C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4764 commits 17 branches 66 tags 141 MiB
Commit graph

210 commits

Author SHA1 Message Date
Sergey
14b1cab5d2
force rotate control plane certifcate on master node when upgrade cluster (#5596) 2020-02-10 06:09:54 -08:00
Matthew Mosesohn
5fab610fab Clean kubectl cache after upgrade on first master (#5479) 
Resolves issue where kubectl cache of <v1.16 api schema
interferes with interacting with daemonsets and deployments.

Change-Id: I63b7046958f2008eb144b6da0004c598f945e0ae
 2020-01-06 02:23:35 -08:00
Maxime Guyot
b15d41a96a Add support to Ansible 2.9 (#5361) 2019-12-05 07:24:32 -08:00
Matthew Mosesohn
18cee65c4b Add support for k8s v1.17.0-rc.1, remove hyperkube (#5378) 
Change-Id: I3fff04f0211cd9c2e8235acaf51c3aa98abc8bb7
 2019-11-28 05:41:03 -08:00
Yujun Zhang
aec5080a47 kubernetes/masters: fix task name in kubeadm setup (#5377) 2019-11-27 06:05:20 -08:00
Michael Shen
6924c6e5a3 [FIX] fix match because trim removes leading/trailing whitespace (#5356) 2019-11-19 22:35:18 -08:00
Matthew Mosesohn
85c851f519 scale down coredns on each master during graceful upgrade (#5344) 
This fixes the scenario where masters are upgraded one at a time
and coredns gets improperly scaled back up to 2 replicas.

Change-Id: I7cc9283f40efcfd61b5813c89a5805c95d901567
 2019-11-18 00:13:41 -08:00
Matthew Mosesohn
8b67159239 Do not run kubeadm upgrade on first deploy (#5339) 
Change-Id: I68a962a9dd28c83ef07eaeaf53eb98287f38bca9
 2019-11-14 02:05:34 -08:00
Matthew Mosesohn
db5040e6ea Set certs and files with kubeadm token to mode 0640 (#5325) 
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
 2019-11-11 05:41:41 -08:00
Matthew Mosesohn
471589f1f4 Scale down coredns created by kubeadm upgrade to 0 replicas (#5308) 
Change-Id: I128b0f9c1acbb956d9a6c4e5510b45a36e296af7
 2019-11-05 03:34:38 -08:00
Matthew Mosesohn
2864e13ff9 Reset between kubeadm secondary control plane join attempts (#5240) 
Change-Id: Ic9425bf90552d7e3d42b02409af9773d99376384
 2019-10-08 00:15:12 -07:00
Matthew Mosesohn
a43e0d3f95 Switch to Kubernetes v1.16.0 (#5189) 
* Switch to Kubernetes v1.16.0

Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158

* Fix download localhost cached file path

Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47

* fix kubeadm etcd for v1.16

Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2

* disable tf packet jobs

Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154

* Disable contiv packet jobs. Fix kube-router

Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d

* bump sonobuoy version

Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
 2019-10-02 02:21:07 -07:00
Matthew Mosesohn
6fe2248314 Use more native way to update kubeconfigs using kubeadm (#5165) 
Change-Id: I1076b418f85a26d9896be69910052128afc51cee
 2019-09-13 03:40:29 -07:00
Matthew Mosesohn
9b0f57a0a6 Adjust endpoints for kube-proxy,controller,scheduler to proper ip (#5150) 
Change-Id: I5aa009358bee7035922b5a10327997e47c9ba434
 2019-09-09 10:33:20 -07:00
Matthew Mosesohn
7cf8ad4dc7 Optionally refresh kubeadm token every time (#5043) 
Change-Id: I278cb14aa93abf20160cc001f69e2f472504e6d8
 2019-08-06 00:59:53 -07:00
Remous-Aris Koutsiamanis
02ec72fa40 Fix commands for using experimental kubeadm control plane (#5006) 2019-08-05 07:31:50 -07:00
Mark Janssen
f3df0d5f4a Always create bash_completion.d folder (#5039) 2019-08-04 18:15:48 -07:00
刘旭
fe29c97ae8 add ansible_hostname and ansible_fqdn to apiserver_sans (#4990) 2019-07-22 00:48:53 -07:00
Matthew Mosesohn
b15b6e834f fix parsing refresh of kubeadm cert key (#4971) 
* fix parsing refresh of kubeadm cert key

Change-Id: I4de2a1df6498790a80351b4bc7d88e6c9e470358

* Update kubeadm-secondary-experimental.yml
 2019-07-15 00:45:06 -07:00
Matthew Mosesohn
cdf9a9f4fc Generate certificate key before kubeadm control plane config (#4964) 2019-07-11 05:30:54 -07:00
Matthew Mosesohn
352297cf8d
Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 (#4952) 
* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0

Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e

* undo renaming cloud config file

Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
 2019-07-09 15:41:59 +03:00
okamototk
f2b8a3614d Use K8s 1.15 (#4905) 
* Use K8s 1.15

* Use Kubernetes 1.15 and use kubeadm.k8s.io/v1beta2 for
  InitConfiguration.
* bump to v1.15.0

* Remove k8s 1.13 checksums.

* Update README kubernetes version 1.15.0.

* Update metrics server 0.3.3 for k8s 1.15

* Remove less than k8s 1.14 related code

* Use kubeadm with --upload-certs instead of --experimental-upload-certs due to depricate

* Update dnsautoscaler 1.6.0

* Skip certificateKey if it's not defined

* Add kubeadm-conftolplane.v2beta2 for k8s 1.15 or later

* Support kubeadm control plane for k8s 1.15

* Update sonobuoy version 0.15.0 for k8s 1.15
 2019-07-02 01:51:08 -07:00
Matthew Mosesohn
465dfd68bc Fix empty kube_override_hostname in apiserver_sans (#4916) 
kubernetes/master role defines this value as an empty string
when using a cloud provider, not undefined. The check was updated
accordingly.

Change-Id: I58dc31ef4fd568a717a6753eb89ca687933018ae
 2019-06-25 08:00:37 -07:00
Matthew Mosesohn
73f45fbe94
Revert "Filter undefined SANs for apiserver cert (#4913)" (#4914) 
This reverts commit d270678bda.
 2019-06-25 06:56:00 -07:00
Matthew Mosesohn
d270678bda Filter undefined SANs for apiserver cert (#4913) 
Change-Id: I37442fb095fb4217f67f74744ad07c1d5d8229ea
 2019-06-25 05:54:36 -07:00
andreyshestakov
b5406b752d Add kube_override_hostname to kubeadm certs. (#4903) 2019-06-23 23:19:56 -07:00
Matthew Mosesohn
4348e78b24 Enable kubeadm etcd mode (#4818) 
* Enable kubeadm etcd mode

Uses cert commands from kubeadm experimental control plane to
enable non-master nodes to obtain etcd certs.

Related story: PROD-29434

Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178

* Add validation checks and exclude calico kdd mode

Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c

* Move etcd mode test to ubuntu flannel HA job

Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732

* rename etcd_mode to etcd_kubeadm_enabled

Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
 2019-06-20 11:12:51 -07:00
刘旭
a3a7fe7c8e fix start CoreDNS when init secondary master (#4867) 2019-06-11 04:56:18 -07:00
mervynzhang
a8dfcbbfc7 Switch /root references to ansible_env.HOME (#4842) 
* kube config dir for current/ansible become user

* remove extra /

* fix default value
 2019-06-06 02:06:11 -07:00
Andreas Krüger
1e470b0473 Fix certificate-key param for kubeadm init (#4789) 
* Fix certificate-key param for kubeadm init

* Fix yamllint error
 2019-05-22 02:06:11 -07:00
Florent Monbillard
8e28ba38d2 Add Load Balancer IP to API servers SANs (#4775) 
- Add loadbalancer_apiserver.address to apiserver_sans
 2019-05-16 01:23:42 -07:00
MarkusTeufelberger
e67f848abc ansible-lint: add spaces around variables [E206] (#4699) 2019-05-02 14:24:21 -07:00
Timoses
d6fd0d2aca Enable delegating all downloads (binaries, images, kubeadm images) (#4420) 
* Download to delegate and sync files when download_run_once

* Fail on error after saving container image

* Do not set changed status when downloaded container was up to date

* Only sync containers when they are actually required

Previously, non-required images (pull_required=false as
image existed on target host) were synced to the target
hosts. This failed as the image was not downloaded to
the download_delegate and hence was not available for
syncing.

* Sync containers when only missing on some hosts

* Consider images with multiple repo tags

* Enable kubeadm images pull/syncing with download_delegate

* Use kubeadm images list to pull/sync

'kubeadm config images pull' is replaced by collecting the images
list with 'kubeadm config images list' and using the commonly
used method of pull/syncing the images.

* Ensure containers are downloaded and synced for all hosts

* Fix download/syncing when download_delegate is a kubernetes host
 2019-05-01 01:10:56 -07:00
Matthew Mosesohn
15eb7db36d Fix k8s api endpoint for secondary nodes in control plane mode (#4675) 
Change-Id: I1588458b54c52443ad8d0afbd266f77ac0afea67
 2019-04-29 07:50:24 -07:00
Matthew Mosesohn
338eb4ce65 Fix kubeadm upload certs with when condition (#4659) 
* Fix kubeadm upload certs with when condition

Change-Id: I916dd2375b71eea2386047c7f185a2f8361f7a61

* Update kubeadm-secondary-experimental.yml
 2019-04-27 01:14:20 -07:00
Sergey Kolekonov
4a10dca7d4 Add an ability to provide oidc cert in base64 (#4618) 2019-04-24 09:40:01 -07:00
Matthew Mosesohn
4d57ed314d Clean up check for setting kubeadm certificate key (#4634) 
Change-Id: I2c97c4753089eb3ec2e6b01b2681a8be98ecbb57
 2019-04-24 07:14:12 -07:00
Matthew Mosesohn
fc072300ea Purge legacy cleanup tasks from older than 1 year (#4450) 
We don't need to support upgrades from 2 year old installs,
just from the last major version.

Also changed most retried tasks to 1s delay instead of longer.
 2019-04-24 00:08:05 -07:00
Matthew Mosesohn
d6d7458d68 Fix control plane setup without a hardcoded key (#4610) 2019-04-23 14:37:59 -07:00
Matthew Mosesohn
05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) 
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
 2019-04-19 06:01:54 -07:00
Victor Morales
c6586829de Ensure /etc/bash_completion.d/ folder exists (#4543) 
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.

[1] https://clearlinux.org/features/stateless
 2019-04-18 02:24:10 -07:00
Maxime Guyot
ec3daedf9e Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320)" (#4553) 
This reverts commit 586ad89d50.
 2019-04-17 07:58:06 -07:00
Matthew Mosesohn
d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode (#4317)" (#4510) 
This reverts commit 316508626d.
 2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d Use K8s 1.14 and add kubeadm experimental control plane mode (#4317) 
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
 2019-04-11 05:30:13 -07:00
Robert Neumann
586ad89d50 Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels (#4320) 
* Fix the file path for all.yml and k8s-cluster.yml

* Fix --node-labels namespace error "unknown labels specified"

* Update templates and configs kubelet node-labels
 2019-04-10 04:14:12 -07:00
Maxime Guyot
913fed0089 kubeadmn init: add 'until' to make 'retries' effective (#4464) 
an 'until' clause is required or 'retries' is ignored

(see note @ https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#do-until-loops)
 2019-04-09 00:21:04 -07:00
rptaylor
f52584a715 robust handling of API server SANs (#4435) 
* robust handling of API server SANs

* use apiserver_loadbalancer_domain_name if it is defined, according to PR 3977
 2019-04-08 08:10:35 -07:00
Dmitry Chepurovskiy
0440e45d65 Fix supplementary_addresses rendering error (#4403) 2019-03-29 00:26:13 -07:00
Etienne
d0ae316934 Use proxy_env with kubeadm phase commands (#4325) 2019-03-26 03:03:19 -07:00
Matthew Mosesohn
ec08303f82 Revert "Fix #4237: update kube cert path (#4354)" (#4369) 
This reverts commit ea7a6f1cf1.

This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
 2019-03-20 05:56:57 -07:00