Danny Kulchinsky
226d5ed7de
[Calico] Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode ( #4173 )
...
* Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode
* ensure kube_apiserver_node_port_range is defined
2019-02-04 12:42:40 -08:00
Sorin Sbarnea
316b73178d
Add timeout to Get current version of calico cluster version ( #4149 )
...
Avoid waiting forever for this task that should be very quick.
Fixes : #4148
2019-02-01 20:09:04 -08:00
Erwan Miran
f6d60a7e89
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) ( #4131 )
...
* Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet)
* Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
2019-01-31 13:39:13 -08:00
wangxf
a096761306
[PR-Calico]Support calico 3.4.0 ( #4102 )
...
* Suport calico 3.4.0
Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com>
* Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips
* scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
2019-01-28 11:03:49 -08:00
Erwan Miran
556a8d68bc
Set IP env var to autodetect when calico_ip_auto_method is defined ( #4105 )
2019-01-27 23:09:18 -08:00
Douglas Hellinger
4479cc48fe
Introduce calico_upgrade_url
var for Calico upgrade tool.
...
So that binary can be sourced from anywhere - not only github.
2019-01-23 16:19:27 +08:00
Danny Kulchinsky
257019d424
Mount host's xtable lock and enable calico lokcing for <v3.2.1
2019-01-14 17:16:29 -05:00
Andreas Krüger
d5ce5874e8
Streamline path to certs dir ( #3836 )
...
* Streamline path to certs dir
* More fixes
* Set path to etcd certs in kubernetes defaults instead
2018-12-06 23:11:53 -08:00
Rong Zhang
225f765b56
Upgrade kubernetes to v1.13.0 ( #3810 )
...
* Upgrade kubernetes to v1.13.0
* Remove all precense of scheduler.alpha.kubernetes.io/critical-pod in templates
* Fix cert dir
* Use kubespray v2.8 as baseline for gitlab
2018-12-06 12:11:48 -08:00
Erwan Miran
2c1dd69891
Reset tasks specific to Calico ( #3813 )
2018-12-04 11:37:45 -08:00
Rong Zhang
e0781483fa
Use download binary instead of copying from the container ( #3786 )
2018-12-03 02:22:17 -08:00
Joost Cassee
f2635776cd
Make Calico Felix log level configurable ( #3781 )
2018-11-28 00:55:01 -08:00
Johnny Halfmoon
53bde23a5e
fixed ansible include/import inheritance issue ( #3716 )
2018-11-16 04:33:23 -08:00
Mark Eisenblätter
7deb842030
calico-node: add prometheus annotations ( #3645 )
...
add prometheus annotations to calico-node if
calico_felix_prometheusmetricsenabled is enabled.
This will allow a kubernetes_sd to automaticly find the pods and start
scraping.
2018-11-14 15:01:35 -08:00
Robert Liotta
2a00c931e4
Added the missing environment for proxy for get_url ( #3603 )
...
* Added the missing environment for proxy for get_url
* Update upgrade.yml
* Fixed spaces
* Fixed spaces
* Update upgrade.yml
2018-11-01 06:20:57 -07:00
Erwan Miran
4f12ba00d1
Fix calico peering with router(s) ( #3547 )
2018-10-23 22:19:50 -07:00
Erwan Miran
87193fd270
Fix ansible syntax to avoid ansible warnings (one more) ( #3536 )
...
* warning on meta flush_handlers
* avoid rm
* avoid "Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually" warning on subsequent tasks using blockinfile
* is match
2018-10-17 12:27:11 -07:00
Erwan Miran
7bec169d58
Fix ansible syntax to avoid ansible deprecation warnings ( #3512 )
...
* failed
* version_compare
* succeeded
* skipped
* success
* version_compare becomes version since ansible 2.5
* ansible minimal version updated in doc and spec
* last version_compare
2018-10-16 15:33:30 -07:00
Erwan Miran
bfd4ccbeaa
Calico: Ability to define global peers ( #3493 )
2018-10-16 15:32:26 -07:00
Erwan Miran
6549b8f8ae
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers ( #3492 )
2018-10-15 23:44:49 -07:00
Anupam Basak
3ce933051a
calico CALICO_IPV4POOL_IPIP overriding variable ( #3507 )
2018-10-12 00:09:36 -07:00
Cédric de Saint Martin
53d87e53c5
All CNIs: support ANY toleration. ( #3391 )
...
Before, Nodes tainted with NoExecute policy did not have calico/weave Pod.
Network pod should run on all nodes whatever happens on a specific node.
Also always set the Pods to be critical.
Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
2018-09-27 05:28:54 -07:00
Erwan Miran
232020ef96
skip-exists is an flag for create command, not for calicoctl ( #3401 )
2018-09-27 04:57:02 -07:00
arzarif
6b71229d3f
Resolve issues associated with Calico deployment in policy-only mode. ( #3392 )
2018-09-27 03:31:14 -07:00
Kuldip Madnani
36898a2c39
Adding pod priority for all the components. ( #3361 )
...
* Changes to assign pod priority to kube components.
* Removed the boolean flag pod_priority_assignment
* Created new priorityclass k8s-cluster-critical
* Created new priorityclass k8s-cluster-critical
* Fixed the trailing spaces
* Fixed the trailing spaces
* Added kube version check while creating Priority Class k8s-cluster-critical
* Moved k8s-cluster-critical.yml
* Moved k8s-cluster-critical.yml to kube_config_dir
2018-09-25 07:50:22 -07:00
Rui Cao
02de35cfc3
Fix some typos ( #3382 )
...
Signed-off-by: Rui Cao <ruicao@alauda.io>
2018-09-23 06:33:17 -07:00
Kevin Schuck
639010b3df
Uses environment vars for etcd cert paths
2018-09-19 12:32:16 -05:00
Kevin Schuck
6f9f80acee
Uses etcdv3 for calico 3 rr_v4 resources
2018-09-19 09:22:52 -05:00
k8s-ci-robot
b796226869
Merge pull request #3325 from firaxis/configurable_felix_healthhost
...
Make Felix healthhost configurable
2018-09-19 06:02:29 -07:00
Kevin Schuck
fb1678d425
Ensures BGPPeer resource names are unique
2018-09-18 10:48:30 -05:00
Alex Yakovenko
884053aaa7
Make Felix healthhost configurable
2018-09-18 15:48:29 +03:00
Kevin Schuck
d3adf09bde
Fixes BGPPeer resource for calico >= 3.0.0
2018-09-17 15:22:28 -05:00
Matthew Mosesohn
c83350e597
refactor to base on calico_version
2018-09-13 18:05:10 +03:00
Matthew Mosesohn
55d76ea3d8
Update install.yml
2018-09-13 12:04:53 +03:00
Matthew Mosesohn
1091e82327
Update install.yml
2018-09-12 22:15:46 +03:00
Matthew Mosesohn
cc79125d3e
Update install.yml
2018-09-12 17:03:55 +03:00
Matthew Mosesohn
d91f9e14e6
Put back legacy support for calico ippools and bgp settings
2018-09-11 16:40:11 +03:00
mlushpenko
ea2c9d8f57
Fix yaml checks
2018-09-06 16:26:57 +02:00
mlushpenko
f958b32c83
Fix calico health checks
2018-09-06 15:57:21 +02:00
Matthew Mosesohn
dc3e317d20
Fix backward compatibility with calico 2.6
2018-09-06 15:54:20 +03:00
Luis Nunez
6569180654
remove capitalize filter
2018-09-04 14:56:53 +02:00
Antoine Legrand
2f1fe44762
update images to use arch
2018-08-31 13:45:08 +02:00
Aivars Sterns
23fd3461bc
calico upgrade to v3 ( #3086 )
...
* calico upgrade to v3
* update calico_rr version
* add missing file
* change contents of main.yml as it was left old version
* enable network policy by default
* remove unneeded task
* Fix kubelet calico settings
* fix when statement
* switch back to node-kubeconfig.yaml
2018-08-23 17:17:18 +03:00
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
2018-08-22 18:16:13 +02:00
Wong Hoi Sing Edison
c3b3572025
Always create service account even rbac_enabled = false
2018-08-22 11:41:29 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp
...
Force copy cni files
2018-07-10 09:40:10 +03:00
Matthew Mosesohn
1a3b9dd864
Force copy cni files
2018-07-06 16:39:42 +03:00
elementyang
8fee1ab102
change create to apply
2018-07-06 19:36:19 +08:00
Daniel Mohr
476b14b06e
Make Calico nodename overridable on bare metal
...
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
2018-05-14 14:13:51 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Brad Beam
015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7
...
Update Calico and Canal
2018-03-27 21:07:28 -05:00
Anton Fayzrahmanov
a75598b3f4
IP_AUTODETECTION_METHOD docs
2018-03-24 01:54:17 +03:00
Anton Fayzrahmanov
60a057cace
Update calico-node.yml.j2
2018-03-24 01:46:26 +03:00
Anton Fayzrahmanov
dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
...
can be set to one of
first-found
can-reach
interface
2018-03-23 16:33:20 +03:00
Erik Stidham
60bfc56e8e
Update Calico and Canal
...
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
2018-03-22 12:30:23 -05:00
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
...
Fixes #2397
2018-03-02 15:36:52 +03:00
Brad Beam
afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again
...
Use CNI to assign kube_pods_subnet for calico
2018-02-28 12:36:50 -06:00
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
...
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
2018-02-27 22:23:51 +03:00
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
2018-02-27 17:34:07 +03:00
Brad Beam
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
2018-02-22 17:37:07 +03:00
Matthew Mosesohn
87f33a4644
Use CNI to assign kube_pods_subnet for calico
...
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
2018-02-21 20:32:28 +03:00
Ryan Zenker
ad9049a49e
baremetal tweaks
...
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
Matthew Mosesohn
d2935ffed0
Optionally ignore the presence of extra calico pools ( #2190 )
2018-01-25 18:44:20 +03:00
Steve Mitchell
e45b30d033
Add etcd key and cert environment variables for use with client auth
2018-01-02 13:52:17 -05:00
Matthew Mosesohn
ec54b36e05
add retries for calico/canal etcd commands ( #2007 )
2017-11-28 16:39:55 +00:00
Spencer Smith
bc1a4e12ad
fix broken variable in ansible 2.4.1.0 and ensure tasks for calico-rr ( #1982 )
2017-11-16 18:44:15 +00:00
Hyunsun Moon
37125866ca
Make calico_node_ignorelooserpf have an effect ( #1945 )
2017-11-13 09:35:13 +00:00
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
2017-10-25 21:19:40 +01:00
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
...
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
2017-10-19 09:17:11 +01:00
Matthew Mosesohn
d4b10eb9f5
Fix path for calico get node names ( #1816 )
2017-10-17 10:54:48 +01:00
Kevin Lefevre
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
...
Portmap allow to use hostPort with CNI plugins. Should fix #1675
2017-10-16 07:11:38 +01:00
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
...
This reverts commit 4209f1cbfd
.
2017-10-12 14:02:51 +01:00
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
...
* Security fixes for etcd
* Use certs when querying etcd
2017-10-12 13:32:54 +01:00
Brad Beam
b81c0d869c
Adding calico/node env vars for prometheus configuration
2017-10-05 08:46:01 -05:00
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
...
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
2017-10-05 08:43:04 +01:00
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
...
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Matthew Mosesohn
d94e3a81eb
Use api lookup for kubelet hostname when using cloudprovider ( #1686 )
...
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
2017-09-24 09:22:15 +01:00
Matthew Mosesohn
b294db5aed
fix apply for netchecker upgrade ( #1659 )
...
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
2017-09-15 13:19:37 +01:00
Matthew Mosesohn
6744726089
kubeadm support ( #1631 )
...
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
2017-09-13 19:00:51 +01:00
Brad Beam
eeffbbb43c
Updating calicocni.hostname to calicocni.nodename
2017-09-08 12:47:40 +00:00
Brad Beam
aaa0105f75
Flexing calicocni.hostname based on cloud provider
2017-09-08 12:47:40 +00:00
Matthew Mosesohn
77602dbb93
Move calico to daemonset ( #1605 )
...
* Drop legacy calico logic
* add calico as a daemonset
2017-09-04 11:29:51 +03:00
Brad Beam
71dca67ca2
Merge pull request #1508 from tmjd/update-calico-2-4-0
...
Update Calico to 2.4.1 release.
2017-08-24 14:57:29 -05:00
Brad Beam
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
...
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
2017-08-24 12:09:52 +03:00
Erik Stidham
9f9f70aade
Update Calico to 2.4.1 release.
...
- Switched Calico images to be pulled from quay.io
- Updated Canal too
2017-08-21 09:33:12 -05:00
Vijay Katam
c92506e2e7
Add calico variable that enables ignoring Kernel's RPF Setting ( #1493 )
2017-08-20 14:01:09 +03:00
AtzeDeVries
e160018826
Fixed conflicts, ipip:true as defualt and added ipip_mode
2017-07-08 14:36:44 +02:00
Kevin Jing Qiu
a742d10c54
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-04 19:05:16 -04:00
AtzeDeVries
61b74f9a5b
updated to direct control over ipip
2017-06-23 09:16:05 +02:00
AtzeDeVries
7332679678
Give more control over IPIP, but with same default behaviour
2017-06-20 14:50:08 +02:00
Justin Hunthrop
af55e179c7
adding --skip-exists flag for peer_with_router
2017-05-25 14:29:18 -05:00
Sergii Golovatiuk
674b71b535
Ansible 2.3 support
...
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-26 15:22:10 +02:00
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
a422ad0d50
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Artem Panchenko
fa05d15093
Allow connections from pods to local endpoints
...
By default Calico blocks traffic from endpoints
to the host itself by using an iptables DROP
action. It could lead to a situation when service
has one alive endpoint, but pods which run on
the same node can not access it. Changed the action
to RETURN.
2017-03-01 09:21:02 +02:00
Brad Beam
56664b34a6
Lower default memory requests
...
This is to address out of memory issues on CI as well as help
fit deployments for people starting out with kargo on smaller
machines
2017-02-27 10:53:43 -06:00
Bogdan Dobrelya
712872efba
Rework inventory all by real groups' vars
...
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Ivan Shvedunov
0006e5ab45
Fix shell special vars
2017-02-21 22:22:40 +03:00