Wong Hoi Sing Edison
54beb27eaa
cert-manager: Upgrade to v0.2.4
2018-04-17 12:08:10 +08:00
Wong Hoi Sing Edison
7968437a65
Weave: Upgrade to 2.3.0
2018-04-17 08:51:24 +08:00
Aivars Sterns
4b4786f75d
Merge pull request #2381 from vikas027/inventory_fixes
...
Replaced ansible_ssh_host with ansible_host in sample inventory file and fixed usage of bastion
2018-04-16 10:06:19 +03:00
Matthew Mosesohn
02cd5418c2
Weave limits ( #2660 )
...
* Raise limits for weave
* Adjust weave limits
2018-04-15 18:32:49 +03:00
Matthew Mosesohn
49e3665d96
Remove prometheus operator from Kubespray ( #2658 )
...
Kubespray should not install any helm charts. This is a task
that a user should do on his/her own through ansible or another
tool. It opens the door to wrapping installation of any helm
chart.
2018-04-13 18:53:39 +03:00
Matthew Mosesohn
e95ba800ea
Define local volume provisioner dirs in defaults ( #2656 )
2018-04-13 17:23:10 +03:00
Aivars Sterns
5d9bb300d7
Merge pull request #2646 from Atoms/fix-sync-container
...
move when condition to main.yml
2018-04-13 09:10:21 +03:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet ( #2648 )
2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support
...
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert
...
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Matthew Mosesohn
61791bbb3d
Remove condition for docker pull when using download delegate
2018-04-12 19:01:13 +03:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3
...
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Matthew Mosesohn
3fa7468d54
Copy ca-key.pem to etcd and kube-masters accordingly
2018-04-12 10:17:54 +03:00
Markos Chandras
02bf742e15
roles: rkt: Add support for SUSE distributions
...
The RPM file that's provided by upstream can be used for SUSE
distributions as well. Moreover we simplify the playbook to use
the 'package' module to install packages across different distros.
Link: https://github.com/rkt/rkt/pull/3904
2018-04-11 20:55:20 +01:00
Markos Chandras
d07f75b389
roles: kubernetes: secrets: Add SUSE support
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Markos Chandras
2d34781259
roles: etcd: Add support for SUSE distributions
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:53:43 +01:00
Markos Chandras
cdb63a8c49
roles: docker: Ensure service is started if docker is already installed
...
If the 'docker' package is already installed, then the handlers will not
run and the service will not be (re-)started. As such, lets make sure
that the service is started even if the packages are already installed.
2018-04-11 17:46:14 +01:00
Markos Chandras
44a0626fc8
roles: docker: Add support for SUSE distributions
...
Add support for installing Docker on SUSE distributions. The Docker
repository at https://yum.dockerproject.org/repo/main/ does not support
recent openSUSE distributions so the only alternative is to use the
packages from the distro repositories. This however renders the
'docker_version' Ansible variable useless on SUSE.
2018-04-11 17:46:14 +01:00
Nirmoy Das
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
...
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
...
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Nirmoy Das
4ba25326ed
roles: bootstrap-os: Use 'hostname' command on Tumbleweed
...
openSUSE Tumbleweed is having the same problems with CoreOS when it
comes to using the hostname ansible module (#1588 , #1600 ) so we need
to apply a similar workaround.
Co-authored-by: Markos Chandras <mchandras@suse.de>
Link: http://bugzilla.opensuse.org/show_bug.cgi?id=997614
2018-04-11 17:46:14 +01:00
Markos Chandras
dca4777347
roles: bootstrap-os: Add support for SUSE distributions
...
Install some required packages when running on SUSE distributions.
2018-04-11 17:46:14 +01:00
Atoms
6c954df636
move when condition to main.yml
2018-04-11 12:05:33 +03:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
...
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
2018-04-10 14:37:24 +03:00
Aivars Sterns
913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
...
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00
Aivars Sterns
a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do
...
Remove jinja2 dependency of do
2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 13:30:48 +02:00
Vikas Kumar
94eb18b3d9
Replaced ansible_ssh_host with ansible_host in sample inventory file as the former is deprecated since Ansible v2.0
...
Fixed the reference of ansible_user in kubespray-defaults role
References:
- http://docs.ansible.com/ansible/latest/intro_inventory.html
2018-04-10 15:21:40 +10:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Atoms
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
2018-04-09 13:19:26 +03:00
Matthew Mosesohn
f954bc0a5a
Remove jinja2 dependency of do
...
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
2018-04-09 12:27:53 +03:00
rongzhang
66b61866cd
Fix check docker error for atomic
...
Fix issues #2611
2018-04-08 17:53:16 +08:00
Brad Beam
dfc46f02d7
Adding missing service-account certificate for vault
...
Missed in #2554
2018-04-06 15:29:52 -05:00
Daniel Hoherd
ca40d51bc6
Fix typos (no logic changes)
2018-04-05 15:54:58 -07:00
Chen Hong
973e7372b4
content: |
2018-04-04 23:05:27 +08:00
Chen Hong
b54e091886
Persist ip_vs modules
2018-04-04 18:18:51 +08:00
Andreas Krüger
6c220e4e4b
Merge pull request #2495 from holmsten/rotate-provisioner-token
...
Rotate local-volume-provisioner token
2018-04-04 10:21:12 +02:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
Andreas Krüger
0f5ea5474c
Merge pull request #2593 from vterdunov/fix-check-vsphere_cloud_provider
...
Properly check vsphere_cloud_provider.rc
2018-04-03 20:35:59 +02:00
Andreas Krüger
6567b8e012
Merge pull request #2590 from hswong3i/istio-download
...
istio: container download related things should defined in the download role
2018-04-03 13:57:43 +02:00
Wong Hoi Sing Edison
428a554ddb
istio: container download related things should defined in the download role
2018-04-03 14:29:50 +08:00
Xiaoxi He
32f4194cf8
Bump ingress-nginx-controller to version 0.12.0
2018-04-03 10:39:17 +08:00
georgejdli
76bb5f8d75
check if dedicated service account token signing key exists
2018-04-02 10:57:24 -05:00
vterdunov
4b98537f79
Properly check vsphere_cloud_provider.rc
2018-04-02 18:45:42 +03:00
Andreas Krüger
cac2196ad5
Merge pull request #2575 from hswong3i/local-volume-provisioner-download
...
local-volume-provisioner: container download related things should defined in the download role
2018-04-02 10:32:43 +02:00
Andreas Krüger
ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs
...
Move cloud config configurations to proper location
2018-04-02 10:31:38 +02:00
Matthew Mosesohn
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
...
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
.
* add python interpreter workaround for localhost
2018-04-02 11:19:23 +03:00
Wong Hoi Sing Edison
b1a7889ff5
local-volume-provisioner: container download related things should defined in the download role
2018-04-02 13:50:11 +08:00
woopstar
86e3506ae6
Etcd cluster setup makeover
...
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
2018-04-01 21:38:33 +02:00
Wong Hoi Sing Edison
4f714b07b8
cephfs-provisioner: container download related things should defined in the download role
2018-04-01 20:35:44 +08:00
Wong Hoi Sing Edison
4c0e9ba890
registry: container download related things should defined in the download role
2018-04-01 06:51:57 +08:00
Andreas Krüger
deac627dc7
Merge pull request #2571 from hswong3i/ingress-nginx-download
...
ingress-nginx: container download related things should defined in the download role
2018-03-31 20:51:50 +02:00
bobahspb
16961f69f2
Merge branch 'master' into master
2018-03-31 21:48:39 +03:00
Andreas Krüger
b9b028a735
Update etcd deployment to use correct cert and key ( #2572 )
...
* Update etcd deployment to use correct cert and key
* Update to use admin cert for etcdctl commands
* Update handler to use admin cert too
2018-03-31 14:06:09 -04:00
Wong Hoi Sing Edison
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
2018-04-01 00:22:33 +08:00
Andreas Krüger
5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3
...
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 18:15:25 +02:00
Andreas Krüger
1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling
...
node_labels documentation and kube-ingress label definition as role_node_label
2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
avoidik
aa301c31d1
Move credential checks into proper folder
2018-03-31 13:29:00 +03:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
Andreas Krüger
2c89a02db3
Only download container/file if host is in defined group ( #2565 )
...
* Only download container/file if host is in defined group
* Set correct when clause
* Fix last entries
* Update download groups
2018-03-30 22:40:01 -04:00
Chad Swenson
0ca08e03af
Merge pull request #2566 from woopstar/etcd-fix-2
...
Fix etcd from import task to include task
2018-03-30 20:53:32 -04:00
avoidik
15efdf0c16
Move credential checks
2018-03-31 03:26:37 +03:00
avoidik
ab8760cc83
Move credentials pre-check
2018-03-31 03:24:57 +03:00
avoidik
b6da596ec1
Move default configuration parameters for cloud-config
2018-03-31 03:18:23 +03:00
avoidik
3c12c6beb3
Move cloud config configurations to proper location
2018-03-31 02:59:59 +03:00
Erwan Miran
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
2018-03-31 00:36:11 +02:00
Andreas Krüger
887a468d32
Merge pull request #2562 from avoidik/fix-indexes-pr-2251
...
Fix kubecert_node.results indexes
2018-03-31 00:16:11 +02:00
woopstar
859a7f32fb
Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time
2018-03-31 00:06:34 +02:00
Andreas Krüger
1f28764ca1
Merge pull request #2512 from woopstar/hyperkube-fix-1
...
Switch hyperkube from CoreOS to Google
2018-03-30 21:58:03 +02:00
Andreas Krüger
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
...
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
Andreas Krüger
7ddd4cd38c
Merge pull request #2561 from rsmitty/no_proxy
...
only set no_proxy if other proxy vars are defined
2018-03-30 21:43:23 +02:00
Andreas Krüger
c1eb975545
Merge pull request #2557 from chenhonggc/vault_health_check_delay
...
Maybe vault health check needs delay
2018-03-30 21:39:15 +02:00
georgejdli
572ab650db
copy dedicated service account token signing key for kubeadm migration
2018-03-30 13:03:32 -05:00
avoidik
72c2a8982b
Fix kubecert_node.results indexes
2018-03-30 17:24:50 +03:00
Spencer Smith
13c57147eb
only set no_proxy if other proxy vars are defined
2018-03-30 09:48:55 -04:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Andreas Kruger
af5f376163
Revert
2018-03-30 11:42:20 +02:00
woopstar
004b0a3fcf
Fix merge conflict
2018-03-30 11:38:59 +02:00
Andreas Kruger
4bb7d2b566
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into cert-fix-2
2018-03-30 11:34:05 +02:00
Andreas Krüger
f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
...
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
Andreas Krüger
55195fe546
Merge pull request #2500 from gorazio/patch-1
...
Add prometheus annotations to spec in ingress
2018-03-30 11:02:31 +02:00
RongZhang
5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
...
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
Chen Hong
4a705b3fba
May vault health check needs delay
2018-03-30 16:42:08 +08:00
陈宏
4d85e3765e
remove redundancy code
2018-03-30 09:19:00 +08:00
Vladimir Vasilkin
f0a04b4d65
wait 5 * 4 secs until Tiller starts
2018-03-30 00:09:36 +03:00
Vladimir Vasilkin
760ca1c3a9
adding checking for prometheus_operator_enabled
2018-03-29 23:03:43 +03:00
Vladimir Vasilkin
23b3833806
running on the first master only.
2018-03-29 22:51:46 +03:00
Kuldip Madnani
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
...
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
2018-03-29 11:37:32 -05:00
georgejdli
c8f857eae4
configure kubespray to sign service account tokens with a dedicated and stable key
2018-03-29 09:50:31 -05:00
Andreas Krüger
270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing
...
Write cloud-config during kubelet configuration
2018-03-29 09:12:18 +02:00
Andreas Kruger
bf29198efd
Fix merge conflict
2018-03-29 09:11:13 +02:00
Kuldip Madnani
9ebbf1c3cd
Added a fix in openssl.conf template to check if IP of loadbalncer is available or not.
2018-03-28 16:34:26 -05:00
Chad Swenson
ef7f5edbb3
Remove old docker packages and other docker upgrade fixes ( #2536 )
...
* Remove old docker packages
This removes docker packages that are obsolete if docker-ce packages are to be installed, which fixes some package conflict issues that can occur during upgrades.
* Add support for setting obsoletes=0 when installing docker with yum
2018-03-28 15:10:39 -05:00
woopstar
0b5404b2b7
Fix
2018-03-28 20:28:04 +02:00
Vladimir Vasilkin
19e1b11d98
prometheus operator, metrics for k8s cluster
...
install using Helm:
- Prometheus Operator
- metrics for k8s cluster including: grafana dashboard, alertmanager, node exporters
base project:
https://github.com/coreos/prometheus-operator
the issue:
https://github.com/kubernetes-incubator/kubespray/issues/2042
Previous PR, raw ansible without Helm:
https://github.com/kubernetes-incubator/kubespray/pull/2499
2018-03-28 21:23:30 +03:00
woopstar
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
2018-03-28 17:48:56 +02:00
Matthew Mosesohn
72a4223884
Write cloud-config during kubelet configuration
...
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
2018-03-28 16:26:36 +03:00
Andreas Krüger
03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role
...
Dedicated node for ingress nginx controller
2018-03-28 14:07:40 +02:00
Wong Hoi Sing Edison
848fc323db
Fixup for #2523 :
...
- Rename template for /etc/cni/net.d/00-weave.conflist to 00-weave.conflist.j2
- Apply resources requests/limits to both container weave and weave-npc
2018-03-28 11:16:42 +08:00
Brad Beam
015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7
...
Update Calico and Canal
2018-03-27 21:07:28 -05:00
Andreas Krüger
2ca7087018
Merge pull request #2524 from avoidik/systemd_user_kubelet
...
Set exact user for Kubelet services
2018-03-27 16:41:10 +02:00
Andreas Krüger
d665f14682
Merge pull request #2526 from mzehrer/patch-1
...
Remove kibana_base_url
2018-03-27 12:40:31 +02:00
avoidik
e375678674
Set exact user for Kubelet services
2018-03-27 11:13:52 +03:00
Sergey Bondarev
4f7479d94d
add etc tunning options
...
https://coreos.com/etcd/docs/latest/tuning.html
etcd_snapshot_count
and
ionice priority
2018-03-26 17:25:51 +03:00
Michael Zehrer
b8d1652baf
Remove kibana_base_url
...
The default for kibana_base_url does not make sense an makes kibana unusable. The default path forces a 404 when you try to open kibana in the browser. Not setting kibana_base_url works just fine.
2018-03-25 16:08:07 +02:00
Andreas Krüger
f7dc73b830
Merge pull request #2521 from f84anton/patch-1
...
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
2018-03-24 18:37:03 +01:00
Dann Bohn
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
2018-03-24 13:29:07 -04:00
Wong Hoi Sing Edison
3f5c60886b
Upgrade Weave to 2.2.1
...
- Fix #2414 , so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
2018-03-24 17:27:12 +08:00
Anton Fayzrahmanov
a75598b3f4
IP_AUTODETECTION_METHOD docs
2018-03-24 01:54:17 +03:00
Anton Fayzrahmanov
60a057cace
Update calico-node.yml.j2
2018-03-24 01:46:26 +03:00
Anton Fayzrahmanov
dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
...
can be set to one of
first-found
can-reach
interface
2018-03-23 16:33:20 +03:00
Dann Bohn
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
2018-03-23 08:33:25 -04:00
Wong Hoi Sing Edison
caec3de364
Updating to use calico-node v2.6.8
2018-03-22 12:33:04 -05:00
Erik Stidham
60bfc56e8e
Update Calico and Canal
...
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
2018-03-22 12:30:23 -05:00
Wong Hoi Sing Edison
206e24448b
CephFS Provisioner Addon Fixup
2018-03-22 23:03:13 +08:00
Wong Hoi Sing Edison
bb1eb9fec8
Add labels for namespace
2018-03-22 21:33:32 +08:00
Keyvan Hedayati
b0d7115e9b
hswong3i/kubespray#3 : Use {{ cluster_name }} for valid FQDN in REGISTRY_HOST
2018-03-22 21:33:32 +08:00
Wong Hoi Sing Edison
f8ebd08e75
Registry Addon Fixup
2018-03-22 21:33:32 +08:00
Andreas Krüger
30e4b89837
Merge pull request #2504 from brtknr/patch-1
...
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
2018-03-22 09:15:55 +01:00
Andreas Krüger
405c711edb
Remove v in tag
2018-03-22 09:07:28 +01:00
Chad Swenson
0e6b4e80f7
Merge pull request #2490 from woopstar/workaround-fix-1
...
Only apply roles from first master node to fix regression
2018-03-21 20:29:59 -05:00
Chad Swenson
9949782e96
Merge pull request #2489 from woopstar/token-fix-1
...
Only copy tokens if tokens_list contains any
2018-03-21 20:28:06 -05:00
Chad Swenson
bbb6e7b3da
Merge pull request #2508 from melkosoft/cilium
...
Cilium v.1.0.0-rc8
2018-03-21 20:25:43 -05:00
Chad Swenson
bc68188209
Merge pull request #2498 from zmsp/master
...
Upgraded kubernetes from 1.9.3 to 1.9.5
2018-03-21 20:25:05 -05:00
woopstar
d3780e181e
Switch hyperkube from CoreOS to Google
2018-03-21 23:27:16 +01:00
Andreas Krüger
2e202051e3
Merge pull request #2364 from whereismyjetpack/default-download
...
set local_release_dir in downloads to match others
2018-03-21 23:16:48 +01:00
Chad Swenson
448c1d5faa
Merge pull request #2509 from chadswen/flannel-update
...
Update flannel version to v0.10.0
2018-03-21 12:15:09 -05:00
Andreas Krüger
ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1
...
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-21 10:03:31 +01:00
Erwan Miran
8b71ef8ceb
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
2018-03-21 09:19:05 +01:00
mirwan
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
2018-03-21 10:50:32 +03:00
Chad Swenson
a6b918c1a1
Merge pull request #2485 from LuckySB/flannel_iface_regexp
...
Add --iface-regex options to flannel
2018-03-20 21:18:01 -05:00
Chad Swenson
c025ab4eb4
Update flannel version to v0.10.0
2018-03-20 19:59:51 -05:00
melkosoft
ae30009fbc
changed version to 1.0.0-rc8
2018-03-20 14:18:56 -07:00
melkosoft
158d775306
changed cilium to 1.0.0-rc7. Set CI to use coreos for cilium test
2018-03-20 12:43:26 -07:00
woopstar
9d540165c0
Set kube_api_aggregator_routing to default false as we use kube-proxy
2018-03-20 16:28:05 +01:00
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
...
As requested
2018-03-20 13:33:36 +00:00
Bharat Kunwar
d2fd7b7462
Update kube-apiserver.manifest.j2
2018-03-20 12:19:53 +00:00
Bharat Kunwar
d9453f323b
Update kube-apiserver.manifest.j2
2018-03-20 12:16:35 +00:00
Bharat Kunwar
b787b76c6c
Update kube-apiserver.manifest.j2
...
Ensure that kube-apiserver will respond even if one of the nodes are down.
2018-03-20 12:06:34 +00:00
woopstar
a94a407a43
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-20 12:08:36 +01:00
gorazio
96e46c4209
bump after CLA signing
2018-03-20 10:23:50 +03:00
gorazio
aa30fa8009
Add prometheus annotations to spec in ingress
...
Added annotations from metadata to spec.template.metadata. Without it, pod does not get any annotations, and Prometheus didn't see it
2018-03-20 08:47:36 +03:00
Zobair Shahadat
ebfee51aca
Upgraded kubernetes from 1.9.3 to 1.9.5
2018-03-19 15:42:24 -04:00
Andreas Holmsten
14ac7d797b
Rotate local-volume-provisioner token
...
When tokens need to rotate, include local-volume-provisioner
2018-03-19 13:04:18 +01:00
Andreas Krüger
f253691a68
Merge pull request #2347 from hswong3i/multiple_artifacts_dir
...
Support multiple artifacts under individual inventory directory
2018-03-19 12:45:55 +01:00
Sergey Bondarev
038da7255f
check if group kube-ingress is not empty
...
fix spelling mistaker ingress_nginx_host_network
set default value for ingress_nginx_host_network: false
2018-03-19 12:59:38 +03:00
woopstar
f1d2f84043
Only apply roles from first master node to fix regression
2018-03-18 16:15:01 +01:00
woopstar
b9a949820a
Only copy tokens if tokens_list contains any
2018-03-18 08:42:38 +01:00
Andreas Krüger
50e5f0d28b
Merge pull request #2468 from LuckySB/master
...
change expirations period for generated certificate from 10y to 100 years
2018-03-17 19:43:40 +01:00
Sergey Bondarev
1481f7d64b
Dedicated node for ingress nginx controller
...
The ability to create dedicated node for ingress nginx controller
host type network for nginx controller
and add from example https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/nginx-ingress-controller.yaml
terminationGracePeriodSeconds: 60
2018-03-17 02:54:46 +03:00
Chad Swenson
7d33650019
Merge pull request #2462 from woopstar/coredns-patch
...
Add CoreDNS support
2018-03-16 18:33:36 -05:00
woopstar
e40368ae2b
Add CoreDNS support with various fixes
...
Added CoreDNS to downloads
Updated with labels. Should now work without RBAC too
Fix DNS settings on hosts
Rename CoreDNS service from kube-dns to coredns
Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html
Updated docs with CoreDNS info
Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed
Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806 '
Set dns list correct. Thanks to @whereismyjetpack
Only download KubeDNS or CoreDNS if selected
Move dns cleanup to its own file and import tasks based on dns mode
Fix install of KubeDNS when dnsmask_kubedns mode is selected
Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.
Run DNS manifests for CoreDNS and KubeDNS
Set skydns servers on dual stack deployment
Use only one template for CoreDNS dual deployment
Set correct cluster ip for the dns server
2018-03-16 21:51:37 +01:00
Sergey Bondarev
b7e6dd0dd4
Add --iface-regex options to flannel
...
Flannel use interface for inter-host communication setted on --iface options
Defaults to the interface for the default route on the machine.
flannel config set via daemonset, and flannel config on all nodes is the same.
But different nodes can have different interface names for the inter-host communication network
The option --iface-regex allows the flannel to find the interface on which the address is set from the inter-host communication network
2018-03-16 21:44:36 +03:00
Qasim Sarfraz
8ee2091955
Merge pull request #3 from kubernetes-incubator/master
...
Sync Upstream
2018-03-16 17:21:54 +01:00
Sergey Bondarev
3fac550090
Merge remote-tracking branch 'upstream/master'
2018-03-16 14:09:54 +03:00
Andreas Krüger
d29a1db134
Merge pull request #2461 from woopstar/patch-11
...
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger
653d97dda4
Merge pull request #2472 from woopstar/patch-12
...
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
woopstar
40c0f3756b
Encapsulate item instead of casting to string
2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179
Added option for encrypting secrets to etcd v.2 ( #2428 )
...
* Added option for encrypting secrets to etcd
* Fix keylength to 32
* Forgot the default
* Rename secrets.yaml to secrets_encryption.yaml
* Fix static path for secrets file to use ansible variable
* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2
* Base64 encode the token
* Fixed merge error
* Changed path to credentials dir
* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions
* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Oleg Vyukov
d843e3d562
Fix indent Custom ConfigMap ingress-nginx ( #2447 )
2018-03-15 22:18:18 +03:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
...
Setting the following:
```
kube_kubeadm_controller_extra_args:
address: 0.0.0.0
terminated-pod-gc-threshold: "100"
```
Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
MQasimSarfraz
1bcc641dae
Create vsphere clusterrole only if it doesnt exists
2018-03-14 11:29:35 +00:00
Sergey Bondarev
f8fed0f308
change expirations period for generated certificate from 10 years to 100 years
2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a
Fix err in kubelet.kubeadm.env.j2
...
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
...
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
...
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn
f3788525ff
fixes yamllint for docker defaults, and weave network plugin
2018-03-13 06:15:48 -04:00
Andreas Krüger
39d247a238
Add support to kubeadm too
...
Explicitly defines the --kubelet-preferred-address-types parameter #2418
Fixes #2453
2018-03-13 10:31:15 +01:00
rong.zhang
d264da8f08
Fix yamllint roles error for #2188 commit
2018-03-13 14:28:49 +08:00
MQasimSarfraz
9a4aa4288c
Fix vsphere cloud_provider RBAC permissions
2018-03-12 18:07:08 +00:00
Dann Bohn
50e3ccfa2b
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-12 12:46:14 -04:00
RongZhang
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
...
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
...
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
...
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
...
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
...
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang
ecec94ee7e
Fix Docker exits prematurely
...
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang
196995a1a7
Fix issues#2451 Support docker-ce and docker-engine
...
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
...
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
...
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
...
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen
cd153a1fb3
Fix kubernetes cert permission sync
...
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen
b0ab92c921
Prefix system:node CRB
...
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`
Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
...
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
Chad Swenson
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
...
Fix systemd version detection
2018-03-08 22:28:12 -06:00
zhengchuan hu
8e36ad09b4
clean http-proxy.conf
2018-03-08 23:16:02 +08:00
zhengchuan hu
96a92503cb
Fix always download calico_rr image
2018-03-08 17:04:16 +08:00
RongZhang
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
...
Remove nodes
2018-03-08 01:55:20 -06:00
rong.zhang
12c78e622b
Remove nodes
...
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
RongZhang
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
...
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
Wong Hoi Sing Edison
a086686e9f
Support multiple artifacts under individual inventory directory
2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018
FIXUP #2424 : local_provisioner directory should be created only if enabled
2018-03-08 11:57:46 +08:00
RongZhang
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
...
fix the name of some variable
2018-03-07 21:25:32 -06:00
Chris Mildebrandt
605738757d
Fix systemd version detection
...
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
Wong Hoi Sing Edison
3f96b2da7a
Add Custom ConfigMap Support for ingress-nginx
2018-03-07 21:37:45 +08:00
RongZhang
dbf40bbbb8
docker-ce instead of docker-engine repo ( #2423 )
...
* Use docker-ce 17.03.2
* Docker-engine may be discarded
2018-03-07 15:11:20 +03:00
zhengchuan hu
646d473e8e
fix the name of some variable
2018-03-07 18:30:34 +08:00
Aivars Sterns
6975cd1622
Merge pull request #2419 from hswong3i/ingress_nginx_labels
...
Add labels for ingress_nginx_namespace
2018-03-06 08:01:13 +02:00
Aivars Sterns
b7f9bf43c2
Merge pull request #2421 from ctlam/master
...
Adding ssh_private_key_file to ProxyCommand
2018-03-06 07:59:26 +02:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
...
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Dominic Lam
f9019ab116
Adding ssh_private_key_file to ProxyCommand
...
This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.
2018-03-05 13:15:10 -08:00
Michael Beatty
07657aecf4
add support for azure vnetResourceGroup
2018-03-05 13:40:25 -06:00
Wong Hoi Sing Edison
e65904eee3
Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled
2018-03-05 23:11:18 +08:00
Ayaz Ahmed Khan
89847d5684
Explicitly defines the --kubelet-preferred-address-types parameter
...
to the API server configuration.
This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
Jonas Kongslund
585303ad66
Start with three dashes for consistency
2018-03-03 10:05:05 +04:00
Jonas Kongslund
a800ed094b
Added support for webhook authentication/authorization on the secure kubelet endpoint
2018-03-03 10:00:09 +04:00
Wong Hoi Sing Edison
fd46442188
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
2018-03-02 23:33:19 +08:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
...
Fixes #2397
2018-03-02 15:36:52 +03:00
Aivars Sterns
b75b6b513b
Merge pull request #2406 from riverzhang/fedora
...
Delete unused fedora docker repo
2018-03-02 09:33:57 +02:00
rong.zhang
2a3b48edaf
Delete unused fedora docker repo
2018-03-02 14:39:13 +08:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
...
Enable OOM killing
2018-03-01 14:56:26 +01:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
...
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
...
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Spencer Smith
0fd3b9f7af
Merge pull request #2391 from Miouge1/latest-helm
...
Install latest version of Helm
2018-02-28 15:04:41 -05:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" ( #2393 )
2018-02-28 22:41:52 +03:00
Brad Beam
6ce507f39f
Merge pull request #2345 from mattymo/credentials_upgrade_fix
...
Add pre-upgrade task for moving credentials file
2018-02-28 12:39:02 -06:00
Brad Beam
34cab91e86
Merge pull request #2366 from z1nkum/bump_dashboard_tag
...
Bump dashboard from 1.8.1 to 1.8.3 because of reload bug
2018-02-28 12:38:34 -06:00
Brad Beam
63de9bdba3
Merge pull request #2363 from whereismyjetpack/default-kube-proxy
...
default kube_proxy_mode in kubernetes-defaults
2018-02-28 12:37:46 -06:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Brad Beam
ad89d1c876
Update pre_upgrade.yml
2018-02-28 19:07:44 +03:00
Simon Li
6b80ac6500
Fix indexing of supplementary DNS in openssl.conf
2018-02-28 16:04:52 +00:00
Miouge1
2257dc9baa
Install latest version of Helm
2018-02-28 16:29:38 +01:00
Dmitry Vlasov
977e7ae105
remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3
2018-02-28 12:52:59 +03:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Matthew Mosesohn
bb469005b2
Add pre-upgrade task for moving credentials file
2018-02-27 17:35:15 +03:00
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
RongZhang
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
RongZhang
b7e06085c7
Upgrade to Kubernetes v1.9.3 ( #2323 )
...
Upgrade to Kubernetes v1.9.3
2018-02-27 14:31:59 +03:00
Chad Swenson
9e85a023c1
Merge pull request #2360 from mattymo/reset_fixes
...
retry unmount kubelet dirs
2018-02-26 18:30:38 -06:00
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
...
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
Nedim Haveric
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00
Brad Beam
c874f16c02
Fixing credential lookup for fe proxy and vault ( #2361 )
2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Matthew Mosesohn
87f33a4644
Use CNI to assign kube_pods_subnet for calico
...
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
Dann Bohn
2d69b05c77
set local_release_dir in downloads to match others
2018-02-21 11:35:34 -05:00
Dann Bohn
2eb57ee5cd
default kube_proxy_mode in kubernetes-defaults
2018-02-21 11:33:25 -05:00
Chris Mildebrandt
85c69c2a4a
Add check for atomic hosts in template
2018-02-21 08:26:18 -08:00
Matthew Mosesohn
c20f38b89c
retry unmount kubelet dirs
2018-02-21 14:41:57 +03:00
Wong Hoi Sing Edison
d4c61d2628
Fixup for gce_centos7-flannel-addons
2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-02-21 13:41:25 +08:00