Commit graph

2134 commits

Author SHA1 Message Date
Matthew Mosesohn
1f9f885379 Fix etcd cert generation to support large deployments
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.

Fixes #832
2016-12-30 12:55:26 +03:00
Thomas Catterall
80509673d2 Update README.md 2016-12-29 19:41:34 +00:00
Thomas Catterall
b902110d75 Create comparisons.md 2016-12-29 19:41:11 +00:00
Bogdan Dobrelya
2c23027794 Merge pull request #838 from mattymo/invb_enhance
Add yaml/json loader for inventory
2016-12-29 13:19:19 +01:00
Matthew Mosesohn
15589dd88f Merge pull request #816 from bogdando/paths_units
Systemd units, limits, and bin path fixes
2016-12-29 15:18:01 +03:00
Bogdan Dobrelya
1a7f52c889 Merge pull request #837 from bogdando/notall
Rework wildcards matching all nodes
2016-12-29 12:01:30 +01:00
Matthew Mosesohn
24cbf2287c Update inventory.py 2016-12-29 10:57:58 +03:00
Bogdan Dobrelya
a56d9de502 Systemd units, limits, and bin path fixes
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
  systemd limits due to the lack of consensus in the kernel community
  requires out-of-tree kernel patches.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-28 15:49:42 +01:00
Matthew Mosesohn
95e14ffb54 Add yaml/json loader for inventory 2016-12-28 16:50:31 +03:00
Bogdan Dobrelya
6139ee3add Merge pull request #831 from mattymo/fix_separate_etcd
Fix creation and sync of etcd certs
2016-12-28 13:56:42 +01:00
Matthew Mosesohn
f0c0390646 Fix creation and sync of etcd certs
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
2016-12-28 14:21:17 +04:00
Matthew Mosesohn
e7a1949d85 Merge pull request #818 from mattymo/calico-rr-certs
Fix calico-rr to use etcd certs instead of kube certs
2016-12-28 08:47:16 +03:00
Bogdan Dobrelya
ff8cb46bb9 Rework wildcards matching all nodes
* Re-enable ansible_ssh_pipelining as expected for the cluster.yml
* Do not use 'all' wildcasts for hosts, limit only to k8s-cluster, etcd,
  calico-rr groups instead. Other nodes in inventory are out of Kargo
  scope and it's up to users how to manage them.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 17:02:08 +01:00
Antoine Legrand
399cb9707a Merge pull request #828 from bogdando/triggers
Rework CI triggers/pipeline
2016-12-27 15:20:42 +01:00
Matthew Mosesohn
6d9cd2d720 Fix calico-rr to use etcd certs instead of kube certs 2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
622537bd33 Rework CI triggers/pipeline
* Run CI triggers in one step
* Run all test matrix for triggers
* Switch back to g1-small

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 14:39:52 +01:00
Bogdan Dobrelya
9169f840c2 Merge pull request #827 from bogdando/noreds
Rework ignore_errors to report no reds
2016-12-27 14:37:38 +01:00
Bogdan Dobrelya
79996b557b Rework ignore_errors to report no reds
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00
Antoine Legrand
be8e5e1fdc Merge pull request #805 from bogdando/dnsmasq_armors
Do not forward private domains for upstream resolvers
2016-12-26 14:50:39 +01:00
Bogdan Dobrelya
bb0c3537cb Do not forward bogus domains for upstream resolvers
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-23 11:53:14 +01:00
Matthew Mosesohn
36a5143478 Merge pull request #804 from mattymo/inventory_builder
Add inventory builder python script
2016-12-23 13:22:41 +03:00
Matthew Mosesohn
7b86b87dca Add inventory builder python script
Includes tox support for running unit tests.
Small note added to getting-started guide for using
inventory_builder.py

Also adds manual-only unit test.
2016-12-23 13:00:56 +03:00
Thomas Catterall
53affb9bc0 Update README.md 2016-12-22 22:46:23 +00:00
Spencer Smith
0fe2b66097 Merge pull request #813 from mattymo/etcdcertflags
Adjust etcd server certificates
2016-12-22 16:37:15 -05:00
Matthew Mosesohn
385f7f6e75 Update etcd.j2 2016-12-22 22:29:24 +03:00
Matthew Mosesohn
9f1e3db906 Adjust etcd server certificates
ETCD doesn't need cert/key options set. It only requires peer
cert options.
2016-12-22 23:05:17 +04:00
Spencer Smith
b63d900625 Workaround etcdctl not yet being installed (#797)
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
2016-12-22 12:41:38 -05:00
Antoine Legrand
ac295de64c Merge pull request #812 from mattymo/vars_doc
Document commonly used Kargo vars
2016-12-22 18:01:23 +01:00
Matthew Mosesohn
111571b67a Document commonly used Kargo vars 2016-12-22 19:57:39 +03:00
Matthew Mosesohn
a4bce333a3 Merge pull request #760 from genti-t/issue-748-flannel-options
Fix Flannel network on CoreOS
2016-12-22 19:02:31 +03:00
Matthew Mosesohn
c53a6eca86 Merge pull request #798 from mattymo/perhostssl7
Individual etcd ssl certs
2016-12-22 19:02:15 +03:00
Genti Topija
7c2785e083 Fix Flannel network on CoreOS
Resolves: #748
2016-12-22 16:50:04 +01:00
Antoine Legrand
aab4149ab0 Merge pull request #809 from bogdando/ci_forks
Raise ansible forks for CI test config
2016-12-22 15:55:47 +01:00
Bogdan Dobrelya
89a4b92753 Raise ansible forks for CI test config
As we raised the flavor from small to standard, raise the ansible
forks from default 5 to 20 to speed up deployment.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-22 15:12:47 +01:00
Bogdan Dobrelya
5414a410bd Merge pull request #787 from bogdando/coreos_weave_manual
Add coreos-alpha weave manual CI builds
2016-12-22 14:32:03 +01:00
Matthew Mosesohn
ad796d188d Individual etcd ssl certs
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
2016-12-22 13:31:11 +03:00
Bogdan Dobrelya
de8cd5cd7f Merge pull request #786 from mattymo/bug777
Add wait for kube-apiserver to kubernetes-apps
2016-12-22 11:02:50 +01:00
Bogdan Dobrelya
cc93c4fe12 Merge pull request #801 from rsmitty/issue-800
create systemd drop-in path if not existent
2016-12-22 11:02:05 +01:00
Bogdan Dobrelya
c456a311d6 Add coreos-alpha weave manual CI builds
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-22 11:00:31 +01:00
Bogdan Dobrelya
ed4b4b8482 Merge pull request #791 from kubernetes-incubator/premptilble_gce_vm
Use preemptible instances
2016-12-22 11:00:08 +01:00
Alexander Block
8e4e3998dd Fix wrong path of dhclient on CentOS+Azure
This was alredy fixed in #755 but had to be reverted. This PR should be
more intelligent about deciding which path to use.
2016-12-21 21:51:07 +01:00
Spencer Smith
8d9f207836 create systemd drop-in path if not existent 2016-12-21 13:06:12 -05:00
Bogdan Dobrelya
2a3164e040 Merge pull request #794 from kubernetes-incubator/revert-722-dnsmasq_armors
Revert "Do not forward private domains for upstream resolvers"
2016-12-21 17:39:11 +01:00
Bogdan Dobrelya
f10d1327d4 Revert "Do not forward private domains for upstream resolvers" 2016-12-21 15:24:17 +01:00
Matthew Mosesohn
d314174149 Add wait for kube-apiserver to kubernetes-apps
Fixes #777
2016-12-21 15:39:39 +03:00
Antoine Legrand
9885fe73dc use standard vm 2016-12-21 11:43:52 +01:00
Antoine Legrand
f2cf323ecf Merge pull request #782 from samos123/master
Vagrant, skip synchronize tasks (bug #697)
2016-12-21 11:18:20 +01:00
Bogdan Dobrelya
cf4f2b4f14 Merge pull request #780 from bogdando/downloads
Add download_always_pull check and sha256 for docker images
2016-12-21 11:02:57 +01:00
Antoine Legrand
fbc13ea6dc Use preemptible instances 2016-12-21 09:27:21 +01:00
Bogdan Dobrelya
b8bc8eee41 Add download_always_pull check and sha256 for docker images
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-20 17:02:09 +01:00