Commit graph

610 commits

Author SHA1 Message Date
Chiang Fong Lee
5dc56df64e Fix ordering of kube-apiserver admission control plug-ins () 2017-10-24 17:28:07 +01:00
Haiwei Liu
cfea99c4ee Fix scale.yml to supoort kubeadm ()
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-10-24 16:08:48 +01:00
Matthew Mosesohn
0b4fcc83bd Fix up warnings and deprecations () 2017-10-20 08:25:57 +01:00
Matthew Mosesohn
fc9a65be2b Refactor downloads to use download role directly ()
* Refactor downloads to use download role directly

Also disable fact delegation so download delegate works acros OSes.

* clean up bools and ansible_os_family conditionals
2017-10-19 09:17:11 +01:00
Jan Jungnickel
49dff97d9c Relabel controler-manager to kube-controller-manager ()
Fixes 
2017-10-18 17:29:18 +01:00
Hassan Zamani
c9fe8fde59 Use fail-swap-on flag only for kube_version >= 1.8 () 2017-10-18 16:32:38 +01:00
Matthew Mosesohn
16462292e1 Properly skip extra SANs when not specified for kubeadm () 2017-10-18 12:04:13 +01:00
pmontanari
20d80311f0 Update main.yml ()
* Update main.yml

Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).

* Update main.yml

Removing trailing spaces
2017-10-18 11:42:00 +01:00
Tennis Smith
54320c5b09 set to 3 digit version number () 2017-10-17 11:14:29 +01:00
Rémi de Passmoilesel
356515222a Add possibility to insert more ip adresses in certificates ()
* Add possibility to insert more ip adresses in certificates

* Add newline at end of files

* Move supp ip parameters to k8s-cluster group file

* Add supplementary addresses in kubeadm master role

* Improve openssl indexes
2017-10-17 11:06:07 +01:00
neith00
77f1d4b0f1 Revert "Update roadmap" ()
* Revert "Debian jessie docs ()"

This reverts commit d78577c810.

* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint ()"

This reverts commit 5fb6b2eaf7.

* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes ()"

This reverts commit 404caa111a.

* Revert "Fixed kubelet standard log environment ()"

This reverts commit b838468500.

* Revert "Add support for fedora atomic host ()"

This reverts commit f2235be1d3.

* Revert "Update network-plugins to use portmap plugin ()"

This reverts commit 6ec45b10f1.

* Revert "Update roadmap ()"

This reverts commit d9879d8026.
2017-10-16 14:09:24 +01:00
Seungkyu Ahn
b838468500 Fixed kubelet standard log environment ()
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
2017-10-16 08:22:54 +01:00
Jason Brooks
f2235be1d3 Add support for fedora atomic host ()
* don't try to install this rpm on fedora atomic

* add docker 1.13.1 for fedora

* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
2017-10-16 08:03:33 +01:00
Matthew Mosesohn
d9879d8026 Update roadmap () 2017-10-16 07:06:06 +01:00
Matthew Mosesohn
d487b2f927 Security best practice fixes ()
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Julian Poschmann
66e5e14bac Restart kubelet on update in deployment-type host on update ()
* Restart kubelet on update in deployment-type host on update

* Update install_host.yml

* Update install_host.yml

* Update install_host.yml
2017-10-15 20:22:17 +01:00
Matthew Mosesohn
7e4668859b Change file used to check kubeadm upgrade method ()
* Change file used to check kubeadm upgrade method

Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.

* more fixes for upgrade
2017-10-15 10:33:22 +01:00
Matthew Mosesohn
ef47a73382 Add new addon Istio ()
* add istio addon

* add addons to a ci job
2017-10-13 15:42:54 +01:00
Julian Poschmann
56763d4288 Persist br_netfilter module loading () 2017-10-13 10:50:29 +01:00
Matthew Mosesohn
ee83e874a8 Clear admin kubeconfig when rotating certs ()
* Clear admin kubeconfig when rotating certs

* Update main.yml
2017-10-12 09:55:46 +01:00
Vijay Katam
27ed73e3e3 Rename dns_server, add var for selinux. ()
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
2017-10-11 20:40:21 +01:00
Aivars Sterns
e41c0532e3 add possibility to disable fail with swap () 2017-10-11 19:49:31 +01:00
Matthew Mosesohn
eeb7274d65 Adjust memory reservation for master nodes () 2017-10-11 19:47:42 +01:00
Matthew Mosesohn
eb0dcf6063 Improve proxy ()
* Set no_proxy to all local ips

* Use proxy settings on all necessary tasks
2017-10-11 19:47:27 +01:00
Matthew Mosesohn
fe4ba51d1a Set node IP correctly ()
Fixes 
2017-10-11 15:28:42 +01:00
Hyunsun Moon
adf575b75e Set default value for disable_shared_pid ()
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
2017-10-11 14:55:51 +01:00
Spencer Smith
3d09c4be75 Merge pull request from kubernetes-incubator/fix_bool_assert
Fix bool check assert
2017-10-10 10:38:53 -04:00
Spencer Smith
f2db15873d Merge pull request from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
2017-10-10 10:37:36 -04:00
ArchiFleKs
7c663de6c9 add /etc/hosts volume to rkt templates 2017-10-09 16:41:51 +02:00
ant31
1be4c1935a Fix bool check assert 2017-10-06 17:02:38 +00:00
Matthew Mosesohn
f14f04c5ea Upgrade to kubernetes v1.8.0 ()
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Aivars Sterns
9c86da1403 Normalize tags in all places to prepare for tag fixing in future () 2017-10-05 08:43:04 +01:00
Spencer Smith
cb611b5ed0 Merge pull request from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
2017-10-04 15:46:39 -04:00
Spencer Smith
ab171a1d6d don't delegate cert slurp 2017-10-04 13:06:51 -04:00
Matthew Mosesohn
a56738324a Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Matthew Mosesohn
e42cb43ca5 add bootstrap for debian () 2017-10-03 08:30:45 +01:00
Julian Poschmann
8e1210f96e Fix cluster-network w/ prefix > 25 not possible with CNI () 2017-10-01 10:43:00 +01:00
Peter Slijkhuis
371fa51e82 Make installation of EPEL optional () 2017-09-29 13:44:29 +01:00
Matthew Mosesohn
25dd3d476a Fix error for azure+calico assert ()
Fixes 
2017-09-29 08:17:18 +01:00
Matthew Mosesohn
3ff5f40bdb fix graceful upgrade ()
Fix system namespace creation
Only rotate tokens when necessary
2017-09-27 14:49:20 +01:00
Matthew Mosesohn
689ded0413 Enable kubeadm upgrades to any version () 2017-09-27 14:48:18 +01:00
Matthew Mosesohn
327ed157ef Verify valid settings before deploy ()
Also fix yaml lint issues

Fixes 
2017-09-27 14:47:47 +01:00
tanshanshan
477afa8711 when and run_once are reduplicative () 2017-09-26 14:48:05 +01:00
Matthew Mosesohn
bd272e0b3c Upgrade to kubeadm ()
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 10:38:58 +01:00
Brad Beam
14c232e3c4 Merge pull request from foxyriver/fix-shell
use command module instead of shell module
2017-09-25 13:24:45 -05:00
Matthew Mosesohn
a1cde03b20 Correct master manifest cleanup logic ()
Fixes 
2017-09-25 12:19:04 +01:00
Bogdan Dobrelya
cfce23950a Merge pull request from jistr/cgroup-driver-kubeadm
Set correct kubelet cgroup-driver also for kubeadm deployments
2017-09-25 11:16:40 +02:00
Deni Bertovic
64740249ab Adds tags for asserts () 2017-09-25 08:41:03 +01:00
Jiri Stransky
70d0235770 Set correct kubelet cgroup-driver also for kubeadm deployments
This follows pull request , adding the cgroup-driver
autodetection also for kubeadm way of deploying.

Info about this and the possibility to override is added to the docs.
2017-09-22 13:19:04 +02:00
foxyriver
30b5493fd6 use command module instead of shell module 2017-09-22 15:47:03 +08:00