Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Brad Beam
ad89d1c876
Update pre_upgrade.yml
2018-02-28 19:07:44 +03:00
Simon Li
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf
2018-02-28 16:04:52 +00:00
Miouge1
2257dc9baa
Install latest version of Helm
2018-02-28 16:29:38 +01:00
Dmitry Vlasov
977e7ae105
remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3
2018-02-28 12:52:59 +03:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Matthew Mosesohn
bb469005b2
Add pre-upgrade task for moving credentials file
2018-02-27 17:35:15 +03:00
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
RongZhang
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
RongZhang
b7e06085c7
Upgrade to Kubernetes v1.9.3 ( #2323 )
...
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
Chad Swenson
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
...
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
...
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
Nedim Haveric
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00
Brad Beam
c874f16c02
Fixing credential lookup for fe proxy and vault ( #2361 )
2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Matthew Mosesohn
87f33a4644
Use CNI to assign kube_pods_subnet for calico
...
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
Dann Bohn
2eb57ee5cd
default kube_proxy_mode in kubernetes-defaults
2018-02-21 11:33:25 -05:00
Chris Mildebrandt
85c69c2a4a
Add check for atomic hosts in template
2018-02-21 08:26:18 -08:00
Matthew Mosesohn
c20f38b89c
retry unmount kubelet dirs
2018-02-21 14:41:57 +03:00
Wong Hoi Sing Edison
d4c61d2628
Fixup for gce_centos7-flannel-addons
2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-02-21 13:41:25 +08:00
Chris Mildebrandt
c19d8994b9
Set TasksMax to infinity on any OS with systemd
2018-02-20 11:55:13 -08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
...
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022
Added cilium support ( #2236 )
...
* Added cilium support
* Fix typo in debian test config
* Remove empty lines
* Changed cilium version from <latest> to <v1.0.0-rc3>
* Add missing changes for cilium
* Add cilium to CI pipeline
* Fix wrong file name
* Check kernel version for cilium
* fixed ci error
* fixed cilium-ds.j2 template
* added waiting for cilium pods to run
* Fixed missing EOF
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed too many blank lines
* Updated tolerations,annotations in cilium DS template
* Set cilium_version to iptables-1.9 to see if bug is fixed in CI
* Update cilium image tag to v1.0.0-rc4
* Update Cilium test case CI vars filenames
* Add optional prometheus flag, adjust initial readiness delay
* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
...
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
RongZhang
c0aad0a6d5
Fix install etcd by host service ( #2297 )
...
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
...
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b
Increased timeout values for k8s API server restart
2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config ( #2291 )
2018-02-12 10:29:46 +03:00
Antoine Legrand
46284198f8
Merge pull request #2298 from clkao/patch-2
...
Fix version comparison
2018-02-11 17:22:39 +01:00
RongZhang
bbb1da1a83
Fix default_resolver is undefined
...
fix issues #2265
2018-02-10 10:08:26 -06:00
Wong Hoi Sing Edison
07075add3d
Add optional StorageClass name with cephfs_provisioner_storage_class
2018-02-10 20:31:34 +08:00
Chia-liang Kao
338238d086
Fix version comparison
...
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
Brad Beam
03bb729fea
Making status and detection mo betta
2018-02-09 12:30:46 -06:00
Damian Nowak
f8a59446e8
Enable OOM killing
...
When etcd exceeds its memory limit, it becomes useless but keeps running.
We should let OOM killer kill etcd process in the container, so systemd can spot
the problem and restart etcd according to "Restart" setting in etcd.service unit file.
If OOME problem keep repeating, i.e. it happens every single restart,
systemd will eventually back off and stop restarting it anyway.
--restart=on-failure:5 in this file has no effect because memory allocation error
doesn't by itself cause the process to die
Related: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/etcd/templates/etcd-docker.service.j2
This kind of reverts a change introduced in #1860 .
2018-02-09 11:00:13 -06:00
mlushpenko
4e61fb9cd3
Refactored kubeadm join process and fixed uncrodonng for master nodes
2018-02-09 15:51:47 +01:00
mlushpenko
b472c2df98
Fix safe upgrade
...
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335 , so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
mkrasilnikov
bc67deee78
Added missing cephfs_provisioner_enabled to kubespray-defaults vars
2018-02-09 17:03:38 +03:00
jasdeep-hundal
f57abae01e
Remove redundant python-apt install
...
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
Antoine Legrand
275b1d6897
Merge pull request #2274 from mirwan/local_volume_provisioner_configmap_in_daemonset
...
Local volume provisioner fixes
2018-02-09 00:59:47 +01:00
Erwan Miran
e9a676951b
storageClass name template as suggested by @eyeofthefrog
2018-02-09 00:11:07 +01:00
Antoine Legrand
b31d905704
Merge pull request #2230 from hswong3i/cephfs_provisioner
...
Add cephfs_provisioner Support for Kubespray
2018-02-08 16:52:15 +01:00
Aivars Sterns
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
...
baremetal tweaks
2018-02-08 15:48:55 +00:00
Aivars Sterns
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
...
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
Aivars Sterns
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
...
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
Wong Hoi Sing Edison
b25e0f82b1
Add cephfs_provisioner Support for Kubespray
2018-02-08 22:27:54 +08:00
Maxim Krasilnikov
cae1c683aa
Merge pull request #2271 from leseb/retry-get-token
...
kubernetes-apps: retry get default token name
2018-02-08 16:46:32 +03:00
Antoine Legrand
57e7a5a34a
Merge pull request #2233 from hswong3i/multiple_inventory_dir
...
Support multiple inventory files under individual inventory directory
2018-02-08 11:57:04 +01:00
Antoine Legrand
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
...
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
Erwan Miran
e1aaef7d4d
Removal of surnumerary slash
2018-02-08 09:06:17 +01:00
Wong Hoi Sing Edison
1a1d154e14
Support multiple inventory files under individual inventory directory
2018-02-08 08:08:15 +08:00
Brad Beam
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
...
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
Erwan Miran
abfb147292
MountDir in configmap and daemonset must be the same
2018-02-07 18:42:42 +01:00
Erwan Miran
44eb03f78a
typo
2018-02-07 17:57:54 +01:00
Erwan Miran
857784747b
local-provisioner:v1.0.1 still expects json configmap
2018-02-07 17:47:05 +01:00
Erwan Miran
7a2cb5e41c
local-provisioner:v1.0.1 still uses VOLUME_CONFIG_NAME env to read ConfigMap
2018-02-07 17:01:19 +01:00
Antoine Legrand
712bdfc82f
Merge pull request #2260 from mirwan/local_volume_provisioner_fixes
...
local_volume_provisioner_enabled replacement
2018-02-07 13:42:00 +01:00
Sébastien Han
34bd47de79
kubernetes-apps: retry get default token name
...
In some installation, it can take up to 3sec to get the value. Retrying
for 5 sec will ensure the command won't return 1.
Signed-off-by: Sébastien Han <seb@redhat.com>
2018-02-07 12:09:51 +01:00
Antoine Legrand
fe57c13b51
Merge pull request #2172 from leseb/etcd-auth
...
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
2018-02-07 11:25:56 +01:00
woopstar
f9df692056
Issue front proxy certs for vault
2018-02-07 11:03:10 +01:00
woopstar
f193b12059
Kubeadm auto creates this
2018-02-07 10:50:34 +01:00
woopstar
2cd254954c
Remove defaults of allowed names. Updated kubeadm
2018-02-07 10:07:55 +01:00
woopstar
4dab92ce69
Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault
2018-02-07 09:50:19 +01:00
Erwan Miran
ca08614641
yamllint fix
2018-02-07 09:12:28 +01:00
rong.zhang
47adf4bce6
Disalbe install epel-release rpm on Centos/Redhat
...
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00
Brad Beam
7928cd20fb
Merge pull request #2037 from tiewei/contiv-etcd-split
...
Split contiv etcd and etcd-proxy into two daemonsets
2018-02-06 15:37:16 -06:00
Ryan Zenker
ad9049a49e
baremetal tweaks
...
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
Erwan Miran
b4e264251f
JSON/YAML syntax fix
2018-02-06 17:17:10 +01:00
Erwan Miran
8006a6cd82
local_volumes_enabled replaced by local_volume_provisioner_enabled
2018-02-06 17:12:09 +01:00
Andreas Krüger
5cd6b0c753
Adding missing defaults for weave
...
The PR #2203 add's missing defaults for weave, but no signed CLA. So this PR fixes it.
2018-02-06 14:25:07 +01:00
Andreas Krüger
bb339265fc
Set default registry_enabled to false
...
In PR #2244 the `registry_enabled` is missing in defaults, causing a deployment to fail, if it is not set in k8s-cluster.yml
2018-02-06 14:17:06 +01:00
Antoine Legrand
bb4446e94c
Merge pull request #2226 from manics/supplemental-addresses
...
Enable additional addresses to be added to certificates
2018-02-06 13:51:54 +01:00
Antoine Legrand
d2102671cd
Merge pull request #2214 from woopstar/patch-3
...
Loadbalancer Apiserver Address is missing
2018-02-06 13:47:55 +01:00
Antoine Legrand
138e0c2301
Merge pull request #2250 from woopstar/weave-mtu-patch
...
Added option to set MTU on Weave
2018-02-06 12:13:54 +01:00
Antoine Legrand
37cfd289d8
Merge pull request #2248 from hswong3i/dashboard.yml.j2
...
Dashboard template should not suffix with .yml.j2
2018-02-06 11:25:02 +01:00
Antoine Legrand
9f3081580a
Merge pull request #2249 from hswong3i/kubedns-deploy.yml.j2
...
KubeDNS template should not suffix with .yml.j2
2018-02-06 11:24:19 +01:00
Antoine Legrand
a3248379db
Merge branch 'master' into local_volume_provisioner
2018-02-06 09:28:27 +01:00
Antoine Legrand
0774c8385c
Merge pull request #2244 from hswong3i/registry
...
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
2018-02-06 09:20:48 +01:00
woopstar
b2d30d68e7
Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9
2018-02-05 20:37:14 +01:00
woopstar
82d10b882c
Added fixes from whereismyjetpack
2018-02-05 20:07:12 +01:00
Maxim Krasilnikov
95b8ac5f62
Added optional controller and scheduler extra args to kubeadm config ( #2205 )
2018-02-05 16:49:13 +03:00
woopstar
0b4168cad4
WIP. Adding metrics-server support for K8s version 1.9
2018-02-05 10:37:41 +01:00
woopstar
3289472e31
Added option to set MTU on Weave
2018-02-05 10:23:48 +01:00
Wong Hoi Sing Edison
4ad53339f6
KubeDNS template should not suffix with .yml.j2
2018-02-05 16:26:54 +08:00
Wong Hoi Sing Edison
a4d3da6a8e
Dashboard template should not suffix with .yml.j2
2018-02-05 16:18:21 +08:00
Wong Hoi Sing Edison
7954ea2525
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
2018-02-05 12:21:09 +08:00
Chad Swenson
bd1f0bcfd7
Merge pull request #2201 from riverzhang/ipvs
...
Support ipvs mode for kube-proxy
2018-02-01 22:29:52 -06:00
Wong Hoi Sing Edison
bc2e26d7ef
update apiVersion
2018-02-01 14:16:32 +08:00
Wong Hoi Sing Edison
fd80013917
lint and cleanup local_volume_provisioner
2018-02-01 14:14:18 +08:00
Chad Swenson
f7d52564aa
Merge pull request #2084 from riverzhang/devicemapper
...
Fix can not use devicemapper driver
2018-01-31 20:52:22 -06:00
Spencer Smith
f7e8d1149a
Merge pull request #2229 from whereismyjetpack/etcd-quorum-read
...
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 17:10:10 -05:00
Spencer Smith
bd091caaf9
Merge pull request #2200 from riverzhang/hyperkube
...
Upgrade to Kubernetes v1.9.2
2018-01-31 16:08:22 -05:00
Spencer Smith
b455a1bf76
Merge pull request #2212 from mattymo/missing_defaults
...
Add missing group var default values to kubespray-defaults
2018-01-31 16:07:53 -05:00
Spencer Smith
c0a3bcf9b3
Merge pull request #2221 from Xuxe/patch-vcp-v1.9.2
...
Updated vSphere cloud provider config for Kubernetes >= v1.9.2 and added resource pool deployment variable
2018-01-31 16:06:07 -05:00
Dann Bohn
dc6c703741
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 15:49:52 -05:00
Matthew Mosesohn
16629d0b8e
Vault should use cert auth for etcd
2018-01-31 20:37:14 +03:00
Julian Hübenthal
7f79210ed1
reworked vsphere-cloud-config template
2018-01-31 16:51:23 +01:00