Matthew Mosesohn
5a5707159a
Fix multiline condition for k8s check certs
...
Fixes #1190
2017-04-03 17:44:55 +03:00
Matthew Mosesohn
742a1681ce
Merge pull request #1166 from rogerwelin/master
...
add iptables --flush to reset role
2017-04-03 17:25:10 +03:00
Matthew Mosesohn
fba9b9cb65
Merge pull request #1182 from artem-panchenko/bumpCalicoPolicyControllerVersion
...
Bump calico policy controller version
2017-04-03 17:21:52 +03:00
Matthew Mosesohn
f5af86c9d5
Merge pull request #1194 from adidenko/fix-sync_certs
...
Fix multiline when condition in sync_certs task
2017-03-31 17:39:40 +03:00
Aleksandr Didenko
58acbe7caf
Fix multiline when condition in sync_certs task
...
Folded style in multiline 'when' condition causes error with
unexpected ident. Changing it to literal style should fix
the issue.
Closes #1190
2017-03-30 22:21:04 +02:00
Spencer Smith
355b92d7ba
Merge pull request #1170 from jlothian/atomic-docker-network
...
1169 - fix docker systemd unit
2017-03-30 13:13:28 -07:00
Matthew Mosesohn
c2c334d22f
Merge pull request #1181 from holser/refactor_etcd
...
Refactor etcd role
2017-03-27 13:05:35 +03:00
Sergii Golovatiuk
f144fd1ed3
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Artem Panchenko
e96557f410
Bump calico policy controller version
...
Latest released version of kube-policy-controller
contains important bug fixes and should be used
by default.
2017-03-24 12:13:09 +02:00
Matthew Mosesohn
b2af19471e
Merge pull request #1177 from rutsky/replace-nbsp
...
replace non-breakable space with regular space
2017-03-23 12:59:45 +03:00
Matthew Mosesohn
6805d0ff2b
Merge pull request #1179 from kubernetes-incubator/missing_defaults
...
Add missing defaults
2017-03-23 12:16:13 +03:00
Antoine Legrand
6e1de9d820
Add missing defaults
2017-03-23 10:05:34 +01:00
Vladimir Rutsky
c4e57477fb
replace non-breakable space with regular space
...
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.
To find one:
$ git grep -I -P '\xc2\xa0'
To replace with regular space:
$ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'
This commit doesn't include changes that will overlap with commit f1c59a91a1
.
2017-03-23 00:25:01 +03:00
Matthew Mosesohn
5f082bc0e5
Merge pull request #1172 from mattymo/dnsmasq_upgrade
...
Use checksum of dnsmasq config to trigger updates of dnsmasq
2017-03-22 18:00:10 +03:00
Matthew Mosesohn
0e3b7127b5
Merge pull request #1167 from mattymo/dnsmasq_when_deploying_master
...
Change wait for dnsmasq to skip if there are no kube-nodes in play
2017-03-22 17:59:56 +03:00
Roger Welin
f4638c7580
add iptables --flush to reset role
2017-03-22 11:10:24 +01:00
Matthew Mosesohn
8b0b500c89
Use checksum of dnsmasq config to trigger updates of dnsmasq
...
Allows config changes made by Ansible to restart dnsmasq deployment
2017-03-22 13:03:55 +03:00
Josh Lothian
5e2f78424f
1169 - fix docker systemd unit
...
The docker-network environment file masks the new values
put into /etc/systemd/system/docker.service.d/flannel-options.conf
to renumber the docker0 to work correctly with flannel.
2017-03-21 15:22:14 -05:00
Matthew Mosesohn
1887e984a0
Change wait for dnsmasq to skip if there are no kube-nodes in play
...
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)
Also rename play_hosts to ansible_play_hosts
2017-03-21 18:55:22 +03:00
Matthew Mosesohn
cd429d3654
Merge pull request #1159 from holser/etcd_backup_restore
...
Backup etcd
2017-03-21 13:07:44 +03:00
Matthew Mosesohn
0f64f8db90
Merge pull request #1155 from mattymo/helm
...
Add helm deployment
2017-03-20 17:00:06 +03:00
Sergii Golovatiuk
c04a6254b9
Backup etcd data before restarting etcd
...
etcd is crucial part of kubernetes cluster. Ansible restarts etcd on
reconfiguration. Backup helps operator to restore cluster manually in
case of any issues.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-20 14:50:52 +01:00
Matthew Mosesohn
939c1def5d
Merge pull request #1152 from mattymo/redhat_weave
...
Fix weave on RHEL deployment
2017-03-19 16:45:20 +03:00
Matthew Mosesohn
b7ab80e8ea
Merge pull request #1149 from mattymo/centos-retries
...
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
b69d4b0ecc
Add helm deployment
2017-03-17 20:24:41 +03:00
Matthew Mosesohn
7760c3e4aa
Retry yum/apt/rpm download commands, fix succeeded filter
2017-03-17 18:56:26 +03:00
Matthew Mosesohn
3cfb76e57f
Merge pull request #1146 from mattymo/resolvconf_optimize
...
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
e1faeb0f6c
Fix weave on RHEL deployment
...
Reduce retry delay checking weave
Always load br_netfilter module
2017-03-17 18:17:47 +03:00
Matthew Mosesohn
25bff851dd
Merge pull request #1136 from adidenko/fix-calico-policy-order
...
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
a52064184e
Condense resolvconf sources before starting loop
2017-03-17 13:06:56 +03:00
Matthew Mosesohn
0b49eeeba3
Update calico to 1.1.0-rc8
...
Fixes bug in CentOS/RHEL in felix related to overlayfs driver.
2017-03-16 19:23:36 +03:00
Matthew Mosesohn
b0830f0cd7
Merge pull request #1087 from bradbeam/openstack
...
Adding openstack domain id
2017-03-16 17:53:14 +03:00
Matthew Mosesohn
565d4a53b0
Merge pull request #1108 from idcrook/issue_1107-docker-versioning
...
Adding Docker CE 'stable' and 'edge' version packages
2017-03-16 16:32:13 +03:00
Matthew Mosesohn
8195957461
Merge branch 'master' into idempotency2
2017-03-16 09:29:43 +03:00
Matthew Mosesohn
02fed4a082
Merge pull request #1138 from mattymo/idempotency-fixes
...
Idempotency fixes for etcd certs and resolvconf tasks
2017-03-16 09:20:28 +03:00
Matthew Mosesohn
a422ad0d50
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
096d96e344
Merge pull request #1137 from holser/bug/1135
...
Turn on iptables for flannel
2017-03-15 17:06:42 +03:00
Matthew Mosesohn
4354162067
Merge pull request #1080 from VincentS/Granular_Auth_Control
...
Granular authentication Control
2017-03-15 13:12:51 +03:00
Matthew Mosesohn
a62a444229
Merge pull request #1117 from mattymo/etcd3-upgrade
...
Migrate k8s data to etcd3 api store
2017-03-15 12:56:06 +03:00
Matthew Mosesohn
f6b72fa830
Make resolvconf preinstall idempotent
2017-03-15 01:20:13 +04:00
Sergii Golovatiuk
9667e8615f
Turn on iptables for flannel
...
Closes : #1135
Closes : #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-14 17:54:55 +01:00
Vincent Schwarzer
026da060f2
Granular authentication Control
...
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Matthew Mosesohn
3feab1cb2d
Merge pull request #1134 from mattymo/1.6-support
...
Explicitly set cni-bin-dir
2017-03-14 17:53:08 +03:00
Matthew Mosesohn
804e9a09c0
Migrate k8s data to etcd3 api store
...
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
2017-03-14 17:50:20 +03:00
Matthew Mosesohn
4c6829513c
Fix etcd idempotency
2017-03-14 17:23:29 +03:00
Matthew Mosesohn
4038954f96
Merge pull request #1078 from VincentS/oidc_support
...
Added Support for OpenID Connect Authentication
2017-03-14 12:07:21 +03:00
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00
Matthew Mosesohn
c301dd5d94
Merge pull request #1118 from mattymo/noderolelabels
...
Add node labels in kubelet
2017-03-13 19:04:21 +03:00
David Crook
a52e1069ce
updated debian and ubuntu package names based on testing
...
docker-ce is not the .deb package until the repositories are switched over to new "downloads" docker webserver
2017-03-06 16:54:39 -07:00