Commit graph

1612 commits

Author SHA1 Message Date
Brad Beam
4b5f780ff0
Merge pull request #2357 from octarinesec/eyeofthefrog/set_TasksMax_infinity_for_ubuntu
Set TasksMax to infinity on any OS with systemd
2018-02-22 21:31:10 -06:00
Brad Beam
31659efe13 Fixing cert name in calico/canal for etcd check (#2358) 2018-02-22 17:37:07 +03:00
Brad Beam
c874f16c02 Fixing credential lookup for fe proxy and vault (#2361) 2018-02-22 15:09:26 +03:00
Maxim Krasilnikov
ba91304636 Fixed generate front proxy client certs with vault (#2359)
* Fixed generate front proxy client certs with vault

* fix vault cert management

* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268 Add health check to kube proxy (#2356)
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73 Set filemode to 0640 (#2315)
* Set filemode to 0640

weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.

* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Chris Mildebrandt
85c69c2a4a Add check for atomic hosts in template 2018-02-21 08:26:18 -08:00
Chris Mildebrandt
c19d8994b9 Set TasksMax to infinity on any OS with systemd 2018-02-20 11:55:13 -08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022 Added cilium support (#2236)
* Added cilium support

* Fix typo in debian test config

* Remove empty lines

* Changed cilium version from <latest> to <v1.0.0-rc3>

* Add missing changes for cilium

* Add cilium to CI pipeline

* Fix wrong file name

* Check kernel version for cilium

* fixed ci error

* fixed cilium-ds.j2 template

* added waiting for cilium pods to run

* Fixed missing EOF

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed too many blank lines

* Updated tolerations,annotations in cilium DS template

* Set cilium_version to iptables-1.9 to see if bug is fixed in CI

* Update cilium image tag to v1.0.0-rc4

* Update Cilium test case CI vars filenames

* Add optional prometheus flag, adjust initial readiness delay

* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
RongZhang
c0aad0a6d5 Fix install etcd by host service (#2297)
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b Increased timeout values for k8s API server restart 2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config (#2291) 2018-02-12 10:29:46 +03:00
Antoine Legrand
46284198f8
Merge pull request #2298 from clkao/patch-2
Fix version comparison
2018-02-11 17:22:39 +01:00
RongZhang
bbb1da1a83
Fix default_resolver is undefined
fix issues #2265
2018-02-10 10:08:26 -06:00
Wong Hoi Sing Edison
07075add3d Add optional StorageClass name with cephfs_provisioner_storage_class 2018-02-10 20:31:34 +08:00
Chia-liang Kao
338238d086
Fix version comparison
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
Brad Beam
03bb729fea Making status and detection mo betta 2018-02-09 12:30:46 -06:00
mlushpenko
4e61fb9cd3 Refactored kubeadm join process and fixed uncrodonng for master nodes 2018-02-09 15:51:47 +01:00
mlushpenko
b472c2df98 Fix safe upgrade
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335, so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
mkrasilnikov
bc67deee78 Added missing cephfs_provisioner_enabled to kubespray-defaults vars 2018-02-09 17:03:38 +03:00
jasdeep-hundal
f57abae01e Remove redundant python-apt install
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
Antoine Legrand
275b1d6897
Merge pull request #2274 from mirwan/local_volume_provisioner_configmap_in_daemonset
Local volume provisioner fixes
2018-02-09 00:59:47 +01:00
Erwan Miran
e9a676951b storageClass name template as suggested by @eyeofthefrog 2018-02-09 00:11:07 +01:00
Antoine Legrand
b31d905704
Merge pull request #2230 from hswong3i/cephfs_provisioner
Add cephfs_provisioner Support for Kubespray
2018-02-08 16:52:15 +01:00
Aivars Sterns
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
baremetal tweaks
2018-02-08 15:48:55 +00:00
Aivars Sterns
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
Aivars Sterns
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
Wong Hoi Sing Edison
b25e0f82b1 Add cephfs_provisioner Support for Kubespray 2018-02-08 22:27:54 +08:00
Maxim Krasilnikov
cae1c683aa
Merge pull request #2271 from leseb/retry-get-token
kubernetes-apps: retry get default token name
2018-02-08 16:46:32 +03:00
Antoine Legrand
57e7a5a34a
Merge pull request #2233 from hswong3i/multiple_inventory_dir
Support multiple inventory files under individual inventory directory
2018-02-08 11:57:04 +01:00
Antoine Legrand
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
Erwan Miran
e1aaef7d4d Removal of surnumerary slash 2018-02-08 09:06:17 +01:00
Wong Hoi Sing Edison
1a1d154e14 Support multiple inventory files under individual inventory directory 2018-02-08 08:08:15 +08:00
Brad Beam
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
Erwan Miran
abfb147292 MountDir in configmap and daemonset must be the same 2018-02-07 18:42:42 +01:00
Erwan Miran
44eb03f78a typo 2018-02-07 17:57:54 +01:00
Erwan Miran
857784747b local-provisioner:v1.0.1 still expects json configmap 2018-02-07 17:47:05 +01:00
Erwan Miran
7a2cb5e41c local-provisioner:v1.0.1 still uses VOLUME_CONFIG_NAME env to read ConfigMap 2018-02-07 17:01:19 +01:00
Antoine Legrand
712bdfc82f
Merge pull request #2260 from mirwan/local_volume_provisioner_fixes
local_volume_provisioner_enabled replacement
2018-02-07 13:42:00 +01:00
Sébastien Han
34bd47de79 kubernetes-apps: retry get default token name
In some installation, it can take up to 3sec to get the value. Retrying
for 5 sec will ensure the command won't return 1.

Signed-off-by: Sébastien Han <seb@redhat.com>
2018-02-07 12:09:51 +01:00
Antoine Legrand
fe57c13b51
Merge pull request #2172 from leseb/etcd-auth
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
2018-02-07 11:25:56 +01:00
woopstar
f9df692056 Issue front proxy certs for vault 2018-02-07 11:03:10 +01:00
woopstar
f193b12059 Kubeadm auto creates this 2018-02-07 10:50:34 +01:00
woopstar
2cd254954c Remove defaults of allowed names. Updated kubeadm 2018-02-07 10:07:55 +01:00
woopstar
4dab92ce69 Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault 2018-02-07 09:50:19 +01:00
Erwan Miran
ca08614641 yamllint fix 2018-02-07 09:12:28 +01:00
rong.zhang
47adf4bce6 Disalbe install epel-release rpm on Centos/Redhat
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00