Smaine Kahlouch
c490e5c8a1
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00
Smaine Kahlouch
aaa3f1c491
Merge pull request #502 from adidenko/custom-calico-hyperkube
...
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
5889f7af0e
Merge pull request #515 from adidenko/fix-delegate-to
...
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
5579cddbdb
Disable reverse lookups again
...
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
2b6866484e
Allow to use custom "canalized" calico cni
...
- Allow to overwrite calico cni binaries copied from hyperkube
by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
34a27b0127
Move kube_version var to defaults
...
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
948d1d61ff
Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
...
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
c96a9bfdfd
Merge pull request #518 from bogdando/issues/516
...
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
550bda951e
Change method to set use_hyperkube_cni var bool
...
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00
Smaine Kahlouch
6b27508c93
Merge pull request #519 from bogdando/fix_containers_download
...
Fix containers download condition
2016-09-27 15:23:50 +02:00
Bogdan Dobrelya
5fd43b7cf0
Allow subdomains of dns_domain and fix kubelet restarts
...
* Add a var for ndots (default 5) and put it hosts' /etc/resolv.conf.
* Poke kube dns container image to v1.7
* In order to apply changes to kubelet, notify it to
be restarted on changes made to /etc/resolv.conf. Ignore errors as the kubelet
may yet to be present up to the moment of the notification being processed.
* Remove unnecessary kubelet restart for master role as the node role ensures
it is up and running. Notify master static pods waiters for apiserver,
scheduler, controller-manager instead.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 14:32:49 +02:00
Smana
336e2b8c84
use variable dns_domain instead of cluster_name for kubedns
2016-09-27 14:15:27 +02:00
Bogdan Dobrelya
ee69ac857e
Fix containers download condition
...
Save/push/load containers if only download.enabled and download.container
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 13:44:29 +02:00
Aleksandr Didenko
6caf5b0ac3
Fix delegate_to expression in download tasks
...
"else omit" is causing problems in this expression. Replacing
it with more strict "inventory_hostname" fixes the issue and
handles `download_run_once` as expected.
Closes issue #514
2016-09-27 11:25:24 +02:00
Smaine Kahlouch
0f461282c8
Merge pull request #507 from anthonyhaussman/KubeDNSCorrection
...
Correct nslookup command
2016-09-26 13:58:00 +02:00
Smaine Kahlouch
5046466dae
Merge pull request #509 from kubespray/cnicopyweave
...
Copy hyperkube CNI plugins when using weave
2016-09-26 13:54:02 +02:00
Matthew Mosesohn
e4a48cf53b
Add Docker 1.12.1 version
2016-09-26 12:16:16 +03:00
Matthew Mosesohn
a3fe1e78df
Copy hyperkube CNI plugins when using weave
2016-09-26 12:02:19 +03:00
Anthony Haussmann
5f2bb3319b
Correct nslookup command
...
Change nslookup command to check the right cluster_name
2016-09-23 17:44:09 +02:00
Bogdan Dobrelya
dfb9063b3f
Fix docs and dns servers placement order
...
- Update docs and a drawing to clarify DNS setup.
- Change order of nameservers placement to match
changes in https://github.com/kubespray/kargo/pull/501
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 16:16:00 +02:00
Bogdan Dobrelya
82ee60fe8b
Make dnsmasq daemon set optional
...
Change additional dnsmasq opts:
- Adjust caching size and TTL
- Disable resolve conf to not create loops
- Change dnsPolicy to default (similarly to kubedns's dnsmasq). The
ClusterFirst should not be used to not create loops
- Disable negative NXDOMAIN replies to be cached
- Make its very installation as optional step (enabled by default).
If you don't want more than 3 DNS servers, including 1 for K8s, disable
it.
- Add docs and a drawing to clarify DNS setup.
- Fix stdout logs for dnsmasq/kubedns app configs
- Add missed notifies to resolvconf -u handler
- Fix idempotency of resolvconf head file changes
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 12:59:06 +02:00
Matthew Mosesohn
d313be4420
Improve management of nameservers in resolv.conf
...
Changing nameservers now will clean up previous entries
2016-09-22 18:11:15 +03:00
Özgür Caner
123532d2a4
Changed ImagePullPolicy from Always to IfNotPresent to avoid download issue when DNS is not working
2016-09-20 10:34:44 +02:00
Matthew Mosesohn
a93639650f
Allow calico to configure pool if tree exists, but no pools defined
2016-09-19 15:27:47 +03:00
Smaine Kahlouch
71a230a4fa
Merge pull request #493 from ivan4th/fix-reverse-dns-lookups
...
Fix reverse DNS lookups of service IPs.
2016-09-19 14:20:15 +02:00
Smaine Kahlouch
0643ed968f
Merge pull request #494 from kubespray/etcd_proxy_fix
...
always bind etcd_proxy to localhost
2016-09-19 14:19:55 +02:00
Smaine Kahlouch
1572aaf6ca
Merge pull request #489 from lukaszo/patch-1
...
Add socat do required pkgs
2016-09-19 12:19:46 +02:00
Smaine Kahlouch
5803de1ac5
Merge pull request #486 from kubespray/etchosts
...
switch /etc/hosts to use blockinfile
2016-09-19 12:19:37 +02:00
Ivan Shvedunov
13874f4610
Fix reverse DNS lookups of service IPs.
...
This fixes "DNS should provide DNS for services [Conformance]"
e2e test in k8s.
2016-09-19 09:12:10 +03:00
Matthew Mosesohn
341ea5a6ea
always bind etcd_proxy to localhost
2016-09-18 19:58:15 +04:00
Bogdan Dobrelya
5ed3916f82
Fix use_hyperkube_cni logic
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-16 13:07:04 +02:00
Bogdan Dobrelya
390764c2b4
Add retry_stagger var for failed download/pushes.
...
* Add the retry_stagger var to tweak push and retry time strategies.
* Add large deployments related docs.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:58 +02:00
Bogdan Dobrelya
9926395e5b
Distribute downloaded artifacts
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Bogdan Dobrelya
422428908a
Download containers and save all
...
Move version/repo vars to download role.
Add container to download params, which overrides url/source_url,
if enabled.
Fix networking plugins download depending on kube_network_plugin.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Matthew Mosesohn
b69d5f6e6e
Fix logic handling for use_hyperkube_cni
2016-09-15 16:09:40 +03:00
Łukasz Oleś
0db441b28f
Add socat do required pkgs
...
It's required for port forwarding.
2016-09-14 21:27:33 +02:00
Matthew Mosesohn
e3ebabc3b0
switch /etc/hosts to use blockinfile
2016-09-14 19:43:33 +03:00
Smaine Kahlouch
b46458a18f
Merge pull request #483 from kubespray/fix_idempotency_kubedns
...
Fix kubedns idempotency
2016-09-14 13:02:02 +02:00
Smaine Kahlouch
125cb0aa64
Merge pull request #481 from bogdando/issue/479
...
Add retries for copying binaries from containers and packages
2016-09-14 10:04:32 +02:00
Bogdan Dobrelya
783871a253
Add retries for packages installation
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 18:12:07 +02:00
Matthew Mosesohn
ef43b21597
Fix kubedns idempotency
...
Removed api-version from kube.py because it is deprecated.
Updating both kube.py because dnsmasq one is actually used.
Fixed name back to kubedns for checking its resource.
2016-09-13 16:49:51 +03:00
Bogdan Dobrelya
6fdcaa1a63
Add retries for copying binaries from containers
...
Closes issue: https://github.com/kubespray/kargo/issues/479
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 15:09:34 +02:00
Anthony Haussmann
d47a2d03b4
Delete default variable use_hyperkube_cni
...
The variable is now set via a task depending of the version of kube
2016-09-13 14:59:50 +02:00
Anthony Haussmann
739cf59953
Determine hyperkube cni to use
...
Starting from version 1.3.4 of hyperkube, calico is "canalized" which requires flannel and hostonly cni plugins.So we let hyperkube ship necessary cni
2016-09-13 14:58:29 +02:00
Antoine Legrand
2e386dfbdc
Merge pull request #465 from kubespray/freeze_kpm_version
...
Multiple app deploy tools
2016-09-08 22:01:52 +02:00
Antoine Legrand
ccbb2ee3ae
App deployer plugins
2016-09-08 15:01:57 +02:00
Antoine Legrand
eb78ce4c4e
Merge pull request #473 from kubespray/bootsrap
...
Bootstrap
2016-09-08 14:54:08 +02:00
Antoine Legrand
6084e05a6b
Bootstrap os
2016-09-07 20:19:46 +02:00
Özgür Caner
da8a604c4c
Changed apt to apt-get
2016-09-07 20:13:15 +02:00
Özgür Caner
df2b2d7417
Added bootstrap script for Ubuntu 16.04 LTS and later
2016-09-07 20:13:05 +02:00
Brandon B. Jozsa
2606e8e1c8
combine bootstrap options, add xenial support
2016-09-06 10:04:41 -04:00
Matthew Mosesohn
b62de1dcb1
Reset replicacluster name of kube-dns-v19 back to kubedns
...
This broke upgraded clusters
2016-09-06 16:43:17 +03:00
Matthew Mosesohn
b58512bbda
Rename kube-dns back to kubedns
...
kubedns should stay named the same so that services which
depend on this name are not broken.
2016-09-02 15:09:49 +04:00
Spencer Smith
8b91a43576
remove dependency on kpm for kubedns
2016-09-01 10:01:15 -07:00
Bogdan Dobrelya
d240073f65
Fix updating resolvconf
...
Move updating resolvconf to the network restart handler to
ensure changes applied to the /etc/resolv.conf.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-01 11:10:26 +02:00
Smaine Kahlouch
69f09e0f18
Merge pull request #461 from kubespray/issue-369
...
Issue 369
2016-08-31 15:09:33 +02:00
Smaine Kahlouch
cca26ae3d7
Merge pull request #458 from kubespray/issue456
...
Remove search and nameserver entries from resolvconf base
2016-08-31 13:15:30 +02:00
Matthew Mosesohn
26a0406669
Disable calicoctl from creating a default pool
...
Sometimes invoking calicoctl to create a pool also
creates a default pool, which causes errors in deploy.
2016-08-31 12:54:05 +03:00
Spencer Smith
a746d63177
ensure docker.service.d exists
2016-08-30 09:34:34 -07:00
Spencer Smith
0fc5e70c18
incorrect file name
2016-08-30 09:26:14 -07:00
Spencer Smith
b74c2f89f0
lay down a systemd dropin instead of the /run/flannel_docker_opts.env symlink
2016-08-30 09:17:41 -07:00
Matthew Mosesohn
33c8d0a1a7
Remove search and nameserver entries from resolvconf base
...
These items conflict when they are provided also in head file
Fixes : #456
2016-08-30 13:14:44 +03:00
Smana
28fbfbbbe7
fix etcd checksum
2016-08-29 19:09:08 +02:00
Smaine Kahlouch
18cdab3671
Merge pull request #449 from kubespray/fixapiserverplugins
...
Remove SecurityContextDeny API plugin
2016-08-29 18:58:53 +02:00
Smaine Kahlouch
311baeed5d
Merge pull request #448 from kubespray/etcdnosync
...
Add --no-sync to etcdctl member list
2016-08-29 18:58:14 +02:00
Matthew Mosesohn
256a4e1f29
Rebase etcd to v3.0.6
...
Fixes #450
2016-08-29 15:31:05 +03:00
Matthew Mosesohn
c50c6672f3
Remove SecurityContextDeny API plugin
...
This is no longer recommended for use since K8s 1.2:
http://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-plug-ins-to-use
2016-08-29 14:20:28 +03:00
Matthew Mosesohn
1345dd07f7
Add --no-sync to etcdctl member list
...
Fixes #447
2016-08-29 12:51:43 +03:00
Smaine Kahlouch
e83010b739
Merge pull request #445 from kubespray/caliconodechoice
...
Enable customization of calico-node docker image
2016-08-28 09:36:06 +02:00
Smana
d4193bbd22
upgrade weave version to 1.6.1
2016-08-27 16:04:06 +02:00
Matthew Mosesohn
b92404fd0a
Enable customization of calico-node docker image
...
New vars: calico_node_image_repo and claico_node_image_tag
Defaults: calico/node and {{ calico_version }}, respectively
2016-08-27 16:25:39 +04:00
Spencer Smith
82076f90a3
ensure bin dir for coreos before anything else
2016-08-26 13:24:47 -04:00
Bogdan Dobrelya
8168689caa
Refactor roles and hosts
...
Shorten deployment time with:
- Remove redundand roles if duplicated by a dependency and vice versa
- When a member of k8s-cluster, always install docker as a dependency
of the etcd role and drop the docker role from cluster.yaml.
- Drop etcd and node role dependencies from master role as they are
covered by the node role in k8s-cluster group as well. Copy defaults
for master from node role.
- Decouple master, node, secrets roles handlers and vars to be used w/o
cross references.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 13:27:57 +02:00
Smaine Kahlouch
c71b078c8e
Merge pull request #437 from kubespray/issues/429
...
Fix handler triggering for kubelet restart
2016-08-25 11:33:50 +02:00
Bogdan Dobrelya
caa8efbf86
Fix handler triggering for kubelet restart
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 09:12:25 +02:00
Smaine Kahlouch
bcec5553c5
Merge pull request #434 from kubespray/issue-426
...
Check only for AWS, wrote some docs on actually using AWS
2016-08-24 21:55:57 +02:00
Spencer Smith
4e76bced53
merge with current master, update typos in doc
2016-08-24 09:56:42 -04:00
Spencer Smith
60f263b629
updated to no longer handle gce as cloud-provider. provided aws setup doc
2016-08-24 09:48:32 -04:00
Bogdan Dobrelya
ea57ce7514
Fix resolv.conf search/nameserver
...
* Ensure additional nameserver/search, if defined as vars.
* Don't backup changed dhclient hooks as they are going to be
executed by dhclient as well, which is not what we want.
* For debian OS family only:
- Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
- Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
* For rhel OS family, the fix TBD, it doesn't work the same way.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-24 15:31:57 +02:00
Smana
346eca5748
Revert "pass cloud provider flag in all cases, not just openstack"
...
This reverts commit f35e5e864f
.
2016-08-24 14:32:54 +02:00
Smana
643b28f9d3
Revert "Fix resolv.conf search/nameserver"
...
This reverts commit 977f82c32c
.
2016-08-24 12:36:25 +02:00
Smaine Kahlouch
1938c96239
Merge pull request #420 from bogdando/collect_info
...
Adjust collect-info playbook
2016-08-24 10:06:30 +02:00
Spencer Smith
f35e5e864f
pass cloud provider flag in all cases, not just openstack
2016-08-23 13:57:32 -04:00
Bogdan Dobrelya
47b4242613
Adjust collect-info playbook
...
Cleanup collected artifacts,
drop unrelated files/commands.
Always install gitinfos script to binaries for external
use.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 11:28:27 +02:00
Smaine Kahlouch
92c4428cfd
Merge pull request #422 from kubespray/issue-421
...
remove host ca-certs, as they aren't necessary
2016-08-23 10:17:38 +02:00
Bogdan Dobrelya
f61071312a
Fix gen-gitinfos.sh
...
Fix the error gen-gitinfos.sh: 57: [: foo: unexpected operator
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 10:15:30 +02:00
Spencer Smith
234608433e
remove host ca-certs, as they aren't necessary
2016-08-22 16:09:33 -04:00
Smaine Kahlouch
36b6ae9a3c
Merge pull request #419 from bogdando/fix_322
...
Fix resolv.conf search/nameserver
2016-08-22 13:48:35 +02:00
Bogdan Dobrelya
977f82c32c
Fix resolv.conf search/nameserver
...
Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
Ensure additional nameserver/search, if defined as vars.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-22 11:53:44 +02:00
Matthew Mosesohn
6f07da9f41
Restart kubelet if launcher changed
...
Fixes #409
2016-08-18 19:00:05 +03:00
Smaine Kahlouch
c6f2102073
Merge pull request #412 from kubespray/optionalkubeletcni
...
Copy hyperkube cni plugins optionally for calico deployment
2016-08-16 14:00:27 +02:00
Matthew Mosesohn
0c953101ff
Fix init scripts for etcd. Fixes #383
...
Fixes Ubuntu 14.04 deployment of etcd.
2016-08-15 14:09:42 +03:00