Matthew Mosesohn
94d4ce5a6f
Retry cleaning up calico-node container ( #5302 )
...
Change-Id: Iad27b107860213759c7ae51f0891d7e5e7c6d96b
2019-10-28 05:11:25 -07:00
Matthew Mosesohn
a1fff30bd9
Generate TLS certs for calico typha ( #5258 )
...
* Generate TLS certs for calico typha
Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707
* Add group vars note
Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Sergey
81d57fe658
set calico_datastore default value in role kubespray-default ( #5259 )
2019-10-17 05:58:38 -07:00
Hugo Blom
9dfb25cafd
fix typo ( #5275 )
2019-10-16 18:26:38 -07:00
Matthew Mosesohn
af6456d1ea
Fix selector for calico-typha deployment ( #5253 )
...
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
2019-10-16 07:53:42 -07:00
Matthew Mosesohn
fb591bf232
Apply workaround for NetworkManager and calico ( #5230 )
...
Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4
2019-10-02 04:37:07 -07:00
陈谭军
99dbc6d780
clean-up doc,spelling mistakes ( #5206 )
2019-09-26 04:25:08 -07:00
Erwan Miran
f18e77f1db
Blocksize for calico default pool should be configurable ( #5198 )
2019-09-25 04:44:00 -07:00
Matthew Mosesohn
27ec548b88
Add support for k8s v1.16.0-beta.2 ( #5148 )
...
Cleaned up deprecated APIs:
apps/v1beta1
apps/v1beta2
extensions/v1beta1 for ds,deploy,rs
Add workaround for deploying helm using incompatible
deployment manifest.
Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
2019-09-10 12:06:54 -07:00
Matthew Mosesohn
184ac6a4e6
Parse calico nodes as json ( #5114 )
2019-08-27 10:16:42 -07:00
Matthew Mosesohn
7e1645845f
Allow calico settings to be modified ( #5101 )
...
Previous logic used calicoctl.sh create --skip-exists, which
allowed setting initial values, but not permitting changes.
2019-08-23 00:01:19 -07:00
Matthew Mosesohn
023108a733
Refactor calico route reflector to run in k8s cluster ( #4975 )
...
* Refactor calico-rr to run in k8s cluster with taint
Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa
* add preinstall checks
* rework calico/rr role
Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8
* add empty calico-rr group
Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
2019-08-08 07:37:22 -07:00
Aleksey Kasatkin
fb9103acd3
Update calico-typha deployment to address v3.7.x changes ( #5003 )
...
* Update calico-typha deployment to address v3.7.x changes
So that calico-typha works for Calico v3.7.x.
* Apply changes for v3.7.x only.
2019-07-24 09:12:16 -07:00
Sergey Kolekonov
428e52e0d1
Fix calico handler for containerd ( #4985 )
...
crictl tool must be used to delete containers in case of containerd
deployment
2019-07-16 08:35:24 -07:00
Matthew Mosesohn
23ae6027ab
remove support for calico v2.x ( #4974 )
...
* Remove support for calico below version v3.0.0
Change-Id: If8fe3036b9e054901a8b2c48516eff1e1271970f
* Update main.yml
* fixup node peering
Change-Id: Ifac4d363deba826f0c80e390ce80a28df9827323
* fixups
Change-Id: Ic35417330af6741962003b3930604393c90804d1
* fixups
Change-Id: I0ea82d634bb0c81d9b7dc50569c70988bc8d3a3b
2019-07-15 07:47:09 -07:00
Matthew Mosesohn
fd9bbcb157
Enable nodes to run calicoctl for calico kdd mode ( #4956 )
...
* Enable nodes to run calicoctl
per-node tasks require waiting for calico-node to be applied
Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2
* cleanup tasks that should run on master
Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae
* Switch run_once calico logic to just run on first master
Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
2019-07-15 01:59:06 -07:00
jlacoline
20c7e31ea3
Add calico 3.7.3 support ( #4953 )
...
* Add calico 3.7.3 support
* add calico_datastore variable to policy controller role
* add missing clusterrole rules for calico policy controller
* disable calico kube controller when kdd mode is used for versions < 3.6
2019-07-09 12:42:28 -07:00
Julian Tabel
dc16ab92f4
fix for calico with kdd datastore ( #4922 )
...
* fix for calico with kdd datastore
* remove AS number from daemonset
* revert changes to canal
* additionnal fixes for kdd datastore in calico
2019-07-08 12:20:03 +03:00
okamototk
4c8b93e5b9
containerd support ( #4664 )
...
* Add limited containerd support
Containerd support for Ubuntu + Calico
* Added CRI-O support for ubuntu
* containerd support.
* Reset containerd support.
* fix lint.
* implemented feedback
* Change task name cri xx instead of cri-o in reset task and timeout condition.
* set crictl to fixed version
* Use docker-ce's container.io package for containerd.
* Add check containerd is installable or not.
* Avoid stop docker when use containerd and optimize retry for reset.
* Add config.toml.
* Fixed containerd for kubelet.env.
* Merge PR #4629
* Remove unused ubuntu variable for containerd
* Polish code for containerd and cri-o
* Refactoring cri socket configuration.
* Configurable conmon.
* Remove unused crictl/runc download
* Now crictl and runc is downloaded by common crictl.yml.
* fixed yamllint error
* Fixed brokenfiles by conflict.
* Remove commented line in config.toml
* Remove readded v1.12.x version
* Fixed broken set_docker_image_facts
* Fix yamllint errors.
* Remove unused apt source
* Fix crictl could not be installed
* Add containerd config from skolekonov's PR #4601
2019-06-29 14:09:20 -07:00
Matthew Mosesohn
4348e78b24
Enable kubeadm etcd mode ( #4818 )
...
* Enable kubeadm etcd mode
Uses cert commands from kubeadm experimental control plane to
enable non-master nodes to obtain etcd certs.
Related story: PROD-29434
Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178
* Add validation checks and exclude calico kdd mode
Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c
* Move etcd mode test to ubuntu flannel HA job
Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732
* rename etcd_mode to etcd_kubeadm_enabled
Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
2019-06-20 11:12:51 -07:00
Tony Fouchard
f67a24499b
Allow to specify feature_control in calico cni config ( #4879 )
...
* Allow to specify feature_control in calico cni config
* list length checking
* double check
* remove 2 conditions
2019-06-16 23:14:07 -07:00
Andreas Krüger
818aa7aeb1
Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true ( #4843 )
2019-06-05 03:17:55 -07:00
MarkusTeufelberger
e67f848abc
ansible-lint: add spaces around variables [E206] ( #4699 )
2019-05-02 14:24:21 -07:00
MarkusTeufelberger
88d919337e
ansible-lint: don't compare to empty string [E602] ( #4665 )
2019-04-28 23:00:20 -07:00
grialeyur
82119ca923
Add support calico kubernetes datastore and typha. ( #4498 )
...
* Add support calico kubernetes datastore and typha.
* Add typha_enabled to kubespray-defaults.
2019-04-25 05:00:48 -07:00
MarkusTeufelberger
424e59805f
ansible-lint: Fix commands that are also available as module ( #4619 )
2019-04-23 22:18:00 -07:00
Andreas Krüger
d588532c9b
Update probe timeouts, delays etc. ( #4612 )
...
* Fix merge conflict
* Add check delay
* Add more liveness and readiness options to metrics-server
2019-04-23 14:46:02 -07:00
Matthew Mosesohn
05dc2b3a09
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4514 )
...
* Use K8s 1.14 and add kubeadm experimental control plane mode
This reverts commit d39c273d96
.
* Cleanup kubeadm setup run on first master
* pin kubeadm_certificate_key in test
* Remove kubelet autolabel of kube-node, add symlink for pki dir
Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
2019-04-19 06:01:54 -07:00
andreyshestakov
78f6f6b889
Mark "Calico | Set global as_num" as "unchanged" ( #4539 )
...
This command executes with "--skip-exists" parameter, so it is idempotent
and should not be marked as "changed".
2019-04-16 09:31:11 -07:00
Matthew Mosesohn
c5fb734098
Switch calicoctl from a container to a binary ( #4524 )
2019-04-15 04:24:04 -07:00
Matthew Mosesohn
d39c273d96
Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )" ( #4510 )
...
This reverts commit 316508626d
.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )
...
* Use Kubernetes 1.14 and experimental control plane support
* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Maxime Guyot
353afa7cb0
Fix ipip: false in calico v3 ( #4473 )
2019-04-10 05:50:15 -07:00
Matthew Mosesohn
4fe2aa6bf7
Use install_cni init container for cni copy for calico/canal ( #4416 )
2019-04-02 03:32:36 -07:00
ml
483f1d2ca0
Calico felix - Fix jinja2 boolean condition ( #4348 )
...
* Fix jinja2 boolean condition
* Convert all felix variable to booleans instead.
2019-03-29 16:07:09 -07:00
chadswilson
d469282f1c
add blockSize to IPPool spec for Calico >= v3.3.0 ( #4224 )
...
* add blockSize to IPPool spec for Calico >= v3.3.0
* fix "cidr" spec in Calico IPPool resource for my PR
2019-03-06 12:42:48 -08:00
Matthew Mosesohn
acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
...
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
2019-03-05 03:04:39 -08:00
hikoz
67832aada9
changed_when:false ( #4189 )
2019-02-25 20:09:30 -08:00
Chad Swenson
8872b2e0c6
Fix calico when kube_override_hostname is set ( #4235 )
...
This fixes an issue where the `nodename` in calico's cni config json can fall out of sync with the k8s node name used by the calico pod if `kube_override_hostname` is set
2019-02-13 16:02:48 -08:00
hikoz
9a91ef8628
change permission after unarchive ( #4191 )
2019-02-11 14:21:38 -08:00
Danny Kulchinsky
226d5ed7de
[Calico] Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode ( #4173 )
...
* Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode
* ensure kube_apiserver_node_port_range is defined
2019-02-04 12:42:40 -08:00
Sorin Sbarnea
316b73178d
Add timeout to Get current version of calico cluster version ( #4149 )
...
Avoid waiting forever for this task that should be very quick.
Fixes : #4148
2019-02-01 20:09:04 -08:00
Erwan Miran
f6d60a7e89
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) ( #4131 )
...
* Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet)
* Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
2019-01-31 13:39:13 -08:00
wangxf
a096761306
[PR-Calico]Support calico 3.4.0 ( #4102 )
...
* Suport calico 3.4.0
Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com>
* Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips
* scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
2019-01-28 11:03:49 -08:00
Erwan Miran
556a8d68bc
Set IP env var to autodetect when calico_ip_auto_method is defined ( #4105 )
2019-01-27 23:09:18 -08:00
Douglas Hellinger
4479cc48fe
Introduce calico_upgrade_url
var for Calico upgrade tool.
...
So that binary can be sourced from anywhere - not only github.
2019-01-23 16:19:27 +08:00
Danny Kulchinsky
257019d424
Mount host's xtable lock and enable calico lokcing for <v3.2.1
2019-01-14 17:16:29 -05:00
Andreas Krüger
d5ce5874e8
Streamline path to certs dir ( #3836 )
...
* Streamline path to certs dir
* More fixes
* Set path to etcd certs in kubernetes defaults instead
2018-12-06 23:11:53 -08:00
Rong Zhang
225f765b56
Upgrade kubernetes to v1.13.0 ( #3810 )
...
* Upgrade kubernetes to v1.13.0
* Remove all precense of scheduler.alpha.kubernetes.io/critical-pod in templates
* Fix cert dir
* Use kubespray v2.8 as baseline for gitlab
2018-12-06 12:11:48 -08:00
Erwan Miran
2c1dd69891
Reset tasks specific to Calico ( #3813 )
2018-12-04 11:37:45 -08:00
Rong Zhang
e0781483fa
Use download binary instead of copying from the container ( #3786 )
2018-12-03 02:22:17 -08:00
Joost Cassee
f2635776cd
Make Calico Felix log level configurable ( #3781 )
2018-11-28 00:55:01 -08:00
Johnny Halfmoon
53bde23a5e
fixed ansible include/import inheritance issue ( #3716 )
2018-11-16 04:33:23 -08:00
Mark Eisenblätter
7deb842030
calico-node: add prometheus annotations ( #3645 )
...
add prometheus annotations to calico-node if
calico_felix_prometheusmetricsenabled is enabled.
This will allow a kubernetes_sd to automaticly find the pods and start
scraping.
2018-11-14 15:01:35 -08:00
Robert Liotta
2a00c931e4
Added the missing environment for proxy for get_url ( #3603 )
...
* Added the missing environment for proxy for get_url
* Update upgrade.yml
* Fixed spaces
* Fixed spaces
* Update upgrade.yml
2018-11-01 06:20:57 -07:00
Erwan Miran
4f12ba00d1
Fix calico peering with router(s) ( #3547 )
2018-10-23 22:19:50 -07:00
Erwan Miran
87193fd270
Fix ansible syntax to avoid ansible warnings (one more) ( #3536 )
...
* warning on meta flush_handlers
* avoid rm
* avoid "Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually" warning on subsequent tasks using blockinfile
* is match
2018-10-17 12:27:11 -07:00
Erwan Miran
7bec169d58
Fix ansible syntax to avoid ansible deprecation warnings ( #3512 )
...
* failed
* version_compare
* succeeded
* skipped
* success
* version_compare becomes version since ansible 2.5
* ansible minimal version updated in doc and spec
* last version_compare
2018-10-16 15:33:30 -07:00
Erwan Miran
bfd4ccbeaa
Calico: Ability to define global peers ( #3493 )
2018-10-16 15:32:26 -07:00
Erwan Miran
6549b8f8ae
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers ( #3492 )
2018-10-15 23:44:49 -07:00
Anupam Basak
3ce933051a
calico CALICO_IPV4POOL_IPIP overriding variable ( #3507 )
2018-10-12 00:09:36 -07:00
Cédric de Saint Martin
53d87e53c5
All CNIs: support ANY toleration. ( #3391 )
...
Before, Nodes tainted with NoExecute policy did not have calico/weave Pod.
Network pod should run on all nodes whatever happens on a specific node.
Also always set the Pods to be critical.
Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
2018-09-27 05:28:54 -07:00
Erwan Miran
232020ef96
skip-exists is an flag for create command, not for calicoctl ( #3401 )
2018-09-27 04:57:02 -07:00
arzarif
6b71229d3f
Resolve issues associated with Calico deployment in policy-only mode. ( #3392 )
2018-09-27 03:31:14 -07:00
Kuldip Madnani
36898a2c39
Adding pod priority for all the components. ( #3361 )
...
* Changes to assign pod priority to kube components.
* Removed the boolean flag pod_priority_assignment
* Created new priorityclass k8s-cluster-critical
* Created new priorityclass k8s-cluster-critical
* Fixed the trailing spaces
* Fixed the trailing spaces
* Added kube version check while creating Priority Class k8s-cluster-critical
* Moved k8s-cluster-critical.yml
* Moved k8s-cluster-critical.yml to kube_config_dir
2018-09-25 07:50:22 -07:00
Rui Cao
02de35cfc3
Fix some typos ( #3382 )
...
Signed-off-by: Rui Cao <ruicao@alauda.io>
2018-09-23 06:33:17 -07:00
Kevin Schuck
639010b3df
Uses environment vars for etcd cert paths
2018-09-19 12:32:16 -05:00
Kevin Schuck
6f9f80acee
Uses etcdv3 for calico 3 rr_v4 resources
2018-09-19 09:22:52 -05:00
k8s-ci-robot
b796226869
Merge pull request #3325 from firaxis/configurable_felix_healthhost
...
Make Felix healthhost configurable
2018-09-19 06:02:29 -07:00
Kevin Schuck
fb1678d425
Ensures BGPPeer resource names are unique
2018-09-18 10:48:30 -05:00
Alex Yakovenko
884053aaa7
Make Felix healthhost configurable
2018-09-18 15:48:29 +03:00
Kevin Schuck
d3adf09bde
Fixes BGPPeer resource for calico >= 3.0.0
2018-09-17 15:22:28 -05:00
Matthew Mosesohn
c83350e597
refactor to base on calico_version
2018-09-13 18:05:10 +03:00
Matthew Mosesohn
55d76ea3d8
Update install.yml
2018-09-13 12:04:53 +03:00
Matthew Mosesohn
1091e82327
Update install.yml
2018-09-12 22:15:46 +03:00
Matthew Mosesohn
cc79125d3e
Update install.yml
2018-09-12 17:03:55 +03:00
Matthew Mosesohn
d91f9e14e6
Put back legacy support for calico ippools and bgp settings
2018-09-11 16:40:11 +03:00
mlushpenko
ea2c9d8f57
Fix yaml checks
2018-09-06 16:26:57 +02:00
mlushpenko
f958b32c83
Fix calico health checks
2018-09-06 15:57:21 +02:00
Matthew Mosesohn
dc3e317d20
Fix backward compatibility with calico 2.6
2018-09-06 15:54:20 +03:00
Luis Nunez
6569180654
remove capitalize filter
2018-09-04 14:56:53 +02:00
Antoine Legrand
2f1fe44762
update images to use arch
2018-08-31 13:45:08 +02:00
Aivars Sterns
23fd3461bc
calico upgrade to v3 ( #3086 )
...
* calico upgrade to v3
* update calico_rr version
* add missing file
* change contents of main.yml as it was left old version
* enable network policy by default
* remove unneeded task
* Fix kubelet calico settings
* fix when statement
* switch back to node-kubeconfig.yaml
2018-08-23 17:17:18 +03:00
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
2018-08-22 18:16:13 +02:00
Wong Hoi Sing Edison
c3b3572025
Always create service account even rbac_enabled = false
2018-08-22 11:41:29 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp
...
Force copy cni files
2018-07-10 09:40:10 +03:00
Matthew Mosesohn
1a3b9dd864
Force copy cni files
2018-07-06 16:39:42 +03:00
elementyang
8fee1ab102
change create to apply
2018-07-06 19:36:19 +08:00
Daniel Mohr
476b14b06e
Make Calico nodename overridable on bare metal
...
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
2018-05-14 14:13:51 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Brad Beam
015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7
...
Update Calico and Canal
2018-03-27 21:07:28 -05:00
Anton Fayzrahmanov
a75598b3f4
IP_AUTODETECTION_METHOD docs
2018-03-24 01:54:17 +03:00
Anton Fayzrahmanov
60a057cace
Update calico-node.yml.j2
2018-03-24 01:46:26 +03:00
Anton Fayzrahmanov
dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
...
can be set to one of
first-found
can-reach
interface
2018-03-23 16:33:20 +03:00
Erik Stidham
60bfc56e8e
Update Calico and Canal
...
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
2018-03-22 12:30:23 -05:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
...
Fixes #2397
2018-03-02 15:36:52 +03:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00