Sergey Bondarev
f8fed0f308
change expirations period for generated certificate from 10 years to 100 years
2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a
Fix err in kubelet.kubeadm.env.j2
...
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
...
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
...
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn
f3788525ff
fixes yamllint for docker defaults, and weave network plugin
2018-03-13 06:15:48 -04:00
Andreas Krüger
39d247a238
Add support to kubeadm too
...
Explicitly defines the --kubelet-preferred-address-types parameter #2418
Fixes #2453
2018-03-13 10:31:15 +01:00
rong.zhang
d264da8f08
Fix yamllint roles error for #2188 commit
2018-03-13 14:28:49 +08:00
MQasimSarfraz
9a4aa4288c
Fix vsphere cloud_provider RBAC permissions
2018-03-12 18:07:08 +00:00
Dann Bohn
50e3ccfa2b
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-12 12:46:14 -04:00
RongZhang
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
...
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
...
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
...
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
...
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
...
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang
ecec94ee7e
Fix Docker exits prematurely
...
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang
196995a1a7
Fix issues#2451 Support docker-ce and docker-engine
...
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
...
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
...
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
...
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen
cd153a1fb3
Fix kubernetes cert permission sync
...
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen
b0ab92c921
Prefix system:node CRB
...
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`
Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
...
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
Chad Swenson
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
...
Fix systemd version detection
2018-03-08 22:28:12 -06:00
zhengchuan hu
8e36ad09b4
clean http-proxy.conf
2018-03-08 23:16:02 +08:00
zhengchuan hu
96a92503cb
Fix always download calico_rr image
2018-03-08 17:04:16 +08:00
RongZhang
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
...
Remove nodes
2018-03-08 01:55:20 -06:00
rong.zhang
12c78e622b
Remove nodes
...
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
RongZhang
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
...
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
Wong Hoi Sing Edison
a086686e9f
Support multiple artifacts under individual inventory directory
2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-08 11:57:46 +08:00
RongZhang
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
...
fix the name of some variable
2018-03-07 21:25:32 -06:00
Chris Mildebrandt
605738757d
Fix systemd version detection
...
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
Wong Hoi Sing Edison
3f96b2da7a
Add Custom ConfigMap Support for ingress-nginx
2018-03-07 21:37:45 +08:00
RongZhang
dbf40bbbb8
docker-ce instead of docker-engine repo ( #2423 )
...
* Use docker-ce 17.03.2
* Docker-engine may be discarded
2018-03-07 15:11:20 +03:00
zhengchuan hu
646d473e8e
fix the name of some variable
2018-03-07 18:30:34 +08:00
Aivars Sterns
6975cd1622
Merge pull request #2419 from hswong3i/ingress_nginx_labels
...
Add labels for ingress_nginx_namespace
2018-03-06 08:01:13 +02:00
Aivars Sterns
b7f9bf43c2
Merge pull request #2421 from ctlam/master
...
Adding ssh_private_key_file to ProxyCommand
2018-03-06 07:59:26 +02:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
...
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Dominic Lam
f9019ab116
Adding ssh_private_key_file to ProxyCommand
...
This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.
2018-03-05 13:15:10 -08:00
Michael Beatty
07657aecf4
add support for azure vnetResourceGroup
2018-03-05 13:40:25 -06:00
Wong Hoi Sing Edison
e65904eee3
Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled
2018-03-05 23:11:18 +08:00
Ayaz Ahmed Khan
89847d5684
Explicitly defines the --kubelet-preferred-address-types parameter
...
to the API server configuration.
This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
Jonas Kongslund
585303ad66
Start with three dashes for consistency
2018-03-03 10:05:05 +04:00
Jonas Kongslund
a800ed094b
Added support for webhook authentication/authorization on the secure kubelet endpoint
2018-03-03 10:00:09 +04:00
Wong Hoi Sing Edison
fd46442188
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
2018-03-02 23:33:19 +08:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
...
Fixes #2397
2018-03-02 15:36:52 +03:00
Aivars Sterns
b75b6b513b
Merge pull request #2406 from riverzhang/fedora
...
Delete unused fedora docker repo
2018-03-02 09:33:57 +02:00
rong.zhang
2a3b48edaf
Delete unused fedora docker repo
2018-03-02 14:39:13 +08:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
...
Enable OOM killing
2018-03-01 14:56:26 +01:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
...
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
...
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Spencer Smith
0fd3b9f7af
Merge pull request #2391 from Miouge1/latest-helm
...
Install latest version of Helm
2018-02-28 15:04:41 -05:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" ( #2393 )
2018-02-28 22:41:52 +03:00
Brad Beam
6ce507f39f
Merge pull request #2345 from mattymo/credentials_upgrade_fix
...
Add pre-upgrade task for moving credentials file
2018-02-28 12:39:02 -06:00
Brad Beam
34cab91e86
Merge pull request #2366 from z1nkum/bump_dashboard_tag
...
Bump dashboard from 1.8.1 to 1.8.3 because of reload bug
2018-02-28 12:38:34 -06:00
Brad Beam
63de9bdba3
Merge pull request #2363 from whereismyjetpack/default-kube-proxy
...
default kube_proxy_mode in kubernetes-defaults
2018-02-28 12:37:46 -06:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Brad Beam
ad89d1c876
Update pre_upgrade.yml
2018-02-28 19:07:44 +03:00
Simon Li
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf
2018-02-28 16:04:52 +00:00
Miouge1
2257dc9baa
Install latest version of Helm
2018-02-28 16:29:38 +01:00
Dmitry Vlasov
977e7ae105
remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3
2018-02-28 12:52:59 +03:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Matthew Mosesohn
bb469005b2
Add pre-upgrade task for moving credentials file
2018-02-27 17:35:15 +03:00
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
RongZhang
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
RongZhang
b7e06085c7
Upgrade to Kubernetes v1.9.3 ( #2323 )
...
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
Chad Swenson
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
...
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
...
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
Nedim Haveric
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00
Brad Beam
c874f16c02
Fixing credential lookup for fe proxy and vault ( #2361 )
2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Matthew Mosesohn
87f33a4644
Use CNI to assign kube_pods_subnet for calico
...
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
Dann Bohn
2d69b05c77
set local_release_dir in downloads to match others
2018-02-21 11:35:34 -05:00
Dann Bohn
2eb57ee5cd
default kube_proxy_mode in kubernetes-defaults
2018-02-21 11:33:25 -05:00
Chris Mildebrandt
85c69c2a4a
Add check for atomic hosts in template
2018-02-21 08:26:18 -08:00
Matthew Mosesohn
c20f38b89c
retry unmount kubelet dirs
2018-02-21 14:41:57 +03:00
Wong Hoi Sing Edison
d4c61d2628
Fixup for gce_centos7-flannel-addons
2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-02-21 13:41:25 +08:00
Chris Mildebrandt
c19d8994b9
Set TasksMax to infinity on any OS with systemd
2018-02-20 11:55:13 -08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
...
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022
Added cilium support ( #2236 )
...
* Added cilium support
* Fix typo in debian test config
* Remove empty lines
* Changed cilium version from <latest> to <v1.0.0-rc3>
* Add missing changes for cilium
* Add cilium to CI pipeline
* Fix wrong file name
* Check kernel version for cilium
* fixed ci error
* fixed cilium-ds.j2 template
* added waiting for cilium pods to run
* Fixed missing EOF
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed too many blank lines
* Updated tolerations,annotations in cilium DS template
* Set cilium_version to iptables-1.9 to see if bug is fixed in CI
* Update cilium image tag to v1.0.0-rc4
* Update Cilium test case CI vars filenames
* Add optional prometheus flag, adjust initial readiness delay
* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
...
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
RongZhang
c0aad0a6d5
Fix install etcd by host service ( #2297 )
...
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
...
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b
Increased timeout values for k8s API server restart
2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config ( #2291 )
2018-02-12 10:29:46 +03:00
Antoine Legrand
46284198f8
Merge pull request #2298 from clkao/patch-2
...
Fix version comparison
2018-02-11 17:22:39 +01:00
RongZhang
bbb1da1a83
Fix default_resolver is undefined
...
fix issues #2265
2018-02-10 10:08:26 -06:00
Wong Hoi Sing Edison
07075add3d
Add optional StorageClass name with cephfs_provisioner_storage_class
2018-02-10 20:31:34 +08:00
Chia-liang Kao
338238d086
Fix version comparison
...
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
Brad Beam
03bb729fea
Making status and detection mo betta
2018-02-09 12:30:46 -06:00
Damian Nowak
f8a59446e8
Enable OOM killing
...
When etcd exceeds its memory limit, it becomes useless but keeps running.
We should let OOM killer kill etcd process in the container, so systemd can spot
the problem and restart etcd according to "Restart" setting in etcd.service unit file.
If OOME problem keep repeating, i.e. it happens every single restart,
systemd will eventually back off and stop restarting it anyway.
--restart=on-failure:5 in this file has no effect because memory allocation error
doesn't by itself cause the process to die
Related: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/etcd/templates/etcd-docker.service.j2
This kind of reverts a change introduced in #1860 .
2018-02-09 11:00:13 -06:00
mlushpenko
4e61fb9cd3
Refactored kubeadm join process and fixed uncrodonng for master nodes
2018-02-09 15:51:47 +01:00
mlushpenko
b472c2df98
Fix safe upgrade
...
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335 , so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
mkrasilnikov
bc67deee78
Added missing cephfs_provisioner_enabled to kubespray-defaults vars
2018-02-09 17:03:38 +03:00
jasdeep-hundal
f57abae01e
Remove redundant python-apt install
...
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00