model is worked out) where you have redundancy built into the
software uses the PVCs (e.g. database cluster with synchronous
replication)

* feat(local-path-provisioner): adds debug flag, image tag group var

* fix(local-path-provisioner): moves image repo/tag to download role

* test(gce_centos7-flannel): enables local-path-provisioner in test case

* fix(addons): add image repo/tag to commented default values

* fix(local-path-provisioner): typo in jinja template for local path provisioner

* style(local-path-provisioner): debug flag condition re-formatted

* fix(local-path-provisioner): adds missing default value for debug flag

* fix(local-path-provisioner): syntax fix for debug if condition end

* fix(local-path-provisioner): jinja template syntax: if condition white space
 2019-02-25 22:45:30 -08:00
hikoz 67832aada9 changed_when:false (#4189) 2019-02-25 20:09:30 -08:00
hikoz 3d25b4dfc1 30MiB for gpu-device-plugin (#4227) 
* 30MiB for gpu-device-plugin

* use vars for easier configuration
 2019-02-25 20:03:53 -08:00
Wong Hoi Sing Edison 1c12c19150 weave: Upgrade to 2.5.1 (#4248) 
Upstream Changes:

  - weave 2.5.1 (https://github.com/weaveworks/weave/releases/tag/v2.5.1)

Our Changes:

  - Sync templates with upstream changes
 2019-02-25 20:02:00 -08:00
Ryler Hockenbury 88249308a0 Add labels to vsphere cloud config (#4275) 2019-02-25 19:58:15 -08:00
Gabor Lekeny b4aaa7b908 Speed up tasks (#4278) 
* fact gathering should run only once per node
* eliminate ansible version check, it is at the beginning of each
  playbook
 2019-02-25 19:56:23 -08:00
Vasilis Remmas 81801ce23b Add master toleration flag in dashboard deployment (#4290) 2019-02-25 19:34:47 -08:00
Etienne 7dfa39483f Make container storage repository configurable (#4284) 2019-02-25 19:29:32 -08:00
Matthew Mosesohn b07641c3f3 Move kube_proxy_remove out of set_facts and set default (#4180) 2019-02-25 00:08:06 -08:00
Matthew Mosesohn 4638acfe81 Retry applying podsecurity policies (#4279) 2019-02-24 22:50:55 -08:00
Kaoet aadef80404 Upgrade to latest version of ubuntu-nvidia-driver-installer. (#4296) 
The lastest version of ubuntu-nvidia-driver-installer contains a fix for
https://github.com/GoogleCloudPlatform/container-engine-accelerators/issues/90
which causes the installer pod to crash when driver is already loaded.
 2019-02-24 22:22:48 -08:00
Frank Ritchie 9805fb7a34 Add flexvolume plugin dir to kubeadm kubelet (#4168) 
This was already approved in #4106 but there are CI issues
with that PR due to references to kubernetes incubator.

After upgrading to Kubespray 2.8.1 with Kubeadm enabled Rook
Ceph volume provision failed due to the flexvolume plugin dir not
being correct. Adding the var fixed the issue
 2019-02-20 15:02:02 -08:00
Maxime Guyot 323d788f48 Add support for --enable-skip-login in Dashboard (#4265) 2019-02-19 23:24:29 -08:00
Abdulaziz AlMalki eafab9636f fix wrong indent of oidc-username-prefix and oidc-groups-prefix in kubeadm config template (#4263) 2019-02-19 23:22:32 -08:00
Seungkyu Ahn 107bfb259a This PS is to fix the bug when Workers can't join the cluster (#4276) 
because of etc-kubernetes-manifests not empty.
 2019-02-19 22:13:59 -08:00
Rong Zhang d4a36aa55b
Merge pull request #4027 from riverzhang/kube-proxy 
Add update server field in kube-proxy kubeconfig
 2019-02-20 13:41:06 +08:00
Manuel Cintron 07b2894080 Adding ability to maintain existing Encryption Secrets at Rest. (#4255) 
* Adding ability to maintain existing Encryption Secrets at Rest.

If secrets_encryption.yaml is present it will not be overriten with a new kube_encrypt_token.

This should allow for it to be set ahead of a playbook running or maintain it if cluster.yml is ran on the same cluster and the ansible host does not have access to the secrets.

* Setting existing kube_encrypt_token across all master nodes in case it was missing in one or more nodes.
 2019-02-19 07:31:45 -08:00
Florent Monbillard 802ac377b8 Fix typo in task description (#4243) 2019-02-19 06:06:29 -08:00
Kaoet 23685b4537 Add image tag in "pause" container of nvidia driver installer. (#4247) 2019-02-17 21:02:30 -08:00