Matthew Mosesohn
2c532cb74d
Disable kube_proxy_masquerade_all
...
Fixes #1012
2017-02-10 13:16:39 +03:00
Matthew Mosesohn
779f20d64e
Merge pull request #1010 from bogdando/fixes
...
Fix misleading HA docs
2017-02-10 13:01:29 +03:00
Bogdan Dobrelya
89ae9f1f88
Merge pull request #1002 from code0x9/master
...
use ansible sysctl module for config ip forwarding
2017-02-10 10:40:18 +01:00
Bogdan Dobrelya
ed1ab11001
Fix misleading HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-10 10:28:27 +01:00
Matthew Mosesohn
2f88c9eefe
Merge pull request #989 from holser/kubelet_remedy
...
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Matthew Mosesohn
60f1936a62
Merge pull request #1004 from galthaus/kubelet-load-modules
...
Allow kubelet to load kernel modules
2017-02-10 09:28:16 +03:00
Matthew Mosesohn
b0ee27ba46
Merge pull request #1006 from mattymo/fix_weave_upgrade
...
Enable weave upgrade from previous versions
2017-02-10 09:03:49 +03:00
Antoine Legrand
067bbaa473
Merge pull request #1001 from idcrook/kargo-issue-1000-efk-enable
...
removed explicit role for efk in cluster.yml
2017-02-10 03:03:18 +01:00
Sergii Golovatiuk
c07d60bc90
Kubernetes Reliability Improvements
...
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
node-monitor-period, pod-eviction-timeout for Kubernetes controller
manager
- Add Kubernetes Relaibility Documentation with recomendations for
various scenarios.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-09 23:54:08 +01:00
Matthew Mosesohn
29fd957352
Enable weave upgrade from previous versions
...
Raise readiness probe initial time to 60 (was 30)
2017-02-09 21:39:31 +03:00
Matthew Mosesohn
ef10ce04e2
Merge pull request #1005 from rutsky/patch-2
...
fix kube_apiserver_ip/kube_apiserver_port description
2017-02-09 21:08:15 +03:00
Vladimir Rutsky
f0269b28f4
fix kube_apiserver_ip/kube_apiserver_port description
2017-02-09 21:47:36 +04:00
Matthew Mosesohn
0a7c6eb9dc
Merge pull request #998 from mattymo/fix_upgrade_daemonsets
...
Fix upgrade for all daemonset type resources
2017-02-09 20:02:21 +03:00
Greg Althaus
3f0c13af8a
Make kubelet_load_modules always present but false.
...
Update code and docs for that assumption.
2017-02-09 10:25:44 -06:00
Greg Althaus
fcd78eb1f7
Due to the nsenter and other reworks, it appears that
...
kubelet lost the ability to load kernel modules. This
puts that back by adding the lib/modules mount to kubelet.
The new variable kubelet_load_modules can be set to true
to enable this item. It is OFF by default.
2017-02-09 10:02:26 -06:00
Matthew Mosesohn
17dfae6d4e
Merge pull request #999 from holser/decrease_weave_ram_limits
...
Lower weave RAM settings.
2017-02-09 13:19:12 +03:00
Mark Lee
e414c25fd7
follow sysctl.conf file symlink if linked
2017-02-09 18:16:52 +09:00
Mark Lee
34a71554ae
use ansible sysctl module for config ip forwarding
2017-02-09 17:28:44 +09:00
Bogdan Dobrelya
3b1a196c75
Merge pull request #902 from insequent/master
...
Adding vault role
2017-02-09 09:24:52 +01:00
Bogdan Dobrelya
105dbf471e
Merge pull request #993 from code0x9/master
...
enable proxy support on docker repository
2017-02-09 09:21:01 +01:00
David Crook
d4d9f27a8d
removed explicit role for efk in cluster.yml
2017-02-08 20:48:28 -07:00
Antoine Legrand
68df0d4909
Merge pull request #986 from vwfs/dnsmasq_system_nameservers
...
Also add the system nameservers to upstream servers in dnsmasq
2017-02-08 23:21:54 +01:00
Antoine Legrand
9c572fe54b
Merge pull request #984 from rutsky/patch-2
...
fix typo: "explicetely"
2017-02-08 23:19:01 +01:00
Josh Conant
245e05ce61
Vault security hardening and role isolation
2017-02-08 21:41:36 +00:00
Josh Conant
f4ec2d18e5
Adding the Vault role
2017-02-08 21:31:28 +00:00
Sergii Golovatiuk
4124d84c00
Lower weave RAM settings.
...
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
to continue using g1-small for CI
2017-02-08 18:50:36 +01:00
Matthew Mosesohn
3c713a3f53
Fix upgrade for all daemonset type resources
...
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
2017-02-08 18:16:00 +03:00
Alexander Block
89e570493a
Also add the system nameservers to upstream servers in dnsmasq
...
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
2017-02-08 14:38:55 +01:00
Matthew Mosesohn
16674774c7
Merge pull request #994 from mattymo/docker_save
...
Change docker save compress level to 1
2017-02-08 15:13:15 +03:00
Matthew Mosesohn
0180ad7f38
Merge pull request #990 from mattymo/fix_cert_upgrade
...
Fix check for node-NODEID certs existence
2017-02-08 14:44:09 +03:00
Matthew Mosesohn
bfd1ea1da1
Merge pull request #971 from bradbeam/efk
...
Adding EFK logging stack
2017-02-08 14:28:04 +03:00
Mark Lee
3eacd0c871
Update rh_docker.repo.j2
2017-02-08 20:03:51 +09:00
Matthew Mosesohn
d587270293
Merge pull request #992 from vwfs/host_mount_dev
...
Host mount /dev for kubelet
2017-02-08 13:45:22 +03:00
Matthew Mosesohn
3eb13e83cf
Change docker save compress level to 1
...
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
2017-02-08 13:25:11 +03:00
Mark Lee
df761713aa
Merge branch 'master' of https://github.com/kubespray/kargo
2017-02-08 19:19:26 +09:00
Mark Lee
de50f37fea
enable proxy support on docker repository
2017-02-08 19:19:08 +09:00
Matthew Mosesohn
bad6076905
Merge pull request #987 from mattymo/etcd-retune
...
Re-tune ETCD performance params
2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
c2bd76a22e
Merge pull request #956 from adidenko/update-netchecker
...
Update playbooks to support new netchecker
2017-02-08 10:09:46 +01:00
Alexander Block
010fe30b53
Host mount /dev for kubelet
2017-02-08 09:55:51 +01:00
Matthew Mosesohn
e5779ab786
Fix check for node-NODEID certs existence
...
Fixes upgrade from pre-individual node cert envs.
2017-02-07 21:06:48 +03:00
Matthew Mosesohn
71e14a13b4
Re-tune ETCD performance params
...
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
2017-02-07 20:15:14 +03:00
Matthew Mosesohn
491074aab1
Merge pull request #969 from mattymo/port_reserve
...
Prevent dynamic port allocation in nodePort range
2017-02-07 18:24:57 +03:00
Aleksandr Didenko
54af533b31
Update playbooks to support new netchecker
...
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn
4f13043d14
Merge pull request #976 from holser/bug/975
...
Improve Weave
2017-02-06 22:48:13 +03:00
Vladimir Rutsky
6a5df4d999
fix typo: "pubilcally"
2017-02-06 21:35:02 +04:00
Vladimir Rutsky
d41602088b
fix typo: "explicetely"
2017-02-06 21:29:11 +04:00
Matthew Mosesohn
f3a0f73588
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Matthew Mosesohn
be1e1b41bd
Merge pull request #981 from kubernetes-incubator/revert-911-DROP_CAPS
...
Revert "Drop linux capabilities and rework users/groups"
2017-02-06 17:52:58 +03:00
Matthew Mosesohn
fd30131dc2
Revert "Drop linux capabilities and rework users/groups"
2017-02-06 15:58:54 +03:00
Sergii Golovatiuk
5122697f0b
Improve Weave
...
- Remove weave CPU limits from .gitlab-ci.yml. Closes : #975
- Fix weave version in documentation
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-06 13:24:40 +01:00