Matthew Mosesohn
d6d7458d68
Fix control plane setup without a hardcoded key ( #4610 )
2019-04-23 14:37:59 -07:00
Matthew Mosesohn
09fe95bc60
Avoid creating k8s cert dir on non-k8s nodes ( #4602 )
2019-04-21 15:27:43 -07:00
Vedran Bartonicek
33ab615072
Wait longer for node to join the cluster ( #4549 )
2019-04-20 07:05:40 -07:00
Matthew Mosesohn
05dc2b3a09
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4514 )
...
* Use K8s 1.14 and add kubeadm experimental control plane mode
This reverts commit d39c273d96
.
* Cleanup kubeadm setup run on first master
* pin kubeadm_certificate_key in test
* Remove kubelet autolabel of kube-node, add symlink for pki dir
Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
2019-04-19 06:01:54 -07:00
Victor Morales
c6586829de
Ensure /etc/bash_completion.d/ folder exists ( #4543 )
...
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.
[1] https://clearlinux.org/features/stateless
2019-04-18 02:24:10 -07:00
Maxime Guyot
b218e17f44
ansible-lint: E403 Package installs should not use latest ( #4500 )
2019-04-18 01:34:08 -07:00
Maxime Guyot
37eac010c8
ansible-lint: Don’t compare to literal True/False ( #4499 )
2019-04-17 08:42:03 -07:00
Maxime Guyot
ec3daedf9e
Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )" ( #4553 )
...
This reverts commit 586ad89d50
.
2019-04-17 07:58:06 -07:00
Matthew Mosesohn
c5fb734098
Switch calicoctl from a container to a binary ( #4524 )
2019-04-15 04:24:04 -07:00
Matthew Mosesohn
d39c273d96
Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )" ( #4510 )
...
This reverts commit 316508626d
.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )
...
* Use Kubernetes 1.14 and experimental control plane support
* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Qasim Sarfraz
3af90f8772
disable cloud-routes for non-cloud plugin ( #4443 )
2019-04-10 23:50:09 -07:00
Sergey
3b9d13fda9
Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. ( #4489 )
2019-04-10 12:20:08 -07:00
Andreas Krüger
5e0249ae7c
Add HAProxy as internal loadbalancer ( #4480 )
2019-04-10 05:56:18 -07:00
Neven Miculinic
a30ad1e5a5
Added generic CNI network plugin ( #4322 )
...
* Added generic CNI network plugin
* Added CNI network plugin documentation
* added necessary fix
2019-04-10 04:16:15 -07:00
Robert Neumann
586ad89d50
Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )
...
* Fix the file path for all.yml and k8s-cluster.yml
* Fix --node-labels namespace error "unknown labels specified"
* Update templates and configs kubelet node-labels
2019-04-10 04:14:12 -07:00
André R. de Miranda
097806dfe8
Added tag kube-proxy ( #4272 )
...
Signed-off-by: André R. de Miranda <andre@miranda.work>
2019-04-09 05:25:06 -07:00
Abdulaziz AlMalki
7cdf1fd388
quote values for kube_oidc_groups_prefix and kube_oidc_username_prefix values to accept colon, e.g oidc: ( #4305 )
...
This will fix error: error converting YAML to JSON: yaml: line 36: mapping values are not allowed in this context
Signed-off-by: Abdulaziz AlMalki <almalki.a@gmail.com>
2019-04-09 05:23:06 -07:00
Maxime Guyot
913fed0089
kubeadmn init: add 'until' to make 'retries' effective ( #4464 )
...
an 'until' clause is required or 'retries' is ignored
(see note @ https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#do-until-loops )
2019-04-09 00:21:04 -07:00
rptaylor
f52584a715
robust handling of API server SANs ( #4435 )
...
* robust handling of API server SANs
* use apiserver_loadbalancer_domain_name if it is defined, according to PR 3977
2019-04-08 08:10:35 -07:00
Andreas Krüger
d18ad63e49
Update nginx to 1.15. Update manifest and performance optimize ( #4458 )
2019-04-08 02:02:29 -07:00
Maxime Guyot
8ad74404c9
Remove bash-completion ( #4431 )
2019-04-05 01:23:22 -07:00
Maxime Guyot
1ce2f04f47
allow Suse OS family ( #4430 )
2019-04-04 03:02:51 -07:00
Xavi
20b12751af
add Cinder allowVolumeExpansion option ( #4415 )
2019-04-04 02:36:50 -07:00
Sergey
55890e1b82
keep compatibility as it was before ( #4268 )
2019-04-03 01:39:42 -07:00
Sergey
740d8b0a26
enable kubelet client certificate rotation ( #4081 )
...
* enable kubelet client certificate rotation
* change to variable kubelet_rotate_certificates
2019-04-03 01:35:44 -07:00
Matthew Mosesohn
5f12b7aedf
Remove kubedns and dnsmasq. Move dns_late phase after apps ( #4406 )
...
Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.
2019-04-01 12:32:34 -07:00
Dmitry Chepurovskiy
0440e45d65
Fix supplementary_addresses rendering error ( #4403 )
2019-03-29 00:26:13 -07:00
Dmitry Chepurovskiy
669ab10c17
Added livenessProbe for local nginx apiserver proxy liveness probe ( #4222 )
...
* Added configurable local apiserver proxy liveness probe
* Enable API LB healthcheck by default
* Fix template spacing and moved healthz location to nginx http section
* Fix healthcheck listen address to allow kubelet request healthcheck
2019-03-28 06:20:46 -07:00
Etienne
d0ae316934
Use proxy_env with kubeadm phase commands ( #4325 )
2019-03-26 03:03:19 -07:00
Matthew Mosesohn
b7fd462944
Fix support for ansible 2.7.9 ( #4375 )
2019-03-20 11:29:42 -07:00
Matthew Mosesohn
ec08303f82
Revert "Fix #4237 : update kube cert path ( #4354 )" ( #4369 )
...
This reverts commit ea7a6f1cf1
.
This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
2019-03-20 05:56:57 -07:00
Dmitry Chepurovskiy
ea7a6f1cf1
Fix #4237 : update kube cert path ( #4354 )
2019-03-17 23:55:11 -07:00
Matthew Mosesohn
150a969cf4
Forcefully delete pods when necessary ( #4328 )
...
Pods on down/unresponsive nodes can't be deleted without
--force --grace-period=0.
Fixes #4314
2019-03-14 07:45:46 -07:00
Matthew Mosesohn
acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
...
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
2019-03-05 03:04:39 -08:00
Matthew Mosesohn
adf6a7121f
Reenable set_facts task for dns_late ( #4312 )
2019-03-01 05:39:30 -08:00
hikoz
67832aada9
changed_when:false ( #4189 )
2019-02-25 20:09:30 -08:00
Ryler Hockenbury
88249308a0
Add labels to vsphere cloud config ( #4275 )
2019-02-25 19:58:15 -08:00
Gabor Lekeny
b4aaa7b908
Speed up tasks ( #4278 )
...
* fact gathering should run only once per node
* eliminate ansible version check, it is at the beginning of each
playbook
2019-02-25 19:56:23 -08:00
Matthew Mosesohn
b07641c3f3
Move kube_proxy_remove out of set_facts and set default ( #4180 )
2019-02-25 00:08:06 -08:00
Frank Ritchie
9805fb7a34
Add flexvolume plugin dir to kubeadm kubelet ( #4168 )
...
This was already approved in #4106 but there are CI issues
with that PR due to references to kubernetes incubator.
After upgrading to Kubespray 2.8.1 with Kubeadm enabled Rook
Ceph volume provision failed due to the flexvolume plugin dir not
being correct. Adding the var fixed the issue
2019-02-20 15:02:02 -08:00
Abdulaziz AlMalki
eafab9636f
fix wrong indent of oidc-username-prefix and oidc-groups-prefix in kubeadm config template ( #4263 )
2019-02-19 23:22:32 -08:00
Seungkyu Ahn
107bfb259a
This PS is to fix the bug when Workers can't join the cluster ( #4276 )
...
because of etc-kubernetes-manifests not empty.
2019-02-19 22:13:59 -08:00
Rong Zhang
d4a36aa55b
Merge pull request #4027 from riverzhang/kube-proxy
...
Add update server field in kube-proxy kubeconfig
2019-02-20 13:41:06 +08:00
Manuel Cintron
07b2894080
Adding ability to maintain existing Encryption Secrets at Rest. ( #4255 )
...
* Adding ability to maintain existing Encryption Secrets at Rest.
If secrets_encryption.yaml is present it will not be overriten with a new kube_encrypt_token.
This should allow for it to be set ahead of a playbook running or maintain it if cluster.yml is ran on the same cluster and the ansible host does not have access to the secrets.
* Setting existing kube_encrypt_token across all master nodes in case it was missing in one or more nodes.
2019-02-19 07:31:45 -08:00
hikoz
e03588f431
use swapon -s ( #4216 )
2019-02-14 02:35:17 -08:00
Sorin Sbarnea
22a5a00c49
Improve kubeadm join tasks ( #4206 )
...
Fix issue where `kubeadm join` could wait forever for joining.
Fix issue where `kubeadm join` were not reaching the user, making
impossible to find the cause of the failure.
New behaviour is to first attempt to join without bypassing the
verifications checks and to display them if needed.
If this fails it still attempts to join by ignoring the check in
order to make previous behavior.
A timeout of 60 seconds is allocated for a joining.
Related-bug: #3973
2019-02-12 13:42:56 -08:00
Sergey
fbce6349c4
check kube_pods_subnet and kube_service_addresses to valid ip network range, not single ip address ( #4188 )
2019-02-11 14:12:06 -08:00
Chad Swenson
038a2eb862
Merge pull request #3949 from trogeat/patch-fix-missing-ca-cert-apiserver
...
kubespray: fix missing ca-certificate path in apiserver
2019-02-11 15:40:04 -06:00
Chad Swenson
6878c2af4e
Fix kube_hostname_override inconsistencies ( #4185 )
2019-02-06 22:20:11 -08:00