Commit graph

3557 commits

Author SHA1 Message Date
Maxime Guyot
6e938a3106
Fix E306 in other roles (#6517) 2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 (#6571) 2020-08-27 10:15:53 -07:00
Florian Ruynat
8ba3d7ec75
Add Kubernetes 1.19 hashes (#6593) 2020-08-27 09:45:53 -07:00
Hans Feldt
9e2d282709
cri-o: add variable to configure unsecure pull (#6568)
By default do not allow "unqualified" (without a registry) images
because it is considered unsecure and subject to mitm attacks.

To enable insecure pull configure for example:

crio_registries:
  - "docker.io"
  - "quay.io"
2020-08-27 09:09:53 -07:00
Florian Ruynat
706c7cb4f1
etcd should not fail when adding an already existing member (#6587) 2020-08-27 02:33:01 -07:00
Florian Ruynat
e7ee19bd66
Update bunch of dependencies with minor fixes (#6570) 2020-08-27 02:25:01 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress (#6508)
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Barry Melbourne
8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) (#6581) 2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre
e6dae03a0d
Add cilium hubble server in config (#6575)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Arthur Outhenin-Chalandre
2f2ed116f7
Improve metallb template for bgp peers (#6574)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Kuralamudhan Ramakrishnan
e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 (#6531)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat
1ff95e85f4
Rollback coredns, should not have been updated before 1.19 (#6573) 2020-08-26 03:30:03 -07:00
Sulochan Acharya
36924b63dc
Allow webhook authorization (#6502) 2020-08-24 06:29:41 -07:00
jeanfabrice
411510cbe6
Use proper openssl command to differentiate between host and ip in API certificate check (#6392)
* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
2020-08-21 02:03:39 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again (#6493) 2020-08-21 00:13:51 -07:00
Lars
ca66a96d0a
make pre-remove node draining a failable task (#6442)
and add configuration to allow ungraceful removal
2020-08-21 00:13:39 -07:00
Marc-Antoine
0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 (#6562) 2020-08-21 00:10:03 -07:00
*=0=1=4=*
a8e2110b2d
#6552 Update extras_rh_repo_base_url (#6556) 2020-08-21 00:09:55 -07:00
Christian Strack
250541d29d
Use proper pypy download url in bootstrap script (#6555)
The bootstrap-os role uses a bootstrap script to provision a
python interpreter on flatcar and container os hosts. As the
pypy project switched to another hoster, the download url changed.

If applied this will use the new proper pypy download url in bootstrap script
2020-08-21 00:09:47 -07:00
Florian Ruynat
142b9e1eff
Update k8s hashes and set default version to 1.18.8 (#6532) 2020-08-21 00:09:39 -07:00
Michal Petko
91ae87fa60
Fix setting node label if kube_override_hostname is defined (#6557) 2020-08-20 06:23:30 -07:00
tasekida
d6456d13c2
Update coredns to 1.7.0 (#6538) 2020-08-20 04:33:44 -07:00
Florian Ruynat
98f7485303
Update weave to 2.7.0 + minor update to Cilium (#6501) 2020-08-20 04:33:36 -07:00
Samuel Liu
a42d811420
fix scale playbook (#6482) 2020-08-20 04:33:23 -07:00
Barry Melbourne
bf6fdce339
Fix cert-manager E305 ansible-lint error (#6549) 2020-08-20 04:25:45 -07:00
Bernard Landon
fa378f09c3
Edited pre-upgrade task to uncordon a node failing to drain (#6546) 2020-08-20 04:25:36 -07:00
holmesb
d8a749fd27
Update apiserver-audit-policy.yaml.j2 (#6526) 2020-08-18 00:49:37 -07:00
Florian Ruynat
78ceef6b15
Remove unused variable (#6522) 2020-08-18 00:45:29 -07:00
Arthur Outhenin-Chalandre
ca8e59fa85
Add new cilium options for native routing (#6519)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:39:42 -07:00
Bernard Landon
b0210567aa
Fixed Kubespray container-engine/docker role to populate docker.service (#6518) 2020-08-18 00:39:30 -07:00
Arthur Outhenin-Chalandre
33ec13293b
Fix cilium_deploy_additionally with kubeadm etcd (#6514)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:36 -07:00
Arthur Outhenin-Chalandre
bedb411d06
improve Cilium metrics support (#6513)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:29 -07:00
Erwan Miran
ef3e98807e
tlsminversion and tlsciphersuites kubelet (#6490) 2020-08-13 02:48:13 -07:00
Arthur Outhenin-Chalandre
35682b5228
Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix cilium strict kube-proxy in HA

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add a single global endpoint variable

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add cilium docs about kube-proxy replacement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix issues in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Barry Melbourne
9cc70e9e70
Upgrade JetStack Cert-Manager to v0.15.2 (#6414)
* Upgrade JetStack Cert-Manager to v0.15.2

* Add README.md table of contents
2020-08-05 23:26:55 -07:00
Maxime Guyot
fc23f37af7
Fix E306 in roles/kubernetes (#6500) 2020-08-05 07:56:28 -07:00
Sulochan Acharya
bfe143808f
Allows tls verify skip on webhook auth url (#6472) 2020-08-05 05:02:29 -07:00
Mike Williams
e72dbf3dfc
Option for MetalLB to talk BGP (#6383)
* Option for MetalLB to talk BGP

* Check for BGP peers when metallb_protocol is bgp

* README clarification

* Commented values as documentation only in the sample inventory

* layer 2 or BGP, not both
2020-08-05 01:52:40 -07:00
bozzo
cc70200a07
Fix Flexvolume mount in Openstack Controller (#6480) 2020-08-04 05:28:35 -07:00
Steven Reitsma
f3c17361da
Create a PodDisruptionBudget for the Cinder CSI controllerplugin (#6385) 2020-08-04 05:28:19 -07:00
Victor Morales
bdf0238328
Upgrade molecule to v3 (#6468)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-08-04 05:24:19 -07:00
Florent Monbillard
39b907cdfb
Remove workaround for kubeadm upgrade (#6478)
https://github.com/kubernetes/kubeadm/issues/1498 was closed
2020-08-03 01:17:40 -07:00
Florian Ruynat
24a7878e7c
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 (#6479) 2020-08-01 00:34:04 -07:00
Konstantin Lebedev
2364a84579
fix src for audit webhook config yaml (#6470) 2020-08-01 00:33:56 -07:00
Hans Feldt
c6e5be91e9
crio: align template crio.conf with upstream (#6432)
* log level by default increased to 'info'
* cgroup manager by default set to 'systemd'
* stream port (used by kubelet) bound to 127.0.0.1 for security reasons
* metrics can be enabled and port specified
2020-08-01 00:33:48 -07:00
fulii
ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. (#6396) 2020-08-01 00:33:40 -07:00
Maxime Lavandier
bd60df97aa
Fix download calico policy condition (#6474) 2020-08-01 00:29:48 -07:00
Cristian Chiru
94df580674
Moved docker_dns_options to defaults so it can be overridden (#6394)
* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray (#6381)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Florian Ruynat
bf6168fca8
Move fedora30 jobs to fedora32 (#6426) 2020-07-30 23:31:07 -07:00
Florian Ruynat
a78e861a89
Fix test if openstack_cacert is a base64 string (#6421) 2020-07-30 13:15:17 -07:00
Arthur Outhenin-Chalandre
3550e3c145
Adding kube-proxy-replacement support in cilium (#6334)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Vladimir Masarik
8425c2363b
Replaced a broken link (#6467) 2020-07-30 00:58:31 -07:00
Samuel Liu
15ec44901d
azure csi typo (#6469) 2020-07-30 00:52:31 -07:00
Florent Monbillard
924cc11af6
Upgrade to kubernetes 1.18.6 (#6405)
- Add 1.17.9 and 1.16.13 SHAs
2020-07-29 14:54:09 -07:00
Maxime Guyot
fe46349786
Fix ansible-lint E301 for commands fetching data (#6465) 2020-07-28 08:39:47 -07:00
Maxime Guyot
214e08f8c9
Fix ansible-lint E305 (#6459) 2020-07-28 01:39:08 -07:00
Maxime Guyot
8bd3b50e31
Fix ansible-lint E404 (#6417) 2020-07-28 01:21:08 -07:00
Maxime Guyot
e70f27dd79
Add noqa and disable .ansible-lint global exclusions (#6410) 2020-07-27 06:24:17 -07:00
Florian Ruynat
b680cdd0e4
Move healthz check to secure ports (#6446) 2020-07-27 00:26:17 -07:00
Florian Ruynat
c9f63e5016
Update multus version & crio conf (#6444) 2020-07-26 23:36:16 -07:00
Florian Ruynat
d8a197ca51
Fix remove etcd broken with etcdctl_api 3 (#6448) 2020-07-26 23:32:29 -07:00
Hugo Blom
1f9841f609
update cinder csi manifests (#6434) 2020-07-26 23:32:17 -07:00
Florian Ruynat
aa21edeb53
Update docker package to 19.03.12 (#6439) 2020-07-22 09:26:06 -07:00
Konstantin Lebedev
4b80a7f6fe
Felix configuration via extraenvs of calico node (#6433) 2020-07-22 00:08:04 -07:00
Michael Sheinberg
e06e6895da
Remove dbus-tools from coreos bootstrap (#6428)
Trying to layer this package on Fedora 32 causes the install to crash
and furthermore it looks like the original bug linked to in the comment
has been resolved for Fedora 31
2020-07-22 00:04:04 -07:00
Florian Ruynat
50fc82acdc
Minor update to Cilium and Calico (#6438) 2020-07-21 23:58:33 -07:00
Igor Vuk
ea67bb6e41
Fix typo: Modprode -> Modprobe (#6429) 2020-07-21 23:58:25 -07:00
Minjong Kim
b19f2e2d3d
Update the calico_veth_mtu setting to affect IP-in-IP users (#6419)
* Update calico_veth_mtu to FELIX_IPINIP variable

calico_veth_mtu is specified in the configuration, but since it only works for wireguard, modify it to work for IP-in-IP users.

* Update template with more cleaner expression
2020-07-21 23:58:18 -07:00
chenguoquan1024
9c48f666ec
change /etc/ssl/etcd to etcd_config_dir param (#6408)
* change /etc/ssl/etcd to etcd_config_dir param

* add use etcd_events_data_dir param
2020-07-21 23:58:05 -07:00
Florent Monbillard
bf8c8976dd
Upgrade etcd to 3.4.3 (#5998) 2020-07-20 07:26:51 -07:00
Konstantin Lebedev
a7ec0ed587
add audit webhook support (#6317)
* add audit webhook support

* use generic name auditsink
2020-07-20 01:32:54 -07:00
Arthur Outhenin-Chalandre
1a1fe99669
Add a way to deploy cilium alongside another CNI (#6373)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-17 05:57:01 -07:00
Florian Ruynat
5e22574402
Remove allow-release-candidate-upgrades already include in experimental-upgrades flag (#6349) 2020-07-15 00:26:37 -07:00
chenguoquan1024
e1873ab872
add calico-node selinux (#6359) 2020-07-15 00:22:38 -07:00
Kenichi Omichi
29312a3ec0
Add oomichi to reviwers of MetalLB addon (#6393)
I'd like to review PRs related to metallb addon as possible to make
it better, and it would be easy to track related PRs if becoming the
reviewer.
2020-07-14 20:44:37 -07:00
Qasim Sarfraz
feeb701c13
Respect kube_override_hostname during removal/upgrade (#6347)
* respect kube_override_hostname during removal/upgrade

* Use hostvars in loop
2020-07-13 07:18:40 -07:00
Daniel Schade
b347aefd61
Fixed fedora modular repos activation for fcos (#6300)
* Enable fedora modular repos for fcos #6299

* Fixed fedora modular repos activation for fcos #6300
2020-07-13 07:18:32 -07:00
Arthur Outhenin-Chalandre
abfa1636e4
Fix kube-proxy post deployment removal (#5554)
* Fix kube-proxy removal

* Fix unwanted skipped task for kube-proxy
* Fix kube_proxy_remove default

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add test for kube-router svc proxy

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-13 07:12:33 -07:00
Steven Reitsma
deca5ec903
Remove old csi-attacher flag and fix RBAC for Cinder CSI (#6358)
Add proper RBAC for new csi-attacher version
2020-07-13 04:48:32 -07:00
Arthur Outhenin-Chalandre
05b9f14b76
Update cilium minimum kernel preinstall check (#6376)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-13 04:44:32 -07:00
petruha
4cb576da19
Add readiness probe to dns-autoscaler (#6382) 2020-07-13 02:50:34 -07:00
Hans Feldt
22996babcf
allow kubeadm to upgrade etcd (#6345)
Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-07-07 12:36:00 -07:00
Hans Feldt
75ad868cbd
crio: harden downloads with retry (#6374)
CI job 624031102 failed with:

fatal: [ubuntu1804]: FAILED! => {"changed": false, "msg": "Failed to download key at https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_18.04/Release.key: Request failed: <urlopen error [Errno -3] Temporary failure in name resolution>"}

Assuming its a temporary problem it should get more robust with a
couple of retries like in other roles.

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-07-07 12:32:01 -07:00
spaced
9433fe46c8
Add workaround with include_task for mitogen (#6312) 2020-07-07 08:09:59 -07:00
Sam Lin
6bb47d8adb
Fix can't remove etcd node (#6363)
* add remove_node_ip

* move remove_node_ip to remove etcd part

* fix: remove tail space

* fix: handle ubuntu: focal
2020-07-04 02:02:48 -07:00
Maxime Guyot
57eefdd458
Fix azure-cloud-config.j2 JSON syntax (#6364) 2020-07-02 23:38:47 -07:00
Kenichi Omichi
060d25fc79
Update MetalLB README.md (#6350)
Recently MetalLB becomes one of addons with renaming the options.
This updates MetalLB README.md for this change.
2020-07-02 07:12:54 -07:00
Pasquale Toscano
4ce970c0b2
Cilium: overwrite auto-detected MTU of underlying network (#6329) 2020-07-02 07:12:47 -07:00
nurekage
017df7113d
Patch Calico for V3.14.0 missing CR and CRD (#6276) 2020-07-01 08:44:16 -07:00
Maxime Guyot
00fe3d5094
Explicitly set ETCDCTL_API and use ETCDCTL_ENDPOINTS (#6327) 2020-07-01 04:56:16 -07:00
Paul Rey
bcac3c62a2
Add additional metadata configuration options to external Openstack CCM (kubernetes-sigs#6338) (#6339)
* Add additional metadata configuration option to external Openstack CCM (kubernetes-sigs#6338)

* Set the variable external_openstack_metadata_search_order undefined by default
2020-07-01 04:52:17 -07:00
Florian Ruynat
2a82dff3ae
Remove runtime-config from kubeadm if empty (#6311) 2020-06-30 11:22:05 -07:00
Florian Ruynat
16ec5939c2
Update deprecated api (#6245) 2020-06-30 09:00:07 -07:00
Florian Ruynat
b064274e27
Update kube-router to 1.0.0 (#6211) 2020-06-30 08:54:06 -07:00
Hans Feldt
ae003af262
Fix kubelet cgroup driver detection for crio (#6331)
* Fix kubelet cgroup driver detection for crio

Remove fact standalone_kubelet since it is not used

* Fix yamllint complaints of roles/kubernetes/node/tasks/facts.yml

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-30 02:32:05 -07:00
Florian Ruynat
f515898cb5
Update hashes and set default version to 1.18.5 (#6335) 2020-06-30 02:00:05 -07:00
Kenichi Omichi
25bab0e976
Change MetalLB to one of addons (#6238)
This changes MetalLB contrib to one of addons for deploying MetalLB with
Kubernetes cluster deployment. By the default, Kubespray doesn't deploy
MetalLB addon.
2020-06-29 15:11:59 -07:00
Florian Ruynat
8213b1802b
Update calico to 1.15.0 + minor update to kube-ovn/weave (#6306) 2020-06-29 14:39:58 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file (#6307) 2020-06-29 12:39:59 -07:00
bozzo
09b23f96d7
Use NetworkManager to manage resolv.conf in FedoraCoreOS (#6291) 2020-06-29 00:26:17 -07:00
Mateus Caruccio
1892cd65f6
Add support for dns_etchosts (#6236) 2020-06-26 00:03:31 -07:00
Erwan Miran
d3ca9d1db9
kube_encryption_resources must be output as yaml (#6309) 2020-06-25 23:59:31 -07:00
Qasim Sarfraz
16ad344c41
Gather ansible_default_ipv4 for specific groups (#6318) 2020-06-25 23:55:31 -07:00
Mike Dziedziela
8ca2a9a7d5
added azure_cloud parameter to Azure's cloud_config (#6321) 2020-06-25 14:35:30 -07:00
bozzo
276c450759
Use connection: local when delegate_to: localhost (#6322)
This will avoid SSH connection on the local host
2020-06-25 08:14:38 -07:00
irizzant
a6a6e843af
Add /dev volume (#6319) 2020-06-25 06:22:38 -07:00
Florian Ruynat
f54f63ec3f
Update cilium to 1.8.0 (#6314) 2020-06-25 06:16:38 -07:00
Hans Feldt
93951f2ed5
fix use of ansible tags (#6316)
tags are not inherited for include_role therefore the change
from include to import

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-25 03:00:37 -07:00
Samuel Liu
c29b21717d
Add event-ttl duration (#6310)
* Add event-ttl duration

* Fix wrong location
2020-06-24 08:15:17 -07:00
Alvaro
80d16e6c91
Support for Ambassador OSS as an Ingress (#6135)
Support for Ambassador OSS as an Ingress Controller when
settings `ingress_ambassador_enabled: true`.

Signed-off-by: Alvaro Saurin <alvaro.saurin@gmail.com>
2020-06-24 07:39:17 -07:00
Joel Seguillon
d50fe9550c
bump dashboard to 2.0.2 (#6303) 2020-06-22 01:14:40 -07:00
Pasquale Toscano
8f5c4dcd2e
Add support for Kata Containers (#6256)
* Install Kata Containers as additional container runtime

* Create RuntimeClasses for Kata Containers

* Updated Vagrant to optionally run without Docker as container manager

* Updated Vagrant to optionally use Libvirt nested virtualization

* Add Kata Containers documentation

* Fix lint errors

* Add kata_containers_enabled to kubespray-defaults

* Fixed typo error

* Fixed typo error
2020-06-22 00:28:39 -07:00
Florian Ruynat
90c867b424
Update loadbalancers versions (haproxy&nginx) (#6278) 2020-06-18 07:48:19 -07:00
Florian Ruynat
eeb77369cb
Update hashes and set default to 1.18.4 (#6285) 2020-06-18 06:30:19 -07:00
Maxime Guyot
605cfeb3e4
Test bootstrap-os on more platforms (#6277) 2020-06-17 04:52:39 -07:00
Maxime Guyot
c6588856c7
Add Ubuntu 20.04 support and use Python 3 (#6157) 2020-06-16 13:04:05 -07:00
Samuel Liu
dba645421f
ADD tls cipher suites support (#6024)
* ADD tls cipher suites support

yaml lint

yamllint

* update test case

* update test case
2020-06-16 04:10:05 -07:00
Florian Ruynat
f437ac0b27
Fix nologin wrong path (#6272) 2020-06-16 02:30:04 -07:00
Florian Ruynat
19d4b5dd04
Update various dependencies (#6265) 2020-06-16 01:08:03 -07:00
Kenichi Omichi
78251b0304
Fix check external_openstack_tenant_name value (#6270)
We need to specify either external_openstack_tenant_name or
external_openstack_tenant_id. Those values were checked by seeing they
are defined or they have actual values separately.
However those values are always defined because of the following code
of openstack/defaults/main.yml:

external_openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
external_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"

So even if not specifying both values, those checks could not detect
the misconfiguration. This fixes this to detect the misconfiguration.
2020-06-16 01:02:03 -07:00
mohsen
10e54eca26
make better condition for applying nf_conntrack kernel tweak (#6267)
* MINOR: Check kernel version before enable modprobe nf_conntrack

* CLEANUP: no more need to ignore error of this task

* MINOR: Fixing yaml and ansible lint error - remove trailling-space
2020-06-16 00:34:06 -07:00
Hans Feldt
a8740c6e13
fix a few tasks falsely reporting "changed" (#6269)
Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-16 00:24:03 -07:00
Y0UZ45
06391b6dd9
Fix kubectl.sh parameter quoting (#6239)
If the special parameter "$@" is not quoted, the following command will not work:

./kubectl.sh patch storageclass my-storage-class -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
2020-06-14 13:57:57 -07:00
marcosfsch
8dc01df60b
Oracle Linux 8 support and fixes (#6198)
* Add oraclelinux8 and disable firewalld

Add oraclelinux8 image and disable firewalld on oraclelinux VMs

* Fix Oracle Linux repositories

As documented in: http://yum.oracle.com/getting-started.html#installing-software-from-oracle-linux-yum-server
public-yum-ol7.repo was deprecated on release 7.6. Some repos were integrated into oracle-linux-ol7.repo (i.e.: ol7_latest, ol7_addons) and other are available as packages (epel). This also adds support for oraclelinux8

* Fix to use ansible_distribution_version

Instead of ansible_distribution_major_version

* Update README.md
2020-06-12 01:59:56 -07:00
Florian Ruynat
a9de6dde33
Cleanup unneeded elif in kubelet env file (#6261) 2020-06-12 01:27:55 -07:00
Unai Arríen
1912df7e3e
Create /etc/gai.conf if not exists when disable_ipv6_dns is 'true' (#6258) 2020-06-12 00:55:55 -07:00
Hugo Blom
e1ba25a4fb
Bump CSI containers to latest version (#6221)
* bump csi containers

* bump snapshoter to 2.1.1
2020-06-12 00:51:55 -07:00
Kenichi Omichi
10a17cfe54
Look up OS_PROJECT_NAME for OpenStack project name (#6262)
On OpenStack history, we used to call "tenant" for separeted namespace.
However we use "project" now instead.
Then we have replaced "tenant" with "project". Then all "TENANT" variables
also are renamed to "PROJECT".
This makes Kubespray search "PROJECT" variable also for newer OpenStack
clouds.
2020-06-12 00:47:56 -07:00
Alexander Evseev
5a311236c4
Enable portmap CNI plugin with kube-router (#6204)
... to have working `hostPort` for containers.

See: https://www.kube-router.io/docs/user-guide/#hostport-support
2020-06-10 10:08:52 -07:00
Yousong Zhou
a7b8708dfc
calico: use absolute path to docker, crictl binary (#6253)
To avoid the following error (ignored when pipefail is off)

  RUNNING HANDLER [network_plugin/calico : containerd | delete calico-node containers] *******************************************************************************
  changed: [node1] => {"attempts": 1, "changed": true, "cmd": "crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c \"crictl stopp % && crictl rmp %\"", "delta": "0:00:00.004240", "end": "2020-06-10 03:32:41.316955", "rc": 0, "start": "2020-06-10 03:32:41.312715", "stderr": "/bin/sh: crictl: command not found", "stderr_lines": ["/bin/sh: crictl: command not found"], "stdout": "", "stdout_lines": []}
2020-06-10 03:22:08 -07:00
Florian Ruynat
ecc3a0aec5
Update kube-ovn to 1.2.0 - also update minor version for multus and weave (#6223) 2020-06-09 12:09:01 -07:00
Craig Rodrigues
144743e818
Fix indentation in a few places so file can be round-tripped more easily (#6178)
with the Python ruamel.yml library

- Change True/False to true/false in a few places so file can
  be more easily round-tripped with the Python ruamel.yml library
2020-06-09 06:39:20 -07:00
Alexander Petermann
7712bd0c76
remove ectd node in pre step, instead of post step (#6099) 2020-06-09 05:37:17 -07:00
Florian Ruynat
101686c665
Remove outdated CriticalAddonsOnly toleration and critical-pod annotation (#6202) 2020-06-09 05:23:30 -07:00
Danilo Riecken P. de Morais
50204d9551
Add rpm-ostree cleanup task (#5986) 2020-06-09 02:49:17 -07:00
Florian Ruynat
6852f821a5
Update nginx ingress to 0.32.0 (#6063) 2020-06-09 02:45:18 -07:00
Florian Ruynat
953bc8dee2
Update docker & docker-cli to 19.03.11 (#6225) 2020-06-07 23:55:46 -07:00
Hugo Blom
3f443f3878
set allowVolumeExpansion in cinder csi (#6220) 2020-06-05 08:27:43 -07:00
Lovro Seder
5dd85197af
Manage containerd.io package with docker CRI. (#6218)
* Manage containerd.io package with docker CRI.

* Refactor common containerd stuff to separate role

* Fix check mode and unnecessary shell.
2020-06-05 05:55:44 -07:00
spaced
750db9139a
fix CRI-O repos for centos distributions (#6224)
* fix CRI-O repos for centos distributions

* fix CRI-O repos for centos distributions
- revert workarounds

* fix CRI-O repos for centos distributions
- use https for centos repos

* avoid 302 redirects for centos repos
2020-06-04 01:08:44 -07:00
Hugo Blom
f2c8b393e1
Upgrade calico to 3.14.1 (#6219)
* upgrade calico to 3.14.1

* add checksums for calico 3.14.1 and update readme
2020-06-03 00:38:17 -07:00
Aleksandr Loktionov
85b3526617
Fix vSphere CPI configMap and vSphere CSI secret re-deploy (#6209) (#6210) 2020-06-02 05:42:15 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests (#6208)
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.

According to the documentation:

```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```

Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. (#6217) 2020-06-01 12:44:14 -07:00
Florian Ruynat
6bc60e021e
Update minor version for dependencies (#6206) 2020-05-29 05:11:24 -07:00
petruha
54816f1217
Update containerd package to 1.2.13-3.2.el7 (#6162)
* Update containerd package to 1.2.13-3.2.el7

* Update Fedora containerd package versions.

* Update Redhat containerd stable and edge packages.
2020-05-29 05:11:16 -07:00
jeanfabrice
be3283c9ba
Fix conflicting clusterIP fact between coredns and nodelocaldns (#6195) 2020-05-29 04:27:15 -07:00
Florian Ruynat
45d8797dce
Fix download boolean for local_path_provisioner (#6177) 2020-05-28 06:56:02 -07:00
Cody Seavey
b6e21a18cc
Modify the populate no_proxy task to use a combine rather than relying on the hash_behaviour setting to be set to merge rather than replace (#6112) 2020-05-28 06:42:03 -07:00
petruha
f959cc296f
Fix metrics-server rules (#6165) 2020-05-28 03:18:02 -07:00
Flavien
ab44beba17
weave: support any taint effect in daemonset tolerations (#6159)
Since weave 2.5.1, `NoExecute` taint effect is no more supported,
this changes the daemonset tolerations to change this behavior.

Also remove the toleration key `CriticalAddonsOnly` not required anymore.
2020-05-28 01:10:02 -07:00
Florian Ruynat
b2a0b649fd
Add new Kubernetes version hashes and set default to 1.18.3 (#6173) 2020-05-28 01:02:03 -07:00
Florian Ruynat
6179405e84
Update docker default to 19.03 - cleanup docker docs & refs (#6153) 2020-05-28 00:52:02 -07:00
spaced
1be15a0864
Enable crio 1.18 (#6197) 2020-05-28 00:42:15 -07:00
Etienne Champetier
41b44739b1
Bump CNI plugins to 0.8.6 (#6196)
https://github.com/containernetworking/plugins/releases/tag/v0.8.6

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-05-28 00:42:03 -07:00
Samuel Liu
38ca58ae8d
update pause images version: 3.2 (#6190) 2020-05-28 00:38:02 -07:00
Wang Zhen
d62836f2ab
Replace seccomp profile docker/default with runtime/default (#6170)
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00
Florian Ruynat
e9ce7243b8
Match docker-cli version with docker-engine version (when available) (#6163) 2020-05-25 05:37:11 -07:00
404notfoundhard
d036a04d4d
restart kubelet service when kube-config.yml is changed (#5402)
* fix(kubelet): exec notify restart kubelet service when kube-config.yml changed

* Revert "refactor(kubelet handler): change task name("reload kubelet") this is misleading"

This reverts commit 8f5d29560802c7c997293adb1ce9f84d3b20b6cb.

* fix(handlers,kubelet): setting right notify task name
2020-05-19 10:13:37 -07:00
Maxime Guyot
35ad57674e
Update containerd to 1.2.13-2 (#6156) 2020-05-18 07:57:36 -07:00
qvicksilver
437189c213
Fix missing permissions for OpenStack cloud-controller-manager preventing metrics scraping (#6124) 2020-05-18 02:35:45 -07:00
Paul Rey
b5aaaf864d
Add additional network configuration options to external Openstack CCM (#6083) (#6085)
* Add additional network configuration options to external Openstack CCM (#6083)

* Change the default version of external openstack cloud controller image to v1.18.1 since there was an issue in v1.18.0 where some IPs of the private network were ignored

* Change Network section in external-openstack-cloud-config.j2 to Networking

* Add networking customization information in the openstack documentation
2020-05-18 02:31:36 -07:00
bozzo
d948839320
Fix resolv.conf configuration for Fedora CoreOS. (#6138) 2020-05-18 02:27:36 -07:00
Mateus Caruccio
a5af58c05a
Fix apiserver port when upgrading (#6136) 2020-05-18 01:21:36 -07:00
Matthew Mosesohn
fda05df5f1
Only fix kube-proxy address on evaluating kube_master hosts (#6152)
Change-Id: I83a7101a6cd99eb531d8385de5c31aee4f474469
2020-05-17 13:05:36 -07:00
jeanfabrice
3997aa9a0f
Use OS packaging default value for apparmor_profile in crio.conf (#6125) 2020-05-14 21:47:00 -07:00
tasekida
81292f9cf3
Fix apt update don't access Docker’s official repository for Ubuntu (#6106) 2020-05-13 07:06:26 -07:00
Florian Ruynat
1f9ccfe54d
Rollback metrics-server version and enable in one CI test (#6130) 2020-05-13 06:20:26 -07:00
Hector S
a3131e271a
Removed env vars DOCKER_NETWORK_OPTIONS and INSECURE_REGISTRY from docker.service.j2 (#6126) 2020-05-12 13:46:21 -07:00
Anton Kulikov
ed12936be2
Add missing RBAC rule #6116 (#6121) 2020-05-11 04:25:51 -07:00
Florian Ruynat
7c00ce5f30
Update metrics-server tag and template (#6090) 2020-05-11 03:55:50 -07:00
Florian Ruynat
c87bd53352
Update calico to 3.14.0 (#6120) 2020-05-11 03:51:51 -07:00
Andrew DeMaria
af1c93cdfc
Add option to expose metrics on separate port (#6092) 2020-05-10 12:21:51 -07:00
petruha
9ce7fc9b2c
Create namespace when dashboard deployment uses customized namespace. (#6107)
* Create namespace when dashboard deployment uses customized namespace.

* Fix syntax.
2020-05-10 11:38:02 -07:00
Florian Ruynat
b6243bfc1c
Fix ImagePullPolicy missing variable usage (#6091) 2020-05-10 11:37:50 -07:00
Florian Ruynat
93579773d6
Cleanup kubernetes 1.15.x hashes (and references) as it has now reached EOL (#5876) 2020-05-09 12:19:50 -07:00
Florian Ruynat
0bd23f720d
Fix docker fedora packages (#6097) 2020-05-08 15:39:51 -07:00
Florian Ruynat
c605a05c6b
Update coredns to 1.6.7 (#6086) 2020-05-08 12:07:51 -07:00
Florian Ruynat
c44f13114f
Allow containerd runtime with fedora os (30/31) - add CI test (#6094) 2020-05-08 07:55:43 -07:00
lukasz bielinski
ef7076e36f
fix expected str instance, float found #6078 (#6103) 2020-05-08 05:57:42 -07:00
Florent Monbillard
324106e91e
Remove Kubernetes <1.16 conditionals (#6088) 2020-05-08 00:45:43 -07:00
Florent Monbillard
218b2a5992
Workaround about inconsistent CRI-O YUM repo path on Kubic repos (#6101) 2020-05-07 12:59:42 -07:00
Victor Morales
367566adaa
Fix kubernetes-dashboard template identation (#6066)
The 98e7a07fba commit udpates the
dashboard version to 2.0.0 but it enable skip login flag wasn't
updated. This change updates its identation to avoid issues when
dashboard_skip_login is enabled.
2020-05-06 11:17:17 -07:00
Florian Ruynat
c06f482901
Update default kubernetes version to 1.18.2 (#6064) 2020-05-06 11:17:09 -07:00
Florian Ruynat
965fe1db94
Update cni spec to 0.4.0 for network plugin allowing it (#6053) 2020-05-06 11:13:09 -07:00
Florian Ruynat
f6be326feb
Update kube-ovn to 1.1.1 (#6060) 2020-05-06 11:05:09 -07:00
Michael Sheinberg
c58e5e80ce
Bump pypy to 7.3.1, verify hash (#6070)
As of pypy 7.3.0, we can utilize the official pypy project as opposed to
the previously used "portable-pypy" distribution.
2020-05-06 04:49:08 -07:00
Maxime Guyot
641a2a8bb4
Skip molecule tests for Ubuntu 18.04 (#6077) 2020-05-05 07:17:09 -07:00
Florian Ruynat
7d497e46c5
Update calico to 3.13.3 (#6061) 2020-05-04 08:56:26 -07:00
Florian Ruynat
f8f55bc413
Update cilium to 1.7.3 (#6069) 2020-05-03 12:32:26 -07:00
Florian Ruynat
361645e8b6
Fix multus missing cni and erroneous CI tests (#6051) 2020-04-30 23:38:05 -07:00
Maxime Guyot
353d44a4a6
Add CI var for http_proxy (#6039) 2020-04-30 05:44:17 -07:00
qvicksilver
680aa60429
Specify tag for OpenStack Cloud Controller image (#6048) 2020-04-30 02:02:17 -07:00
qvicksilver
e41766fd58
Fix broken Octavia integration in OpenStack External Cloud Provider (#6046) 2020-04-29 11:30:25 -07:00
Maxime Guyot
e4c820c35e
Add molecule tests to containerd role (#6037) 2020-04-29 09:08:25 -07:00
Joel Seguillon
db5f83f8c9
update dashboard access doc for 2.0.x (#6036)
* update dashboard access doc for 2.0.x

* make metrics scrapper system-cluster-critical
2020-04-29 07:20:25 -07:00
Lee Spottiswood
a3d3f27aaa
allow dns autoscaler limits to be specified via variables (#6020) 2020-04-28 23:34:25 -07:00
Maxime Guyot
28333d4513
Fix crio runc path on Ubuntu (#6035) 2020-04-28 05:28:06 -07:00
Hugo Blom
724a316204
Cinder-CSI default storageclass and volumeBindingMode (#6026)
* Set volumeBindingMode in cinder CSI template (#22)

* make sure true/false is lowercase in cinder-csi storageclass
2020-04-28 00:12:04 -07:00