Commit graph

3098 commits

Author SHA1 Message Date
Bogdan Dobrelya
bbd57d5f5e Ensure /etc/resolv.conf content for CoreOS
Use cloud-init config to replace /etc/resolv.conf with the
content for kubelet to properly configure hostnet pods.

Do not use systemd-resolved yet, see
https://coreos.com/os/docs/latest/configuring-dns.html
"Only nss-aware applications can take advantage of the
systemd-resolved cache. Notably, this means that statically
linked Go programs and programs running within Docker/rkt
will use /etc/resolv.conf only, and will not use the
systemd-resolve cache."

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 16:51:49 +01:00
Bogdan Dobrelya
d208896c46 Ensure /etc/resolv.conf content for CoreOS
Use cloud-init config to replace /etc/resolv.conf with the
content for kubelet to properly configure hostnet pods.

Do not use systemd-resolved yet, see
https://coreos.com/os/docs/latest/configuring-dns.html
"Only nss-aware applications can take advantage of the
systemd-resolved cache. Notably, this means that statically
linked Go programs and programs running within Docker/rkt
will use /etc/resolv.conf only, and will not use the
systemd-resolve cache."

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 16:51:49 +01:00
Bogdan Dobrelya
0e6435686f Merge pull request #646 from kubernetes-incubator/fix_nginx_download
Fix nginx container download for download_run_once mode
2016-11-23 11:46:53 +01:00
Bogdan Dobrelya
08506f5139 Merge pull request #646 from kubernetes-incubator/fix_nginx_download
Fix nginx container download for download_run_once mode
2016-11-23 11:46:53 +01:00
Artem Panchenko
0437f9584d Fix Calico jinja template (systemd) 2016-11-23 11:43:53 +02:00
Artem Panchenko
2c4b11f321 Fix Calico jinja template (systemd) 2016-11-23 11:43:53 +02:00
Bogdan Dobrelya
a4d5a14791 Fix nginx container download for download_run_once mode
W/o this patch, the "Download containers" task may be skipped
when running on the delegate node due to wrong "when" confition.
Then it fails to upload nginx image to the nodes as well.

Fix download nginx dependency so it always can be pushed to
nodes when download_run_once is enabled.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 10:37:08 +01:00
Bogdan Dobrelya
d890d2f277 Fix nginx container download for download_run_once mode
W/o this patch, the "Download containers" task may be skipped
when running on the delegate node due to wrong "when" confition.
Then it fails to upload nginx image to the nodes as well.

Fix download nginx dependency so it always can be pushed to
nodes when download_run_once is enabled.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-23 10:37:08 +01:00
Bogdan Dobrelya
bfa15cd8ea Merge pull request #642 from kubernetes-incubator/k8s_imgpull
Allow pre-downloaded images to be used effectively
2016-11-22 18:09:38 +01:00
Bogdan Dobrelya
793f3990a0 Merge pull request #642 from kubernetes-incubator/k8s_imgpull
Allow pre-downloaded images to be used effectively
2016-11-22 18:09:38 +01:00
Bogdan Dobrelya
57b514aa66 Merge pull request #645 from adidenko/fix-ansible_ssh_user
Set defaults for ansible_ssh_user
2016-11-22 18:07:16 +01:00
Bogdan Dobrelya
9d439d2e5b Merge pull request #645 from adidenko/fix-ansible_ssh_user
Set defaults for ansible_ssh_user
2016-11-22 18:07:16 +01:00
Aleksandr Didenko
f0b1884104 Set defaults for ansible_ssh_user
When setting permission for containers download/upload dir we're
using `ansible_ssh_user`. But if playbook is executed without
user being explicitly set `ansible_ssh_user` may be undefined.
In such situations dir ownership will default to `ansible_user_id`

Closes: #644
2016-11-22 18:00:56 +01:00
Aleksandr Didenko
db03f17486 Set defaults for ansible_ssh_user
When setting permission for containers download/upload dir we're
using `ansible_ssh_user`. But if playbook is executed without
user being explicitly set `ansible_ssh_user` may be undefined.
In such situations dir ownership will default to `ansible_user_id`

Closes: #644
2016-11-22 18:00:56 +01:00
Bogdan Dobrelya
1bd3d3a080 Allow pre-downloaded images to be used effectively
According to http://kubernetes.io/docs/user-guide/images/ :
By default, the kubelet will try to pull each image from the
specified registry. However, if the imagePullPolicy property
of the container is set to IfNotPresent or Never, then a local\
image is used (preferentially or exclusively, respectively).

Use IfNotPresent value to allow images prepared by the download
role dependencies to be effectively used by kubelet without pull
errors resulting apps to stay blocked in PullBackOff/Error state
even when there are images on the localhost exist.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 16:16:04 +01:00
Bogdan Dobrelya
dff78f616e Allow pre-downloaded images to be used effectively
According to http://kubernetes.io/docs/user-guide/images/ :
By default, the kubelet will try to pull each image from the
specified registry. However, if the imagePullPolicy property
of the container is set to IfNotPresent or Never, then a local\
image is used (preferentially or exclusively, respectively).

Use IfNotPresent value to allow images prepared by the download
role dependencies to be effectively used by kubelet without pull
errors resulting apps to stay blocked in PullBackOff/Error state
even when there are images on the localhost exist.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 16:16:04 +01:00
Antoine Legrand
bca996bf0b Merge pull request #638 from pskrzyns/fix_setting_loadbalancer_apiserver_localhost
Fix conditional when setting loadbalancer_apiserver_localhost
2016-11-22 15:15:38 +01:00
Antoine Legrand
d3a4d8dc24 Merge pull request #638 from pskrzyns/fix_setting_loadbalancer_apiserver_localhost
Fix conditional when setting loadbalancer_apiserver_localhost
2016-11-22 15:15:38 +01:00
Bogdan Dobrelya
539a47b0fa Merge pull request #621 from xenolog/calico_network_backend
Add ability to define network backend for Calico.
2016-11-22 14:55:47 +01:00
Bogdan Dobrelya
dc58159d16 Merge pull request #621 from xenolog/calico_network_backend
Add ability to define network backend for Calico.
2016-11-22 14:55:47 +01:00
Antoine Legrand
0016ba1759 Merge pull request #635 from kubernetes-incubator/download_images
Download images as dependencies of roles
2016-11-22 14:53:12 +01:00
Antoine Legrand
b60d5647a2 Merge pull request #635 from kubernetes-incubator/download_images
Download images as dependencies of roles
2016-11-22 14:53:12 +01:00
Antoine Legrand
5c66f1bb8b Merge pull request #637 from bogdando/wait_pods
Increase wait for pods post-install test
2016-11-22 12:25:47 +01:00
Antoine Legrand
2bcfb3fea3 Merge pull request #637 from bogdando/wait_pods
Increase wait for pods post-install test
2016-11-22 12:25:47 +01:00
Bogdan Dobrelya
793cedc522 Download images as dependencies of roles
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Bogdan Dobrelya
66f27ed1f3 Download images as dependencies of roles
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Dan Bode
ece09765b9 Decouple etcd/k8s-cluster roles in ec2 terraform
Currently, the terraform script in contrib
adds etcd role as a child of k8s-cluster in
its generated inventory file.

This is problematic when the etcd role is
deployed on separate nodes from the k8s master
and nodes. In this case, this leads to failures
of the k8s node since the PKI certs required for
that role have not been propogated.
2016-11-21 10:44:13 -08:00
Dan Bode
cb84b93930 Decouple etcd/k8s-cluster roles in ec2 terraform
Currently, the terraform script in contrib
adds etcd role as a child of k8s-cluster in
its generated inventory file.

This is problematic when the etcd role is
deployed on separate nodes from the k8s master
and nodes. In this case, this leads to failures
of the k8s node since the PKI certs required for
that role have not been propogated.
2016-11-21 10:44:13 -08:00
Paweł Skrzyński
67b61c5c42 Fix conditional when setting loadbalancer_apiserver_localhost 2016-11-21 19:36:05 +01:00
Paweł Skrzyński
32a5453473 Fix conditional when setting loadbalancer_apiserver_localhost 2016-11-21 19:36:05 +01:00
Bogdan Dobrelya
326d98353f Increase wait for pods post-install test
The test deployment/rc/pods creation time
is near 2m on slow CI instances with 1 CPU/1.7G RAM.
Increase wait time to allow the post test fail less often.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 18:50:05 +01:00
Bogdan Dobrelya
97d126ac8b Increase wait for pods post-install test
The test deployment/rc/pods creation time
is near 2m on slow CI instances with 1 CPU/1.7G RAM.
Increase wait time to allow the post test fail less often.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 18:50:05 +01:00
Antoine Legrand
1204eaccb1 Merge pull request #636 from kubernetes-incubator/apiserver_liveness
Add missing liveness probe for apiserver static pod
2016-11-21 18:27:20 +01:00
Antoine Legrand
deea7bb87b Merge pull request #636 from kubernetes-incubator/apiserver_liveness
Add missing liveness probe for apiserver static pod
2016-11-21 18:27:20 +01:00
Bogdan Dobrelya
523c9d77df Add missing liveness probe for apiserver static pod
Fix unreliable waiting for the apiserver to become ready.
Remove logfile mount to align with the rest of static pods
and because containers shall write logs to stdout only.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 13:15:51 +01:00
Bogdan Dobrelya
1bd1825ecb Add missing liveness probe for apiserver static pod
Fix unreliable waiting for the apiserver to become ready.
Remove logfile mount to align with the rest of static pods
and because containers shall write logs to stdout only.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-21 13:15:51 +01:00
Bogdan Dobrelya
b44479d911 Merge pull request #629 from kubernetes-incubator/fix-download-once
Fix download once
2016-11-21 10:55:54 +01:00
Bogdan Dobrelya
20e36191bb Merge pull request #629 from kubernetes-incubator/fix-download-once
Fix download once
2016-11-21 10:55:54 +01:00
Bogdan Dobrelya
d2f9c11299 Merge pull request #633 from bodepd/etcd_fix
Ensure that etcd health checks always pass
2016-11-21 10:29:35 +01:00
Bogdan Dobrelya
769566f36c Merge pull request #633 from bodepd/etcd_fix
Ensure that etcd health checks always pass
2016-11-21 10:29:35 +01:00
Bogdan Dobrelya
47d7277a7d Merge pull request #631 from kubernetes-incubator/allow_failures
Allow failures for coreos/weave
2016-11-21 10:21:57 +01:00
Bogdan Dobrelya
ddd230485b Merge pull request #631 from kubernetes-incubator/allow_failures
Allow failures for coreos/weave
2016-11-21 10:21:57 +01:00
Bogdan Dobrelya
167de7d76b Merge pull request #630 from suside/node_port
Add service-node-port-range parameter for kube-apiserver
2016-11-21 10:17:34 +01:00
Bogdan Dobrelya
5ee0cbaa42 Merge pull request #630 from suside/node_port
Add service-node-port-range parameter for kube-apiserver
2016-11-21 10:17:34 +01:00
Dan Bode
aad73ea90e Ensure that etcd health checks always pass
in the etcd handler, the reload etcd action
was called after ansible waits for etcd to be
up, this means that the health checks which are
called immediately after fail (resulting in the etcd
role always failing and never finishing)

This patch changes the order to move the 'wait for etcd
up' resource after the 'reload etcd resource', ensuring that
the service is up before the health check is called.
2016-11-18 14:15:00 -08:00
Dan Bode
ff675d40f9 Ensure that etcd health checks always pass
in the etcd handler, the reload etcd action
was called after ansible waits for etcd to be
up, this means that the health checks which are
called immediately after fail (resulting in the etcd
role always failing and never finishing)

This patch changes the order to move the 'wait for etcd
up' resource after the 'reload etcd resource', ensuring that
the service is up before the health check is called.
2016-11-18 14:15:00 -08:00
Spencer Smith
106dcc3898 updated all instances of restart always to restart on-failure with a max of 5 times 2016-11-18 14:33:22 -05:00
Spencer Smith
0eebe43c08 updated all instances of restart always to restart on-failure with a max of 5 times 2016-11-18 14:33:22 -05:00
Bogdan Dobrelya
6d900c4a31 Allow failures for coreos/weave
Unless https://github.com/kubernetes-incubator/kargo/issues/613
fixed.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-18 17:41:50 +01:00
Bogdan Dobrelya
069636e5b4 Allow failures for coreos/weave
Unless https://github.com/kubernetes-incubator/kargo/issues/613
fixed.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-18 17:41:50 +01:00