C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
3222 commits 17 branches 66 tags 141 MiB
Commit graph

918 commits

Author SHA1 Message Date
Miouge1 ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Matthew Mosesohn 07cc981971
refactor vault role (#2733) 
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
 2018-05-11 19:11:38 +03:00
Ryo Nishikawa 51a9379d3c Add vm_name option to vsphere cloud provider config 2018-05-08 12:23:58 -07:00
Andreas Krüger d73d60c9b0
Merge pull request #2600 from maximegaillard/master 
Add Openstack tenant name
 2018-05-08 12:03:01 +02:00
Michal Rostecki 066016cd3e opensuse: Fix OpenSSL package name 
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
 2018-05-08 10:03:30 +02:00
Andreas Krüger 28d6eb6af1
Merge pull request #2644 from cp3hu/master 
Fix apiserver manifest and kubelet for kube version < 1.9
 2018-05-08 09:22:36 +02:00
Miouge1 70e0998a70 Update kube-scheduler policy 2018-05-03 21:56:51 +02:00
Chad Swenson 595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix 
sync certs tasks (fix #2596 #2667)
 2018-05-02 12:17:23 -05:00
woopstar 4c81cd2a71 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4 2018-05-02 14:45:58 +02:00
Maxime Gaillard 00db751646 Add Openstack tenant name 2018-05-01 09:21:37 +02:00
Tomasz Majchrowski 59789ae02a ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode (#2707) 2018-04-30 14:48:17 +03:00
Andreas Krüger 03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args 
Add oidc-user-prefix and oidc-group-prefix args
 2018-04-30 09:17:02 +02:00
mirwan 06cdb260f6 labelvalue must be formatted to handle non string values (#2722) 2018-04-29 19:02:14 +03:00
mirwan c3c5817af6 sysctl file should be in defaults so that it can be overriden (#2475) 
* sysctl file should be in defaults so that it can be overriden

* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
 2018-04-27 18:50:58 +03:00
Markos Chandras 9168c71359 Revert "Revert "Add openSUSE support" (#2697)" (#2699) 
This reverts commit 51f4e6585a.
 2018-04-26 12:52:06 +03:00
Matthew Mosesohn 1a14f1ecc1
Fix vol format for local volume provisioner in rkt (#2698) 2018-04-24 20:32:08 +03:00
Matthew Mosesohn 51f4e6585a
Revert "Add openSUSE support" (#2697) 2018-04-23 14:28:24 +03:00
Suzuka Asagiri f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args 2018-04-23 12:23:59 +09:00
Romain DEQUIDT 80dd230a65 sync certs tasks (fix #2596 #2667) 2018-04-22 10:00:31 +02:00
Paul Montero 75950344fb
run_once pre_upgrade tasks which are executing in localhost 2018-04-19 11:38:13 -05:00
Matthew Mosesohn f73717ea35
Mount local volume provisioner dirs for containerized kubelet (#2648) 2018-04-12 22:55:13 +03:00
Aivars Sterns 1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support 
Add openSUSE support
 2018-04-12 20:28:50 +03:00
Chad Swenson d87b6fd9f3 Use dedicated front-proxy-ca for front-proxy-client 2018-04-12 11:03:22 -05:00
Chad Swenson a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert 
Adding missing service-account certificate for vault
 2018-04-12 11:02:24 -05:00
Aivars Sterns 298c6cb790
Merge pull request #2633 from grebois/patch-3 
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
 2018-04-12 11:53:58 +03:00
Markos Chandras d07f75b389 roles: kubernetes: secrets: Add SUSE support 
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
 2018-04-11 20:55:02 +01:00
Nirmoy Das 45eac53ec7 roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed 
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.

Co-authored-by: Markos Chandras <mchandras@suse.de>
 2018-04-11 17:46:14 +01:00
Markos Chandras e42203a13e roles: kubernetes: preinstall: Add SUSE support 
Add support for installing package dependencies and refreshing metadata
on SUSE distributions

Co-authored-by: Nirmoy Das <ndas@suse.de>
 2018-04-11 17:46:14 +01:00
Christian Phu 3535c29e59 Fix apiserver manifest for kube version < 1.9 2018-04-10 18:17:56 +02:00
Marcelo Grebois 88765f62e6
Updating order 
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
 2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen 0f35e17e23 Fix new envvar for setting openstack_tenant_id (#2641) 
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
 2018-04-10 17:23:31 +03:00
Brad Beam 77b3f9bb97 Removing default for volume-plugins mountpoint (#2618) 
All checks test if this is defined meaning there is no way to undefine it.
 2018-04-10 17:19:25 +03:00
Matthew Mosesohn 45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" (#2640) 2018-04-10 14:37:24 +03:00
Aivars Sterns 913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix 
Fix new envvar for setting openstack_tenant_id
 2018-04-10 14:35:28 +03:00
Aivars Sterns a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do 
Remove jinja2 dependency of do
 2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen 0c0f6b755d Fix new envvar for setting openstack_tenant_id 
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
 2018-04-10 13:30:48 +02:00
Marcelo Grebois 4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection 
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
 2018-04-09 12:49:05 +02:00
Atoms b68854f79d fix kubectl download location and kubectl.sh helper owner/group remove 2018-04-09 13:19:26 +03:00
Matthew Mosesohn f954bc0a5a Remove jinja2 dependency of do 
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
 2018-04-09 12:27:53 +03:00
Brad Beam dfc46f02d7 Adding missing service-account certificate for vault 
Missed in #2554
 2018-04-06 15:29:52 -05:00
Daniel Hoherd ca40d51bc6 Fix typos (no logic changes) 2018-04-05 15:54:58 -07:00
Chen Hong 973e7372b4 content: | 2018-04-04 23:05:27 +08:00
Chen Hong b54e091886 Persist ip_vs modules 2018-04-04 18:18:51 +08:00
Andreas Krüger 2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode 
Use legacy policy config to apply the scheduler policy
 2018-04-04 10:20:51 +02:00
georgejdli 76bb5f8d75 check if dedicated service account token signing key exists 2018-04-02 10:57:24 -05:00
Andreas Krüger ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs 
Move cloud config configurations to proper location
 2018-04-02 10:31:38 +02:00
Matthew Mosesohn 3004791c64
Add pre-upgrade task for moving credentials file (#2394) 
* Add pre-upgrade task for moving credentials file

This reverts commit 7ef9f4dfdd.

* add python interpreter workaround for localhost
 2018-04-02 11:19:23 +03:00
woopstar 86e3506ae6 Etcd cluster setup makeover 
The current way to setup the etc cluster is messy and buggy.

- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
 2018-04-01 21:38:33 +02:00
Wong Hoi Sing Edison 5fe144aa0f ingress-nginx: container download related things should defined in the download role 2018-04-01 00:22:33 +08:00
Andreas Krüger 5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3 
Integrate jetstack/cert-manager 0.2.3 to Kubespray
 2018-03-31 18:15:25 +02:00
Andreas Krüger 1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling 
node_labels documentation and kube-ingress label definition as role_node_label
 2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison 195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
avoidik aa301c31d1 Move credential checks into proper folder 2018-03-31 13:29:00 +03:00
Andreas Krüger d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing 
Fix kubespray's ServiceAccount token signing keys
 2018-03-31 09:59:22 +02:00
avoidik 15efdf0c16 Move credential checks 2018-03-31 03:26:37 +03:00
avoidik ab8760cc83 Move credentials pre-check 2018-03-31 03:24:57 +03:00
avoidik b6da596ec1 Move default configuration parameters for cloud-config 2018-03-31 03:18:23 +03:00
avoidik 3c12c6beb3 Move cloud config configurations to proper location 2018-03-31 02:59:59 +03:00
Erwan Miran 8ece922ef0 node_labels documentation + kube-ingress label handling as role_node_label 2018-03-31 00:36:11 +02:00
Andreas Krüger 887a468d32
Merge pull request #2562 from avoidik/fix-indexes-pr-2251 
Fix kubecert_node.results indexes
 2018-03-31 00:16:11 +02:00
Andreas Krüger 76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2 
Update openssl.conf to count better and work with Jinja 2.9
 2018-03-30 21:57:17 +02:00
georgejdli 572ab650db copy dedicated service account token signing key for kubeadm migration 2018-03-30 13:03:32 -05:00
avoidik 72c2a8982b Fix kubecert_node.results indexes 2018-03-30 17:24:50 +03:00
Matthew Mosesohn 03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545) 
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
 2018-03-30 14:29:13 +03:00
Andreas Kruger af5f376163 Revert 2018-03-30 11:42:20 +02:00
woopstar 004b0a3fcf Fix merge conflict 2018-03-30 11:38:59 +02:00
Andreas Kruger 4bb7d2b566 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into cert-fix-2 2018-03-30 11:34:05 +02:00
Andreas Krüger f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename 
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
 2018-03-30 11:15:52 +02:00
RongZhang 5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory 
Node labels definition in kubelet params from inventory
 2018-03-30 03:42:52 -05:00
陈宏 4d85e3765e remove redundancy code 2018-03-30 09:19:00 +08:00
Kuldip Madnani daeeae1a91 Added retries in pre-upgrade.yml and retries while applying kube-dns.yml (#2553) 
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml

* Removed trailing spaces
 2018-03-29 11:37:32 -05:00
georgejdli c8f857eae4 configure kubespray to sign service account tokens with a dedicated and stable key 2018-03-29 09:50:31 -05:00
Andreas Krüger 270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing 
Write cloud-config during kubelet configuration
 2018-03-29 09:12:18 +02:00
Andreas Kruger bf29198efd Fix merge conflict 2018-03-29 09:11:13 +02:00
Kuldip Madnani 9ebbf1c3cd Added a fix in openssl.conf template to check if IP of loadbalncer is available or not. 2018-03-28 16:34:26 -05:00
woopstar 0b5404b2b7 Fix 2018-03-28 20:28:04 +02:00
woopstar 0df32b03ca Update openssl.conf to count better and work with Jinja 2.9 2018-03-28 17:48:56 +02:00
Matthew Mosesohn 72a4223884 Write cloud-config during kubelet configuration 
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
 2018-03-28 16:26:36 +03:00
Andreas Krüger 03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role 
Dedicated node for ingress nginx controller
 2018-03-28 14:07:40 +02:00
avoidik e375678674 Set exact user for Kubelet services 2018-03-27 11:13:52 +03:00
Dann Bohn 1d0415a6cf fixes typo in kube_override_hostname for kubeadm 2018-03-24 13:29:07 -04:00
Dann Bohn 9fa995ac9d only sets nodeName in kubeadm-config when kube_override_hostname is set 2018-03-23 08:33:25 -04:00
Andreas Krüger 30e4b89837
Merge pull request #2504 from brtknr/patch-1 
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
 2018-03-22 09:15:55 +01:00
Chad Swenson 9949782e96
Merge pull request #2489 from woopstar/token-fix-1 
Only copy tokens if tokens_list contains any
 2018-03-21 20:28:06 -05:00
Andreas Krüger ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1 
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
 2018-03-21 10:03:31 +01:00
Erwan Miran 8b71ef8ceb Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet 2018-03-21 09:19:05 +01:00
mirwan ee8f678010 Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446) 2018-03-21 10:50:32 +03:00
Bharat Kunwar 13e47e73c8
Update kubeadm-config.yaml.j2 
As requested
 2018-03-20 13:33:36 +00:00
Bharat Kunwar d2fd7b7462
Update kube-apiserver.manifest.j2 2018-03-20 12:19:53 +00:00
Bharat Kunwar d9453f323b
Update kube-apiserver.manifest.j2 2018-03-20 12:16:35 +00:00
Bharat Kunwar b787b76c6c
Update kube-apiserver.manifest.j2 
Ensure that kube-apiserver will respond even if one of the nodes are down.
 2018-03-20 12:06:34 +00:00
woopstar a94a407a43 Fix duplicate --proxy-client-cert-file and --proxy-client-key-file 2018-03-20 12:08:36 +01:00
Andreas Krüger f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir 
Support multiple artifacts under individual inventory directory
 2018-03-19 12:45:55 +01:00
woopstar b9a949820a Only copy tokens if tokens_list contains any 2018-03-18 08:42:38 +01:00
Andreas Krüger 50e5f0d28b
Merge pull request #2468 from LuckySB/master 
change expirations period for generated certificate from 10y to 100 years
 2018-03-17 19:43:40 +01:00
Sergey Bondarev 1481f7d64b Dedicated node for ingress nginx controller 
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller

and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
 2018-03-17 02:54:46 +03:00
Chad Swenson 7d33650019
Merge pull request #2462 from woopstar/coredns-patch 
Add CoreDNS support
 2018-03-16 18:33:36 -05:00
woopstar e40368ae2b Add CoreDNS support with various fixes 
Added CoreDNS to downloads

Updated with labels. Should now work without RBAC too

Fix DNS settings on hosts

Rename CoreDNS service from kube-dns to coredns

Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html

Updated docs with CoreDNS info

Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed

Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806'

Set dns list correct. Thanks to @whereismyjetpack

Only download KubeDNS or CoreDNS if selected

Move dns cleanup to its own file and import tasks based on dns mode

Fix install of KubeDNS when dnsmask_kubedns mode is selected

Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.

Run DNS manifests for CoreDNS and KubeDNS

Set skydns servers on dual stack deployment

Use only one template for CoreDNS dual deployment

Set correct cluster ip for the dns server
 2018-03-16 21:51:37 +01:00
Sergey Bondarev 3fac550090 Merge remote-tracking branch 'upstream/master' 2018-03-16 14:09:54 +03:00
Andreas Krüger d29a1db134
Merge pull request #2461 from woopstar/patch-11 
Add support to kubeadm too
 2018-03-16 08:24:31 +01:00