Commit graph

59 commits

Author SHA1 Message Date
Sergii Golovatiuk
77671dbd05 Refactor etcd role
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Bogdan Dobrelya
543dafa900 Merge pull request #1063 from bogdando/fix
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Bogdan Dobrelya
18cb160be6 Align LB defaults with the HA docs
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Andrew Greenwood
756003a30e Cleanup legacy syntax, spacing, files all to yml
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Brad Beam
2a3dee5f90 Adding support for proxy w/ rkt kubelet 2017-02-14 08:09:49 -06:00
Sergii Golovatiuk
5494d608e5 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Josh Conant
764ad6e099 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Matthew Mosesohn
7a9161d462 Prevent dynamic port allocation in nodePort range
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Brad Beam
9432a5cd73 Adding kubelet in rkt 2017-01-03 14:49:48 -06:00
Bogdan Dobrelya
f16a512aea Drop non systemd OS types support
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 12:14:03 +01:00
Bogdan Dobrelya
272b506802 Address standalone kubelet config case
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 16:35:53 +01:00
Bogdan Dobrelya
0b1ce03167 Add tags
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Aleksandr Didenko
512c5b8440 Move CNI config and add MTU support for calico-cni
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
Aleksandr Didenko
2b751c7d77 Fix etcd ssl for canal
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Aleksandr Didenko
fec253abaf Adding support for canal network plugin
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:

https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Matthew Mosesohn
73066f308d use nginx proxy on non-master nodes to proxy apiserver traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.

Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Matthew Mosesohn
a829e0bf67 Restart kubelet if launcher changed
Fixes #409
2016-08-18 19:00:05 +03:00
Matthew Mosesohn
0cdbc13f1e Deploy kubelet and kube-apiserver as containers
kubelet via docker
kube-apiserver as a static pod

Fixed etcd service start to be more tolerant of slow start.

Workaround for kube_version to stay in download role, but not
download an files by creating a new "nothing" download entry.
2016-07-22 16:42:34 +03:00
Smana
fca384e24c first version of CoreOS on GCE
Please enter the commit message for your changes. Lines starting
2016-02-21 00:06:36 +01:00
Smana
a649aa8b7e use ansible_service_mgr to detect init system 2016-02-13 11:46:53 +01:00
Smana
91fca69aa0 generate secrets on deployment machine
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00
Smaine Kahlouch
4f92417a5d split network plugins into distinct roles 2016-02-09 11:42:00 +01:00
Antoine Legrand
b9781fa7c2 Symlink dnsmasq conf 2016-01-26 00:30:29 +01:00
Smaine Kahlouch
baaa6efc2b workaround_ha_apiserver 2016-01-25 12:07:32 +01:00
ant31
56b92812fa Fix systemd reload and calico unit 2016-01-25 10:54:07 +01:00
Smaine Kahlouch
4984b57aa2 use rsync instead of command 2016-01-23 18:26:07 +01:00
Smaine Kahlouch
283c4169ac run apiserver as a service
reorder master handlers

typo for sysvinit
2016-01-23 14:21:04 +01:00
Smaine Kahlouch
391413f7e7 missing commits for the PR #86 2016-01-22 17:10:31 +01:00
Smaine Kahlouch
cb59559835 use command instead of synchronize 2016-01-22 16:37:07 +01:00
Antoine Legrand
078b67c50f Remove downloader host 2016-01-22 09:59:39 +01:00
Antoine Legrand
859f6322a0 Merge branch 'master' into add_set_remote_user 2016-01-19 21:08:52 +01:00
Greg Althaus
10b2466d82 run_once only works if master[0] is first in inventory list
of all nodes.
2016-01-19 13:10:54 -06:00
Antoine Legrand
f68d8f3757 Add seT_remote_user in synchronize 2016-01-19 14:20:05 +01:00
Antoine Legrand
9b083b62cf Rename tasks 2016-01-19 14:20:05 +01:00
Smaine Kahlouch
8127e8f8e8 Flannel running as pod 2016-01-15 13:03:27 +01:00
ant31
f49aa90bf7 fix synchronize pull mode 2016-01-08 11:32:06 +01:00
Antoine Legrand
7913d62749 Merge pull request #44 from ansibl8s/travis
Travis  tests
2016-01-07 23:46:02 +01:00
Smaine Kahlouch
d5320961e9 enforce user root when sudo is used 2016-01-05 15:33:23 +01:00
ant31
9a03249446 Add travis tests 2016-01-05 12:31:49 +01:00
ant31
8fa0110e28 Remove local dep. downloader 2016-01-04 16:10:29 +01:00
Smaine Kahlouch
6103d673b7 New calico's configuration 2016-01-04 14:30:37 +01:00
Smaine Kahlouch
29bf90a858 review handlers for sysvinit 2016-01-04 14:30:37 +01:00
Smaine Kahlouch
1695682d85 handle sysvinit 2015-12-31 14:05:55 +01:00
Smaine Kahlouch
c9d9ccf025 move network-environment template into node role, required by kubelet 2015-12-29 21:36:51 +01:00
ant31
e378f4fb14 Install calico-plugin before running calico 2015-12-28 22:04:39 +01:00
Smaine Kahlouch
680864f95c don't sync certs on masters, already done in another task 2015-12-21 14:24:57 +01:00
Smaine Kahlouch
fec1dc9041 A single file for tokens tasks 2015-12-19 11:00:22 +01:00
Smaine Kahlouch
e7e03bae9f calico talks to apiserver with https 2015-12-18 22:22:52 +01:00
Smaine Kahlouch
c6d65cb535 remove temporary workaround due to node reboot issue with calico 2 2015-12-18 13:25:46 +01:00
Smaine Kahlouch
a0746a3efd remove temporary workaround due to node reboot issue with calico 2015-12-18 13:22:32 +01:00