C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3077 commits 17 branches 66 tags 141 MiB
Commit graph

884 commits

Author SHA1 Message Date
Henry Finucane
3ad9e9c5eb Fix #2261 by supporting Red Hat's limited PATH 
Red Hat has this theory that binaries in sbin are too dangerous to be on
the default path, but we need them anyway.

RH7 has /sbin and /usr/sbin as symlinks, so that is no longer important.

I'm adding it to the `PATH` instead of making the path to `modinfo`
absolute because I am worried about breaking support for other
distributions.
 2018-06-15 12:49:22 -07:00
Rong Zhang
10c9fe96b0
Merge pull request #2859 from riverzhang/nginx 
Fix nginx-proxy HA when kubeadm enable
 2018-06-08 01:10:01 +08:00
rongzhang
f9ccb93825 Fix nginx-proxy HA when kubeadm enable 2018-06-07 14:27:19 +00:00
Aivars Sterns
daeea75fbb
Merge pull request #2835 from oracle/bm_fix-apiserver-access-ip 
roles/kubernetes/client: kubeconfig template should use access_ip
 2018-06-07 11:50:57 +03:00
Matthew Mosesohn
59be578842
Revert "wip pr for improved cert sync" (#2849) 2018-06-06 17:22:25 +03:00
Aivars Sterns
cb0a257349
Merge pull request #2819 from oleh-ozimok/fix-cidr-assert 
Fix enough network address space assert
 2018-06-06 07:32:16 +03:00
Aivars Sterns
69ea28e187
Merge pull request #2827 from mattymo/testpr 
wip pr for improved cert sync
 2018-06-04 12:43:00 +03:00
Ben Meier
2f5a9e180c kubernetes/client: kubeconfig template should use the access_ip for the chosen master node 2018-06-04 09:51:05 +01:00
Dmitry
f912a4ece5 Fix compare AnsibleUnsafeText with int (#2828) 2018-06-04 11:34:10 +03:00
Rong Zhang
d1e66f9cc8 Add label to kubelet env for kubeadm deploy cluster (#2841) 2018-06-04 11:26:47 +03:00
Matthew Mosesohn
7433348aae wip pr for improved cert sync 2018-05-30 12:15:11 +03:00
Oleg Ozimok
38f7ba2584 Fix enough network address space assert 2018-05-27 18:01:17 +03:00
Andreas Krüger
a67bdff28c
Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl 
opensuse: Fix OpenSSL package name
 2018-05-22 11:21:04 +02:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4 
Makeover of etcd- and etcd-cluster setup.
 2018-05-16 20:49:54 +02:00
Christopher J. Ruwe
c1bc4615fe assert that number of pods on node does not exceed CIDR address range 
The number of pods on a given node is determined by the  --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.

The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.

Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
 2018-05-16 11:55:46 +00:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 (#2748) 
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
 2018-05-15 16:00:29 +03:00
Christopher J. Ruwe
73800ef111 make certificates non-executable 2018-05-15 07:54:32 +00:00
Christopher J. Ruwe
49d106f615 make admin.conf -> .kube/config non-executable 
Almost certainly, the .kube/config file (YAML) should not be executable.
 2018-05-14 09:29:48 +00:00
Miouge1
ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Matthew Mosesohn
07cc981971
refactor vault role (#2733) 
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
 2018-05-11 19:11:38 +03:00
Andreas Krüger
d73d60c9b0
Merge pull request #2600 from maximegaillard/master 
Add Openstack tenant name
 2018-05-08 12:03:01 +02:00
Michal Rostecki
066016cd3e opensuse: Fix OpenSSL package name 
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
 2018-05-08 10:03:30 +02:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master 
Fix apiserver manifest and kubelet for kube version < 1.9
 2018-05-08 09:22:36 +02:00
Chad Swenson
595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix 
sync certs tasks (fix #2596 #2667)
 2018-05-02 12:17:23 -05:00
woopstar
4c81cd2a71 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4 2018-05-02 14:45:58 +02:00
Maxime Gaillard
00db751646 Add Openstack tenant name 2018-05-01 09:21:37 +02:00
Tomasz Majchrowski
59789ae02a ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode (#2707) 2018-04-30 14:48:17 +03:00
Andreas Krüger
03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args 
Add oidc-user-prefix and oidc-group-prefix args
 2018-04-30 09:17:02 +02:00
mirwan
06cdb260f6 labelvalue must be formatted to handle non string values (#2722) 2018-04-29 19:02:14 +03:00
mirwan
c3c5817af6 sysctl file should be in defaults so that it can be overriden (#2475) 
* sysctl file should be in defaults so that it can be overriden

* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
 2018-04-27 18:50:58 +03:00
Markos Chandras
9168c71359 Revert "Revert "Add openSUSE support" (#2697)" (#2699) 
This reverts commit 51f4e6585a.
 2018-04-26 12:52:06 +03:00
Matthew Mosesohn
1a14f1ecc1
Fix vol format for local volume provisioner in rkt (#2698) 2018-04-24 20:32:08 +03:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" (#2697) 2018-04-23 14:28:24 +03:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args 2018-04-23 12:23:59 +09:00
Romain DEQUIDT
80dd230a65 sync certs tasks (fix #2596 #2667) 2018-04-22 10:00:31 +02:00
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost 2018-04-19 11:38:13 -05:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet (#2648) 2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support 
Add openSUSE support
 2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3 Use dedicated front-proxy-ca for front-proxy-client 2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert 
Adding missing service-account certificate for vault
 2018-04-12 11:02:24 -05:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3 
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
 2018-04-12 11:53:58 +03:00
Markos Chandras
d07f75b389 roles: kubernetes: secrets: Add SUSE support 
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
 2018-04-11 20:55:02 +01:00
Nirmoy Das
45eac53ec7 roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed 
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.

Co-authored-by: Markos Chandras <mchandras@suse.de>
 2018-04-11 17:46:14 +01:00
Markos Chandras
e42203a13e roles: kubernetes: preinstall: Add SUSE support 
Add support for installing package dependencies and refreshing metadata
on SUSE distributions

Co-authored-by: Nirmoy Das <ndas@suse.de>
 2018-04-11 17:46:14 +01:00
Christian Phu
3535c29e59 Fix apiserver manifest for kube version < 1.9 2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order 
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
 2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen
0f35e17e23 Fix new envvar for setting openstack_tenant_id (#2641) 
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
 2018-04-10 17:23:31 +03:00
Brad Beam
77b3f9bb97 Removing default for volume-plugins mountpoint (#2618) 
All checks test if this is defined meaning there is no way to undefine it.
 2018-04-10 17:19:25 +03:00
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" (#2640) 2018-04-10 14:37:24 +03:00
Aivars Sterns
913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix 
Fix new envvar for setting openstack_tenant_id
 2018-04-10 14:35:28 +03:00