Commit graph

481 commits

Author SHA1 Message Date
Matthew Mosesohn
db5040e6ea Set certs and files with kubeadm token to mode 0640 ()
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
2019-11-11 05:41:41 -08:00
Matthew Mosesohn
471589f1f4 Scale down coredns created by kubeadm upgrade to 0 replicas ()
Change-Id: I128b0f9c1acbb956d9a6c4e5510b45a36e296af7
2019-11-05 03:34:38 -08:00
Matthew Mosesohn
81da231b1e Set cluster DNS in kubeadm config for kubelet dynamic config ()
Change-Id: I23116efefe8626d361d1904fc6fb8448f66cf3c5
2019-10-25 02:23:40 -07:00
YichenWong
aada6e7e40 Add etcd_data_dir variable to the kubeadm config () 2019-10-16 19:50:39 -07:00
Matthew Mosesohn
ac60786c6f Add support for restart handlers for control plane on crio/containerd ()
* Add support for restart handlers for control plane on crio/containerd

Change-Id: I8343cc4e9df7f55b732628ed01cc6e7ea5dcee85

* Update main.yml
2019-10-16 18:58:39 -07:00
Matthew Mosesohn
2864e13ff9 Reset between kubeadm secondary control plane join attempts ()
Change-Id: Ic9425bf90552d7e3d42b02409af9773d99376384
2019-10-08 00:15:12 -07:00
Matthew Mosesohn
a43e0d3f95 Switch to Kubernetes v1.16.0 ()
* Switch to Kubernetes v1.16.0

Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158

* Fix download localhost cached file path

Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47

* fix kubeadm etcd for v1.16

Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2

* disable tf packet jobs

Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154

* Disable contiv packet jobs. Fix kube-router

Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d

* bump sonobuoy version

Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
2019-10-02 02:21:07 -07:00
Etienne Champetier
81cb302399 MetalLB: fail if kube_proxy_strict_arp is false ()
When using IPVS, kube_proxy_strict_arp = true is required
https://github.com/danderson/metallb/issues/153#issuecomment-518651132

Add kube_proxy_strict_arp to inventory/sample
2019-09-26 04:21:06 -07:00
Sergey
1cf6a99df4 generate kubeadm download image list with options useHyperKubeImage () 2019-09-25 18:03:06 -07:00
Sergey
8984096f35 use hyperkubeimage to run controlplane containers () 2019-09-17 18:33:28 -07:00
Matthew Mosesohn
6fe2248314 Use more native way to update kubeconfigs using kubeadm ()
Change-Id: I1076b418f85a26d9896be69910052128afc51cee
2019-09-13 03:40:29 -07:00
Matthew Mosesohn
9b0f57a0a6 Adjust endpoints for kube-proxy,controller,scheduler to proper ip ()
Change-Id: I5aa009358bee7035922b5a10327997e47c9ba434
2019-09-09 10:33:20 -07:00
rptaylor
10e0fe86fb remove unimplemented custom_flags vars, document the extra_args vars (issue 4352) () 2019-08-23 01:21:18 -07:00
Tony Fouchard
f6a63d88a7 Allow to configure strict ARP on kube-proxy () 2019-08-20 18:21:17 -07:00
Zou Nengren
1bfbc5bbc4 remove resource-container default value for kube-proxy () 2019-08-15 05:30:33 -07:00
Matthew Mosesohn
771ce96e6d Set initial kubeadm token if specified in kubeadm init ()
Change-Id: I7fd94ec6d195af60d237b3cfe91668ca1f707d26
2019-08-15 02:26:33 -07:00
Matthew Mosesohn
0a2f4edfc6 Always download coredns images with kubeadm ()
Fixes situation when using manual mode because it
tries to download coredns v1.3.1 from the same
image repository where kubernetes images are
downloaded from.

Change-Id: Ibbec8a72c8162ce8befa74e2013a268737ea5f8a
2019-08-13 08:53:43 -07:00
Matthew Mosesohn
7cf8ad4dc7 Optionally refresh kubeadm token every time ()
Change-Id: I278cb14aa93abf20160cc001f69e2f472504e6d8
2019-08-06 00:59:53 -07:00
Remous-Aris Koutsiamanis
02ec72fa40 Fix commands for using experimental kubeadm control plane () 2019-08-05 07:31:50 -07:00
Mark Janssen
f3df0d5f4a Always create bash_completion.d folder () 2019-08-04 18:15:48 -07:00
刘旭
fe29c97ae8 add ansible_hostname and ansible_fqdn to apiserver_sans () 2019-07-22 00:48:53 -07:00
刘旭
de9443a694 remove unused code () 2019-07-16 01:39:24 -07:00
Matthew Mosesohn
b15b6e834f fix parsing refresh of kubeadm cert key ()
* fix parsing refresh of kubeadm cert key

Change-Id: I4de2a1df6498790a80351b4bc7d88e6c9e470358

* Update kubeadm-secondary-experimental.yml
2019-07-15 00:45:06 -07:00
Matthew Mosesohn
cdf9a9f4fc Generate certificate key before kubeadm control plane config () 2019-07-11 05:30:54 -07:00
Matthew Mosesohn
29307740dd Enable containerd to deploy vanilla containerd package ()
* Enable containerd to deploy vanilla containerd package

Fixes kubeadm references to CRI socket for containerd
Fixes download role cache feature to work with containerd

Change-Id: I2ab8f0031107e2f0d1a85c39b4beb66f08509a01

* use containerd for flannel-addons job

Change-Id: Ied375c7d65e64a625ffbd995ff16f2374067dee6

* add containerd vars

Change-Id: Ib9a8a04e501c481a86235413cbec63f3672baf91

* fixup vars

Change-Id: Ibea64e4b18405a578b52a13da100384582aa24c2

* more fixes

* fix rh repo

Change-Id: I00575a77cfb7b81d6095db5d918a52023c8f13ba

* Adjust helm host install for containerd
2019-07-10 23:46:54 -07:00
Matthew Mosesohn
352297cf8d
Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 ()
* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0

Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e

* undo renaming cloud config file

Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
2019-07-09 15:41:59 +03:00
okamototk
f2b8a3614d Use K8s 1.15 ()
* Use K8s 1.15

* Use Kubernetes 1.15 and use kubeadm.k8s.io/v1beta2 for
  InitConfiguration.
* bump to v1.15.0

* Remove k8s 1.13 checksums.

* Update README kubernetes version 1.15.0.

* Update metrics server 0.3.3 for k8s 1.15

* Remove less than k8s 1.14 related code

* Use kubeadm with --upload-certs instead of --experimental-upload-certs due to depricate

* Update dnsautoscaler 1.6.0

* Skip certificateKey if it's not defined

* Add kubeadm-conftolplane.v2beta2 for k8s 1.15 or later

* Support kubeadm control plane for k8s 1.15

* Update sonobuoy version 0.15.0 for k8s 1.15
2019-07-02 01:51:08 -07:00
okamototk
4c8b93e5b9 containerd support ()
* Add limited containerd support

Containerd support for Ubuntu + Calico

* Added CRI-O support for ubuntu

* containerd support.

* Reset  containerd support.

* fix lint.

* implemented feedback

* Change task name cri xx instead of cri-o in reset task and timeout condition.

* set crictl to fixed version

* Use docker-ce's container.io package for containerd.

* Add check containerd is installable or not.

* Avoid stop docker when use containerd and optimize retry for reset.

* Add config.toml.

* Fixed containerd for kubelet.env.

* Merge PR 

* Remove unused ubuntu variable for containerd

* Polish code for containerd and cri-o

* Refactoring cri socket configuration.

* Configurable conmon.

* Remove unused crictl/runc download

* Now crictl and runc is downloaded by common crictl.yml.

* fixed yamllint error

* Fixed brokenfiles by conflict.

* Remove commented line in config.toml

* Remove readded v1.12.x version

* Fixed broken set_docker_image_facts

* Fix yamllint errors.

* Remove unused apt source

* Fix crictl could not be installed

* Add containerd config from skolekonov's PR 
2019-06-29 14:09:20 -07:00
Tony Fouchard
216631bf02 Repair kube_proxy_exclude_cidrs () 2019-06-28 00:39:37 -07:00
Erwan Miran
c7f3123e28 kubeadm_discovery_address should not contain proto () 2019-06-28 00:37:37 -07:00
Matthew Mosesohn
465dfd68bc Fix empty kube_override_hostname in apiserver_sans ()
kubernetes/master role defines this value as an empty string
when using a cloud provider, not undefined. The check was updated
accordingly.

Change-Id: I58dc31ef4fd568a717a6753eb89ca687933018ae
2019-06-25 08:00:37 -07:00
Matthew Mosesohn
73f45fbe94
Revert "Filter undefined SANs for apiserver cert ()" ()
This reverts commit d270678bda.
2019-06-25 06:56:00 -07:00
Matthew Mosesohn
d270678bda Filter undefined SANs for apiserver cert ()
Change-Id: I37442fb095fb4217f67f74744ad07c1d5d8229ea
2019-06-25 05:54:36 -07:00
andreyshestakov
b5406b752d Add kube_override_hostname to kubeadm certs. () 2019-06-23 23:19:56 -07:00
Matthew Mosesohn
4348e78b24 Enable kubeadm etcd mode ()
* Enable kubeadm etcd mode

Uses cert commands from kubeadm experimental control plane to
enable non-master nodes to obtain etcd certs.

Related story: PROD-29434

Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178

* Add validation checks and exclude calico kdd mode

Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c

* Move etcd mode test to ubuntu flannel HA job

Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732

* rename etcd_mode to etcd_kubeadm_enabled

Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
2019-06-20 11:12:51 -07:00
刘旭
a3a7fe7c8e fix start CoreDNS when init secondary master () 2019-06-11 04:56:18 -07:00
mervynzhang
a8dfcbbfc7 Switch /root references to ansible_env.HOME ()
* kube config dir for current/ansible become user

* remove extra /

* fix default value
2019-06-06 02:06:11 -07:00
Andreas Krüger
b41530ba5d Add missing extraArgs to kubeadm-config () 2019-05-28 03:57:52 -07:00
Andreas Krüger
1e470b0473 Fix certificate-key param for kubeadm init ()
* Fix certificate-key param for kubeadm init

* Fix yamllint error
2019-05-22 02:06:11 -07:00
Florent Monbillard
8e28ba38d2 Add Load Balancer IP to API servers SANs ()
- Add loadbalancer_apiserver.address to apiserver_sans
2019-05-16 01:23:42 -07:00
Andreas Krüger
bf3c6aeed1 Add kube anon auth settings to kubeadm config templates ()
* Disable kube_api_anonymous_auth by default to secure the setup

* Disable metrics-server in addons. Health endpoint is slow and unstable

* Fix anonymous-auth missing in configuration

* Cleanup a bit

* Fix kube anon auth
2019-05-07 12:52:34 -07:00
MarkusTeufelberger
e67f848abc ansible-lint: add spaces around variables [E206] () 2019-05-02 14:24:21 -07:00
Timoses
d6fd0d2aca Enable delegating all downloads (binaries, images, kubeadm images) ()
* Download to delegate and sync files when download_run_once

* Fail on error after saving container image

* Do not set changed status when downloaded container was up to date

* Only sync containers when they are actually required

Previously, non-required images (pull_required=false as
image existed on target host) were synced to the target
hosts. This failed as the image was not downloaded to
the download_delegate and hence was not available for
syncing.

* Sync containers when only missing on some hosts

* Consider images with multiple repo tags

* Enable kubeadm images pull/syncing with download_delegate

* Use kubeadm images list to pull/sync

'kubeadm config images pull' is replaced by collecting the images
list with 'kubeadm config images list' and using the commonly
used method of pull/syncing the images.

* Ensure containers are downloaded and synced for all hosts

* Fix download/syncing when download_delegate is a kubernetes host
2019-05-01 01:10:56 -07:00
Matthew Mosesohn
15eb7db36d Fix k8s api endpoint for secondary nodes in control plane mode ()
Change-Id: I1588458b54c52443ad8d0afbd266f77ac0afea67
2019-04-29 07:50:24 -07:00
Andreas Krüger
38af93b60c Remove rkt support () 2019-04-29 01:14:20 -07:00
Dmitry
b8f0de3074 Fixed etcd-servers-overrides in kubeadm config ()
* kube-apiserver will fail if used comma as separator
2019-04-28 23:02:20 -07:00
Matthew Mosesohn
338eb4ce65 Fix kubeadm upload certs with when condition ()
* Fix kubeadm upload certs with when condition

Change-Id: I916dd2375b71eea2386047c7f185a2f8361f7a61

* Update kubeadm-secondary-experimental.yml
2019-04-27 01:14:20 -07:00
Sergey Kolekonov
4a10dca7d4 Add an ability to provide oidc cert in base64 () 2019-04-24 09:40:01 -07:00
Matthew Mosesohn
4d57ed314d Clean up check for setting kubeadm certificate key ()
Change-Id: I2c97c4753089eb3ec2e6b01b2681a8be98ecbb57
2019-04-24 07:14:12 -07:00
Matthew Mosesohn
fc072300ea Purge legacy cleanup tasks from older than 1 year ()
We don't need to support upgrades from 2 year old installs,
just from the last major version.

Also changed most retried tasks to 1s delay instead of longer.
2019-04-24 00:08:05 -07:00