Oleg Ozimok
38f7ba2584
Fix enough network address space assert
2018-05-27 18:01:17 +03:00
Andreas Krüger
a67bdff28c
Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl
...
opensuse: Fix OpenSSL package name
2018-05-22 11:21:04 +02:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Christopher J. Ruwe
c1bc4615fe
assert that number of pods on node does not exceed CIDR address range
...
The number of pods on a given node is determined by the --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.
The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.
Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
2018-05-16 11:55:46 +00:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
...
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Christopher J. Ruwe
73800ef111
make certificates non-executable
2018-05-15 07:54:32 +00:00
Christopher J. Ruwe
49d106f615
make admin.conf -> .kube/config non-executable
...
Almost certainly, the .kube/config file (YAML) should not be executable.
2018-05-14 09:29:48 +00:00
Miouge1
ad48606e4e
Restart scheduler when policy changes
2018-05-14 10:09:30 +02:00
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
Andreas Krüger
d73d60c9b0
Merge pull request #2600 from maximegaillard/master
...
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Michal Rostecki
066016cd3e
opensuse: Fix OpenSSL package name
...
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
2018-05-08 10:03:30 +02:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
...
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Chad Swenson
595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix
...
sync certs tasks (fix #2596 #2667 )
2018-05-02 12:17:23 -05:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Maxime Gaillard
00db751646
Add Openstack tenant name
2018-05-01 09:21:37 +02:00
Tomasz Majchrowski
59789ae02a
ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode ( #2707 )
2018-04-30 14:48:17 +03:00
Andreas Krüger
03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args
...
Add oidc-user-prefix and oidc-group-prefix args
2018-04-30 09:17:02 +02:00
mirwan
06cdb260f6
labelvalue must be formatted to handle non string values ( #2722 )
2018-04-29 19:02:14 +03:00
mirwan
c3c5817af6
sysctl file should be in defaults so that it can be overriden ( #2475 )
...
* sysctl file should be in defaults so that it can be overriden
* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
2018-04-27 18:50:58 +03:00
Markos Chandras
9168c71359
Revert "Revert "Add openSUSE support" ( #2697 )" ( #2699 )
...
This reverts commit 51f4e6585a
.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn
1a14f1ecc1
Fix vol format for local volume provisioner in rkt ( #2698 )
2018-04-24 20:32:08 +03:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" ( #2697 )
2018-04-23 14:28:24 +03:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
2018-04-23 12:23:59 +09:00
Romain DEQUIDT
80dd230a65
sync certs tasks ( fix #2596 #2667 )
2018-04-22 10:00:31 +02:00
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost
2018-04-19 11:38:13 -05:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet ( #2648 )
2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support
...
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert
...
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3
...
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Markos Chandras
d07f75b389
roles: kubernetes: secrets: Add SUSE support
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Nirmoy Das
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
...
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
...
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
...
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
2018-04-10 14:37:24 +03:00
Aivars Sterns
913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
...
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00
Aivars Sterns
a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do
...
Remove jinja2 dependency of do
2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 13:30:48 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Atoms
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
2018-04-09 13:19:26 +03:00
Matthew Mosesohn
f954bc0a5a
Remove jinja2 dependency of do
...
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
2018-04-09 12:27:53 +03:00
Brad Beam
dfc46f02d7
Adding missing service-account certificate for vault
...
Missed in #2554
2018-04-06 15:29:52 -05:00
Daniel Hoherd
ca40d51bc6
Fix typos (no logic changes)
2018-04-05 15:54:58 -07:00
Chen Hong
973e7372b4
content: |
2018-04-04 23:05:27 +08:00
Chen Hong
b54e091886
Persist ip_vs modules
2018-04-04 18:18:51 +08:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
georgejdli
76bb5f8d75
check if dedicated service account token signing key exists
2018-04-02 10:57:24 -05:00