Commit graph

484 commits

Author SHA1 Message Date
Spencer Smith
21b10784f4 allow for correct aws default resolver 2017-04-20 09:32:03 -04:00
Matthew Mosesohn
cb52d78845 Merge pull request #1246 from holser/disable_dns_for_kube_services
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
f061ce63b3 Add aws to default_resolver
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
0a687a22ff Change DNS policy for kubernetes components
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Matthew Mosesohn
fc5ca5090e Merge pull request #1238 from Starefossen/fix/namespace-template-file
Move namespace file to template directory
2017-04-20 12:19:55 +03:00
Matthew Mosesohn
8d5d973a64 Merge pull request #1241 from bradbeam/rktcnidir
Explicitly create cni bin dir
2017-04-20 12:19:26 +03:00
Sergii Golovatiuk
1268c9b642 Fix restart kube-controller (#1242)
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
2017-04-20 11:26:01 +03:00
Brad Beam
0dc4967e43 Explicitly create cni bin dir
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
12bbb243b2 Move namespace file to template directory 2017-04-19 13:37:02 +02:00
Spencer Smith
e76ed88ea2 Merge pull request #1232 from rsmitty/custom-flags
add ability for custom flags
2017-04-17 14:01:32 -04:00
Spencer Smith
1d848dc211 remove stray spaces in templating 2017-04-17 12:24:24 -04:00
Spencer Smith
daa728e3cf ensure spacing on string of flags 2017-04-17 12:13:39 -04:00
Spencer Smith
0fb9469249 ensure spacing on string of flags 2017-04-17 11:11:10 -04:00
Spencer Smith
c1192b1154 update to safeguard against accidentally passing string instead of list 2017-04-17 11:09:34 -04:00
Matthew Mosesohn
f500f32771 Merge pull request #1233 from gbolo/master
allow admission control plug-ins to be easily customized
2017-04-17 12:59:49 +03:00
gbolo
c05d141128 allow admission control plug-ins to be easily customized 2017-04-16 22:03:45 -04:00
Spencer Smith
7656ae2887 add ability for custom flags 2017-04-14 17:33:04 -04:00
Matthew Mosesohn
74c43c290a Skip vault cert task evaluation completely when using script cert generation 2017-04-13 19:29:07 +03:00
Matthew Mosesohn
72749b8e73 Update kubelet.j2 2017-04-06 22:59:18 +03:00
Matthew Mosesohn
d74770147e Unbreak 1.5 deployment with kubelet
1.5 kubelet fails to start when using unknown params
2017-04-06 21:07:48 +03:00
Matthew Mosesohn
06c8399c6e Merge pull request #1208 from mattymo/1.6-flannel
Update to k8s 1.6 with flannel and centos fixes
2017-04-06 13:04:02 +03:00
Matthew Mosesohn
655721268d Fix flannel for 1.6 and apply fixes to enable containerized kubelet 2017-04-06 10:06:21 +04:00
Matthew Mosesohn
b50839bb9f Merge pull request #1205 from holser/resolv_updates
Refactoring resolv.conf
2017-04-05 14:22:52 +03:00
Sergii Golovatiuk
16dd412d89 Refactoring resolv.conf
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-05 09:28:01 +02:00
Matthew Mosesohn
b9461abeec Merge pull request #1204 from mattymo/resolvconf-nodes
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 22:03:44 +03:00
Matthew Mosesohn
91be2aa8bb Merge pull request #1186 from holser/resolv_conf
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
2017-04-04 20:49:55 +03:00
Matthew Mosesohn
927a95fb65 Restart kubelet when updating /etc/resolv.conf on all k8s nodes 2017-04-04 20:43:47 +03:00
Sergii Golovatiuk
829b0948a3 Set ClusterFirstWithHostNet for Pods with hostnetwork: true
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.

This patch sets the same resolv.conf for kubelet as host

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-04 16:34:13 +02:00
Matthew Mosesohn
380ad9815f Merge pull request #1153 from mattymo/graceful_drain
Move graceful upgrade test to Ubuntu canal HA, adjust drain
2017-04-04 17:33:53 +03:00
Matthew Mosesohn
90e8d4c4ea Add /var/lib/cni to kubelet
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Matthew Mosesohn
620944b052 Fix multiline condition for k8s check certs
Fixes #1190
2017-04-03 17:44:55 +03:00
Matthew Mosesohn
a5391ff21a use etcd2 when upgrading unless forced 2017-04-03 15:07:42 +03:00
Matthew Mosesohn
423fe7e51d Update .gitlab-ci.yml 2017-03-30 12:19:15 +04:00
Matthew Mosesohn
1d4e6b2ade delete master containers forcefully 2017-03-27 19:08:22 +03:00
Matthew Mosesohn
1e1dfe2cab restart scheduler and controller-manager too 2017-03-27 13:51:35 +03:00
Matthew Mosesohn
eab686bd56 ensure post-upgrade purge ones only once 2017-03-27 13:28:37 +03:00
Matthew Mosesohn
f953303722 switch debian8-canal-ha to ubuntu 2017-03-27 13:28:37 +03:00
Matthew Mosesohn
a7bedd30ab move network plugins out of grouped upgrades 2017-03-27 13:28:37 +03:00
Matthew Mosesohn
1a96970918 Fix delegate tasks for kubectl and etcdctl 2017-03-27 13:28:37 +03:00
Matthew Mosesohn
bf3425322f Significantly reduce memory requirements
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
f1f58166e5 Only cordon Ready nodes 2017-03-27 13:28:37 +03:00
Matthew Mosesohn
986a89be66 Merge pull request #1181 from holser/refactor_etcd
Refactor etcd role
2017-03-27 13:05:35 +03:00
Sergii Golovatiuk
77671dbd05 Refactor etcd role
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Vladimir Rutsky
bc30ea7582 replace non-breakable space with regular space
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.

To find one:

    $ git grep -I -P '\xc2\xa0'

To replace with regular space:

    $ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'

This commit doesn't include changes that will overlap with commit f1c59a91a1.
2017-03-23 00:25:01 +03:00
Matthew Mosesohn
51985ab9de Change wait for dnsmasq to skip if there are no kube-nodes in play
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)

Also rename play_hosts to ansible_play_hosts
2017-03-21 18:55:22 +03:00
Matthew Mosesohn
182a2e682f Merge pull request #1149 from mattymo/centos-retries
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
dd56342361 Retry yum/apt/rpm download commands, fix succeeded filter 2017-03-17 18:56:26 +03:00
Matthew Mosesohn
b060d3279c Merge pull request #1146 from mattymo/resolvconf_optimize
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
a5876a1ac8 Merge pull request #1136 from adidenko/fix-calico-policy-order
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
1adf231512 Move calico-policy-controller into separate role
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.

K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.

This patch also fixes kube-api port in calico-policy-controller
yaml template.

Closes #1132
2017-03-17 11:21:52 +01:00