Commit graph

689 commits

Author SHA1 Message Date
Bogdan Dobrelya
62313afccc Fix etc hosts for cluster nodes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 13:20:51 +01:00
Matthew Mosesohn
bd0f787809 Fix etcd cert generation to support large deployments
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.

Fixes #832
2016-12-30 12:55:26 +03:00
Bogdan Dobrelya
6e1c0cdd15 Systemd units, limits, and bin path fixes
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
  systemd limits due to the lack of consensus in the kernel community
  requires out-of-tree kernel patches.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-28 15:49:42 +01:00
Matthew Mosesohn
2ac2a3ed93 Fix creation and sync of etcd certs
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
2016-12-28 14:21:17 +04:00
Matthew Mosesohn
612c5bb5f1 Merge pull request #818 from mattymo/calico-rr-certs
Fix calico-rr to use etcd certs instead of kube certs
2016-12-28 08:47:16 +03:00
Matthew Mosesohn
716b590f3b Fix calico-rr to use etcd certs instead of kube certs 2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
9b29df183b Rework ignore_errors to report no reds
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2016-12-27 13:00:50 +01:00
Bogdan Dobrelya
222859601e Do not forward bogus domains for upstream resolvers
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-23 11:53:14 +01:00
Matthew Mosesohn
a2c38f5f5f Update etcd.j2 2016-12-22 22:29:24 +03:00
Matthew Mosesohn
e5374af95c Adjust etcd server certificates
ETCD doesn't need cert/key options set. It only requires peer
cert options.
2016-12-22 23:05:17 +04:00
Spencer Smith
f3f16e3676 Workaround etcdctl not yet being installed (#797)
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
2016-12-22 12:41:38 -05:00
Matthew Mosesohn
370ad3acba Merge pull request #760 from genti-t/issue-748-flannel-options
Fix Flannel network on CoreOS
2016-12-22 19:02:31 +03:00
Genti Topija
a42b458fdf Fix Flannel network on CoreOS
Resolves: #748
2016-12-22 16:50:04 +01:00
Matthew Mosesohn
5457799aa3 Individual etcd ssl certs
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
2016-12-22 13:31:11 +03:00
Bogdan Dobrelya
85f31a369e Merge pull request #786 from mattymo/bug777
Add wait for kube-apiserver to kubernetes-apps
2016-12-22 11:02:50 +01:00
Spencer Smith
3575f890fc create systemd drop-in path if not existent 2016-12-21 13:06:12 -05:00
Bogdan Dobrelya
b103799901 Revert "Do not forward private domains for upstream resolvers" 2016-12-21 15:24:17 +01:00
Matthew Mosesohn
b1eb852207 Add wait for kube-apiserver to kubernetes-apps
Fixes #777
2016-12-21 15:39:39 +03:00
Bogdan Dobrelya
f45872b558 Add download_always_pull check and sha256 for docker images
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-20 17:02:09 +01:00
Bogdan Dobrelya
763c1aff72 Merge pull request #722 from bogdando/dnsmasq_armors
Do not forward private domains for upstream resolvers
2016-12-20 14:25:17 +01:00
Bogdan Dobrelya
072c4e4669 Merge pull request #775 from kubernetes-incubator/register_master
Register master node as unschedulable
2016-12-20 14:17:55 +01:00
Bogdan Dobrelya
c147f710ab Merge pull request #774 from kubernetes-incubator/ant31-patch-2
check if calico_peer_rr is defined
2016-12-19 18:19:03 +01:00
Matthew Mosesohn
6a705aa0b5 Fix etcd to-SSL upgrade and task register vars 2016-12-19 15:05:49 +03:00
Bogdan Dobrelya
4d4b0adc03 Do not forward private domains for upstream resolvers
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
2016-12-19 11:01:41 +01:00
Alexander Block
c43615c765 Register master node as unschedulable
Also refactor generation of kubelet args to not repeat args.
2016-12-19 10:47:43 +01:00
Antoine Legrand
c250737b0a Update main.yml 2016-12-17 20:22:39 +01:00
Antoine Legrand
5c280ef54a Merge pull request #704 from vwfs/bastion_hosts
Add support for bastion hosts
2016-12-17 12:08:49 +01:00
Antoine Legrand
5d46f62718 Merge pull request #763 from bogdando/resolver_fallback
Fallback to default resolver if no nameservers
2016-12-17 12:03:41 +01:00
Antoine Legrand
b1841fda76 Merge pull request #766 from kubernetes-incubator/docker12point5
Update docker to 1.12.5
2016-12-17 11:55:06 +01:00
Bogdan Dobrelya
e7e0e82f43 Fallback to default resolver if no nameservers
Current design expects users to define at least one
nameserver in the nameservers var to backup host OS DNS config
when the K8s cluster DNS service IP is not available and hosts
still have to resolve external or intranet FQDNs.

Fix undefined nameservers to fallback to the default_resolver.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-16 14:51:34 +01:00
Bogdan Dobrelya
7fc0b552a0 Revert "Fix wrong path for dhclient.conf on RedHat/CentOS" 2016-12-16 14:49:26 +01:00
Matthew Mosesohn
42dc2351b1 Update docker to 1.12.5
Note the new ubuntu/debian version string change:
https://github.com/docker/docker/issues/29355
2016-12-16 16:30:46 +03:00
Bogdan Dobrelya
fc2f616f94 Merge pull request #745 from kubernetes-incubator/fix_weave_start
Fix weave restart after docker daemon restart
2016-12-16 14:06:48 +01:00
Matthew Mosesohn
76e7048f06 Fix weave restart after docker daemon restart 2016-12-16 14:15:22 +03:00
Antoine Legrand
3bf2c0f54f Merge pull request #757 from kubernetes-incubator/issue754
Add dns_domain for each host to /etc/hosts
2016-12-15 21:42:59 +01:00
Bogdan Dobrelya
290433b89f Merge pull request #755 from kubernetes-incubator/fix_dhclientconf_path
Fix wrong path for dhclient.conf on RedHat/CentOS
2016-12-15 19:08:31 +01:00
Bogdan Dobrelya
80a8193d74 Merge pull request #746 from kubernetes-incubator/etcd_ssl_upgrade_fix
Fix etcd member list when upgrading ETCD from an old version
2016-12-15 12:31:34 +01:00
Matthew Mosesohn
ab4eb809d4 Add dns_domain for each host to /etc/hosts
Fixes #754
2016-12-15 13:34:59 +04:00
Bogdan Dobrelya
c09db6cd54 Merge pull request #749 from kubernetes-incubator/azure_ip_forward
Set net.ipv4.ip_forward=1 on all systems, not only on GCE
2016-12-15 10:19:43 +01:00
Alexander Block
2624da6161 Fix wrong path for dhclient.conf on RedHat/CentOS
/etc/dhclient.conf is ignored on RedHat/CentOS
Correct location is /etc/dhcp/dhclient.conf
2016-12-15 10:11:16 +01:00
Matthew Mosesohn
3b14519208 Fix etcd member list when upgrading ETCD from an old version 2016-12-15 12:00:45 +04:00
Bogdan Dobrelya
f635d224ed Merge pull request #721 from adidenko/calico-add-rr
Add calico/routereflector support
2016-12-14 17:22:00 +01:00
Smaine Kahlouch
af76813bf4 Merge pull request #708 from vwfs/cloud_network
Add support for cloud-provider based networking
2016-12-14 16:23:20 +01:00
Alexander Block
cbcdc7d9a0 Set net.ipv4.ip_forward=1 on all systems, not only on GCE 2016-12-14 15:08:13 +01:00
Aleksandr Didenko
d5a9b34d9e Add calico/routereflector support
Add BGP route reflectors support in order to optimize BGP topology
for deployments with Calico network plugin.

Also bump version of calico/ctl for some bug fixes.
2016-12-14 13:44:10 +01:00
Alexander Block
586ad91300 Add --reconcile-cidr flag to kubelet to support cloud network plugin in 1.4 2016-12-13 17:30:10 +01:00
Alexander Block
6887948537 Add check for azure_route_table_name and add it to all.yml 2016-12-13 17:30:10 +01:00
Alexander Block
5b0034c420 Add pseudo network plugin called "cloud" to use cloud provider for network
Allow to let the cloud provider configure proper routing for nodes.
2016-12-13 17:30:10 +01:00
Alexander Block
433eb1dc53 Add support for bastion hosts 2016-12-13 17:29:47 +01:00
Antoine Legrand
e22e4c02db Merge branch 'master' into standalone_kubelet 2016-12-13 17:26:21 +01:00