Commit graph

302 commits

Author SHA1 Message Date
Matt Calvert
4cc065e66d Changes to support Dual Stack networking 2021-02-05 00:04:52 -08:00
Florian Ruynat
7a033a1d55
Add hashes and update default K8S version to 1.20.2 (#7171) 2021-01-15 12:43:09 -08:00
Florian Ruynat
a923f4e7c0
Update kube_version_min_required and cleanup hashes for release (#7160) 2021-01-15 00:33:51 -08:00
Florian Ruynat
09fa99fdc6
Update hashes and set default version to 1.19.7 (#7150) 2021-01-13 14:57:02 -08:00
Etienne Champetier
a790935d02
Only setup *_PROXY env variables where needed (#7095)
no_proxy is a pain to get right, and having proxy variables present causes issues
(k8s components get proxy configuration after upgrade, see #7100)

It's better to only configure what require proxy:
- the runtime (containerd/docker/crio)
- the package manager + apt_key
- the download tasks

Tested with the following clusters
- 4 CentOS 8 nodes
- 1 Ubuntu 20.04 node

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-11 07:21:08 -08:00
Etienne Champetier
ab2bfd7f8c
Proxy small fixes (#7102)
* Improve how we set 'proxy=' in yum.conf or dnf.conf

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Fixup spaces in no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add svc,svc.{{ dns_domain }} to no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-07 10:50:53 -08:00
Florent Monbillard
9a05037352
SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15 (#7063)
* SHAs for 1.19.6, 1.18.14, 1.18.13, 1.17.16 and 1.17.15

* Fix etcd version in README

* Bump kube_version to 1.19.6
2020-12-18 15:42:24 -08:00
Kenichi Omichi
0aa6d3d4bc
Replace non-ascii with ascii (#7044)
When opening the main.yaml, vi cannot show the string correctly
due to non-ascii string. This replaces it.
2020-12-16 23:43:09 -08:00
Anthony Rabbito
93445b4dbc
Update hashes and set default version to 1.19.5 (#7012)
* Update hashes and set default version to 1.19.5

Signed-off-by: anthr76 <hello@anthonyrabbito.com>

* Reorder hashes

1.19.5 hashes should be near 1.19.x

* Added back blank line
2020-12-16 01:42:20 -08:00
Christoph Stäbler
1a491fc10c
Update hashes and set default to 1.19.4 (#6903) 2020-12-03 06:34:59 -08:00
Emerson Ford
f377d9f057
Set etcd_.*_addresses to use etcd_[events_]access_address instead of access_ip (#6936) 2020-12-02 13:55:00 -08:00
Florian Ruynat
db4e942b0d
Remove hyperkube from codebase (#6965) 2020-12-02 13:50:59 -08:00
Etienne Champetier
68b96bdf1a
Helm v3 only (#6846)
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Victor Morales
4f7a760a94
Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-12-01 11:00:50 -08:00
Florian Ruynat
f6eed8091e
Remove contiv related files (#6964) 2020-11-30 06:48:50 -08:00
Dmitry Chusovitin
c09aabab0c
Remove executable bit from yaml and j2 files (#6894) 2020-11-29 20:18:48 -08:00
David Medinets
fefcb8c9f8
Allow the eventRecordQPS setting to be set. (#6880)
* Allow the eventRecordQPS setting to be set.

The eventRecordQPS parameter controls rate limiting for event recording. When zero, unlimited events can cause denial-of-service situations. For my situation, I don't need more than a setting of "5". This change allows me to configure the setting before creating the cluster.

* Allow the eventRecordQPS setting to be set.

The default settings (see types.go) is five. So, this change does not affect the cluster provisioning. However, it does allow for the setting to be changed.
2020-11-03 00:42:15 -08:00
Victor Morales
e03e3c4582
Add Kata Containers support to CRI-O runtime (#6830)
* Enable Kata Containers for CRI-O runtime

Kata Containers is an OCI runtime where containers are run inside
lightweight VMs. This runtime has been enabled for containerd runtime
thru the kata_containers_enabled variable. This change enables Kata
Containers to CRI-O container runtime.

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Set appropiate conmon_cgroup when crio_cgroup_manager is 'cgroupfs'

* Set manage_ns_lifecycle=true when KataContainers is enabed

* Add preinstall check for katacontainers

Signed-off-by: Victor Morales <v.morales@samsung.com>

Co-authored-by: Pasquale Toscano <pasqualetoscano90@gmail.com>
2020-10-23 03:07:46 -07:00
Hans Feldt
04b19359cb
allow non existing etcd group (#6797)
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
Florian Ruynat
60b0fb3e88
Update hashes and set default version to 1.19.3 (#6841) 2020-10-21 00:58:20 -07:00
holmesb
4cb5a4f609
Fix line-spacing in no_proxy.yml (#6810)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-11 08:50:47 -07:00
Hans Feldt
92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
holmesb
1301e69c7d
If no_proxy_exclude_workers is true, workers will be excluded from the no_proxy variable.  This prevents docker engine restarting when scaling workers. (#6520)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-09 01:15:07 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore (#6693)
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
lukasz bielinski
5f034330c5
properly generate extravolumes in kubeadmconfig for centos (#6708) 2020-09-23 01:20:09 -07:00
Florent Monbillard
5bd937ece0
Remove pypi repo and pip extra flags (#6729) 2020-09-21 13:27:51 -07:00
Florian Ruynat
79226d0870
Add Kubernetes hashes 1.19.2/1.18.9/1.17.12 and set default (#6698) 2020-09-17 11:12:45 -07:00
Hans Feldt
6da385de9d
Use "kubeadm join" to join masters to control plane (#6661)
Remove configuration variable kubeadm_control_plane
2020-09-17 04:34:45 -07:00
Hans Feldt
0cc5e3ef03
Remove workaround with kube_proxy_remove (#6512)
* kube-proxy never gets deployed so need to remove it
2020-09-17 04:30:45 -07:00
Florian Ruynat
a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655) 2020-09-11 00:30:14 -07:00
Florian Ruynat
ad15721677
Add Kubernetes 1.19.1 hashes and set default (#6654) 2020-09-10 10:43:46 -07:00
Mikael Johansson
040dda37ed
Add comment clarifying network allocation and sizes (#6607)
* Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes

Signed-off-by: Mikael Johansson <mik.json@gmail.com>

* Rewrite of the comment and added new examples

Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2020-09-10 03:49:44 -07:00
Maxime Guyot
961149b865
Update kube_version_min_required for 2.14 release (#6634) 2020-09-07 23:59:43 -07:00
Florian Ruynat
f1566cb8c2
Add protectKernelDefaults option (default true) to kubelet config file (#6611) 2020-09-03 07:41:41 -07:00
Lovro Seder
c1ba8e1b3a
Rotate kubelet server certificate. (#6453)
* Rotate kubelet server certificate.

* CI test kubelet server cert rotation

* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Florian Ruynat
142b9e1eff
Update k8s hashes and set default version to 1.18.8 (#6532) 2020-08-21 00:09:39 -07:00
Arthur Outhenin-Chalandre
35682b5228
Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix cilium strict kube-proxy in HA

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add a single global endpoint variable

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add cilium docs about kube-proxy replacement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix issues in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Cristian Chiru
94df580674
Moved docker_dns_options to defaults so it can be overridden (#6394)
* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Arthur Outhenin-Chalandre
3550e3c145
Adding kube-proxy-replacement support in cilium (#6334)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Florent Monbillard
924cc11af6
Upgrade to kubernetes 1.18.6 (#6405)
- Add 1.17.9 and 1.16.13 SHAs
2020-07-29 14:54:09 -07:00
chenguoquan1024
9c48f666ec
change /etc/ssl/etcd to etcd_config_dir param (#6408)
* change /etc/ssl/etcd to etcd_config_dir param

* add use etcd_events_data_dir param
2020-07-21 23:58:05 -07:00
Florian Ruynat
f515898cb5
Update hashes and set default version to 1.18.5 (#6335) 2020-06-30 02:00:05 -07:00
Kenichi Omichi
25bab0e976
Change MetalLB to one of addons (#6238)
This changes MetalLB contrib to one of addons for deploying MetalLB with
Kubernetes cluster deployment. By the default, Kubespray doesn't deploy
MetalLB addon.
2020-06-29 15:11:59 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file (#6307) 2020-06-29 12:39:59 -07:00
Qasim Sarfraz
16ad344c41
Gather ansible_default_ipv4 for specific groups (#6318) 2020-06-25 23:55:31 -07:00
bozzo
276c450759
Use connection: local when delegate_to: localhost (#6322)
This will avoid SSH connection on the local host
2020-06-25 08:14:38 -07:00
Hans Feldt
93951f2ed5
fix use of ansible tags (#6316)
tags are not inherited for include_role therefore the change
from include to import

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-25 03:00:37 -07:00
Alvaro
80d16e6c91
Support for Ambassador OSS as an Ingress (#6135)
Support for Ambassador OSS as an Ingress Controller when
settings `ingress_ambassador_enabled: true`.

Signed-off-by: Alvaro Saurin <alvaro.saurin@gmail.com>
2020-06-24 07:39:17 -07:00